[all-commits] [llvm/llvm-project] 9d43f8: [llubi] Add support for exposed provenance (#200596)
Yingwei Zheng via All-commits
all-commits at lists.llvm.org
Sat Jun 13 21:57:55 PDT 2026
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: 9d43f86e6f302604b109ffa9df7de793aeb801d8
https://github.com/llvm/llvm-project/commit/9d43f86e6f302604b109ffa9df7de793aeb801d8
Author: Yingwei Zheng <dtcxzyw2333 at gmail.com>
Date: 2026-06-14 (Sun, 14 Jun 2026)
Changed paths:
M llvm/test/tools/llubi/alloca.ll
M llvm/test/tools/llubi/attributes.ll
M llvm/test/tools/llubi/gep.ll
M llvm/test/tools/llubi/inttoptr.ll
A llvm/test/tools/llubi/inttoptr_freed.ll
A llvm/test/tools/llubi/inttoptr_generation.ll
A llvm/test/tools/llubi/inttoptr_generation2.ll
A llvm/test/tools/llubi/inttoptr_gep.ll
A llvm/test/tools/llubi/inttoptr_multiobj.ll
A llvm/test/tools/llubi/inttoptr_multiobj2.ll
A llvm/test/tools/llubi/inttoptr_oob.ll
A llvm/test/tools/llubi/inttoptr_oob2.ll
M llvm/test/tools/llubi/lib_abort.ll
M llvm/test/tools/llubi/lib_exit.ll
M llvm/test/tools/llubi/lib_io.ll
M llvm/test/tools/llubi/lib_printf_format.ll
M llvm/test/tools/llubi/lib_terminate.ll
M llvm/test/tools/llubi/loadstore_be.ll
M llvm/test/tools/llubi/loadstore_le.ll
M llvm/test/tools/llubi/metadata.ll
M llvm/tools/llubi/lib/Context.cpp
M llvm/tools/llubi/lib/Context.h
M llvm/tools/llubi/lib/ExecutorBase.cpp
M llvm/tools/llubi/lib/ExecutorBase.h
M llvm/tools/llubi/lib/Interpreter.cpp
M llvm/tools/llubi/lib/Library.cpp
M llvm/tools/llubi/lib/Value.cpp
M llvm/tools/llubi/lib/Value.h
Log Message:
-----------
[llubi] Add support for exposed provenance (#200596)
This patch implements the semantics of exposed provenance, as described
in [nikic's RFC draft](https://hackmd.io/@nikic/SJBt4mFCll) and
[Miri](https://doc.rust-lang.org/beta/nightly-rustc/miri/enum.Provenance.html).
The provenance of an inttoptr is marked as "wildcard", which picks one
from previously exposed provenances each time a memory access is
performed. For angelic non-determinism, a snapshot of the exposed
provenance set is recorded when inttoptr executes. When a memory access
is performed, all invalid provenances are masked out. If we fail to pick
one, it is UB.
Since all memory objects in llubi are non-overlapping (i.e., there is at
most one memory object satisfying `Obj->inBounds(Addr)` for each
address), we can determine a unique memory object for a wildcard
provenance when the first memory access is performed.
This matches Miri's behavior. Another variant is to resolve the memory
object when inttoptr executes, which gives a limited provenance set
(implemented in the second commit). See also the comments in nikic's RFC
(`For example, one could limit inttoptr to only recover the provenance
of an object that the address is part of.`).
Another thing to be noted is that `gep inbounds` cannot determine the
associated memory object of a wildcard provenance, because it doesn't
cause UB. Instead, I reuse the Obj field to represent something like
`this pointer has a wildcard provenance, but it is only allowed to use
exposed provenances associated with a specific memory object, when
performing load/store via the pointer`. This is an approximation: we
cannot update the wildcard provenance if the gep is used by an icmp and
a branch.
As we don't support `captures` for now, all checkers just return true.
I'll add more tests in the `captures` patch.
To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications
More information about the All-commits
mailing list