From: Evgeniy Stepanov Date: Mon, 9 Sep 2019 22:24:57 +0000 (+0000) Subject: LangRef: mention MSan's problem with speculative conditional branches. X-Git-Tag: llvmorg-11-init~9615 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f0e2755b45a42a3c3284c7a3cec82147065c36a2;p=platform%2Fupstream%2Fllvm.git LangRef: mention MSan's problem with speculative conditional branches. Summary: This short blurb aims to disallow optimizations like we had to revert (under MSan) in https://reviews.llvm.org/D21165 https://bugs.llvm.org/show_bug.cgi?id=28054 https://reviews.llvm.org/D67205 Reviewers: vitalybuka, efriedma Subscribers: llvm-commits Tags: #llvm Differential Revision: https://reviews.llvm.org/D67244 llvm-svn: 371461 --- diff --git a/llvm/docs/LangRef.rst b/llvm/docs/LangRef.rst index b953dbd..e061097 100644 --- a/llvm/docs/LangRef.rst +++ b/llvm/docs/LangRef.rst @@ -3245,6 +3245,17 @@ match what was already there. However, a store *to* an undefined location could clobber arbitrary memory, therefore, it has undefined behavior. +**MemorySanitizer**, a detector of uses of uninitialized memory, +defines a branch with condition that depends on an undef value (or +certain other values, like e.g. a result of a load from heap-allocated +memory that has never been stored to) to have an externally visible +side effect. For this reason functions with *sanitize_memory* +attribute are not allowed to produce such branches "out of thin +air". More strictly, an optimization that inserts a conditional branch +is only valid if in all executions where the branch condition has at +least one undefined bit, the same branch condition is evaluated in the +input IR as well. + .. _poisonvalues: Poison Values