Skip to content

Instantly share code, notes, and snippets.

@arielb1

arielb1/bug.ll

Created December 17, 2016 23:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save arielb1/0eec19e9bf0a3dc0700db3894d9dffcd to your computer and use it in GitHub Desktop.
Save arielb1/0eec19e9bf0a3dc0700db3894d9dffcd to your computer and use it in GitHub Desktop.
Download ZIP
i128 bug in action
Raw
bug.ll
*** IR Dump Before Module Verifier ***
; Function Attrs: uwtable
define i64 @_ZN9serialize6leb12819write_signed_leb12817h02e4c1e084b3f592E(%"collections::vec::Vec<u8>"* nocapture dereferenceable(24), i64, i128) unnamed_addr #1 personality i32 (i32, i32, i64, %"unwind::libunwind::_Unwind_Exception"*, %"unwind::libunwind::_Unwind_Context"*)* @rust_eh_personality {
entry-block:
br label %bb3.i
bb3.i: ; preds = %"_ZN9serialize6leb12819write_signed_leb12828_$u7b$$u7b$closure$u7d$$u7d$17h46483652043636f9E.exit.i", %entry-block
%position.0.i = phi i64 [ 0, %entry-block ], [ %26, %"_ZN9serialize6leb12819write_signed_leb12828_$u7b$$u7b$closure$u7d$$u7d$17h46483652043636f9E.exit.i" ]
%value.0.i = phi i128 [ %2, %entry-block ], [ %5, %"_ZN9serialize6leb12819write_signed_leb12828_$u7b$$u7b$closure$u7d$$u7d$17h46483652043636f9E.exit.i" ]
%3 = trunc i128 %value.0.i to i8
%4 = and i8 %3, 127
%5 = ashr i128 %value.0.i, 7
%6 = icmp eq i128 %5, 0
%7 = and i8 %3, 64
%8 = icmp eq i8 %7, 0
%or.cond.i = and i1 %6, %8
br i1 %or.cond.i, label %bb7.i, label %bb9.i
bb7.i: ; preds = %bb9.i, %bb3.i
%_12.0.i = phi i1 [ true, %bb3.i ], [ %not.or.cond20.i, %bb9.i ]
%9 = or i8 %3, -128
%..i = select i1 %_12.0.i, i8 %4, i8 %9
%10 = add i64 %1, %position.0.i
%sunkaddr = ptrtoint %"collections::vec::Vec<u8>"* %0 to i64
%sunkaddr2 = add i64 %sunkaddr, 16
%sunkaddr3 = inttoptr i64 %sunkaddr2 to i64*
%11 = load i64, i64* %sunkaddr3, align 8, !alias.scope !3, !noalias !6
%12 = icmp eq i64 %10, %11
br i1 %12, label %bb2.i.i.i, label %bb3.i.i.i
bb2.i.i.i: ; preds = %bb7.i
%sunkaddr4 = ptrtoint %"collections::vec::Vec<u8>"* %0 to i64
%sunkaddr5 = add i64 %sunkaddr4, 8
%sunkaddr6 = inttoptr i64 %sunkaddr5 to i64*
%13 = load i64, i64* %sunkaddr6, align 8, !alias.scope !9, !noalias !6
%14 = icmp eq i64 %10, %13
br i1 %14, label %bb3.i.i.i.i, label %"_ZN39_$LT$collections..vec..Vec$LT$T$GT$$GT$4push17h87dd2f0e3dff9b52E.exit.i.i.i"
bb3.i.i.i.i: ; preds = %bb2.i.i.i
%15 = bitcast %"collections::vec::Vec<u8>"* %0 to %"alloc::raw_vec::RawVec<u8>"*
tail call fastcc void @"_ZN40_$LT$alloc..raw_vec..RawVec$LT$T$GT$$GT$6double17hf4189e6c59e4eb72E"(%"alloc::raw_vec::RawVec<u8>"* nonnull dereferenceable(16) %15), !noalias !6
%sunkaddr7 = ptrtoint %"collections::vec::Vec<u8>"* %0 to i64
%sunkaddr8 = add i64 %sunkaddr7, 16
