GitHub (Feb 28 2020 at 23:25): GitHub (Feb 28 2020 at 23:25):alexcrichton transferred Issue #589:
What if we added
heap_loadandheap_storeinstructions, which would roughly be legalized intoheap_addr+loadandheap_addr+store. That way, frontends could produce Cranelift IR without themselves dealing with plainloadandstore, which would eliminate the possibility of misusing them and facing undefined behavior.The next step would be to add a wasm-like indirect call instruction, possibly named
table_call. This would be more complex because we don't yet have a builtin way to legalize this that includes signature checking, but it's doable.Then, it's plausible to imagine defining an IR subset which is completely safe, yet still reasonably complete. We could then clearly document unsafe constructs like
loadandstoreas such, possibly with an optional verifier pass that could enforce that no unsafe constructs are present, and make it easy for people to generate IR without having to worry about undefined behavior.
Last updated: Dec 06 2025 at 05:03 UTC