This is an archive of the discontinued LLVM Phabricator instance.

Differential D86428

[X86] Remove extra getOperand(0) call from recently introduced store(extract_element(vtrunc)) to truncated store combine.
ClosedPublic

Authored by craig.topper on Aug 23 2020, 11:29 PM.

Details

Reviewers
RKSimon
spatel
Commits
rGb8ec8f57764e: [X86] Remove extra getOperand(0) call from recently introduced store…
Summary

The IsExtractedElement already called getOperand(0) so Extract
here is the source vector. We shouldn't call getOperand(0). This
worked for the original test cases because the result was a
bitcast so the getOperand(0) accidently peeked through the bitcast
which is what we wanted.

In the failing case here, the operand turns out to be undef so
the getOperand(0) asserts because undef has no operands.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25184

Diff Detail

Event Timeline

craig.topper created this revision.Aug 23 2020, 11:29 PM
Herald added a project: Restricted Project. · View Herald TranscriptAug 23 2020, 11:29 PM
Herald added a subscriber: hiraditya. · View Herald Transcript
craig.topper requested review of this revision.Aug 23 2020, 11:29 PM
Harbormaster completed remote builds in B69274: Diff 287298.Aug 24 2020, 12:02 AM
craig.topper added a comment.Aug 25 2020, 12:01 PM

@spatel Does this look ok to you? I think @RKSimon is on vacation.

spatel accepted this revision.Aug 25 2020, 12:39 PM

LGTM

This revision is now accepted and ready to land.Aug 25 2020, 12:39 PM
spatel added inline comments.Aug 25 2020, 12:41 PM
llvm/test/CodeGen/X86/oss-fuzz-25184.ll
15–17

Might want to avoid the undefs here to make the test less fragile. These reducer tests tends to wiggle when we improve undef handling.

craig.topper added inline comments.Aug 25 2020, 4:02 PM
llvm/test/CodeGen/X86/oss-fuzz-25184.ll
15–17

Unfortunately, the undefs seem to be necessary to get into the scenario that triggered the assert that caught the issue.

Closed by commit rGb8ec8f57764e: [X86] Remove extra getOperand(0) call from recently introduced store… (authored by craig.topper). · Explain WhyAug 25 2020, 4:20 PM
This revision was automatically updated to reflect the committed changes.
craig.topper added a commit: rGb8ec8f57764e: [X86] Remove extra getOperand(0) call from recently introduced store….

Revision Contents

PathSize
llvm/
lib/
Target/
X86/
2 lines
test/
CodeGen/
X86/
18 lines

Diff 287794

llvm/lib/Target/X86/X86ISelLowering.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 44,616 Lines▼ Show 20 Lines auto IsExtractedElement = [](SDValue V) {
unsigned Opc = V.getOpcode(); unsigned Opc = V.getOpcode();
if (Opc == ISD::EXTRACT_VECTOR_ELT || Opc == X86ISD::PEXTRW) { if (Opc == ISD::EXTRACT_VECTOR_ELT || Opc == X86ISD::PEXTRW) {
if (V.getOperand(0).hasOneUse() && isNullConstant(V.getOperand(1))) if (V.getOperand(0).hasOneUse() && isNullConstant(V.getOperand(1)))
return V.getOperand(0); return V.getOperand(0);
} }
return SDValue(); return SDValue();
}; };
if (SDValue Extract = IsExtractedElement(StoredVal)) { if (SDValue Extract = IsExtractedElement(StoredVal)) {
SDValue Trunc = peekThroughOneUseBitcasts(Extract.getOperand(0)); SDValue Trunc = peekThroughOneUseBitcasts(Extract);
if (Trunc.getOpcode() == X86ISD::VTRUNC) { if (Trunc.getOpcode() == X86ISD::VTRUNC) {
SDValue Src = Trunc.getOperand(0); SDValue Src = Trunc.getOperand(0);
MVT DstVT = Trunc.getSimpleValueType(); MVT DstVT = Trunc.getSimpleValueType();
MVT SrcVT = Src.getSimpleValueType(); MVT SrcVT = Src.getSimpleValueType();
unsigned NumSrcElts = SrcVT.getVectorNumElements(); unsigned NumSrcElts = SrcVT.getVectorNumElements();
unsigned NumTruncBits = DstVT.getScalarSizeInBits() * NumSrcElts; unsigned NumTruncBits = DstVT.getScalarSizeInBits() * NumSrcElts;
MVT TruncVT = MVT::getVectorVT(DstVT.getScalarType(), NumSrcElts); MVT TruncVT = MVT::getVectorVT(DstVT.getScalarType(), NumSrcElts);
if (NumTruncBits == VT.getSizeInBits() && if (NumTruncBits == VT.getSizeInBits() &&
▲ Show 20 LinesShow All 6,088 LinesShow Last 20 Lines

llvm/test/CodeGen/X86/oss-fuzz-25184.ll

  • This file was added.
; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py
; RUN: llc < %s -mtriple=x86_64-apple-darwin19.5.0 | FileCheck %s
; OSS fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25184
define <2 x double> @test_fpext() {
; CHECK-LABEL: test_fpext:
; CHECK: ## %bb.0:
; CHECK-NEXT: movsd {{.*#+}} xmm0 = mem[0],zero
; CHECK-NEXT: retq
%tmp12 = insertelement <4 x float> undef, float 0.000000e+00, i32 3
%tmp5 = fpext <4 x float> %tmp12 to <4 x double>
%ret = shufflevector <4 x double> %tmp5, <4 x double> undef, <2 x i32> <i32 0, i32 1>
%E1 = extractelement <4 x double> %tmp5, i16 undef
%I2 = insertelement <2 x double> %ret, double 4.940660e-324, i16 undef
store double %E1, double* undef, align 8
ret <2 x double> %I2
spatelUnsubmitted
Not Done
ReplyInline Actions

Might want to avoid the undefs here to make the test less fragile. These reducer tests tends to wiggle when we improve undef handling.

spatel: Might want to avoid the undefs here to make the test less fragile. These reducer tests tends to…
craig.topperAuthorUnsubmitted
Done
ReplyInline Actions

Unfortunately, the undefs seem to be necessary to get into the scenario that triggered the assert that caught the issue.

craig.topper: Unfortunately, the undefs seem to be necessary to get into the scenario that triggered the…
}