%sunkaddr9 = inttoptr i64 %sunkaddr8 to i64*
%.pre.i.i.i.i = load i64, i64* %sunkaddr9, align 8, !noalias !6
br label %"_ZN39_$LT$collections..vec..Vec$LT$T$GT$$GT$4push17h87dd2f0e3dff9b52E.exit.i.i.i"
"_ZN39_$LT$collections..vec..Vec$LT$T$GT$$GT$4push17h87dd2f0e3dff9b52E.exit.i.i.i": ; preds = %bb2.i.i.i, %bb3.i.i.i.i
%16 = phi i64 [ %.pre.i.i.i.i, %bb3.i.i.i.i ], [ %10, %bb2.i.i.i ]
%17 = bitcast %"collections::vec::Vec<u8>"* %0 to i8**
%18 = load i8*, i8** %17, align 8, !alias.scope !12, !noalias !6, !nonnull !15
%19 = getelementptr inbounds i8, i8* %18, i64 %16
store i8 %..i, i8* %19, align 1, !noalias !6
%sunkaddr10 = ptrtoint %"collections::vec::Vec<u8>"* %0 to i64
%sunkaddr11 = add i64 %sunkaddr10, 16
%sunkaddr12 = inttoptr i64 %sunkaddr11 to i64*
%20 = load i64, i64* %sunkaddr12, align 8, !noalias !6
%21 = add i64 %20, 1
store i64 %21, i64* %sunkaddr12, align 8, !noalias !6
br label %"_ZN9serialize6leb12819write_signed_leb12828_$u7b$$u7b$closure$u7d$$u7d$17h46483652043636f9E.exit.i"
bb3.i.i.i: ; preds = %bb7.i
%22 = icmp ugt i64 %11, %10
br i1 %22, label %"_ZN83_$LT$collections..vec..Vec$LT$T$GT$$u20$as$u20$core..ops..IndexMut$LT$usize$GT$$GT$9index_mut17h6ccbbd6a665e2539E.exit.i.i.i", label %panic.i.i.i.i, !prof !16
panic.i.i.i.i: ; preds = %bb3.i.i.i
%23 = add i64 %1, %position.0.i
tail call void @_ZN4core9panicking18panic_bounds_check17h19025d021be98663E({ %str_slice, i32 }* nonnull @panic_bounds_check_loc.r, i64 %23, i64 %11), !noalias !6
unreachable
"_ZN83_$LT$collections..vec..Vec$LT$T$GT$$u20$as$u20$core..ops..IndexMut$LT$usize$GT$$GT$9index_mut17h6ccbbd6a665e2539E.exit.i.i.i": ; preds = %bb3.i.i.i
%24 = bitcast %"collections::vec::Vec<u8>"* %0 to i8**
%25 = load i8*, i8** %24, align 8, !alias.scope !17, !noalias !6, !nonnull !15
%scevgep = getelementptr i8, i8* %25, i64 %1
%scevgep1 = getelementptr i8, i8* %scevgep, i64 %position.0.i
store i8 %..i, i8* %scevgep1, align 1, !noalias !6
br label %"_ZN9serialize6leb12819write_signed_leb12828_$u7b$$u7b$closure$u7d$$u7d$17h46483652043636f9E.exit.i"
"_ZN9serialize6leb12819write_signed_leb12828_$u7b$$u7b$closure$u7d$$u7d$17h46483652043636f9E.exit.i": ; preds = %"_ZN83_$LT$collections..vec..Vec$LT$T$GT$$u20$as$u20$core..ops..IndexMut$LT$usize$GT$$GT$9index_mut17h6ccbbd6a665e2539E.exit.i.i.i", %"_ZN39_$LT$collections..vec..Vec$LT$T$GT$$GT$4push17h87dd2f0e3dff9b52E.exit.i.i.i"
%26 = add i64 %position.0.i, 1
br i1 %_12.0.i, label %_ZN9serialize6leb12822write_signed_leb128_to17h1878ed026e3a4764E.exit, label %bb3.i
bb9.i: ; preds = %bb3.i
%27 = icmp eq i8 %7, 0
%28 = icmp ne i128 %5, 18446744073709551615
%or.cond20.i = or i1 %28, %27
%not.or.cond20.i = xor i1 %or.cond20.i, true
br label %bb7.i
