<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/68751>68751</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            ConstraintEliminationPass incorrectly replaces a i256 ne with a constant false.
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          allight
      </td>
    </tr>
</table>

<pre>
    [manual_min.ll](https://github.com/llvm/llvm-project/files/12862308/manual_min.ll.txt) is a llvm ir program that displays a miscompile. 

This reproduces using llvm as of commit: https://github.com/llvm/llvm-project/commit/ff5e2babcb46e7eb3887ee265decb2948da2792c

Unfortunately due to not causing any crash I was unable to minimize it any more than this since whatever I tried bugpoint would either reduce it to nothing or not change anything.

Bug code is generated from an [xls](https://github.com/google/xls) program below:

```
package crasher_manual_min2

file_number 0 "/google/src/cloud/allight/fix-new-crasher/google3/third_party/xls/fuzzer/crashers/crasher_manual_min2.x"

fn __crasher_manual_min2__main(x4: bits[51]) -> bits[1] {
  // bit_slice_update(a, b, c) returns 'a' with bits starting at index 'b' replaced with the bits of 'c'
  x5: bits[51] = bit_slice_update(x4, x4, x4, id=2, pos=[(0,54,38)])
  x6: bits[102] = concat(x5, x5, id=3, pos=[(0,55,29)])
  zero_ext.5: bits[153] = zero_ext(x6, new_bit_count=153, id=5)
  x9: bits[153] = concat(x6, x5, id=4, pos=[(0,56,29)])
  ret gate_src: bits[1] = ne(zero_ext.5, x9, id=6, pos=[(0,58,43)])
}
```

This is compiled using the xls jit compiler to LLVM. This code is linked with a runner below which simply executes this program on the numbers [0, 256] and prints each result. This should result in a zero byte followed by all 0x1 bytes.

```sh
% cat manual_min_runner.bc | lli | hd
00000000  00 01 01 01 01 01 01 01  01 01 01 01 01 01 01 01  |................|
00000010  01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 |................|
*
00000100
```

Runner code.
```c
#include <stdio.h>
#include <unistd.h>
#include <stdint.h>

extern char __crasher_manual_min2__main(void* inputs, void* outputs, void* buf, void* events, void* user_data, void* rt, long long int cont);

typedef int64_t i64;
// returns a bool
char tryone(i64 v) {
  void* inp_ptr[1];
  i64 bit64 = v;
  inp_ptr[0] = &bit64;
 void* out_ptr[1];
  char val = 0;
  out_ptr[0] = &val;
  void* temp_buf[1];
  void* user_data[1];
 __crasher_manual_min2__main(inp_ptr, out_ptr, temp_buf, 0, 0, 0, 0);
 return val;
}

int main() {
  // return (tryone(1) << 1) | tryone(0);
  for (int i = 0; i < 256; ++i) {
    char r = tryone(i);
    write(1, &r, sizeof(char));
  }
  return 0;
}
```

However in the 349th pass (ConstraintEliminationPass) a miscompile occurs and after that pass the program will always print all 0s.

```sh
 % cat manual_min_runner.opt.bc | lli | hd
00000000 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 |................|
*
00000100
```

This is based on the investigation for https://github.com/google/xls/issues/1146

Repro build process:

```sh
% opt manual_min.llvm.ir --O3 -opt-bisect-limit=$current_id > bisect_manual_min.llvm.opt.bc
% clang -S -emit-llvm manual_min_runner.c -o manual_min_runner.ll
% opt manual_min_runner.ll > manual_min_runner_driver.bc
% llvm-link bisect_manual_min.llvm.opt.bc manual_min_runner_driver.bc > bisect_manual_min_runner.opt.bc
```

