Skip to content

Commit 1c7c69c

Browse files
committed
[ValueTracking] Check for ConstantExpr before using recursive helpers.
Make sure we do not call constainsConstantExpression/containsUndefElement on ConstantExpression, which is not supported. In particular, containsUndefElement/constainsConstantExpression are only supported on constants which are supported by getAggregateElement. Unfortunately there's no convenient way to check if a constant supports getAggregateElement, so just check for non-constantexpressions with vector type. Other users of those functions do so too. Reviewers: spatel, nikic, craig.topper, lebedev.ri, jdoerfert, aqjune Reviewed By: jdoerfert Differential Revision: https://reviews.llvm.org/D84512
1 parent 22c1636 commit 1c7c69c

File tree

2 files changed

+25
-2
lines changed

2 files changed

+25
-2
lines changed

llvm/lib/Analysis/ValueTracking.cpp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4794,8 +4794,8 @@ bool llvm::isGuaranteedNotToBeUndefOrPoison(const Value *V,
47944794
isa<ConstantPointerNull>(C) || isa<Function>(C))
47954795
return true;
47964796

4797-
if (C->getType()->isVectorTy())
4798-
return !C->containsUndefElement() && !C->containsConstantExpression();
4797+
if (C->getType()->isVectorTy() && !isa<ConstantExpr>(C))
4798+
return !C->containsConstantExpression() && !C->containsUndefElement();
47994799
}
48004800

48014801
// Strip cast operations from a pointer value.
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
2+
; RUN: opt -gvn -S %s | FileCheck %s
3+
4+
; Reduced test case from
5+
; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24278
6+
7+
; Make sure we do not crash when dealing with a vector constant expression.
8+
define <4 x i64*> @test(i64* %ptr) {
9+
; CHECK-LABEL: @test(
10+
; CHECK-NEXT: entry:
11+
; CHECK-NEXT: ret <4 x i64*> getelementptr (i64, i64* null, <4 x i64> <i64 0, i64 0, i64 0, i64 -128>)
12+
;
13+
entry:
14+
%B9 = sdiv i16 -32768, 256
15+
%L3 = load i64, i64* %ptr, align 4
16+
%B3 = sub i16 0, %B9
17+
%0 = insertelement <4 x i16> undef, i16 %B3, i32 3
18+
%1 = sub <4 x i16> zeroinitializer, %0
19+
%2 = sext <4 x i16> %1 to <4 x i32>
20+
%3 = getelementptr inbounds i64, i64* null, <4 x i32> %2
21+
%I6 = insertelement <4 x i64*> %3, i64* undef, i64 %L3
22+
ret <4 x i64*> %I6
23+
}

0 commit comments

Comments
 (0)