<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Missed optimization for Atomic load"
href="https://bugs.llvm.org/show_bug.cgi?id=51435">51435</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Missed optimization for Atomic load
</td>
</tr>
<tr>
<th>Product</th>
<td>libraries
</td>
</tr>
<tr>
<th>Version</th>
<td>trunk
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>Common Code Generator Code
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>shivam98.tkg@gmail.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>Hi,
Please consider the below test case.
struct Foo {
unsigned *ptr = nullptr;
bool cond = true;
unsigned a1 = 0;
unsigned a2 = 0;
unsigned foo();
};
unsigned Foo::foo() {
unsigned oldest_snapshot;
if (!ptr) {
oldest_snapshot = cond
? __atomic_load_n(&a1, __ATOMIC_ACQUIRE)
: __atomic_load_n(&a2, __ATOMIC_ACQUIRE);
} else {
oldest_snapshot = *ptr;
}
return oldest_snapshot;
}
X86 issue:
clang++ test.cc -O1 -g -c && llvm-objdump -d test.o
0000000000000000 <_ZN3Foo3fooEv>:
0: 48 8b 07 mov (%rdi),%rax
3: 48 85 c0 test %rax,%rax
6: 74 03 je b <_ZN3Foo3fooEv+0xb>
8: 8b 00 mov (%rax),%eax
a: c3 retq
b: 80 7f 08 00 cmpb $0x0,0x8(%rdi)
f: 74 09 je 1a <_ZN3Foo3fooEv+0x1a>
11: 8b 47 0c mov 0xc(%rdi),%eax
14: 48 83 c7 0c add $0xc,%rdi
18: eb 07 jmp 21 <_ZN3Foo3fooEv+0x21>
1a: 8b 47 10 mov 0x10(%rdi),%eax
1d: 48 83 c7 10 add $0x10,%rdi
21: 48 89 f8 mov %rdi,%rax
24: 8b 00 mov (%rax),%eax
26: c3 retq
1a-21 is the atomic load, whose result is discarded then 24 is a duplicate
non-atomic load instructions, 1a-21 are pointless.
aarch64 issue:
$ clang++ --target=aarch64 test.cc -O1 -g -c && llvm-objdump -d test.o
0000000000000000 <_ZN3Foo3fooEv>:
0: f9400008 ldr x8, [x0]
4: b4000068 cbz x8, 10 <_ZN3Foo3fooEv+0x10>
8: b9400100 ldr w0, [x8]
c: d65f03c0 ret
10: 39402008 ldrb w8, [x0, #8]
14: 34000068 cbz w8, 20 <_ZN3Foo3fooEv+0x20>
18: 91003008 add x8, x0, #0xc
1c: 14000002 b 24 <_ZN3Foo3fooEv+0x24>
20: 91004008 add x8, x0, #0x10
24: 88dffd1f ldar wzr, [x8]
28: b9400100 ldr w0, [x8]
2c: d65f03c0 ret
The same load duplication, but we can see that the first one is atomic-acquire,
but the second one misses the acquire part. This can lead to arbitrary memory
corruption.
Please let me know bug reporting needs to improve.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>