On Mon, 13 Nov 2023, Richard Biener wrote:
> > Ideally we'd position it such that more locals are put in SSA form,
> > but not too late to miss some UB, right? Perhaps after first pass_ccp?
>
> I guess it’s worth experimenting. Even doing it right before RTL expansion
> might work. Note if you pick ccp you have to use a separate place for -O0
While Daniil is experimenting with this, I want to raise my concern about
attempting this instrumentation too late. Consider the main thing we are
trying to catch:
// inlined operator new:
this->foo = 42;
// inlined constructor:
*this = { CLOBBER };
// caller:
int tmp = this->foo;
return tmp;
Our instrumentation adds
__valgrind_make_mem_undefined(this, sizeof *this);
immediately after the clobber.
I am concerned that if GCC ever learns to leave out the following access
to 'this->foo', leaving tmp uninitialized, we will end up with:
this->foo = 42;
*this = { CLOBBER };
__valgrind_make_mem_undefined(this, sizeof *this);
int tmp(D);
return tmp(D); // uninitialized
and Valgrind will not report anything since the invalid load is optimized out.
With early instrumentation such optimization is not going to happen, since the
builtin may modify *this.
Is my concern reasonable?
Thanks.
Alexander
