-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Miscompilation due to MatchBranchSimplification MIR pass mixing up discriminants #124150
Comments
Cc @rust-lang/wg-mir-opt |
does it make sense to quickly throw up a PR disabling it to leave more time for fixing it properly and thoroughly? |
I like this: #124122 (comment). |
yeah, could you put up a quick PR to disable it, gating it behind unsound MIR opts? |
I will do it today. :) |
This is just the usual operation on LLVM: disabling certain conversions, rather than disabling the entire Pass. Of course, compared to LLVM's passes, the passes in MIR-opt are much smaller. |
WG-prioritization assigning priority (Zulip discussion). @rustbot label -I-prioritize +P-critical |
I've rethought this scenario, and it's appropriate to add unsound opts. Because this pass is mostly all in #120614. :) |
I think disabling the entire pass should have a very small impact, it's not like this is the LLVM instcombine pass :D. So that makes more sense, it's usually how we do it for less important MIR opt passes. |
I caused a P-critical issue for the first time. :p |
Rust nightly, as of yesterday, breaks yk. We *think* this is because of rust-lang/rust#124150 --- if so, hopefully we can switch back to "nightly nightly" in a day or two.
mir-opts work has a pretty high chance of doing that. Unfortunately we haven't yet figured out how to build correct-by-construction optimization passes outside of full-blown theorem provers... |
Disable MatchBranchSimplification Due to the miscompilation mentioned in rust-lang#124150, We need to disable MatchBranchSimplification temporarily. To fully resolve this issue, my plan is: 1. Disable MatchBranchSimplification (this PR). 2. Remove all potentially unclear transforms in rust-lang#124122. 3. Gradually add back the removed transforms (possibly multiple PRs). r? `@Nilstrieb` or `@oli-obk`
…fJung Disable SimplifyToExp in MatchBranchSimplification Due to the miscompilation mentioned in rust-lang#124150, We need to disable MatchBranchSimplification temporarily. To fully resolve this issue, my plan is: 1. Disable SimplifyToExp in MatchBranchSimplification (this PR). 2. Remove all potentially unclear transforms in rust-lang#124122. 3. Gradually add back the removed transforms (possibly multiple PRs). r? `@Nilstrieb` or `@oli-obk`
Simplify match based on the cast result of `IntToInt` Continue to complete rust-lang#124150. The condition in rust-lang#120614 is wrong, e.g. `-1i8` cannot be converted to `255i16`. I've rethought the issue and simplified the conditional judgment for a more straightforward approach. The new approach is to check **if the case value after the `IntToInt` conversion equals the target value**. In different types, `IntToInt` uses different casting methods. This rule is as follows: - `i8`/`u8` to `i8`/`u8`: do nothing. - `i8` to `i16`/`u16`: sign extension. - `u8` to `i16`/`u16`: zero extension. - `i16`/`u16` to `i8`/`u8`: truncate to the target size. The previous error was a mix of zext and sext. r? mir-opt
#120614 introduced a miscompilation; turns out this question poked at incorrect logic in the MatchBranchSimplification MIR pass.
#124122 is a WIP patch to fix this (and also contains a testcase that currently gets miscompiled), but as a critical soundness issue this deserves tracking nonetheless.
The text was updated successfully, but these errors were encountered: