<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 06/26/2015 08:42 AM, David Majnemer
wrote:<br>
</div>
<blockquote
cite="mid:CAL7bZ_efK0Mi+Gn8E8R-sgt6BmCnjGAjaQeMO32qQU=wz4Q11A@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Jun 26, 2015 at 7:00 AM,
Paweł Bylica <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:chfast@gmail.com" target="_blank">chfast@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi,
<div><br>
</div>
<div>Let's have a simple program:</div>
<div>
<div>define i32 @main(i32 %n, i64 %idx) {</div>
<div> %idxSafe = trunc i64 %idx to i5</div>
<div> %r = extractelement <4 x i32> <i32 -1,
i32 -1, i32 -1, i32 -1>, i64 %idx</div>
<div> ret i32 %r</div>
<div>}</div>
</div>
<div><br>
</div>
<div>The assembly of that would be:</div>
<div>
<div><span style="white-space:pre-wrap"> </span>pcmpeqd<span
style="white-space:pre-wrap"> </span>%xmm0, %xmm0</div>
<div><span style="white-space:pre-wrap"> </span>movdqa<span
style="white-space:pre-wrap"> </span>%xmm0,
-24(%rsp)</div>
<div><span style="white-space:pre-wrap"> </span>movl<span
style="white-space:pre-wrap"> </span>-24(%rsp,%rsi,4),
%eax</div>
<div><span style="white-space:pre-wrap"> </span>retq</div>
</div>
<div><br>
</div>
<div>The language reference states that the
extractelement instruction produces undefined value in
case the index argument is invalid (our case). But the
implementation simply dumps the vector to the stack
memory, calculates the memory offset out of the index
value and tries to access the memory. That causes the
crash.</div>
<div><br>
</div>
<div>The workaround is to trunc the index value before
extractelement (see %idxSafe). But what should be the
ultimate solution?</div>
</div>
</blockquote>
<div><br>
</div>
<div>We could fix this by specifying that out of bounds
access on an extractelement leads to full-on undefined
behavior, no need to force everyone to eat the cost of a
mask.<br>
</div>
</div>
</div>
</div>
</blockquote>
This seems like the appropriate decision to me. It's closely in
line with existing practice and assumptions. <br>
<br>
Philip<br>
</body>
</html>