Closed ercoppa closed 1 year ago
Nice find! And thanks for all the debug information :blush:
I'm wondering if _sym_build_bool_to_bits
is doing more than necessary :thinking: How about we make it return an expression for i1
unconditionally, which we then feed to either _sym_build_sext
or _sym_build_zext
? The downside would be an additional call into the runtime, but since there's no branching the CPU should be able to handle it rather well. And the code would fit nicely into visitCastInst
... What do you think?
Your example is a really nice candidate for the test suite too. I can add it with the fix.
I have made PR #110. Let me know it if ok :)
Consider this example (inspired by a real-world code):
Clang for
bar
will emit with-O1
(when using-O2
, the functionbar
is inlined, hiding the bug):Notice the
sext
operation. When instrumenting with SymCC, we get:The problem is that
_sym_build_bool_to_bits
builds an If-Then-Else likeif (cond, 0x0...01, 0x0...0)
which is correct only in case of azext
operation but not for asext
operation. Indeed, SymCC is not able to generate an alternative input on the example:One possible fix could be to provide, e.g.,
_sym_build_bool_to_sign_bits
and use it invisitCastInst
for thei1
case iff the instruction isInstruction::SExt
.Let me know if you want a PR along this direction or if we should design a slightly different fix.