wrong code at -O1 and above on x86_64-linux-gnu #50469
Comments
|
From Compiler Explorer: https://godbolt.org/z/nMz5Pne4s |
|
A slightly different test that is miscompiled at -O1 and above: [512] % clangtk -O0 small.c; ./a.out |
|
Bisects to commit |
That looks like a misleading bisection. https://godbolt.org/z/xcanbhv3v |
|
I reduced that slightly (unused phi instruction) and committed a test for this bug here: We have extended the functionality of FoldBranchToCommonDest() to allow extra instructions (there are some stale function comments that should be updated), but I don't know what the best fix for this bug will be. As noted in the test comment, we are updating the phi in the successor with a value from the new/updated block, but that's wrong for a load of memory that might have been over-written. cc'ing Roman and Nikita in case they can see an obvious fix. |
|
Possibly this will do? I don't think we should be rewriting uses of bonus instructions in the same block. diff --git a/llvm/lib/Transforms/Utils/SimplifyCFG.cpp b/llvm/lib/Transforms/Utils/SimplifyCFG.cpp
|
We might want to do that (no test regressions AFAICT), but no, that doesn't appear to fix the bug in the reduced IR, and it doesn't change the miscompile in the C example in the description. We're still using the new loaded value in the successor phi, and that's still wrong because we stored a different value there before the load. |
|
Oh right, I completely misunderstood what the problem here is. |
|
I think we need to do something stronger when checking if we can do this fold at all. I don't know if there's a better way to phrase it, but I have this so far: diff --git a/llvm/lib/Transforms/Utils/SimplifyCFG.cpp b/llvm/lib/Transforms/Utils/SimplifyCFG.cpp
|
|
We just need to make the SSA flow explicit via PHI nodes,
I don't think this makes sense. |
I've been staring at the SSAUpdater API, but I'm not seeing it. Do you want to have a try at implementing that? |
|
|
Fixed in 78af5cb, thanks. |
|
*** Bug llvm/llvm-bugzilla-archive#51385 has been marked as a duplicate of this bug. *** |
|
Forgot to actually stage the test change after precommitting it, |
|
Note that the fix has been reverted, i'm not sure what the right fix is, |
|
We're hitting the issue trying to qualify a new Clang too. Is there a conservative fix, somewhere between doing the right thing and completely disabling the function? Sanjay's patch looks like a heavy hammer, but not actively wrong to me. |
|
We don't have much time before the 13.0.0. How can we fix this in the release/13.x branch? |
I've committed 909cba9 which retains |
|
Merged: 84a3be8 |
|
mentioned in issue llvm/llvm-bugzilla-archive#51385 |
|
mentioned in issue #51489 |
Extended Description
[505] % clangtk -v
clang version 13.0.0 (https:/llvm/llvm-project.git 5df4849)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /local/suz-local/opfuzz/bin
Found candidate GCC installation: /usr/lib/gcc/i686-linux-gnu/8
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7.5.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/8
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/7.5.0
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Candidate multilib: x32;@MX32
Selected multilib: .;@m64
[506] %
[506] % clangtk -O0 small.c; ./a.out
1
[507] % clangtk -O1 small.c
[508] % ./a.out
-1
[509] % cat small.c
int printf(const char *, ...);
int a = 1, b;
int main() {
L:
b = a;
if (a) {
unsigned c = a;
a = -1;
if (a == c)
goto L;
}
printf("%d\n", b);
return 0;
}
The text was updated successfully, but these errors were encountered: