[LLVMdev] LLVM is doing something a bit weird in this example (which messes up DSA)

John Criswell criswell at illinois.edu
Mon Mar 31 21:29:21 PDT 2014 

On 3/31/14, 6:09 PM, Zvonimir Rakamaric wrote:
> Hi all,
>
> I have yet another DSA-related question :), and I would appreciate
> your help. Actually, the following example generates some interesting
> potential issues in the LLVM IR too.
>
> Here is the example in C:
> #define CAS(x,y,z) __atomic_compare_exchange_n(x,&(y),z,true,0,0)
>
> int main() {
>    int *x = 0;
>    int y = 0;
>    int *z = x;
>    CAS(&z,x,&y); // if (z == x) z = &y;
>    assert(*z == y);
>    return 0;
> }
>
> Now, when compiled into LLVM IR 3.4 (with -mem2reg), an interesting
> thing happens in this LLVM IR excerpt:
>    %1 = bitcast i32** %z to i64*
>    %2 = bitcast i32** %x to i64*
>    %3 = bitcast i32** %.atomictmp to i64*
>    %4 = load i64* %2, align 8
>    %5 = load i64* %3, align 8
>    %6 = cmpxchg i64* %1, i64 %4, i64 %5 monotonic
>
> More specifically, there is this %2 bitcast and the subsequent %4 load
> that effectively turned an i32* pointer value into an i64 integer
> value without using ptrtoint instruction.
> My first question is whether that is even allowed in LLVM IR?
> It feels like ptrtoint gets bypassed somehow, which does not seem right.

I believe this optimization is correct (although it obscures 
source-level types information) on systems for which pointers are 64 
bits in size (e.g., x86_64).


>
> Now, if this LLVM IR code is indeed fine, then we have a problem with
> DSA when it gets to this cmpxchg instruction since DSA then does not
> know that the second and third arguments to cmpxchg are in fact
> pointers. Messy stuff...

Have you looked at the local DSGraphs to verify that DSA is not 
inferring the pointer type for the fields accessed by the cmpxchg? I 
would think that DSA can handle this sort of thing, although I can think 
of two reasons that it may not:

a) It may not properly understand the semantics of the cmpxchg 
instruction.  A quick check into the Local.cpp file could confirm this.

b) DSA may be "losing" the pointer through the bitcast.  I think we've 
modified DSA to not do that, but again, it's possible.

Can you verify that DSA is not inferring a link for offset 0 in %1?

-- John T.

>
> Your help would be greatly appreciated...
>
> Thanks!
>
> Cheers,
> -- Zvonimir
>
> --
> http://zvonimir.info
> http://soarlab.org/
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev

More information about the llvm-dev mailing list