[llvm-bugs] [Bug 49875] New: Miscompile with LoopLoadElim due to wrong store forwarding

via llvm-bugs llvm-bugs at lists.llvm.org
Tue Apr 6 22:41:47 PDT 2021 

https://bugs.llvm.org/show_bug.cgi?id=49875

            Bug ID: 49875
           Summary: Miscompile with LoopLoadElim due to wrong store
                    forwarding
           Product: new-bugs
           Version: trunk
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: max.kazantsev at azul.com
                CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org

Run: opt  -loop-load-elim -S on the following test:

----------------------------------------------------------
define void @test(i32** %arg) {
bb:
  %tmp = load i32*, i32** %arg, align 8
  br label %bb1

bb1:                                              ; preds = %bb1, %bb
  %tmp2 = phi i64 [ %tmp7, %bb1 ], [ 1, %bb ]
  %tmp3 = add nsw i64 %tmp2, -1
  %tmp4 = getelementptr i32, i32* %tmp, i64 %tmp3
  %tmp5 = load i32, i32* %tmp4, align 4
  %tmp6 = getelementptr i32, i32* %tmp, i64 %tmp2
  store i32 %tmp5, i32* %tmp6, align 4
  %tmp7 = add nuw nsw i64 %tmp2, 1
  %tmp8 = icmp ugt i64 %tmp2, 2
  br i1 %tmp8, label %bb9, label %bb1

bb9:                                              ; preds = %bb1
  ret void
}
----------------------------------------------------------

The result will be like:
----------------------------------------------------------
define void @test(i32** %arg) {
bb:
  %tmp = load i32*, i32** %arg, align 8
  %load_initial = load i32, i32* %tmp, align 4
  br label %bb1

bb1:                                              ; preds = %bb1, %bb
  %store_forwarded = phi i32 [ %load_initial, %bb ], [ %store_forwarded, %bb1 ]
  %tmp2 = phi i64 [ %tmp7, %bb1 ], [ 1, %bb ]
  %tmp3 = add nsw i64 %tmp2, -1
  %tmp4 = getelementptr i32, i32* %tmp, i64 %tmp3
  %tmp5 = load i32, i32* %tmp4, align 4
  %tmp6 = getelementptr i32, i32* %tmp, i64 %tmp2
  store i32 %store_forwarded, i32* %tmp6, align 4
  %tmp7 = add nuw nsw i64 %tmp2, 1
  %tmp8 = icmp ugt i64 %tmp2, 2
  br i1 %tmp8, label %bb9, label %bb1

bb9:                                              ; preds = %bb1
  ret void
}

----------------------------------------------------------

This is a miscompile for the following reason: in the initial example we were
making something like arr[i] = arr[i - 1], and each stored value was different
(it was loaded from memory by inductive offset). After the transform, the
stored value %store_forwarded does not change.

It looks like a messy update of backedge value for %store_forwarded.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210407/b734a74a/attachment.html>

More information about the llvm-bugs mailing list