[llvm] 214683f - [DAGCombiner] avoid crash on out-of-bounds insert index (PR44139)
Sanjay Patel via llvm-commits
llvm-commits at lists.llvm.org
Mon Nov 25 13:27:49 PST 2019
Author: Sanjay Patel
Date: 2019-11-25T16:24:06-05:00
New Revision: 214683f3b2d6f421c346debf41d545de18cc0caa
URL: https://github.com/llvm/llvm-project/commit/214683f3b2d6f421c346debf41d545de18cc0caa
DIFF: https://github.com/llvm/llvm-project/commit/214683f3b2d6f421c346debf41d545de18cc0caa.diff
LOG: [DAGCombiner] avoid crash on out-of-bounds insert index (PR44139)
We already have this simplification at node-creation-time, but
the test from:
https://bugs.llvm.org/show_bug.cgi?id=44139
...shows that we can combine our way to an assert/crash too.
Added:
Modified:
llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp
llvm/test/CodeGen/X86/insertelement-var-index.ll
llvm/test/CodeGen/X86/vec_extract.ll
Removed:
################################################################################
diff --git a/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp b/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp
index d56e737226e3..793352c16d35 100644
--- a/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp
+++ b/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp
@@ -16756,6 +16756,11 @@ SDValue DAGCombiner::visitINSERT_VECTOR_ELT(SDNode *N) {
EVT VT = InVec.getValueType();
unsigned NumElts = VT.getVectorNumElements();
+ // Insert into out-of-bounds element is undefined.
+ if (auto *IndexC = dyn_cast<ConstantSDNode>(EltNo))
+ if (IndexC->getZExtValue() >= VT.getVectorNumElements())
+ return DAG.getUNDEF(VT);
+
// Remove redundant insertions:
// (insert_vector_elt x (extract_vector_elt x idx) idx) -> x
if (InVal.getOpcode() == ISD::EXTRACT_VECTOR_ELT &&
diff --git a/llvm/test/CodeGen/X86/insertelement-var-index.ll b/llvm/test/CodeGen/X86/insertelement-var-index.ll
index c6ab2cd7fa9b..a37fe63944de 100644
--- a/llvm/test/CodeGen/X86/insertelement-var-index.ll
+++ b/llvm/test/CodeGen/X86/insertelement-var-index.ll
@@ -623,3 +623,31 @@ define <4 x double> @load_f64_v4f64(double* %p, i32 %y) nounwind {
ret <4 x double> %ins
}
+; Don't die trying to insert to an invalid index.
+
+define i32 @PR44139(<16 x i64>* %p) {
+; ALL-LABEL: PR44139:
+; ALL: # %bb.0:
+; ALL-NEXT: movl (%rdi), %eax
+; ALL-NEXT: leal 2147483647(%rax), %ecx
+; ALL-NEXT: testl %eax, %eax
+; ALL-NEXT: cmovnsl %eax, %ecx
+; ALL-NEXT: andl $-2147483648, %ecx # imm = 0x80000000
+; ALL-NEXT: addl %eax, %ecx
+; ALL-NEXT: # kill: def $eax killed $eax killed $rax
+; ALL-NEXT: xorl %edx, %edx
+; ALL-NEXT: divl %ecx
+; ALL-NEXT: retq
+ %L = load <16 x i64>, <16 x i64>* %p
+ %E1 = extractelement <16 x i64> %L, i64 0
+ %tempvector = insertelement <16 x i64> undef, i64 %E1, i32 0
+ %vector = shufflevector <16 x i64> %tempvector, <16 x i64> undef, <16 x i32> zeroinitializer
+ %C3 = icmp sgt i64 9223372036854775807, -9223372036854775808
+ %t0 = trunc <16 x i64> %vector to <16 x i32>
+ %I4 = insertelement <16 x i64> %vector, i64 %E1, i1 %C3
+ store <16 x i64> %I4, <16 x i64>* %p
+ %elt = extractelement <16 x i32> %t0, i32 0
+ %B = srem i32 %elt, -2147483648
+ %B9 = udiv i32 %elt, %B
+ ret i32 %B9
+}
diff --git a/llvm/test/CodeGen/X86/vec_extract.ll b/llvm/test/CodeGen/X86/vec_extract.ll
index 2d52bec473a2..9b347c12194c 100644
--- a/llvm/test/CodeGen/X86/vec_extract.ll
+++ b/llvm/test/CodeGen/X86/vec_extract.ll
@@ -110,15 +110,11 @@ define <4 x i32> @ossfuzz15662(<4 x i32*>* %in) {
; X32-LABEL: ossfuzz15662:
; X32: # %bb.0:
; X32-NEXT: xorps %xmm0, %xmm0
-; X32-NEXT: movaps %xmm0, (%eax)
-; X32-NEXT: xorps %xmm0, %xmm0
; X32-NEXT: retl
;
; X64-LABEL: ossfuzz15662:
; X64: # %bb.0:
; X64-NEXT: xorps %xmm0, %xmm0
-; X64-NEXT: movaps %xmm0, (%rax)
-; X64-NEXT: xorps %xmm0, %xmm0
; X64-NEXT: retq
%C10 = icmp ule i1 false, false
%C3 = icmp ule i1 true, undef
More information about the llvm-commits
mailing list