<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Invalid optimization in the presence of shift instructions?"

   href="https://bugs.llvm.org/show_bug.cgi?id=34133">34133</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Invalid optimization in the presence of shift instructions?

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>new-bugs

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>new bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>c.cadar@imperial.ac.uk

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Consider the program below:

$ cat shift.c

int a = 0;

int foo(int x) { return (a < 2) || (a >> x) ; }

int main() {

  return foo(100);

}

$ clang -O1 -emit-llvm -c shift.c

$ llvm-dis shift.bc

$ cat shift.ll

...

define i32 @foo(i32) local_unnamed_addr #0 {

  %2 = load i32, i32* @a, align 4, !tbaa !1

  %3 = icmp slt i32 %2, 2

  %4 = ashr i32 %2, %0

  %5 = icmp ne i32 %4, 0

  %6 = or i1 %3, %5

  %7 = zext i1 %6 to i32

  ret i32 %7

}

...

define i32 @main() local_unnamed_addr #0 {

  %1 = tail call i32 @foo(i32 100)

  ret i32 %1

}

...

Note that in the C code, the || operator has short-circuiting

behaviour, so "a >> x" should not be evaluated since the first clause

is true.  However, the optimization generates code that always

executes the corresponding ashr instruction, which has undefined

behaviour in this case, as the shift amount is 100.  So is this

optimization valid?

We discovered this while working with KLEE, which generates an

overshift error when the code is compiled with -O1, but not with -O0,

so we'd like to understand whether KLEE's behaviour is correct here.

Note that UBSan does not complain here, as its instrumentation

disables the optimization.

Thank you,

Cristian</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>