https://bugs.kde.org/show_bug.cgi?id=381326
--- Comment #1 from John Reiser <jrei...@bitwagon.com> --- Using reasoning that is similar to that the NOT_EQUAL operator (not_equal in any bit position that is initialized, implies not_equal in the whole word, regardless of uninit bits in other positions), then the "read-only" operator EQUAL_TO_A_CONSTANT can *change* the initialization status of bits in memory. One version of actual code {loop(j): if (rv[j] != 0) rv[j] = 0)} for i386 is 0xe10102 <__malloc0+27>: add $0x3,%ebx // length in bytes 0xe10105 <__malloc0+30>: xor %edx,%edx // j = 0; 0xe10107 <__malloc0+32>: shr $0x2,%ebx // length in words 0xe1010a <__malloc0+35>: cmp %edx,%ebx 0xe1010c <__malloc0+37>: je 0xe1011e <__malloc0+55> // array is empty 0xe1010e <__malloc0+39>: cmpl $0x0,(%eax,%edx,4) // if (0==rv[j]) 0xe10112 <__malloc0+43>: je 0xe1011b <__malloc0+52> // already 0 0xe10114 <__malloc0+45>: movl $0x0,(%eax,%edx,4) // rv[j] = 0; 0xe1011b <__malloc0+52>: inc %edx // ++j; 0xe1011c <__malloc0+53>: jmp 0xe1010a <__malloc0+35> If the branch is taken in 0xe1010e <__malloc0+39>: cmpl $0x0,(%eax,%edx,4) // if (0==rv[j]) 0xe10112 <__malloc0+43>: je 0xe1011b <__malloc0+52> // already 0 then we know that the word in memory at address (%eax,%edx,4) is zero. In particular: ALL ITS BITS ARE NOW KNOWN TO BE INITIALIZED, regardless of previous state! So there were NO writes to memory, but the V bits must now be all 1's (signifying initialized), even if previously some of them were 0 (signifying uninitialized). So, EQUAL_TO_A_CONSTANT erases Uninitialized. -- You are receiving this mail because: You are watching all bug changes.