<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/68523>68523</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
[InstCombine] bad combine for load inst caused by tbaa if two arguments ptr is same
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
hstk30-hw
</td>
</tr>
</table>
<pre>
```
inline void* operator new(__SIZE_TYPE__, void* __p) noexcept { return __p; }
long foo(char *c1, char *c2)
{
long *p1 = new (c1) long;
*p1 = 100;
long long *p2 = new (c2) long long;
*p2 = 200;
long *p3 = new (c2) long;
*p3 = 200;
return *p1;
}
int main()
{
union {
char c;
long l;
long long ll;
} c;
// return 100 in arm64be ilp32
if (foo(&c.c, &c.c) != 200)
__builtin_abort();
}
```
The code run fail in `arm64be ilp32`,
https://godbolt.org/z/3rddjszhc
godbolt not support `ilp32`, I simpilify it use `aarch64_be` in IR.
debug info like:
```
INSTCOMBINE ITERATION #1 on _Z3fooPcS_
ADD: ret i32 %0
ADD: %0 = load i32, ptr %c1, align 4, !tbaa !5
ADD: store i32 200, ptr %c2, align 4, !tbaa !5
ADD: store i64 200, ptr %c2, align 8, !tbaa !9
ADD: store i32 100, ptr %c1, align 4, !tbaa !5
IC: Visiting: store i32 100, ptr %c1, align 4, !tbaa !5
IC: Visiting: store i64 200, ptr %c2, align 8, !tbaa !9
IC: Visiting: store i32 200, ptr %c2, align 4, !tbaa !5
IC: Visiting: %0 = load i32, ptr %c1, align 4, !tbaa !5
IC: Visiting: ret i32 %0
Jump threading on function '_Z3fooPcS_'
LVI Getting block end value ptr %c1 at 'entry'
PUSH: ptr %c1 in entry
POP ptr %c1 in entry = overdefined
Result = overdefined
LVI Getting block end value ptr %c2 at 'entry'
PUSH: ptr %c2 in entry
POP ptr %c2 in entry = overdefined
Result = overdefined
LVI Getting block end value ptr %c2 at 'entry'
Result = overdefined
LVI Getting block end value ptr %c1 at 'entry'
Result = overdefined
LVI Getting block end value %0 = load i32, ptr %c1, align 4, !tbaa !5 at 'entry'
PUSH: %0 = load i32, ptr %c1, align 4, !tbaa !5 in entry
compute BB 'entry' - unknown inst def found.
POP %0 = load i32, ptr %c1, align 4, !tbaa !5 in entry = overdefined
Result = overdefined
Looking for trivial roots
Found a new trivial root: %entry
Last visited node: %entry
Looking for non-trivial roots
Total: 1, Num: 2
Discovered CFG nodes:
0: nullptr
1: nullptr
2: %entry
Found roots: %entry
mark live: store i32 100, ptr %c1, align 4, !tbaa !5
mark block live: entry
mark live: store i64 200, ptr %c2, align 8, !tbaa !9
mark live: store i32 200, ptr %c2, align 4, !tbaa !5
mark live: ret i32 %0
post-dom root child is a return: entry
work live: ret i32 %0
mark live: %0 = load i32, ptr %c1, align 4, !tbaa !5
