[llvm] LangRef: storing poison in memory is UB (PR #141339)

Ralf Jung via llvm-commits llvm-commits at lists.llvm.org
Sat May 24 02:13:31 PDT 2025


https://github.com/RalfJung created https://github.com/llvm/llvm-project/pull/141339

Based on discussion with @nikic. Cc @nunoplopes.

I'm not happy that storing poison would be UB -- there are some potential Rust features we cannot implement due to this -- but if that's how things currently are, it's better to document them.

This also means that reg2mem is technically unsound since not all SSA values can actually be stored in memory; that pass should add `freeze` to avoid storing poison. Should I file an issue for that? (Unfortunately I won't be able to try and fix this myself.)

>From 7a5faab5361365a1e4d571ed6a8791c79fe27ee4 Mon Sep 17 00:00:00 2001
From: Ralf Jung <post at ralfj.de>
Date: Sat, 24 May 2025 11:10:55 +0200
Subject: [PATCH] LangRef: storing poison in memory is UB

---
 llvm/docs/LangRef.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/llvm/docs/LangRef.rst b/llvm/docs/LangRef.rst
index ad0755e1531df..242471cf7f5a4 100644
--- a/llvm/docs/LangRef.rst
+++ b/llvm/docs/LangRef.rst
@@ -11433,6 +11433,12 @@ If ``<value>`` is of aggregate type, padding is filled with
 :ref:`undef <undefvalues>`.
 If ``<pointer>`` is not a well-defined value, the behavior is undefined.
 
+If ``<value>`` is poison, then behavior currently is effectively undefined due
+to the fact that many LLVM passes assume they can do load widening, and having
+poison in memory would "infect" the entire widened load. This can hopefully be
+alleviated in the future, but until then, frontends should refrain from
+generating code that stores poison values in memory.
+
 Example:
 """"""""
 



More information about the llvm-commits mailing list