[llvm-dev] Calling a null pointer. How undefined it is?

David Chisnall via llvm-dev llvm-dev at lists.llvm.org
Tue Jun 14 06:23:48 PDT 2016

On 14 Jun 2016, at 14:21, Gor Nishanov via llvm-dev <llvm-dev at lists.llvm.org> wrote:
> You are right. After thinking a bit more, reading your reply and
> re-reading llvm blog post on undefined behavior, I realized, duh,
> that even on systems where NULL access results in a crash we can
> still get into a bad situation.
>  struct State {
>     FnPtr Fn;
>     State() : Fn(&SomeFunction) {}
>     void Go() { (*Fn)(); } // may be devirtualized to SomeFunction()
>     void Stop() { Fn = nullptr; }
>     bool IsDone() { return Fn == nullptr; }
>   };
> Since, calling Go() when the state machine has reached the "Done"
> state is undefined, it is perfectly legal to replace an indirect
> call with direct call to its target. Thus, if the user end up
> calling Go() in a done state, it won't crash, but, invoke SomeFunction()
> which may do some bad things since we are no longer in a valid state.

It seems that you could easily achieve what you want by replacing nullptr with abort in this example.  IsDone would be slightly more expensive (compare address of a global to Fn, rather than 0), but I doubt you’d be able to measure the difference in most code.


More information about the llvm-dev mailing list