<div dir="ltr"><div><div><div><div><div>Hello,<br><br></div>I'm using LLVM to reason about memory safety of programs. One goal is to prove that certain array accesses are always safe.<br><br></div>Currently, one of these proofs fails because of a missing no-signed-wrap (nsw) flag. I found that it has been "lost" during the SimplifyIndVar pass. Here's the example:<br>
<br><span style="font-family:courier new,monospace">int foo(int a[]) {<br> int sum = 0;<br> for (int i = 0; i < 1000; ++i)<br> sum += a[i];<br> return sum;<br>}</span><br><br>// *** IR Dump Before Induction Variable Simplification ***<br>
// for.body: ; preds = %entry, %for.body<br>// %i.05 = phi i32 [ 0, %entry ], [ %inc, %for.body ]<br>// %sum.04 = phi i32 [ 0, %entry ], [ %add, %for.body ]<br>// %idxprom = sext i32 %i.05 to i64<br>
// %arrayidx = getelementptr inbounds i32* %a, i64 %idxprom<br>// %0 = load i32* %arrayidx, align 4, !tbaa !0<br>// %add = add nsw i32 %0, %sum.04<br>// %inc = add nsw i32 %i.05, 1<br>// %cmp = icmp slt i32 %inc, 1000<br>
// br i1 %cmp, label %for.body, label %for.end<br>// *** IR Dump After Induction Variable Simplification ***<br>// for.body: ; preds = %entry, %for.body<br>// %indvars.iv = phi i64 [ 0, %entry ], [ %indvars.iv.next, %for.body ]<br>
// %sum.04 = phi i32 [ 0, %entry ], [ %add, %for.body ]<br>// %arrayidx = getelementptr inbounds i32* %a, i64 %indvars.iv<br>// %0 = load i32* %arrayidx, align 4, !tbaa !0<br>// %add = add nsw i32 %0, %sum.04<br>
// %indvars.iv.next = add i64 %indvars.iv, 1<br>
// %lftr.wideiv = trunc i64 %indvars.iv.next to i32<br>// %exitcond = icmp ne i32 %lftr.wideiv, 1000<br>// br i1 %exitcond, label %for.body, label %for.end<br><br></div>You can see that %inc is transformed into %indvars.iv.next, and the nsw flag is lost in the process.<br>
<br></div>Is this behavior a problem with SimplifyIndVar or is this expected? How easy would it be to change this, and do you have any pointers to where I should have to look?<br><br></div>Cheers,<br>Jonas<br></div>