Displaying 20 results from an estimated 7000 matches similar to: "The semantics of nonnull attribute"
2020 Feb 18
2
The semantics of nonnull attribute
Not sure the semantics of "used" you propose is sufficient. AFAIU the proposal, "used" could only be used in cases where the function will always trigger UB if poison is passed as argument.
The semantics of attributes is usually the other way around, since function calls need to have UB as strong as the worst behavior of the function. If a function may for some reason trigger
2020 Feb 18
3
The semantics of nonnull attribute
Hi Johannes,
>> Not sure the semantics of "used" you propose is sufficient. AFAIU the
>> proposal, "used" could only be used in cases where the function will
>> always trigger UB if poison is passed as argument. The semantics of
>> attributes is usually the other way around, since function calls need
>> to have UB as strong as the worst
2020 Feb 18
8
The semantics of nonnull attribute
I think calling the attribute "used" is confusing. I'd suggest the following:
"not_poison": If an argument is marked not_poison, and the argument is poison at runtime, the call is instant UB. Whether an argument is poison is checked after the rules for other attributes like "nonnull" and "align" are applied.
This makes it clear that the IR semantics
2020 Feb 20
2
The semantics of nonnull attribute
Two thoughts:
1. I think that we should aim for regularity, to the extent possible, and so we should treat nonnull, align, etc. similarly w.r.t. to whether they produce poison or UB.
2. I was thinking about the following last night, and it clarified for me why having an not_poison attribute makes sense and seems useful, and how poison/UB might affect things on a function-call boundary itself.
2020 Feb 19
3
The semantics of nonnull attribute
On 02/19, Juneyoung Lee via llvm-dev wrote:
> Hello,
>
> > Would it be correct to resolve this by saying that dereferenceable(N)
> > *implies* not_poison? This would be helpful as a clarification of how
> > it all fits together.
>
> Yes, I think it makes sense.
I don't we should do that.
Take the `gep inbounds` example:
char* foo(char *arg) {
return `gep
2020 Feb 19
2
The semantics of nonnull attribute
On Wed, Feb 19, 2020 at 3:51 AM Juneyoung Lee via llvm-dev
<llvm-dev at lists.llvm.org> wrote:
> I think not_poison (Johannes's used keyword) makes sense. We can simulate the original UB semantics by simply attaching it, as explained.
> For the attributes other than nonnull, we may need more discussion; align attribute seems to be okay with defining it as poison, dereferenceable
2020 Oct 09
2
Undef and Poison round table follow-up & a plan
It is UB when a poison is passed to certain operations that raise UB on
poison, such as division by poison/dereferencing poison pointer/branching
on poison condition/etc.
Otherwise, poison is simply propagated, but it does not raise UB
Copying poison bytes is okay:
// Members are initialized to poison at object creation.
p = alloca {i8, i32} // p[0], p[4~7] are poison
q = alloca {i8, i32} // we
2020 Oct 09
2
Undef and Poison round table follow-up & a plan
>
> // Members are initialized to poison at object creation.
>> p = alloca {i8, i32} // p[0], p[4~7] are poison
>> p[0] is an i8, so it shouldn't be poison?
>
>
My interpretation of standard is that reading uninitialized char can also
yield trap representation.
If uninitialized, char variable has indeterminate value, and C/C++ does not
seem to forbid reading trap
2020 Oct 10
2
Undef and Poison round table follow-up & a plan
>
> Okay, it's just not immediately undefined behaviour. The C model has more
> issues because of the problem with how "trap representation" is defined
> (which precludes trap representations for unsigned char, two's complement
> signed char, etc.).
This interpretation is further stressed because C only explicitly ascribes
> undefined behaviour to trap
2020 Oct 08
2
Undef and Poison round table follow-up & a plan
> It is important to note that this applies to trap representations and not
to unspecified values. A structure or union never has a trap representation.
Yes, nondeterministic bits would work for padding of struct/union, as
described in (3) The third case is the value of struct/union padding.
For the members of struct/union, it is allowed to have trap representation,
so poison can be used.
2020 Sep 22
2
Is it valid to dereference a pointer that have undef bits in its offset?
