From dbf6cfb47d5e47ce638a275a5c865a9fbb9e0b97 Mon Sep 17 00:00:00 2001
From: Alexandros Lamprineas <alexandros.lamprineas@arm.com>
Date: Mon, 23 Jul 2018 09:42:35 +0000
Subject: [PATCH] [GVNHoist] safeToHoistLdSt allows illegal hoisting

Bug fix for PR36787. When reasoning if it's safe to hoist a load we
want to make sure that the defining memory access dominates the new
insertion point of the hoisted instruction. safeToHoistLdSt calls
firstInBB(InsertionPoint,DefiningAccess) which returns false if
InsertionPoint == DefiningAccess, and therefore it falsely thinks
it's safe to hoist.

Differential Revision: https://reviews.llvm.org/D49555

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@337674 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Transforms/Scalar/GVNHoist.cpp  |  2 +-
 test/Transforms/GVNHoist/pr36787.ll | 76 +++++++++++++++++++++++++++++
 2 files changed, 77 insertions(+), 1 deletion(-)
 create mode 100644 test/Transforms/GVNHoist/pr36787.ll

diff --git a/lib/Transforms/Scalar/GVNHoist.cpp b/lib/Transforms/Scalar/GVNHoist.cpp
index bec0a565124..6d2b25cf601 100644
--- a/lib/Transforms/Scalar/GVNHoist.cpp
+++ b/lib/Transforms/Scalar/GVNHoist.cpp
@@ -534,7 +534,7 @@ private:
 
     if (NewBB == DBB && !MSSA->isLiveOnEntryDef(D))
       if (auto *UD = dyn_cast<MemoryUseOrDef>(D))
-        if (firstInBB(NewPt, UD->getMemoryInst()))
+        if (!firstInBB(UD->getMemoryInst(), NewPt))
           // Cannot move the load or store to NewPt above its definition in D.
           return false;
 
diff --git a/test/Transforms/GVNHoist/pr36787.ll b/test/Transforms/GVNHoist/pr36787.ll
new file mode 100644
index 00000000000..487e2bd335c
--- /dev/null
+++ b/test/Transforms/GVNHoist/pr36787.ll
@@ -0,0 +1,76 @@
+; RUN: opt < %s -gvn-hoist -S | FileCheck %s
+
+@g = external constant i8*
+
+declare i32 @gxx_personality(...)
+declare void @f0()
+declare void @f1()
+declare void @f2()
+
+; Make sure opt won't crash and that the load
+; is not hoisted from label6 to label4
+
+;CHECK-LABEL: @func
+
+define void @func() personality i8* bitcast (i32 (...)* @gxx_personality to i8*) {
+  invoke void @f0()
+          to label %3 unwind label %1
+
+; <label>:1:
+  %2 = landingpad { i8*, i32 }
+          catch i8* bitcast (i8** @g to i8*)
+          catch i8* null
+  br label %16
+
+; <label>:3:
+  br i1 undef, label %4, label %10
+
+;CHECK:       <label>:4
+;CHECK-NEXT:    %5 = load i32*, i32** undef, align 8
+;CHECK-NEXT:    invoke void @f1()
+
+; <label>:4:
+  %5 = load i32*, i32** undef, align 8
+  invoke void @f1()
+          to label %6 unwind label %1
+
+;CHECK:       <label>:6
+;CHECK-NEXT:    %7 = load i32*, i32** undef, align 8
+;CHECK-NEXT:    %8 = load i32*, i32** undef, align 8
+
+; <label>:6:
+  %7 = load i32*, i32** undef, align 8
+  %8 = load i32*, i32** undef, align 8
+  br i1 true, label %9, label %17
+
+; <label>:9:
+  invoke void @f0()
+          to label %10 unwind label %1
+
+; <label>:10:
+  invoke void @f2()
+          to label %11 unwind label %1
+
+; <label>:11:
+  %12 = invoke signext i32 undef(i32* null, i32 signext undef, i1 zeroext undef)
+          to label %13 unwind label %14
+
+; <label>:13:
+  unreachable
+
+; <label>:14:
+  %15 = landingpad { i8*, i32 }
+          catch i8* bitcast (i8** @g to i8*)
+          catch i8* null
+  br label %16
+
+; <label>:16:
+  unreachable
+
+; <label>:17:
+  ret void
+
+; uselistorder directives
+  uselistorder void ()* @f0, { 1, 0 }
+  uselistorder label %1, { 0, 3, 1, 2 }
+}
-- 
2.50.1