[PATCH] D38677: [ConstantFold] Fix a crash when folding a GEP that has vector index

Haicheng Wu via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Sun Oct 8 15:05:40 PDT 2017 

haicheng created this revision.
Herald added a subscriber: mcrosier.

LLVM crashes with following IRs if compiling it with `opt -instsimplify`.  See PR34880 <https://bugs.llvm.org/show_bug.cgi?id=34880>

  @block = global [64 x [8192 x i8]] zeroinitializer, align 1
  
  define <2 x i8*> @foo() {
    %1 = getelementptr inbounds [64 x [8192 x i8]], [64 x [8192 x i8]]* @block, i64 0, <2 x i64> <i64 0, i64 1>, i64 8192
    ret <2 x i8*> %1
  }

ConstantFolding tries to factor out the last index (8192) into the second last dimension.  The code assumes the current index (8192) and the previous index (<i64 0, i64 1>) are both integer typed, but it now only checks if the current index is a ConstantInt.  This patch exits early if the previous index is not a ConstantInt.


Repository:
  rL LLVM

https://reviews.llvm.org/D38677

Files:
  lib/IR/ConstantFold.cpp
  test/Transforms/InstCombine/gep-vector.ll


Index: test/Transforms/InstCombine/gep-vector.ll
===================================================================
--- test/Transforms/InstCombine/gep-vector.ll
+++ test/Transforms/InstCombine/gep-vector.ll
@@ -13,3 +13,12 @@
   %el = getelementptr inbounds i64, i64* undef, <8 x i64> undef
   ret <8 x i64*> %el
 }
+
+ at block = global [64 x [8192 x i8]] zeroinitializer, align 1
+
+; CHECK-LABEL:vectorindex 
+; CHECK-NEXT: ret <2 x i8*> getelementptr inbounds ([64 x [8192 x i8]], [64 x [8192 x i8]]* @block, <2 x i64> zeroinitializer, <2 x i64> <i64 0, i64 1>, <2 x i64> <i64 8192, i64 8192>) 
+define <2 x i8*> @vectorindex() {
+  %1 = getelementptr inbounds [64 x [8192 x i8]], [64 x [8192 x i8]]* @block, i64 0, <2 x i64> <i64 0, i64 1>, i64 8192
+  ret <2 x i8*> %1
+}
Index: lib/IR/ConstantFold.cpp
===================================================================
--- lib/IR/ConstantFold.cpp
+++ lib/IR/ConstantFold.cpp
@@ -2210,6 +2210,8 @@
       Unknown = true;
       continue;
     }
+    if (!isa<ConstantInt>(Idxs[i - 1]))
+      continue;
     if (InRangeIndex && i == *InRangeIndex + 1) {
       // If an index is marked inrange, we cannot apply this canonicalization to
       // the following index, as that will cause the inrange index to point to


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D38677.118174.patch
Type: text/x-patch
Size: 1272 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20171008/b3a5f8c9/attachment.bin>

More information about the llvm-commits mailing list