[llvm-bugs] [Bug 86763] [RISC-V] Miscompile with LTO and -fno-strict-aliasing

Tue, 26 Mar 2024 20:47:16 -0700

Issue 86763
Summary [RISC-V] Miscompile with LTO and -fno-strict-aliasing
Labels new issue
Assignees
Reporter patrick-rivos 
    Testcase:
```c
long a, c;
char e = 17;
int f[20];
_Bool g[20];
unsigned b;
int h[500];
void d(char i, int j[]) {
  for (int l = 1; l < i; l++) {
    a = ({ f[l] ?: e; });
    b &= (e ? ~j[0] : 1) ? 1 ? g[l] : 0 : 1;
    for (; c;)
 ;
  }
}
int main() {
  b = 5;
  for (long l = 0; l < 20; ++l)
    f[l] = g[l] = 1;
  for (long l = 0; l < 13; ++l)
    for (long m = 0; m < 13; ++m)
      h[l * 13 + m] = 1;
  d(e, f);
 __builtin_printf("%d\n", b);
}
```

Commands:
```bash
> /scratch/tc-testing/tc-mar-25/build-rv64gcv/bin/clang -march=rv64gcv -flto -O3 -fuse-ld=lld red.c -o red.out -fno-strict-aliasing
> /scratch/tc-testing/tc-mar-25/build-rv64gcv/bin/qemu-riscv64 red.out
5
> /scratch/tc-testing/tc-mar-25/build-rv64gcv/bin/clang -march=rv64gcv -flto -O3 -fuse-ld=lld red.c -o red.out
> /scratch/tc-testing/tc-mar-25/build-rv64gcv/bin/qemu-riscv64 red.out
1
```




Reduced llvm-ir
```llvm ir
target datalayout = "e-m:e-p:64:64-i64:64-i128:128-n32:64-S128"
target triple = "riscv64-unknown-linux-gnu"

@e = global i8 17
@f = global [20 x i32] zeroinitializer
@g = global [20 x i8] zeroinitializer
@b = global i32 0
@.str = constant [4 x i8] c"%d\0A\00"

define void @d(i8 %i, ptr %j) #0 {
entry:
  %conv = sext i8 %i to i64
  br label %for.body.us27

for.body.us27:                                    ; preds = %cond.end16.us39, %entry
  %indvars.iv = phi i64 [ 1, %entry ], [ %indvars.iv.next, %cond.end16.us39 ]
  %0 = load i32, ptr %j, align 4
 %tobool8.not.us = icmp eq i32 %0, -1
  br i1 %tobool8.not.us, label %cond.end16.us39, label %cond.true10.us36

cond.true10.us36: ; preds = %for.body.us27
  %arrayidx12.us37 = getelementptr [20 x i8], ptr @g, i64 0, i64 %indvars.iv
  %1 = load i8, ptr %arrayidx12.us37, align 1, !range !1
  %conv14.us38 = zext i8 %1 to i32
  br label %cond.end16.us39

cond.end16.us39: ; preds = %cond.true10.us36, %for.body.us27
  %cond17.us40 = phi i32 [ %conv14.us38, %cond.true10.us36 ], [ 1, %for.body.us27 ]
  %2 = load i32, ptr @b, align 4
  %and.us41 = and i32 %2, %cond17.us40
 store i32 %and.us41, ptr @b, align 4
  %indvars.iv.next = add i64 %indvars.iv, 1
  %exitcond.not = icmp eq i64 %indvars.iv.next, %conv
 br i1 %exitcond.not, label %for.cond.cleanup, label %for.body.us27

for.cond.cleanup:                                 ; preds = %cond.end16.us39
  ret void
}

define i32 @main() {
entry:
  store i32 5, ptr @b, align 4
  tail call void @llvm.memset.p0.i64(ptr @g, i8 1, i64 20, i1 false)
  store <8 x i32> zeroinitializer, ptr @f, align 32
  %0 = load i8, ptr @e, align 1
 tail call void @d(i8 %0, ptr @f)
  %1 = load i32, ptr @b, align 4
 %call = tail call i32 (ptr, ...) @printf(ptr @.str, i32 %1)
  ret i32 0
}

declare i32 @printf(ptr, ...)

; Function Attrs: nocallback nofree nounwind willreturn memory(argmem: write)
declare void @llvm.memset.p0.i64(ptr nocapture writeonly, i8, i64, i1 immarg) #1

attributes #0 = { "target-features"="+64bit,+a,+c,+d,+f,+m,+relax,+v,+zicsr,+zifencei,+zve32f,+zve32x,+zve64d,+zve64f,+zve64x,+zvl128b,+zvl32b,+zvl64b,-e,-experimental-smmpm,-experimental-smnpm,-experimental-ssnpm,-experimental-sspm,-experimental-ssqosid,-experimental-supm,-experimental-zaamo,-experimental-zabha,-experimental-zalasr,-experimental-zalrsc,-experimental-zcmop,-experimental-zfbfmin,-experimental-zicfilp,-experimental-zicfiss,-experimental-zimop,-experimental-ztso,-experimental-zvfbfmin,-experimental-zvfbfwma,-h,-shcounterenw,-shgatpa,-shtvala,-shvsatpa,-shvstvala,-shvstvecd,-smaia,-smepmp,-ssaia,-ssccptr,-sscofpmf,-sscounterenw,-ssstateen,-ssstrict,-sstc,-sstvala,-sstvecd,-ssu64xl,-svade,-svadu,-svbare,-svinval,-svnapot,-svpbmt,-xcvalu,-xcvbi,-xcvbitmanip,-xcvelw,-xcvmac,-xcvmem,-xcvsimd,-xsfcease,-xsfvcp,-xsfvfnrclipxfqf,-xsfvfwmaccqqq,-xsfvqmaccdod,-xsfvqmaccqoq,-xsifivecdiscarddlone,-xsifivecflushdlone,-xtheadba,-xtheadbb,-xtheadbs,-xtheadcmo,-xtheadcondmov,-xtheadfmemidx,-xtheadmac,-xtheadmemidx,-xtheadmempair,-xtheadsync,-xtheadvdot,-xventanacondops,-za128rs,-za64rs,-zacas,-zawrs,-zba,-zbb,-zbc,-zbkb,-zbkc,-zbkx,-zbs,-zca,-zcb,-zcd,-zce,-zcf,-zcmp,-zcmt,-zdinx,-zfa,-zfh,-zfhmin,-zfinx,-zhinx,-zhinxmin,-zic64b,-zicbom,-zicbop,-zicboz,-ziccamoa,-ziccif,-zicclsm,-ziccrse,-zicntr,-zicond,-zihintntl,-zihintpause,-zihpm,-zk,-zkn,-zknd,-zkne,-zknh,-zkr,-zks,-zksed,-zksh,-zkt,-zmmul,-zvbb,-zvbc,-zvfh,-zvfhmin,-zvkb,-zvkg,-zvkn,-zvknc,-zvkned,-zvkng,-zvknha,-zvknhb,-zvks,-zvksc,-zvksed,-zvksg,-zvksh,-zvkt,-zvl1024b,-zvl16384b,-zvl2048b,-zvl256b,-zvl32768b,-zvl4096b,-zvl512b,-zvl65536b,-zvl8192b" }
attributes #1 = { nocallback nofree nounwind willreturn memory(argmem: write) }

!llvm.module.flags = !{!0}

!0 = !{i32 1, !"target-abi", !"lp64d"}
!1 = !{i8 0, i8 2}
```

Discovered/tested using 3e6e54eb795ce7a1ccd47df8c22fc08125a88886

Found via fuzzer.

_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to