[PATCH] D55536: [ConstantFold] Use getMinSignedBits for APInt in isIndexInRangeOfArrayType.

Florian Hahn via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Mon Dec 10 17:31:39 PST 2018 

fhahn created this revision.
fhahn added reviewers: mssimpso, efriedma, davide.
Herald added a subscriber: arphaman.

Indices for getelementptr can be signed so we should use
getMinSignedBits instead of getActiveBits here. The function later calls
getSExtValue to get the int64_t value, which also checks
getMinSignedBits.

This fixes  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11647.


Repository:
  rL LLVM

https://reviews.llvm.org/D55536

Files:
  lib/IR/ConstantFold.cpp
  test/Transforms/SCCP/apint-bigint2.ll


Index: test/Transforms/SCCP/apint-bigint2.ll
===================================================================
--- test/Transforms/SCCP/apint-bigint2.ll
+++ test/Transforms/SCCP/apint-bigint2.ll
@@ -1,11 +1,12 @@
-; RUN: opt < %s -sccp -S | not grep load
+; RUN: opt < %s -sccp -S | FileCheck %s
 
 @Y = constant [6 x i101] [ i101 12, i101 123456789000000, i101 -12,
                            i101 -123456789000000, i101 0,i101 9123456789000000]
 
-define i101 @array()
-{
-Head:
+; CHECK-LABEL: @array
+; CHECK-NEXT: ret i101 123456789000000
+define i101 @array() {
+
    %A = getelementptr [6 x i101], [6 x i101]* @Y, i32 0, i32 1
    %B = load i101, i101* %A
    %D = and i101 %B, 1
@@ -13,6 +14,16 @@
    %E = trunc i101 %DD to i32
    %F = getelementptr [6 x i101], [6 x i101]* @Y, i32 0, i32 %E
    %G = load i101, i101* %F
- 
+
    ret i101 %G
 }
+
+; CHECK-LABEL: @index_too_large
+; CHECK-NEXT: store i101* getelementptr (i101, i101* getelementptr ([6 x i101], [6 x i101]* @Y, i32 0, i32 -1), i101 9224497936761618431), i101** undef
+; CHECK-NEXT: ret void
+define void @index_too_large() {
+  %ptr1 = getelementptr [6 x i101], [6 x i101]* @Y, i32 0, i32 -1
+  %ptr2 = getelementptr i101, i101* %ptr1, i101 9224497936761618431
+  store i101* %ptr2, i101** undef
+  ret void
+}
Index: lib/IR/ConstantFold.cpp
===================================================================
--- lib/IR/ConstantFold.cpp
+++ lib/IR/ConstantFold.cpp
@@ -2053,7 +2053,7 @@
 static bool isIndexInRangeOfArrayType(uint64_t NumElements,
                                       const ConstantInt *CI) {
   // We cannot bounds check the index if it doesn't fit in an int64_t.
-  if (CI->getValue().getActiveBits() > 64)
+  if (CI->getValue().getMinSignedBits() > 64)
     return false;
 
   // A negative index or an index past the end of our sequential type is


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D55536.177637.patch
Type: text/x-patch
Size: 1850 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20181211/1d34eb88/attachment.bin>

More information about the llvm-commits mailing list