This is an archive of the discontinued LLVM Phabricator instance.

Fix constant folding of fp2int to large integers
ClosedPublic

Authored by RKSimon on Mar 17 2017, 5:04 AM.

Download Raw Diff

Details

Reviewers

spatel
majnemer
andreadb
craig.topper
efriedma

Commits

rG8424df7dea5a: Fix constant folding of fp2int to large integers
rL298226: Fix constant folding of fp2int to large integers

Summary

We make the assumption in most of our constant folding code that a fp2int will target an integer of 128-bits or less, calling the APFloat::convertToInteger with only uint64_t[2] of raw bits for the result.

Fuzz testing (PR24662) showed that we don't handle other cases at all, resulting in stack overflows and all sorts of crashes.

This patch uses the APSInt version of APFloat::convertToInteger instead to better handle such cases.

What do people think of making the APFloat::convertToInteger(uint64_t*) version non-public to avoid this issue in future?

Diff Detail

Repository: rL LLVM

Event Timeline

RKSimon created this revision.Mar 17 2017, 5:04 AM

LGTM.

What do people think of making the APFloat::convertToInteger(uint64_t*) version non-public to avoid this issue in future?

If you want to make the API a bit safer, you can make it take a MutableArrayRef rather than a raw pointer, and assert if the array is too small. (Same applies to other APInt/APFloat APIs.)

This revision is now accepted and ready to land.Mar 17 2017, 11:04 AM

Closed by commit rL298226: Fix constant folding of fp2int to large integers (authored by RKSimon). · Explain WhyMar 19 2017, 10:02 AM

This revision was automatically updated to reflect the committed changes.

RKSimon mentioned this in rL298253: Use MutableArrayRef for APFloat::convertToInteger.Mar 20 2017, 7:52 AM

Revision Contents

Path

Size

llvm/

trunk/

lib/

CodeGen/

SelectionDAG/

FastISel.cpp

12 lines

SelectionDAG.cpp

13 lines

IR/

ConstantFold.cpp

9 lines

test/

CodeGen/

Generic/

pr24662.ll

12 lines

Diff 92284

llvm/trunk/lib/CodeGen/SelectionDAG/FastISel.cpp

Show All 34 Lines
// the same instruction descriptions that the SelectionDAG selector reads,		// the same instruction descriptions that the SelectionDAG selector reads,
// and identifying simple arithmetic operations that can be directly selected		// and identifying simple arithmetic operations that can be directly selected
// from simple operators. More complicated operations currently require		// from simple operators. More complicated operations currently require
// target-specific code.		// target-specific code.
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//

#include "llvm/ADT/APFloat.h"		#include "llvm/ADT/APFloat.h"
#include "llvm/ADT/APInt.h"		#include "llvm/ADT/APSInt.h"
#include "llvm/ADT/DenseMap.h"		#include "llvm/ADT/DenseMap.h"
#include "llvm/ADT/Optional.h"		#include "llvm/ADT/Optional.h"
#include "llvm/ADT/SmallPtrSet.h"		#include "llvm/ADT/SmallPtrSet.h"
#include "llvm/ADT/SmallString.h"		#include "llvm/ADT/SmallString.h"
#include "llvm/ADT/SmallVector.h"		#include "llvm/ADT/SmallVector.h"
#include "llvm/ADT/Statistic.h"		#include "llvm/ADT/Statistic.h"
#include "llvm/Analysis/BranchProbabilityInfo.h"		#include "llvm/Analysis/BranchProbabilityInfo.h"
#include "llvm/Analysis/TargetLibraryInfo.h"		#include "llvm/Analysis/TargetLibraryInfo.h"
▲ Show 20 Lines • Show All 200 Lines • ▼ Show 20 Lines	else if (const auto *CF = dyn_cast<ConstantFP>(V)) {
else		else
// Try to emit the constant directly.		// Try to emit the constant directly.
Reg = fastEmit_f(VT, VT, ISD::ConstantFP, CF);		Reg = fastEmit_f(VT, VT, ISD::ConstantFP, CF);

if (!Reg) {		if (!Reg) {
// Try to emit the constant by using an integer constant with a cast.		// Try to emit the constant by using an integer constant with a cast.
const APFloat &Flt = CF->getValueAPF();		const APFloat &Flt = CF->getValueAPF();
EVT IntVT = TLI.getPointerTy(DL);		EVT IntVT = TLI.getPointerTy(DL);

