[PATCH] D27855: try to extend nonnull-ness of arguments from a callsite back to its parent function
Chandler Carruth via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Jan 3 13:52:55 PST 2017
chandlerc added a comment.
I'll try and get a proper response to this later, but I wanted to very quickly mention that I'm somewhat opposed to us doing *any* stronger optimization on non-null until we teach Clang to strip off that attribute from memcpy, memmove, and memset.
Several versions of glibc have unfortunately added this attribute. There have already been *several* critical security vulnerabilities from optimizing based on on the attribute because code was never written to avoid a null pointer in the case where the *size was zero*.
I really want these optimizations on nonnull to go in, but I'd like to avoid having a (large) window of time where Clang will "miscompile" code using memcpy and friends in this way.
I've spoken with Richard Smith and he's going to send an email to cfe-dev about handling this in Clang. I'm also writing a paper for the C++ committee to standardize on somewhat more sane handling here. But I think we should at least defend users against the known misuses of this attribute and *then* start optimizing it harder. Are folks OK with that?
https://reviews.llvm.org/D27855
More information about the llvm-commits
mailing list