
<html>

  <head>

    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">On 06/26/2015 08:42 AM, David Majnemer

      wrote:<br>

    </div>

    <blockquote

cite="mid:CAL7bZ_efK0Mi+Gn8E8R-sgt6BmCnjGAjaQeMO32qQU=wz4Q11A@mail.gmail.com"

      type="cite">

      <div dir="ltr"><br>

        <div class="gmail_extra"><br>

          <div class="gmail_quote">On Fri, Jun 26, 2015 at 7:00 AM,

            Paweł Bylica <span dir="ltr"><<a moz-do-not-send="true"

                href="mailto:chfast@gmail.com" target="_blank">chfast@gmail.com</a>></span>

            wrote:<br>

            <blockquote class="gmail_quote" style="margin:0 0 0

              .8ex;border-left:1px #ccc solid;padding-left:1ex">

              <div dir="ltr">Hi,

                <div><br>

                </div>

                <div>Let's have a simple program:</div>

                <div>

                  <div>define i32 @main(i32 %n, i64 %idx) {</div>

                  <div>  %idxSafe = trunc i64 %idx to i5</div>

                  <div>  %r = extractelement <4 x i32> <i32 -1,

                    i32 -1, i32 -1, i32 -1>, i64 %idx</div>

                  <div>  ret i32 %r</div>

                  <div>}</div>

                </div>

                <div><br>

                </div>

                <div>The assembly of that would be:</div>

                <div>

                  <div><span style="white-space:pre-wrap"> </span>pcmpeqd<span

                      style="white-space:pre-wrap"> </span>%xmm0, %xmm0</div>

                  <div><span style="white-space:pre-wrap"> </span>movdqa<span

                      style="white-space:pre-wrap"> </span>%xmm0,

                    -24(%rsp)</div>

                  <div><span style="white-space:pre-wrap"> </span>movl<span

                      style="white-space:pre-wrap"> </span>-24(%rsp,%rsi,4),

                    %eax</div>

                  <div><span style="white-space:pre-wrap"> </span>retq</div>

                </div>

                <div><br>

                </div>

                <div>The language reference states that the

                  extractelement instruction produces undefined value in

                  case the index argument is invalid (our case). But the

                  implementation simply dumps the vector to the stack

                  memory, calculates the memory offset out of the index

                  value and tries to access the memory. That causes the

                  crash.</div>

                <div><br>

                </div>

                <div>The workaround is to trunc the index value before

                  extractelement (see %idxSafe). But what should be the

                  ultimate solution?</div>

              </div>

            </blockquote>

            <div><br>

            </div>

            <div>We could fix this by specifying that out of bounds

              access on an extractelement leads to full-on undefined

              behavior, no need to force everyone to eat the cost of a

              mask.<br>

            </div>

          </div>

        </div>

      </div>

    </blockquote>

    This seems like the appropriate decision to me.  It's closely in

    line with existing practice and assumptions.  <br>

    <br>

    Philip<br>

  </body>

</html>