[LLVMbugs] [Bug 14893] New: Instcombine miscompiles bool, aka i8 !range[0, 2)

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Thu Jan 10 05:52:53 PST 2013 

http://llvm.org/bugs/show_bug.cgi?id=14893

             Bug #: 14893
           Summary: Instcombine miscompiles bool, aka i8 !range[0,2)
           Product: libraries
           Version: trunk
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: Scalar Optimizations
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: geek4civic at gmail.com
                CC: baldrick at free.fr, llvmbugs at cs.uiuc.edu
    Classification: Unclassified


target datalayout =
"e-p:64:64:64-S128-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f16:16:16-f32:32:32-f64:64:64-f128:128:128-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-redhat-linux"

define zeroext i8 @_Z3BARv() unnamed_addr nounwind uwtable {
entry:
  %r = alloca i8, align 1
  %tmp = call zeroext i8 @_Z3FOORb(i8* %r) nounwind
  %tmp9 = and i8 %tmp, 1
  %tmp1 = icmp eq i8 %tmp9, 0
  br i1 %tmp1, label %"5", label %"3"

"3":                                              ; preds = %entry
  %tmp3 = load i8* %r, align 1, !range !0
  %tmp4 = icmp eq i8 %tmp3, 0
  br i1 %tmp4, label %"5", label %"7"

"5":                                              ; preds = %"3", %entry
  br label %"7"

"7":                                              ; preds = %"3", %"5"
  %tmp6 = phi i8 [ 0, %"5" ], [ 1, %"3" ]
  call void @llvm.lifetime.end(i64 1, i8* %r)
  ret i8 %tmp6
}

declare zeroext i8 @_Z3FOORb(i8*)

declare void @llvm.lifetime.end(i64, i8* nocapture) nounwind

!0 = metadata !{i8 0, i8 2}

;========

With -simplifycfg -instcombine,

entry:
  %r = alloca i8, align 1
  %tmp = call zeroext i8 @_Z3FOORb(i8* %r) nounwind
  %tmp9 = and i8 %tmp, 1
  %tmp3 = load i8* %r, align 1, !range !0
  %0 = xor i8 %tmp9, 1
  %1 = xor i8 %tmp3, 1
  %2 = or i8 %0, %1
  %tmp6 = xor i8 %2, 1
  call void @llvm.lifetime.end(i64 1, i8* %r)
  ret i8 %tmp6

;====

0) "load i8 %r" is undef if %tmp is false.
1) "load i8 %r" should not be executed when %tmp is false.
2) "load i8 %r" affects the result even when "load i8 %r" might be out of
[0,2).
3) It would not be miscompiled when !range is removed.


FYI, this issue was found on gcc47 with dragonegg.

// r is not updated (undef) when return value is false.
// Simplified from clang/lib/Sema/SemaExpr.cpp EvaluatesAsTrue()
extern bool FOO(bool& r);

bool BAR() {
  bool r;
  return FOO(r) && r;
}

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list