diff options
| author | Sanjay Patel <spatel@rotateright.com> | 2019-11-25 16:07:10 -0500 |
|---|---|---|
| committer | Sanjay Patel <spatel@rotateright.com> | 2019-11-25 16:24:06 -0500 |
| commit | 214683f3b2d6f421c346debf41d545de18cc0caa (patch) | |
| tree | 6ba0786a2486f27fffa50977fb3fc0839dbe13d6 | |
| parent | 3c5142597a451a03db21c2ffe8f6520c7eacce59 (diff) | |
| download | bcm5719-llvm-214683f3b2d6f421c346debf41d545de18cc0caa.tar.gz bcm5719-llvm-214683f3b2d6f421c346debf41d545de18cc0caa.zip | |
[DAGCombiner] avoid crash on out-of-bounds insert index (PR44139)
We already have this simplification at node-creation-time, but
the test from:
https://bugs.llvm.org/show_bug.cgi?id=44139
...shows that we can combine our way to an assert/crash too.
| -rw-r--r-- | llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp | 5 | ||||
| -rw-r--r-- | llvm/test/CodeGen/X86/insertelement-var-index.ll | 28 | ||||
| -rw-r--r-- | llvm/test/CodeGen/X86/vec_extract.ll | 4 |
3 files changed, 33 insertions, 4 deletions
diff --git a/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp b/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp index d56e737226e..793352c16d3 100644 --- a/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp +++ b/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp @@ -16756,6 +16756,11 @@ SDValue DAGCombiner::visitINSERT_VECTOR_ELT(SDNode *N) { EVT VT = InVec.getValueType(); unsigned NumElts = VT.getVectorNumElements(); + // Insert into out-of-bounds element is undefined. + if (auto *IndexC = dyn_cast<ConstantSDNode>(EltNo)) + if (IndexC->getZExtValue() >= VT.getVectorNumElements()) + return DAG.getUNDEF(VT); + // Remove redundant insertions: // (insert_vector_elt x (extract_vector_elt x idx) idx) -> x if (InVal.getOpcode() == ISD::EXTRACT_VECTOR_ELT && diff --git a/llvm/test/CodeGen/X86/insertelement-var-index.ll b/llvm/test/CodeGen/X86/insertelement-var-index.ll index c6ab2cd7fa9..a37fe63944d 100644 --- a/llvm/test/CodeGen/X86/insertelement-var-index.ll +++ b/llvm/test/CodeGen/X86/insertelement-var-index.ll @@ -623,3 +623,31 @@ define <4 x double> @load_f64_v4f64(double* %p, i32 %y) nounwind { ret <4 x double> %ins } +; Don't die trying to insert to an invalid index. + +define i32 @PR44139(<16 x i64>* %p) { +; ALL-LABEL: PR44139: +; ALL: # %bb.0: +; ALL-NEXT: movl (%rdi), %eax +; ALL-NEXT: leal 2147483647(%rax), %ecx +; ALL-NEXT: testl %eax, %eax +; ALL-NEXT: cmovnsl %eax, %ecx +; ALL-NEXT: andl $-2147483648, %ecx # imm = 0x80000000 +; ALL-NEXT: addl %eax, %ecx +; ALL-NEXT: # kill: def $eax killed $eax killed $rax +; ALL-NEXT: xorl %edx, %edx +; ALL-NEXT: divl %ecx +; ALL-NEXT: retq + %L = load <16 x i64>, <16 x i64>* %p + %E1 = extractelement <16 x i64> %L, i64 0 + %tempvector = insertelement <16 x i64> undef, i64 %E1, i32 0 + %vector = shufflevector <16 x i64> %tempvector, <16 x i64> undef, <16 x i32> zeroinitializer + %C3 = icmp sgt i64 9223372036854775807, -9223372036854775808 + %t0 = trunc <16 x i64> %vector to <16 x i32> + %I4 = insertelement <16 x i64> %vector, i64 %E1, i1 %C3 + store <16 x i64> %I4, <16 x i64>* %p + %elt = extractelement <16 x i32> %t0, i32 0 + %B = srem i32 %elt, -2147483648 + %B9 = udiv i32 %elt, %B + ret i32 %B9 +} diff --git a/llvm/test/CodeGen/X86/vec_extract.ll b/llvm/test/CodeGen/X86/vec_extract.ll index 2d52bec473a..9b347c12194 100644 --- a/llvm/test/CodeGen/X86/vec_extract.ll +++ b/llvm/test/CodeGen/X86/vec_extract.ll @@ -110,15 +110,11 @@ define <4 x i32> @ossfuzz15662(<4 x i32*>* %in) { ; X32-LABEL: ossfuzz15662: ; X32: # %bb.0: ; X32-NEXT: xorps %xmm0, %xmm0 -; X32-NEXT: movaps %xmm0, (%eax) -; X32-NEXT: xorps %xmm0, %xmm0 ; X32-NEXT: retl ; ; X64-LABEL: ossfuzz15662: ; X64: # %bb.0: ; X64-NEXT: xorps %xmm0, %xmm0 -; X64-NEXT: movaps %xmm0, (%rax) -; X64-NEXT: xorps %xmm0, %xmm0 ; X64-NEXT: retq %C10 = icmp ule i1 false, false %C3 = icmp ule i1 true, undef |