uint64_t x[2];
uint32_t IntBitWidth = IntVT.getSizeInBits();		uint32_t IntBitWidth = IntVT.getSizeInBits();
		APSInt SIntVal(IntBitWidth, /isUnsigned=/false);
bool isExact;		bool isExact;
(void)Flt.convertToInteger(x, IntBitWidth, /isSigned=/true,		(void)Flt.convertToInteger(SIntVal, APFloat::rmTowardZero, &isExact);
APFloat::rmTowardZero, &isExact);
if (isExact) {		if (isExact) {
APInt IntVal(IntBitWidth, x);

unsigned IntegerReg =		unsigned IntegerReg =
getRegForValue(ConstantInt::get(V->getContext(), IntVal));		getRegForValue(ConstantInt::get(V->getContext(), SIntVal));
if (IntegerReg != 0)		if (IntegerReg != 0)
Reg = fastEmit_r(IntVT.getSimpleVT(), VT, ISD::SINT_TO_FP, IntegerReg,		Reg = fastEmit_r(IntVT.getSimpleVT(), VT, ISD::SINT_TO_FP, IntegerReg,
/Kill=/false);		/Kill=/false);
}		}
}		}
} else if (const auto *Op = dyn_cast<Operator>(V)) {		} else if (const auto *Op = dyn_cast<Operator>(V)) {
if (!selectOperator(Op, Op->getOpcode()))		if (!selectOperator(Op, Op->getOpcode()))
if (!isa<Instruction>(Op) \|\|		if (!isa<Instruction>(Op) \|\|
▲ Show 20 Lines • Show All 1,963 Lines • Show Last 20 Lines

llvm/trunk/lib/CodeGen/SelectionDAG/SelectionDAG.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 3,428 Lines • ▼ Show 20 Lines	case ISD::FP_EXTEND: {
// This can return overflow, underflow, or inexact; we don't care.		// This can return overflow, underflow, or inexact; we don't care.
// FIXME need to be more flexible about rounding mode.		// FIXME need to be more flexible about rounding mode.
(void)V.convert(EVTToAPFloatSemantics(VT),		(void)V.convert(EVTToAPFloatSemantics(VT),
APFloat::rmNearestTiesToEven, &ignored);		APFloat::rmNearestTiesToEven, &ignored);
return getConstantFP(V, DL, VT);		return getConstantFP(V, DL, VT);
}		}
case ISD::FP_TO_SINT:		case ISD::FP_TO_SINT:
case ISD::FP_TO_UINT: {		case ISD::FP_TO_UINT: {
integerPart x[2];
bool ignored;		bool ignored;
static_assert(integerPartWidth >= 64, "APFloat parts too small!");		APSInt IntVal(VT.getSizeInBits(), Opcode == ISD::FP_TO_UINT);
// FIXME need to be more flexible about rounding mode.		// FIXME need to be more flexible about rounding mode.
APFloat::opStatus s = V.convertToInteger(x, VT.getSizeInBits(),		APFloat::opStatus s =
Opcode==ISD::FP_TO_SINT,		V.convertToInteger(IntVal, APFloat::rmTowardZero, &ignored);
APFloat::rmTowardZero, &ignored);
if (s==APFloat::opInvalidOp) // inexact is OK, in fact usual		if (s == APFloat::opInvalidOp) // inexact is OK, in fact usual
break;		break;
APInt api(VT.getSizeInBits(), x);		return getConstant(IntVal, DL, VT);
return getConstant(api, DL, VT);
}		}
case ISD::BITCAST:		case ISD::BITCAST:
if (VT == MVT::i16 && C->getValueType(0) == MVT::f16)		if (VT == MVT::i16 && C->getValueType(0) == MVT::f16)
return getConstant((uint16_t)V.bitcastToAPInt().getZExtValue(), DL, VT);		return getConstant((uint16_t)V.bitcastToAPInt().getZExtValue(), DL, VT);
else if (VT == MVT::i32 && C->getValueType(0) == MVT::f32)		else if (VT == MVT::i32 && C->getValueType(0) == MVT::f32)
return getConstant((uint32_t)V.bitcastToAPInt().getZExtValue(), DL, VT);		return getConstant((uint32_t)V.bitcastToAPInt().getZExtValue(), DL, VT);
else if (VT == MVT::i64 && C->getValueType(0) == MVT::f64)		else if (VT == MVT::i64 && C->getValueType(0) == MVT::f64)
return getConstant(V.bitcastToAPInt().getZExtValue(), DL, VT);		return getConstant(V.bitcastToAPInt().getZExtValue(), DL, VT);
▲ Show 20 Lines • Show All 4,373 Lines • Show Last 20 Lines

llvm/trunk/lib/IR/ConstantFold.cpp

Show All 12 Lines
//		//
// The current constant folding implementation is implemented in two pieces: the		// The current constant folding implementation is implemented in two pieces: the
// pieces that don't need DataLayout, and the pieces that do. This is to avoid		// pieces that don't need DataLayout, and the pieces that do. This is to avoid
// a dependence in IR on Target.		// a dependence in IR on Target.
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//

