From: Sanjay Patel <spatel@rotateright.com>
Date: Wed, 4 Sep 2019 15:12:55 +0000 (+0000)
Subject: [InstSimplify] guard against unreachable code (PR43218)
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0a52e9526aac6d3f22dc7d37a0044c1b90f8abd2;p=llvm

[InstSimplify] guard against unreachable code (PR43218)

This would crash:
https://bugs.llvm.org/show_bug.cgi?id=43218

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@370911 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Transforms/Scalar/InstSimplifyPass.cpp b/lib/Transforms/Scalar/InstSimplifyPass.cpp
index 920b12b8a6a..e3edfe51458 100644
--- a/lib/Transforms/Scalar/InstSimplifyPass.cpp
+++ b/lib/Transforms/Scalar/InstSimplifyPass.cpp
@@ -34,6 +34,11 @@ static bool runImpl(Function &F, const SimplifyQuery &SQ,
 
   do {
     for (BasicBlock &BB : F) {
+      // Unreachable code can take on strange forms that we are not prepared to
+      // handle. For example, an instruction may have itself as an operand.
+      if (!SQ.DT->isReachableFromEntry(&BB))
+        continue;
+
       SmallVector<Instruction *, 8> DeadInstsInBB;
       for (Instruction &I : BB) {
         // The first time through the loop, ToSimplify is empty and we try to
@@ -87,7 +92,7 @@ struct InstSimplifyLegacyPass : public FunctionPass {
     AU.addRequired<OptimizationRemarkEmitterWrapperPass>();
   }
 
-  /// runOnFunction - Remove instructions that simplify.
+  /// Remove instructions that simplify.
   bool runOnFunction(Function &F) override {
     if (skipFunction(F))
       return false;
diff --git a/test/Transforms/InstSimplify/insertelement.ll b/test/Transforms/InstSimplify/insertelement.ll
index e487eeb96b0..97f656a7c82 100644
--- a/test/Transforms/InstSimplify/insertelement.ll
+++ b/test/Transforms/InstSimplify/insertelement.ll
@@ -67,3 +67,26 @@ define <8 x i8> @extract_insert_same_vec_and_index2(<8 x i8> %in, i32 %index) {
   %vec = insertelement <8 x i8> %in, i8 %val, i32 %index
   ret <8 x i8> %vec
 }
+
+; The insert is in an unreachable block, so it is allowed to point to itself.
+; This would crash via stack overflow.
+
+define void @PR43218() {
+; CHECK-LABEL: @PR43218(
+; CHECK-NEXT:  end:
+; CHECK-NEXT:    ret void
+; CHECK:       unreachable_infloop:
+; CHECK-NEXT:    [[EXTRACT:%.*]] = extractelement <2 x i64> [[BOGUS:%.*]], i32 0
+; CHECK-NEXT:    [[T0:%.*]] = inttoptr i64 [[EXTRACT]] to i16****
+; CHECK-NEXT:    [[BOGUS]] = insertelement <2 x i64> [[BOGUS]], i64 undef, i32 1
+; CHECK-NEXT:    br label [[UNREACHABLE_INFLOOP:%.*]]
+;
+end:
+  ret void
+
+unreachable_infloop:
+  %extract = extractelement <2 x i64> %bogus, i32 0
+  %t0 = inttoptr i64 %extract to i16****
+  %bogus = insertelement <2 x i64> %bogus, i64 undef, i32 1
+  br label %unreachable_infloop
+}