
<br><br><div class="gmail_quote">On Mon, Jul 16, 2012 at 1:39 PM, Kostya Serebryany <span dir="ltr"><<a href="mailto:kcc@google.com" target="_blank">kcc@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

FYI <div>This broke some of the asan tests because multiple calls to __asan_report_* got merged into one. </div><div>Every call to __asan_report_* has unique debug info and merging them leads to incorrect error messages. </div>


<div>Chandler and I are investigating. </div><div><br></div><div>The simple way to reproduce: </div><div>% cd llvm/projects/compiler-rt/lib/asan</div><div>% clang -g  -O1 -faddress-sanitizer output_tests/global-overflow.cc && ./a.out 2>&1 | ./scripts/asan_symbolize.py /</div>


<div>Should print: </div><div>  #0 0x403420 in main global-overflow.cc:9</div><div>Instead it prints: </div><div>  #0 0x403420 in main global-overflow.cc:14</div></blockquote><div><br></div><div>Another test case: </div>

<div>clang -O1 -S -o - -faddress-sanitizer output_tests/large_func_test.cc | grep __asan_report</div><div><br></div><div>Before the patch, it would print 21 lines with __asan_report_load4. </div><div>Now it prints only 3 (hm, why not one!?). </div>

<div><br></div><div>--kcc </div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><br></div><div><br></div><div>Please avoid making other changes to AddressSanitizer.cpp before we resolve this issue. </div>


<div><br></div><div>--kcc <div><div class="h5"><br><br><div class="gmail_quote">On Mon, Jul 16, 2012 at 12:58 PM, Chandler Carruth <span dir="ltr"><<a href="mailto:chandlerc@gmail.com" target="_blank">chandlerc@gmail.com</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Author: chandlerc<br>

Date: Mon Jul 16 03:58:53 2012<br>

New Revision: 160254<br>

<br>

URL: <a href="http://llvm.org/viewvc/llvm-project?rev=160254&view=rev" target="_blank">http://llvm.org/viewvc/llvm-project?rev=160254&view=rev</a><br>

Log:<br>

Teach AddressSanitizer to create basic blocks in a more natural order.<br>

This is particularly useful to the backend code generators which try to<br>

process things in the incoming function order.<br>

<br>

Also, cleanup some uses of IRBuilder to be a bit simpler and more clear.<br>

<br>

Modified:<br>

    llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp<br>

    llvm/trunk/test/Instrumentation/AddressSanitizer/basic.ll<br>

<br>

Modified: llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp?rev=160254&r1=160253&r2=160254&view=diff" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp?rev=160254&r1=160253&r2=160254&view=diff</a><br>


==============================================================================<br>

--- llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp (original)<br>

+++ llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp Mon Jul 16 03:58:53 2012<br>

@@ -230,17 +230,17 @@<br>

 // Returns the ThenBlock's terminator.<br>

 static BranchInst *splitBlockAndInsertIfThen(Value *Cmp) {<br>

   Instruction *SplitBefore = cast<Instruction>(Cmp)->getNextNode();<br>

+<br>

+  // Create three basic blocks, with the middle block empty, by splitting twice.<br>

   BasicBlock *Head = SplitBefore->getParent();<br>

-  BasicBlock *Tail = Head->splitBasicBlock(SplitBefore);<br>

+  BasicBlock *Then = Head->splitBasicBlock(SplitBefore);<br>

+  BasicBlock *Tail = Then->splitBasicBlock(SplitBefore);<br>

+<br>

   TerminatorInst *HeadOldTerm = