This is an archive of the discontinued LLVM Phabricator instance.

Differential D59211

[LSR] Check for signed overflow in NarrowSearchSpaceByDetectingSupersets.
ClosedPublic

Authored by fhahn on Mar 11 2019, 8:00 AM.

Details

Reviewers
qcolombet
gilr
kparzysz
efriedma
Commits
rGd9e88f7b7fef: [LSR] Check for signed overflow in NarrowSearchSpaceByDetectingSupersets.
rL356256: [LSR] Check for signed overflow in NarrowSearchSpaceByDetectingSupersets.
Summary

We are adding a sign extended IR value to an int64_t, which can cause
signed overflows, as in the attached test case, where we have a formula
with BaseOffset = -1 and a constant with numeric_limits<int64_t>::min().

If the addition would overflow, skip the simplification for this
formula. Note that the target triple is required to trigger the failure.

Diff Detail

Repository
rL LLVM

Event Timeline

fhahn created this revision.Mar 11 2019, 8:00 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 11 2019, 8:00 AM
Herald added subscribers: jdoerfert, hiraditya. · View Herald Transcript
Harbormaster completed remote builds in B28990: Diff 190093.Mar 11 2019, 8:01 AM
fhahn added a comment.Mar 11 2019, 10:36 AM

Looks like at other places we cast one operand to uint64_t and then assign the result to int64_t. Given that the operations reflect formulas based on IR types, I guess that's valid? The LangRef does not explicitly mention the behavior of signed overflow for add & co, but given that it is using 2's complement, it should be defined, right?

fhahn added a reviewer: efriedma.Mar 11 2019, 10:37 AM
efriedma added a comment.Mar 11 2019, 11:16 AM

It looks like LSR doesn't deal with this sort of issue consistently... some places we try to overflow-check arithmetic on the offset, and others we use wrapping arithmetic.

What should happen, really, is that each formula includes a bitwidth, and all arithmetic involving that formula use arithmetic that wraps at that bitwidth (like an APInt). Otherwise it's not really clear what the computation actually means.

fhahn added a comment.Mar 11 2019, 12:19 PM
In D59211#1424945, @efriedma wrote:

It looks like LSR doesn't deal with this sort of issue consistently... some places we try to overflow-check arithmetic on the offset, and others we use wrapping arithmetic.

What should happen, really, is that each formula includes a bitwidth, and all arithmetic involving that formula use arithmetic that wraps at that bitwidth (like an APInt). Otherwise it's not really clear what the computation actually means.

Right, that makes sense! I guess that would consistently address the signed overflows and potentially codegen errors by wrong wrapping/truncating. I'm happy to look into that. Unfortunately we are this UBSan failure internally, do you think it would be OK to get this in (either as is or with wrapping arithmetic) until the issue is addressed consistently?

efriedma added a comment.Mar 11 2019, 12:28 PM

It's probably okay to preserve the current behavior here with an explicit uint64_t cast, for now, maybe with a FIXME.

fhahn updated this revision to Diff 190142.Mar 11 2019, 1:02 PM

use wrapping arithmetic

Harbormaster completed remote builds in B28998: Diff 190142.Mar 11 2019, 1:05 PM
efriedma accepted this revision.Mar 11 2019, 5:20 PM

LGTM

This revision is now accepted and ready to land.Mar 11 2019, 5:20 PM
fhahn mentioned this in D59218: [LSR] Fix signed overflow in GenerateCrossUseConstantOffsets..Mar 12 2019, 3:28 PM
Closed by commit rL356256: [LSR] Check for signed overflow in NarrowSearchSpaceByDetectingSupersets. (authored by fhahn). · Explain WhyMar 15 2019, 5:19 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
trunk/
lib/
Transforms/
Scalar/
4 lines
test/
Transforms/
LoopStrengthReduce/
X86/
38 lines

