[LLVMbugs] [Bug 1637] New: Instcombine turnes true expression into false

bugzilla-daemon at cs.uiuc.edu bugzilla-daemon at cs.uiuc.edu
Wed Sep 5 11:43:53 PDT 2007 

http://llvm.org/bugs/show_bug.cgi?id=1637

           Summary: Instcombine turnes true expression into false
           Product: libraries
           Version: trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Scalar Optimizations
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: asl at math.spbu.ru
                CC: llvmbugs at cs.uiuc.edu


Consider the following code used to check access within array bounds:

define i32 @main(i32 %argc, i8** %argv) {
main.0:
        %arr = malloc i8, i32 65536             ; <i8*> [#uses=3]
        %arrmax = getelementptr i8* %arr, i32 65536             ; <i8*>
[#uses=1]
        %head.0 = getelementptr i8* %arr, i32 65536             ; <i8*>
[#uses=2]
        %test.1 = icmp uge i8* %head.0, %arrmax         ; <i1> [#uses=1]
        %test.2 = icmp ult i8* %head.0, %arr            ; <i1> [#uses=1]
        %test.3 = or i1 %test.1, %test.2                ; <i1> [#uses=1]
        br i1 %test.3, label %main.1, label %main.2

main.1:         ; preds = %main.0
        call i32 @putchar( i32 89 )             ; <i32>:0 [#uses=0]
        br label %main.3

main.2:         ; preds = %main.0
        call i32 @putchar( i32 78 )             ; <i32>:1 [#uses=0]
        br label %main.3

main.3:         ; preds = %main.2, %main.1
        call i32 @putchar( i32 10 )             ; <i32>:2 [#uses=0]
        ret i32 0
}

instcombine deletes all code except "main.2" bb, which is incorrect.

Running opt -instcombine -debug shows pretty interesting things:

INSTCOMBINE ITERATION #0 on main
IC: Mod =       %test.1 = icmp uge i8* %head.0, %arrmax         ; <i1>
[#uses=1]
    New =       %test.1 = icmp uge i8* %head.0, %arrmax         ; <i1>
[#uses=0]
IC: Mod =       %test.3 = or i1 false, %test.2          ; <i1> [#uses=1]
    New =       %test.3 = or i1 %test.2, false          ; <i1> [#uses=0]
IC: Old =       %test.2 = icmp ult i8* %head.0, %arr            ; <i1>
[#uses=1]
    New =       icmp slt i64 65536, 0           ; <i1>:<badref> [#uses=0]
IC: ConstFold to:  i1 false from:       %test.2 = icmp slt i64 65536, 0        
; <i1> [#uses=1]
IC: DCE:        %head.0 = getelementptr i8* %arr, i32 65536             ; <i8*>
[#uses=0]
IC: DCE:        %arrmax = getelementptr i8* %arr, i32 65536             ; <i8*>
[#uses=0]
IC: DCE:        %arr = malloc i8, i32 65536             ; <i8*> [#uses=0]


INSTCOMBINE ITERATION #1 on main
IC: DCE:        call i32 @putchar( i32 89 )             ; <i32>:0 [#uses=0]

Note:
1. It doesn't show the change of first operand of OR to false
2. The change is incorrect, because 65536 uge 65536 = true


-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list