From 663157964b2402f2f486d6efbc8401e78db5000e Mon Sep 17 00:00:00 2001 From: Evgeniy Stepanov Date: Mon, 9 Sep 2019 22:24:57 +0000 Subject: [PATCH] LangRef: mention MSan's problem with speculative conditional branches. Summary: This short blurb aims to disallow optimizations like we had to revert (under MSan) in https://reviews.llvm.org/D21165 https://bugs.llvm.org/show_bug.cgi?id=28054 https://reviews.llvm.org/D67205 Reviewers: vitalybuka, efriedma Subscribers: llvm-commits Tags: #llvm Differential Revision: https://reviews.llvm.org/D67244 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@371461 91177308-0d34-0410-b5e6-96231b3b80d8 --- docs/LangRef.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/LangRef.rst b/docs/LangRef.rst index b953dbd0f17..e0610974f30 100644 --- a/docs/LangRef.rst +++ b/docs/LangRef.rst @@ -3245,6 +3245,17 @@ match what was already there. However, a store *to* an undefined location could clobber arbitrary memory, therefore, it has undefined behavior. +**MemorySanitizer**, a detector of uses of uninitialized memory, +defines a branch with condition that depends on an undef value (or +certain other values, like e.g. a result of a load from heap-allocated +memory that has never been stored to) to have an externally visible +side effect. For this reason functions with *sanitize_memory* +attribute are not allowed to produce such branches "out of thin +air". More strictly, an optimization that inserts a conditional branch +is only valid if in all executions where the branch condition has at +least one undefined bit, the same branch condition is evaluated in the +input IR as well. + .. _poisonvalues: Poison Values -- 2.40.0