This is an archive of the discontinued LLVM Phabricator instance.

Differential D21417

Fix Side-Conditions in SimplifyCFG for Creating Switches from InstCombine And Mask'd Comparisons
ClosedPublic

Authored by tjablin on Jun 15 2016, 3:52 PM.

Details

Reviewers
chandlerc
majnemer
cycheng
hfinkel
Summary

This is just the correctness fix from D21397.

SimplifyCFG is able to detect the pattern:

(i == 5334 || i == 5335)

to:

((i & -2) == 5334)

This transformation has some incorrect side conditions. Specifically, the transformation is only applied when the right-hand side constant (5334 in the example) is a power of two not equal and not equal to the negated mask. These side conditions were added in r258904 to fix PR26323. The correct side condition is that: ((Constant & Mask) == Constant)[(5334 & -2) == 5334].

It's a little bit hard to see why these transformations are correct and what the side conditions ought to be. Here is a CVC3 program to verify them for 64-bit values:

ONE  : BITVECTOR(64) = BVZEROEXTEND(0bin1, 63);
x    : BITVECTOR(64);
y    : BITVECTOR(64);
z    : BITVECTOR(64);
mask : BITVECTOR(64) = BVSHL(ONE, z);
QUERY( (y & ~mask = y) =>
       ((x & ~mask = y) <=> (x = y OR x = (y |  mask)))
);

Please note that each pattern must be a dual implication (<--> or iff). One directional implication can create spurious matches. If the implication is only one-way, an unsatisfiable condition on the left side can imply a satisfiable condition on the right side. Dual implication ensures that satisfiable conditions are transformed to other satisfiable conditions and unsatisfiable conditions are transformed to other unsatisfiable conditions.

Here is a concrete example of a unsatisfiable condition on the left implying a satisfiable condition on the right:
mask = (1 << z)
(x & ~mask) == y --> (x == y || x == (y | mask))

Substituting y = 3, z = 0 yields:
(x & -2) == 3 --> (x == 3 || x == 2)

The version of this code before r258904 had no side-conditions and incorrectly justified itself in comments through one-directional implication.

Diff Detail

Event Timeline

tjablin updated this revision to Diff 60924.Jun 15 2016, 3:52 PM
tjablin retitled this revision from to Fix Side-Conditions in SimplifyCFG for Creating Switches from InstCombine And Mask'd Comparisons.
tjablin updated this object.
tjablin added reviewers: chandlerc, cycheng, hfinkel, majnemer.
tjablin added a subscriber: llvm-commits.
chandlerc edited edge metadata.Jun 15 2016, 4:04 PM

(i'd love for David to handle the review here, he's much more familiar with using theorem provers to document the correctness here)

majnemer accepted this revision.Jun 15 2016, 4:40 PM
majnemer edited edge metadata.

LGTM

lib/Transforms/Utils/SimplifyCFG.cpp
475–476

Could we use m_APInt here?

This revision is now accepted and ready to land.Jun 15 2016, 4:40 PM
tjablin added inline comments.Jun 15 2016, 6:40 PM
lib/Transforms/Utils/SimplifyCFG.cpp
475–476

Yes. After this is committed, I will prepare an NFC patch with the changes you requested.

cycheng closed this revision.Jun 16 2016, 1:45 AM
cycheng edited edge metadata.

Committed r272873 (On behalf of Tom)

Revision Contents

PathSize
lib/
Transforms/
Utils/
47 lines
test/
Transforms/
SimplifyCFG/
40 lines

