Bug 401112

Summary: LLVM 5.0 generates comparison against partially initialized data.
Product: [Developer tools] valgrind Reporter: Nicolas B. Pierron <nicolas.b.pierron>
Component: memcheckAssignee: Nicolas B. Pierron <nicolas.b.pierron>
Status: REPORTED ---    
Severity: normal CC: jseward, nicolas.b.pierron
Priority: NOR    
Version First Reported In: 3.14 SVN   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: Spec rule for SUBL-Cond{BE,NBE} with ((1 << N) - 1) immediate
Spec rule for SUBL-Cond{BE,NBE} with ((1 << N) - 1) immediate
Spec rule for SUBL-Cond{BE,NBE} with ((1 << N) - 1) immediate

Description Nicolas B. Pierron 2018-11-16 16:58:30 UTC 
Created attachment 116354 [details]
Spec rule for SUBL-Cond{BE,NBE} with ((1 << N) - 1) immediate

SUMMARY
https://bugzilla.mozilla.org/show_bug.cgi?id=1489572#c47

LLVM 5.0 generates SUBL {CondBE / CondNBE} with power of 2 minus 1 immediate, to compare the high bits of data structures, where the bottom of the data structure might have undefined bits.

The attached patch copies the spec rule which were added previous and changes the way N is computed, based on the ((1 << N) - 1) pattern instead. Testing on the initial issue seems to fix the problem.

STEPS TO REPRODUCE
1. https://bugzilla.mozilla.org/show_bug.cgi?id=1489572#c47

OBSERVED RESULT
Conditional jump or move depends on uninitialised value(s)

EXPECTED RESULT
Nothing.
Comment 1 Nicolas B. Pierron 2018-11-20 16:54:09 UTC 
Created attachment 116428 [details]
Spec rule for SUBL-Cond{BE,NBE} with ((1 << N) - 1) immediate

This is an updated version of the patch which merges both branches as they produce the same test.
Comment 2 Julian Seward 2018-11-21 08:02:33 UTC 
Created attachment 116436 [details]
Spec rule for SUBL-Cond{BE,NBE} with ((1 << N) - 1) immediate

With commoning up of the isU64_1_shl_N .. routines.