[PATCH] D47085: [msan] Don't check divisor shadow in fdiv.

Evgenii Stepanov via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri May 18 13:20:37 PDT 2018 

eugenis created this revision.
eugenis added a reviewer: kcc.
Herald added a subscriber: hiraditya.

Floating point division by zero or even undef does not have undefined
behavior and may occur due to optimizations.

Fixes https://bugs.llvm.org/show_bug.cgi?id=37523.


https://reviews.llvm.org/D47085

Files:
  compiler-rt/lib/msan/tests/msan_test.cc
  compiler-rt/test/msan/vector_div.cc
  llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
  llvm/test/Instrumentation/MemorySanitizer/msan_basic.ll


Index: llvm/test/Instrumentation/MemorySanitizer/msan_basic.ll
===================================================================
--- llvm/test/Instrumentation/MemorySanitizer/msan_basic.ll
+++ llvm/test/Instrumentation/MemorySanitizer/msan_basic.ll
@@ -417,6 +417,21 @@
 ; CHECK-NOT: icmp
 ; CHECK: ret i32
 
+; Check that fdiv, unlike udiv, simply propagates shadow.
+
+define float @FDiv(float %a, float %b) nounwind uwtable readnone sanitize_memory {
+entry:
+  %c = fdiv float %a, %b
+  ret float %c
+}
+
+; CHECK-LABEL: @FDiv
+; CHECK: %[[SA:.*]] = load i32,{{.*}}@__msan_param_tls
+; CHECK: %[[SB:.*]] = load i32,{{.*}}@__msan_param_tls
+; CHECK: %[[SC:.*]] = or i32 %[[SB]], %[[SA]]
+; CHECK: = fdiv float
+; CHECK: store i32 %[[SC]], i32* {{.*}}@__msan_retval_tls
+; CHECK: ret float
 
 ; Check that we propagate shadow for x<0, x>=0, etc (i.e. sign bit tests)
 
Index: llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
===================================================================
--- llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
+++ llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
@@ -1841,20 +1841,23 @@
   void visitSub(BinaryOperator &I) { handleShadowOr(I); }
   void visitXor(BinaryOperator &I) { handleShadowOr(I); }
 
-  void handleDiv(Instruction &I) {
+  void handleIntegerDiv(Instruction &I) {
     IRBuilder<> IRB(&I);
     // Strict on the second argument.
     insertShadowCheck(I.getOperand(1), &I);
     setShadow(&I, getShadow(&I, 0));
     setOrigin(&I, getOrigin(&I, 0));
   }
 
-  void visitUDiv(BinaryOperator &I) { handleDiv(I); }
-  void visitSDiv(BinaryOperator &I) { handleDiv(I); }
-  void visitFDiv(BinaryOperator &I) { handleDiv(I); }
-  void visitURem(BinaryOperator &I) { handleDiv(I); }
-  void visitSRem(BinaryOperator &I) { handleDiv(I); }
-  void visitFRem(BinaryOperator &I) { handleDiv(I); }
+  void visitUDiv(BinaryOperator &I) { handleIntegerDiv(I); }
+  void visitSDiv(BinaryOperator &I) { handleIntegerDiv(I); }
+  void visitURem(BinaryOperator &I) { handleIntegerDiv(I); }
+  void visitSRem(BinaryOperator &I) { handleIntegerDiv(I); }
+
+  // Floating point division is side-effect free. We can not require that the
+  // divisor is fully initialized and must propagate shadow. See PR37523.
+  void visitFDiv(BinaryOperator &I) { handleShadowOr(I); }
+  void visitFRem(BinaryOperator &I) { handleShadowOr(I); }
 
   /// Instrument == and != comparisons.
   ///
Index: compiler-rt/test/msan/vector_div.cc
===================================================================
--- /dev/null
+++ compiler-rt/test/msan/vector_div.cc
@@ -0,0 +1,17 @@
+// Regression test for https://bugs.llvm.org/show_bug.cgi?id=37523
+
+// RUN: %clangxx_msan -O0 %s -o %t && %run %t
+// RUN: %clangxx_msan -O3 %s -o %t && %run %t
+// REQUIRES: x86_64-target-arch
+
+#include <assert.h>
+#include <emmintrin.h>
+
+int main() {
+  volatile int scale = 5;
+  volatile auto zz = _mm_div_ps(_mm_set1_ps(255), _mm_set1_ps(scale));
+  assert(zz[0] == 51);
+  assert(zz[1] == 51);
+  assert(zz[2] == 51);
+  assert(zz[3] == 51);
+}
Index: compiler-rt/lib/msan/tests/msan_test.cc
===================================================================
--- compiler-rt/lib/msan/tests/msan_test.cc
+++ compiler-rt/lib/msan/tests/msan_test.cc
@@ -4044,7 +4044,6 @@
 typedef U2 V4x16 __attribute__((__vector_size__(8)));
 typedef U1 V8x8 __attribute__((__vector_size__(8)));
 
-
 V8x16 shift_sse2_left_scalar(V8x16 x, U4 y) {
   return _mm_slli_epi16(x, y);
 }


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D47085.147575.patch
Type: text/x-patch
Size: 3504 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180518/874d5aed/attachment.bin>

More information about the llvm-commits mailing list