RPCS3/llvm-mirror
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm-mirror.git synced 2024-11-23 03:02:36 +01:00
Code Issues Projects Releases Wiki Activity

[InstCombine] Fix matchRotate bug when one operand is a ConstantExpr shift

Browse Source 
This bug seems to be harmless in release builds, but will cause an error in UBSAN
builds or an assertion failure in debug builds.

When it gets to this opcode comparison, it assumes both of the operands are BinaryOperators,
but the prior m_LogicalShift will also match a ConstantExpr. The cast<BinaryOperator> will
assert in a debug build, or reading an invalid value for BinaryOp from memory with
((BinaryOperator*)constantExpr)->getOpcode() will cause an error in a UBSAN build.

The test I added will fail without this change in debug/UBSAN builds, but not in release.

Patch by: @AndrewScheidecker (Andrew Scheidecker)

Differential Revision: https://reviews.llvm.org/D58049

llvm-svn: 353736
This commit is contained in:
Sanjay Patel 2019-02-11 19:26:27 +00:00
parent 2c4515bf4e
commit ee24e16f9b
2 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/Transforms/InstCombine/InstCombineAndOrXor.cpp
View File

@ -1819,14 +1819,18 @@ static Instruction *matchRotate(Instruction &Or) {
// First, find an or'd pair of opposite shifts with the same shifted operand:
// or (lshr ShVal, ShAmt0), (shl ShVal, ShAmt1)
Value *Or0 = Or.getOperand(0), *Or1 = Or.getOperand(1);
BinaryOperator *Or0, *Or1;
if (!match(Or.getOperand(0), m_BinOp(Or0)) ||
!match(Or.getOperand(1), m_BinOp(Or1)))
return nullptr;
Value *ShVal, *ShAmt0, *ShAmt1;
if (!match(Or0, m_OneUse(m_LogicalShift(m_Value(ShVal), m_Value(ShAmt0)))) ||
!match(Or1, m_OneUse(m_LogicalShift(m_Specific(ShVal), m_Value(ShAmt1)))))
return nullptr;
auto ShiftOpcode0 = cast<BinaryOperator>(Or0)->getOpcode();
auto ShiftOpcode1 = cast<BinaryOperator>(Or1)->getOpcode();
BinaryOperator::BinaryOps ShiftOpcode0 = Or0->getOpcode();
BinaryOperator::BinaryOps ShiftOpcode1 = Or1->getOpcode();
if (ShiftOpcode0 == ShiftOpcode1)
return nullptr;

14
test/Transforms/InstCombine/rotate.ll
View File

@ -689,3 +689,17 @@ define i24 @rotl_select_weird_type(i24 %x, i24 %shamt) {
ret i24 %r
}
; Test that the transform doesn't crash when there's an "or" with a ConstantExpr operand.
@external_global = external global i8
define i32 @rotl_constant_expr(i32 %shamt) {
; CHECK-LABEL: @rotl_constant_expr(
; CHECK-NEXT: [[SHR:%.*]] = lshr i32 ptrtoint (i8* @external_global to i32), [[SHAMT:%.*]]
; CHECK-NEXT: [[R:%.*]] = or i32 [[SHR]], shl (i32 ptrtoint (i8* @external_global to i32), i32 11)
; CHECK-NEXT: ret i32 [[R]]
;
%shr = lshr i32 ptrtoint (i8* @external_global to i32), %shamt
%r = or i32 %shr, shl (i32 ptrtoint (i8* @external_global to i32), i32 11)
ret i32 %r
}