Is it a valid fp transformation?

artur · March 20, 2017, 10:25am

This C program produces different results with -O0 and -O3 optimization levels.

#include <stdio.h>
float test(unsigned int arg) {
return (float)((int)(arg * 58)) + 1;
}
int main() {
printf("%d\n", (int)test((unsigned int)-831710640));
}

O0 result is -994576896
O3 result is -994576832

It happens because LLVM (specifically instcombine) does the following transformation:
(float)x + 1.0 => (float)(x + 1)

For some values the expression before and after yield different results:
x = -994576864
(float)x = -994576896.000000
(float)x + 1.0 = -994576896.000000
(float)(x + 1) = -994576832.000000

I’m curious if this is a correct transformation and why.

Artur

rotateright · March 20, 2017, 2:41pm

Looks broken to me; I don’t think there’s UB in the original program.

The fold in visitFAdd() should check if the sitofp is guaranteed to produce an exact result? Ie, if the int value input to the sitofp could possibly be different when converted back using fptosi, then the transform does not work.

define float @test(i32 %x) {
%mul = mul i32 %x, 58
%conv = sitofp i32 %mul to float
%add = fadd float %conv, 1.0
ret float %add
}

Stephen_Canon1 · March 20, 2017, 4:14pm

I agree. There’s implementation-defined behavior on the conversion of (arg*58) to int, but that shouldn’t be at issue here. The transform of (float)x + 1 => (float)(x + 1) is bogus.

artur · March 20, 2017, 4:49pm

It looks like we already have a bug filed for this problem:

https://bugs.llvm.org//show_bug.cgi?id=27036

Artur

artur · March 21, 2017, 12:01pm

I posted a review with a simple fix to this transform:
https://reviews.llvm.org/D31182

Artur