Index: lib/Analysis/ValueTracking.cpp =================================================================== --- lib/Analysis/ValueTracking.cpp +++ lib/Analysis/ValueTracking.cpp @@ -650,7 +650,8 @@ } else if (match(Arg, m_c_ICmp(Pred, m_Shl(m_V, m_ConstantInt(C)), m_Value(A))) && Pred == ICmpInst::ICMP_EQ && - isValidAssumeForContext(I, Q.CxtI, Q.DT)) { + isValidAssumeForContext(I, Q.CxtI, Q.DT) && + C->getZExtValue() < BitWidth) { KnownBits RHSKnown(BitWidth); computeKnownBits(A, RHSKnown, Depth+1, Query(Q, I)); // For those bits in RHS that are known, we can propagate them to known @@ -663,7 +664,8 @@ } else if (match(Arg, m_c_ICmp(Pred, m_Not(m_Shl(m_V, m_ConstantInt(C))), m_Value(A))) && Pred == ICmpInst::ICMP_EQ && - isValidAssumeForContext(I, Q.CxtI, Q.DT)) { + isValidAssumeForContext(I, Q.CxtI, Q.DT) && + C->getZExtValue() < BitWidth) { KnownBits RHSKnown(BitWidth); computeKnownBits(A, RHSKnown, Depth+1, Query(Q, I)); // For those bits in RHS that are known, we can propagate them inverted @@ -677,7 +679,8 @@ m_c_ICmp(Pred, m_Shr(m_V, m_ConstantInt(C)), m_Value(A))) && Pred == ICmpInst::ICMP_EQ && - isValidAssumeForContext(I, Q.CxtI, Q.DT)) { + isValidAssumeForContext(I, Q.CxtI, Q.DT) && + C->getZExtValue() < BitWidth) { KnownBits RHSKnown(BitWidth); computeKnownBits(A, RHSKnown, Depth+1, Query(Q, I)); // For those bits in RHS that are known, we can propagate them to known @@ -688,7 +691,8 @@ } else if (match(Arg, m_c_ICmp(Pred, m_Not(m_Shr(m_V, m_ConstantInt(C))), m_Value(A))) && Pred == ICmpInst::ICMP_EQ && - isValidAssumeForContext(I, Q.CxtI, Q.DT)) { + isValidAssumeForContext(I, Q.CxtI, Q.DT) && + C->getZExtValue() < BitWidth) { KnownBits RHSKnown(BitWidth); computeKnownBits(A, RHSKnown, Depth+1, Query(Q, I)); // For those bits in RHS that are known, we can propagate them inverted Index: lib/Transforms/InstCombine/InstCombineVectorOps.cpp =================================================================== --- lib/Transforms/InstCombine/InstCombineVectorOps.cpp +++ lib/Transforms/InstCombine/InstCombineVectorOps.cpp @@ -611,7 +611,8 @@ // until we hit something that isn't an insert of the splatted value. while (CurrIE) { ConstantInt *Idx = dyn_cast(CurrIE->getOperand(2)); - if (!Idx || CurrIE->getOperand(1) != SplatVal) + if (!Idx || Idx->getSExtValue() >= NumElements || + CurrIE->getOperand(1) != SplatVal) return nullptr; InsertElementInst *NextIE = Index: test/Transforms/InstCombine/out-of-bounds-indexes.ll =================================================================== --- /dev/null +++ test/Transforms/InstCombine/out-of-bounds-indexes.ll @@ -0,0 +1,23 @@ +; RUN: opt < %s -instcombine -disable-output +; Check that we don't crash on unreasonable constant indexes in various operations + +define void @test(<4 x double> %a, <4 x double> %b) { +entry: + %sub.i = fsub ninf <4 x double> %a, %b + %I = insertelement <4 x double> %sub.i, double 0x7FEFFFFFFFFFFFFF, i64 4294967296 + %B = lshr i8 127, 0 + store i8 %B, i8* undef + store <4 x double> %I, <4 x double>* undef + ret void +} + +define i32 @test2(i32 %a, i1 %x, i1 %y) { +entry: + %and1 = and i32 %a, 3 + %B = lshr i32 %and1, -2147483648 + %cmp = icmp eq i32 %B, 1 + tail call void @llvm.assume(i1 %cmp) + ret i32 %and1 +} + +declare void @llvm.assume(i1)