@@ -117,7 +117,8 @@ static std::optional<TypeSize> getObjectSize(const Value *V,
117117}
118118
119119// / Returns true if we can prove that the object specified by V is smaller than
120- // / Size.
120+ // / Size. Bails out early unless the root object is passed as the first
121+ // / parameter.
121122static bool isObjectSmallerThan (const Value *V, TypeSize Size,
122123 const DataLayout &DL,
123124 const TargetLibraryInfo &TLI,
@@ -134,20 +135,14 @@ static bool isObjectSmallerThan(const Value *V, TypeSize Size,
134135 // char *p = (char*)malloc(100)
135136 // char *q = p+80;
136137 //
137- // In the context of c1 and c2, the "object" pointed by q refers to the
138+ // In the context of c1 and c2, the "object" pointed by q refers to the
138139 // stretch of memory of q[0:19]. So, getObjectSize(q) should return 20.
139140 //
140- // However, in the context of c3, the "object" refers to the chunk of memory
141- // being allocated. So, the "object" has 100 bytes, and q points to the middle
142- // the "object". In case q is passed to isObjectSmallerThan() as the 1st
143- // parameter, before the llvm::getObjectSize() is called to get the size of
144- // entire object, we should:
145- // - either rewind the pointer q to the base-address of the object in
146- // question (in this case rewind to p), or
147- // - just give up. It is up to caller to make sure the pointer is pointing
148- // to the base address the object.
149- //
150- // We go for 2nd option for simplicity.
141+ // In the context of c3, the "object" refers to the chunk of memory being
142+ // allocated. So, the "object" has 100 bytes, and q points to the middle the
143+ // "object". However, unless p, the root object, is passed as the first
144+ // parameter, the call to isIdentifiedObject() makes isObjectSmallerThan()
145+ // bail out early.
151146 if (!isIdentifiedObject (V))
152147 return false ;
153148
0 commit comments