From: Sanjay Patel Date: Mon, 25 Nov 2019 21:07:10 +0000 (-0500) Subject: [DAGCombiner] avoid crash on out-of-bounds insert index (PR44139) X-Git-Tag: llvmorg-11-init~3474 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=214683f3b2d6f421c346debf41d545de18cc0caa;p=platform%2Fupstream%2Fllvm.git [DAGCombiner] avoid crash on out-of-bounds insert index (PR44139) We already have this simplification at node-creation-time, but the test from: https://bugs.llvm.org/show_bug.cgi?id=44139 ...shows that we can combine our way to an assert/crash too. --- diff --git a/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp b/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp index d56e737..793352c 100644 --- a/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp +++ b/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp @@ -16756,6 +16756,11 @@ SDValue DAGCombiner::visitINSERT_VECTOR_ELT(SDNode *N) { EVT VT = InVec.getValueType(); unsigned NumElts = VT.getVectorNumElements(); + // Insert into out-of-bounds element is undefined. + if (auto *IndexC = dyn_cast(EltNo)) + if (IndexC->getZExtValue() >= VT.getVectorNumElements()) + return DAG.getUNDEF(VT); + // Remove redundant insertions: // (insert_vector_elt x (extract_vector_elt x idx) idx) -> x if (InVal.getOpcode() == ISD::EXTRACT_VECTOR_ELT && diff --git a/llvm/test/CodeGen/X86/insertelement-var-index.ll b/llvm/test/CodeGen/X86/insertelement-var-index.ll index c6ab2cd..a37fe63 100644 --- a/llvm/test/CodeGen/X86/insertelement-var-index.ll +++ b/llvm/test/CodeGen/X86/insertelement-var-index.ll @@ -623,3 +623,31 @@ define <4 x double> @load_f64_v4f64(double* %p, i32 %y) nounwind { ret <4 x double> %ins } +; Don't die trying to insert to an invalid index. + +define i32 @PR44139(<16 x i64>* %p) { +; ALL-LABEL: PR44139: +; ALL: # %bb.0: +; ALL-NEXT: movl (%rdi), %eax +; ALL-NEXT: leal 2147483647(%rax), %ecx +; ALL-NEXT: testl %eax, %eax +; ALL-NEXT: cmovnsl %eax, %ecx +; ALL-NEXT: andl $-2147483648, %ecx # imm = 0x80000000 +; ALL-NEXT: addl %eax, %ecx +; ALL-NEXT: # kill: def $eax killed $eax killed $rax +; ALL-NEXT: xorl %edx, %edx +; ALL-NEXT: divl %ecx +; ALL-NEXT: retq + %L = load <16 x i64>, <16 x i64>* %p + %E1 = extractelement <16 x i64> %L, i64 0 + %tempvector = insertelement <16 x i64> undef, i64 %E1, i32 0 + %vector = shufflevector <16 x i64> %tempvector, <16 x i64> undef, <16 x i32> zeroinitializer + %C3 = icmp sgt i64 9223372036854775807, -9223372036854775808 + %t0 = trunc <16 x i64> %vector to <16 x i32> + %I4 = insertelement <16 x i64> %vector, i64 %E1, i1 %C3 + store <16 x i64> %I4, <16 x i64>* %p + %elt = extractelement <16 x i32> %t0, i32 0 + %B = srem i32 %elt, -2147483648 + %B9 = udiv i32 %elt, %B + ret i32 %B9 +} diff --git a/llvm/test/CodeGen/X86/vec_extract.ll b/llvm/test/CodeGen/X86/vec_extract.ll index 2d52bec..9b347c1 100644 --- a/llvm/test/CodeGen/X86/vec_extract.ll +++ b/llvm/test/CodeGen/X86/vec_extract.ll @@ -110,15 +110,11 @@ define <4 x i32> @ossfuzz15662(<4 x i32*>* %in) { ; X32-LABEL: ossfuzz15662: ; X32: # %bb.0: ; X32-NEXT: xorps %xmm0, %xmm0 -; X32-NEXT: movaps %xmm0, (%eax) -; X32-NEXT: xorps %xmm0, %xmm0 ; X32-NEXT: retl ; ; X64-LABEL: ossfuzz15662: ; X64: # %bb.0: ; X64-NEXT: xorps %xmm0, %xmm0 -; X64-NEXT: movaps %xmm0, (%rax) -; X64-NEXT: xorps %xmm0, %xmm0 ; X64-NEXT: retq %C10 = icmp ule i1 false, false %C3 = icmp ule i1 true, undef