[PATCH] [SCCP] Calculate Null Pointer Comparisons

[Daniel Berlin]

On Mon, May 11, 2015 at 10:41 AM, Sanjoy Das
<sanjoy at playingwithpointers.com> wrote:
> I'm not sure that this is doing the right thing -- I don't think simply //producing// `undef` implies undefined behavior.

I asked David/Nick (the two closest experts i had), and they both
agreed that if a null check is postdominated by an inbounds GEP, it's
fair to say the null check always comes out as "not null"

>
> For instance, in
>
>   declare void @g()
>
>   define i1 @test_postdominate(i8* %mem) {
>     %test = icmp eq i8* %mem, null
>     br i1 %test, label %a, label %b
>   a:
>     call void @g()
>     br label %c
>   b:
>     br label %c
>   c:
>     %join = phi i8* [ %mem, %a ], [ null, %b ]
>     %gep = getelementptr inbounds i8, i8* %join, i64 4
>     ret i1 %test
>   }
>
> if `%mem` is `null`, then we have to execute the call to `@g`, but this pass make the branch into `a` dead (so `@f` never calls `@g`).

This is correct, as far as my experts told me.

>  The fact that `%gep` is `undef` (or poison) does not make this program undefined.
> In fact, if `inbounds` GEP instructions could invoke UB, then we would not be able to hoist such instructions out of loops.


I leave this disagreement to experts that are not me :)

Note that we use exactly the same line of implication to propagate
nsw/etc onto operands of inbounds geps (and the language ref
explicitly says this is okay :P)