[LLVMdev] Semantics of an Inbounds GetElementPtr

[Nicholas White]

Hi - I've got a question about what optimizations the "inbounds"
keyword of "getelementptr" allows you to use. In the code below, %five
is loaded from and inbounds offset of either a null pointer or %mem:

target datalayout = "e-i64:64-f80:128-n8:16:32:64-S128"

define i8 @func(i8* %mem) {
  %test = icmp eq i8* %mem, null
  br i1 %test, label %done, label %mem.is.valid
mem.is.valid:
  %1 = getelementptr inbounds i8, i8* %mem, i64 4
  store i8 5, i8* %1, align 4
  br label %done
done:
  %after.phi = phi i8* [ %mem, %mem.is.valid ], [ null, %0 ]
  %2 = getelementptr inbounds i8, i8* %after.phi, i64 4
  %five = load i8, i8* %2, align 4
  ret i8 %five
}

According to the documentation, "the result value of the getelementptr
is a poison value if the base pointer is not an in bounds address of
an allocated object", so does this mean it's valid to optimise the
function to:

define i8 @func(i8* %mem) {
  %test = icmp eq i8* %mem, null
  br i1 %test, label %done, label %mem.is.valid
mem.is.valid:
  ret i8 5
done:
  ret i8 undef
}

Or even this:

define i8 @func(i8* %mem) {
  ret i8 5
}

...? This is a reduced example of something I saw while running "opt"
on a test case that missed a null check. Thanks -

Nick