Thank you, John and Phillippe, for your replies.
First, to John:
Valgrind actually does know that a conditional move is a functional
operation and not a conditional branch. So if you can convince your
compiler to emit conditional moves, Valgrind will simply "taint" the output
instead of emitting
> I am not sure to understand how you will differentiate the above
> if (a > 0)
> b = a;
> else
> b = 0;
>
> from
> if (a > 0) {
> b = a;
> launch_all_missiles();
> } else
> b = 0;
Because the first paragraph is equivalent to "b = max(0, a);"
which has
On Thu, 2016-11-03 at 15:36 -0700, Patrick J. LoPresti wrote:
> Right now, if I have code like this:
> int a; /* invalid value */
> int b = a + 1; /* operation on invalid value */
> ...memcheck does not produce a warning for the addition. It just
> taints b as invalid and only generates a warni
> int a; /* invalid value */
> int b;
> if (a > 0) /* conditional on invalid value */
> b = a;
> else
> b = 0;
>
> ...memcheck produces a warning on the conditional branch. But if you look at
> what this code actually computes, it is just "b = max(a,0)", which is not so
> differen