Diff 190810

llvm/trunk/lib/Transforms/Scalar/LoopStrengthReduce.cpp

Show First 20 LinesShow All 4,417 Lines▼ Show 20 Lines for (size_t LUIdx = 0, NumUses = Uses.size(); LUIdx != NumUses; ++LUIdx) {
Formula &F = LU.Formulae[i]; Formula &F = LU.Formulae[i];
// Look for a formula with a constant or GV in a register. If the use // Look for a formula with a constant or GV in a register. If the use
// also has a formula with that same value in an immediate field, // also has a formula with that same value in an immediate field,
// delete the one that uses a register. // delete the one that uses a register.
for (SmallVectorImpl<const SCEV *>::const_iterator for (SmallVectorImpl<const SCEV *>::const_iterator
I = F.BaseRegs.begin(), E = F.BaseRegs.end(); I != E; ++I) { I = F.BaseRegs.begin(), E = F.BaseRegs.end(); I != E; ++I) {
if (const SCEVConstant *C = dyn_cast<SCEVConstant>(*I)) { if (const SCEVConstant *C = dyn_cast<SCEVConstant>(*I)) {
Formula NewF = F; Formula NewF = F;
NewF.BaseOffset += C->getValue()->getSExtValue(); //FIXME: Formulas should store bitwidth to do wrapping properly.
// See PR41034.
NewF.BaseOffset += (uint64_t)C->getValue()->getSExtValue();
NewF.BaseRegs.erase(NewF.BaseRegs.begin() + NewF.BaseRegs.erase(NewF.BaseRegs.begin() +
(I - F.BaseRegs.begin())); (I - F.BaseRegs.begin()));
if (LU.HasFormulaWithSameRegs(NewF)) { if (LU.HasFormulaWithSameRegs(NewF)) {
LLVM_DEBUG(dbgs() << " Deleting "; F.print(dbgs()); LLVM_DEBUG(dbgs() << " Deleting "; F.print(dbgs());
dbgs() << '\n'); dbgs() << '\n');
LU.DeleteFormula(F); LU.DeleteFormula(F);
--i; --i;
--e; --e;
▲ Show 20 LinesShow All 1,265 LinesShow Last 20 Lines

llvm/trunk/test/Transforms/LoopStrengthReduce/X86/lsr-overflow.ll

; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
; RUN: opt -lsr-complexity-limit=50 -loop-reduce -S %s | FileCheck %s
target triple = "x86_64-apple-macosx10.14.0"
target datalayout = "e-m:o-i64:64-f80:128-n8:16:32:64-S128"
define void @overflow1(i64 %a) {
; CHECK-LABEL: @overflow1(
; CHECK-NEXT: bb:
; CHECK-NEXT: br label [[BB1:%.*]]
; CHECK: bb1:
; CHECK-NEXT: [[TMP:%.*]] = phi i64 [ [[A:%.*]], [[BB:%.*]] ], [ [[TMP6:%.*]], [[BB1]] ]
; CHECK-NEXT: [[TMP0:%.*]] = add i64 [[TMP]], -9223372036854775808
; CHECK-NEXT: [[TMP4:%.*]] = icmp ne i64 [[TMP0]], 0
; CHECK-NEXT: [[TMP5:%.*]] = and i1 [[TMP4]], true
; CHECK-NEXT: [[TMP6]] = add i64 [[TMP]], 1
; CHECK-NEXT: br i1 [[TMP5]], label [[BB1]], label [[BB7:%.*]]
; CHECK: bb7:
; CHECK-NEXT: [[TMP1:%.*]] = add i64 [[TMP6]], -1
; CHECK-NEXT: [[TMP9:%.*]] = and i64 [[TMP1]], 1
; CHECK-NEXT: [[TMP10:%.*]] = icmp eq i64 [[TMP9]], 0
; CHECK-NEXT: unreachable
;
bb:
br label %bb1
bb1: ; preds = %bb1, %bb
%tmp = phi i64 [ %a, %bb ], [ %tmp6, %bb1 ]
%tmp4 = icmp ne i64 %tmp, -9223372036854775808
%tmp5 = and i1 %tmp4, 1
%tmp6 = add i64 %tmp, 1
br i1 %tmp5, label %bb1, label %bb7
bb7: ; preds = %bb1
%tmp9 = and i64 %tmp, 1
%tmp10 = icmp eq i64 %tmp9, 0
unreachable
}