diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-07-17 09:10:43 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-07-17 09:10:43 +0200 |
| commit | f2ec263023649e596c5076df32c2d328bc9393d2 (patch) | |
| tree | 5dd86caab46e552bd2e62bf9c4fb1a7504a44db4 /results/scraper/fex/592 | |
| parent | 63d2e9d409831aa8582787234cae4741847504b7 (diff) | |
| download | qemu-analysis-main.tar.gz qemu-analysis-main.zip | |
Diffstat (limited to 'results/scraper/fex/592')
| -rw-r--r-- | results/scraper/fex/592 | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/results/scraper/fex/592 b/results/scraper/fex/592 new file mode 100644 index 000000000..e8b5227fc --- /dev/null +++ b/results/scraper/fex/592 @@ -0,0 +1,30 @@ +ConstProp RemoveUselessMasking pass breaks 8-bit test/jnz +In an application's use of zlib 1.2.3 (inflate_fast) compiled with MSVC, the following basic block is observed: + +```asm +mov r11d, [r9+rax*4] +mov eax, r11d +movzx edx, r11b +shr eax, 8 +movzx ecx, al +shr ebx, cl +sub r10d, ecx +test r11b, r11b +jnz short loc_141284962 +``` + +However, the following IR is generated for the test/jcc: + +``` + %ssa45(GPR0) i64 = Select %ssa11(GPR0) i32, %ssa42(Invalid4294967295), %ssa43(Invalid4294967295), %ssa44(Invalid4294967295), EQ, #0x8 + (%ssa46 i0) StoreFlag %ssa45(GPR0) i64, #0x6 + %ssa47(GPR1) i64 = Constant #0x0 + (%ssa48 i0) StoreFlag %ssa47(GPR1) i64, #0x0 + %ssa49(GPR1) i64 = Constant #0x0 + (%ssa50 i0) StoreFlag %ssa49(GPR1) i64, #0xb + (%ssa51 i0) InlineConstant #0x0 + (%ssa52 i0) CondJump %ssa45(GPR0) i64, %ssa51(Invalid4294967295), %ssa3(Invalid4294967295), %ssa4(Invalid4294967295), EQ, #0x8 + (%ssa53 i0) EndBlock %ssa2(Invalid4294967295) +``` + +`r11d` at this time contained a value `0x00410400`, which leads to the jump being incorrectly taken, for a 32-bit compare-to-zero is used as a jump condition. \ No newline at end of file |