[PATCH] D41760: Introduce __builtin_load_no_speculate

Kristof Beyls via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Jan 17 07:30:37 PST 2018

kristof.beyls added a comment.

The API design has been discussed over the past weeks in detail on the gcc mailing list. As a result of that, we propose to adapt the API, to enable efficient code generation also on architectures that need to generate a barrier instruction to achieve the desired semantics.

The main change in the proposed API is to drop the failval parameter and to tweak the semantics to the below.
There is a more detailed rationale for these changes at https://gcc.gnu.org/ml/gcc-patches/2018-01/msg01546.html

I haven't updated the code to implement the new specification yet, but thought I'd share the new specification as soon as possible, while I find the time to adapt the implementation:

The signature of the new, polymorphic, builtin is:

  T __builtin_speculation_safe_load(const volatile T *ptr,
                                    const volatile void *lower,
                                    const volatile void *upper,
                                    const volatile void *cmpptr)

T can be any integral type (signed or unsigned char, int, short, long, etc) or any pointer type.

This builtin provides a means to limit the extent to which a processor can continue speculative execution with the result of loading a value stored at ptr. The boundary conditions, described by cmpptr, lower_bound and upper_bound, define the conditions under which execution after the load can continue safely:

- When the builtin is not being executed speculatively:
  - if lower_bound <= cmpptr < upper_bound, the value at address ptr is returned.
  - if cmpptr is not within these bounds, the behaviour is undefined.
- When the builtin is being executed speculatively, either:
  - Execution of instructions following the builtin that have a dependency on the result of the intrinsic will be blocked, until the builtin is no longer executing speculatively. At this point, the semantics under point 1 above apply.
  - Speculation may continue using the value at address ptr as the return value of the builtin, if lower_bound <= cmpptr < upper_bound, or an unspecified constant value if cmpptr is outside these bounds.

The final argument, cmpptr, may be omitted if it is the same as ptr.

The builtin is supported for all architectures, but on machines where target-specific support for inhibiting speculation is not implemented, or not necessary, the compiler will emit a warning.

The pre-processor macro __HAVE_SPECULATION_SAFE_LOAD is defined with the value 1 when the compiler supports this builtin.


More information about the cfe-commits mailing list