[llvm-dev] Possible soundness issue with available_externally (split from "RFC: Add guard intrinsics")
Sanjoy Das via llvm-dev
llvm-dev at lists.llvm.org
Wed Feb 24 22:25:54 PST 2016
Hal Finkel wrote:
> But it is not all optimizations that are the problem. Rather, it
> seems like a select few (e.g. things involving collapsing allowed
> non-determinism in atomics), and losing those optimizations seems
> better than generally losing function-attribute deduction.
If we go by the langref, then optimizations that fold undef are also
problematic (though most C/C++ programs resulting in such IR would
have UB in practice).
I think there are non-(non-deterministic) problematic cases too. The
following won't happen today since `readnone` does not imply
`safe_to_speculate`, but if we add a `safe_to_speculate` property some
day:
int foo(bool C) available_externally {
if (C)
((int *) null)++; // UB
ret 42;
}
void bar() {
if (<some cond>)
foo(true);
}
Now, normally you can just delete the `if (C)` branch in foo, and it
would become just a `ret 42`, and would look like it is speculatable
above the `<some cond>` check. But if you then link with an -O0
version, you'll have introduced UB if `<some cond>` is always false at
runtime.
Today this won't happen since we don't speculate `readnone nounwind`
functions, but could become a problem in the future.
-- Sanjoy
More information about the llvm-dev
mailing list