[llvm] 2cd7b0e - [ValueTracking] canCreateUndefOrPoison - use APInt to check bounds instead of getZExtValue().
Simon Pilgrim via llvm-commits
llvm-commits at lists.llvm.org
Mon Oct 5 05:45:42 PDT 2020
Author: Simon Pilgrim
Date: 2020-10-05T13:45:27+01:00
New Revision: 2cd7b0e1305a71f4f9d89f25b140da641f2693f4
URL: https://github.com/llvm/llvm-project/commit/2cd7b0e1305a71f4f9d89f25b140da641f2693f4
DIFF: https://github.com/llvm/llvm-project/commit/2cd7b0e1305a71f4f9d89f25b140da641f2693f4.diff
LOG: [ValueTracking] canCreateUndefOrPoison - use APInt to check bounds instead of getZExtValue().
Fixes OSS Fuzz #26135
Added:
Modified:
llvm/lib/Analysis/ValueTracking.cpp
llvm/test/Transforms/InstCombine/shift.ll
Removed:
################################################################################
diff --git a/llvm/lib/Analysis/ValueTracking.cpp b/llvm/lib/Analysis/ValueTracking.cpp
index 11eb5f303c55..e78beb04e5ea 100644
--- a/llvm/lib/Analysis/ValueTracking.cpp
+++ b/llvm/lib/Analysis/ValueTracking.cpp
@@ -4813,7 +4813,7 @@ static bool canCreateUndefOrPoison(const Operator *Op, bool PoisonOnly) {
bool Safe = llvm::all_of(ShiftAmounts, [](Constant *C) {
auto *CI = dyn_cast<ConstantInt>(C);
- return CI && CI->getZExtValue() < C->getType()->getIntegerBitWidth();
+ return CI && CI->getValue().ult(C->getType()->getIntegerBitWidth());
});
return !Safe;
}
@@ -4836,8 +4836,7 @@ static bool canCreateUndefOrPoison(const Operator *Op, bool PoisonOnly) {
auto *VTy = cast<VectorType>(Op->getOperand(0)->getType());
unsigned IdxOp = Op->getOpcode() == Instruction::InsertElement ? 2 : 1;
auto *Idx = dyn_cast<ConstantInt>(Op->getOperand(IdxOp));
- if (!Idx ||
- Idx->getZExtValue() >= VTy->getElementCount().getKnownMinValue())
+ if (!Idx || Idx->getValue().uge(VTy->getElementCount().getKnownMinValue()))
return true;
return false;
}
diff --git a/llvm/test/Transforms/InstCombine/shift.ll b/llvm/test/Transforms/InstCombine/shift.ll
index 714a08d247a2..ea0954c02b4e 100644
--- a/llvm/test/Transforms/InstCombine/shift.ll
+++ b/llvm/test/Transforms/InstCombine/shift.ll
@@ -1684,3 +1684,29 @@ define void @ashr_out_of_range(i177* %A) {
ret void
}
+; OSS Fuzz #26135
+; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26135
+define void @ashr_out_of_range_1(i177* %A) {
+; CHECK-LABEL: @ashr_out_of_range_1(
+; CHECK-NEXT: [[L:%.*]] = load i177, i177* [[A:%.*]], align 4
+; CHECK-NEXT: [[G11:%.*]] = getelementptr i177, i177* [[A]], i64 -1
+; CHECK-NEXT: [[B24_LOBIT:%.*]] = ashr i177 [[L]], 175
+; CHECK-NEXT: [[TMP1:%.*]] = trunc i177 [[B24_LOBIT]] to i64
+; CHECK-NEXT: [[G62:%.*]] = getelementptr i177, i177* [[G11]], i64 [[TMP1]]
+; CHECK-NEXT: store i177 0, i177* [[G62]], align 4
+; CHECK-NEXT: ret void
+;
+ %L = load i177, i177* %A, align 4
+ %B5 = udiv i177 %L, -1
+ %B4 = add i177 %B5, -1
+ %B = and i177 %B4, %L
+ %B2 = add i177 %B, -1
+ %G11 = getelementptr i177, i177* %A, i177 %B2
+ %B6 = mul i177 %B5, %B2
+ %B24 = ashr i177 %L, %B6
+ %C17 = icmp sgt i177 %B, %B24
+ %G62 = getelementptr i177, i177* %G11, i1 %C17
+ %B28 = urem i177 %B24, %B6
+ store i177 %B28, i177* %G62, align 4
+ ret void
+}
More information about the llvm-commits
mailing list