[llvm-bugs] [Bug 179412] [InstCombine] Dropping `samesign` when folding `icmp samesign ugt %x, ~%x` into `icmp slt %x, 0` refines poison into defined value

LLVM Bugs via llvm-bugs Tue, 03 Feb 2026 00:24:02 -0800

Issue	179412
Summary	[InstCombine] Dropping `samesign` when folding `icmp samesign ugt %x, ~%x` into `icmp slt %x, 0` refines poison into defined value
Labels	new issue
Assignees
Reporter	ariskeirio

    **Description**
I found a miscompilation in InstCombine where an `icmp` fold drops the `samesign` flag and refines a poison-producing predicate into a defined boolean value.
**Minimal Reproducer**
src:


```
define i1 @src(i32 %x) {
  %nx = xor i32 %x, -1        ; ~x
  %c  = icmp samesign ugt i32 %x, %nx
  ret i1 %c
}
```

tgt:

```
define i1 @tgt(i32 %x) {
  %c = icmp slt i32 %x, 0
  ret i1 %c
}
```

This fold drops the `samesign` flag, which changes the program semantics by refining a mostly-poison (in fact, poison for all defined inputs) predicate into a defined boolean.
A more “flag-preserving” tgt would be:

```
define i1 @tgt(i32 %x) {
  %c = icmp samesign slt i32 %x, 0
  ret i1 %c
}
```

_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

[llvm-bugs] [Bug 179412] [InstCombine] Dropping `samesign` when folding `icmp samesign ugt %x, ~%x` into `icmp slt %x, 0` refines poison into defined value

Reply via email to