<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/63159>63159</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            The check on a pointer in linux kernel code is removed with undef optimizations
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          linkeLi0421
      </td>
    </tr>
</table>

<pre>
    clang version : LLVM 16.0.5 Release
linux kernel version : 5.17.4
Hello
When I am using clang to compile linux kernel after modifying some options, I got wired result. I think it is a bug.

In linux-5.17.4/arch/x86/kernel/unwind_orc.c

```
static struct orc_entry *orc_find(unsigned long ip)
{
  ...
        /* Module lookup: */
        orc = orc_module_find(ip);
        if (orc)
                return orc;

        return orc_ftrace_find(ip);
}
```

I got binary that removes `if (orc) `check.  So I use `--print-after-all` to observe the IR code, the initial IR  code below use a store and load to copy the return value of @orc_module_find() to static variable **orc**. Then let **orc** to compare with NULL, and branch. 

```
%163 = call %struct.orc_entry* @orc_module_find(i64 noundef %162) #13, !dbg !5262
store %struct.orc_entry* %163, %struct.orc_entry** @orc_find.orc, align 8, !dbg !5263, !tbaa !4238
%164 = load %struct.orc_entry*, %struct.orc_entry** @orc_find.orc, align 8, !dbg !5264, !tbaa !4238
%165 = icmp ne %struct.orc_entry* %164, null, !dbg !5264
br i1 %165, label %166, label %168, !dbg !5266
```

However, after InstCombinePass, this piece code is optimized to 

```
%160 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %117, i64 %159, !dbg !5016
store %struct.orc_entry* %160, %struct.orc_entry** @orc_find.orc, align 8, !dbg !5013, !tbaa !4267
br i1 false, label %161, label %162, !dbg !5014
```

I try to find out why by looking up llvm source code, then I find this function. As the comment suggests, it seems that because instruction `store %struct.orc_entry* %160, %struct.orc_entry** @orc_find.orc`, llvm think %160 can't be null, and set the condition to false, then transfer it to unconditional branch eventually.

```
In llvm/lib/Analysis/ValueTracking.cpp
static bool isKnownNonNullFromDominatingCondition(const Value *V,
 const Instruction *CtxI,
 const DominatorTree *DT) {
  ...
    // If the value is used as a load/store, then the pointer must be non null.
 if (V == getLoadStorePointerOperand(U)) {
      const Instruction *I = cast<Instruction>(U);
      if (!NullPointerIsDefined(I->getFunction(),
 V->getType()->getPointerAddressSpace()) &&
          DT->dominates(I, CtxI))
        return true;
    }
  ...
}
```

</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJysV09v4zoO_zTKhahhy7GTHHLItC94wfbNPsx0useBLDOOtrJkSHI62U-_oOS06d_dwxRBE1kU-eOPFEkL71VnENes-sKqm5kYw8G6tVbmAW9VPufFrLHtaS21MB0c0XllDbByA7e3939BUWd5VsE31Cg8svyG5RutzPgLHtAZ1C9OVFmxyOZJ6E_U2qaf_zqggR2IHkavTAfJVLAgbT8ojfBCodgHdNDbVu1PJO1tj2CHoKzxjF_DDjob4FE5bMGhH3XIYAfhoMwDqADKg4Bm7LJkO_3fmWTjakLIt8LJA-PbX8ua8W2yzPh2NI_KtD-tk5m8PM_qfPrEpQ8iKAk-uFEGsE7-RBPcCRjf0GKvTMv4cjSR-Ra0NR2ogfHVpG3xJf0AyLInnCvGt4xv4C_bjsSJtQ_jQKwyvqGts5h1Elh5E832UfZsMJkovzyJqj0wvrROPpvOVyxfOQyjM6ThQnraft77uQ9OyI-0L27epWbiO8aoUUa4E4SDCOCwt0f0wOr8EhWt5QHlQwbw3cIORo_07OpqcMqEq5gMV0JrVueUMbbx6I4I4YCw-wbStkg5QUtlVFBC0-P4HBrU9jEqFOCDdQjCUDBEm3JvOMVzk8NHoUcEuwc2z99SS1CDhSnwR-GUaDSm0GyiK_QjgztKdY3h9c4524VDeFThAF9_3N4ScoLUOGHkIYNPMo7xqqjLGHcptAbGq5R92VP2kZV3sat6DsaOpkUivipqHonnZVESAsaLtunoq-I1Pyc40fWRkYglHX1P4AIIIcgiCdcgtOoMLN-YPIMIjRD0Pefl8sLpeXQ6Ru0jc78JyPxzIFUEomQ_gPmcm6jIjFq_YyLqaxyoIslWJKNFgzqt61frtzDrT-7dn_YRj-iil7GM7owP17ZvlMG_hffprigPg0KJ6ZooH6trr_6D8WL8ryzMIw8dBtTYowlDcKBMQwnm36flo_hED4sFCVCO0qpavfI3L-r_NyXz35QJefE2JevFZeT2Qnt8Faji1Zq_0Tr_tGBS_wgWCB7YMcDj4QTNKbYB6oLjAFofe_B2dFPkpsJHrTWeioHdj0ZSq8xg42N5k7anKIEfuw59iCmgAnjE3qfS3KAUVCWVSczFbl7nv53wJB-9SN16SicpDOMLwvF0aagqegyTA6ZVERTRc2Y-Oh6cMH6PjhwKFkbzJCv0VFUBj2jCKLQ-ZZ9kNg0I-tgzvtWqYXy7MUKfvPKMb--pMdw5ISkOmRyGFzNAY60G5f9h7KP5as3XUeuts_2N7ZURQZnu-gyJ8aW0xgeICqlB3DN-PQ0CaWd3GQG-uQ6_dq9FJsXW3TmMSm7uYjV_Z6QAAIgzxRZ2-0hl6nHKU1NsQdCkRIWV8W0M9jOvB4TBKhMHsdGn0FgTw3NWnrr4PRWDqR7cWtF-Jz1_p6P_HNCJ2IF-0OTwEiX9vev0bmpyPrDy-mKPlX-cNZUvtCQgjBfE_WR6529wrwyS8d0VK__oMGynm5G6-TOv99P-3WnAtDc9mHRt2tah998HIfF8ltpnTZ8LHPR3c0dn2xQj9GSdSE2BXD1NYWfxafQIbsQXTj0NV5cD4gcD16xdl-2qXIkZrot6WRdFveLV7LBuGsGbUorFYtUKuaq4rIuVWJYL3mBb8tVMrXnOy7zOF3k1X86rrFrWzWo1lzVftk0tlmyeYy-UzuhqZNZ1M-X9iOu6LKrVLNY6H18rODf4CHGTcU5vGW5NZ66asfNsnmvlg3_WElTQuL6ju02jH1gD4inflHn5OnDuUWmAbNP0lIaZqW2J-GowG51eH0IYPCs3Ke07FQ5jk0kb7_V0vQnW4Oy_UQbGtxEz3fLo038DAAD__2eL9jI">