[llvm-bugs] [Bug 51669] New: LoopIdiomRecognize: Overflow in ctlz shifting loop
via llvm-bugs
llvm-bugs at lists.llvm.org
Mon Aug 30 03:21:22 PDT 2021
https://bugs.llvm.org/show_bug.cgi?id=51669
Bug ID: 51669
Summary: LoopIdiomRecognize: Overflow in ctlz shifting loop
Product: libraries
Version: trunk
Hardware: All
OS: All
Status: NEW
Keywords: miscompilation
Severity: enhancement
Priority: P
Component: Loop Optimizer
Assignee: unassignedbugs at nondot.org
Reporter: nunoplopes at sapo.pt
CC: lebedev.ri at gmail.com, llvm-bugs at lists.llvm.org,
zhuhan7737 at gmail.com
Test: Transforms/LoopIdiom/X86/arithmetic-right-shift-until-zero.ll
LoopIdiom creates expressions that overflow and produce incorrect result.
e.g. this instruction:
add nsw i8 %val.numactivebits, %0
overflows and yields poison. Even removing nsw doesn't fix the issue; see
counterexample below.
----------------------------------------
define i8 @p0(i8 %val, i8 %start, i8 %extraoffset) {
%entry:
br label %loop
%loop:
%iv = phi i8 [ %start, %entry ], [ %iv.next, %loop ]
%nbits = add nsw i8 %iv, %extraoffset
%val.shifted = ashr i8 %val, %nbits
%val.shifted.iszero = icmp eq i8 %val.shifted, 0
%iv.next = add i8 %iv, 1
call void @escape_inner(i8 %iv, i8 %nbits, i8 %val.shifted, i1
%val.shifted.iszero, i8 %iv.next)
br i1 %val.shifted.iszero, label %end, label %loop
%end:
%iv.res = phi i8 [ %iv, %loop ]
%nbits.res = phi i8 [ %nbits, %loop ]
%val.shifted.res = phi i8 [ %val.shifted, %loop ]
%val.shifted.iszero.res = phi i1 [ %val.shifted.iszero, %loop ]
%iv.next.res = phi i8 [ %iv.next, %loop ]
call void @escape_outer(i8 %iv.res, i8 %nbits.res, i8 %val.shifted.res, i1
%val.shifted.iszero.res, i8 %iv.next.res)
ret i8 %iv.res
}
=>
define i8 @p0(i8 %val, i8 %start, i8 %extraoffset) {
%entry:
%val.numleadingzeros = ctlz i8 %val, 0
%val.numactivebits = sub nsw nuw i8 8, %val.numleadingzeros
%0 = sub i8 0, %extraoffset
%val.numactivebits.offset = add i8 %val.numactivebits, %0
%iv.final = smax i8 %val.numactivebits.offset, %start
%loop.backedgetakencount = sub nsw i8 %iv.final, %start
%loop.tripcount = add nsw nuw i8 %loop.backedgetakencount, 1
br label %loop
%loop:
%loop.iv = phi i8 [ 0, %entry ], [ %loop.iv.next, %loop ]
%loop.iv.next = add nsw nuw i8 %loop.iv, 1
%loop.ivcheck = icmp eq i8 %loop.iv.next, %loop.tripcount
%iv = add nsw i8 %loop.iv, %start
%nbits = add nsw i8 %iv, %extraoffset
%val.shifted = ashr i8 %val, %nbits
%iv.next = add i8 %iv, 1
call void @escape_inner(i8 %iv, i8 %nbits, i8 %val.shifted, i1 %loop.ivcheck,
i8 %iv.next)
br i1 %loop.ivcheck, label %end, label %loop
%end:
%iv.res = phi i8 [ %iv.final, %loop ]
%nbits.res = phi i8 [ %nbits, %loop ]
%val.shifted.res = phi i8 [ %val.shifted, %loop ]
%val.shifted.iszero.res = phi i1 [ %loop.ivcheck, %loop ]
%iv.next.res = phi i8 [ %iv.next, %loop ]
call void @escape_outer(i8 %iv.res, i8 %nbits.res, i8 %val.shifted.res, i1
%val.shifted.iszero.res, i8 %iv.next.res)
ret i8 %iv.res
}
Transformation doesn't verify!
ERROR: Source is more defined than target
Example:
i8 %val = #x80 (128, -128)
i8 %start = #x78 (120)
i8 %extraoffset = #x88 (136, -120)
Source:
i8 %iv = #x78 (120)
i8 %nbits = #x00 (0)
i8 %val.shifted = #x80 (128, -128)
i1 %val.shifted.iszero = #x0 (0)
i8 %iv.next = #x79 (121)
SOURCE MEMORY STATE
===================
NON-LOCAL BLOCKS:
Block 0 > size: 0 align: 1 alloc type: 0
Block 1 > size: 0 align: 1
Target:
i8 %val.numleadingzeros = #x00 (0)
i8 %val.numactivebits = #x08 (8)
i8 %0 = #x78 (120)
i8 %val.numactivebits.offset = #x80 (128, -128)
i8 %iv.final = #x78 (120)
i8 %loop.backedgetakencount = #x00 (0)
i8 %loop.tripcount = #x01 (1)
i8 %loop.iv = #x00 (0)
i8 %loop.iv.next = #x01 (1)
i1 %loop.ivcheck = #x1 (1)
i8 %iv = #x78 (120)
i8 %nbits = #x00 (0)
i8 %val.shifted = #x80 (128, -128)
i8 %iv.next = #x79 (121)
i8 %iv.res = #x78 (120)
i8 %nbits.res = #x00 (0)
i8 %val.shifted.res = #x80 (128, -128)
i1 %val.shifted.iszero.res = #x1 (1)
i8 %iv.next.res = #x79 (121)
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210830/6183d408/attachment-0001.html>
More information about the llvm-bugs
mailing list