[TargetLowering] prepareUREMEqFold/prepareSREMEqFold - account for non legal shift...

Ensure we tell getShiftAmountTy that we're working with pre-legalized types to prevent cases where the (legalized) shift type can no longer handle the (non-legalized) type width.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34366

diff --git a/llvm/lib/CodeGen/SelectionDAG/TargetLowering.cpp b/llvm/lib/CodeGen/SelectionDAG/TargetLowering.cpp
index 2df2877..53b3bcb 100644 (file)
--- a/llvm/lib/CodeGen/SelectionDAG/TargetLowering.cpp
+++ b/llvm/lib/CodeGen/SelectionDAG/TargetLowering.cpp
@@ -5455,7 +5455,7 @@ TargetLowering::prepareUREMEqFold(EVT SETCCVT, SDValue REMNode,
 
   EVT VT = REMNode.getValueType();
   EVT SVT = VT.getScalarType();
-  EVT ShVT = getShiftAmountTy(VT, DAG.getDataLayout());
+  EVT ShVT = getShiftAmountTy(VT, DAG.getDataLayout(), !DCI.isBeforeLegalize());
   EVT ShSVT = ShVT.getScalarType();
 
   // If MUL is unavailable, we cannot proceed in any case.
@@ -5699,7 +5699,7 @@ TargetLowering::prepareSREMEqFold(EVT SETCCVT, SDValue REMNode,
 
   EVT VT = REMNode.getValueType();
   EVT SVT = VT.getScalarType();
-  EVT ShVT = getShiftAmountTy(VT, DAG.getDataLayout());
+  EVT ShVT = getShiftAmountTy(VT, DAG.getDataLayout(), !DCI.isBeforeLegalize());
   EVT ShSVT = ShVT.getScalarType();
 
   // If we are after ops legalization, and MUL is unavailable, we can not

diff --git a/llvm/test/CodeGen/X86/urem-seteq.ll b/llvm/test/CodeGen/X86/urem-seteq.ll
index 1a16cf9..21aed94 100644 (file)
--- a/llvm/test/CodeGen/X86/urem-seteq.ll
+++ b/llvm/test/CodeGen/X86/urem-seteq.ll
@@ -356,3 +356,36 @@ define i32 @test_urem_allones(i32 %X) nounwind {
   %ret = zext i1 %cmp to i32
   ret i32 %ret
 }
+
+; Check illegal types.
+
+; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34366
+define void @ossfuzz34366() {
+; X86-LABEL: ossfuzz34366:
+; X86:       # %bb.0:
+; X86-NEXT:    movl (%eax), %eax
+; X86-NEXT:    movl %eax, %ecx
+; X86-NEXT:    andl $2147483647, %ecx # imm = 0x7FFFFFFF
+; X86-NEXT:    orl %eax, %ecx
+; X86-NEXT:    orl %eax, %ecx
+; X86-NEXT:    orl %eax, %ecx
+; X86-NEXT:    orl %eax, %ecx
+; X86-NEXT:    sete (%eax)
+; X86-NEXT:    retl
+;
+; X64-LABEL: ossfuzz34366:
+; X64:       # %bb.0:
+; X64-NEXT:    movq (%rax), %rax
+; X64-NEXT:    movabsq $9223372036854775807, %rcx # imm = 0x7FFFFFFFFFFFFFFF
+; X64-NEXT:    andq %rax, %rcx
+; X64-NEXT:    orq %rax, %rcx
+; X64-NEXT:    orq %rax, %rcx
+; X64-NEXT:    orq %rax, %rcx
+; X64-NEXT:    sete (%rax)
+; X64-NEXT:    retq
+  %L10 = load i448, i448* undef, align 4
+  %B18 = urem i448 %L10, -363419362147803445274661903944002267176820680343659030140745099590319644056698961663095525356881782780381260803133088966767300814307328
+  %C13 = icmp ule i448 %B18, 0
+  store i1 %C13, i1* undef, align 1
+  ret void
+}