[llvm-bugs] [Bug 46380] New: incorrect (?) transformation around icmp
via llvm-bugs
llvm-bugs at lists.llvm.org
Thu Jun 18 06:34:44 PDT 2020
https://bugs.llvm.org/show_bug.cgi?id=46380
Bug ID: 46380
Summary: incorrect (?) transformation around icmp
Product: libraries
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: Scalar Optimizations
Assignee: unassignedbugs at nondot.org
Reporter: post+llvm at ralfj.de
CC: llvm-bugs at lists.llvm.org
(Bugzilla made me pick a component, so I made a wild guess. I do not have the
slightest idea which of these internal LLVM components is responsible here.
Would be nice if I could select "unknown"...)
In https://bugs.llvm.org/show_bug.cgi?id=34548#c99, Eli Friedman wrote
> icmp is defined to just take the raw pointer bits as an integer.
> If some transform isn't consistent with this, please file a bug.
I think Juneyoung found a transformation that is indeed not consistent with
this, which I adjusted as follows (https://godbolt.org/z/XYQ7Vx):
define i1 @compare(i32* %p, i32* %q) {
%c = icmp eq i32* %p, %q
ret i1 %c
}
define void @src() {
%p = alloca i32
%q = alloca i32
call void @llvm.lifetime.start.p0i32(i64 1, i32* %p)
call void @llvm.lifetime.end.p0i32(i64 1, i32* %p)
call void @llvm.lifetime.start.p0i32(i64 1, i32* %q)
%c = call i1 @compare(i32* %p, i32* %q)
br i1 %c, label %A, label %B
A: ; compare() == true
call void @f(i1 true)
%c2 = icmp eq i32* %p, %q
call void @f(i1 %c2)
br label %EXIT
B: ; compare() == false
call void @f(i1 false)
%c3 = icmp eq i32* %p, %q
call void @f(i1 %c3)
br label %EXIT
EXIT:
call void @llvm.lifetime.end.p0i32(i64 1, i32* %q)
ret void
}
The function "src" compares "p" and "q" twice, once inside "compare". It calls
"f" twice with the two results of the comparison. The first comparison is
passed via indirect information flow, i.e., the equivalent of "if p == q {
f(true) } else { f(false) }" in Rust. "p" and "q" could be equal or not, so
this function has two possible executions: either "f" gets called twice with
"true" as argument, or it gets called twice with "false" as argument.
The transformed program (with "opt -instsimplify") is
define i1 @compare(i32* %p, i32* %q) {
%c = icmp eq i32* %p, %q
ret i1 %c
}
define void @src() {
%p = alloca i32, align 4
%q = alloca i32, align 4
call void @llvm.lifetime.start.p0i32(i64 1, i32* %p)
call void @llvm.lifetime.end.p0i32(i64 1, i32* %p)
call void @llvm.lifetime.start.p0i32(i64 1, i32* %q)
%c = call i1 @compare(i32* %p, i32* %q)
br i1 %c, label %A, label %B
A: ; preds = %0
call void @f(i1 true)
call void @f(i1 false)
br label %EXIT
B: ; preds = %0
call void @f(i1 false)
call void @f(i1 false)
br label %EXIT
EXIT: ; preds = %B, %A
call void @llvm.lifetime.end.p0i32(i64 1, i32* %q)
ret void
}
Notice how in block A, "f" gets called with two *different* values, which
should be impossible because the original program only calls f with two times
the same value.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200618/b1702033/attachment.html>
More information about the llvm-bugs
mailing list