<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/66078>66078</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
Bug in Jump Threading Pass when Handling Indirect Branches
</td>
</tr>
<tr>
<th>Labels</th>
<td>
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
keellisa1
</td>
</tr>
</table>
<pre>
The Jump Threading Pass in LLVM appears to have a bug when handling indirect branches, specifically in the function JumpThreadingPass::maybethreadThroughTwoBasicBlocks. The issue arises when PredPredBB contains an indirectbr instruction as its terminator.
The current implementation of the function does not seem to analyze the terminator of PredPredBB to determine if it's an indirectbr operation, which can lead to incorrect jump threading decisions.
Here is a simplified scenario that triggers the issue:
%4 = alloca i32, align 4
%5 = alloca [8 x i32], align 4
%6 = alloca i32*, align 8
%7 = alloca [8 x i32], align 4
%8 = alloca i32*, align 8
%9 = alloca [8 x i32], align 4
%10 = alloca i32*, align 8
tail call void @DidiIndirectBranchIniFunctionEncryptPrefix_Usersdidiworkllvmcodewsgsdkwsgfoundationsourcenativelibraryciphermbedtlslibrarynewbignumc(i32 6, i32 4, i32 1, i32 14) #3
call void @llvm.dbg.value(metadata i64 %0, metadata !24, metadata !DIExpression()), !dbg !30
call void @llvm.dbg.value(metadata i32* %1, metadata !25, metadata !DIExpression()), !dbg !30
call void @llvm.dbg.value(metadata i32* %2, metadata !26, metadata !DIExpression()), !dbg !30
call void @llvm.dbg.value(metadata i32 0, metadata !28, metadata !DIExpression()), !dbg !30
call void @llvm.dbg.value(metadata i64 0, metadata !27, metadata !DIExpression()), !dbg !30
%11 = getelementptr inbounds [8 x i32], [8 x i32]* %5, i64 0, i64 1
store volatile i32 86, i32* %11, align 4
store volatile i32* %11, i32** %6, align 8
%12 = load volatile i32*, i32** %6, align 8
%13 = load volatile i32, i32* %12, align 4
%14 = load volatile i32, i32* getelementptr inbounds ([16 x i32], [16 x i32]* @Usersdidiworkllvmcodewsgsdkwsgfoundationsourcenativelibraryciphermbedtlslibrarynewbignumc_decryptCalOpLoadTable, i64 0, i64 6), align 8
%15 = add i32 %14, 41
%16 = and i32 %15, 100
%17 = add i32 %16, %13
%18 = load volatile i8*, i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @mpi_sub_hlpIndirectBranchingGlobalTable, i64 0, i64 1), align 8
%19 = sext i32 %17 to i64
%20 = getelementptr i8, i8* %18, i64 %19
indirectbr i8* %20, [label %21, label %31], !dbg !31
21: ; preds = %3
%22 = load volatile i32, i32* %4, align 4
%23 = or i32 %22, 99
%24 = add i32 %23, -217
store volatile i32 %24, i32* %4, align 4
br label %25
25: ; preds = %31, %21
%26 = phi i32 [ %35, %31 ], [ undef, %21 ]
%27 = phi i64 [ %34, %31 ], [ undef, %21 ]
%28 = phi i32* [ %33, %31 ], [ undef, %21 ]
%29 = phi i32* [ %32, %31 ], [ undef, %21 ]
%30 = getelementptr inbounds [8 x i32], [8 x i32]* %7, i64 0, i64 5
br label %42, !dbg !30
31: ; preds = %3, %59
%32 = phi i32* [ %67, %59 ], [ %1, %3 ]
%33 = phi i32* [ %68, %59 ], [ %2, %3 ]
