<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/105985>105985</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [SimplifyCFG] After optimizing undefined behavior that requires multiple conditions to be judged, there will also be logic errors in the generated code.
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          GkvJwa
      </td>
    </tr>
</table>

<pre>
    We are using clang to compile and run the following code under release, and unexpectedly find that there will be no crash, and it continues to run.
```

#include <stdint.h>
#include <stdio.h>
#include <memory>
#include <string>
#include <vector>

class Handler {
 public:
  explicit Handler() = default;

  Handler(const Handler&) = delete;
  Handler& operator=(const Handler&) = delete;

  ~Handler() = default;

 void SetTag(const std::string& tag) { tag_ = tag; }
  bool IsRunning() { return is_running_; }
  void SetIsRunning(bool is_running) { is_running_ = is_running; }

 private:
  std::string tag_;
  bool is_running_ = false;
};

class HandlerManager {
 public:
 std::shared_ptr<Handler> Func() {
    std::shared_ptr<Handler> handler_ptr;
    for (auto item : handler_list_) {
      if (item->IsRunning()) {
        continue;
      } else {
 handler_ptr = item;
        break;
      }
    }

    if (handler_ptr == nullptr && handler_list_.size() < max_task_cout_) {
 printf("handler_list_.size:%d max_task_cout_:%d\n", handler_list_.size(),
             max_task_cout_);
      handler_ptr = std::make_shared<Handler>();
      std::string tag = "handler_" + std::to_string(tag_max_++);
      handler_ptr->SetTag(tag);
 handler_list_.emplace_back(handler_ptr);
    }

 handler_ptr->SetIsRunning(true);
    return handler_ptr;
  }
  
 private:
  int64_t tag_max_ = 0;
  int max_task_cout_ = 1;
 std::vector<std::shared_ptr<Handler>> handler_list_;
};

int main() {
  HandlerManager hm;
  for (int i = 0; i < 5; i++) {
 hm.Func();
  }
  return 0;
}

```

The reason is that ```handler_list_.size() < max_task_cout_``` is assumed to be true under release.

After optimization in llvm ir
```
  %sub.ptr.div.i = ashr exact i64 %sub.ptr.sub.i, 4, !dbg !2922
  %max_task_cout_ = getelementptr inbounds nuw i8, ptr %this, i64 8, !dbg !2912
  %27 = load i32, ptr %max_task_cout_, align 8, !dbg !2912
  %conv = sext i32 %27 to i64, !dbg !2912
  %cmp = icmp ult i64 %sub.ptr.div.i, %conv, !dbg !2912
  tail call void @llvm.assume(i1 %cmp), !dbg !2912
 #dbg_value(ptr %handler_list_, !2913, !DIExpression(), !2923)
 #dbg_value(ptr %handler_list_, !2916, !DIExpression(), !2923)
```

But if we change the code here to the following, it will conform to its own logic and will crash.
```
    if (handler_ptr == nullptr && handler_list_.size() < max_task_cout_) {
-->
    if (handler_list_.size() < max_task_cout_ && handler_ptr == nullptr) {
```

further analysis, It was found that when two expressions are exchanged, the generated code is different and will not be executed here
https://github.com/llvm/llvm-project/blob/1193f7d6487d2d94009f8d8d27da3907136482b9/llvm/lib/Transforms/Utils/SimplifyCFG.cpp#L7845-L7855
As a result, the expression will not be considered to be necessarily true

