[x86] limit extractelement of setcc to pre-legalization
A fuzzer found the crasher:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13700
The bug was introduced recently here:
rL355741
This is the quick fix. If we need to do this transform
later, then we'd have to extend/truncate the vector setcc
element type to the scalar setcc type (i8).
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@356053 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/lib/Target/X86/X86ISelLowering.cpp b/lib/Target/X86/X86ISelLowering.cpp
index e34fa5b..fecd464 100644
--- a/lib/Target/X86/X86ISelLowering.cpp
+++ b/lib/Target/X86/X86ISelLowering.cpp
@@ -34349,7 +34349,7 @@
// Vector FP compares don't fit the pattern of FP math ops (propagate, not
// extract, the condition code), so deal with those as a special-case.
- if (Vec.getOpcode() == ISD::SETCC) {
+ if (Vec.getOpcode() == ISD::SETCC && VT == MVT::i1) {
EVT OpVT = Vec.getOperand(0).getValueType().getScalarType();
if (OpVT != MVT::f32 && OpVT != MVT::f64)
return SDValue();
diff --git a/test/CodeGen/X86/extractelement-fp.ll b/test/CodeGen/X86/extractelement-fp.ll
index d77671c..20f6c45 100644
--- a/test/CodeGen/X86/extractelement-fp.ll
+++ b/test/CodeGen/X86/extractelement-fp.ll
@@ -152,6 +152,25 @@
ret i1 %r
}
+; If we do the fcmp transform late, make sure we have the right types.
+; https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13700
+
+define void @extsetcc(<4 x float> %x) {
+; CHECK-LABEL: extsetcc:
+; CHECK: # %bb.0:
+; CHECK-NEXT: vxorps %xmm1, %xmm1, %xmm1
+; CHECK-NEXT: vcmpnleps %xmm0, %xmm1, %xmm0
+; CHECK-NEXT: vextractps $0, %xmm0, %eax
+; CHECK-NEXT: andl $1, %eax
+; CHECK-NEXT: movb %al, (%rax)
+; CHECK-NEXT: retq
+ %cmp = fcmp ult <4 x float> %x, zeroinitializer
+ %sext = sext <4 x i1> %cmp to <4 x i32>
+ %e = extractelement <4 x i1> %cmp, i1 0
+ store i1 %e, i1* undef
+ ret void
+}
+
define float @select_fcmp_v4f32(<4 x float> %x, <4 x float> %y, <4 x float> %z, <4 x float> %w) nounwind {
; CHECK-LABEL: select_fcmp_v4f32:
; CHECK: # %bb.0:
