https://bugs.llvm.org/show_bug.cgi?id=34548
Bug ID: 34548
Summary: InstCombine cannot blindly assume that
inttoptr(ptrtoint x) -> x
Product: libraries
Version: trunk
Hardware: All
OS: All
Status: NEW
Keywords: miscompilation
Severity: normal
Priority: P
Component: Scalar Optimizations
Assignee: unassignedb...@nondot.org
Reporter: nunoplo...@sapo.pt
CC: david.majne...@gmail.com, dav...@freebsd.org,
davi...@google.com, dber...@dberlin.org,
efrie...@codeaurora.org, gil....@sf.snu.ac.kr,
hfin...@anl.gov, juneyoung....@sf.snu.ac.kr,
llvm-bugs@lists.llvm.org, reg...@cs.utah.edu,
san...@playingwithpointers.com, w...@google.com
Example of an end-to-end miscompilation by clang of the following code
involving ptrtoint:
$ cat c.c
#include <stdio.h>
void f(int*, int*);
int main()
{
int a=0, y[1], x = 0;
uintptr_t pi = (uintptr_t) &x;
uintptr_t yi = (uintptr_t) (y+1);
uintptr_t n = pi != yi;
if (n) {
a = 100;
pi = yi;
}
if (n) {
a = 100;
pi = (uintptr_t) y;
}
*(int *)pi = 15;
printf("a=%d x=%d\n", a, x);
f(&x,y);
return 0;
}
$ cat b.c
void f(int*x, int*y) {}
$ clang -O2 c.c b.c -o foo
$ ./foo
a=0 x=0
This result is wrong. The two possible outcomes are: a=0 x=15, and a=100 x=0.
The bug is in Instcombine that treats inttoptr(ptrtoint(x)) == x, which is
incorrect. This transformation can only be done if x is dereferenceable for
the accesses through inttoptr.
Compare the following:
clang -O0 -S -emit-llvm -o - c.c | opt -S -sroa
clang -O0 -S -emit-llvm -o - c.c | opt -S -sroa -instcombine
Integer compares are replaces with pointer compares (wrong) and load/stores are
changed from inttoptr to pointers directly (also wrong).
Test case by Gil Hur.
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