_ZN9serialize6leb12822write_signed_leb128_to17h1878ed026e3a4764E.exit: ; preds = %"_ZN9serialize6leb12819write_signed_leb12828_$u7b$$u7b$closure$u7d$$u7d$17h46483652043636f9E.exit.i"
ret i64 %26
}
# *** IR Dump Before Expand ISel Pseudo-instructions ***:
# Machine code for function _ZN9serialize6leb12819write_signed_leb12817h02e4c1e084b3f592E: Properties: <SSA, tracking liveness, HasVRegs>
Function Live Ins: %RDI in %vreg16, %RSI in %vreg17, %RDX in %vreg18, %RCX in %vreg19
BB#0: derived from LLVM BB %entry-block
Live Ins: %RDI %RSI %RDX %RCX
%vreg19<def> = COPY %RCX; GR64:%vreg19
%vreg18<def> = COPY %RDX; GR64:%vreg18
%vreg17<def> = COPY %RSI; GR64:%vreg17
%vreg16<def> = COPY %RDI; GR64:%vreg16
%vreg21<def> = COPY %vreg19; GR64:%vreg21,%vreg19
%vreg20<def> = COPY %vreg18; GR64:%vreg20,%vreg18
%vreg23<def> = MOV32r0 %EFLAGS<imp-def,dead>; GR32:%vreg23
%vreg22<def> = SUBREG_TO_REG 0, %vreg23<kill>, 4; GR64:%vreg22 GR32:%vreg23
Successors according to CFG: BB#1(?%)
BB#1: derived from LLVM BB %bb3.i
Predecessors according to CFG: BB#0 BB#9
%vreg0<def> = PHI %vreg22, <BB#0>, %vreg14, <BB#9>; GR64:%vreg0,%vreg22,%vreg14
%vreg1<def> = PHI %vreg20, <BB#0>, %vreg5, <BB#9>; GR64_with_sub_8bit:%vreg1 GR64:%vreg20,%vreg5
%vreg2<def> = PHI %vreg21, <BB#0>, %vreg6, <BB#9>; GR64:%vreg2,%vreg21,%vreg6
%vreg3<def> = COPY %vreg1:sub_8bit; GR8:%vreg3 GR64_with_sub_8bit:%vreg1
%vreg4<def,tied1> = AND8ri %vreg3<tied0>, 127, %EFLAGS<imp-def,dead>; GR8:%vreg4,%vreg3
%vreg5<def,tied1> = SHLD64rri8 %vreg2<tied0>, %vreg1, 57, %EFLAGS<imp-def,dead>; GR64:%vreg5,%vreg2 GR64_with_sub_8bit:%vreg1
%vreg6<def,tied1> = SAR64ri %vreg2<tied0>, 7, %EFLAGS<imp-def,dead>; GR64:%vreg6,%vreg2
%vreg7<def,tied1> = AND8ri %vreg3<tied0>, 64, %EFLAGS<imp-def,dead>; GR8:%vreg7,%vreg3
%vreg24<def> = MOV8ri 1; GR8:%vreg24
%vreg25<def,tied1> = OR64rr %vreg5<tied0>, %vreg6, %EFLAGS<imp-def>; GR64:%vreg25,%vreg5,%vreg6
JNE_1 <BB#10>, %EFLAGS<imp-use>
JMP_1 <BB#12>
Successors according to CFG: BB#12(0x60000000 / 0x80000000 = 75.00%) BB#10(0x20000000 / 0x80000000 = 25.00%)
BB#12: derived from LLVM BB %bb3.i
Predecessors according to CFG: BB#1
TEST8rr %vreg7, %vreg7, %EFLAGS<imp-def>; GR8:%vreg7
JNE_1 <BB#10>, %EFLAGS<imp-use>
JMP_1 <BB#2>
Successors according to CFG: BB#2(0x55555555 / 0x80000000 = 66.67%) BB#10(0x2aaaaaab / 0x80000000 = 33.33%)
BB#2: derived from LLVM BB %bb7.i
Predecessors according to CFG: BB#12 BB#10
%vreg8<def> = PHI %vreg24, <BB#12>, %vreg15, <BB#10>; GR8:%vreg8,%vreg24,%vreg15
%vreg30<def,tied1> = OR8ri %vreg3<tied0>, -128, %EFLAGS<imp-def,dead>; GR8:%vreg30,%vreg3
TEST8rr %vreg8, %vreg8, %EFLAGS<imp-def>; GR8:%vreg8
%vreg9<def> = CMOV_GR8 %vreg30<kill>, %vreg4, 9, %EFLAGS<imp-use>; GR8:%vreg9,%vreg30,%vreg4
