On Sat, Apr 26, 2025 at 01:56:59PM -0700, Linus Torvalds wrote: > IOW, there's a *big* difference between "the programmer told me this > is unreachable, so I won't generate code past this point" and "I have > decided this is undefined behavior, so now I won't generate code past > this point". > > So what I'm asking for is absolutely not "trap on unreachable". That's > wrong and just plain stupid. > > I'm asking for "trap on UD instead of *assuming* it's unreachable". > > Because clearly that code *can* be reached, it's just doing something > undefined. > > See? Big big difference.
Ah yes, that is a big yet subtle difference that I had not considered, my bad for missing that. I was only thinking about the implicitly inserted __builtin_unreachable() from potential UB, not the explicitly added ones from the developers. I suspect that it would not be easy to split that distinction in LLVM but since I am not a compiler person, I will see if this has come up before and talk to people otherwise. I know there has been work in LLVM to try and stop undefined behavior from destroying control flow with things like the freeze instruction but I am not sure that would help us in this situation. Pardon my ignorance though, isn't something like this basically just '-fsanitize=undefined -fsanitize-trap=all'? Cheers, Nathan
