[PATCH] D124124: [LangRef] Limit read/writeonly attrs to memory visible to caller

Florian Hahn via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri Apr 22 02:34:34 PDT 2022 

fhahn updated this revision to Diff 424419.
fhahn added a comment.

In D124124#3463817 <https://reviews.llvm.org/D124124#3463817>, @efriedma wrote:

> Oh, just took a look at D123473 <https://reviews.llvm.org/D123473>. I see what you're trying to do... yes, we should allow writing to memory that's allocated/deallocated within a function.
>
> I think the only way to make the requirement here clear is to spell out the distinction between memory allocations that continue to be accessible after the function returns, vs. temporary memory allocations in the implementation.  Maybe something like the following:
>
> "We define 'local memory' to be memory that is allocated after entry to a function, deallocated before control flow returns to the caller.  If a readonly function writes to memory that is not local memory, or has other side effects, the behavior is undefined."
>
> (I'm not sure if we need to explicitly restrict accesses to local memory from other threads?  I guess other threads don't have any way to construct a pointer to local memory, so that's probably okay.)

Thanks @nlopes & @efriedma! I agree that `caller functions` is not sufficient in general. I updated the wording to use `visible outside the function` . This would also disallow accessing memory that has been allocated outside the function and gets deallocated in the function.

Eli's wording for local memory looks good to me too, but if we use it for multiple attributes it would be good to define it once and refer back to it, to avoid duplication. I couldn't find a good place to move such a definition, hence I only updated the wording to visible outside the function for now. Happy to move things around if needed.

In practice I think local memory will likely not include dynamically allocated memory, even if it is deallocated before exiting the function, as most allocators will modify state visible outside the function.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D124124/new/

https://reviews.llvm.org/D124124

Files:
  llvm/docs/LangRef.rst


Index: llvm/docs/LangRef.rst
===================================================================
--- llvm/docs/LangRef.rst
+++ llvm/docs/LangRef.rst
@@ -1870,26 +1870,27 @@
     On a function, this attribute indicates that the function computes its
     result (or decides to unwind an exception) based strictly on its arguments,
     without dereferencing any pointer arguments or otherwise accessing
-    any mutable state (e.g. memory, control registers, etc) visible to
-    caller functions. It does not write through any pointer arguments
-    (including ``byval`` arguments) and never changes any state visible
-    to callers. This means while it cannot unwind exceptions by calling
-    the ``C++`` exception throwing methods (since they write to memory), there may
-    be non-``C++`` mechanisms that throw exceptions without writing to LLVM
-    visible memory.
+    any mutable state (e.g. memory, control registers, etc) visible outside the
+    ``readnone`` function. It does not write through any pointer arguments
+    (including ``byval`` arguments) and never changes any state visible to
+    callers. This means while it cannot unwind exceptions by calling the ``C++``
+    exception throwing methods (since they write to memory), there may be
+    non-``C++`` mechanisms that throw exceptions without writing to LLVM visible
+    memory.
 
     On an argument, this attribute indicates that the function does not
     dereference that pointer argument, even though it may read or write the
     memory that the pointer points to if accessed through other pointers.
 
-    If a readnone function reads or writes memory visible to the program, or
-    has other side-effects, the behavior is undefined. If a function reads from
-    or writes to a readnone pointer argument, the behavior is undefined.
+    If a readnone function reads or writes memory visible outside the function,
+    or has other side-effects, the behavior is undefined. If a
+    function reads from or writes to a readnone pointer argument, the behavior
+    is undefined.
 ``readonly``
     On a function, this attribute indicates that the function does not write
     through any pointer arguments (including ``byval`` arguments) or otherwise
-    modify any state (e.g. memory, control registers, etc) visible to
-    caller functions. It may dereference pointer arguments and read
+    modify any state (e.g. memory, control registers, etc) visible outside the
+    ``readonly`` function. It may dereference pointer arguments and read
     state that may be set in the caller. A readonly function always
     returns the same value (or unwinds an exception identically) when
     called with the same set of arguments and global state.  This means while it
@@ -1901,9 +1902,9 @@
     through this pointer argument, even though it may write to the memory that
     the pointer points to.
 
-    If a readonly function writes memory visible to the program, or
-    has other side-effects, the behavior is undefined. If a function writes to
-    a readonly pointer argument, the behavior is undefined.
+    If a readonly function writes memory visible outside the function, or has
+    other side-effects, the behavior is undefined. If a function writes to a
+    readonly pointer argument, the behavior is undefined.
 ``"stack-probe-size"``
     This attribute controls the behavior of stack probes: either
     the ``"probe-stack"`` attribute, or ABI-required stack probes, if any.
@@ -1923,14 +1924,14 @@
     This attribute disables ABI-required stack probes, if any.
 ``writeonly``
     On a function, this attribute indicates that the function may write to but
-    does not read from memory.
+    does not read from memory visible outside the ``writeonly`` function.
 
     On an argument, this attribute indicates that the function may write to but
     does not read through this pointer argument (even though it may read from
     the memory that the pointer points to).
 
-    If a writeonly function reads memory visible to the program, or
-    has other side-effects, the behavior is undefined. If a function reads
+    If a writeonly function reads memory visible outside the function or has
+    other side-effects, the behavior is undefined. If a function reads
     from a writeonly pointer argument, the behavior is undefined.
 ``argmemonly``
     This attribute indicates that the only memory accesses inside function are


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D124124.424419.patch
Type: text/x-patch
Size: 4433 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220422/1ad25bdd/attachment.bin>

More information about the llvm-commits mailing list