[LLVMdev] BasicAliasAnalysis and out-of-bound GEP indices

Wojciech Matyjewicz wmatyjewicz at fastmail.fm
Tue Nov 13 14:13:16 PST 2007 

Hi!

While investigating into the PR1782 I spent some time analyzing
BasicAliasAnalysis.cpp. While the mentioned problem should be fixed now
(I hope), I have discovered some other possibilities for a bug to occur.

In the case of checking for aliasing of two pointer values, where at
least one of them is a GEP instruction with out-of-bound indices,
BasicAliasAnalysis can return NoAlias, even if the values point the same
memory cell. I'm not sure if it's an error, as out-of-bound indexing can
bring undefined result (as stated in LangRef.html).

Please, take a look at this code (BasicAA results are in comments).
---
target datalayout =
"e-p:32:32:32-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:32:64-f32:32:32-f64:32:64-v64:64:64-v128:128:128-a0:0:64-f80:32:32"

%ty1 = type [2 x [2 x i8]]
%ty2 = type [2 x {i8, [2 x i8]}]

@G = external global %ty1
@H = external global %ty2

; alias(%a, %b, 1, 1) returns NoAlias,
; although they point to the same memory cell
define void @fun1() {
entry:
        %a = getelementptr %ty1* @G, i32 0, i32 1, i32 -2
        %b = bitcast %ty1* @G to i8*
        ret void
}

; alias(%c, %d, 1, 1) returns NoAlias,
; although they may point to the same memory cell (if %x == -2)
define void @fun2(i32 %x) {
entry:
        %c = getelementptr %ty1* @G, i32 0, i32 1, i32 %x
        %d = bitcast %ty1* @G to i8*
        ret void
}

; alias(%e, %f, 1, 1) returns NoAlias,
; although they may point to the same memory cell (if %z == 2)
define void @fun3(i32 %z) {
entry:
        %e = getelementptr %ty2* @H, i32 0, i32 1, i32 0
        %f = getelementptr %ty2* @H, i32 0, i32 0, i32 1, i32 %z
        ret void
}
---

Should we treat this as a bug (I may attempt to prepare a patch then)?.
I suppose these are real corner cases, rather improbable to occur in
real-world programs. However, something similiar (but no so weird) can
be produced from the attached C source. It is a reduced version of
preprocessed ehci-hcd.c file (from Linux kernel; compilation of this
file discovered bug #1782).

--Wojtek
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ehci-hcd-reduced.i
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20071113/f3bdbf58/attachment.ksh>

More information about the llvm-dev mailing list