[PATCH] D60047: [CaptureTracking] Don't let comparisons against null escape inbounds pointers
Johannes Doerfert via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue May 7 16:10:27 PDT 2019
jdoerfert added a comment.
To get the escape case you have to have guessed the correct offset from the initial pointer value to `null`.
foo(p_with_offset);
in
void bar_0()
would be UB if you would have chosen any offset < 0 or >= 4 (in bytes) which would not happen to result in a `null` pointer.
You basically picked `offset = 0 - ptr` and then you can make it escape through the check. But if you can pick `offset` that way, you do not need the check since you have to know `ptr`.
I think that the "one past the end" pointer is `null` in this example is confusing and coincidental, e.g., shift the allocation 4 bytes down and make the offset 8.
The `bar_1` example just shows that picking an offset which will fulfill the dereferenceable property will not leak information (it cannot be null). Note that `p_with_offset` in `bar_0` does not fulfill the dereferenceability property!
Repository:
rL LLVM
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D60047/new/
https://reviews.llvm.org/D60047
More information about the llvm-commits
mailing list