[ConstraintElim] Fix integer overflow in ConstraintSystem::negate.

This fixes another integer overflow that was exposed by a variant of the
test case from #62226.

Author: fhahn

llvm/include/llvm/Analysis/ConstraintSystem.h

@@ -13,6 +13,7 @@
 #include "llvm/ADT/ArrayRef.h"
 #include "llvm/ADT/DenseMap.h"
 #include "llvm/ADT/SmallVector.h"
+#include "llvm/Support/MathExtras.h"
 
 #include <string>
 
@@ -122,7 +123,8 @@ class ConstraintSystem {
     // the constant.
     R[0] += 1;
     for (auto &C : R)
-      C *= -1;
+      if (MulOverflow(C, int64_t(-1), C))
+        return {};
     return R;
   }
 

llvm/lib/Analysis/ConstraintSystem.cpp

@@ -206,6 +206,8 @@ bool ConstraintSystem::isConditionImplied(SmallVector<int64_t, 8> R) const {
   // If there is no solution with the negation of R added to the system, the
   // condition must hold based on the existing constraints.
   R = ConstraintSystem::negate(R);
+  if (R.empty())
+    return false;
 
   auto NewSystem = *this;
   NewSystem.addVariableRow(R);

llvm/lib/Transforms/Scalar/ConstraintElimination.cpp

@@ -961,7 +961,8 @@ static bool checkAndReplaceCondition(
     NumCondsRemoved++;
     Changed = true;
   }
-  if (CSToUse.isConditionImplied(ConstraintSystem::negate(R.Coefficients))) {
+  auto Negated = ConstraintSystem::negate(R.Coefficients);
+  if (!Negated.empty() && CSToUse.isConditionImplied(Negated)) {
     if (!DebugCounter::shouldExecute(EliminatedCounter))
       return false;
 

llvm/test/Transforms/ConstraintElimination/overflows.ll

@@ -17,4 +17,11 @@ bb:
   ret i1 %icmp
 }
 
+define i1 @test_overflow_in_negate_constraint(i8 %x, i64 %y) {
+bb:
+  %zext = zext i8 %x to i64
+  %shl = shl nuw nsw i64 %zext, 63
+  %icmp = icmp uge i64 %y, %shl
+  ret i1 %icmp
+}