%vreg10<def,tied1> = ADD64rr %vreg17<tied0>, %vreg0, %EFLAGS<imp-def,dead>; GR64:%vreg10,%vreg17,%vreg0
%vreg11<def> = MOV64rm %vreg16, 1, %noreg, 16, %noreg; mem:LD8[%sunkaddr3](alias.scope=!4)(noalias=!7) GR64:%vreg11,%vreg16
%vreg31<def,tied1> = SUB64rr %vreg10<tied0>, %vreg11, %EFLAGS<imp-def>; GR64:%vreg31,%vreg10,%vreg11
JNE_1 <BB#6>, %EFLAGS<imp-use>
JMP_1 <BB#3>
Successors according to CFG: BB#3(0x40000000 / 0x80000000 = 50.00%) BB#6(0x40000000 / 0x80000000 = 50.00%)
BB#3: derived from LLVM BB %bb2.i.i.i
Predecessors according to CFG: BB#2
%vreg37<def,tied1> = SUB64rm %vreg10<tied0>, %vreg16, 1, %noreg, 8, %noreg, %EFLAGS<imp-def>; mem:LD8[%sunkaddr6](alias.scope=!10)(noalias=!7) GR64:%vreg37,%vreg10,%vreg16
JNE_1 <BB#5>, %EFLAGS<imp-use>
JMP_1 <BB#4>
Successors according to CFG: BB#4(0x07878788 / 0x80000000 = 5.88%) BB#5(0x78787878 / 0x80000000 = 94.12%)
BB#4: derived from LLVM BB %bb3.i.i.i.i
Predecessors according to CFG: BB#3
ADJCALLSTACKDOWN64 0, 0, %RSP<imp-def,dead>, %EFLAGS<imp-def,dead>, %RSP<imp-use>
%RDI<def> = COPY %vreg16; GR64:%vreg16
CALL64pcrel32 <ga:@"_ZN40_$LT$alloc..raw_vec..RawVec$LT$T$GT$$GT$6double17hf4189e6c59e4eb72E">, <regmask %BH %BL %BP %BPL %BX %EBP %EBX %RBP %RBX %R12 %R13 %R14 %R15 %R12B %R13B %R14B %R15B %R12D %R13D %R14D %R15D %R12W %R13W %R14W %R15W>, %RSP<imp-use>, %RDI<imp-use>, %RSP<imp-def>
ADJCALLSTACKUP64 0, 0, %RSP<imp-def,dead>, %EFLAGS<imp-def,dead>, %RSP<imp-use>
%vreg12<def> = MOV64rm %vreg16, 1, %noreg, 16, %noreg; mem:LD8[%sunkaddr9](noalias=!7) GR64:%vreg12,%vreg16
Successors according to CFG: BB#5(?%)
BB#5: derived from LLVM BB %"_ZN39_$LT$collections..vec..Vec$LT$T$GT$$GT$4push17h87dd2f0e3dff9b52E.exit.i.i.i"
Predecessors according to CFG: BB#3 BB#4
%vreg13<def> = PHI %vreg10, <BB#3>, %vreg12, <BB#4>; GR64_NOSP:%vreg13 GR64:%vreg10,%vreg12
%vreg38<def> = MOV64rm %vreg16, 1, %noreg, 0, %noreg; mem:LD8[%17](alias.scope=!13)(noalias=!7) GR64:%vreg38,%vreg16
MOV8mr %vreg38<kill>, 1, %vreg13, 0, %noreg, %vreg9; mem:ST1[%19](noalias=!7) GR64:%vreg38 GR64_NOSP:%vreg13 GR8:%vreg9
INC64m %vreg16, 1, %noreg, 16, %noreg, %EFLAGS<imp-def,dead>; mem:ST8[%sunkaddr12](noalias=!7) LD8[%sunkaddr12](noalias=!7) GR64:%vreg16
JMP_1 <BB#9>
Successors according to CFG: BB#9(?%)
BB#6: derived from LLVM BB %bb3.i.i.i
Predecessors according to CFG: BB#2
%vreg32<def,tied1> = SUB64rr %vreg11<tied0>, %vreg10, %EFLAGS<imp-def>; GR64:%vreg32,%vreg11,%vreg10
JA_1 <BB#8>, %EFLAGS<imp-use>
JMP_1 <BB#7>
Successors according to CFG: BB#8(0x7ffff800 / 0x80000000 = 100.00%) BB#7(0x00000800 / 0x80000000 = 0.00%)
BB#7: derived from LLVM BB %panic.i.i.i.i
Predecessors according to CFG: BB#6
