[cfe-dev] [LLVMdev] proposal for exploiting undefined behavior much more aggressively

Sean Silva silvas at purdue.edu
Fri Jul 27 16:29:04 PDT 2012 

> However, I would prefer if programmers could provide the compiler with
> the necessary information in more obvious ways.  This way, similar
> properties could be specified for values of unsigned integer type as well.

This might be able to take the form of something as simple as a smart
`assert`. It would be fantastic if you could do "assert(x > 0)", and
then have that information passed down into the IR so that the
compiler can exploit it (ifdef NDEBUG, of course).

Of course, the compiler probably couldn't exploit assertions like
`DFSForest.hasNoBackEdges()`. However, I think there could be a wide
range of assertions where this could help the compiler. For example,
it would be a good way to explicitly provide information about pointer
aliasing in a more fine-grained way than `restrict`.

--Sean Silva

On Fri, Jul 27, 2012 at 2:58 AM, Florian Weimer <fweimer at redhat.com> wrote:
> On 07/27/2012 11:45 AM, David Chisnall wrote:
>> On 27 Jul 2012, at 09:35, annulen at yandex.ru wrote:
>>
>>> if someone has checked the code and found it UB-free he could allow aggressive UB exploiting.
>>
>> Surely code that contains no undefined behaviour will gain no benefits from optimisations that exploit undefined behaviour?
>
> Relying undefined behavior, the compiler can infer conditions which must
> necessarily hold, and use this information in subsequent optimizations.
>   For instance, adding positive values to a signed integer which is zero
> initially will never yield a negative value.  If this value is later fed
> to code which can cope with negatives values through an explicit check,
> that check can be optimized away.  So obviously, you need some code
> reuse/abstraction (calling a more general routine from very specialized
> code) to trigger optimizations, but there are hypothetical wins even for
> programs which never actually trigger undefined behavior at run time.
>
> However, I would prefer if programmers could provide the compiler with
> the necessary information in more obvious ways.  This way, similar
> properties could be specified for values of unsigned integer type as well.
>
> --
> Florian Weimer / Red Hat Product Security Team
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

More information about the cfe-dev mailing list