[llvm] b82b305 - [InstCombine] Fix out-of-bounds ashr(shl) optimization

Jeroen Dobbelaere via llvm-commits llvm-commits at lists.llvm.org
Fri Apr 2 04:49:02 PDT 2021 

Author: Jeroen Dobbelaere
Date: 2021-04-02T13:45:11+02:00
New Revision: b82b305cf94a57a7e0e72f576b85aaa136a505c3

URL: https://github.com/llvm/llvm-project/commit/b82b305cf94a57a7e0e72f576b85aaa136a505c3
DIFF: https://github.com/llvm/llvm-project/commit/b82b305cf94a57a7e0e72f576b85aaa136a505c3.diff

LOG: [InstCombine] Fix out-of-bounds ashr(shl) optimization

This fixes a crash found by the oss fuzzer and reported by @fhahn.
The suggestion of @RKSimon seems to be the correct fix here. (See D91343).

The oss fuzz report can be found here: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32759

Reviewed By: lebedev.ri

Differential Revision: https://reviews.llvm.org/D99792

Added: 
    llvm/test/Transforms/InstCombine/oss_fuzz_32759.ll

Modified: 
    llvm/lib/Transforms/InstCombine/InstCombineSimplifyDemanded.cpp

Removed: 
    


################################################################################
diff  --git a/llvm/lib/Transforms/InstCombine/InstCombineSimplifyDemanded.cpp b/llvm/lib/Transforms/InstCombine/InstCombineSimplifyDemanded.cpp
index 54ca2c10dd047..3c097a4952776 100644
--- a/llvm/lib/Transforms/InstCombine/InstCombineSimplifyDemanded.cpp
+++ b/llvm/lib/Transforms/InstCombine/InstCombineSimplifyDemanded.cpp
@@ -927,7 +927,7 @@ Value *InstCombinerImpl::SimplifyMultipleUseDemandedBits(
     unsigned BitWidth = DemandedMask.getBitWidth();
     if (match(I,
               m_AShr(m_Shl(m_Value(X), m_APInt(ShiftLC)), m_APInt(ShiftRC))) &&
-        ShiftLC == ShiftRC &&
+        ShiftLC == ShiftRC && ShiftLC->ult(BitWidth) &&
         DemandedMask.isSubsetOf(APInt::getLowBitsSet(
             BitWidth, BitWidth - ShiftRC->getZExtValue()))) {
       return X;

diff  --git a/llvm/test/Transforms/InstCombine/oss_fuzz_32759.ll b/llvm/test/Transforms/InstCombine/oss_fuzz_32759.ll
new file mode 100644
index 0000000000000..4f0443265b110
--- /dev/null
+++ b/llvm/test/Transforms/InstCombine/oss_fuzz_32759.ll
@@ -0,0 +1,29 @@
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
+; RUN: opt < %s -instcombine -S | FileCheck %s
+target datalayout = "n32"
+
+define i1 @oss_fuzz_32759(i1 %y) {
+; CHECK-LABEL: @oss_fuzz_32759(
+; CHECK-NEXT:  entry:
+; CHECK-NEXT:    br i1 undef, label [[COND_TRUE:%.*]], label [[END:%.*]]
+; CHECK:       cond.true:
+; CHECK-NEXT:    br label [[END]]
+; CHECK:       end:
+; CHECK-NEXT:    ret i1 false
+;
+entry:
+  br i1 undef, label %cond.true, label %end
+
+cond.true:                                        ; preds = %entry
+  %zy = zext i1 %y to i32
+  %B6 = shl i32 %zy, 2147483647
+  %B3 = ashr i32 %B6, 2147483647
+  %B7 = srem i32 %B3, 123
+  %cond = xor i32 %B7, %B3
+  br label %end
+
+end:                                              ; preds = %cond.true, %entry
+  %p = phi i32 [ %cond, %cond.true ], [ -1, %entry ]
+  %r = icmp eq i32 %p, 0
+  ret i1 %r
+}

More information about the llvm-commits mailing list