[valgrind] [Bug 404054] Recognize powerpc subfe x, x, x to initialize x to zero or -1 based on CA

Thu, 07 Feb 2019 05:10:16 -0800 

https://bugs.kde.org/show_bug.cgi?id=404054

--- Comment #3 from Mark Wielaard <m...@klomp.org> ---
We can fix this by rewriting the subfe translation from:

rD = (log not)rA + rB + XER[CA]

 to

rD = rB - rA - (XER[CA] ^ 1)

diff --git a/VEX/priv/guest_ppc_toIR.c b/VEX/priv/guest_ppc_toIR.c
index e207642..00ae6df 100644
--- a/VEX/priv/guest_ppc_toIR.c
+++ b/VEX/priv/guest_ppc_toIR.c
@@ -5361,11 +5361,15 @@ static Bool dis_int_arith ( UInt theInstr )
              flag_OE ? "o" : "", flag_rC ? ".":"",
              rD_addr, rA_addr, rB_addr);
          // rD = (log not)rA + rB + XER[CA]
+         //    ==>
+         // rD = rB - rA - (XER[CA] ^ 1)
          assign( old_xer_ca, mkWidenFrom32(ty, getXER_CA_32(), False) );
-         assign( rD, binop( mkSzOp(ty, Iop_Add8),
-                            unop( mkSzOp(ty, Iop_Not8), mkexpr(rA)),
-                            binop( mkSzOp(ty, Iop_Add8),
-                                   mkexpr(rB), mkexpr(old_xer_ca))) );
+         assign( rD, binop( mkSzOp(ty, Iop_Sub8),
+                            binop( mkSzOp(ty, Iop_Sub8),
+                                   mkexpr(rB), mkexpr(rA)),
+                            binop(mkSzOp(ty, Iop_Xor8),
+                                  mkexpr(old_xer_ca),
+                                  mkSzImm(ty, 1))) );
          set_XER_CA_CA32( ty, PPCG_FLAG_OP_SUBFE,
                           mkexpr(rD), mkexpr(rA), mkexpr(rB),
                           mkexpr(old_xer_ca) );

This produces:

 t3 = GET:I64(88)
 t4 = GET:I64(88)
 t6 = 32Uto64(And32(8Uto32(GET:I8(1323)),0x1:I32))
 t5 = Sub64(Sub64(t4,t3),Xor64(t6,0x1:I64))

Where the Sub64(t4,t3) is recognized as being just zero, so we get:

 t3 = GET:I64(88)
 t24 =
32Uto64(And32(8Uto32(And8(32to8(1Uto32(CmpLE64U(t2,0x0:I64))),0x1:I8)),0x1:I32))
 t28 = Sub64(0x0:I64,Xor64(t24,0x1:I64))

And nothing relies on the original (potentially) uninitialized register.

With this both the reproducer as the larger C++ program using unique_ptr don't
produce any errors anymore under memcheck.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to