[PATCH] D116998: [LangRef] Don't allow read from sret memory after unwind

Nikita Popov via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Tue Jan 11 01:42:20 PST 2022 

nikic created this revision.
nikic added reviewers: jdoerfert, reames, fhahn, asbirlea.
nikic requested review of this revision.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.

Following up on the discussion in https://groups.google.com/g/llvm-dev/c/i0Z1FC51KVI, this updates `sret` semantics to specify that the sret memory cannot be read after unwinding. This enables optimizations like the following:

  declare void @may_unwind()
  
  define void @src(i32* noalias sret(i32) %out) {
      store i32 0, i32* %out
      call void @may_unwind()
      store i32 1, i32* %out
      ret void
  }
  
  define void @tgt(i32* noalias sret(i32) %out) {
      call void @may_unwind()
      store i32 1, i32* %out
      ret void
  }

Without the guarantee, the memory state of `%out` could be observed if `@may_unwind()` unwinds, and the first store would not be dead.

Rather than making accesses after unwind UB, this instead specifies that the memory is filled with poison. This gives us the necessary optimization guarantees without preventing accesses entirely (e.g. "lifetime.end" on unwind must remain legal, and is currently modeled as an access.)


https://reviews.llvm.org/D116998

Files:
  llvm/docs/LangRef.rst


Index: llvm/docs/LangRef.rst
===================================================================
--- llvm/docs/LangRef.rst
+++ llvm/docs/LangRef.rst
@@ -1183,11 +1183,16 @@
     structure that is the return value of the function in the source
     program. This pointer must be guaranteed by the caller to be valid:
     loads and stores to the structure may be assumed by the callee not
-    to trap and to be properly aligned. This is not a valid attribute
-    for return values.
+    to trap and to be properly aligned.
+
+    If the call unwinds, then the underlying object associated with the
+    argument is overwritten with a :ref:`poison value <poisonvalue>`.
+    As such, subsequent reads cannot depend on the object containing any
+    particular value.
 
     The sret type argument specifies the in memory type, which must be
-    the same as the pointee type of the argument.
+    the same as the pointee type of the argument. This is not a valid
+    attribute for return values.
 
 .. _attr_elementtype:
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D116998.398869.patch
Type: text/x-patch
Size: 1024 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220111/8886ba04/attachment.bin>

More information about the llvm-commits mailing list