This is an archive of the discontinued LLVM Phabricator instance.

Differential D86643

[LangRef] Memset/memcpy/memmove can take undef/poison pointer if the size is 0
ClosedPublic

Authored by aqjune on Aug 26 2020, 10:14 AM.

Details

Reviewers
jdoerfert
efriedma
Commits
rG24dd04116db3: [LangRef] Memset/memcpy/memmove can take undef/poison pointer if the size is 0
Summary

According to the current LangRef, Memset/memcpy/memmove can take a
null/dangling pointer if the size is zero.
(Relevant thread: http://lists.llvm.org/pipermail/llvm-dev/2017-July/115665.html )
This patch expands it and allows the functions to take undef/poison pointers
too.

This required the updates in the align attribute since it isn't specified
what is the alignment of undef/poison pointers.
This patch states that their alignment is 1.

Diff Detail

Event Timeline

aqjune created this revision.Aug 26 2020, 10:14 AM
Herald added a project: Restricted Project. · View Herald TranscriptAug 26 2020, 10:14 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
aqjune requested review of this revision.Aug 26 2020, 10:14 AM
aqjune mentioned this in D86576: [IR] Add NoUndef attribute to Intrinsics.td.Aug 26 2020, 10:15 AM
jdoerfert added inline comments.Aug 26 2020, 10:19 AM
llvm/docs/LangRef.rst
1161

Unsure if this is needed TBH. Might be confusing.

aqjune added inline comments.Aug 26 2020, 10:26 AM
llvm/docs/LangRef.rst
1161

Would it be better if I move this next to However, they must still be appropriately aligned. for a better context?

aqjune added inline comments.Aug 26 2020, 11:00 AM
llvm/docs/LangRef.rst
1161

This sentence was added to clarify this case:

ptr = poison
memset(ptr align 1, 0, 0) // UB?

Since memset(ptr, 0, 0) is equivalent to memset(ptr align 1, 0, 0), making the latter non-UB seemed natural to me.

Harbormaster completed remote builds in B69631: Diff 288025.Aug 26 2020, 11:10 AM
efriedma added inline comments.Aug 26 2020, 11:19 AM
llvm/docs/LangRef.rst
1161

I think I would rather state it more like "align 1 has no effect on non-byval arguments", rather than explicitly refer to undef values. The practical effect is the same, and I think it makes it easier to understand the expected semantics.

12654–12655

"pointers"?

nikic added a subscriber: nikic.Aug 26 2020, 11:22 AM
aqjune updated this revision to Diff 288067.Aug 26 2020, 12:07 PM

Updated wording about align 1

jdoerfert added inline comments.Aug 26 2020, 12:07 PM
llvm/docs/LangRef.rst
1161

Right, everything has an implicit align 1 anyway, at least that was my thinking so far. So align 1 is a "no-op" on any pointer value.

aqjune updated this revision to Diff 288070.Aug 26 2020, 12:11 PM
aqjune marked an inline comment as done.

Minor updates to wording

aqjune marked an inline comment as done.Aug 26 2020, 12:13 PM
aqjune added inline comments.
llvm/docs/LangRef.rst
12654–12655

Hope this was a right fix..? :)

efriedma added inline comments.Aug 26 2020, 1:00 PM
llvm/docs/LangRef.rst
12654–12655

That's an improvement, sure. I was thinking about the existing use of "pointers" here, though, since there's only one pointer argument.

Harbormaster completed remote builds in B69651: Diff 288067.Aug 26 2020, 1:18 PM
aqjune updated this revision to Diff 288097.Aug 26 2020, 1:20 PM

Wording fix

aqjune updated this revision to Diff 288098.Aug 26 2020, 1:22 PM

Wording fix

aqjune marked an inline comment as done.Aug 26 2020, 1:24 PM
Harbormaster completed remote builds in B69655: Diff 288070.Aug 26 2020, 1:37 PM
efriedma accepted this revision.Aug 26 2020, 1:48 PM

