<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - SCEV AA assumes inbounds and non-negative offsets"
   href="https://bugs.llvm.org/show_bug.cgi?id=33837">33837</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>SCEV AA assumes inbounds and non-negative offsets
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>libraries
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Keywords</th>
          <td>miscompilation
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Global Analyses
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>nunoplopes@sapo.pt
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>dan433584@gmail.com, davide@freebsd.org, dberlin@dberlin.org, gil.hur@sf.snu.ac.kr, hfinkel@anl.gov, jeehoon.kang@sf.snu.ac.kr, juneyoung.lee@sf.snu.ac.kr, llvm-bugs@lists.llvm.org, regehr@cs.utah.edu, sanjoy@playingwithpointers.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>The last rule of SCEV AA to prove no-alias is the following:
if a = x + ...
and no-alias(x, -1, b, s_b)

then no-alias(a, s_a, b, s_b)

where s_a = access size for a


The code is the following:
  if ((AO && AO != LocA.Ptr) || (BO && BO != LocB.Ptr))
    if (alias(MemoryLocation(AO ? AO : LocA.Ptr,
                             AO ? +MemoryLocation::UnknownSize : LocA.Size,
                             AO ? AAMDNodes() : LocA.AATags),
              MemoryLocation(BO ? BO : LocB.Ptr,
                             BO ? +MemoryLocation::UnknownSize : LocB.Size,
                             BO ? AAMDNodes() : LocB.AATags)) == NoAlias)
      return NoAlias;


This is incorrect for the following case:
 1) AO == null || BO == null  (so, we only get an addition for one of the
pointers)
 2) the GEP has no inbounds attribute *OR* the offset (the ... in "a = x +
...") is negative.

I don't have a reproducible test case, but I proved in Z3 that if one of the
above conditions doesn't hold then the code is correct. And if both hold, then
SCEV AA will prove no-alias incorrectly.

So the fix is (for the case AO == null || BO == null):
 - check that the GEP originating the SCEV add expression has inbounds
attribute
 - *and* check that the offset is non-negative</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>