Therefore, I personally think that this optimization should not be used in situations where multiple conditions need to be checked (complex expressions may not be able to be judged simply). or directly consider the entire expression to be true to better discover undefined behavior
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJy8WM2S4jgSfhpxySgCZGzMgUMV1TXbG7OXnd7YIyFbaawpWfJKMhRz2GffkPyDbajp7j1MRQUYlPllKn8-KWHWipNC3JP4hcSvC9a4Upv9L-_nv1_YItP8uv83AjMIjRXqBLlk6gROQ66rWkgEpjiYRoErEQotpb4EMc0RGsXRgEGJzCKhhyDbKPyoMXfI5RUKoTi4kjmvbhAuQkrIEJSG3DBb9krCQa6VE6pB642bRi3J6pWsnkmy6v7bj-0rjYTKZcMRSHSwjgvlliWJvny2rD9drbDS5vqpqhHq9MniGXOnzW0xvOaSWQt_Y4pLNEC2L-3XUDeZFDmJOjEA_KilyIXrZQlNCd0BiV6BY8Ea6Uj0MkaGkWSulR1pJjdNiQ4HxZFKArpGw4LDrz-O0OP894e9PGvB4Td039hpMGMd9zuPnrt40gScX975APnHY0D030UvQLavvdlMawlf7T8bpYJe2usYdI1RIOzRtGvHmWbvxlg5oN1UeqwRSHBjJDHG7BNpxJn5CA2xme0u7GeUgpnV1kbBpB1Fefs6C-OkjP7BFDv9aTXdXCiZQX6snSHRoc9Z9AXeGpXfwte7Bt9XLNvHdmGkWGgDhKascRqEwwpI9DwIS2Hd8c4WgCi8jhd_ItGXWV4fyMNAChPb4JMCKC2OFEaOtll0WM20ADKD7P0e6_Zxnu3B6Rm8t6AaKcNH3z3JdPNLK_7AoVkOULGPo2P2_ZjrZh6a2gjliiBMH4BEz4TGfI7QfkvigyKUehb9zDyhh2kMwt-dP7OgzKM51EnF3vHYFsukUDpjU5QHnRHQRhsllAKhLzdRp489S6S-k7ynhL6E_z_x0hfUwDotudyEp7HBqpYsx2PG8vdpZucW5tVwb29cw840OEfoeOpxF40q71NyEcolm6ODPhQhfqsRiFBuls0gsr6JDKHtD6zD97p-3PhtL3_OVK19oe7ZZcZe5bgdO_rwymLYUng8QBweh5yPe7xa3ojscSC7gK8mHo9vDo-uE99KBIPMan-itNeVQe5n2rrX8SjM2qZC7i8zGYKvjel1aTl24LlwaEDXTlTiD-aEd0SBlOcKhHnoOAChsW2yZe3Mkovzsg0js6UB_GC5A5FsxjL-XXii2PgXQtc8O_k3uqN0BPmglE7oUGKFynk2ECrTjeIWVHMBkXqwlgRjVwrrP3rD6dzIemyEbgOw1IyDiOgIY85LB2BSnNR38HKtzi1N4YfziJ0RfzYld_udqlZ1e1z4h0behS2EtkUIZj4Hc0xIyJmU7d2DbFY-f8u2Dnytrzt7LSk_RiE04tnpeGbSc0naRWV2rh46pah7fP365aM2aK3QaiD9LreR__R_YCc_hf2wq14a5w_PC0JeMnXCMEGEuSGMAk5PR4pQOq6dEHKtCm2qkEBnQV8USH0SeZgVWgk_PTweEf6KQ_vpabj335v7AbC5_XsPJ-YexrdojB-qgCkmr7btva8OLsxC4Vu0JbJLiQrcRfuBo8ujDeMefrRp4V7PZ-KEyk8IyNskCQtcFAUaVO4Wd6Wd5zP8wLzxoj6VrTulc7UN95I3Qt9OwpVNtsx1Reibb4Tu7ak2-nfMHaFvmdQZoW_r9S4qtjzZpFtO-W6zWu2KlKecbjmLdqvtOko2Kc12Ixzh9b4ZpqyvEkvo27-ckP79N1HVUhTXw9svy7yuCY1-3aab-OnXbRrHHddaYGDQ-tml2_ktNJNN-uFFcDQDiyvM0VpmhLwGRp-dIQYLbcIc_BVqNFYrJr1kKdR7PwQLO6V5W-pG8t5iY5F75rfCNWHd-vwZhKqRTtQy-MRFu6JwcCwvMX9HDmHiqmqJH5N0V-zaW2CZxE7p94afkIP1IbsSuluCNsCFwdzJ67D5NkDKCTOJ0-hYC4_OH2Bc2Fyf0YSTrhAKOWRYsrPQZsH3Ed9FO7bA_XpLN_Funa7jRblPtpt8m2Q7mtLVbpdsdvEm4VvcxSluNjRJFmJPV3SzSmm8jtZJHC-TNY9W23gdpQnN4yQjmxVWTMhl4FttTgthbYP79SrepfFCsgylDT9_UKrwAmHV35rj14XZh6LMmpP1hC2sszcYJ5wMv5uMqorErzA5rf299n67bboN_qcRBu3D9I2T0BVi_wMJkzYstpyHxmhjfVncd-ly0Ri5_-nWCyHw_dLF6Lyn_wsAAP__SbF8bg">