<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Wrong code: suspected bad NSW flag."

   href="https://bugs.llvm.org/show_bug.cgi?id=47092">47092</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Wrong code: suspected bad NSW flag.

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Scalar Optimizations

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>paulsson@linux.vnet.ibm.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=23837" name="attach_23837" title="reduced testcase: llc input after clang -O2">attachment 23837</a> <a href="attachment.cgi?id=23837&action=edit" title="reduced testcase: llc input after clang -O2">[details]</a></span>

reduced testcase: llc input after clang -O2

This csmith program:

long b = 8446744073709551615;

static int fn1(int p1, int p2) {

  return (((p1 ^ ((p1 ^ p2) & ~2147483647)) - p2) ^ p2) < 0 ? p1 : p1 - p2;

}

int main() {

  int a = fn1(b & 1303940520, -1628135358);

  printf("checksum = %X\n", a);

}

should print 44108DA8 (p1 in hex).

clang -target s390x-unknown-linux-gnu -march=z10 -O1 ./wrong1.i -o a.out -w ;

./a.out

checksum = 44108DA8

clang -target s390x-unknown-linux-gnu -march=z10 -O2 ./wrong1.i -o a.out -w ;

./a.out

checksum = A51BED66

I found out that there is one case where SystemZElimCompare removes a compare

w/0 after an AFI. The AFI (Add Fullword Immediate) has the nsw and nuw flags,

which makes this transformation safe at this point. However, removing that

compare is the difference between the two results, which indicates that the NSW

flag was present when there in fact will be an overflow.

llc -mtriple=s390x-linux-gnu -mcpu=z10 -O2 ./wrong1.ll -o wrong1.s

  renamable $r1l = nuw nsw AFI killed renamable $r1l(tied-def 0), 1628135358,

implicit-def dead $cc

  CHI renamable $r1l, 0, implicit-def $cc

  BRC 14, 4, %bb.2, implicit $cc

=>

  renamable $r1l = nuw nsw AFI killed renamable $r1l(tied-def 0), 1628135358,

implicit-def $cc

  BRC 15, 4, %bb.2, implicit $cc

  -> WRONG-CODE

I don't think that the constants in the source program will cause an overflow,

and -fsanitize=undefined does not indicate this either. 

I suspect that the multiple combinations of the logical/arithemtic operations

may have introduced an operation that causes an overflow, but I am not quite

sure...</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>