[llvm] [LangRef] Clarify that the pointer after an objet must be valid. (PR #127892)

Florian Hahn via llvm-commits llvm-commits at lists.llvm.org
Wed Feb 19 12:37:05 PST 2025 

https://github.com/fhahn created https://github.com/llvm/llvm-project/pull/127892

In some places, we rely on the assumption that the pointer after the object must also be valid and not overflow, but it does not seem to be spelled out clearly in LangRef, unless I missed a reference.

The GetElementPtr section mentions that the maximum object size is half the pointer index type space, but then the pointer past the object may wrap. Clarify that the pointer after the object must also be valid.

This should match Alive2's semantics: https://alive2.llvm.org/ce/z/Dk8QFL (https://github.com/AliveToolkit/alive2/blob/master/tools/transform.cpp#L1288)

>From f4be0c55e50d1299faeb259850ed4ff01586bf60 Mon Sep 17 00:00:00 2001
From: Florian Hahn <flo at fhahn.com>
Date: Wed, 19 Feb 2025 21:25:48 +0100
Subject: [PATCH] [LangRef] Clarify that the pointer after an objet must be
 valid.

In some places, we rely on the assumption that the pointer after the
object must also be valid and not overflow, but it does not seem to be
spelled out clearly in LangRef, unless I missed a reference.

The GetElementPtr section mentions that the maximum object size is half
the pointer index type space, but then the pointer past the object may
wrap. Clarify that the pointer after the object must also be valid.

This should match Alive2's semantics: https://alive2.llvm.org/ce/z/Dk8QFL
(https://github.com/AliveToolkit/alive2/blob/master/tools/transform.cpp#L1288)
---
 llvm/docs/LangRef.rst | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/llvm/docs/LangRef.rst b/llvm/docs/LangRef.rst
index deb87365ae8d7..8a12e6b964a9f 100644
--- a/llvm/docs/LangRef.rst
+++ b/llvm/docs/LangRef.rst
@@ -11722,8 +11722,9 @@ As a corollary, the only pointer in bounds of the null pointer in the default
 address space is the null pointer itself.
 
 These rules are based on the assumption that no allocated object may cross
-the unsigned address space boundary, and no allocated object may be larger
-than half the pointer index type space.
+the unsigned address space boundary, the pointer after the object must be valid,
+and no allocated object may be larger than half the pointer index type space
+- 1.
 
 If ``inbounds`` is present on a ``getelementptr`` instruction, the ``nusw``
 attribute will be automatically set as well. For this reason, the ``nusw``

More information about the llvm-commits mailing list