[PATCH] D41761: Introduce llvm.nospeculateload intrinsic
Geoffrey Romer via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Fri Jan 26 14:13:06 PST 2018
gromer added a comment.
In https://reviews.llvm.org/D41761#989477, @gromer wrote:
> template <typename T, typename... ZeroArgs>
> bool IsPointerInRange(T*& pointer, T* begin, T* end, ZeroArgs... args);
>
>
> This function returns whether `pointer` is between `begin` and `end`, and also guarantees that if the function returns false, then any speculative execution which assumes it to be true will treat `pointer` and `args...` as zero (all `ZeroArgs` must be integers or pointers). Notice that this API allows the optimizer to hoist loads past the branch, so long as the loads don't depend on `pointer` or `args...`; I'm not sure if that's true of `nospeculateload` or `SecureBoundedOffset`.
Chandler points out offline that this can work for any predicate, not just bound checking, so perhaps the API could instead be something like:
template <typename... ZeroArgs>
bool ProtectFromSpeculation(bool predicate, ZeroArgs&... args);
with the semantics that if `predicate` is false, speculative execution that treats it as true will also treat `args...` as zero. This has the arguable problem that, like `SecureBoundedOffset`, it's a no-op as far as the C++ abstract machine is concerned, so it can't really be explained without talking about speculation, but it's quite simple and general, and I'm not at all convinced that the connection of this API to speculative execution is something we should hide.
https://reviews.llvm.org/D41761
More information about the llvm-commits
mailing list