[LLVMdev] RFC: implicit null checks in llvm
Sanjoy Das
sanjoy at playingwithpointers.com
Fri Apr 24 16:14:36 PDT 2015
I don't think we can expose the memory operations directly from a
semantic, theoretical point of view. Whether practically we can do
this or not is a different question.
Does LLVM do optimizations like these at the machine instruction
level?
if (condition)
T = *X // normal load, condition guards against null
EH_LABEL // clobbers all
U = *X // implicit null check, branches out on fault
EH_LABEL // clobbers all
...
=>
since the second "load" from X always happens, X must be
dereferenceable
T = *X // miscompile here
EH_LABEL // clobbers all
U = *X // implicit null check, branches out on fault
EH_LABEL // clobbers all
...
The fundamental problem, of course, is that we're hiding the real
control flow which is
if (!is_dereferenceable(X)) branch_out;
U = *X
> We don’t need to support patching at the load. Patch points will be needed
> to “heal” bad implicit null checks, but that is probably better done by
> patching call sites into the optimized code. Eventually, someone may want to
> be able to patch their implicit null checks, and they’ll just need to use a
> patchpoint to do that instead.
Agreed.
-- Sanjoy
More information about the llvm-dev
mailing list