%34 = phi i64 [ %66, %59 ], [ 0, %3 ]
%35 = phi i32 [ %64, %59 ], [ 0, %3 ]
call void @llvm.dbg.value(metadata i32 %35, metadata !28, metadata !DIExpression()), !dbg !30
call void @llvm.dbg.value(metadata i64 %34, metadata !27, metadata !DIExpression()), !dbg !30
call void @llvm.dbg.value(metadata i32* %33, metadata !26, metadata !DIExpression()), !dbg !30
call void @llvm.dbg.value(metadata i32* %32, metadata !25, metadata !DIExpression()), !dbg !30
%36 = icmp ult i64 %34, %0, !dbg !33
br i1 %36, label %25, label %37, !dbg !35
37: ; preds = %31
%38 = getelementptr inbounds [8 x i32], [8 x i32]* %9, i64 0, i64 1
%39 = getelementptr inbounds [8 x i32], [8 x i32]* %7, i64 0, i64 4
call void @llvm.dbg.value(metadata i32 %35, metadata !28, metadata !DIExpression()), !dbg !30
call void @llvm.dbg.value(metadata i64 poison, metadata !27, metadata !DIExpression()), !dbg !30
call void @llvm.dbg.value(metadata i32* %33, metadata !26, metadata !DIExpression()), !dbg !30
%40 = icmp eq i32 %35, 0, !dbg !36
br i1 %40, label %92, label %41, !dbg !37
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzcWE1z2zYT_jXUBRMPCfDzoIMVx2_yTjrNwe3VAxIrEjEEsADoj_76DkBSIiWqsZImmXYmkShw8ezi2WcXMKgxvJYA6yDZBMnNina2UXr9ACAENzRalYq9rO8aQP_vdi26azRQxmWNPlFjEJfo48fff0G0bYFqg6xCDX0ERFHZ1eipAYkaKplwE7hkXENlUamprBowAX6LTAsV3_KKCvHi0GwDaNvJynIlvce9Q-cvINcBud7RlxKsH79rtOrq5u5Jbajh1Uao6sFcIRcuN6YDRDU3YPpIPmlg7v9mgyolLeXSICr3cZUacWms7nrn1CBuDbKgd1xSq_RVEN4E4XX_6TxUndYgLeK7VsAOpKV-otrOV8EUGCSVRQZg5xiikoqXP8FbHeDdvEmEViEG_VtAfIu4DXB2HK9qQXunjsqnhlcNqqhEAihzAFxWSnvKP7vc2X3uGFTccCXNbE3vQTvaEEXGLYlvOTBkKpBUc4VsQy2ymtc1uESPDLuUTDBQgJMYBeQGUSFURREn2AVHBa8ligcjZ5VMrYJkk6Nnb5zcLNunJ6jXB8N8YphdCJy_Fri4EDgKX4VsKRfIFQB6VJyhIA5vOOMfhixvfLF8kPx20NM7WemX1n7SsOXP978Z0IZxxp-UfhDicVcpBk-mNuzhydRb1UnmBWJUp10mLX8EwUtN9UvF2wb0rgRmhRnGJDyVvJbdrgpwzglGqQvYPcTjQ7R_iANcoAATMq5ktggXzBUr66tHKjoIcL4DSxm1FPE0dvSEDmg_GOAIx8cjNx_ePbcajPESzwNc-H9v3TtW1u6LhJd693nw-TkJIPmxAeCTANIfFAA6JT__Ia7TeMF19k2uXSYjX2k1WOg7cWtdMy-d_M1pqR4N-Fz41O_Dcw_R6MBYpQE9KkEtF-Dpy8e6GKUULbSA03kz67Eh-KF0ueVE2C9MKMqOgV4NQc5BzBZwpktH8Rdnn2Md50GyidJj5mcj104u362H3TPwvfItFb-2HxVld7QUcJLodBDXAnfDJsWYz7rnw1nG0dRo2JnkwciLKQpnEs1OoNJe0UlEpnb5EuH5mPB8yPffkh47hr3lnvX5kKd91_J705X3jWjnmw2X9f-EKqlYpis6T1e_Qxp4tvtFZv4gkk41hcOlas336-tpGN153GH29Kg2WuJwWKKgJQg_4str_5NEIw2H5hFNzyw4Csg1CsgGtRocieTGz5uGfLYOp0UUL9cQ7itQ6ZEU7OcVxdQmPpYHJs7oDY6ywWyhDfmJX46h1Ac2cDJberK89GiQJp4KHfdCbxveO0823jYZbEmEDnpDnWSw3aP4NxOk7IDkUjwgxV-BlE9j8hwMYOQrwIpzYPhyMLKo8ov2pOyk9pKllMZ4eWvsP8k5dfdxJ1MVEnyGgDTbm08JGA9Rburx8sk5qPwcFD4HFS-pJU0XccJzIMmSeNP49SAXnK72ZfFzTlj7WvoHT1kXH277Avwpp9sxgtPz9bcd8B1m3wN5tWtRJ-yc7vGPmslcMilYHvUIs92pD-mwWWVHALN2TbJz7XoSYf7Nfac4fxZ2Dorv0Njif1-VtYqb_ublP1VmbkMJDyKHP-ZcHws8PRF4HM4UXeDZzzg6AsimAl-xNWEFKegK1lFaxAnGGJNVs05IQWlFi4SEWRFVkKRVCSWtygwKKEi-4mscYhIWEY4wyUJylRIabcMtYLqlaZJCEIewo1xceVaVrlf-_mqdpmGWr3x8ZrwE1Wtn9KbsauPSwI01h2mWWwHrTVcjLhcvRf1l4_vx2nM8W6PNcO256rRYN9a2_joT3wb4tua26cqrSu0CfOscDV9vWq0-Q2UDfOuDNQG-9fH-FQAA__9FSBIF">