[PATCH] D41761: Introduce llvm.nospeculateload intrinsic
Paul Robinson via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Feb 5 12:55:51 PST 2018
probinson added a comment.
In https://reviews.llvm.org/D41761#996858, @chandlerc wrote:
> There is clearly a "programmer ease / security" vs. "better optimization" tradeoff between the two. If one isn't *clearly* the correct choice in all cases, we could even expose both behind separate APIs that try to make it clear the extent of protections provided.
In my experience, relying on programmers to get it right will inevitably fail. When there's a correctness issue, usually mistakes of that kind can be caught; however, security is not generally part of the "correctness" mindset of programmers, even people who should know better. I once had somebody tell me, with a straight face, that an obviously insecure system call was okay because it was an unpublished API and therefore could not be abused.
Security-related intrinsics, more so than most APIs, should be easy to use correctly and hard to use incorrectly.
https://reviews.llvm.org/D41761
More information about the llvm-commits
mailing list