[llvm-bugs] [Bug 44533] New: StraightLineStrengthReduce can introduce UB when optimizing 2-dim array gep

via llvm-bugs llvm-bugs at lists.llvm.org
Mon Jan 13 00:12:20 PST 2020 

https://bugs.llvm.org/show_bug.cgi?id=44533

            Bug ID: 44533
           Summary: StraightLineStrengthReduce can introduce UB when
                    optimizing 2-dim array gep
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Scalar Optimizations
          Assignee: unassignedbugs at nondot.org
          Reporter: juneyoung.lee at sf.snu.ac.kr
                CC: llvm-bugs at lists.llvm.org

Created attachment 23013
  --> https://bugs.llvm.org/attachment.cgi?id=23013&action=edit
Input

```
$ cat slsr-gep.ll 
target datalayout = "e-i64:64-v16:16-v32:32-n16:32:64-p:64:64:64-p1:32:32:32"

define void @f([10 x [5 x i32]]* %input, i64 %s, i64 %t) {
  %p0 = getelementptr inbounds [10 x [5 x i32]], [10 x [5 x i32]]* %input, i64
0, i64 %s, i64 %t
  call void @foo(i32* %p0)

  %s2 = shl nsw i64 %s, 1
  %p1 = getelementptr inbounds [10 x [5 x i32]], [10 x [5 x i32]]* %input, i64
0, i64 %s2, i64 %t
  call void @foo(i32* %p1)

  ret void
}

declare void @foo(i32*)

$ opt -slsr -S -o - slsr-gep.ll
; ModuleID = 'slsr-gep.ll'
target datalayout = "e-i64:64-v16:16-v32:32-n16:32:64-p:64:64:64-p1:32:32:32"
define void @f([10 x [5 x i32]]* %input, i64 %s, i64 %t) {
  %p0 = getelementptr inbounds [10 x [5 x i32]], [10 x [5 x i32]]* %input, i64
0, i64 %s, i64 %t
  call void @foo(i32* %p0)
  %1 = mul i64 %s, 5
  %p1 = getelementptr inbounds i32, i32* %p0, i64 %1
  call void @foo(i32* %p1)
  ret void
}
declare void @foo(i32*)
```

(the test excerpted from Transforms/StraightLineStrengthReduce/slsr-gep.ll)

This is incorrect when input[s][t] is not inbounds but input[s2][t] is
inbounds.
For example, if s = 1, s2 = 2, and t = -6, it can happen.
After optimization, %p1 becomes poison.

One possible solution for this is to allow the transformation when %s and %t
have a same sign bit. Will this solution be effective enough?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200113/ac9014eb/attachment.html>

More information about the llvm-bugs mailing list