[llvm-bugs] [Bug 25822] New: Bug in alias analysis (GlobalsAA)

via llvm-bugs llvm-bugs at lists.llvm.org
Mon Dec 14 08:44:25 PST 2015 

https://llvm.org/bugs/show_bug.cgi?id=25822

            Bug ID: 25822
           Summary: Bug in alias analysis (GlobalsAA)
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Global Analyses
          Assignee: unassignedbugs at nondot.org
          Reporter: fraser at codeplay.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

I believe I've found a bug in alias analysis (globals mod ref) leading to
incorrect instcombine optimization. Take the following C snippet:

static int i;

int __attribute__((noinline)) foo(int *ptr) {
  i = 1;
  *ptr = 10;
  return i;
}

Compiled with clang to IR at -O0  we get:

@i = internal global i32 0, align 4

; Function Attrs: noinline nounwind uwtable
define i32 @foo(i32* %ptr) #0 {
entry:
  %ptr.addr = alloca i32*, align 8
  store i32* %ptr, i32** %ptr.addr, align 8
  store i32 1, i32* @i, align 4
  %0 = load i32*, i32** %ptr.addr, align 8
  store i32 10, i32* %0, align 4
  %1 = load i32, i32* @i, align 4
  ret i32 %1
}

Then running opt on it as follows:

> opt -O1 -S -o - test.ll

@i = internal global i32 0, align 4

; Function Attrs: noinline norecurse nounwind uwtable
define i32 @foo(i32* nocapture %ptr) #0 {
entry:
  store i32 1, i32* @i, align 4
  store i32 10, i32* %ptr, align 4
  ret i32 1
}

I believe this is an invalid optimization, as ptr could alias to &i, like in
this example:

int main() {
  return foo(&i) != 10;
}

I tracked it down to GlobalsAA being turned on by default in r250157 (git
938c3d3)

So, doing:

> opt -O1 -S -enable-non-lto-gmr=false -o - test.ll

@i = internal global i32 0, align 4

; Function Attrs: noinline norecurse nounwind uwtable
define i32 @foo(i32* nocapture %ptr) #0 {
entry:
  store i32 1, i32* @i, align 4
  store i32 10, i32* %ptr, align 4
  %0 = load i32, i32* @i, align 4
  ret i32 %0
}

works as expected. I haven't gone further to work out what inside these
analyses is causing the problem.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20151214/8e48f549/attachment.html>

More information about the llvm-bugs mailing list