Page MenuHomePhabricator

[InstSimplify] Return poison if insertelement touches out of bounds
ClosedPublic

Authored by aqjune on Jan 3 2021, 7:06 AM.

Details

Summary

This is a simple patch that updates InstSimplify to return poison if the index is/can be out-of-bounds

Diff Detail

Event Timeline

aqjune created this revision.Jan 3 2021, 7:06 AM
aqjune requested review of this revision.Jan 3 2021, 7:06 AM
Herald added a project: Restricted Project. · View Herald TranscriptJan 3 2021, 7:06 AM
nikic accepted this revision.Jan 3 2021, 7:30 AM

LGTM

llvm/test/Transforms/InstCombine/vector_insertelt_shuffle-inseltpoison.ll
57

Update comment

llvm/test/Transforms/InstCombine/vector_insertelt_shuffle.ll
57

Update comment

This revision is now accepted and ready to land.Jan 3 2021, 7:30 AM
nikic added inline comments.Jan 3 2021, 7:32 AM
llvm/lib/Analysis/InstructionSimplify.cpp
4403

Unrelated, but we should probably have an explicit fold for poison Val here, in which case we don't need non-poison vec.

aqjune added inline comments.Jan 3 2021, 8:18 AM
llvm/lib/Analysis/InstructionSimplify.cpp
4403

I'll make a patch for this

Hi! It looks like this may be causing https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29445 .

Hi, I suspect the error happens because InstSimplify couldn't fold e.g., icmp <2 x i8> %x, <undef, poison>, causing such form to survive until the assertion is checked.
I speculatively made a fix at https://reviews.llvm.org/D99853 , but I couldn't check whether this indeed fixes the failure however. :( I'll leave a comment at the oss-fuzz thread.