| Issue |
178506
|
| Summary |
Trip count handling in SCF Utils uses incorrect signedness and risks overflow
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
jhalakpatel
|
The trip count computation and usage in mlir/lib/Dialect/SCF/Utils/Utils.cpp has several issues:
1. `getConstLoopTripCounts` returns `SmallVector<int64_t>` but should return `SmallVector<uint64_t>` since trip counts are inherently unsigned
2. Multiple call sites use `APInt::getZExtValue()` which may overflow for large trip counts (e.g., in `loopUnrollFull`, `loopUnrollByFactor`, `loopUnrollJamByFactor`)
3. Inconsistent signedness: `loopUnrollJamByFactor` mixes `getSExtValue()` and `getZExtValue()` on the same APInt
4. Arithmetic operations like `lbCst + tripCountEvenMultiple * stepCst` may overflow with int64_t
All trip count handling should consistently use uint64_t and include proper overflow checks.
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
