[llvm] r337571 - [MSan] run materializeChecks() before materializeStores()
Alexander Potapenko via llvm-commits
llvm-commits at lists.llvm.org
Fri Jul 20 09:28:49 PDT 2018
Author: glider
Date: Fri Jul 20 09:28:49 2018
New Revision: 337571
URL: http://llvm.org/viewvc/llvm-project?rev=337571&view=rev
Log:
[MSan] run materializeChecks() before materializeStores()
When pointer checking is enabled, it's important that every pointer is
checked before its value is used.
For stores MSan used to generate code that calculates shadow/origin
addresses from a pointer before checking it.
For userspace this isn't a problem, because the shadow calculation code
is quite simple and compiler is able to move it after the check on -O2.
But for KMSAN getShadowOriginPtr() creates a runtime call, so we want the
check to be performed strictly before that call.
Swapping materializeChecks() and materializeStores() resolves the issue:
both functions insert code before the given IR location, so the new
insertion order guarantees that the code calculating shadow address is
between the address check and the memory access.
Modified:
llvm/trunk/lib/Transforms/Instrumentation/MemorySanitizer.cpp
llvm/trunk/test/Instrumentation/MemorySanitizer/check_access_address.ll
Modified: llvm/trunk/lib/Transforms/Instrumentation/MemorySanitizer.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/Instrumentation/MemorySanitizer.cpp?rev=337571&r1=337570&r2=337571&view=diff
==============================================================================
--- llvm/trunk/lib/Transforms/Instrumentation/MemorySanitizer.cpp (original)
+++ llvm/trunk/lib/Transforms/Instrumentation/MemorySanitizer.cpp Fri Jul 20 09:28:49 2018
@@ -918,9 +918,6 @@ struct MemorySanitizerVisitor : public I
StoreInst *NewSI = IRB.CreateAlignedStore(Shadow, ShadowPtr, Alignment);
LLVM_DEBUG(dbgs() << " STORE: " << *NewSI << "\n");
- if (ClCheckAccessAddress)
- insertShadowCheck(Addr, NewSI);
-
if (SI->isAtomic())
SI->setOrdering(addReleaseOrdering(SI->getOrdering()));
@@ -1024,13 +1021,13 @@ struct MemorySanitizerVisitor : public I
InstrumentationList.size() + StoreList.size() >
(unsigned)ClInstrumentationWithCallThreshold;
- // Delayed instrumentation of StoreInst.
- // This may add new checks to be inserted later.
- materializeStores(InstrumentWithCalls);
-
// Insert shadow value checks.
materializeChecks(InstrumentWithCalls);
+ // Delayed instrumentation of StoreInst.
+ // This may not add new address checks.
+ materializeStores(InstrumentWithCalls);
+
return true;
}
@@ -1490,6 +1487,8 @@ struct MemorySanitizerVisitor : public I
/// Optionally, checks that the store address is fully defined.
void visitStoreInst(StoreInst &I) {
StoreList.push_back(&I);
+ if (ClCheckAccessAddress)
+ insertShadowCheck(I.getPointerOperand(), &I);
}
void handleCASOrRMW(Instruction &I) {
Modified: llvm/trunk/test/Instrumentation/MemorySanitizer/check_access_address.ll
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Instrumentation/MemorySanitizer/check_access_address.ll?rev=337571&r1=337570&r2=337571&view=diff
==============================================================================
--- llvm/trunk/test/Instrumentation/MemorySanitizer/check_access_address.ll (original)
+++ llvm/trunk/test/Instrumentation/MemorySanitizer/check_access_address.ll Fri Jul 20 09:28:49 2018
@@ -38,11 +38,14 @@ entry:
; CHECK-LABEL: @Store
; CHECK: load {{.*}} @__msan_param_tls
+; Shadow calculations must happen after the check.
+; CHECK-NOT: xor
; CHECK: icmp
; CHECK: br i1
; CHECK: <label>
; CHECK: call void @__msan_warning_noreturn
; CHECK: <label>
+; CHECK: xor
; CHECK: store
; CHECK: store i32 %x
; CHECK: ret void
More information about the llvm-commits
mailing list