[llvm-bugs] [Bug 47612] New: SROA passes wrong AA info on memtransfer

Tue Sep 22 09:45:31 PDT 2020

https://bugs.llvm.org/show_bug.cgi?id=47612

            Bug ID: 47612
           Summary: SROA passes wrong AA info on memtransfer
           Product: libraries
           Version: trunk
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: Scalar Optimizations
          Assignee: unassignedbugs at nondot.org
          Reporter: wmoses at mit.edu
                CC: llvm-bugs at lists.llvm.org

Consider the following LLVM IR that copies a struct {double, i32} %wishart to
%tmp, then loads the individual values. The memcpy itself has a !tbaa.struct
showing a {double, i32}. Running SROA will eliminate the memcpy, but leave the
resultant loads with !tbaa.struct metadata to the original {double, i32} rather
than the corresponding double or i32.

Looking at the source of SROA.cpp it indeed directly copies that AA metadata
from the memcpy to the resultant load, rather than using the correct metadata
for that offset. This appears to also impact a number of prior LLVM versions as
well including LLVM 10 and 11.

Input code:
```
; ModuleID = 'bad.ll'
source_filename = "bad.ll"
target datalayout =
"e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"

%struct.Wishart = type { double, i32 }

declare dso_local double @subcall(double %g, i32 %m)

define dso_local double @_Z17log_wishart_priorP7Wishart(%struct.Wishart*
%wishart) {
entry:
  %tmp = alloca %struct.Wishart, align 8
  %tmpaddr = bitcast %struct.Wishart* %tmp to i8*
  %waddr = bitcast %struct.Wishart* %wishart to i8*
  call void @llvm.memcpy.p0i8.p0i8.i64(i8* align 8 %tmpaddr, i8* align 8
%waddr, i64 16, i1 false), !tbaa.struct !2
  %gamma = getelementptr inbounds %struct.Wishart, %struct.Wishart* %tmp, i32
0, i32 0
  %lg = load double, double* %gamma, align 8, !tbaa !4
  %m = getelementptr inbounds %struct.Wishart, %struct.Wishart* %tmp, i32 0,
i32 1
  %lm = load i32, i32* %m, align 8, !tbaa !8
  %call = call double @subcall(double %lg, i32 %lm)
  ret double %call
}

declare void @llvm.memcpy.p0i8.p0i8.i64(i8* noalias nocapture writeonly, i8*
noalias nocapture readonly, i64, i1 immarg)

!llvm.module.flags = !{!0}
!llvm.ident = !{!1}

!0 = !{i32 1, !"wchar_size", i32 4}
!1 = !{!"clang version 11.0.0 (git at github.com:llvm/llvm-project
b78e5de029c26c309f541ab883fa5d6d953b073d)"}
!2 = !{i64 0, i64 8, !3, i64 8, i64 4, !7}
!3 = !{!4, !4, i64 0}
!4 = !{!"double", !5, i64 0}
!5 = !{!"omnipotent char", !6, i64 0}
!6 = !{!"Simple C++ TBAA"}
!7 = !{!8, !8, i64 0}
!8 = !{!"int", !5, i64 0}
```

```
; opt bad.ll -sroa -S 
define dso_local double @_Z17log_wishart_priorP7Wishart(%struct.Wishart*
%wishart) {
entry:
  %waddr = bitcast %struct.Wishart* %wishart to i8*
  %tmp.sroa.0.0.waddr.sroa_idx = getelementptr inbounds %struct.Wishart,
%struct.Wishart* %wishart, i64 0, i32 0
  %tmp.sroa.0.0.copyloadmoo = load double, double*
%tmp.sroa.0.0.waddr.sroa_idx, align 8, !tbaa.struct !2
  %tmp.sroa.2.0.waddr.sroa_idx1 = getelementptr inbounds %struct.Wishart,
%struct.Wishart* %wishart, i64 0, i32 1
  %tmp.sroa.2.0.copyload = load i32, i32* %tmp.sroa.2.0.waddr.sroa_idx1, align
8, !tbaa.struct !2
  %tmp.sroa.3.0.waddr.sroa_idx = getelementptr inbounds i8, i8* %waddr, i64 12
  %tmp.sroa.3.0.waddr.sroa_cast = bitcast i8* %tmp.sroa.3.0.waddr.sroa_idx to
i32*
  %tmp.sroa.3.0.copyload = load i32, i32* %tmp.sroa.3.0.waddr.sroa_cast, align
4, !tbaa.struct !2
  %call = call double @subcall(double %tmp.sroa.0.0.copyload, i32
%tmp.sroa.2.0.copyload)
  ret double %call
}

!llvm.module.flags = !{!0}
!llvm.ident = !{!1}

!0 = !{i32 1, !"wchar_size", i32 4}
!1 = !{!"clang version 11.0.0 (git at github.com:llvm/llvm-project
b78e5de029c26c309f541ab883fa5d6d953b073d)"}
!2 = !{i64 0, i64 8, !3, i64 8, i64 4, !7}
!3 = !{!4, !4, i64 0}
!4 = !{!"double", !5, i64 0}
!5 = !{!"omnipotent char", !6, i64 0}
!6 = !{!"Simple C++ TBAA"}
!7 = !{!8, !8, i64 0}
!8 = !{!"int", !5, i64 0}
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200922/da1e6646/attachment-0001.html>