[PATCH] D55547: [ConstantInt] Check active bits before calling getZExtValue.

Florian Hahn via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Mon Dec 10 21:40:01 PST 2018 

fhahn created this revision.
fhahn added reviewers: efriedma, craig.topper, spatel.

Without this check, we hit an assertion in getZExtValue, if the constant
value does not fit into an uint64_t.

As getZExtValue returns an uint64_t, should we update
getAggregateElement to take an uin64_t as well?

This fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6109.


Repository:
  rL LLVM

https://reviews.llvm.org/D55547

Files:
  include/llvm/IR/Constant.h
  lib/IR/Constants.cpp
  test/Transforms/SCCP/apint-bigint2.ll


Index: test/Transforms/SCCP/apint-bigint2.ll
===================================================================
--- test/Transforms/SCCP/apint-bigint2.ll
+++ test/Transforms/SCCP/apint-bigint2.ll
@@ -1,11 +1,11 @@
-; RUN: opt < %s -sccp -S | not grep load
+; RUN: opt < %s -sccp -S | FileCheck %s
 
 @Y = constant [6 x i101] [ i101 12, i101 123456789000000, i101 -12,
                            i101 -123456789000000, i101 0,i101 9123456789000000]
 
-define i101 @array()
-{
-Head:
+; CHECK-LABEL: @array
+; CHECK-NEXT: ret i101 123456789000000
+define i101 @array() {
    %A = getelementptr [6 x i101], [6 x i101]* @Y, i32 0, i32 1
    %B = load i101, i101* %A
    %D = and i101 %B, 1
@@ -16,3 +16,15 @@
  
    ret i101 %G
 }
+
+; CHECK-LABEL: @large_aggregate
+; CHECK-NEXT: ret i101 undef
+define i101 @large_aggregate() {
+  %B = load i101, i101* undef
+  %D = and i101 %B, 1
+  %DD = or i101 %D, 1
+  %F = getelementptr [6 x i101], [6 x i101]* @Y, i32 0, i32 5
+  %G = getelementptr i101, i101* %F, i101 %DD
+  %L3 = load i101, i101* %G
+  ret i101 %L3
+}
Index: lib/IR/Constants.cpp
===================================================================
--- lib/IR/Constants.cpp
+++ lib/IR/Constants.cpp
@@ -350,8 +350,12 @@
 
 Constant *Constant::getAggregateElement(Constant *Elt) const {
   assert(isa<IntegerType>(Elt->getType()) && "Index must be an integer");
-  if (ConstantInt *CI = dyn_cast<ConstantInt>(Elt))
+  if (ConstantInt *CI = dyn_cast<ConstantInt>(Elt)) {
+    // Check if the constant fits into an uint64_t.
+    if (CI->getValue().getActiveBits() > 64)
+      return nullptr;
     return getAggregateElement(CI->getZExtValue());
+  }
   return nullptr;
 }
 
Index: include/llvm/IR/Constant.h
===================================================================
--- include/llvm/IR/Constant.h
+++ include/llvm/IR/Constant.h
@@ -114,7 +114,8 @@
 
   /// For aggregates (struct/array/vector) return the constant that corresponds
   /// to the specified element if possible, or null if not. This can return null
-  /// if the element index is a ConstantExpr, or if 'this' is a constant expr.
+  /// if the element index is a ConstantExpr, if 'this' is a constant expr or
+  /// if the constant does not fit into an uint64_t.
   Constant *getAggregateElement(unsigned Elt) const;
   Constant *getAggregateElement(Constant *Elt) const;
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D55547.177659.patch
Type: text/x-patch
Size: 2356 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20181211/15428b22/attachment.bin>

More information about the llvm-commits mailing list