extractelement is poison if the index is out-of-bounds, so just
scalarizing the load may introduce an out-of-bounds load, which is UB.
To avoid introducing new UB, we can mask the index so it only contains
valid indices.
Fixes PR50382.
Differential D103077
[DAGCombine] Poison-prove scalarizeExtractedVectorLoad. fhahn on May 25 2021, 3:53 AM. Authored by
Details extractelement is poison if the index is out-of-bounds, so just To avoid introducing new UB, we can mask the index so it only contains Fixes PR50382.
Diff Detail
Event TimelineComment Actions Adjust failing SystemZ test. It would be great if someone familiar with SystemZ could take a look to double-check this makes sense. Perhaps @jonpa?
Comment Actions Yes, this looks like a correct test update to me: the changed immediate operand reflects that now only two shifted bits are inserted into %r1 (instead of all 32). I wonder what the rationale behind this patch is: if the instruction is poison to begin with, then the program is broken and I don't understand how changing the argument value can change that..? Adding @uweigand as well just in case... Comment Actions Whether the whole program is broken (has UB) depends on how the returned value is used in the callers. Returning poison is not UB, unless the function has the noundef attribute. Comment Actions This looks correct to me as well, it simply implements the mask to valid index (which can be merged into the existing risbgn instruction).
|
Is there any chance of NumElts not being a pow2 here?