wrong code generation for memcpy function in SROA optimization pass

SROA optimization pass did some optimizations and transforms for memcpy function,such as ld/st operations.When someone has written down code like size>sizeof(dest) in memcpy(dest,src,size),
there was much likely a wrong code generation.for example,considered as such testcase:
int main()
{
char ch;
short sh = 0x1234;
memcpy(&ch,&sh,2);
printf(“ch=0x%02x\n”,ch);
}
At i586 target,the corect executive result was “ch=0x34”,but once openning the SROA optimization
pass it turned out as “ch=0x00”.
Then I had a try to dump IR code for comparsion between before and after SROA optimization pass.
IR before SROA:
define i32 @main() #0 {
entry:
%retval = alloca i32,align 4,
%ch = alloca i8,align 1,
%sh = alloca i16,align 2,
store i32 0,i32
%retval,
store i16 4660,i16
%sh,align 2,!tbaa!0,
%0 = bitcast i16* %sh to i8*
call void @llvm.memcpy.p0i8.p0i8.i32(i8* %ch,i8* %0,i32 2,i32 1,i1 false),
%1 = load i8* ch,align 1,!tbaa!0,
%conv = sext i8 %1 to i32,
%call = call i32 (i8*,…)* @printf(i8* getelementptr inbounds([9i8]@.str,i32 0,i32 0),i32 %conv),
ret i32 0,
}
IR after SROA:
define i32 @main() #0 {
entry:
%conv = sext i8 undef to i32,
%call = call i32 (i8*,…)* @printf(i8* getelementptr inbounds([9i8]@.str,i32 0,i32 0),i32 %conv),
ret i32 0,
}
Then I tried to debbuging with SROA.cpp,I found in funcction visitMemTransferInst,it accorded the IR instruction “call void @llvm.memcpy.p0i8.p0i8.i32(i8* %ch,i8* %0,i32 2,i32 1,i1 false)”,would produce such codes(finally,memcpy disappeared and the codes would be delated,IR after SROA become incorrect ,am i right?)
%sh.0.cast = bitcast i8* ch to i16*,
%sh.0.copyload = load i16* sh,align 1,
store i16 %sh.0.copyload,i16* %sh.0.cast,align 1,

In a word,I think visitMemTransferInst function in SROA.cpp had maken a incorrect optimization for memcpy in the situation like memcpy’s size>sizeof(dest).
am i write? I would appreciate any suggestions on this.Thanks very much!

SROA optimization pass did some optimizations and transforms for memcpy
function,such as ld/st operations.When someone has written down code like
>sizeof(dest) in memcpy(*dest,*src,size),

How could it be valid to memcpy when the size of the destination is smaller
than the number of bytes you asked to copy? It looks to me like your
program has undefined behavior. Don't do that.

- David