<html>

    <head>

      <base href="http://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - Use of unspecified value wrongly optimized to undefined behavior."

   href="http://llvm.org/bugs/show_bug.cgi?id=16047">16047</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Use of unspecified value wrongly optimized to undefined behavior.

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>new-bugs

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>new bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>patrik.h.hagglund@ericsson.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvmbugs@cs.uiuc.edu

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>The LLVM optimizers seems to be too aggressive, transforming the use of an

unspecified value into undefined behavior. Consider the following program:

#include <stdio.h>

#include <string.h>

#include <stdbool.h>

int main(void) {

  int *obj; // obj is initialized to an indeterminate value (either an

            // unspecified value or a trap representation) 6.7.9 section 10

  typedef unsigned char byte_t;

  byte_t *begin = (byte_t *)&obj; // 6.3.2.3 section 7

  byte_t *end = begin + sizeof(obj);

  byte_t cbuf[sizeof(obj)];

  // Copy obj, byte by byte, into cbuf.

  // This is the object representation of obj. We only access obj

  // through 'unsigned char'. Therefore, the indeterminate value of obj is now

  // only read as unspecified values (i.e. no undefined behavior).

  // 6.2.6.1 section 4

#if 0

  memcpy(cbuf, &obj, sizeof(obj));

#else

  for (byte_t *ip = begin, *bp = cbuf; ip < end; ++bp, ++ip)

    *bp = *ip;

#endif

  // Check the result.

  // Here, we also only use 'unsigned char'. No undefined behavior.

  bool t = true;

  for (byte_t *ip = begin, *bp = cbuf; ip < end; ++bp, ++ip) {

    t &= *bp == *ip;

    printf("%02x ", *bp);

  }

  printf("\n%d\n", t);

  return 0;

}

Compiling this with clang -std=c11 -O3 (on x86_64) gives SIGSEGV at the first

dereference of ip, despite that this program do not expose any undefined

behavior.

The problem seems to be this IR:

  %ip.039 = phi i8* [ %incdec.ptr1, %for.body ], [ undef, %middle.block ]

  %4 = load i8* %ip.039, align 1, !tbaa !0

(I don't know which optimization pass that produce this 'undef'.)</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>