[PATCH] D68469: [AArch64] Ensure no tagged memory is left in the unallocated portion of the stack

Fri Oct 4 09:05:41 PDT 2019

chill created this revision.
Herald added subscribers: llvm-commits, hiraditya, kristof.beyls.
Herald added a project: LLVM.
chill edited the summary of this revision.
chill added a parent revision: D68468:  [AArch64] Do not untag before returning via a `resume`  instruction.

The `memtag` sanitizer may fail to clear the memory tags before a function exits.
This issue was originally noticed when running the libcxx testsuite in memtag configuration.   A slightly
reduced testcase is attached (it's not very small but small enough to work with): F10165093: ex.cc <https://reviews.llvm.org/F10165093> . In the patch, the test case 
 `llvm/test/CodeGen/AArch64/stack-tagging-ex-1.ll` is a hand-written one that has basically the same structure.
The test case `llvm/test/CodeGen/AArch64/stack-tagging-ex-2.ll` is another reproducer, see the comment at the top for the
equivalent C++ source.

This patch makes sure that if we tag some memory, we untag that memory before the function returns/throws via any
exit, reachable from the tag operation. For that we place the untag operation either at:
a)  the lifetime end call for the alloca, if that call post-dominates the lifetime start call (where the tag operation is placed), or it (the lifetime end call) dominates all reachable exits, otherwise
b) at the reachable exits

https://reviews.llvm.org/D68469

Files:
  llvm/lib/Target/AArch64/AArch64StackTagging.cpp
  llvm/test/CodeGen/AArch64/O0-pipeline.ll
  llvm/test/CodeGen/AArch64/O3-pipeline.ll
  llvm/test/CodeGen/AArch64/stack-tagging-ex-1.ll
  llvm/test/CodeGen/AArch64/stack-tagging-ex-2.ll
  llvm/test/CodeGen/AArch64/stack-tagging-untag-placement.ll

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D68469.223230.patch
Type: text/x-patch
Size: 18942 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20191004/18c3bfe6/attachment.bin>