[llvm-bugs] [Bug 36405] New: [polly] Miscompile with missing runtime check for overflowing multiply
via llvm-bugs
llvm-bugs at lists.llvm.org
Thu Feb 15 17:02:20 PST 2018
https://bugs.llvm.org/show_bug.cgi?id=36405
Bug ID: 36405
Summary: [polly] Miscompile with missing runtime check for
overflowing multiply
Product: Polly
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P
Component: Optimizer
Assignee: polly-dev at googlegroups.com
Reporter: efriedma at codeaurora.org
CC: llvm-bugs at lists.llvm.org
Reproduce with "clang a.c -O2 -mllvm -polly -mllvm
-polly-process-unprofitable". Following testcase should print "1"; prints "0"
instead:
#include <stdio.h>
void a(int *y, int a) {
int i = 0;
do {
y[i] += 1;
++i;
} while (i != (int)(((unsigned)a)*2));
}
void (*volatile aa)(int*,int) = a;
int main() {
int x[128] = {};
aa(x, 0x80000002);
printf("%d\n", x[0]); return 0;
}
As far as I can tell, the problem has to do with hasNSWAddRecForLoop: the
infinite loop check overlaps the multiply's overflow check. When we drop the
infinite loop check, we also effectively drop the overflow check because we
intersect the overflow check with the domain.
Zino and I have been trying to figure out if there's some way to save the
hasNSWAddRecForLoop check in some form, but currently we don't have any good
ideas.
For reference, the scop (note in particular the invalid context):
Function: a
Region: %do.body---%do.end
Max Loop Depth: 1
Invariant Accesses: {
}
Context:
[p_0] -> { : -2147483648 <= p_0 <= 2147483647 }
Assumed Context:
[p_0] -> { : }
Invalid Context:
[p_0] -> { : p_0 >= 1073741824 }
p0: %a
Arrays {
i32 MemRef0[*]; // Element size 4
}
Arrays (Bounds as pw_affs) {
i32 MemRef0[*]; // Element size 4
}
Alias Groups (0):
n/a
Statements {
Stmt0
Domain :=
[p_0] -> { Stmt0[i0] : 0 <= i0 < 2p_0 };
Schedule :=
[p_0] -> { Stmt0[i0] -> [i0] };
ReadAccess := [Reduction Type: +] [Scalar: 0]
[p_0] -> { Stmt0[i0] -> MemRef0[i0] };
MustWriteAccess := [Reduction Type: +] [Scalar: 0]
[p_0] -> { Stmt0[i0] -> MemRef0[i0] };
}
:: isl ast :: a :: %do.body---%do.end
[p_0] -> { : -2147483648 <= p_0 <= 2147483647 }
{ domain: "[p_0] -> { Stmt0[i0] : 0 <= i0 < 2p_0 }", child: { schedule: "[p_0]
-> [{ Stmt0[i0] -> [(i0)] }]" } }
if (1 && 0 == p_0 >= 1073741824)
for (int c0 = 0; c0 < 2 * p_0; c0 += 1)
Stmt0(c0);
else
{ /* original code */ }
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180216/40fb9a51/attachment.html>
More information about the llvm-bugs
mailing list