From a36cb01ea7750373739c206f86abcce0dbf9df5f Mon Sep 17 00:00:00 2001
From: anjenner <161845516+anjenner@users.noreply.github.com>
Date: Thu, 29 May 2025 18:10:35 +0100
Subject: [PATCH] [AMDGPU] Handle CreateBinOp not returning BinaryOperator
 (#137791)

AMDGPUCodeGenPrepareImpl::visitBinaryOperator() calls
Builder.CreateBinOp() and casts the resulting Value as a BinaryOperator
without checking, leading to an assert failure in a case found by
fuzzing. In this case, the operands are constant and CreateBinOp does
constant folding so returns a Constant instead of a BinaryOperator.
---
 llvm/lib/Target/AMDGPU/AMDGPUCodeGenPrepare.cpp        | 5 ++++-
 llvm/test/CodeGen/AMDGPU/amdgpu-codegenprepare-idiv.ll | 9 +++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/llvm/lib/Target/AMDGPU/AMDGPUCodeGenPrepare.cpp b/llvm/lib/Target/AMDGPU/AMDGPUCodeGenPrepare.cpp
index 52177a2523bc..277e08099684 100644
--- a/llvm/lib/Target/AMDGPU/AMDGPUCodeGenPrepare.cpp
+++ b/llvm/lib/Target/AMDGPU/AMDGPUCodeGenPrepare.cpp
@@ -1684,7 +1684,10 @@ bool AMDGPUCodeGenPrepareImpl::visitBinaryOperator(BinaryOperator &I) {
             // return the new value. Just insert a scalar copy and defer
             // expanding it.
             NewElt = Builder.CreateBinOp(Opc, NumEltN, DenEltN);
-            Div64ToExpand.push_back(cast<BinaryOperator>(NewElt));
+            // CreateBinOp does constant folding. If the operands are constant,
+            // it will return a Constant instead of a BinaryOperator.
+            if (auto *NewEltBO = dyn_cast<BinaryOperator>(NewElt))
+              Div64ToExpand.push_back(NewEltBO);
           }
         }
 
diff --git a/llvm/test/CodeGen/AMDGPU/amdgpu-codegenprepare-idiv.ll b/llvm/test/CodeGen/AMDGPU/amdgpu-codegenprepare-idiv.ll
index 8e16889c72e6..b7097a9557b7 100644
--- a/llvm/test/CodeGen/AMDGPU/amdgpu-codegenprepare-idiv.ll
+++ b/llvm/test/CodeGen/AMDGPU/amdgpu-codegenprepare-idiv.ll
@@ -10094,3 +10094,12 @@ define i64 @udiv_i64_9divbits(i8 %size) {
   %div = udiv i64 %num, 10
   ret i64 %div
 }
+
+define <2 x i64> @srem_zero_zero() {
+; GCN-LABEL: kernel:
+; GCN:       ; %bb.0: ; %entry
+; GCN-NEXT:    s_endpgm
+entry:
+  %B = srem <2 x i64> zeroinitializer, zeroinitializer
+  ret <2 x i64> %B
+}