<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Wrong code bug: load removed by GVN"
href="https://bugs.llvm.org/show_bug.cgi?id=34344">34344</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Wrong code bug: load removed by GVN
</td>
</tr>
<tr>
<th>Product</th>
<td>new-bugs
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>new bugs
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>mikael.holmen@ericsson.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=19051" name="attach_19051" title="Reproducer">attachment 19051</a> <a href="attachment.cgi?id=19051&action=edit" title="Reproducer">[details]</a></span>
Reproducer
Reproduce with:
opt -S -gvn -o - gvn_input.ll
And you get:
target datalayout = "p:8:8"
define void @foo() {
entry:
%array = alloca [130 x i8], align 1
br label %for.body
for.body: ; preds = %for.body, %entry
%i = phi i8 [ 0, %entry ], [ %inc, %for.body ]
%idx = zext i8 %i to i16
%addr = getelementptr inbounds [130 x i8], [130 x i8]* %array, i16 0, i16
%idx
store i8 %i, i8* %addr, align 1
%inc = add nuw i8 %i, 1
%exitcond = icmp ne i8 %inc, -126
br i1 %exitcond, label %for.body, label %for.cond.cleanup
for.cond.cleanup: ; preds = %for.body
%addr2 = getelementptr inbounds [130 x i8], [130 x i8]* %array, i16 0, i16
129
tail call void @bar(i8 undef)
ret void
}
declare void @bar(i8)
Note that now we pass undef to bar instead of the value loaded from index 129
in the local array. The array is initialized in the loop, from index 0 to (but
not including) index 130.
For some reason GVN fails to realize that the loop indeed writes at index 129,
the only dependency it sees when examining the load, is the alloca, and thus
it thinks we read from uninitialized memory, and the load is removed and
replaced
with undef.
As far as I can tell, this bug is not new. It was at least present in November
2016.
(Originally found on my out-of-tree target where we have 16b pointers. Loading
from
index 32768 then gives the same problems as index 129 in the example above.)</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>