|
From: Will S. <wil...@vn...> - 2016-07-27 14:56:55
|
Hi,
I've been looking at the doCmpORD function, with the intent of fixing
the problem we see on ppc64 where we get a false positive on
"Conditional jump or move depends on uninitialized value(s)".
This currently occurs in the test memcheck/tests/bug340392.c on power,
and variations of this same issue are reported in two bugs, 330617 and
352364.
I admit that I'm still working to understand the code here, and how it
works, hence the questions that follow. :-)
A comment in 352364 ...
>> I'd bet we need a more precise version of CmpORD64S.
> I agree. There is in fact special-case handling already
> for CmpORD{32,64}{S,U} for the case where the second
> argument is a constant zero, but in this case it is a
> constant 0xCD, so it doesn't apply.
And a comment in 330617 ...
> It might be possible to extend the special-casing to
> situations where the 2nd argument is exactly a power
> of 2. That would cover this case.
this makes me wonder if this may be as simple as adding a special case
based on whether yy is actually a constant. This is assuming that if
the value is constant, an assumption can be made that all the bits for
yy are defined.. so would try to use some form of PCast#(0) in place of
yy in that branch of the code.
i.e. " else if (yy->tag == Iex_Const) { ...".
As reference, the code is roughly: (mc_translate.c:doCmpORD() )
if (syned && isZero(yy)) {
/* if yy is zero, then it must be fully defined (zero#). */
threeLeft1 = m64 ? mkU64(3<<1) : mkU32(3<<1);
return binop(opOR,
assignNew( 'V', mce,ty, binop(opAND,
mkPCastTo(mce,ty, xxhash),
threeLeft1)),
assignNew( 'V', mce,ty, binop(opSHL,
assignNew( 'V', mce,ty, binop(opSHR,
xxhash,
mkU8(width-1))),
mkU8(3)))
);
/* standard interpretation */
sevenLeft1 = m64 ? mkU64(7<<1) : mkU32(7<<1);
return binop(
opAND,
mkPCastTo( mce,ty, mkUifU(mce,ty, xxhash,yyhash)),
sevenLeft1);
|