[llvm-bugs] [Bug 51351] New: miscompile due to instcombine

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Aug 4 17:14:57 PDT 2021 

https://bugs.llvm.org/show_bug.cgi?id=51351

            Bug ID: 51351
           Summary: miscompile due to instcombine
           Product: new-bugs
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: regehr at cs.utah.edu
                CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org

this was found by my student Yuyou Fan

regehr at home:~/tmp$ cat reduced.ll 
; ModuleID = 'foo.ll'
source_filename = "foo.ll"

define i32 @src(i64 %x, i32 %nbits) local_unnamed_addr {
  %t0 = zext i32 %nbits to i64
  %t1 = shl i64 -1, %t0
  %t2 = ashr exact i64 %t1, %t0
  %t3 = add i32 %nbits, -33
  %t4 = and i64 %t2, %x
  %t5 = trunc i64 %t4 to i32
  %t6 = shl i32 %t5, %t3
  ret i32 %t6
}
regehr at home:~/tmp$ opt -instcombine reduced.ll -o reduced-opt.ll
regehr at home:~/tmp$ ~/alive2/build/alive-tv reduced.ll reduced-opt.ll 

----------------------------------------
define i32 @src(i64 %x, i32 %nbits) {
%0:
  %t0 = zext i32 %nbits to i64
  %t1 = shl i64 -1, %t0
  %t2 = ashr exact i64 %t1, %t0
  %t3 = add i32 %nbits, 4294967263
  %t4 = and i64 %t2, %x
  %t5 = trunc i64 %t4 to i32
  %t6 = shl i32 %t5, %t3
  ret i32 %t6
}
=>
define i32 @src(i64 %x, i32 %nbits) {
%0:
  %t3 = add i32 %nbits, 4294967263
  %1 = trunc i64 %x to i32
  %2 = shl i32 %1, %t3
  %t6 = and i32 %2, 2147483647
  ret i32 %t6
}
Transformation doesn't verify!

ERROR: Value mismatch

Example:
i64 %x = #x0000000040000000 (1073741824)
i32 %nbits = #x00000022 (34)

Source:
i64 %t0 = #x0000000000000022 (34)
i64 %t1 = #xfffffffc00000000 (18446744056529682432, -17179869184)
i64 %t2 = #xffffffffffffffff (18446744073709551615, -1)
i32 %t3 = #x00000001 (1)
i64 %t4 = #x0000000040000000 (1073741824)
i32 %t5 = #x40000000 (1073741824)
i32 %t6 = #x80000000 (2147483648, -2147483648)

Target:
i32 %t3 = #x00000001 (1)
i32 %1 = #x40000000 (1073741824)
i32 %2 = #x80000000 (2147483648, -2147483648)
i32 %t6 = #x00000000 (0)
Source value: #x80000000 (2147483648, -2147483648)
Target value: #x00000000 (0)

Summary:
  0 correct transformations
  1 incorrect transformations
  0 failed-to-prove transformations
  0 Alive2 errors
regehr at home:~/tmp$

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210805/87673a76/attachment.html>

More information about the llvm-bugs mailing list