[PATCH] D43643: [RFC] Sceptre a Spectre variant 1 detector
Eli Friedman via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Feb 22 17:53:51 PST 2018
efriedma added a comment.
I think the focus on array bounds checks is overly narrow. You can get an almost identical effect in other ways. For example, if you use C++ inheritance, a member of an object might be a user-controlled integer on one path, and a pointer on a different path. Or if you have an array of pointers, you could read past the end of the array into uninintialized data.
You could write an analysis which is more comprehensive by analyzing every load, I think, rather than trying to figure out which loads are related to branches. A pointer to some known object is "safe", a constant offset from a "safe" pointer is also "safe", a SCEV AddRec whose base is a "safe" pointer is also "safe", etc., and then warn about any pointers the analysis can't prove safe. The tricky part of this would be handling pointers to pointers; not sure what sort of heuristic you would use.
Repository:
rL LLVM
https://reviews.llvm.org/D43643
More information about the llvm-commits
mailing list