<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - SROA can create badly-aligned/misaligned slices"
href="https://bugs.llvm.org/show_bug.cgi?id=38707">38707</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>SROA can create badly-aligned/misaligned slices
</td>
</tr>
<tr>
<th>Product</th>
<td>libraries
</td>
</tr>
<tr>
<th>Version</th>
<td>7.0
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>Scalar Optimizations
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>arielb1@mail.tau.ac.il
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=20770" name="attach_20770" title="IR that reproduces the bug">attachment 20770</a> <a href="attachment.cgi?id=20770&action=edit" title="IR that reproduces the bug">[details]</a></span>
IR that reproduces the bug
I found a case in which SROA replaces an aligned access to an alloca with an
access to a new alloca that is differently aligned, which e.g. causes crashes
on SPARC (this appears to be the root cause of
<a href="https://github.com/rust-lang/rust/issues/53181">https://github.com/rust-lang/rust/issues/53181</a>).
In the attached IR, %_587 is an aligned alloca, and the pre-SROA code goes as
follows
```
%CrateLint = type { [0 x i8], i8, [11 x i8] }
...
%_587 = alloca %CrateLint, align 4
...
bb10.i:
; %26 is 4 bytes offset into the alloca, and therefore dword-aligned
%19 = getelementptr inbounds %CrateLint, %CrateLint* %_587, i64 0, i32 2, i64
3
br label %bb13.i
bb13.i:
%_14.sroa.0.0.in.in.i = phi i8* [ %21, %bb12.i ], [ %20, %bb11.i ], [ %19,
%bb10.i ]
%_14.sroa.0.0.in.i = bitcast i8* %_14.sroa.0.0.in.in.i to i32*
%_14.sroa.0.0.i = load i32, i32* %_14.sroa.0.0.in.i, align 4
...
```
This loads `%_14.sroa.0.0.i` from a 4-aligned address. However, SROA generates
the following code:
```
%_587.sroa.3 = alloca [7 x i8]
bb10.i: ; preds = %start
%_587.sroa.3.3..sroa_idx = getelementptr inbounds [7 x i8], [7 x i8]*
%_587.sroa.3, i64 0, i64 3
br label %bb13.i
bb13.i: ; preds = %bb12.i, %bb11.i,
%bb10.i
%_14.sroa.0.0.in.in.i = phi i8* [ %_587.sroa.6.0..sroa_cast7, %bb12.i ], [
%_587.sroa.6.0..sroa_cast6, %bb11.i ], [ %_587.sroa.3.3..sroa_idx, %bb10.i ]
...
%_14.sroa.0.0.in.i = bitcast i8* %_14.sroa.0.0.in.in.i to i32*
%_14.sroa.0.0.i = load i32, i32* %_14.sroa.0.0.in.i, align 4
...
```
This performs the dword-aligned load out of `%_587.sroa.3.3..sroa_idx`, which
is aligned 3 (mod 4), and therefore definitely not dword-aligned.
Attached the minified reproducing IR (I hope that it doesn't have UB - I can
send the fuller IR if you want, but it is much larger).</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>