work live: %0 = load i32, ptr %c1, align 4, !tbaa !5
work live: store i32 200, ptr %c2, align 4, !tbaa !5
work live: store i64 200, ptr %c2, align 8, !tbaa !9
work live: store i32 100, ptr %c1, align 4, !tbaa !5
final dead terminator blocks:
Trying to eliminate MemoryDefs killed by 1 = MemoryDef(liveOnEntry) ( store i32 100, ptr %c1, align 4, !tbaa !5)
trying to get dominating access
visiting 0 = MemoryDef(liveOnEntry)
... found LiveOnEntryDef
finished walk
Trying to eliminate MemoryDefs killed by 2 = MemoryDef(1) ( store i64 200, ptr %c2, align 8, !tbaa !9)
trying to get dominating access
visiting 1 = MemoryDef(liveOnEntry) ( store i32 100, ptr %c1, align 4, !tbaa !5)
visiting 0 = MemoryDef(liveOnEntry)
... found LiveOnEntryDef
finished walk
Trying to eliminate MemoryDefs killed by 3 = MemoryDef(2) ( store i32 200, ptr %c2, align 4, !tbaa !5)
trying to get dominating access
visiting 2 = MemoryDef(1)->liveOnEntry MayAlias ( store i64 200, ptr %c2, align 8, !tbaa !9)
Checking for reads of 2 = MemoryDef(1)->liveOnEntry MayAlias ( store i64 200, ptr %c2, align 8, !tbaa !9)
3 = MemoryDef(2) ( store i32 200, ptr %c2, align 4, !tbaa !5)
... skipping killing def/dom access
Checking if we can kill 2 = MemoryDef(1)->liveOnEntry MayAlias ( store i64 200, ptr %c2, align 8, !tbaa !9)
DSE: Partial overwrite: DeadLoc [0, 8) KillingLoc [0, 4)
DSE: Partial overwrite a dead load [0, 8) by a killing store [0, 4)
DSE: Merge Stores:
Dead: store i64 200, ptr %c2, align 8, !tbaa !9
Killing: store i32 200, ptr %c2, align 4, !tbaa !5
Merged Value: 858993459400
Trying to eliminate MemoryDefs that write the already existing value
Trying to eliminate MemoryDefs at the end of the function
INSTCOMBINE ITERATION #1 on _Z3fooPcS_
ADD: ret i32 %0
ADD: %0 = load i32, ptr %c1, align 4, !tbaa !5
ADD: store i64 858993459400, ptr %c2, align 8, !tbaa !9
ADD: store i32 100, ptr %c1, align 4, !tbaa !5
IC: Visiting: store i32 100, ptr %c1, align 4, !tbaa !5
IC: Visiting: store i64 858993459400, ptr %c2, align 8, !tbaa !9
IC: Visiting: %0 = load i32, ptr %c1, align 4, !tbaa !5
IC: Replacing %0 = load i32, ptr %c1, align 4, !tbaa !5
with i32 100
IC: Mod = %0 = load i32, ptr %c1, align 4, !tbaa !5
New = %0 = load i32, ptr %c1, align 4, !tbaa !5
IC: ERASE %0 = load i32, ptr %c1, align 4, !tbaa !5
IC: Visiting: ret i32 100
```
`DSE` merge
```
store i32 200, ptr %c2, align 4, !tbaa !5
store i64 200, ptr %c2, align 8, !tbaa !9
```
to
```
store i64 858993459400, ptr %c2, align 8, !tbaa !9
```
