[PATCH] D64215: Add a transform pass to make the executable semantics of poison explicit in the IR

Philip Reames via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Thu Jul 4 17:22:54 PDT 2019 

reames marked 3 inline comments as done.
reames added inline comments.


================
Comment at: lib/Transforms/Instrumentation/PoisonChecking.cpp:41
+//   are well defined on the specific input used.
+// - Finding/confirming poison specific miscompiles by checking the poison
+//   status of an input/IR pair is the same before and after an optimization
----------------
reames wrote:
> sanjoy wrote:
> > This will have false positives as long as `undef` is a thing right?  Unless the instrumentation added by this pass will produce poison if *any* value of `undef` produces poison (naively it seems this would require calling into a SAT solver at runtime)?
> I don't actually follow what you're trying to say.  Can you maybe rephrase w/an example which concerns you?  
> 
> For context, I'm focusing on poison for the moment, but I think a completely reasonable thing would be to have a parallel approach for undef (1 bit per bit of original value), and then cross propagate if needed.  I have a much weaker understanding of the undef rules, so I started with poison since that seemed a bit more clearly specified and recently discussed.  
> 
For context, the part which has me confused was your claim of a false positive.  I definitely see how undef can cause a false negative if not accounted for in the poison tracking.


================
Comment at: lib/Transforms/Instrumentation/PoisonChecking.cpp:105
+    return buildOrChain(B, Checks);
+  }
+
----------------
aqjune wrote:
> This is great.
> Is it assumed that poison is always value-wise?
> In other words, if the result is 1, does it mean either:
> (1) the value is always fully poison
> (2) the value has at least one poison 'bit'?
> 
> In the future, there might exist several kinds of poison semantics that people would like to test (e.g. bitwise poison vs. valuewise poison) - so I think it is a good idea to describe which poison semantics this visitAdd is assuming.
All of this is assuming a single poison bit since that is our current semantics.  I'll leave it up to anyone wishing to evaluate alternate semantics to implement them.


================
Comment at: lib/Transforms/Instrumentation/PoisonChecking.cpp:124
+    return buildOrChain(B, Checks);
+  }
+};
----------------
aqjune wrote:
> How about merging the contents of `visitSub` and `visitAdd` as they are equivalent except the intrinsics name? It can be reused for `visitMul` as well.
I agree the code structure needs some work here.  I'm experimenting with variations on that to see what looks least ugly and will upload a revised patch later tonight or tomorrow.  


Repository:
  rL LLVM

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D64215/new/

https://reviews.llvm.org/D64215

More information about the llvm-commits mailing list