[llvm] r221318 - Analysis: Make isSafeToSpeculativelyExecute fire less for divides

David Majnemer david.majnemer at gmail.com
Sat Nov 8 21:43:14 PST 2014 

On Sat, Nov 8, 2014 at 6:56 PM, Sanjoy Das <sanjoy at playingwithpointers.com>
wrote:

> Now that I think of it, I think function arguments cannot be poison.
> The LangRef says:
>
> "Values other than phi nodes depend on their operands."
>
> and
>
> "any instruction that has a dependence on a poison value has undefined
> behavior."
>
> This means a call or invoke that passes a poison value as an argument
> has undefined behavior.


I'm pretty sure the LangRef has a bug here.  It cannot literally mean
undefined behavior or the program hits UB once an add nsw that produces
poison is used as the operand to another add.



> So we can conclude that a function argument
> can never be poison -- the call (or invoke) would be UB otherwise.
> Inlining a function can change undefined behavior to not undefined
> behavior, but that's allowed.
>
> -- Sanjoy
>
>
> On Sat, Nov 8, 2014 at 4:59 PM, Sanjoy Das
> <sanjoy at playingwithpointers.com> wrote:
> > Hi,
> >
> > Just to be sure I understand the situation correctly: llvm concludes a
> > value to be non-zero or a poison value.  The value cannot be poison
> > because if it is, any instruction that observes the poison will cause
> > undefined behavior (that may include propagating the poison value down
> > the use-def chain) and this "cannot happen".  Thus it must be non-zero
> > or have no uses.  So it is safe to conclude that it is non-zero.
> >
> >> I doubt a correct implementation of isKnownNeverToBeUndef will ever fire
> >> because it must be incredibly conservative: function arguments might
> >> silently cary poison in them making them unsafe.
> >
> > It feels like that "isKnownNotPoison" will have to be a path-sensitive
> > property.  For example, the following case
> >
> > void f(int x) {
> >   if (x < 10) {
> >     if (unknown) {
> >       int t = 30 / x;
> >     }
> >   }
> > }
> >
> > can be transformed to
> >
> > void f(int x) {
> >   if (x < 10) {
> >     int t = 30 / x;
> >     if (unknown) {
> >     }
> >   }
> > }
> >
> > since x can't be poison after the `icmp` has been executed. LangRef
> > says:
> >
> >  1. "Values other than phi nodes depend on their operands."
> >
> >  2. "any instruction that has a dependence on a poison value has
> >      undefined behavior."
> >
> > "isKnownNeverToBeUndef" is distinct from "isKnownNotPoison", since not
> > every instruction consuming an undef has UB.  For example the above
> > transform is not sound if `x` was `undef` (without "coercing" the
> > `undef` to some constant value) -- since it could then be `0`.
> >
> > -- Sanjoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20141108/bed20ab1/attachment.html>

More information about the llvm-commits mailing list