LGTM

This revision is now accepted and ready to land.Aug 26 2020, 1:48 PM
This revision was landed with ongoing or failed builds.Aug 26 2020, 2:19 PM
Closed by commit rG24dd04116db3: [LangRef] Memset/memcpy/memmove can take undef/poison pointer if the size is 0 (authored by aqjune). · Explain Why
This revision was automatically updated to reflect the committed changes.
aqjune added a commit: rG24dd04116db3: [LangRef] Memset/memcpy/memmove can take undef/poison pointer if the size is 0.
Harbormaster completed remote builds in B69670: Diff 288097.Aug 26 2020, 2:59 PM
Harbormaster completed remote builds in B69671: Diff 288098.Aug 26 2020, 3:09 PM
aqjune mentioned this in D95238: [LangRef] Update memory access ops to raise UB if ptrs are not well defined.Jan 24 2021, 6:06 PM

Revision Contents

PathSize
llvm/
docs/
21 lines

Diff 288115

llvm/docs/LangRef.rst

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,151 Lines▼ Show 20 Lines``sret``
to trap and to be properly aligned. This is not a valid attribute to trap and to be properly aligned. This is not a valid attribute
for return values. for return values.
.. _attr_align: .. _attr_align:
``align <n>`` or ``align(<n>)`` ``align <n>`` or ``align(<n>)``
This indicates that the pointer value may be assumed by the optimizer to This indicates that the pointer value may be assumed by the optimizer to
have the specified alignment. If the pointer value does not have the have the specified alignment. If the pointer value does not have the
specified alignment, behavior is undefined. specified alignment, behavior is undefined. ``align 1`` has no effect on
non-byval, non-preallocated arguments.
jdoerfertUnsubmitted
Not Done
ReplyInline Actions

Unsure if this is needed TBH. Might be confusing.

jdoerfert: Unsure if this is needed TBH. Might be confusing.
aqjuneAuthorUnsubmitted
Done
ReplyInline Actions

Would it be better if I move this next to However, they must still be appropriately aligned. for a better context?

aqjune: Would it be better if I move this next to `However, they must still be appropriately aligned.`…
aqjuneAuthorUnsubmitted
Done
ReplyInline Actions

This sentence was added to clarify this case:

ptr = poison
memset(ptr align 1, 0, 0) // UB?

Since memset(ptr, 0, 0) is equivalent to memset(ptr align 1, 0, 0), making the latter non-UB seemed natural to me.

aqjune: This sentence was added to clarify this case: ``` ptr = poison memset(ptr align 1, 0, 0) // UB?
efriedmaUnsubmitted
Done
ReplyInline Actions

I think I would rather state it more like "align 1 has no effect on non-byval arguments", rather than explicitly refer to undef values. The practical effect is the same, and I think it makes it easier to understand the expected semantics.

efriedma: I think I would rather state it more like "`align 1` has no effect on non-byval arguments"…
jdoerfertUnsubmitted
Done
ReplyInline Actions

Right, everything has an implicit align 1 anyway, at least that was my thinking so far. So align 1 is a "no-op" on any pointer value.

