AArch64: there seems to be a bug in DAGCombiner.

[ParkHanbum]

I'm working on this issue #34101
while proceeding, I found bug when we doing shifting array index by right 1.

here is example:

int test(long a, long b, int *table) {    
  return table[(a) >> 1];  
}

test(long, long, int*):                            // @test(unsigned long long, unsigned long long, int*)
        mul     x8, x1, x0
        lsl     x8, x8, #1
        and     x8, x8, #0xfffffffffffffffc
        ldr     w0, [x2, x8]
        ret

as you can see, we doing shifting array index by left 1.
I think this bug causes by we do not considering how shift amount to array index.
and this is debugging log that how this code occurred bad shifting.

# loss highest bit
1    int bug(long long a, int *table)
   2    {
-> 3      return table[(a)>>1];
   4    }
warning: a.out was compiled with optimization - stepping may behave oddly; variables may not be available.
(lldb) disas -a bug
a.out`bug:
->  0x100003f84 <+0>:  lsl    x8, x0, #1
    0x100003f88 <+4>:  and    x8, x8, #0xfffffffffffffffc
    0x100003f8c <+8>:  ldr    w0, [x1, x8]
    0x100003f90 <+12>: ret    
(lldb) p $x0
(unsigned long) 9223372036854775808
(lldb) ni
Process 79078 stopped
* thread #1, queue = 'cohttp://m.apple.main-thread',/ stop reason = instruction step over
    frame #0: 0x0000000100003f88 a.out`bug(a=-9223372036854775808, table=0x00006000016f0020) at bug.c:3:10 [opt]
   1    int bug(long long a, int *table)
   2    {
-> 3      return table[(a)>>1];
   4    }
(lldb) p $x0
(unsigned long) 9223372036854775808
(lldb) p $x8
(unsigned long) 0
(lldb) ni
Process 79078 stopped
* thread #1, queue = 'cohttp://m.apple.main-thread',/ stop reason = instruction step over
    frame #0: 0x0000000100003f8c a.out`bug(a=-9223372036854775808, table=0x00006000016f0020) at bug.c:3:10 [opt]
   1    int bug(long long a, int *table)
   2    {
-> 3      return table[(a)>>1];
   4    }
(lldb) p $x8
(unsigned long) 0

godbolt link : https://simd.godbolt.org/z/a819j4xGP

how do you think?

ps. I wish take this issue to solve also :)

[llvmbot]

@llvm/issue-subscribers-backend-aarch64

Author: hanbeom (ParkHanbum)

I'm working on this issue https://github.com//issues/34101 while proceeding, I found bug when we doing shifting array index by right 1.

here is example:

int test(unsigned long long a, unsigned long long b, int *table) {    
  return table[(a * b) >> 1];  
}

test(unsigned long long, unsigned long long, int*):                            // @<!-- -->test(unsigned long long, unsigned long long, int*)
        mul     x8, x1, x0
        lsl     x8, x8, #<!-- -->1
        and     x8, x8, #<!-- -->0xfffffffffffffffc
        ldr     w0, [x2, x8]
        ret

as you can see, we doing shifting array index by left 3.
I think this bug causes by we do not considering how shift amount to array index.

how do you think?

ps. I wish take this issue to solve also :)

[EugeneZelenko]

@ParkHanbum: Could you please elaborate?

[ParkHanbum]

@EugeneZelenko I'm adding more detail and reopen it.