[llvm-dev] Potential issue with noalias @malloc and @realloc

Sanjoy Das via llvm-dev llvm-dev at lists.llvm.org
Tue Apr 11 16:27:00 PDT 2017

Hi Kevin,

On April 11, 2017 at 4:14:14 PM, Flamedoge (code.kchoi at gmail.com) wrote:
> So only "non-freed" malloc pointers are No-Alias which makes it
> flow-sensitive. There is no reason why malloc couldn't return previously
> freed location.


Talking to Nick Lewycky on IRC, I figured out a shorter way of saying
what I wanted to say.  We know that programs like this are UB in C:

p0 = malloc();
p1 = malloc();
if (p0 == p1) {
  int v = *p0; // Semantically free'ed but bitwise equal to an allocated value

and we relied on them having UB when marking malloc's return value as noalias.

However, we can end up in cases like the above by applying
loop-unswitch + GVN to well defined C programs.

-- Sanjoy

More information about the llvm-dev mailing list