The bitcode can be run by lli or compiled further. It doesn't seem to affect the miscompile.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJysWFuP4joS_jXulxIoOBfgoR-m6UE70lntam-vkeNUiM9x7Mh2GphfvyqHQJqme_ZIi6IQXFdXVb4qI7xXB4P4zPIXlr8-iSG01j0LrdWhDU-Vrc9E6oQZhC47ZZZas_yV8U0bQu9Z-o3xPeP7gwrtUC2l7Rjfa_02fS16Z39HGRjfN0qjZ3y_4puCp8mG8f07tctwCoxvQXkQQLKgHPTOHpzoILQiQK18r8WZ6J3y0na90rgElryy5Nt4_1erPDjsna0HiR4Gr8xh1CY82Aak7ToVWPoN_vQGLqJ83zQ58kpUssoKXGOVbjZrRF7kNcqKb7NNLfh6y-XcsX-bxrowGBFQn6EeEIIFYwNIMfoozBmkE76FH3AUHgYjKh25OmVUp34iqBC5OuuQAmIg0G69MhLh2IqAb-jgBwSnsIZqOPRWmQBHO-gaUIUWHTikuJCm0XxLpq0bPWmFOSCZiMvLufsvwwGkrZGyc0CDTgSsoXG2A2GA5S8n7X9ZFwdrDxoZ3xMz316TW6G2RxKZGWRFcrniz17IP8QBxwihK2-Vw-dSVGOlGboKHSTAOJ9b9U5SFrUdasb3lxKPhXlaGDwuLrqvIinj-9AqV5e9cOE8-b1vhp8_I9tFwN8e534tT2R_7pyBsnzAWJadUIbxzSmjuqxU8Cx_yVcxnltYsPT7tEhrwNYvo0KAMchELb1WEsuhr0VAxjeC8R1UdJOkxGEYnPHA-FowvoajCm1UCj4IF2IBBlCmxhPxVMTjsNdCYj0yhxZHAdsQh2R8PXlxyu_9Bpa-PvLqlJFH87uqWfrK6am3nqWvhEN8kzC-y4mebhjfjoG4Witm1lYJn8xJa6QIZCSP6vOr-vSheqLz7Qf1P9HZEk9hOd_UKk8nMxOdDBWk2OCxpK1KO5jA0lfinSznc7-3jxXe_C7u_M4e-l089tthgIMIWFKZzwxNZgzFf7Y5MrW9mioemtowvsvSO1Ns_frwFZ0BsPJwQef6gsBUPSft4XcVJpIjCPrtt__8dQlRaIIXrcwfU9EJcIMx6EaIgGOrZAtedb0-A55QDgH9iIITllgTbY0Y4AmZaCfA84ICIUwNvVMmeEAhW3DoBx0uDvg2IuW4BsqAiMmG6hwQGqu1PRKunkFoDclpFQl--RC1fHtZ4DlIEeD2upfjjpaVBLbegdYqfrf1KJBcPgBJAsnqwfV4lQhsvVvefdh6N9e7Sj4X_-z6Sivj32bqV0nyRWX8Y8wkpXl5xzZ1Sp4qI_VQI7B050Ot7LJl6fdH1MEoH-pPySRswpwc73gK6Ax1OvcLLH6zqmb8GyjTD8FTCU0rdgj3S9XQzH_iG5r3DINHV9YiiPmiC_RLWxpQ6EbNWlpDQxBLX-Zuh3OPNTbEUWRlAFVkN46xBUwAL6CyVo-kuM3gzja--6rI4I16wax_zHZZ9sFd8OKqG8gSIUmRRQx5m1OuIskEMYwXkffGNYvZY_3RxTeho3wyI9wk5urfhJ7xTNoDdn1JOfig_mP871m-roJpk3x3dYjvbvb4DpIPt1vyLkmBudc39Ix3yvnF1l1q3uUVGN9cE7mKnOmOpTsYn9e7W5rfewCNdRA3EkBdgxwfR1BMX4DxF8Zf1J39S25cFLoV0XvtAEenwsWpHWUoBsirn2gbxjekgo3N6iZ0DQFMu0sehOcRhPzFHuOMq0aQT7NtaKEXnuaazc4aH5xQJnzXqlNGBGXN34WPo-b8xABWysH52AxEE6gR0eki6iG1Uys5Kq1B6COdOGLTGIH_F4gPn0O-7cMvYf-z61PC_wuep8ZdCY_11EaVeUMf1CHGMtbS_zze75X3w3jgW2XFu0ZAxzOoBqWpGVuJ3n82_M_bqO3nMV3S4WypHCwWf0thYfuwqJRHGRaUfJrDGM_k4ByaUKoaxiGaGMp7JWNaZv1aC3OAxT9hgZ0Ki3h4_JhMCQv7YFnrzzy-cURnPhDK2qm3OBjcNMQTKA1EX_v-lbLHO39fkl-WRRz743AmhYEKaSSjKYhK2LrboNcMjo6YS_gRoLboDePrAB6xo0FPNA3KEItqdnZ_qp_TeptuxRM-r4ptsV1vtqv8qX1OmkZsZZpXYrVuiiTHbCs3WbbNUFQb5OmTeuYJT1fJKuFpssrzZcHrPJVNtmqKqsiammUJdkLpS5zc4SkW5HOxWeerJy0q1D7-68G5wSNEIh3Y8tcn9xzjXg0Hz7JEKx_8TUtQQePzp2ADykjrHMqgz9MJirqy4nkBBqexVpK8MAEaoT0unwann__0HxLXNyzu6b8BAAD__59WTcE">