https://gcc.gnu.org/g:593e9ee05d683587c737df4fa7815a03f2c076c3
commit r16-3577-g593e9ee05d683587c737df4fa7815a03f2c076c3
Author: Richard Earnshaw <rearn...@arm.com>
Date: Wed Sep 3 18:08:49 2025 +0100
arm: wrong code from vset_lane_* [PR121775]
Insufficient validation of the operands in vec_set_<mode>_internal
means that the optimizers can transform the exanded code into
something that is invalid. We then emit code based on the incorrect
RTL assuming that it is still valid. A valid pattern can only have a
single bit set in the immediate operand, representing the lane to be
written.
gcc/ChangeLog:
PR target/121775
* config/arm/neon.md (vec_set<mode>_internal, all variants):
validate the immediate operand that indicates the lane to
modify.
gcc/testsuite/ChangeLog:
PR target/121775
* gcc.target/arm/simd/vset_lane_u8.c: New test.
Diff:
---
gcc/config/arm/neon.md | 13 +++++++---
gcc/testsuite/gcc.target/arm/simd/vset_lane_u8.c | 32 ++++++++++++++++++++++++
2 files changed, 42 insertions(+), 3 deletions(-)
diff --git a/gcc/config/arm/neon.md b/gcc/config/arm/neon.md
index 8446dd7f964b..c887e7fcdff3 100644
--- a/gcc/config/arm/neon.md
+++ b/gcc/config/arm/neon.md
@@ -321,7 +321,9 @@
(match_operand:<V_elem> 1 "nonimmediate_operand" "Um,r"))
(match_operand:VD_LANE 3 "s_register_operand" "0,0")
(match_operand:SI 2 "immediate_operand" "i,i")))]
- "TARGET_NEON"
+ "TARGET_NEON
+ && (GET_MODE_NUNITS (<MODE>mode)
+ > (unsigned) exact_log2 (INTVAL (operands[2])))"
{
int elt = ffs ((int) INTVAL (operands[2])) - 1;
if (BYTES_BIG_ENDIAN)
@@ -342,7 +344,10 @@
(match_operand:<V_elem> 1 "nonimmediate_operand" "Um,r"))
(match_operand:VQ2 3 "s_register_operand" "0,0")
(match_operand:SI 2 "immediate_operand" "i,i")))]
- "TARGET_NEON"
+ "TARGET_NEON
+ && (GET_MODE_NUNITS (<MODE>mode)
+ > (unsigned) exact_log2 (INTVAL (operands[2])))"
+
{
HOST_WIDE_INT elem = ffs ((int) INTVAL (operands[2])) - 1;
int half_elts = GET_MODE_NUNITS (<MODE>mode) / 2;
@@ -371,7 +376,9 @@
(match_operand:DI 1 "nonimmediate_operand" "Um,r"))
(match_operand:V2DI_ONLY 3 "s_register_operand" "0,0")
(match_operand:SI 2 "immediate_operand" "i,i")))]
- "TARGET_NEON"
+ "TARGET_NEON
+ && (GET_MODE_NUNITS (<MODE>mode)
+ > (unsigned) exact_log2 (INTVAL (operands[2])))"
{
HOST_WIDE_INT elem = ffs ((int) INTVAL (operands[2])) - 1;
int regno = REGNO (operands[0]) + 2 * elem;
diff --git a/gcc/testsuite/gcc.target/arm/simd/vset_lane_u8.c
b/gcc/testsuite/gcc.target/arm/simd/vset_lane_u8.c
new file mode 100644
index 000000000000..04c0a57ca472
--- /dev/null
+++ b/gcc/testsuite/gcc.target/arm/simd/vset_lane_u8.c
@@ -0,0 +1,32 @@
+/* { dg-options "-O2 -fno-inline" } */
+/* { dg-add-options arm_neon } */
+#include <stdint.h>
+#include "arm_neon.h"
+
+volatile uint8_t v40 = 255;
+
+volatile uint8x8_t result = {
+#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+ 0, 0, 0, 0, 0, 0, 0, 255
+#else
+ 255, 0, 0, 0, 0, 0, 0, 0
+#endif
+};
+
+void check (uint8x8_t v)
+{
+ int i;
+ for (i = 0; i < 8; i++)
+ if (v[i] != result[i])
+ __builtin_abort ();
+}
+
+int main ()
+{
+ uint8_t v116[16] = {0};
+ uint8x8_t v117 = vld1_dup_u8(v116); // 0, ..., 0
+ uint8x8_t v119 = vset_lane_u8(v40, v117, 7); // 0, ..., 0, 0xff
+ check (v119);
+
+ return 0;
+}
