<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - MergedLoadStoreMotion is not actually preserving MemDep"

   href="https://bugs.llvm.org/show_bug.cgi?id=36063">36063</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>MergedLoadStoreMotion is not actually preserving MemDep

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>new-bugs

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>unspecified

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>new bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>bsteinbr@gmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>we recently made some slight adjustments the pass order for the Rust compiler,

and that exposed what I believe to be a bug in either MergedLoadStoreMotion or

MemDep.

The rust issue this is about is: <a href="https://github.com/rust-lang/rust/issues/47364">https://github.com/rust-lang/rust/issues/47364</a>

What's ultimately causing the failure is a misoptimization happenings in GVN,

the code looks roughly like this:

    %x = getelementptr ...

    store i64 %val, i64* %x

    // ...

    %val2 = load i64, i64* %x

    // ..

    store i64 %val2, i64* %dst

Which GVN replaces with:

    store i64 %val, i64* %x

    // ...

    store i64 undef, i64* %dst

The problem here is that before MLSM ran, the initial store of %val to %x was

in a different BB, which caused MemDep to create a local dep cache entry marked

as non-local.

MLSM then actually turned that into a local dependency, but the cache entry was

never invalidated, because the non-local dependency was never resolved, so

there is no entry in the reserve lookup tables that would have allowed

removeInstruction() to find the cache entry.

So GVN still gets a non-local result, asks MemDep to evaluate it, and gets the

uninitialized alloca instead of the store instruction as a result, causing it

to replace the store with an undef.

Unfortunately I don't have a minimized test case for this yet.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>