https://bugs.kde.org/show_bug.cgi?id=381326
--- Comment #1 from John Reiser <jrei...@bitwagon.com> ---
Using reasoning that is similar to that the NOT_EQUAL operator (not_equal in
any bit position that is initialized, implies not_equal in the whole word,
regardless of uninit bits in other positions), then the "read-only" operator
EQUAL_TO_A_CONSTANT can *change* the initialization status of bits in memory.
One version of actual code {loop(j): if (rv[j] != 0) rv[j] = 0)} for i386 is
0xe10102 <__malloc0+27>: add $0x3,%ebx // length in bytes
0xe10105 <__malloc0+30>: xor %edx,%edx // j = 0;
0xe10107 <__malloc0+32>: shr $0x2,%ebx // length in words
0xe1010a <__malloc0+35>: cmp %edx,%ebx
0xe1010c <__malloc0+37>: je 0xe1011e <__malloc0+55> // array is
empty
0xe1010e <__malloc0+39>: cmpl $0x0,(%eax,%edx,4) // if (0==rv[j])
0xe10112 <__malloc0+43>: je 0xe1011b <__malloc0+52> // already 0
0xe10114 <__malloc0+45>: movl $0x0,(%eax,%edx,4) // rv[j] = 0;
0xe1011b <__malloc0+52>: inc %edx // ++j;
0xe1011c <__malloc0+53>: jmp 0xe1010a <__malloc0+35>
If the branch is taken in
0xe1010e <__malloc0+39>: cmpl $0x0,(%eax,%edx,4) // if (0==rv[j])
0xe10112 <__malloc0+43>: je 0xe1011b <__malloc0+52> // already 0
then we know that the word in memory at address (%eax,%edx,4) is zero. In
particular: ALL ITS BITS ARE NOW KNOWN TO BE INITIALIZED, regardless of
previous state! So there were NO writes to memory, but the V bits must now be
all 1's (signifying initialized), even if previously some of them were 0
(signifying uninitialized). So, EQUAL_TO_A_CONSTANT erases Uninitialized.
--
You are receiving this mail because:
You are watching all bug changes.
