<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/108879>108879</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [clang 18] x86-64 miscompile with boolean conditions
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          liamwhite
      </td>
    </tr>
</table>

<pre>
    The following C++ code ([minimized from from this report](https://gitlab.com/inkscape/inkscape/-/merge_requests/6696))
```cpp
struct ToolBase {};
struct CanvasEvent {};
struct Desktop {
    ToolBase* tool;
};

bool start_root_handler(ToolBase* tool, const CanvasEvent& event);
bool tool_handler(const CanvasEvent& event, Desktop* desktop) {
    if (auto const tool = desktop->tool) {
        return start_root_handler(tool, event);
    }
    return false;
}
```
produces broken compiled output with clang 18.1.x ([compiler explorer](https://godbolt.org/z/dco6hfs8f)):
```x86asm
tool_handler(CanvasEvent const&, Desktop*):
        push    rbx
        mov     rbx, qword ptr [rsi]
        test    rbx, rbx
        je      .LBB0_1
        mov rax, rdi
        mov     rdi, rbx
        mov     rsi, rax
 call    start_root_handler(ToolBase*, CanvasEvent const&)@PLT
        jmp .LBB0_3
.LBB0_1:
.LBB0_3:
        test    rbx, rbx
 setne   cl
        and     cl, al
        mov     eax, ecx
 pop     rbx
        ret
```

The issue occurs on these lines
```x86asm
        setne   cl
        and     cl, al
 mov     eax, ecx
```
Only the low byte of the c register is clobbered by `setne   cl`. However, the optimizer seemingly assumes that the entire `c` register has been clobbered, and ends up moving garbage/undefined 32-bit data in the `mov     eax, ecx` line.
```
(gdb) si
(gdb) p $ecx
$5 = 2069502208
(gdb) p $eax
$6 = 2069502208
(gdb) p $cl
$7 = 0
(gdb) p $al
$8 = 0
```
This results in the function returning a nonsense non-boolean value which breaks the functions that call it.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJyUVk1z4ygQ_TX40mUXRrIiHXyI43HtYap2D7mnELQkJgg0gOxkfv0W-kgix5ndcbn0QXc_-r1GNNx7VRvEPdkdyO644n1orNtrxdtLowKuSitf948NQmW1thdlangg7EDYAYSVCITlZHdolVGt-oUSKmfb8RIa5cFhZ10guyNheRNC50lyT9iJsFOtgublRtiWsJMyz17wDpePa8JOLboanxz-7NEHT9gpy4qMsCL-6ZHQe5LR8S-6bhzxwfUiwKO1-sA9Ark7kLsjSQ4L8wM3Z-6_ndGELzyO6J-D7QbrMA4Ab6iE3UOwVr8FfQQYr6W1GnzgLjw5a8NTw43U6AjLP4GwBxDW-EVWhGWA40PxhjxgxpAPaL-LfJhZxKnk_FgsOakqlpH3wU5ZxAmAJMc5Yk2Sb2OeV5Hx5zD0ztwmOpP7xCMGRsXeXiaUimuPC02XRR5fO2dlL9BD6ewzGhC27ZRGCbYPXR_gokIDQnNTwzbfbDcv0zKd_BzgS6etQ3dzYVpZWh021tWEnX4RdpLCZk3l82pad8n9VVYvecZ9Ow5eFefjMhvEJSxbluUj4qxp1_tmUKV8WRpae4bZwB7g58U6CV1wQHYH51Xks_AP6MMH_094P3C8b74fDvRp-3kyx8dAqb5IRKqbwG92P9r5bBdc62j4rw8jRt0WryAp_ef74xWRtptIJKNhZjRLOxuvpf5SIY_BRHWEXgZwI4e7GFY217d546gbihmusx3cLKnDcHORj9e49SrvewQrRO88WAOhQY-glUH_m4U44_8hj68IXGX3t9GvMRHQ9gLla0Cw1fAuwGGtfEAHyoPQtizRoYTyFUhGPyST0Q38ZS94jpV_GGJtF4Y24sAjtsrU-hW4932LHkLDw-CEJiiHEUyQjL7P1nAPJcbdYJ5z4GUkoJEe-i5Si_2r5q7kdWwwvZFYKYMSErYuVQDJAwc1KBwnuKFFRgfhN7dLxvJalnGX9Op6pCO0ICx915Olu2GPZTQrdpQxmn8Vwt9Dsv8XMteasPRuiPiU4OTI3x3zheOS2OPYy32vg5_1qXojgrJm2rqjshyMNR6Nx_iwjs0KuYEz1z3CpVGigdIhf_YLgKm2w8agwmYl94kskoKvcL-9Y9lum-dptmr22yrN0zzBlKGgSc4qkaWUFRWlO5bKhK7UnlGW0mKbMZqkNNvIpMrvtmInKaIUMiMpxZYrvdH63MYNfjV8WvstzfO7YqV5idoPRyHGhvZBGIunIrePAeuyrz1JqVY--HeIoIIezk9zwyG7I7zk2TpLoVV-6jljT5oVEdZINXBf9U7vP52Mmn4-GcVpptu6c_YHihAPSTHteBqaMj_v2b8BAAD__wMO3Tk">