Diff 60924

lib/Transforms/Utils/SimplifyCFG.cpp

Show First 20 LinesShow All 425 Lines▼ Show 20 Lines bool matchInstruction(Instruction *I, bool isEQ) {
if (!((ICI = dyn_cast<ICmpInst>(I)) && if (!((ICI = dyn_cast<ICmpInst>(I)) &&
(C = GetConstantInt(I->getOperand(1), DL)))) { (C = GetConstantInt(I->getOperand(1), DL)))) {
return false; return false;
} }
Value *RHSVal; Value *RHSVal;
ConstantInt *RHSC; ConstantInt *RHSC;
// Pattern match a special case
// (x & ~2^z) == y --> x == y || x == y|2^z
// This undoes a transformation done by instcombine to fuse 2 compares. // This undoes a transformation done by instcombine to fuse 2 compares.
if (ICI->getPredicate() == (isEQ ? ICmpInst::ICMP_EQ:ICmpInst::ICMP_NE)) { if (ICI->getPredicate() == (isEQ ? ICmpInst::ICMP_EQ:ICmpInst::ICMP_NE)) {
// It's a little bit hard to see why the following transformations are
// correct. Here is a CVC3 program to verify them for 64-bit values:
/*
ONE : BITVECTOR(64) = BVZEROEXTEND(0bin1, 63);
x : BITVECTOR(64);
y : BITVECTOR(64);
z : BITVECTOR(64);
mask : BITVECTOR(64) = BVSHL(ONE, z);
QUERY( (y & ~mask = y) =>
((x & ~mask = y) <=> (x = y OR x = (y | mask)))
);
*/
// Please note that each pattern must be a dual implication (<--> or
// iff). One directional implication can create spurious matches. If the
// implication is only one-way, an unsatisfiable condition on the left
// side can imply a satisfiable condition on the right side. Dual
// implication ensures that satisfiable conditions are transformed to
// other satisfiable conditions and unsatisfiable conditions are
// transformed to other unsatisfiable conditions.
// Here is a concrete example of a unsatisfiable condition on the left
// implying a satisfiable condition on the right:
//
// mask = (1 << z)
// (x & ~mask) == y --> (x == y || x == (y | mask))
//
// Substituting y = 3, z = 0 yields:
// (x & -2) == 3 --> (x == 3 || x == 2)
// Pattern match a special case:
/*
QUERY( (y & ~mask = y) =>
((x & ~mask = y) <=> (x = y OR x = (y | mask)))
);
*/
if (match(ICI->getOperand(0), if (match(ICI->getOperand(0),
m_And(m_Value(RHSVal), m_ConstantInt(RHSC)))) { m_And(m_Value(RHSVal), m_ConstantInt(RHSC)))) {
APInt Not = ~RHSC->getValue(); APInt Mask = ~RHSC->getValue();
majnemerUnsubmitted
Not Done
ReplyInline Actions

Could we use m_APInt here?

majnemer: Could we use `m_APInt` here?
tjablinAuthorUnsubmitted
Not Done
ReplyInline Actions

Yes. After this is committed, I will prepare an NFC patch with the changes you requested.

tjablin: Yes. After this is committed, I will prepare an NFC patch with the changes you requested.
if (Not.isPowerOf2() && C->getValue().isPowerOf2() && if (Mask.isPowerOf2() && (C->getValue() & ~Mask) == C->getValue()) {
Not != C->getValue()) {
// If we already have a value for the switch, it has to match! // If we already have a value for the switch, it has to match!
if(!setValueOnce(RHSVal)) if(!setValueOnce(RHSVal))
return false; return false;
Vals.push_back(C); Vals.push_back(C);
Vals.push_back(ConstantInt::get(C->getContext(), Vals.push_back(ConstantInt::get(C->getContext(),
C->getValue() | Not)); C->getValue() | Mask));
UsedICmps++; UsedICmps++;
return true; return true;
} }
} }
// If we already have a value for the switch, it has to match! // If we already have a value for the switch, it has to match!
if(!setValueOnce(ICI->getOperand(0))) if(!setValueOnce(ICI->getOperand(0)))
return false; return false;
▲ Show 20 LinesShow All 4,931 LinesShow Last 20 Lines

test/Transforms/SimplifyCFG/switch_create.ll

Show First 20 LinesShow All 573 Lines▼ Show 20 Lines
; CHECK-LABEL: define void @PR26323( ; CHECK-LABEL: define void @PR26323(
; CHECK: %tobool5 = icmp ne i32 %tmp3, 0 ; CHECK: %tobool5 = icmp ne i32 %tmp3, 0
; CHECK: %neg14 = and i32 %tmp3, -2 ; CHECK: %neg14 = and i32 %tmp3, -2
; CHECK: %cmp17 = icmp ne i32 %neg14, -1 ; CHECK: %cmp17 = icmp ne i32 %neg14, -1
; CHECK: %or.cond = and i1 %tobool5, %tobool23 ; CHECK: %or.cond = and i1 %tobool5, %tobool23
; CHECK: %or.cond1 = and i1 %cmp17, %or.cond ; CHECK: %or.cond1 = and i1 %cmp17, %or.cond
; CHECK: br i1 %or.cond1, label %if.end29, label %if.then27 ; CHECK: br i1 %or.cond1, label %if.end29, label %if.then27
; Form a switch when and'ing a negated power of two
; CHECK-LABEL: define void @test19
; CHECK: switch i32 %arg, label %else [
; CHECK: i32 32, label %if
; CHECK: i32 13, label %if
; CHECK: i32 12, label %if
define void @test19(i32 %arg) {
%and = and i32 %arg, -2
%cmp1 = icmp eq i32 %and, 12
%cmp2 = icmp eq i32 %arg, 32
%pred = or i1 %cmp1, %cmp2
br i1 %pred, label %if, label %else
if:
call void @foo1()
ret void
else:
ret void
}
; Since %cmp1 is always false, a switch is never formed
; CHECK-LABEL: define void @test20
; CHECK-NOT: switch
; CHECK: ret void
define void @test20(i32 %arg) {
%and = and i32 %arg, -2
%cmp1 = icmp eq i32 %and, 13
%cmp2 = icmp eq i32 %arg, 32
%pred = or i1 %cmp1, %cmp2
br i1 %pred, label %if, label %else
if:
call void @foo1()
ret void
else:
ret void
}
No newline at end of file