[llvm-bugs] [Bug 38707] New: SROA can create badly-aligned/misaligned slices

via llvm-bugs llvm-bugs at lists.llvm.org
Sun Aug 26 03:10:18 PDT 2018 

https://bugs.llvm.org/show_bug.cgi?id=38707

            Bug ID: 38707
           Summary: SROA can create badly-aligned/misaligned slices
           Product: libraries
           Version: 7.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Scalar Optimizations
          Assignee: unassignedbugs at nondot.org
          Reporter: arielb1 at mail.tau.ac.il
                CC: llvm-bugs at lists.llvm.org

Created attachment 20770
  --> https://bugs.llvm.org/attachment.cgi?id=20770&action=edit
IR that reproduces the bug

I found a case in which SROA replaces an aligned access to an alloca with an
access to a new alloca that is differently aligned, which e.g. causes crashes
on SPARC (this appears to be the root cause of
https://github.com/rust-lang/rust/issues/53181).

In the attached IR, %_587 is an aligned alloca, and the pre-SROA code goes as
follows

```
  %CrateLint = type { [0 x i8], i8, [11 x i8] }
...
  %_587 = alloca %CrateLint, align 4
...
bb10.i:
  ; %26 is 4 bytes offset into the alloca, and therefore dword-aligned
  %19 = getelementptr inbounds %CrateLint, %CrateLint* %_587, i64 0, i32 2, i64
3
  br label %bb13.i

bb13.i:
  %_14.sroa.0.0.in.in.i = phi i8* [ %21, %bb12.i ], [ %20, %bb11.i ], [ %19,
%bb10.i ]
  %_14.sroa.0.0.in.i = bitcast i8* %_14.sroa.0.0.in.in.i to i32*
  %_14.sroa.0.0.i = load i32, i32* %_14.sroa.0.0.in.i, align 4
  ...
```

This loads `%_14.sroa.0.0.i` from a 4-aligned address. However, SROA generates
the following code:

```
  %_587.sroa.3 = alloca [7 x i8]
bb10.i:                                           ; preds = %start
  %_587.sroa.3.3..sroa_idx = getelementptr inbounds [7 x i8], [7 x i8]*
%_587.sroa.3, i64 0, i64 3
  br label %bb13.i
bb13.i:                                           ; preds = %bb12.i, %bb11.i,
%bb10.i
  %_14.sroa.0.0.in.in.i = phi i8* [ %_587.sroa.6.0..sroa_cast7, %bb12.i ], [
%_587.sroa.6.0..sroa_cast6, %bb11.i ], [ %_587.sroa.3.3..sroa_idx, %bb10.i ]
  ...
  %_14.sroa.0.0.in.i = bitcast i8* %_14.sroa.0.0.in.in.i to i32*
  %_14.sroa.0.0.i = load i32, i32* %_14.sroa.0.0.in.i, align 4
  ...
```

This performs the dword-aligned load out of `%_587.sroa.3.3..sroa_idx`, which
is aligned 3 (mod 4), and therefore definitely not dword-aligned.

Attached the minified reproducing IR (I hope that it doesn't have UB - I can
send the fuller IR if you want, but it is much larger).

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180826/ce5a0166/attachment.html>

More information about the llvm-bugs mailing list