Skip to content

[SimplifyCFG] Fix crash when there is unreachable large index #88616

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 15, 2024
Merged

[SimplifyCFG] Fix crash when there is unreachable large index #88616

merged 1 commit into from
Apr 15, 2024

Conversation

vfdff
Copy link
Contributor

@vfdff vfdff commented Apr 13, 2024

The large case index out of scope is dead code, but it is still be created in TableContents in SwitchLookupTable::SwitchLookupTable so make sure the table size after growing should not get smaller.

Fix #88607

@vfdff vfdff self-assigned this Apr 13, 2024
@llvmbot
Copy link
Member

llvmbot commented Apr 13, 2024

@llvm/pr-subscribers-llvm-transforms

Author: Allen (vfdff)

Changes

The large case index out of scope is dead code, but it is still be created in TableContents in SwitchLookupTable::SwitchLookupTable so make sure the table size after growing should not get smaller.

Fix #88607

Full diff: https://github.com/llvm/llvm-project/pull/88616.diff

2 Files Affected:

  • (modified) llvm/lib/Transforms/Utils/SimplifyCFG.cpp (+3-1)
  • (modified) llvm/test/Transforms/SimplifyCFG/switch_mask.ll (+25)
diff --git a/llvm/lib/Transforms/Utils/SimplifyCFG.cpp b/llvm/lib/Transforms/Utils/SimplifyCFG.cpp
index 55bbffb18879fb..728cd094e1ebc1 100644
--- a/llvm/lib/Transforms/Utils/SimplifyCFG.cpp
+++ b/llvm/lib/Transforms/Utils/SimplifyCFG.cpp
@@ -6783,9 +6783,11 @@ static bool SwitchToLookupTable(SwitchInst *SI, IRBuilder<> &Builder,
           return SwitchLookupTable::WouldFitInRegister(
               DL, UpperBound, KV.second /* ResultType */);
         })) {
+      // There may be some case index lager than the UpperBound (unreachable
+      // case), so make sure the table size does not get smaller.
+      TableSize = std::max(UpperBound, TableSize);
       // The default branch is unreachable after we enlarge the lookup table.
       // Adjust DefaultIsReachable to reuse code path.
-      TableSize = UpperBound;
       DefaultIsReachable = false;
     }
   }
diff --git a/llvm/test/Transforms/SimplifyCFG/switch_mask.ll b/llvm/test/Transforms/SimplifyCFG/switch_mask.ll
index 17f7b583ee840e..51c15774d47628 100644
--- a/llvm/test/Transforms/SimplifyCFG/switch_mask.ll
+++ b/llvm/test/Transforms/SimplifyCFG/switch_mask.ll
@@ -214,3 +214,28 @@ lor.end:                                          ; preds = %default, %for.end,
   %retval.0.i.i = phi i32 [ 1, %default ], [ 0, %for.end ], [ 0, %for.end ], [ 0, %for.end ]
   ret void
 }
+
+define i1 @pr88607() {
+; CHECK-LABEL: @pr88607(
+; CHECK-NEXT:  entry:
+; CHECK-NEXT:    [[COND:%.*]] = select i1 false, i32 4, i32 1
+; CHECK-NEXT:    [[SPEC_SELECT:%.*]] = select i1 false, i32 2, i32 [[COND]]
+; CHECK-NEXT:    ret i1 false
+;
+entry:
+  %cond = select i1 false, i32 4, i32 1
+  %spec.select = select i1 false, i32 2, i32 %cond
+  switch i32 %spec.select, label %lor.rhs [
+  i32 0, label %exit
+  i32 5, label %exit ; unreachable large case index
+  i32 1, label %exit
+  ]
+
+lor.rhs:                                        ; preds = %entry
+  br label %exit
+
+exit: ; preds = %lor.rhs, %entry, %entry, %entry, %entry
+  %res.ph = phi i1 [ false, %entry ], [ false, %lor.rhs ], [ false, %entry ], [ false, %entry ]
+  ret i1 %res.ph
+}
+

@vfdff
[SimplifyCFG] Fix crash when there is unreachable large index
8cf963a 
The large case index out of scope is dead code, but it is still
be created in TableContents in SwitchLookupTable::SwitchLookupTable
so make sure the table size after growing should not get smaller.

Fix llvm#88607
nikic
nikic approved these changes Apr 15, 2024
View reviewed changes
Copy link
Contributor

@nikic nikic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vfdff vfdff merged commit 37b7207 into llvm:main Apr 15, 2024
bazuzi pushed a commit to bazuzi/llvm-project that referenced this pull request Apr 15, 2024
@vfdff @bazuzi
[SimplifyCFG] Fix crash when there is unreachable large index (llvm#8…
bb09408 
…8616)

The large case index out of scope is dead code, but it is still be
created for TableContents in SwitchLookupTable::SwitchLookupTable,
so make sure the table size after growing should not get smaller.

Fix llvm#88607
aniplcc pushed a commit to aniplcc/llvm-project that referenced this pull request Apr 15, 2024
@vfdff @aniplcc
[SimplifyCFG] Fix crash when there is unreachable large index (llvm#8…
13e4698 
…8616)

The large case index out of scope is dead code, but it is still be
created for TableContents in SwitchLookupTable::SwitchLookupTable,
so make sure the table size after growing should not get smaller.

Fix llvm#88607
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikic nikic nikic approved these changes

@zmodem zmodem Awaiting requested review from zmodem

@RKSimon RKSimon Awaiting requested review from RKSimon

@DimitryAndric DimitryAndric Awaiting requested review from DimitryAndric

@aeubanks aeubanks Awaiting requested review from aeubanks

Assignees

@vfdff vfdff

Labels
llvm:transforms
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[SimplyCFG] After 7c4180a36a9, Assertion failed: (idx < size()), function operator[] (in SwitchToLookupTable)
3 participants
@vfdff @llvmbot @nikic