From a8f5cd3539580b2fe3c20c748c1374f76992f113 Mon Sep 17 00:00:00 2001 From: Duncan Sands Date: Wed, 23 Nov 2011 16:26:47 +0000 Subject: [PATCH] Fix a crash in which a multiplication was being reported as being both negative and positive: positive, because it could be directly computed to be positive; negative, because the nsw flags means it is either negative or undefined (the multiplication always overflowed). git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@145104 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Analysis/ValueTracking.cpp | 9 +++++++-- .../InstSimplify/2011-11-23-MaskedBitsCrash.ll | 17 +++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 test/Transforms/InstSimplify/2011-11-23-MaskedBitsCrash.ll diff --git a/lib/Analysis/ValueTracking.cpp b/lib/Analysis/ValueTracking.cpp index 9f7b5b501a3..22f1c144ea2 100644 --- a/lib/Analysis/ValueTracking.cpp +++ b/lib/Analysis/ValueTracking.cpp @@ -248,9 +248,14 @@ void llvm::ComputeMaskedBits(Value *V, const APInt &Mask, APInt::getHighBitsSet(BitWidth, LeadZ); KnownZero &= Mask; - if (isKnownNonNegative) + // Only make use of no-wrap flags if we failed to compute the sign bit + // directly. This matters if the multiplication always overflows, in + // which case we prefer to follow the result of the direct computation, + // though as the program is invoking undefined behaviour we can choose + // whatever we like here. + if (isKnownNonNegative && !KnownOne.isNegative()) KnownZero.setBit(BitWidth - 1); - else if (isKnownNegative) + else if (isKnownNegative && !KnownZero.isNegative()) KnownOne.setBit(BitWidth - 1); return; diff --git a/test/Transforms/InstSimplify/2011-11-23-MaskedBitsCrash.ll b/test/Transforms/InstSimplify/2011-11-23-MaskedBitsCrash.ll new file mode 100644 index 00000000000..6166536726a --- /dev/null +++ b/test/Transforms/InstSimplify/2011-11-23-MaskedBitsCrash.ll @@ -0,0 +1,17 @@ +; RUN: opt < %s -instsimplify + +; The mul can be proved to always overflow (turning a negative value +; into a positive one) and thus results in undefined behaviour. At +; the same time we were deducing from the nsw flag that that mul could +; be assumed to have a negative value (since if not it has an undefined +; value, which can be taken to be negative). We were reporting the mul +; as being both positive and negative, firing an assertion! +define i1 @test1(i32 %a) { +entry: + %0 = or i32 %a, 1 + %1 = shl i32 %0, 31 + %2 = mul nsw i32 %1, 4 + %3 = and i32 %2, -4 + %4 = icmp ne i32 %3, 0 + ret i1 %4 +}