[llvm] r221318 - Analysis: Make isSafeToSpeculativelyExecute fire less for divides

Sanjoy Das sanjoy at playingwithpointers.com
Sat Nov 8 18:56:09 PST 2014 

Now that I think of it, I think function arguments cannot be poison.
The LangRef says:

"Values other than phi nodes depend on their operands."

and

"any instruction that has a dependence on a poison value has undefined
behavior."

This means a call or invoke that passes a poison value as an argument
has undefined behavior.  So we can conclude that a function argument
can never be poison -- the call (or invoke) would be UB otherwise.
Inlining a function can change undefined behavior to not undefined
behavior, but that's allowed.

-- Sanjoy


On Sat, Nov 8, 2014 at 4:59 PM, Sanjoy Das
<sanjoy at playingwithpointers.com> wrote:
> Hi,
>
> Just to be sure I understand the situation correctly: llvm concludes a
> value to be non-zero or a poison value.  The value cannot be poison
> because if it is, any instruction that observes the poison will cause
> undefined behavior (that may include propagating the poison value down
> the use-def chain) and this "cannot happen".  Thus it must be non-zero
> or have no uses.  So it is safe to conclude that it is non-zero.
>
>> I doubt a correct implementation of isKnownNeverToBeUndef will ever fire
>> because it must be incredibly conservative: function arguments might
>> silently cary poison in them making them unsafe.
>
> It feels like that "isKnownNotPoison" will have to be a path-sensitive
> property.  For example, the following case
>
> void f(int x) {
>   if (x < 10) {
>     if (unknown) {
>       int t = 30 / x;
>     }
>   }
> }
>
> can be transformed to
>
> void f(int x) {
>   if (x < 10) {
>     int t = 30 / x;
>     if (unknown) {
>     }
>   }
> }
>
> since x can't be poison after the `icmp` has been executed. LangRef
> says:
>
>  1. "Values other than phi nodes depend on their operands."
>
>  2. "any instruction that has a dependence on a poison value has
>      undefined behavior."
>
> "isKnownNeverToBeUndef" is distinct from "isKnownNotPoison", since not
> every instruction consuming an undef has UB.  For example the above
> transform is not sound if `x` was `undef` (without "coercing" the
> `undef` to some constant value) -- since it could then be `0`.
>
> -- Sanjoy

More information about the llvm-commits mailing list