[llvm-bugs] [Bug 47697] New: MemCpyOpt: uses sext instead of zext for memcpy/memset size subtraction

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Sep 30 11:43:39 PDT 2020 

https://bugs.llvm.org/show_bug.cgi?id=47697

            Bug ID: 47697
           Summary: MemCpyOpt: uses sext instead of zext for memcpy/memset
                    size subtraction
           Product: libraries
           Version: trunk
          Hardware: All
                OS: All
            Status: NEW
          Keywords: miscompilation
          Severity: normal
          Priority: P
         Component: Scalar Optimizations
          Assignee: unassignedbugs at nondot.org
          Reporter: nunoplopes at sapo.pt
                CC: ahmed at bougacha.org, benny.kra at gmail.com,
                    florian_hahn at apple.com, juneyoung.lee at sf.snu.ac.kr,
                    llvm-bugs at lists.llvm.org

Test: Transforms/MemCpyOpt/memset-memcpy-redundant-memset.ll

MemCpyOpt sign-extends the difference between memcpy/memset sizes instead of
zero-extending them.

https://alive2.llvm.org/ce/z/RgKeyt

----------------------------------------
define void @src(* %dst, * %src, i8 %dst_size, i8 %src_size, i8 %c) {
  memset * %dst align 1, i8 %c, i8 %dst_size
  memcpy * %dst align 1, * %src align 1, i8 %src_size
  ret void
}
=>
define void @src(* %dst, * %src, i8 %dst_size, i8 %src_size, i8 %c) {
  %1 = usub_sat i8 %dst_size, %src_size
  %2 = sext i8 %src_size to i64
  %3 = gep * %dst, 1 x i64 %2
  memset * %3 align 1, i8 %c, i8 %1
  memcpy * %dst align 1, * %src align 1, i8 %src_size
  ret void
}
Transformation doesn't verify!
ERROR: Source is more defined than target

Example:
* %dst = pointer(non-local, block_id=1, offset=96)
* %src = pointer(non-local, block_id=1, offset=9007199254741152)
i8 %dst_size = #x83 (131, -125)
i8 %src_size = #x82 (130, -126)
i8 %c = any

Source:

SOURCE MEMORY STATE
===================
NON-LOCAL BLOCKS:
Block 0 >       size: 0 align: 1        alloc type: 0
Block 1 >       size: 2305843009213693952       align: 2        alloc type: 0
Block 2 >       align: 2        alloc type: 0

Target:
i8 %1 = #x01 (1)
i64 %2 = #xffffffffffffff82 (18446744073709551490, -126)
* %3 = pointer(non-local, block_id=1, offset=-30)


Summary:
  0 correct transformations
  1 incorrect transformations
  0 Alive2 errors

https://web.ist.utl.pt/nuno.lopes/alive2/index.php?hash=1546033e6d866cfc&test=Transforms%2FMemCpyOpt%2Fmemset-memcpy-redundant-memset.ll

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200930/19553221/attachment-0001.html>

More information about the llvm-bugs mailing list