https://bugs.kde.org/show_bug.cgi?id=404054
--- Comment #3 from Mark Wielaard <m...@klomp.org> --- We can fix this by rewriting the subfe translation from: rD = (log not)rA + rB + XER[CA] to rD = rB - rA - (XER[CA] ^ 1) diff --git a/VEX/priv/guest_ppc_toIR.c b/VEX/priv/guest_ppc_toIR.c index e207642..00ae6df 100644 --- a/VEX/priv/guest_ppc_toIR.c +++ b/VEX/priv/guest_ppc_toIR.c @@ -5361,11 +5361,15 @@ static Bool dis_int_arith ( UInt theInstr ) flag_OE ? "o" : "", flag_rC ? ".":"", rD_addr, rA_addr, rB_addr); // rD = (log not)rA + rB + XER[CA] + // ==> + // rD = rB - rA - (XER[CA] ^ 1) assign( old_xer_ca, mkWidenFrom32(ty, getXER_CA_32(), False) ); - assign( rD, binop( mkSzOp(ty, Iop_Add8), - unop( mkSzOp(ty, Iop_Not8), mkexpr(rA)), - binop( mkSzOp(ty, Iop_Add8), - mkexpr(rB), mkexpr(old_xer_ca))) ); + assign( rD, binop( mkSzOp(ty, Iop_Sub8), + binop( mkSzOp(ty, Iop_Sub8), + mkexpr(rB), mkexpr(rA)), + binop(mkSzOp(ty, Iop_Xor8), + mkexpr(old_xer_ca), + mkSzImm(ty, 1))) ); set_XER_CA_CA32( ty, PPCG_FLAG_OP_SUBFE, mkexpr(rD), mkexpr(rA), mkexpr(rB), mkexpr(old_xer_ca) ); This produces: t3 = GET:I64(88) t4 = GET:I64(88) t6 = 32Uto64(And32(8Uto32(GET:I8(1323)),0x1:I32)) t5 = Sub64(Sub64(t4,t3),Xor64(t6,0x1:I64)) Where the Sub64(t4,t3) is recognized as being just zero, so we get: t3 = GET:I64(88) t24 = 32Uto64(And32(8Uto32(And8(32to8(1Uto32(CmpLE64U(t2,0x0:I64))),0x1:I8)),0x1:I32)) t28 = Sub64(0x0:I64,Xor64(t24,0x1:I64)) And nothing relies on the original (potentially) uninitialized register. With this both the reproducer as the larger C++ program using unique_ptr don't produce any errors anymore under memcheck. -- You are receiving this mail because: You are watching all bug changes.