[PATCH] D48330: [GVN] Avoid casting a vector of size less than 8 bits to i8

Matthew Voss via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Tue Jun 19 11:43:16 PDT 2018 

ormris created this revision.
ormris added reviewers: nlopes, davide, RKSimon, reames, efriedma.
Herald added a subscriber: Prazek.

A reprise of https://reviews.llvm.org/D25849.

This crash was found through fuzzing some time ago and was documented in PR28879.

No check for load size has been added due to the following tests:

- Transforms/GVN/invariant.group.ll
- Transforms/GVN/pr10820.ll

These tests expect load sizes that are not a multiple of eight.

Thanks to @davide for the original patch.


Repository:
  rL LLVM

https://reviews.llvm.org/D48330

Files:
  lib/Transforms/Utils/VNCoercion.cpp
  test/Transforms/GVN/pr28879.ll


Index: test/Transforms/GVN/pr28879.ll
===================================================================
--- /dev/null
+++ test/Transforms/GVN/pr28879.ll
@@ -0,0 +1,16 @@
+; RUN: opt -gvn %s -S -o -
+
+define void @f() {
+entry:
+  %a = alloca <7 x i1>, align 2
+  store <7 x i1> undef, <7 x i1>* %a, align 2
+  %0 = getelementptr inbounds <7 x i1>, <7 x i1>* %a, i64 0, i64 0
+  %val = load i1, i1* %0, align 2
+  br i1 %val, label %cond.true, label %cond.false
+
+cond.true:
+  ret void
+
+cond.false:
+  ret void
+}
Index: lib/Transforms/Utils/VNCoercion.cpp
===================================================================
--- lib/Transforms/Utils/VNCoercion.cpp
+++ lib/Transforms/Utils/VNCoercion.cpp
@@ -20,8 +20,13 @@
       StoredVal->getType()->isStructTy() || StoredVal->getType()->isArrayTy())
     return false;
 
+  uint64_t StoreSize = DL.getTypeSizeInBits(StoredVal->getType());
+
+  if (llvm::alignTo(StoreSize, 8) != StoreSize)
+    return false;
+
   // The store has to be at least as big as the load.
-  if (DL.getTypeSizeInBits(StoredVal->getType()) < DL.getTypeSizeInBits(LoadTy))
+  if (StoreSize < DL.getTypeSizeInBits(LoadTy))
     return false;
 
   // Don't coerce non-integral pointers to integers or vice versa.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D48330.151958.patch
Type: text/x-patch
Size: 1246 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180619/ac5c780a/attachment.bin>

More information about the llvm-commits mailing list