<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Wrong optimization: devirtualization vs. conditional equivalence"
href="https://bugs.llvm.org/show_bug.cgi?id=44472">44472</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Wrong optimization: devirtualization vs. conditional equivalence
</td>
</tr>
<tr>
<th>Product</th>
<td>new-bugs
</td>
</tr>
<tr>
<th>Version</th>
<td>trunk
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>new bugs
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>ch3root@openwall.com
</td>
</tr>
<tr>
<th>CC</th>
<td>htmldeveloper@gmail.com, llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>This is based on <a class="bz_bug_link
bz_status_NEW "
title="NEW - InstCombine cannot blindly assume that inttoptr(ptrtoint x) -> x"
href="show_bug.cgi?id=34548#c49">bug 34548, comment 49</a>, and <a class="bz_bug_link
bz_status_NEW "
title="NEW - Wrong optimizations for pointers: `if (q == p) use p` -> `if (q == p) use q`"
href="show_bug.cgi?id=44313">bug 44313</a>. It seems there was an
effort to fix the problem as it applies to devirtualization independently from
the general case, so filing this separately. As mentioned in the referenced
comment, GVN changes a pointer to an older one inside the `if` (it doesn't
matter which pointer is on the left in the comparison and which one is on the
right). Visible only with -fstrict-vtable-pointers.
Devirtualization seems not to be concerned with past-the-end pointers and with
`restrict`, so the focus is on the case of a living object located at the same
place where another, now dead, object was located, e.g.:
- after new/delete/new (or malloc/free/malloc);
- after placement new;
- when two local variables in disjoint blocks occupy the same space.
It seems comparison of naked pointers and casts to integers are handled. What I
spotted missing:
- conversions to pointers to classes without virtual tables -- probably just an
oversight;
- direct memory access like memcpy/memcmp -- much more serious problem.
Example with pointers to a class without virtual tables and a placement new:
----------------------------------------------------------------------
#include <stdio.h>
#include <new>
struct B {
void m() {}
};
struct X : B {
virtual void foo() { puts("foo"); }
};
struct Y : B {
virtual void bar() { puts("bar"); }
};
static_assert(sizeof(X) == sizeof(Y));
int main()
{
B *q = new Y;
X *p = new (q) X;
if (p == q)
p->foo();
}
----------------------------------------------------------------------
$ clang++ -std=c++2a -Wall -fstrict-vtable-pointers test.cc && ./a.out
foo
$ clang++ -std=c++2a -Wall -fstrict-vtable-pointers -O3 test.cc && ./a.out
bar
----------------------------------------------------------------------
clang x86-64 version: clang version 10.0.0
(<a href="https://github.com/llvm/llvm-project.git">https://github.com/llvm/llvm-project.git</a>
c5fb73c5d1b3f1adb77d99fc85c594b48bff08f9)
----------------------------------------------------------------------</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>