jdoerfert: Right, everything has an implicit `align 1` anyway, at least that was my thinking so far. So…
Note that this attribute has additional semantics when combined with the Note that this attribute has additional semantics when combined with the
``byval`` attribute, which are documented there. ``byval`` or ``preallocated`` attribute, which are documented there.
.. _noalias: .. _noalias:
``noalias`` ``noalias``
This indicates that memory locations accessed via pointer values This indicates that memory locations accessed via pointer values
:ref:`based <pointeraliasing>` on the argument or return value are not also :ref:`based <pointeraliasing>` on the argument or return value are not also
accessed, during the execution of the function, via pointer values not accessed, during the execution of the function, via pointer values not
*based* on the argument or return value. This guarantee only holds for *based* on the argument or return value. This guarantee only holds for
▲ Show 20 LinesShow All 11,301 Lines▼ Show 20 Lines
"""""""""" """"""""""
The '``llvm.memcpy.*``' intrinsics copy a block of memory from the The '``llvm.memcpy.*``' intrinsics copy a block of memory from the
source location to the destination location, which are not allowed to source location to the destination location, which are not allowed to
overlap. It copies "len" bytes of memory over. If the argument is known overlap. It copies "len" bytes of memory over. If the argument is known
to be aligned to some boundary, this can be specified as an attribute on to be aligned to some boundary, this can be specified as an attribute on
the argument. the argument.
If "len" is 0, the pointers may be NULL or dangling. However, they must still If "len" is 0, the pointers may be NULL, dangling, ``undef``, or ``poison``
be appropriately aligned. pointers. However, they must still be appropriately aligned.
.. _int_memcpy_inline: .. _int_memcpy_inline:
'``llvm.memcpy.inline``' Intrinsic '``llvm.memcpy.inline``' Intrinsic
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Syntax: Syntax:
""""""" """""""
Show All 39 Lines
"""""""""" """"""""""
The '``llvm.memcpy.inline.*``' intrinsics copy a block of memory from the The '``llvm.memcpy.inline.*``' intrinsics copy a block of memory from the
source location to the destination location, which are not allowed to source location to the destination location, which are not allowed to
overlap. It copies "len" bytes of memory over. If the argument is known overlap. It copies "len" bytes of memory over. If the argument is known
to be aligned to some boundary, this can be specified as an attribute on to be aligned to some boundary, this can be specified as an attribute on
the argument. the argument.
If "len" is 0, the pointers may be NULL or dangling. However, they must still If "len" is 0, the pointers may be NULL, dangling, ``undef``, or ``poison``
be appropriately aligned. pointers. However, they must still be appropriately aligned.
The generated code is guaranteed not to call any external functions. The generated code is guaranteed not to call any external functions.
.. _int_memmove: .. _int_memmove:
'``llvm.memmove``' Intrinsic '``llvm.memmove``' Intrinsic
^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
▲ Show 20 LinesShow All 42 Lines▼ Show 20 Lines
"""""""""" """"""""""
The '``llvm.memmove.*``' intrinsics copy a block of memory from the The '``llvm.memmove.*``' intrinsics copy a block of memory from the
source location to the destination location, which may overlap. It source location to the destination location, which may overlap. It
copies "len" bytes of memory over. If the argument is known to be copies "len" bytes of memory over. If the argument is known to be
aligned to some boundary, this can be specified as an attribute on aligned to some boundary, this can be specified as an attribute on
the argument. the argument.
If "len" is 0, the pointers may be NULL or dangling. However, they must still If "len" is 0, the pointers may be NULL, dangling, ``undef``, or ``poison``
be appropriately aligned. pointers. However, they must still be appropriately aligned.
.. _int_memset: .. _int_memset:
'``llvm.memset.*``' Intrinsics '``llvm.memset.*``' Intrinsics
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Syntax: Syntax:
""""""" """""""
Show All 37 Lines
Semantics: Semantics:
"""""""""" """"""""""
The '``llvm.memset.*``' intrinsics fill "len" bytes of memory starting The '``llvm.memset.*``' intrinsics fill "len" bytes of memory starting
at the destination location. If the argument is known to be at the destination location. If the argument is known to be
aligned to some boundary, this can be specified as an attribute on aligned to some boundary, this can be specified as an attribute on
the argument. the argument.
If "len" is 0, the pointers may be NULL or dangling. However, they must still If "len" is 0, the pointer may be NULL, dangling, ``undef``, or ``poison``
be appropriately aligned. pointer. However, it must still be appropriately aligned.
efriedmaUnsubmitted
Not Done
ReplyInline Actions

"pointers"?

efriedma: "pointers"?
aqjuneAuthorUnsubmitted
Done
ReplyInline Actions

Hope this was a right fix..? :)

aqjune: Hope this was a right fix..? :)
efriedmaUnsubmitted
Done
ReplyInline Actions

That's an improvement, sure. I was thinking about the existing use of "pointers" here, though, since there's only one pointer argument.

efriedma: That's an improvement, sure. I was thinking about the existing use of "pointers" here, though…
'``llvm.sqrt.*``' Intrinsic '``llvm.sqrt.*``' Intrinsic
^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^
Syntax: Syntax:
""""""" """""""
This is an overloaded intrinsic. You can use ``llvm.sqrt`` on any This is an overloaded intrinsic. You can use ``llvm.sqrt`` on any
▲ Show 20 LinesShow All 8,102 LinesShow Last 20 Lines