[llvm-bugs] [Bug 45762] New: Miscompile of zext(cttz())
via llvm-bugs
llvm-bugs at lists.llvm.org
Thu Apr 30 12:28:52 PDT 2020
https://bugs.llvm.org/show_bug.cgi?id=45762
Bug ID: 45762
Summary: Miscompile of zext(cttz())
Product: libraries
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P
Component: Scalar Optimizations
Assignee: unassignedbugs at nondot.org
Reporter: meheff at google.com
CC: llvm-bugs at lists.llvm.org
Created attachment 23430
--> https://bugs.llvm.org/attachment.cgi?id=23430&action=edit
Repro .ll file
It looks like cttz(X, false) is unsafely relaxed to cttz(X, true) if the only
use of the cttz is a zext/trunc. Transformation happens here:
https://github.com/llvm/llvm-project/blob/master/llvm/lib/Transforms/InstCombine/InstCombineSelect.cpp#L889
It checks to see if the cttz has a single use (unsafely assuming it is the
select), but earlier the analysis can traverse through zext/trunc so the
assumption that the cttz's single use is the select is wrong:
https://github.com/llvm/llvm-project/blob/master/llvm/lib/Transforms/InstCombine/InstCombineSelect.cpp#L864
If the zext/trunc has other uses then the relaxed cttz(X, true) incorrectly
leaks out around the guarding select.
Repro attached.
$ lli bad.ll
$ echo $?
8
$ opt bad.ll --O2 | lli
$ echo $?
1
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200430/64a99993/attachment.html>
More information about the llvm-bugs
mailing list