[llvm-bugs] [Bug 31990] New: Wrong-code rewrite of memcpy in instcombine

via llvm-bugs llvm-bugs at lists.llvm.org
Fri Feb 17 05:12:26 PST 2017 

https://bugs.llvm.org/show_bug.cgi?id=31990

            Bug ID: 31990
           Summary: Wrong-code rewrite of memcpy in instcombine
           Product: new-bugs
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: mikael.holmen at ericsson.com
                CC: llvm-bugs at lists.llvm.org

Created attachment 18000
  --> https://bugs.llvm.org/attachment.cgi?id=18000&action=edit
reproducer

Running opt:
opt -S -instcombine -o - tr13025.ll

on this little program:

@g = constant i8 -1

define void @foo() {
entry:
  %0 = alloca i8
  %1 = bitcast i8* %0 to i4*
  call void @bar(i4* %1)
  %2 = bitcast i4* %1 to i8*
  call void @llvm.memcpy.p0i8.p0i8.i32(i8* %2, i8* @g, i32 1, i32 1, i1 false)
  call void @gaz(i8* %2)
  ret void
}

declare void @llvm.memcpy.p0i8.p0i8.i32(i8* nocapture writeonly,
                                        i8* nocapture readonly, i32, i32, i1)

declare void @bar(i4*)
declare void @gaz(i8*)

gives:

define void @foo() {
entry:
  %0 = alloca i4, align 1
  call void @bar(i4* nonnull %0)
  %1 = bitcast i4* %0 to i8*
  store i4 -1, i4* %0, align 1
  call void @gaz(i8* %1)
  ret void
}

So a memcpy of one word has been replaced by a store of an i4:
  store i4 -1, i4* %0, align 1

This doesn't seem right to me.

Also:

  %0 = alloca i8

has been replaced with

  %0 = alloca i4, align 1

since i4 and i8 have the same store sizes, but I'm not sure if that is a
problem
or not.

The memcpy change is done by InstCombiner::SimplifyMemTransfer, especially
this code is involved:

    if (SrcETy->isSized() && DL.getTypeStoreSize(SrcETy) == Size) {
      // The SrcETy might be something like {{{double}}} or [1 x double].  Rip
      // down through these levels if so.
      SrcETy = reduceToSingleValueType(SrcETy);

Since i4 has store size 1, we pass the above check and then conclude that it's
ok to just do a store i4 -1 instead of store i8 -1.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170217/5a9a0e7d/attachment.html>

More information about the llvm-bugs mailing list