Skip to content

Commit

Permalink
[msan] Stop propagating shadow in blacklisted functions.
Browse files Browse the repository at this point in the history
With this change all values passed through blacklisted functions
become fully initialized. Previous behavior was to initialize all
loads in blacklisted functions, but apply normal shadow propagation
logic for all other operation.

This makes blacklist applicable in a wider range of situations.

It also makes code for blacklisted functions a lot shorter, which
works as yet another workaround for PR17409.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@212268 91177308-0d34-0410-b5e6-96231b3b80d8
  • Loading branch information
eugenis committed Jul 3, 2014
1 parent 1bb48fa commit 76a2f8d
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 14 deletions.
20 changes: 11 additions & 9 deletions lib/Transforms/Instrumentation/MemorySanitizer.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -511,7 +511,7 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {
// The following flags disable parts of MSan instrumentation based on
// blacklist contents and command-line options.
bool InsertChecks;
bool LoadShadow;
bool PropagateShadow;
bool PoisonStack;
bool PoisonUndef;
bool CheckReturnValue;
Expand All @@ -532,7 +532,7 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {
bool SanitizeFunction = F.getAttributes().hasAttribute(
AttributeSet::FunctionIndex, Attribute::SanitizeMemory);
InsertChecks = SanitizeFunction;
LoadShadow = SanitizeFunction;
PropagateShadow = SanitizeFunction;
PoisonStack = SanitizeFunction && ClPoisonStack;
PoisonUndef = SanitizeFunction && ClPoisonUndef;
// FIXME: Consider using SpecialCaseList to specify a list of functions that
Expand Down Expand Up @@ -716,13 +716,14 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {

// Finalize PHI nodes.
for (PHINode *PN : ShadowPHINodes) {
Value *S = getShadow(PN);
if (isa<Constant>(S)) continue;
PHINode *PNS = cast<PHINode>(getShadow(PN));
PHINode *PNO = MS.TrackOrigins ? cast<PHINode>(getOrigin(PN)) : nullptr;
size_t NumValues = PN->getNumIncomingValues();
for (size_t v = 0; v < NumValues; v++) {
PNS->addIncoming(getShadow(PN, v), PN->getIncomingBlock(v));
if (PNO)
PNO->addIncoming(getOrigin(PN, v), PN->getIncomingBlock(v));
if (PNO) PNO->addIncoming(getOrigin(PN, v), PN->getIncomingBlock(v));
}
}

Expand Down Expand Up @@ -856,7 +857,7 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {
/// \brief Set SV to be the shadow value for V.
void setShadow(Value *V, Value *SV) {
assert(!ShadowMap.count(V) && "Values may only have one shadow");
ShadowMap[V] = SV;
ShadowMap[V] = PropagateShadow ? SV : getCleanShadow(V);
}

/// \brief Set Origin to be the origin value for V.
Expand Down Expand Up @@ -908,6 +909,7 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {
/// This function either returns the value set earlier with setShadow,
/// or extracts if from ParamTLS (for function arguments).
Value *getShadow(Value *V) {
if (!PropagateShadow) return getCleanShadow(V);
if (Instruction *I = dyn_cast<Instruction>(V)) {
// For instructions the shadow is already stored in the map.
Value *Shadow = ShadowMap[V];
Expand Down Expand Up @@ -1075,7 +1077,7 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {
IRBuilder<> IRB(I.getNextNode());
Type *ShadowTy = getShadowTy(&I);
Value *Addr = I.getPointerOperand();
if (LoadShadow) {
if (PropagateShadow) {
Value *ShadowPtr = getShadowPtr(Addr, ShadowTy, IRB);
setShadow(&I,
IRB.CreateAlignedLoad(ShadowPtr, I.getAlignment(), "_msld"));
Expand All @@ -1090,7 +1092,7 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {
I.setOrdering(addAcquireOrdering(I.getOrdering()));

if (MS.TrackOrigins) {
if (LoadShadow) {
if (PropagateShadow) {
unsigned Alignment = std::max(kMinOriginAlignment, I.getAlignment());
setOrigin(&I,
IRB.CreateAlignedLoad(getOriginPtr(Addr, IRB), Alignment));
Expand Down Expand Up @@ -1757,7 +1759,7 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {
Value *Addr = I.getArgOperand(0);

Type *ShadowTy = getShadowTy(&I);
if (LoadShadow) {
if (PropagateShadow) {
Value *ShadowPtr = getShadowPtr(Addr, ShadowTy, IRB);
// We don't know the pointer alignment (could be unaligned SSE load!).
// Have to assume to worst case.
Expand All @@ -1770,7 +1772,7 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {
insertShadowCheck(Addr, &I);

if (MS.TrackOrigins) {
if (LoadShadow)
if (PropagateShadow)
setOrigin(&I, IRB.CreateLoad(getOriginPtr(Addr, IRB)));
else
setOrigin(&I, getCleanOrigin());
Expand Down
8 changes: 3 additions & 5 deletions test/Instrumentation/MemorySanitizer/msan_basic.ll
Original file line number Diff line number Diff line change
Expand Up @@ -683,7 +683,7 @@ entry:
; CHECK: ret void


; Test that checks are omitted but shadow propagation is kept if
; Test that checks are omitted and returned value is always initialized if
; sanitize_memory attribute is missing.

define i32 @NoSanitizeMemory(i32 %x) uwtable {
Expand All @@ -703,9 +703,7 @@ declare void @bar()

; CHECK: @NoSanitizeMemory
; CHECK-NOT: @__msan_warning
; CHECK: load i32* {{.*}} @__msan_param_tls
; CHECK-NOT: @__msan_warning
; CHECK: store {{.*}} @__msan_retval_tls
; CHECK: store i32 0, {{.*}} @__msan_retval_tls
; CHECK-NOT: @__msan_warning
; CHECK: ret i32

Expand Down Expand Up @@ -828,7 +826,7 @@ entry:

declare i32 @InnerTailCall(i32 %a)

define void @MismatchedReturnTypeTailCall(i32 %a) {
define void @MismatchedReturnTypeTailCall(i32 %a) sanitize_memory {
%b = tail call i32 @InnerTailCall(i32 %a)
ret void
}
Expand Down

0 comments on commit 76a2f8d

Please sign in to comment.