[PATCH] D64215: Add a transform pass to make the executable semantics of poison explicit in the IR
Philip Reames via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Jul 4 11:47:41 PDT 2019
reames created this revision.
reames added reviewers: nikic, sanjoy, nlopes, regehr.
Herald added subscribers: bollu, mgorny, mcrosier.
Herald added a project: LLVM.
Implements a transform pass which instruments IR such that poison semantics are made explicit. That is, it provides a (possibly partial) executable semantics for every instruction w.r.t. poison as specified in the LLVM LangRef. There are obvious parallels to the sanitizer tools, but this pass is focused purely on the semantics of LLVM IR, not any particular source language.
The target audience for this tool is developers working on or targetting LLVM from a frontend. The idea is to be able to take arbitrary IR (with the assumption of known inputs), and evaluate it concretely after having made poison semantics explicit to detect cases where either a) the original code executes UB, or b) a transform pass introduces UB which didn't exist in the original program.
At the moment, this is mostly the framework and still needs to be fleshed out. By reusing existing code we have decent coverage, but there's a lot of cases not yet handled. What's here is good enough to handle interesting cases though; for instance, one of the recent LFTR bugs involved UB being triggered by integer induction variables with nsw/nuw flags would be reported by the current code.
(See comment in PoisonChecking.cpp for full explanation and context)
Before this lands, it obviously needs a bunch of tests added, but for the moment, I wanted to collect feedback on the idea.
Repository:
rL LLVM
https://reviews.llvm.org/D64215
Files:
include/llvm/Transforms/Instrumentation/PoisonChecking.h
lib/Passes/PassBuilder.cpp
lib/Passes/PassRegistry.def
lib/Transforms/Instrumentation/CMakeLists.txt
lib/Transforms/Instrumentation/PoisonChecking.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D64215.208064.patch
Type: text/x-patch
Size: 12325 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20190704/5a3f0f97/attachment.bin>
More information about the llvm-commits
mailing list