1015 – -indvars miscompilation of Qt

LLVM Bugzilla is read-only and represents the historical archive of all LLVM issues filled before November 26, 2021. Use github to submit LLVM bugs

Bug 1015 - -indvars miscompilation of Qt

Summary: -indvars miscompilation of Qt

Status:	RESOLVED FIXED

Alias:	None

Product:	libraries
Classification:	Unclassified
Component:	Global Analyses (show other bugs)
Version:	1.5
Hardware:	All All

Importance:	P normal
Assignee:	Chris Lattner

URL:
Keywords:	miscompilation

Depends on:
Blocks:

Reported:	2006-11-27 16:41 PST by Anton Korobeynikov
Modified:	2010-02-22 12:41 PST (History)
CC List:	2 users (show)

See Also:
Fixed By Commit(s):

Attachments
Source file [qapp.ll] (58.67 KB, text/plain) 2006-11-27 16:41 PST, Anton Korobeynikov	Details
Opt output [qappl.out.ll] (58.97 KB, text/plain) 2006-11-27 16:42 PST, Anton Korobeynikov	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Anton Korobeynikov 2006-11-27 16:41:14 PST

Consider the input file qappl.ll. Look into bb101 and next BBs. This code
corresponds to the following code in cpp (this is extract from Qt):

    for (i=0; (UINT)mouseTbl[i] != msg.message || !mouseTbl[i]; i += 3)
        ;
    if (!mouseTbl[i])
        return false;
    type = (QEvent::Type)mouseTbl[++i];
    button = mouseTbl[++i];

qappl.out.ll is output from opt -indvars. We have:

        %tmp107 = seteq uint %tmp103, %tmp106           ; <bool> [#uses=1]
        br bool %tmp107, label %cond_next109, label %bb98

cond_next109:           ; preds = %bb101
        %exitcond = setne uint %indvar, 0               ; <bool> [#uses=1]
        br bool %exitcond, label %bb98, label %bb114

%tmp103 corresponds to mouseTbl[i], %tmp106 - to msg.message. %indvar
corresponds to i/3.

Let us assume, that they equals, when i!=0. We have:

%tmp107 = true => branch to cond_next109 => %exitcond = true => branch to bb98

And we have infinite loop here :(

Comment 1 Anton Korobeynikov 2006-11-27 16:41:49 PST

Created attachment 475 [details]
Source file [qapp.ll]

Comment 2 Anton Korobeynikov 2006-11-27 16:42:11 PST

Created attachment 476 [details]
Opt output [qappl.out.ll]

Comment 3 Chris Lattner 2006-11-27 17:09:24 PST

Devang, can you take a look at this when you get a chance?  Thx,

-Chris

Comment 4 Chris Lattner 2006-12-19 00:56:10 PST

Devang, any news on this one?

Comment 5 Chris Lattner 2007-01-06 20:15:45 PST

Reduced testcase:

static const char foo[] = "\0abc";

int test(int J) {
  int i;
  for (i = 0; i == 0 || foo[i] != 0; ++i)
    ;
  return i;
}

void main() {
  printf("%d\n", test(0));
}

$ llvm-gcc t.c -S -o - -O0 -emit-llvm | llvm-as | opt -mem2reg -instcombine -indvars -adce | lli
0
$ gcc t.c
$ ./a.out
4

Comment 6 Chris Lattner 2007-01-06 20:24:56 PST

Fixed.  Testcase here: Transforms/IndVarsSimplify/2007-01-06-TripCount.ll

Patch here:
http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20070101/042170.html

-Chris