[LazyValueInfo] PR33357 prevent infinite recursion on BinaryOperator

Summary: It is possible for LVI to encounter instructions that are not in valid SSA form and reference themselves. One example is the following: %tmp4 = and i1 %tmp4, undef Before this patch LVI would recurse until running out of stack memory and crashed. This patch marks these self-referential instructions as Overdefined and aborts analysis on the instruction. Fixes https://bugs.llvm.org/show_bug.cgi?id=33357 Reviewers: craig.topper, anna, efriedma, dberlin, sebpop, kuhar Reviewed by: dberlin Subscribers: uabelho, spatel, a.elovikov, fhahn, eli.friedman, mzolotukhin, spop, evandro, davide, llvm-commits Differential Revision: https://reviews.llvm.org/D34135 llvm-svn: 327432
2025-01-31 12:41:49 +01:00 · 2018-03-13 18:14:10 +00:00 · 2018-03-13 18:14:10 +00:00 · 409c4a1d03
commit 409c4a1d03
parent 4361f2f333
2 changed files with 48 additions and 3 deletions
--- a/lib/Analysis/LazyValueInfo.cpp
+++ b/lib/Analysis/LazyValueInfo.cpp
@ -1145,9 +1145,17 @@ getValueFromConditionImpl(Value *Val, Value *Cond, bool isTrueDest,
             (!isTrueDest && BO->getOpcode() != BinaryOperator::Or))
    return ValueLatticeElement::getOverdefined();

-  auto RHS = getValueFromCondition(Val, BO->getOperand(0), isTrueDest, Visited);
-  auto LHS = getValueFromCondition(Val, BO->getOperand(1), isTrueDest, Visited);
-  return intersect(RHS, LHS);
+  // Prevent infinite recursion if Cond references itself as in this example:
+  //  Cond: "%tmp4 = and i1 %tmp4, undef"
+  //    BL: "%tmp4 = and i1 %tmp4, undef"
+  //    BR: "i1 undef"
+  Value *BL = BO->getOperand(0);
+  Value *BR = BO->getOperand(1);
+  if (BL == Cond || BR == Cond)
+    return ValueLatticeElement::getOverdefined();
+
+  return intersect(getValueFromCondition(Val, BL, isTrueDest, Visited),
+                   getValueFromCondition(Val, BR, isTrueDest, Visited));
 }

 static ValueLatticeElement
--- a/test/Transforms/JumpThreading/PR33357-lvi-recursion.ll
+++ b/test/Transforms/JumpThreading/PR33357-lvi-recursion.ll
@ -0,0 +1,37 @@
+; RUN: opt -S -jump-threading -verify -o - %s | FileCheck %s
+@a = external global i16, align 1
+
+; CHECK-LABEL: f
+; CHECK: bb6:
+; CHECK: bb2:
+; CHECK: bb3:
+; CHECK-NOT: bb0:
+; CHECK-NOT: bb1:
+; CHECK-NOT: bb4:
+; CHECK-NOT: bb5:
+define void @f(i32 %p1) {
+bb0:
+  %0 = icmp eq i32 %p1, 0
+  br i1 undef, label %bb6, label %bb1
+
+bb1:
+  br label %bb2
+
+bb2:
+  %1 = phi i1 [ %0, %bb1 ], [ %2, %bb4 ]
+  %2 = and i1 %1, undef
+  br i1 %2, label %bb3, label %bb4
+
+bb3:
+  store i16 undef, i16* @a, align 1
+  br label %bb4
+
+bb4:
+  br i1 %0, label %bb2, label %bb5
+
+bb5:
+  unreachable
+
+bb6:
+  ret void
+}