[LLVMdev] extractelement causes memory access violation - what to do?
David Majnemer
david.majnemer at gmail.com
Fri Jun 26 11:07:02 PDT 2015
On Fri, Jun 26, 2015 at 9:38 AM, Philip Reames <listmail at philipreames.com>
wrote:
> On 06/26/2015 08:42 AM, David Majnemer wrote:
>
>
>
> On Fri, Jun 26, 2015 at 7:00 AM, Paweł Bylica <chfast at gmail.com> wrote:
>
>> Hi,
>>
>> Let's have a simple program:
>> define i32 @main(i32 %n, i64 %idx) {
>> %idxSafe = trunc i64 %idx to i5
>> %r = extractelement <4 x i32> <i32 -1, i32 -1, i32 -1, i32 -1>, i64 %idx
>> ret i32 %r
>> }
>>
>> The assembly of that would be:
>> pcmpeqd %xmm0, %xmm0
>> movdqa %xmm0, -24(%rsp)
>> movl -24(%rsp,%rsi,4), %eax
>> retq
>>
>> The language reference states that the extractelement instruction
>> produces undefined value in case the index argument is invalid (our case).
>> But the implementation simply dumps the vector to the stack memory,
>> calculates the memory offset out of the index value and tries to access the
>> memory. That causes the crash.
>>
>> The workaround is to trunc the index value before extractelement (see
>> %idxSafe). But what should be the ultimate solution?
>>
>
> We could fix this by specifying that out of bounds access on an
> extractelement leads to full-on undefined behavior, no need to force
> everyone to eat the cost of a mask.
>
> This seems like the appropriate decision to me. It's closely in line with
> existing practice and assumptions.
>
The only problem that I can see by specifying it this way is that they
cannot be speculatively executed, isSafeToSpeculativelyExecute believes it
is currently safe to do so. I can see why speculating this instruction
might be good. Perhaps we should emit a mask...
>
> Philip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150626/b5a8972f/attachment.html>
More information about the llvm-dev
mailing list