[llvm] 137568e - [InstCombine] Fixed UB in foldCtpop

Dávid Bolvanský via llvm-commits llvm-commits at lists.llvm.org
Sun May 2 13:00:06 PDT 2021 

Yes, it was exposed on msan buildbot - use of uninit. value.

> Dňa 2. 5. 2021 o 21:36 užívateľ David Blaikie <dblaikie at gmail.com> napísal:
> 
> 
> Was this covered by existing tests (but only exposed on some buildbot or another configuration that tickled the UB into being more problematic?)?
> 
>> On Sat, Apr 24, 2021 at 10:44 AM Dávid Bolvanský via llvm-commits <llvm-commits at lists.llvm.org> wrote:
>> 
>> Author: Dávid Bolvanský
>> Date: 2021-04-24T19:44:16+02:00
>> New Revision: 137568e5797c33c12d284cc325367ceaddf2441a
>> 
>> URL: https://github.com/llvm/llvm-project/commit/137568e5797c33c12d284cc325367ceaddf2441a
>> DIFF: https://github.com/llvm/llvm-project/commit/137568e5797c33c12d284cc325367ceaddf2441a.diff
>> 
>> LOG: [InstCombine] Fixed UB in foldCtpop
>> 
>> Added: 
>> 
>> 
>> Modified: 
>>     llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
>> 
>> Removed: 
>> 
>> 
>> 
>> ################################################################################
>> diff  --git a/llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp b/llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
>> index 378682b7b9cd..72008dfa3b28 100644
>> --- a/llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
>> +++ b/llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
>> @@ -497,7 +497,7 @@ static Instruction *foldCtpop(IntrinsicInst &II, InstCombinerImpl &IC) {
>>    Type *Ty = II.getType();
>>    unsigned BitWidth = Ty->getScalarSizeInBits();
>>    Value *Op0 = II.getArgOperand(0);
>> -  Value *X;
>> +  Value *X, *Y;
>> 
>>    // ctpop(bitreverse(x)) -> ctpop(x)
>>    // ctpop(bswap(x)) -> ctpop(x)
>> @@ -505,8 +505,9 @@ static Instruction *foldCtpop(IntrinsicInst &II, InstCombinerImpl &IC) {
>>      return IC.replaceOperand(II, 0, X);
>> 
>>    // ctpop(rot(x)) -> ctpop(x)
>> -  if (match(Op0, m_FShl(m_Value(X), m_Specific(X), m_Value())) ||
>> -      match(Op0, m_FShr(m_Value(X), m_Specific(X), m_Value())))
>> +  if ((match(Op0, m_FShl(m_Value(X), m_Value(Y), m_Value())) ||
>> +       match(Op0, m_FShr(m_Value(X), m_Value(Y), m_Value()))) &&
>> +      X == Y)
>>      return IC.replaceOperand(II, 0, X);
>> 
>>    // ctpop(x | -x) -> bitwidth - cttz(x, false)
>> 
>> 
>> 
>> _______________________________________________
>> llvm-commits mailing list
>> llvm-commits at lists.llvm.org
>> https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20210502/776df460/attachment.html>

More information about the llvm-commits mailing list