[LLVMdev] extractelement causes memory access violation - what to do?

Paweł Bylica chfast at gmail.com
Tue Jun 30 03:42:24 PDT 2015


On Fri, Jun 26, 2015 at 5:42 PM David Majnemer <david.majnemer at gmail.com>
wrote:

> On Fri, Jun 26, 2015 at 7:00 AM, Paweł Bylica <chfast at gmail.com> wrote:
>
>> Hi,
>>
>> Let's have a simple program:
>> define i32 @main(i32 %n, i64 %idx) {
>>   %idxSafe = trunc i64 %idx to i5
>>   %r = extractelement <4 x i32> <i32 -1, i32 -1, i32 -1, i32 -1>, i64 %idx
>>   ret i32 %r
>> }
>>
>> The assembly of that would be:
>> pcmpeqd %xmm0, %xmm0
>> movdqa %xmm0, -24(%rsp)
>> movl -24(%rsp,%rsi,4), %eax
>> retq
>>
>> The language reference states that the extractelement instruction
>> produces undefined value in case the index argument is invalid (our case).
>> But the implementation simply dumps the vector to the stack memory,
>> calculates the memory offset out of the index value and tries to access the
>> memory. That causes the crash.
>>
>> The workaround is to trunc the index value before extractelement (see
>> %idxSafe). But what should be the ultimate solution?
>>
>
> We could fix this by specifying that out of bounds access on an
> extractelement leads to full-on undefined behavior, no need to force
> everyone to eat the cost of a mask.
>

I don't have preference for any of the solutions.

I have a side question. It is not stated explicitly in the reference but I
would assume the index of extractelement is processed as an unsigned value.
However, the DAG Builder extends the index with sext. Is it correct?

- PB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150630/d2334fe2/attachment.html>


More information about the llvm-dev mailing list