[LLVMdev] loads from a null address and optimizations

Török Edwin edwintorok at gmail.com
Mon Sep 7 01:37:45 PDT 2009 

On 2009-09-07 01:12, Bill Wendling wrote:
> On Sep 6, 2009, at 4:01 PM, Török Edwin <edwintorok at gmail.com> wrote:
>
>> On 2009-09-06 20:52, Bill Wendling wrote:
>>> The problem he's facing here isn't necessarily one of correctness.
>>> He's dealing with undefined behavior (at least in C code). There are
>>> no guarantees that the compiler will retain a certain semantic
>>> interpretation of an undefined construct between different versions of
>>> the compiler, let alone different optimization levels.
>>>
>>
>> Should LLVM IR inherit all that is undefined behavior in C?
>
> For better or worse, it already inherits some of them. No, I don't
> think the idea is to make LLVM dependent on C's way of doing things.
> But one must assume some base-level of what to do with a particular
> construct.
>
> Apparently, at this time at least, it's considered good to turn a
> dereference of null into unreachable. But like chris mentioned, it's
> something that we should improve.

Ok.

>
>> That makes it harder to support other languages, or new languages that
>> want different semantics
>> for things that the C standard defines as undefined.
>
> Yup.
>
>> BTW even for C gcc has -fno-delete-null-pointer-checks, and the Linux
>> kernel started using that recently
>> by default after all the exploits that mapped NULL to valid memory, and
>> took advantage of
>> gcc optimizing away the NULL checks.
>>
> What's the affect of this flag? I've never seen it before. :-) If
> we're doing something that violates the semantics of this flag, then
> it's something we need to fix, of course.

At -O2 and higher gcc deletes if (p == NULL) checks after p has been
dereferenced, assuming that a deref of null halts the program.
-fno-delete-null-pointer-checks disables that optimization.
I haven't seen LLVM do this optimization currently, but maybe I just
haven't seen it yet.

>From the gcc manpage:
   `-fdelete-null-pointer-checks'
     Use global dataflow analysis to identify and eliminate useless
     checks for null pointers.  The compiler assumes that dereferencing
     a null pointer would have halted the program.  If a pointer is
     checked after it has already been dereferenced, it cannot be null.

     In some environments, this assumption is not true, and programs can
     safely dereference null pointers.  Use
     `-fno-delete-null-pointer-checks' to disable this optimization for
     programs which depend on that behavior.

     Enabled at levels `-O2', `-O3', `-Os'.


Best regards,
--Edwin

More information about the llvm-dev mailing list