Thank you for the infos; it seems making it raise UB is problematic.
Would clarifying it in LangRef be good? I can update the patch to contain
the information instead.
Another concern is then, how can we efficiently encode an assumption that a
pointer variable in IR does not have undef bits?
Certainly, in the front-end language, (most of) pointers won't have undef
bits, and it would be great
2016 Oct 18
8
RFC: Killing undef and spreading poison
Hi,
Over the past few years we've been trying to kill poison somehow. There have
been a few proposals, but they've all failed to pass the bar and/or to
gather significant support (my own proposals included).
We (David, Gil, John, Juneyoung, Sanjoy, Youngju, Yoonseung, and myself)
have a new proposal to kill undef instead and replace it with poison + a new
'freeze' instruction. We
2020 Oct 08
2
Undef and Poison round table follow-up & a plan
Hello all,
Thank everyone who participated in the (impromptu) round table discussion
on Tuesday.
For those who are interested, I share the summary of the discussion.
Also, I share a short-term plan regarding this issue and relevant patches.
*Fixing Miscompilations using Freeze*
-----------------------------------
To reduce the cost of fixing miscompilations using freeze instruction, we
need to
2016 Dec 06
2
RFC: Killing undef and spreading poison
Hi,
Thanks everybody that showed up in our talk at the LLVM dev meeting and to
those that provided feedback so far.
The slides are already online:
http://llvm.org/devmtg/2016-11/Slides/Lopes-LongLivePoison.pdf
The main question that some people raised was whether we could have bitwise
poison instead of value-wise poison, since that semantics seems to be more
natural as values continue to be just
2016 Oct 18
2
RFC: Killing undef and spreading poison
>> A use of freeze is to enable speculative execution. For example, loop
>> switching does the following transformation:
>> while (C) {
>> if (C2) {
>> A
>> } else {
>> B
>> }
>> }
>> =>
>> if (C2) {
>> while (C)
>> A
>> } else {
>> while (C)
>> B
>> }
>>
2019 Jan 18
2
Reducing the number of ptrtoint/inttoptrs that are generated by LLVM
Hello Sanjoy,
Yep, combining it with propagateEquality of pointers may raise problem. :\
However I believe propagateEquality should be fixed properly, and adding
psub also suggests a solution for that. :)
It is sound to replace a pointer with another if subtraction of them is 0:
a = malloc()
free(a)
b = malloc() // Assume b == a numerically
if ((psub inbounds a b) == 0) { // a and b are
2020 Sep 21
2
Is it valid to dereference a pointer that have undef bits in its offset?
I think we need to allow this. Otherwise, we have to prove that
addresses are non-undef before we can hoist or sink a memory
instruction. Today, aliasing can use things like known bits, and if we
imposed a no-undef in address requirement, we'd either need to replace
such reasoning in AA, or have passes which wish to hoist/sink check the
property afterwards.
Or to say it differently, I
2019 Feb 27
3
funnel shift, select, and poison
You are right: select in SDAG has to be poison-blocking as well,
otherwise the current lowering from IR's select to SDAG's select would
be wrong. Which makes the select->or transformation incorrect at SDAG
level as well.
I guess until recently people believed that poison in SDAG wasn't much
of a problem (myself included). I was convinced otherwise with the
test cases that
2015 Jun 01
4
[LLVMdev] RFC: Adding attribute(nonnull) to things in libc++
This weekend, I got an email from Nuno Lopes informing me that UBSAN now
paid attention to attribute(nonnull), and he was having some problems with
it going off when using libc++.
I did some investigation, and found that he was exactly right - there were
places (deep inside the vector code, for example) which called
std::memcpy(null, null, 0) - which is definitely UB.
In an ideal world, our C
2019 Nov 27
2
LangRef semantics for shufflevector with undef mask is incorrect
Ok, makes sense.
My suggestion is that we patch the IR Verifier to ensure that the mask is
indeed a vector of constants and/or undefs. Right now it only runs the
standard checks for instructions.
We will also run Alive2 on the test suite to make sure undef is never
replaced in practice.
Thanks,
Nuno
-----Original Message-----
From: Eli Friedman <efriedma at quicinc.com>
Sent: 27 de