diff --git a/llvm/lib/Transforms/Utils/SimplifyCFG.cpp b/llvm/lib/Transforms/Utils/SimplifyCFG.cpp --- a/llvm/lib/Transforms/Utils/SimplifyCFG.cpp +++ b/llvm/lib/Transforms/Utils/SimplifyCFG.cpp @@ -7121,7 +7121,12 @@ // Look through GEPs. A load from a GEP derived from NULL is still undefined if (GetElementPtrInst *GEP = dyn_cast(Use)) if (GEP->getPointerOperand() == I) { - if (!GEP->isInBounds() || !GEP->hasAllZeroIndices()) + // The current base address is null, there are four scenarios to consider: + // getelementptr (TY, null, 0) -> null + // getelementptr (TY, null, not zero) -> maybe be modified + // getelementptr inbounds (TY, null, 0) -> null + // getelementptr inbounds (TY, null, not zero) -> poison + if (!GEP->isInBounds() && !GEP->hasAllZeroIndices()) PtrValueMayBeModified = true; return passingValueIsAlwaysUndefined(V, GEP, PtrValueMayBeModified); } diff --git a/llvm/test/Transforms/SimplifyCFG/UnreachableEliminate.ll b/llvm/test/Transforms/SimplifyCFG/UnreachableEliminate.ll --- a/llvm/test/Transforms/SimplifyCFG/UnreachableEliminate.ll +++ b/llvm/test/Transforms/SimplifyCFG/UnreachableEliminate.ll @@ -444,9 +444,10 @@ define void @test9_gep_inbounds_nonzero(i1 %X, ptr %Y) { ; CHECK-LABEL: @test9_gep_inbounds_nonzero( ; CHECK-NEXT: entry: -; CHECK-NEXT: [[SPEC_SELECT:%.*]] = select i1 [[X:%.*]], ptr null, ptr [[Y:%.*]] -; CHECK-NEXT: [[GEP:%.*]] = getelementptr inbounds i8, ptr [[SPEC_SELECT]], i64 12 -; CHECK-NEXT: [[TMP0:%.*]] = call ptr @fn_nonnull_noundef_arg(ptr [[GEP]]) +; CHECK-NEXT: [[TMP0:%.*]] = xor i1 [[X:%.*]], true +; CHECK-NEXT: call void @llvm.assume(i1 [[TMP0]]) +; CHECK-NEXT: [[GEP:%.*]] = getelementptr inbounds i8, ptr [[Y:%.*]], i64 12 +; CHECK-NEXT: [[TMP1:%.*]] = call ptr @fn_nonnull_noundef_arg(ptr [[GEP]]) ; CHECK-NEXT: ret void ; entry: @@ -463,12 +464,13 @@ } -define void @test9_gep_inbouds_unknown_null(i1 %X, ptr %Y, i64 %I) { -; CHECK-LABEL: @test9_gep_inbouds_unknown_null( +define void @test9_gep_inbounds_unknown_null(i1 %X, ptr %Y, i64 %I) { +; CHECK-LABEL: @test9_gep_inbounds_unknown_null( ; CHECK-NEXT: entry: -; CHECK-NEXT: [[SPEC_SELECT:%.*]] = select i1 [[X:%.*]], ptr null, ptr [[Y:%.*]] -; CHECK-NEXT: [[GEP:%.*]] = getelementptr inbounds i8, ptr [[SPEC_SELECT]], i64 [[I:%.*]] -; CHECK-NEXT: [[TMP0:%.*]] = call ptr @fn_nonnull_noundef_arg(ptr [[GEP]]) +; CHECK-NEXT: [[TMP0:%.*]] = xor i1 [[X:%.*]], true +; CHECK-NEXT: call void @llvm.assume(i1 [[TMP0]]) +; CHECK-NEXT: [[GEP:%.*]] = getelementptr inbounds i8, ptr [[Y:%.*]], i64 [[I:%.*]] +; CHECK-NEXT: [[TMP1:%.*]] = call ptr @fn_nonnull_noundef_arg(ptr [[GEP]]) ; CHECK-NEXT: ret void ; entry: diff --git a/llvm/test/Transforms/SimplifyCFG/unreachable-eliminate-on-ret.ll b/llvm/test/Transforms/SimplifyCFG/unreachable-eliminate-on-ret.ll --- a/llvm/test/Transforms/SimplifyCFG/unreachable-eliminate-on-ret.ll +++ b/llvm/test/Transforms/SimplifyCFG/unreachable-eliminate-on-ret.ll @@ -55,7 +55,26 @@ ; CHECK-LABEL: @test_ret_ptr_nonnull_noundef_gep_nonzero( ; CHECK-NEXT: entry: ; CHECK-NEXT: [[SPEC_SELECT:%.*]] = select i1 [[COND:%.*]], ptr [[X:%.*]], ptr null -; CHECK-NEXT: [[GEP:%.*]] = getelementptr inbounds ptr, ptr [[SPEC_SELECT]], i64 12 +; CHECK-NEXT: [[GEP:%.*]] = getelementptr ptr, ptr [[SPEC_SELECT]], i64 12 +; CHECK-NEXT: ret ptr [[GEP]] +; +entry: + br i1 %cond, label %bb1, label %bb2 + +bb1: + br label %bb2 + +bb2: + %phi = phi ptr [ null, %entry ], [ %x, %bb1 ] + %gep = getelementptr ptr, ptr %phi, i64 12 + ret ptr %gep +} + +define nonnull noundef ptr @test_ret_ptr_nonnull_noundef_gep_inbounds_nonzero(i1 %cond, ptr %x) { +; CHECK-LABEL: @test_ret_ptr_nonnull_noundef_gep_inbounds_nonzero( +; CHECK-NEXT: entry: +; CHECK-NEXT: call void @llvm.assume(i1 [[COND:%.*]]) +; CHECK-NEXT: [[GEP:%.*]] = getelementptr inbounds ptr, ptr [[X:%.*]], i64 12 ; CHECK-NEXT: ret ptr [[GEP]] ; entry: