<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Feb 29, 2016, at 10:38 AM, Xinliang David Li via llvm-dev <<a href="mailto:llvm-dev@lists.llvm.org" class="">llvm-dev@lists.llvm.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">ok thanks. A more reduced test case can show different behavior between O2 and O0.<div class=""><br class=""></div><div class="">Say we have</div><div class=""><br class=""></div><div class="">unsigned maybe_divide (unsigned *ptr) {</div><div class=""> int flag = false;</div><div class=""> unsigned val = 500/ptr[0];</div><div class=""> if (flag)</div><div class=""> return val;</div><div class=""> return (unsigned)(intptr_t)ptr);</div><div class="">}</div><div class=""><br class=""></div><div class="">int main() {</div><div class=""> unsigned g = 0;</div><div class=""> return maybe_divide(&g);</div><div class="">}</div><div class=""> </div><div class=""><br class=""></div><div class="">At O2, it runs fine, but at O0 it core dumps.</div></div></div></blockquote><div><br class=""></div><div>I believe this program has a divide by zero and is not correct.</div><div>By luck the optimization removes the faulty instruction, which does not mean the program is well formed.</div><div><br class=""></div><div>IMO this is different from Sanjoy's example, where a wrong optimization introduces the error.</div><div><br class=""></div><div>-- </div><div>Mehdi</div><div><br class=""></div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class=""><br class=""></div><div class="">what is the right behavior?</div><div class=""><br class=""></div><div class="">David</div><div class=""><br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Sat, Feb 27, 2016 at 5:21 PM, Sanjoy Das <span dir="ltr" class=""><<a href="mailto:sanjoy@playingwithpointers.com" target="_blank" class="">sanjoy@playingwithpointers.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Sat, Feb 27, 2016 at 4:21 PM, Xinliang David Li <<a href="mailto:xinliangli@gmail.com" class="">xinliangli@gmail.com</a>> wrote:<br class="">
> So in this case, ptr[0] = 10 is propagated into one copy of maybe_devide (in<br class="">
> source a), and ptr[0]=10 in caller_a is DSEed ?<br class="">
<br class="">
</span>`ptr[0] = 10` is not really propagated anywhere. What happens is that<br class="">
`source-a` 's copy of `maybe_divide` gets optimized to a `ret<br class="">
(unsigned) ptr` (after inlining in the body of `always_false`)[1], so<br class="">
it is able to DSE the store `ptr[0] = 10`. But `source-b` s copy of<br class="">
`maybe_divide` still has the load and the division (since it does not<br class="">
have access to `always_false` 's body), so if `caller_a` ends up<br class="">
calling that implementation of `maybe_divide`, we get a `SIGFPE`.<br class="">
<br class="">
[1]: For reference, after inlining `always_false`, the `maybe_divide`<br class="">
becomes<br class="">
<br class="">
unsigned maybe_divide(unsigned *ptr) {<br class="">
unsigned val = 500 / ptr[0]; // dead value<br class="">
if (false)<br class="">
return val;<br class="">
return (unsigned)((intptr_t)ptr);<br class="">
}<br class="">
<span class="HOEnZb"><font color="#888888" class=""><br class="">
-- Sanjoy<br class="">
</font></span></blockquote></div><br class=""></div>
_______________________________________________<br class="">LLVM Developers mailing list<br class=""><a href="mailto:llvm-dev@lists.llvm.org" class="">llvm-dev@lists.llvm.org</a><br class="">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev<br class=""></div></blockquote></div><br class=""></body></html>