[PATCH] D81678: Introduce partialinit attribute at call sites for stricter poison analysis

Eli Friedman via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Fri Jun 12 13:47:23 PDT 2020


efriedma added a comment.

In D81678#2089041 <https://reviews.llvm.org/D81678#2089041>, @aqjune wrote:

> > @efriedma 
> >  The way that call argument coercion works is unsound in the presence of poison. An integer can't be partially poisoned: it's either poison, or not poison. We probably need to come up with some safer way to pass structs/unions.
>
> This is true, clang frontend may lower an argument with aggregate type into one with large int type (such as i64).
>  However, can poison value be safely generated in C? Paddings or union with different size may contain undef bits, but not poison. Signed overflow is UB.
>  Undef value can exist bitwisely, so I think this is an orthogonal issue.


In C semantics, an expression can't produce a poison value.  As long as variables and allocations are initialized to undef, not poison, there isn't any way to sneak poison into the padding of a variable, so argument passing is sound.  So I guess it's not an issue unless we start poisoning uninitialized variables.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D81678/new/

https://reviews.llvm.org/D81678





More information about the cfe-commits mailing list