[PATCH] D84512: [ValueTracking] Check for ConstantExpr before using recursive helpers.

Florian Hahn via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri Jul 24 04:22:56 PDT 2020 

fhahn created this revision.
fhahn added reviewers: spatel, nikic, craig.topper, lebedev.ri, jdoerfert, aqjune.
Herald added a subscriber: hiraditya.
Herald added a project: LLVM.

Make sure we do not call
constainsConstantExpression/containsUndefElement on ConstantExpression,
which is not supported.

In particular, containsUndefElement/constainsConstantExpression are only
supported on constants which are supported by getAggregateElement.

Unfortunately there's no convenient way to check if a constant supports
getAggregateElement, so just check for non-constantexpressions with
vector type. Other users of those functions do so too.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D84512

Files:
  llvm/lib/Analysis/ValueTracking.cpp
  llvm/test/Transforms/GVN/constexpr-vector-constainsundef-crash.ll


Index: llvm/test/Transforms/GVN/constexpr-vector-constainsundef-crash.ll
===================================================================
--- /dev/null
+++ llvm/test/Transforms/GVN/constexpr-vector-constainsundef-crash.ll
@@ -0,0 +1,23 @@
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
+; RUN: opt -gvn -S %s | FileCheck %s
+
+; Reduced test case from
+; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24278
+
+; Make sure we do not crash when dealing with a vector constant expression.
+define <4 x i64*> @test(i64* %ptr) {
+; CHECK-LABEL: @test(
+; CHECK-NEXT:  entry:
+; CHECK-NEXT:    ret <4 x i64*> getelementptr (i64, i64* null, <4 x i64> <i64 0, i64 0, i64 0, i64 -128>)
+;
+entry:
+  %B9 = sdiv i16 -32768, 256
+  %L3 = load i64, i64* %ptr, align 4
+  %B3 = sub i16 0, %B9
+  %0 = insertelement <4 x i16> undef, i16 %B3, i32 3
+  %1 = sub <4 x i16> zeroinitializer, %0
+  %2 = sext <4 x i16> %1 to <4 x i32>
+  %3 = getelementptr inbounds i64, i64* null, <4 x i32> %2
+  %I6 = insertelement <4 x i64*> %3, i64* undef, i64 %L3
+  ret <4 x i64*> %I6
+}
Index: llvm/lib/Analysis/ValueTracking.cpp
===================================================================
--- llvm/lib/Analysis/ValueTracking.cpp
+++ llvm/lib/Analysis/ValueTracking.cpp
@@ -4794,8 +4794,8 @@
         isa<ConstantPointerNull>(C) || isa<Function>(C))
       return true;
 
-    if (C->getType()->isVectorTy())
-      return !C->containsUndefElement() && !C->containsConstantExpression();
+    if (C->getType()->isVectorTy() && !isa<ConstantExpr>(C))
+      return !C->containsConstantExpression() && !C->containsUndefElement();
   }
 
   // Strip cast operations from a pointer value.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D84512.280401.patch
Type: text/x-patch
Size: 1702 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200724/d528da61/attachment.bin>

More information about the llvm-commits mailing list