[llvm] [Loads] Check loop-varying pointer in isDereferenceableAndAlignedInLoop. (PR #120962)
Nikita Popov via llvm-commits
llvm-commits at lists.llvm.org
Fri Jan 10 06:42:39 PST 2025
nikic wrote:
I guess this is not strictly related to the loop case, but I think our overall handling of dereferenceable assumes is currently not sound.
For dereferenceable on arguments, our current de-facto semantics are that the pointer must stay dereferenceable until the end of the function. We know that this is not strictly correct for C++ reference semantics, but it's mostly okay in practice.
However, I don't think that this assumption is going to fly for dereferenceable assumptions -- in that case, we actually need to make sure that we not only have the dominating assumption, but also that there is no potential free between it and the use. Otherwise things will become trivially unsound after inlining. Consider something like this:
```
void a(char *ptr) {
__builtin_assume_dereferenceable(ptr, 4);
}
void b(bool x) {
char *ptr = malloc(4);
a(ptr);
free(ptr);
if (x) {
*ptr;
}
}
```
Even if __builtin_assume_dereferenceable was valid for the whole function in a(), after inlining this is not the case, and I believe the way we currently implement this we'd end up potentially speculating the `*ptr` access on a freed pointer.
https://github.com/llvm/llvm-project/pull/120962
More information about the llvm-commits
mailing list