[PATCH] D90708: [LangRef] Clarify GEP inbounds wrapping semantics
Nikita Popov via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Nov 4 13:51:48 PST 2020
nikic updated this revision to Diff 302965.
nikic added a comment.
Clarify that the nsw offset wrapping restrictions are relative to the pointer index type (which may have smaller size than the pointer).
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D90708/new/
https://reviews.llvm.org/D90708
Files:
llvm/docs/LangRef.rst
Index: llvm/docs/LangRef.rst
===================================================================
--- llvm/docs/LangRef.rst
+++ llvm/docs/LangRef.rst
@@ -9765,17 +9765,31 @@
}
If the ``inbounds`` keyword is present, the result value of the
-``getelementptr`` is a :ref:`poison value <poisonvalues>` if the base
-pointer is not an *in bounds* address of an allocated object, or if any
-of the addresses that would be formed by successive addition of the
-offsets implied by the indices to the base address with infinitely
-precise signed arithmetic are not an *in bounds* address of that
-allocated object. The *in bounds* addresses for an allocated object are
-all the addresses that point into the object, plus the address one byte
-past the end. The only *in bounds* address for a null pointer in the
-default address-space is the null pointer itself. In cases where the
-base is a vector of pointers the ``inbounds`` keyword applies to each
-of the computations element-wise.
+``getelementptr`` is a :ref:`poison value <poisonvalues>` if one of the
+following rules is violated:
+
+* The base pointer is an *in bounds* address of an allocated object, which
+ means that it points into an allocated object, or to its end (which is one
+ byte past the last byte contained in the object). The only *in bounds*
+ address for a null pointer in the default address-space is the null pointer
+ itself.
+* If the type of an index is larger than than the pointer index type, the
+ truncation to the pointer index type preserves the signed value.
+* The multiplication of an index by the type size does not wrap the pointer
+ index type in a signed sense (``nsw``).
+* The successive addition of offsets (without adding the base address) does
+ not wrap the pointer index type in a signed sense (``nsw``).
+* The successive addition of the current address, interpreted as an unsigned
+ number, and an offset, interpreted as a signed number, does not wrap the
+ unsigned address space and remains *in bounds* of the allocated object.
+ As a corollary, if the added offset is non-negative, the addition does not
+ wrap in an unsigned sense (``nuw``).
+* In cases where the base is a vector of pointers, the ``inbounds`` keyword
+ applies to each of the computations element-wise.
+
+These rules are based on the assumption that no allocated object may cross
+the unsigned address space boundary, and no allocated object may be larger
+than half the pointer index type space.
If the ``inbounds`` keyword is not present, the offsets are added to the
base address with silently-wrapping two's complement arithmetic. If the
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D90708.302965.patch
Type: text/x-patch
Size: 2652 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20201104/472b681f/attachment.bin>
More information about the llvm-commits
mailing list