[llvm] 1c7c69c - [ValueTracking] Check for ConstantExpr before using recursive helpers.
Florian Hahn via llvm-commits
llvm-commits at lists.llvm.org
Fri Jul 24 09:38:08 PDT 2020
Author: Florian Hahn
Date: 2020-07-24T17:37:09+01:00
New Revision: 1c7c69c795b22d73d038dd9b49de921cfd9d3468
URL: https://github.com/llvm/llvm-project/commit/1c7c69c795b22d73d038dd9b49de921cfd9d3468
DIFF: https://github.com/llvm/llvm-project/commit/1c7c69c795b22d73d038dd9b49de921cfd9d3468.diff
LOG: [ValueTracking] Check for ConstantExpr before using recursive helpers.
Make sure we do not call
constainsConstantExpression/containsUndefElement on ConstantExpression,
which is not supported.
In particular, containsUndefElement/constainsConstantExpression are only
supported on constants which are supported by getAggregateElement.
Unfortunately there's no convenient way to check if a constant supports
getAggregateElement, so just check for non-constantexpressions with
vector type. Other users of those functions do so too.
Reviewers: spatel, nikic, craig.topper, lebedev.ri, jdoerfert, aqjune
Reviewed By: jdoerfert
Differential Revision: https://reviews.llvm.org/D84512
Added:
llvm/test/Transforms/GVN/constexpr-vector-constainsundef-crash.ll
Modified:
llvm/lib/Analysis/ValueTracking.cpp
Removed:
################################################################################
diff --git a/llvm/lib/Analysis/ValueTracking.cpp b/llvm/lib/Analysis/ValueTracking.cpp
index 0ab2a1350af3..116916a9be2d 100644
--- a/llvm/lib/Analysis/ValueTracking.cpp
+++ b/llvm/lib/Analysis/ValueTracking.cpp
@@ -4794,8 +4794,8 @@ bool llvm::isGuaranteedNotToBeUndefOrPoison(const Value *V,
isa<ConstantPointerNull>(C) || isa<Function>(C))
return true;
- if (C->getType()->isVectorTy())
- return !C->containsUndefElement() && !C->containsConstantExpression();
+ if (C->getType()->isVectorTy() && !isa<ConstantExpr>(C))
+ return !C->containsConstantExpression() && !C->containsUndefElement();
}
// Strip cast operations from a pointer value.
diff --git a/llvm/test/Transforms/GVN/constexpr-vector-constainsundef-crash.ll b/llvm/test/Transforms/GVN/constexpr-vector-constainsundef-crash.ll
new file mode 100644
index 000000000000..b99cade66daa
--- /dev/null
+++ b/llvm/test/Transforms/GVN/constexpr-vector-constainsundef-crash.ll
@@ -0,0 +1,23 @@
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
+; RUN: opt -gvn -S %s | FileCheck %s
+
+; Reduced test case from
+; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24278
+
+; Make sure we do not crash when dealing with a vector constant expression.
+define <4 x i64*> @test(i64* %ptr) {
+; CHECK-LABEL: @test(
+; CHECK-NEXT: entry:
+; CHECK-NEXT: ret <4 x i64*> getelementptr (i64, i64* null, <4 x i64> <i64 0, i64 0, i64 0, i64 -128>)
+;
+entry:
+ %B9 = sdiv i16 -32768, 256
+ %L3 = load i64, i64* %ptr, align 4
+ %B3 = sub i16 0, %B9
+ %0 = insertelement <4 x i16> undef, i16 %B3, i32 3
+ %1 = sub <4 x i16> zeroinitializer, %0
+ %2 = sext <4 x i16> %1 to <4 x i32>
+ %3 = getelementptr inbounds i64, i64* null, <4 x i32> %2
+ %I6 = insertelement <4 x i64*> %3, i64* undef, i64 %L3
+ ret <4 x i64*> %I6
+}
More information about the llvm-commits
mailing list