[PATCH] D77868: [InstSimplify] fold select of bools using bitwise logic
Sanjay Patel via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Apr 13 08:34:33 PDT 2020
spatel added a comment.
In D77868#1974597 <https://reviews.llvm.org/D77868#1974597>, @aqjune wrote:
> I think what @nikic said is correct:
>
> // select Cond, T, false --> Cond & T
> if (match(F, m_ZeroInt()))
> return SimplifyAndInst(Cond, T, Q);
>
>
> If Cond is false and T is poison, the select is constantly false, but `SimplifyAndInst(Cond, T, Q)` can exploit the fact that T is poison regardless of Cond.
>
> To address this, T should not be poison if Cond isn't poison. T = undef is okay, because `undef & false` is false.
I still do not see how this can go wrong in practice. If InstSimplify can prove that T is poison, then doesn't it always manifest that knowledge by saying T is undef?
Looking at it another way (see if you can spot a logic flaw):
1. Assume T is poison.
2. Assume InstSimplify fails to simplify T to undef or constant.
3. For poison T' (either T or some other poisoned value) to leak through as the result, InstSimplify must prove that Cond & T' == T'.
4. So InstSimplify must prove that Cond == true or Cond == T'.
5. If Cond == T', there's no problem (if Cond is poison, the select is poison).
6. Therefore -- for there to be a problem -- we must prove that Cond is true.
7. If we can prove that Cond is true, then that guarantees that value T' can't depend on Cond (nothing depends on Cond - it simplifies to constant true).
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D77868/new/
https://reviews.llvm.org/D77868
More information about the llvm-commits
mailing list