[LLVMbugs] [Bug 21084] New: Right-hand side of logical expression gets speculated, causing jump on uninitialized value
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Fri Sep 26 16:30:34 PDT 2014
http://llvm.org/bugs/show_bug.cgi?id=21084
Bug ID: 21084
Summary: Right-hand side of logical expression gets speculated,
causing jump on uninitialized value
Product: clang
Version: unspecified
Hardware: PC
OS: Windows NT
Status: NEW
Severity: normal
Priority: P
Component: -New Bugs
Assignee: unassignedclangbugs at nondot.org
Reporter: hans at chromium.org
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
Consider the following:
void f();
bool ReadInt(int*);
void test() {
int local;
if (ReadInt(&local) && local < 8 && local >= 0)
f();
}
Compiled with Clang r218435:
$ bin/clang -O3 -S -o - /tmp/a.cc
.cfi_startproc
# BB#0:
pushq %rax
.Ltmp0:
.cfi_def_cfa_offset 16
leaq 4(%rsp), %rdi
callq _Z7ReadIntPi
cmpl $7, 4(%rsp) <---- Cmp with uninitialized stack value
ja .LBB0_3 <---- Valgrind gets upset
# BB#1:
testb %al, %al <---- Return value of ReadInt checked here
je .LBB0_3
# BB#2:
callq _Z1fv
.LBB0_3:
popq %rax
retq
While the asm looks like it works in practice, Valgrind (and I'd guess other
tools too) get upset about jumping based on an uninitialized value.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20140926/fab3c01e/attachment.html>
More information about the llvm-bugs
mailing list