[llvm] b8ec8f5 - [X86] Remove extra getOperand(0) call from recently introduced store(extract_element(vtrunc)) to truncated store combine.

Craig Topper via llvm-commits llvm-commits at lists.llvm.org
Tue Aug 25 16:20:02 PDT 2020 

Author: Craig Topper
Date: 2020-08-25T16:16:54-07:00
New Revision: b8ec8f57764e37e7eebed436332b87b46084eb11

URL: https://github.com/llvm/llvm-project/commit/b8ec8f57764e37e7eebed436332b87b46084eb11
DIFF: https://github.com/llvm/llvm-project/commit/b8ec8f57764e37e7eebed436332b87b46084eb11.diff

LOG: [X86] Remove extra getOperand(0) call from recently introduced store(extract_element(vtrunc)) to truncated store combine.

The IsExtractedElement already called getOperand(0) so Extract
here is the source vector. We shouldn't call getOperand(0). This
worked for the original test cases because the result was a
bitcast so the getOperand(0) accidently peeked through the bitcast
which is what we wanted.

In the failing case here, the operand turns out to be undef so
the getOperand(0) asserts because undef has no operands.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25184

Differential Revision: https://reviews.llvm.org/D86428

Added: 
    llvm/test/CodeGen/X86/oss-fuzz-25184.ll

Modified: 
    llvm/lib/Target/X86/X86ISelLowering.cpp

Removed: 
    


################################################################################
diff  --git a/llvm/lib/Target/X86/X86ISelLowering.cpp b/llvm/lib/Target/X86/X86ISelLowering.cpp
index 32d8f3d96dae..e203689e64ee 100644
--- a/llvm/lib/Target/X86/X86ISelLowering.cpp
+++ b/llvm/lib/Target/X86/X86ISelLowering.cpp
@@ -44622,7 +44622,7 @@ static SDValue combineStore(SDNode *N, SelectionDAG &DAG,
       return SDValue();
     };
     if (SDValue Extract = IsExtractedElement(StoredVal)) {
-      SDValue Trunc = peekThroughOneUseBitcasts(Extract.getOperand(0));
+      SDValue Trunc = peekThroughOneUseBitcasts(Extract);
       if (Trunc.getOpcode() == X86ISD::VTRUNC) {
         SDValue Src = Trunc.getOperand(0);
         MVT DstVT = Trunc.getSimpleValueType();

diff  --git a/llvm/test/CodeGen/X86/oss-fuzz-25184.ll b/llvm/test/CodeGen/X86/oss-fuzz-25184.ll
new file mode 100644
index 000000000000..45ff7fa8f7ee
--- /dev/null
+++ b/llvm/test/CodeGen/X86/oss-fuzz-25184.ll
@@ -0,0 +1,18 @@
+; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py
+; RUN: llc < %s -mtriple=x86_64-apple-darwin19.5.0 | FileCheck %s
+
+; OSS fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25184
+
+define <2 x double> @test_fpext() {
+; CHECK-LABEL: test_fpext:
+; CHECK:       ## %bb.0:
+; CHECK-NEXT:    movsd {{.*#+}} xmm0 = mem[0],zero
+; CHECK-NEXT:    retq
+  %tmp12 = insertelement <4 x float> undef, float 0.000000e+00, i32 3
+  %tmp5 = fpext <4 x float> %tmp12 to <4 x double>
+  %ret = shufflevector <4 x double> %tmp5, <4 x double> undef, <2 x i32> <i32 0, i32 1>
+  %E1 = extractelement <4 x double> %tmp5, i16 undef
+  %I2 = insertelement <2 x double> %ret, double 4.940660e-324, i16 undef
+  store double %E1, double* undef, align 8
+  ret <2 x double> %I2
+}

More information about the llvm-commits mailing list