[llvm-dev] Possible soundness issue with available_externally (split from "RFC: Add guard intrinsics")

Sanjoy Das via llvm-dev llvm-dev at lists.llvm.org
Fri Feb 26 19:16:38 PST 2016

On Fri, Feb 26, 2016 at 6:10 PM, Hal Finkel <hfinkel at anl.gov> wrote:
> Hi Sanjoy,
> These are both very interesting examples, and demonstrate that the
> problems extends beyond function attributes (encompassing
> dead-argument elimination, etc.).
> I'm beginning to think that the best solution, at least when
> optimizing for speed, is the one that David Li suggested: we need to
> internalize functions that have been optimized in certain ways
> (e.g. instructions with potential side effects are removed). The trick
> here may be to be as intelligent about this as possible to minimize
> the effect on code size. Maybe this is as easy as checking whether
> isSafeToSpeculativelyExecute returns false on the deleted instruction?

Depends on how you define "isSafeToSpeculativelyExecute".  E.g. we
cannot allow this (assuming we're going with your scheme of
restricting things at the function scope but allowing IPO):

void @foo(int* %ptr) {
  %val = *ptr, !range [1, 100]
  1 UDIV %val // unused


void @foo(int* %ptr) readnone {
  //  %val = *ptr, !range [1, 100]
  //  1 UDIV %val // unused

since we cannot let it reorder with store that stores 50 to %ptr and
makes the !range metadata true (btw, I don't know if clang generates
!range).  This is despite the fact that the UDIV instruction will look
like it is safe to speculate.

-- Sanjoy

More information about the llvm-dev mailing list