← Back to context

Comment by gpderetta

3 years ago

But again, the compiler did not find UB through static analysis. The compiler inferred that the pointer could not be null and removed a redundant check.

For example you would you not expect a compiler to remove a redundant bound check if it can infer that an index can't be out of range?

12 comments

gpderetta

Reply
vintermann  3 years ago

The compiler made a dangerous assumption that the standard permits ("the author surely has guaranteed, through means I can't analyze, that this pointer will never be null").

Then it encountered evidence explicitly contradicting that assumption (a meaningless null check), and it handled it not by changing its assumption, but by quietly removing the evidence.

> For example you would you not expect a compiler to remove a redundant bound check if it can infer that an index can't be out of range?

If it can infer it from actually good evidence, sure. But using "a pointer was dereferenced" as evidence "this pointer is safe to dereference" is comically bad evidence that only the C standard could come up with.

  • gpderetta  3 years ago

    > using "a pointer was dereferenced" as evidence "this pointer is safe to dereference" is comically bad evidence

    Do you think the compiler would be right to remove the second check here?

       if (!x) std::abort();
   if (!x) return;
   ... = *x;

    What about changing std::abort with the following?

       [[noreturn]] void my_abort();

    How's that different form a check after dereferencing a pointer? In both cases the check can be removed because dataflow or control flow analysis.

    What if my_abort returns instead? Or another thread changes x after the fact?

    • vintermann  3 years ago

      If I had written the above code, I had clearly done something wrong. I would not want the compiler to remove the second check. I'd want it to (at the very least) warn me about an unreachable return statement, so that I could remove the actual meaningless code.

      It's been long enough since I wrote C that I'm not familiar with that noreturn syntax or the contract I guess it implies, but control flow analysis which can prove the code will never be run, should all ideally warn me about it so that I can remove it in the source code, not quietly remove it from the object code.

      I'm not demanding that it should happen in every case, but the cases where it's undecidable whether a statement is reachable or not, obviously it's undecidable for purposes of optimizing away the statement too.

      1 reply →

    • xigoi  3 years ago 

         if (!x) std::abort();
   if (!x) return;

      In this case, the compiler should warn that the second statement will never be executed, instead of just silently removing it.

      7 replies →