Then, `alias` think `store i64 858993459400, ptr %c2, align 8, !tbaa !9` is `NoAlias` to `%c1` Loc (cause the size 4!=8 ???), so it combine
```
%0 = load i32, ptr %c1, align 4, !tbaa !5
ret i32 %0
```
to
```
ret i32 100
```
But, in fact, `%c1` and `%c2` is the same `ptr`.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzcWV1z6jgS_TXipSuULYOBBx5ICLPsJrmpJHurdl4o2ZKxBiO5JDlM7q_fkmyMIU5ugnN3aodKAdHH6dOn260PiNZ8LRibouElGs57pDCpVNNUm03gXaS7XiTpyxSFXvXnzZE34yLjgsGz5BThGcicKWKkAsF2CI9Xq8fl79erp__cX69WCF_V41arHOEJCMn-jFluAI0uQTFTKOG6gktAo3lpoXzPpFhDIiXC4zglChCexb5FrP_DCE-qGaPL8guAm4bwLPcBBXPLCiyCb43bPhTUQw-jfM9rtDuIGgcf4eA9ThtYORS_BrOdQTvOCUTQAlHJ5OjWzbVaXBjYEi4QHrfpUQguBTQa7MtJGDdM2FfpVWuje2t2odH8aD7CC4QXe6a-5wEXQNQ2HEQMeJYHeD-SJ9b_Mq4Ih3E_tjHdf5sAwv5egb03sFpFBc8MFysSSWUqT18pcZKo5ftTyiCWlIEqBCSEZ5YZCr1jcqHnWDTmpcbkGgWz0rO1pJHMTF-qNcKLHwgvAkXpH_pHGjcnVcNASAO6yHOpjLXVtLEEzbc5z3jyAtxAoZljQ1SchoNVxFDotFs-9JvAlEXFGrhIJGR8wyyvRu-J48u7x6erb7eXy7trWD5dP8yelt_uAOHABylg9XuQSHkfP64qdWfzOQpsuBUzwAMMCA-90z7b5lIzk4TaUdaX3NgHcVg-liTjawGDMpq-iQixn8NTIG2kYs6MC_EBBH8eJBy8AzI-AZm8zcQ_BvmAO8sri_Gda264fYa_Hq-Li--z-7zubXhdE6INsyUB_1lsczCpYoRysbb5mxQiNq6m4VEjl_GomnHzfQm_MWNRIcpkvAEmKDyTrGAHfkCMnc-EUS-Hqff_fvyHZXIYxgWUY6oB3-5bOp0M8pkpyhIuGK3r5wPTRWbe6P4IT_wxnvg9nviv4_kFyG9EqgNyh9R9PxpdgE_iB7Hc5oVhcHnZNAgXUIiNkDsBXGgDlCWQyELQfiPuX0HjvEyxrxspN9xt3BQYxZ85yUBJaXQ1ZmHpAnH7oGa_FRDhYVOEG6INPNsCwSgISVnLmFOTQoqLNrNP0pDMznfu3xVb-32_J5lzHVtvGIWrxW_OlK5XWPDsUFFkWW5U1eS_bsIt5EpfSxqve7dEbSDjz6z76uGgyjzfA_7c0lkry5ukP7-onEC11P5canNB5dZJCHHKMwpcA6m2madu7uTPAE9Mdl3CTgx-MVwXbduhzor4m6w-n6YJFyQDyggFw9SWC3dudHnbeN6e1It9mo0ElnE3iMEt20r1MmeJhg3PMkYheoHy6FZ3ITy2NL-J67Ja2qPE-FzC9dEDwNR81swAlY6SbSFxzPS-wDxXGxnwfsLqULj6_T6U5RtuDkPsnFourlNGYUeyzWfFwa9o-HtJzsuGTysCcBDlfxSqc6PwThCgWxiCVzxwi7ufecBr7p-PQntOXKDguiEO3JKXWcaJPiJ5frJcpSyul2e7jdcgk3OodGbyK4OxzyS94XluvbUpYD-ptbOwi9hxWGpZeAI7BjERbspfIMz88dqW9nuijN012Y3QTnHj6v2cEXojY0DDS4c8tnr9q3St2T74ORyQsvK7xfEIL3oBUutVOvM27i1TawaPdlRjzQDHtPtiB3vnui_BUFKl8N2eOizeeDieTILBcDLwvI_VEZMSA6V6JmVAMvv8vAD7k2v3QLsDzcegiHEQ9hgkE_d1f44-ukiqzub_BxdI4eBY0L_lJdAXefvr7m8eWJ6R2CZed0T72nGT1uo1Dd1K6rC_xswd230RWsnu-mH2eP2LL8VqRVqvuVHo2QoZerB1FfKd6-EOVa1DbW1lbeQHiHbK_bd-ExBueOgRu4xa2UzKxca2dLQaevaMikLvTs5qbAnu9t_mQOiBWznxOCaFLgu75j-YldxHwXwMKFhUf3hi4bUEbiCW24iLdwPbMfteV-8zYvaxbL0sjOXABSQkNlUoan2IoPv_caWnU4ls3W8luVEo9Korrx6dBnQSTEiPTf1wEo7CiTfxe-mUhn44ogEZBvEkIpNJOI4TOo4GYYCTII69Hp9iDwe-5419PBgM_X4wCofYJxENR0HoDcdo4LEt4Vk_y563fanWPa51wabheIiDXkYilmn3yynGgu3AdSKM0XDeU1M75yIq1hoNvIxrow8ohpvM_eS6FNpclWFFwzlEhNZRtpvlMopCG3CZ4s4TLmQ8AbOTQNS62DJhtIsx106gXqGy6clvV9ykRdSP5RbhhWVRfVzkSv7BrPwLx10jvHC-_TcAAP__LLNicg">