%vreg33<def,tied1> = ADD64rr %vreg17<tied0>, %vreg0, %EFLAGS<imp-def,dead>; GR64:%vreg33,%vreg17,%vreg0
%vreg34<def> = MOV32ri64 <ga:@panic_bounds_check_loc.r>; GR32:%vreg34
%vreg35<def> = SUBREG_TO_REG 0, %vreg34<kill>, 4; GR64:%vreg35 GR32:%vreg34
ADJCALLSTACKDOWN64 0, 0, %RSP<imp-def,dead>, %EFLAGS<imp-def,dead>, %RSP<imp-use>
%RDI<def> = COPY %vreg35; GR64:%vreg35
%RSI<def> = COPY %vreg33; GR64:%vreg33
%RDX<def> = COPY %vreg11; GR64:%vreg11
CALL64pcrel32 <ga:@_ZN4core9panicking18panic_bounds_check17h19025d021be98663E>, <regmask %BH %BL %BP %BPL %BX %EBP %EBX %RBP %RBX %R12 %R13 %R14 %R15 %R12B %R13B %R14B %R15B %R12D %R13D %R14D %R15D %R12W %R13W %R14W %R15W>, %RSP<imp-use>, %RDI<imp-use>, %RSI<imp-use>, %RDX<imp-use>, %RSP<imp-def>
ADJCALLSTACKUP64 0, 0, %RSP<imp-def,dead>, %EFLAGS<imp-def,dead>, %RSP<imp-use>
BB#8: derived from LLVM BB %"_ZN83_$LT$collections..vec..Vec$LT$T$GT$$u20$as$u20$core..ops..IndexMut$LT$usize$GT$$GT$9index_mut17h6ccbbd6a665e2539E.exit.i.i.i"
Predecessors according to CFG: BB#6
%vreg36<def,tied1> = ADD64rm %vreg17<tied0>, %vreg16, 1, %noreg, 0, %noreg, %EFLAGS<imp-def,dead>; mem:LD8[%24](alias.scope=!18)(noalias=!7) GR64_NOSP:%vreg36 GR64:%vreg17,%vreg16
MOV8mr %vreg0, 1, %vreg36<kill>, 0, %noreg, %vreg9; mem:ST1[%scevgep1](noalias=!7) GR64:%vreg0 GR64_NOSP:%vreg36 GR8:%vreg9
Successors according to CFG: BB#9(?%)
BB#9: derived from LLVM BB %"_ZN9serialize6leb12819write_signed_leb12828_$u7b$$u7b$closure$u7d$$u7d$17h46483652043636f9E.exit.i"
Predecessors according to CFG: BB#8 BB#5
%vreg14<def,tied1> = INC64r %vreg0<tied0>, %EFLAGS<imp-def,dead>; GR64:%vreg14,%vreg0
TEST8rr %vreg8, %vreg8, %EFLAGS<imp-def>; GR8:%vreg8
JNE_1 <BB#11>, %EFLAGS<imp-use>
JMP_1 <BB#1>
Successors according to CFG: BB#11(0x04000000 / 0x80000000 = 3.12%) BB#1(0x7c000000 / 0x80000000 = 96.88%)
BB#10: derived from LLVM BB %bb9.i
Predecessors according to CFG: BB#1 BB#12
TEST8rr %vreg7, %vreg7, %EFLAGS<imp-def>; GR8:%vreg7
%vreg26<def> = SETNEr %EFLAGS<imp-use>; GR8:%vreg26
%vreg27<def,tied1> = NOT64r %vreg5<tied0>; GR64:%vreg27,%vreg5
%vreg28<def,tied1> = OR64rr %vreg27<tied0>, %vreg6, %EFLAGS<imp-def>; GR64:%vreg28,%vreg27,%vreg6
%vreg29<def> = SETEr %EFLAGS<imp-use>; GR8:%vreg29
%vreg15<def,tied1> = AND8rr %vreg29<tied0>, %vreg26<kill>, %EFLAGS<imp-def,dead>; GR8:%vreg15,%vreg29,%vreg26
JMP_1 <BB#2>
Successors according to CFG: BB#2(?%)
BB#11: derived from LLVM BB %_ZN9serialize6leb12822write_signed_leb128_to17h1878ed026e3a4764E.exit
Predecessors according to CFG: BB#9
%RAX<def> = COPY %vreg14; GR64:%vreg14
RET 0, %RAX
# End machine code for function _ZN9serialize6leb12819write_signed_leb12817h02e4c1e084b3f592E.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment