[llvm] r322078 - [InstCombine] Check for out of range ashr values using APInt before calling getZExtValue
Simon Pilgrim via llvm-commits
llvm-commits at lists.llvm.org
Tue Jan 9 06:23:46 PST 2018
Author: rksimon
Date: Tue Jan 9 06:23:46 2018
New Revision: 322078
URL: http://llvm.org/viewvc/llvm-project?rev=322078&view=rev
Log:
[InstCombine] Check for out of range ashr values using APInt before calling getZExtValue
Reduced from oss-fuzz #5032 test case
Modified:
llvm/trunk/lib/Transforms/InstCombine/InstCombineShifts.cpp
llvm/trunk/test/Transforms/InstCombine/shift.ll
Modified: llvm/trunk/lib/Transforms/InstCombine/InstCombineShifts.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/InstCombine/InstCombineShifts.cpp?rev=322078&r1=322077&r2=322078&view=diff
==============================================================================
--- llvm/trunk/lib/Transforms/InstCombine/InstCombineShifts.cpp (original)
+++ llvm/trunk/lib/Transforms/InstCombine/InstCombineShifts.cpp Tue Jan 9 06:23:46 2018
@@ -818,7 +818,7 @@ Instruction *InstCombiner::visitAShr(Bin
Type *Ty = I.getType();
unsigned BitWidth = Ty->getScalarSizeInBits();
const APInt *ShAmtAPInt;
- if (match(Op1, m_APInt(ShAmtAPInt))) {
+ if (match(Op1, m_APInt(ShAmtAPInt)) && ShAmtAPInt->ult(BitWidth)) {
unsigned ShAmt = ShAmtAPInt->getZExtValue();
// If the shift amount equals the difference in width of the destination
@@ -832,7 +832,8 @@ Instruction *InstCombiner::visitAShr(Bin
// We can't handle (X << C1) >>s C2. It shifts arbitrary bits in. However,
// we can handle (X <<nsw C1) >>s C2 since it only shifts in sign bits.
const APInt *ShOp1;
- if (match(Op0, m_NSWShl(m_Value(X), m_APInt(ShOp1)))) {
+ if (match(Op0, m_NSWShl(m_Value(X), m_APInt(ShOp1))) &&
+ ShOp1->ult(BitWidth)) {
unsigned ShlAmt = ShOp1->getZExtValue();
if (ShlAmt < ShAmt) {
// (X <<nsw C1) >>s C2 --> X >>s (C2 - C1)
@@ -850,7 +851,8 @@ Instruction *InstCombiner::visitAShr(Bin
}
}
- if (match(Op0, m_AShr(m_Value(X), m_APInt(ShOp1)))) {
+ if (match(Op0, m_AShr(m_Value(X), m_APInt(ShOp1))) &&
+ ShOp1->ult(BitWidth)) {
unsigned AmtSum = ShAmt + ShOp1->getZExtValue();
// Oversized arithmetic shifts replicate the sign bit.
AmtSum = std::min(AmtSum, BitWidth - 1);
Modified: llvm/trunk/test/Transforms/InstCombine/shift.ll
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Transforms/InstCombine/shift.ll?rev=322078&r1=322077&r2=322078&view=diff
==============================================================================
--- llvm/trunk/test/Transforms/InstCombine/shift.ll (original)
+++ llvm/trunk/test/Transforms/InstCombine/shift.ll Tue Jan 9 06:23:46 2018
@@ -1613,3 +1613,26 @@ define i177 @lshr_out_of_range(i177 %Y,
%B1 = udiv i177 %B10, %B6
ret i177 %B1
}
+
+; OSS Fuzz #5032
+; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5032
+define void @ashr_out_of_range(i177* %A) {
+; CHECK-LABEL: @ashr_out_of_range(
+; CHECK-NEXT: ret void
+;
+ %L = load i177, i177* %A
+ %B5 = udiv i177 %L, -1
+ %B4 = add i177 %B5, -1
+ %B2 = add i177 %B4, -1
+ %G11 = getelementptr i177, i177* %A, i177 %B2
+ %L7 = load i177, i177* %G11
+ %B6 = mul i177 %B5, %B2
+ %B24 = ashr i177 %L7, %B6
+ %B36 = and i177 %L7, %B4
+ %C17 = icmp sgt i177 %B36, %B24
+ %G62 = getelementptr i177, i177* %G11, i1 %C17
+ %B28 = urem i177 %B24, %B6
+ store i177 %B28, i177* %G62
+ ret void
+}
+
More information about the llvm-commits
mailing list