[llvm-bugs] [Bug 43802] New: [LVI] Miscompile by CorrelatedValuePropagation: LVI doesn't take nsw into account

via llvm-bugs llvm-bugs at lists.llvm.org
Fri Oct 25 01:51:18 PDT 2019 

https://bugs.llvm.org/show_bug.cgi?id=43802

            Bug ID: 43802
           Summary: [LVI] Miscompile by CorrelatedValuePropagation: LVI
                    doesn't take nsw into account
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Scalar Optimizations
          Assignee: unassignedbugs at nondot.org
          Reporter: suc-daniil at yandex.ru
                CC: llvm-bugs at lists.llvm.org

Consider following code:
define i32 @foo(i32 %arg) {
bb:
  %tmp = sub nsw i32 0, %arg
  %tmp1 = icmp eq i32 %arg, -2147483648
  br i1 %tmp1, label %bb2, label %bb3

bb2:                                              ; preds = %bb
  br label %bb3

bb3:                                              ; preds = %bb2, %bb
  %tmp4 = phi i32 [ -2147483648, %bb2 ], [ %tmp, %bb ]
  ret i32 %tmp4
}

This cmd:
opt -correlated-propagation -S repro.ll

Produces following result:
define i32 @foo(i32 %arg) {
bb:
  %tmp = sub nsw i32 0, %arg
  %tmp1 = icmp eq i32 %arg, -2147483648
  br i1 %tmp1, label %bb2, label %bb3

bb2:                                              ; preds = %bb
  br label %bb3

bb3:                                              ; preds = %bb2, %bb
  ret i32 %tmp
}

Before the transformation result of `foo` was defined for all `%arg` values,
after the transformation result of `foo` when `%arg == MIN_INT` is `undef`.

This regression was introduced by following commit:
commit 3b6d46761f139e7ee3057758698efa4487323829
Author: Sanjay Patel <spatel at rotateright.com>
Date:   Tue Apr 10 20:42:39 2018 +0000

    [CVP] simplify phi with constant incoming values that match common variable
edge values

    This is based on an example that was recently posted on llvm-dev:

    void *propagate_null(void* b, int* g) {
      if (!b) {
        return 0;
      }
      (*g)++;
      return b;
    }

    https://godbolt.org/g/xYk3qG

    The original code or constant propagation in other passes has obscured the
fact
    that the phi can be removed completely.

    Differential Revision: https://reviews.llvm.org/D45448

    llvm-svn: 329755


The transformation introduced by the commit replaces phi when all incoming
values except one are constants and that one non-constant incoming value is
equal to every constant when coming over the corresponding edge. To check this
condition it queries LazyValueInfo::getConstantOnEdge for the non-constant
value and the incoming edge and compares the result with the corresponding
incoming constant. It appears that LazyValueInfo::getConstantOnEdge doesn't
take the `nsw` flag into account.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20191025/426a3642/attachment.html>

More information about the llvm-bugs mailing list