[PATCH] D89191: [ASAN] Make sure we are only processing lifetime markers with offset 0 to alloca
Xun Li via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Sat Oct 10 09:15:10 PDT 2020
lxfind created this revision.
lxfind added reviewers: vitalybuka, eugenis.
Herald added subscribers: llvm-commits, modimo, hiraditya.
Herald added a project: LLVM.
lxfind requested review of this revision.
This patch addresses https://bugs.llvm.org/show_bug.cgi?id=47787 (and hence https://bugs.llvm.org/show_bug.cgi?id=47767 as well).
In latter instrumentation code, we always use the beginning of the alloca as the base for instrumentation, ignoring any offset into the alloca.
Because of that, we should only instrument a lifetime marker if it's actually pointing to the beginning of the alloca.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D89191
Files:
llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
llvm/test/Instrumentation/AddressSanitizer/alloca-offset-lifetime.ll
Index: llvm/test/Instrumentation/AddressSanitizer/alloca-offset-lifetime.ll
===================================================================
--- /dev/null
+++ llvm/test/Instrumentation/AddressSanitizer/alloca-offset-lifetime.ll
@@ -0,0 +1,28 @@
+; Test that ASAN will not instrument lifetime markers on alloca offsets.
+;
+; RUN: opt < %s --asan --asan-use-after-scope -S | FileCheck %s
+
+target datalayout = "e-m:o-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128"
+target triple = "x86_64-apple-macosx10.15.0"
+
+%t = type { void (%t*)*, void (%t*)*, %sub, i64 }
+%sub = type { i32 }
+
+define void @foo() sanitize_address {
+entry:
+ %0 = alloca %t, align 8
+ %x = getelementptr inbounds %t, %t* %0, i64 0, i32 2
+ %1 = bitcast %sub* %x to i8*
+ call void @llvm.lifetime.start.p0i8(i64 4, i8* nonnull %1)
+ call void @bar(%sub* nonnull %x)
+ call void @llvm.lifetime.end.p0i8(i64 4, i8* nonnull %1) #3
+ ret void
+}
+
+declare void @llvm.lifetime.start.p0i8(i64 immarg, i8* nocapture)
+declare void @bar(%sub*)
+declare void @llvm.lifetime.end.p0i8(i64 immarg, i8* nocapture)
+
+; CHECK: store i64 %[[STACK_BASE:.+]], i64* %asan_local_stack_base, align 8
+; CHECK-NOT: store i8 0
+; CHECK: call void @bar(%sub* nonnull %x)
Index: llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
===================================================================
--- llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
+++ llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
@@ -1078,7 +1078,9 @@
!ConstantInt::isValueValidForType(IntptrTy, SizeValue))
return;
// Find alloca instruction that corresponds to llvm.lifetime argument.
- AllocaInst *AI = findAllocaForValue(II.getArgOperand(1));
+ // Currently we can only handle lifetime markers pointing to the
+ // beginning of the alloca.
+ AllocaInst *AI = findAllocaForValue(II.getArgOperand(1), true);
if (!AI) {
HasUntracedLifetimeIntrinsic = true;
return;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D89191.297416.patch
Type: text/x-patch
Size: 1995 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20201010/5611e245/attachment.bin>
More information about the llvm-commits
mailing list