<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/151104>151104</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Why does LLVM generate select ... -1 ... before operator new[] when array size < 1
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          guoxin049
      </td>
    </tr>
</table>

<pre>
    When compiling the following code targeting AArch64 with Clang/LLVM, I observed that the generated IR includes a select instruction that yields -1 when the array size is less than 1:
```
__attribute__((noinline)) uint32_t Get() {
    return 0;
}

uintptr_t Test() {
    const uint32_t len = Get();
    auto buf = new uint8_t[len]{0};
    return (uintptr_t)buf;
}
```
The IR:
```
%conv = zext i32 %0 to i64
%1 = icmp ult i64 %conv, 1
%2 = select i1 %1, i64 -1, i64 %conv
%call1 = call noalias noundef nonnull ptr @operator new[](unsigned long)(i64 noundef %2)
```
The ASM:
```
Get():
        mov     w0, wzr
 ret

Test():
        stp     x29, x30, [sp, #-32]!
        str x19, [sp, #16]
        mov     x29, sp
        mov     x0, #-1
        bl operator new[](unsigned long)
        mov     w1, wzr
        mov x2, #-2
        mov     x19, x0
        strb    wzr, [x0], #1
        bl memset
        mov     x0, x19
        ldr     x19, [sp, #16]
 ldp     x29, x30, [sp], #32
        ret
```

This seems to be generated from EmitCXXNewAllocSize in CGExprCXX.cpp, where -1 is used if the element count is less than 1.
https://github.com/llvm/llvm-project/blob/2780b8f22058b35a8e70045858b87a1966df8df3/clang/lib/CodeGen/CGExprCXX.cpp#L874-L878
https://github.com/llvm/llvm-project/blob/2780b8f22058b35a8e70045858b87a1966df8df3/clang/lib/CodeGen/CGExprCXX.cpp#L955-L962

Why is -1 used in this case?
Why -1 was chosen instead of, say, 0?
Does this implementation risk triggering excessive or unintended memory allocations under certain conditions?

</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJzMVk1v4zgP_jXKhUggy3ZsH3JI08lggM57mBm801sg23SsXUUyJLlJ--sXlJM2bbPA7m2LInLMr4cPKTLSe7U3iCuW37H8fibH0Fu32o_2pAzPqllt2-fV7x4NNPYwKK3MHkKP0Fmt7ZG-NbZFCNLtMdDX9do1_TKDowo9bLQ0eya2Dw___87EBr6BrT26J2wh9DJET3s06GTAFr79AGUaPbboQYJHjU0AZXxwYxOUNZPNs0LdepgncCRY5EI6J5_BqxcE5UGj96RqIGHpmvE1W_LzP1_vdjIEp-ox4G7HRMlEaawyWhlkomKiglGZkIpdgK8YokIFrLhjfA0A4DCMzgBnKb1hxT198jXZDMHtAvxC_9mqscaHN8caDbD0_i3A5I005Rgs1GMX5QaP0ajcBZbfaTQsv2fFHaew6QdETJSvIJio6rF7B_GKgV89wrcfn5lhIm-seYqRX_AUQKUCmMg5BAtqmU0qSZSr5jDAqAO9h7Mh1TeZlERUuhQwIY2ExKQ9f3262E2hpdaTb3oCY6VW0oOxo2mxA2ONGbWGIThgGbcDtYx1RNHUuZS_ib3cgrbUdBUTJYW5uCBc9PYzG-uf3z_TcVWc9Zlq-jvYp3geOaVxfHEkcximPnir_nsrH4Z4ngjVBk5ptGb5nR_ig0jnqYhZJO-sHJyS6qNqsiTNz5DOzv1wS8Yvca4D1Br-GZM38k-u8r-SncQlkLgFY8rmxN9nWUePL-6c6YlHGFOy7-Ee8OAj2bcTJP9vMt2666g3OdTt31fmFUR6ncu52Nc3h9pIefCIB0-3pb6eap2zB_hyUGHz-Pg_PK61ts3POKoMbL5-OQ1u8_i4aIYI7dijQ5ptysPosQXVxQmHGg9oAjR2NOHDkFswvu5DGDz1nNgysd2r0I_1orEHJrZaP12O-eDsH9gEJra1tjUTW1GUvC47IXhe1mkuSyw4z_IyL-uykEm1XLZd2XYpE9vmPMu1IsONbfErGnp6n0P6UBbZ_KEsyv8YrCrP5w_VUkwF-90_E43z5EwzLRLloZEeWbo9K9COkR6a3no0cROhbMF28ZrJZzr4pH1v0U8e1GGYaiXjynLK_wnBqf0eHa1HPDXovXpCsA5Go0xA02JLjW3dM0jqjmjpgcaWgwZdkIrWr2lVFEwRZ-0qbau0kjNcJUWeFkWZFWLWr3hbJHyZV2la5GVTdVnepXlby0yWTVLlxUytBBc5L0TFyyxJxKKs06YtsWjyjpdpLlnG8SCVXlBxFtbtZ8r7EVdJniQ8m2lZo_bxF4MQtKOilAkaYDO3ihWtx71nGdfKB__mJqigcUXMtsQX_Sp4vSiXdbFYLIh3OmrsrMMbI2ra_Fdbn6UbSGaj06t_3XERvGdie87uaSX-CgAA___lmKZl">