#include "ConstantFold.h"		#include "ConstantFold.h"
		#include "llvm/ADT/APSInt.h"
#include "llvm/ADT/SmallVector.h"		#include "llvm/ADT/SmallVector.h"
#include "llvm/IR/Constants.h"		#include "llvm/IR/Constants.h"
#include "llvm/IR/DerivedTypes.h"		#include "llvm/IR/DerivedTypes.h"
#include "llvm/IR/Function.h"		#include "llvm/IR/Function.h"
#include "llvm/IR/GetElementPtrTypeIterator.h"		#include "llvm/IR/GetElementPtrTypeIterator.h"
#include "llvm/IR/GlobalAlias.h"		#include "llvm/IR/GlobalAlias.h"
#include "llvm/IR/GlobalVariable.h"		#include "llvm/IR/GlobalVariable.h"
#include "llvm/IR/Instructions.h"		#include "llvm/IR/Instructions.h"
▲ Show 20 Lines • Show All 572 Lines • ▼ Show 20 Lines	if (ConstantFP *FPC = dyn_cast<ConstantFP>(V)) {
return ConstantFP::get(V->getContext(), Val);		return ConstantFP::get(V->getContext(), Val);
}		}
return nullptr; // Can't fold.		return nullptr; // Can't fold.
case Instruction::FPToUI:		case Instruction::FPToUI:
case Instruction::FPToSI:		case Instruction::FPToSI:
if (ConstantFP *FPC = dyn_cast<ConstantFP>(V)) {		if (ConstantFP *FPC = dyn_cast<ConstantFP>(V)) {
const APFloat &V = FPC->getValueAPF();		const APFloat &V = FPC->getValueAPF();
bool ignored;		bool ignored;
uint64_t x[2];
uint32_t DestBitWidth = cast<IntegerType>(DestTy)->getBitWidth();		uint32_t DestBitWidth = cast<IntegerType>(DestTy)->getBitWidth();
		APSInt IntVal(DestBitWidth, opc == Instruction::FPToUI);
if (APFloat::opInvalidOp ==		if (APFloat::opInvalidOp ==
V.convertToInteger(x, DestBitWidth, opc==Instruction::FPToSI,		V.convertToInteger(IntVal, APFloat::rmTowardZero, &ignored)) {
APFloat::rmTowardZero, &ignored)) {
// Undefined behavior invoked - the destination type can't represent		// Undefined behavior invoked - the destination type can't represent
// the input constant.		// the input constant.
return UndefValue::get(DestTy);		return UndefValue::get(DestTy);
}		}
APInt Val(DestBitWidth, x);		return ConstantInt::get(FPC->getContext(), IntVal);
return ConstantInt::get(FPC->getContext(), Val);
}		}
return nullptr; // Can't fold.		return nullptr; // Can't fold.
case Instruction::IntToPtr: //always treated as unsigned		case Instruction::IntToPtr: //always treated as unsigned
if (V->isNullValue()) // Is it an integral null value?		if (V->isNullValue()) // Is it an integral null value?
return ConstantPointerNull::get(cast<PointerType>(DestTy));		return ConstantPointerNull::get(cast<PointerType>(DestTy));
return nullptr; // Other pointer types cannot be casted		return nullptr; // Other pointer types cannot be casted
case Instruction::PtrToInt: // always treated as unsigned		case Instruction::PtrToInt: // always treated as unsigned
// Is it a null pointer value?		// Is it a null pointer value?
▲ Show 20 Lines • Show All 1,650 Lines • Show Last 20 Lines

llvm/trunk/test/CodeGen/Generic/pr24662.ll

				; RUN: llc < %s -fast-isel
				; RUN: llc < %s

				define i60 @PR24662a() {
				ret i60 trunc (i670010 fptoui(float 0x400D9999A0000000 to i670010) to i60)
				}

				define i60 @PR24662b() {
				%1 = fptoui float 0x400D9999A0000000 to i670010
				%2 = trunc i670010 %1 to i60
				ret i60 %2
				}