[llvm] Signed integer overflow in Constraint Elimination pass LLVM issue (PR #133668)

[via llvm-commits]

https://github.com/houngkoungting updated https://github.com/llvm/llvm-project/pull/133668

>From ff8cdb3c75b5d01ff99d229d3322434a35e9333f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=BB=83=E5=9C=8B=E5=BA=AD?=
 <37643576+houngkoungting at users.noreply.github.com>
Date: Mon, 31 Mar 2025 09:12:33 +0800
Subject: [PATCH 1/2] Update MathExtras.h

---
 llvm/include/llvm/Support/MathExtras.h | 48 ++++++++++++++++----------
 1 file changed, 30 insertions(+), 18 deletions(-)

diff --git a/llvm/include/llvm/Support/MathExtras.h b/llvm/include/llvm/Support/MathExtras.h
index 519fcc8fde5d5..513885d5473f2 100644
--- a/llvm/include/llvm/Support/MathExtras.h
+++ b/llvm/include/llvm/Support/MathExtras.h
@@ -760,31 +760,43 @@ std::enable_if_t<std::is_signed_v<T>, T> SubOverflow(T X, T Y, T &Result) {
 /// Multiply two signed integers, computing the two's complement truncated
 /// result, returning true if an overflow occurred.
 template <typename T>
-std::enable_if_t<std::is_signed_v<T>, T> MulOverflow(T X, T Y, T &Result) {
+std::enable_if_t<std::is_signed_v<T>, bool>MulOverflow(T X, T Y, T &Result) {
 #if __has_builtin(__builtin_mul_overflow)
   return __builtin_mul_overflow(X, Y, &Result);
 #else
-  // Perform the unsigned multiplication on absolute values.
   using U = std::make_unsigned_t<T>;
-  const U UX = X < 0 ? (0 - static_cast<U>(X)) : static_cast<U>(X);
-  const U UY = Y < 0 ? (0 - static_cast<U>(Y)) : static_cast<U>(Y);
-  const U UResult = UX * UY;
+  // Handle zero case
+  if (X == 0 || Y == 0) {
+    Result = 0;
+    return false;
+  }
 
-  // Convert to signed.
-  const bool IsNegative = (X < 0) ^ (Y < 0);
-  Result = IsNegative ? (0 - UResult) : UResult;
+  bool IsNegative = (X < 0) ^ (Y < 0);
 
-  // If any of the args was 0, result is 0 and no overflow occurs.
-  if (UX == 0 || UY == 0)
-    return false;
+  // Safely compute absolute values  
+  const U AbsX = X < 0 ? (0 - static_cast<U>(X)) : static_cast<U>(X);
+  const U AbsY = Y < 0 ? (0 - static_cast<U>(Y)) : static_cast<U>(Y);
 
-  // UX and UY are in [1, 2^n], where n is the number of digits.
-  // Check how the max allowed absolute value (2^n for negative, 2^(n-1) for
-  // positive) divided by an argument compares to the other.
-  if (IsNegative)
-    return UX > (static_cast<U>(std::numeric_limits<T>::max()) + U(1)) / UY;
-  else
-    return UX > (static_cast<U>(std::numeric_limits<T>::max())) / UY;
+  // Overflow check before actual multiplication
+  constexpr U MaxPositive = static_cast<U>(std::numeric_limits<T>::max());
+  constexpr U MaxNegative = static_cast<U>(std::numeric_limits<T>::max()) + 1;
+
+  // Safe to multiply
+  U AbsResult = AbsX * AbsY;
+  Result = IsNegative ? static_cast<T>(0-AbsResult) : static_cast<T>(AbsResult);
+  
+  // Handle INT_MIN * -1 overflow case explicitly
+  if ((X == std::numeric_limits<T>::min() && Y == -1) ||
+      (Y == std::numeric_limits<T>::min() && X == -1)) {
+    return true;  // overflow
+  }
+
+  U Limit = IsNegative ? MaxNegative : MaxPositive;
+
+  if (AbsX > Limit / AbsY)
+    return true;
+
+  return false;
 #endif
 }
 

>From bf508ac437bc06e369027db4c046004866b22e69 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=BB=83=E5=9C=8B=E5=BA=AD?=
 <37643576+houngkoungting at users.noreply.github.com>
Date: Mon, 31 Mar 2025 09:23:44 +0800
Subject: [PATCH 2/2] Update MathExtras.h

---
 llvm/include/llvm/Support/MathExtras.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/llvm/include/llvm/Support/MathExtras.h b/llvm/include/llvm/Support/MathExtras.h
index 513885d5473f2..00fd097ff8674 100644
--- a/llvm/include/llvm/Support/MathExtras.h
+++ b/llvm/include/llvm/Support/MathExtras.h
@@ -771,7 +771,7 @@ std::enable_if_t<std::is_signed_v<T>, bool>MulOverflow(T X, T Y, T &Result) {
     return false;
   }
 
-  bool IsNegative = (X < 0) ^ (Y < 0);
+  const bool IsNegative = (X < 0) ^ (Y < 0);
 
   // Safely compute absolute values  
   const U AbsX = X < 0 ? (0 - static_cast<U>(X)) : static_cast<U>(X);