[PATCH] D97665: [InstSimplify] Don't fold comparisons of non-inbounds GEPs
Nikita Popov via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Mar 4 01:30:29 PST 2021
nikic added a comment.
In D97665#2601852 <https://reviews.llvm.org/D97665#2601852>, @aqjune wrote:
> I don't have a clear model for the semantics of pointer comparison ATM; Pointer comparison *sometimes* needs to take provenance into consideration because LLVM folds `p1 == p2` where p1 and p2 are pointing to two different zero-size objects having the same address into false.
> Also, considering provenance into account allows aggressively folding pointer comparisons. It isn't clear how *frequently* the provenance should be considered.
>
> But, I'm rather curious about how the miscompilation happened from this optimization. A gep with such offset isn't common, unless a programmer writes a code that subtracts a pointer from null (which is already fishy)?
> It would be great if I can see the input that causes miscompilation.
I'm not sure why zig generates this code, but the context here is https://github.com/ziglang/zig/issues/6408. The issue was exposed by D93820 <https://reviews.llvm.org/D93820>, as we previously simply folded away the GEP to null, losing provenance.
My understanding was that the current resolution on pointer comparison issues is that pointer comparison is value-only, and provenance-losing equality replacements in GVN are what we consider incorrect. But I haven't followed all the discussions.
The original case here was actually not "gep == null", but "ptrtoint gep == 0", in which case it's obviously a pure value comparison, but InstSimplify looks through that. Do you think that's the real issue?
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D97665/new/
https://reviews.llvm.org/D97665
More information about the llvm-commits
mailing list