<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - JumpThreading transformation breaks MemorySanitizer"
   href="https://bugs.llvm.org/show_bug.cgi?id=45220">45220</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>JumpThreading transformation breaks MemorySanitizer
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>libraries
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Scalar Optimizations
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>eugeni.stepanov@gmail.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>llvm-bugs@lists.llvm.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=23243" name="attach_23243" title="C source">attachment 23243</a> <a href="attachment.cgi?id=23243&action=edit" title="C source">[details]</a></span>
C source

JumpThreading may introduce use-of-uninitialized value where the original
program did not have one.

To reproduce with the attached source,
  clang -O2 1.c -S -emit-llvm

Note the source snippet:
  if (error == 0 && optype == 4 && s.v == -123)
    error = 22;

It is transformed into:
  %2 = phi i32 [ %.pre, %if.end.if.end9_crit_edge ], [ %dev, %if.else2 ]
  %error.1 = phi i32 [ 17, %if.end.if.end9_crit_edge ], [ %error.0, %if.else2 ]
  %optype.0 = phi i32 [ 4, %if.end.if.end9_crit_edge ], [ 417, %if.else2 ]
  %cmp10 = icmp eq i32 %error.1, 0
  %cmp11 = icmp eq i32 %optype.0, 4
  %or.cond = and i1 %cmp10, %cmp11
  %cmp14 = icmp eq i32 %2, -123
  br i1 %cmp14, label %3, label %4

The check for (s.v == -123) is executed before the two other checks.
This is wrong, because it is OK for s.v to be uninitialized when the && is
short-circuited.

This transformation happens in the jump threading pass.
Attaching IR before and after, test with
$ opt 1.ll -jump-threading -S -o -</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>