[PATCH] D81678: Introduce partialinit attribute at call sites for stricter poison analysis
Eli Friedman via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Jun 12 13:47:23 PDT 2020
efriedma added a comment.
In D81678#2089041 <https://reviews.llvm.org/D81678#2089041>, @aqjune wrote:
> > @efriedma
> > The way that call argument coercion works is unsound in the presence of poison. An integer can't be partially poisoned: it's either poison, or not poison. We probably need to come up with some safer way to pass structs/unions.
>
> This is true, clang frontend may lower an argument with aggregate type into one with large int type (such as i64).
> However, can poison value be safely generated in C? Paddings or union with different size may contain undef bits, but not poison. Signed overflow is UB.
> Undef value can exist bitwisely, so I think this is an orthogonal issue.
In C semantics, an expression can't produce a poison value. As long as variables and allocations are initialized to undef, not poison, there isn't any way to sneak poison into the padding of a variable, so argument passing is sound. So I guess it's not an issue unless we start poisoning uninitialized variables.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D81678/new/
https://reviews.llvm.org/D81678
More information about the cfe-commits
mailing list