From ae1bc9ebf3a07d2b8c93624518f649805deccc3e Mon Sep 17 00:00:00 2001
From: Sanjay Patel <spatel@rotateright.com>
Date: Tue, 25 May 2021 13:08:30 -0400
Subject: [PATCH] [InstCombine] avoid infinite loop from vector select
 transforms

The 2nd test is based on the fuzzer example in post-commit
comments of D101191 -
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34661

The 1st test shows that we don't deal with this symmetrically.
We should be able to reduce both examples (possibly in
instsimplify instead of instcombine).
---
 llvm/lib/Transforms/InstCombine/InstCombineSelect.cpp |  5 ++++-
 llvm/test/Transforms/InstCombine/select.ll            | 17 +++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/llvm/lib/Transforms/InstCombine/InstCombineSelect.cpp b/llvm/lib/Transforms/InstCombine/InstCombineSelect.cpp
index 50dc1a7..68124a1 100644
--- a/llvm/lib/Transforms/InstCombine/InstCombineSelect.cpp
+++ b/llvm/lib/Transforms/InstCombine/InstCombineSelect.cpp
@@ -2657,7 +2657,10 @@ Instruction *InstCombinerImpl::visitSelectInst(SelectInst &SI) {
 
   CmpInst::Predicate Pred;
 
-  if (SelType->isIntOrIntVectorTy(1) &&
+  // Avoid potential infinite loops by checking for non-constant condition.
+  // TODO: Can we assert instead by improving canonicalizeSelectToShuffle()?
+  //       Scalar select must have simplified?
+  if (SelType->isIntOrIntVectorTy(1) && !isa<Constant>(CondVal) &&
       TrueVal->getType() == CondVal->getType()) {
     // Folding select to and/or i1 isn't poison safe in general. impliesPoison
     // checks whether folding it does not convert a well-defined value into
diff --git a/llvm/test/Transforms/InstCombine/select.ll b/llvm/test/Transforms/InstCombine/select.ll
index 8aa5f41..a51bb8b 100644
--- a/llvm/test/Transforms/InstCombine/select.ll
+++ b/llvm/test/Transforms/InstCombine/select.ll
@@ -2828,6 +2828,23 @@ define i8* @select_replacement_gep_inbounds(i8* %base, i64 %offset) {
   ret i8* %sel
 }
 
+define <2 x i1> @partial_true_undef_condval(<2 x i1> %x) {
+; CHECK-LABEL: @partial_true_undef_condval(
+; CHECK-NEXT:    ret <2 x i1> <i1 true, i1 poison>
+;
+  %r = select <2 x i1> <i1 true, i1 poison>, <2 x i1> <i1 true, i1 poison>, <2 x i1> %x
+  ret <2 x i1> %r
+}
+
+define <2 x i1> @partial_false_undef_condval(<2 x i1> %x) {
+; CHECK-LABEL: @partial_false_undef_condval(
+; CHECK-NEXT:    [[R:%.*]] = select <2 x i1> <i1 false, i1 poison>, <2 x i1> [[X:%.*]], <2 x i1> <i1 false, i1 poison>
+; CHECK-NEXT:    ret <2 x i1> [[R]]
+;
+  %r = select <2 x i1> <i1 false, i1 poison>, <2 x i1> %x, <2 x i1> <i1 false, i1 poison>
+  ret <2 x i1> %r
+}
+
 declare void @use(i1)
 declare void @use_i8(i8)
 declare i32 @llvm.cttz.i32(i32, i1 immarg)
-- 
2.7.4