Differential D81678
Introduce noundef attribute at call sites for stricter poison analysis Authored by guiand on Jun 11 2020, 11:43 AM.
Details This change adds a new IR noundef attribute, which denotes when a function call argument or return val may never contain uninitialized bits. In MemorySanitizer, this attribute enables optimizations which decrease instrumented code size by up to 17% (measured with an instrumented build of clang) . I'll introduce the change allowing msan to take advantage of this information in a separate patch. Tests as a separate patch:
Diff Detail
Event TimelineThere are a very large number of changes, so older changes are hidden. Show Older Changes This comment was removed by guiand. Comment Actions I'd like to see some testcases for the C++ side of this. The following things all seem like they might be interesting: passing and returning classes and unions, especially ones that aren't trivially-copyable, nullptr_t, pointers to members, this parameters, VTTs, the "complete object" flag for MS ABI constructors, the this return from constructors in the ARM ABI, parameters and return values of virtual adjustment thunks.
Comment Actions Adds additional constraints on noundef: Not a nullptr_t, not a member pointer, and not coerced to a type of larger size. Disabled emitting in return position for non-C++ languages (or inside extern "C"). @rsmith, I just didn't address your comment about being conservative with black-holeing C++ functions returning undef. At least for msan purposes this shouldn't be a *too* much of a problem, but of course this attribute is for general use by LLVM passes. I'm just wondering what kind of tradeoff we want to make here, I suppose. Comment Actions Just saw your comment about tests as well. The idea was to have all tests ported over as part of a separate commit (I linked it in the main patch description) and then only to push either commit once both are ready to land. To make it easier to be sure this specific feature is working correctly, I can port over some of those tests to this patch for review purposes. Comment Actions Added an across-the-board test with several different interesting cases. @rsmith, I'm not sure how to test things like VTables/VTTs, since afaik the way they would be exposed to function attributes would be if a struct is being passed by value. But in that case, we currently never emit noundef. Comment Actions Looks good with suggestions applied, and with the portability problems in the test fixed. (Maybe just add a -triple? Though it would be good to also test inalloca and ARM constructor this returns and so on.)
Comment Actions To try to alleviate the tests issue, @eugenis and I discussed that it might be best to take it slow. So now this patch will mask off emitting the attribute on clang tests by default. Comment Actions I think I'd like someone to take a look at the llvm-lit changes to see if this makes sense as an approach Comment Actions I think it makes sense - IIUC, for most of the clang tests, noundef won't be the attribute of interest. Comment Actions Hello all, Comment Actions This change looks fine to me, but I'm slightly concerned about https://reviews.llvm.org/D85788 - see my last comment on that revision. Comment Actions As the discussion is spread out across multiple threads, do I understand correctly that the current consensus is to introduce the -disable-noundef-analysis flag, and explicitly add it to all the relevant tests (rather than adding it to the substitutions)? In any case, I'd recommend changing this patch to default -disable-noundef-analysis to true (so you need to compile with -disable-noundef-analysis=0 to get undef attributes). The flag can then be flipped together with the test changes. That should help get the main technical change landed directly, and avoid the need of landing patches at the same time. Comment Actions Yes, I think so.
This is a great idea! Aside from splitting the complexity of landing the large change, it also makes our downstream cleanup easier. In that case we should probably give the flag a positive name: -enable-noundef-analysis=(0|1). Comment Actions @guiand Do you plan to continue working on this patch? If not, I would try to finalize it. Comment Actions Changing the mechanism to explicit opt-in seems like a good idea, and bypasses the test issues. If everyone agrees about proceeding with this, I can fix up this patch within the next couple days and we can hopefully wrap this up! Comment Actions Any more comments/opinions? Comment Actions For sure. I'll upload a rebased patch shortly and give it another day or so for people to look, and then push if there aren't any issues. Comment Actions @rsmith already gave his blessing, so please go ahead. I hope you guys have a plan to enable this by default at some point as features behind a flag get rotten and no one uses them. | ||||||||||||||||||||||||||||||||||||||||||||||||