Skip to content

[SDAG] Miscompile at O3 #128309

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dtcxzyw opened this issue Feb 22, 2025 · 3 comments · Fixed by #128353
Closed

[SDAG] Miscompile at O3 #128309

dtcxzyw opened this issue Feb 22, 2025 · 3 comments · Fixed by #128353
Assignees
@dtcxzyw
Labels
backend:X86 generated by fuzzer miscompilation

Comments

@dtcxzyw
Copy link
Member

dtcxzyw commented Feb 22, 2025

Reproducer:

target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-i128:128-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"

@b = dso_local local_unnamed_addr global i64 4073709551615, align 8
@c = dso_local global i8 0, align 1
@e = dso_local local_unnamed_addr global ptr @c, align 8
@.str = private unnamed_addr constant [4 x i8] c"%d\0A\00", align 1

define i32 @main() {
entry:
  %0 = load ptr, ptr @e, align 8
  %1 = load i8, ptr %0, align 1
  %tobool.not.i = icmp eq i8 %1, 0
  %2 = load i64, ptr @b, align 8
  %and.i = shl i64 %2, 48
  %sub.i.i = and i64 %and.i, 5098637728136822784
  %sext.i = add i64 %sub.i.i, 1688849860263936
  %conv3.i = lshr i64 %sext.i, 48
  %and4.i = and i64 %conv3.i, %2
  %conv = trunc i64 %and4.i to i32
  %call1 = tail call i32 (ptr, ...) @printf(ptr noundef nonnull dereferenceable(1) @.str, i32 noundef %conv)
  ret i32 0
}

declare noundef i32 @printf(ptr noundef readonly captures(none), ...)

> ./bin/lli test.ll
2080507592
> ./bin/lli -fast-isel test.ll
1736
> ./llubi --max-steps 1000000 test.ll
1736
@dtcxzyw dtcxzyw added llvm:SelectionDAG SelectionDAGISel as well miscompilation labels Feb 22, 2025
@dtcxzyw dtcxzyw self-assigned this Feb 22, 2025
@dtcxzyw
Copy link
Member Author

dtcxzyw commented Feb 22, 2025

Reduced:

define i64 @test(i64 %x) {
entry:
  %shl = shl i64 %x, 48
  %and = and i64 %shl, 5098637728136822784
  %add = add i64 %and, 1688849860263936
  %lshr = lshr i64 %add, 48
  %res = and i64 %lshr, %x
  ret i64 %res
}

test:
        movl    %edi, %eax
        andl    $18114, %eax                    # imm = 0x46C2
        addl    $-65530, %eax                   # imm = 0xFFFF0006
        andl    %edi, %eax
        retq

@llvmbot
Copy link
Member

llvmbot commented Feb 22, 2025

@llvm/issue-subscribers-backend-x86

Author: Yingwei Zheng (dtcxzyw)

Reproducer: ``` target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-i128:128-f80:128-n8:16:32:64-S128" target triple = "x86_64-unknown-linux-gnu"

@b = dso_local local_unnamed_addr global i64 4073709551615, align 8
@c = dso_local global i8 0, align 1
@e = dso_local local_unnamed_addr global ptr @c, align 8
@.str = private unnamed_addr constant [4 x i8] c"%d\0A\00", align 1

define i32 @main() {
entry:
%0 = load ptr, ptr @e, align 8
%1 = load i8, ptr %0, align 1
%tobool.not.i = icmp eq i8 %1, 0
%2 = load i64, ptr @b, align 8
%and.i = shl i64 %2, 48
%sub.i.i = and i64 %and.i, 5098637728136822784
%sext.i = add i64 %sub.i.i, 1688849860263936
%conv3.i = lshr i64 %sext.i, 48
%and4.i = and i64 %conv3.i, %2
%conv = trunc i64 %and4.i to i32
%call1 = tail call i32 (ptr, ...) @printf(ptr noundef nonnull dereferenceable(1) @.str, i32 noundef %conv)
ret i32 0
}

declare noundef i32 @printf(ptr noundef readonly captures(none), ...)

> ./bin/lli test.ll
2080507592
> ./bin/lli -fast-isel test.ll
1736
> ./llubi --max-steps 1000000 test.ll
1736

</details>

@dtcxzyw
Copy link
Member Author

dtcxzyw commented Feb 22, 2025
edited
Loading

Caused by #126448.

@dtcxzyw dtcxzyw mentioned this issue Feb 22, 2025
Merged
@EugeneZelenko EugeneZelenko removed the llvm:SelectionDAG SelectionDAGISel as well label Feb 22, 2025
dtcxzyw added a commit that referenced this issue Feb 23, 2025
@dtcxzyw
[DAGCombiner][X86] Correctly clean up high bits in `combinei64TruncSr…
dbd219a 
…lAdd` (#128353)

A counterexample for original implementation:
https://alive2.llvm.org/ce/z/7ieYLg
This patch uses zext instead of anyext to fix the original issue.
BTW, we should keep low `64 - shamt` bits instead of `shamt - 32`:
https://alive2.llvm.org/ce/z/ruQP_Z
Some codes are simplified to avoid confusion.
Proof: https://alive2.llvm.org/ce/z/z_jdHD

Closes #128309.
llvm-sync bot pushed a commit to arm/arm-toolchain that referenced this issue Feb 23, 2025
@dtcxzyw @github-actions
Automerge: [DAGCombiner][X86] Correctly clean up high bits in `combin…
b4ffed1 
…ei64TruncSrlAdd` (#128353)

A counterexample for original implementation:
https://alive2.llvm.org/ce/z/7ieYLg
This patch uses zext instead of anyext to fix the original issue.
BTW, we should keep low `64 - shamt` bits instead of `shamt - 32`:
https://alive2.llvm.org/ce/z/ruQP_Z
Some codes are simplified to avoid confusion.
Proof: https://alive2.llvm.org/ce/z/z_jdHD

Closes llvm/llvm-project#128309.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dtcxzyw dtcxzyw

Labels
backend:X86 generated by fuzzer miscompilation
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[DAGCombiner][X86] Correctly clean up high bits in combinei64TruncSrlAdd dtcxzyw/llvm-project
3 participants
@EugeneZelenko @dtcxzyw @llvmbot