[llvm] r356053 - [x86] limit extractelement of setcc to pre-legalization

Sanjay Patel via llvm-commits llvm-commits at lists.llvm.org
Wed Mar 13 07:49:52 PDT 2019 

Author: spatel
Date: Wed Mar 13 07:49:52 2019
New Revision: 356053

URL: http://llvm.org/viewvc/llvm-project?rev=356053&view=rev
Log:
[x86] limit extractelement of setcc to pre-legalization

A fuzzer found the crasher:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13700

The bug was introduced recently here:
rL355741

This is the quick fix. If we need to do this transform
later, then we'd have to extend/truncate the vector setcc
element type to the scalar setcc type (i8). 

Modified:
    llvm/trunk/lib/Target/X86/X86ISelLowering.cpp
    llvm/trunk/test/CodeGen/X86/extractelement-fp.ll

Modified: llvm/trunk/lib/Target/X86/X86ISelLowering.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Target/X86/X86ISelLowering.cpp?rev=356053&r1=356052&r2=356053&view=diff
==============================================================================
--- llvm/trunk/lib/Target/X86/X86ISelLowering.cpp (original)
+++ llvm/trunk/lib/Target/X86/X86ISelLowering.cpp Wed Mar 13 07:49:52 2019
@@ -34349,7 +34349,7 @@ static SDValue scalarizeExtEltFP(SDNode
 
   // Vector FP compares don't fit the pattern of FP math ops (propagate, not
   // extract, the condition code), so deal with those as a special-case.
-  if (Vec.getOpcode() == ISD::SETCC) {
+  if (Vec.getOpcode() == ISD::SETCC && VT == MVT::i1) {
     EVT OpVT = Vec.getOperand(0).getValueType().getScalarType();
     if (OpVT != MVT::f32 && OpVT != MVT::f64)
       return SDValue();

Modified: llvm/trunk/test/CodeGen/X86/extractelement-fp.ll
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/CodeGen/X86/extractelement-fp.ll?rev=356053&r1=356052&r2=356053&view=diff
==============================================================================
--- llvm/trunk/test/CodeGen/X86/extractelement-fp.ll (original)
+++ llvm/trunk/test/CodeGen/X86/extractelement-fp.ll Wed Mar 13 07:49:52 2019
@@ -152,6 +152,25 @@ define i1 @fcmp_v4f64(<4 x double> %x, <
   ret i1 %r
 }
 
+; If we do the fcmp transform late, make sure we have the right types.
+; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13700
+
+define void @extsetcc(<4 x float> %x) {
+; CHECK-LABEL: extsetcc:
+; CHECK:       # %bb.0:
+; CHECK-NEXT:    vxorps %xmm1, %xmm1, %xmm1
+; CHECK-NEXT:    vcmpnleps %xmm0, %xmm1, %xmm0
+; CHECK-NEXT:    vextractps $0, %xmm0, %eax
+; CHECK-NEXT:    andl $1, %eax
+; CHECK-NEXT:    movb %al, (%rax)
+; CHECK-NEXT:    retq
+  %cmp = fcmp ult <4 x float> %x, zeroinitializer
+  %sext = sext <4 x i1> %cmp to <4 x i32>
+  %e = extractelement <4 x i1> %cmp, i1 0
+  store i1 %e, i1* undef
+  ret void
+}
+
 define float @select_fcmp_v4f32(<4 x float> %x, <4 x float> %y, <4 x float> %z, <4 x float> %w) nounwind {
 ; CHECK-LABEL: select_fcmp_v4f32:
 ; CHECK:       # %bb.0:

More information about the llvm-commits mailing list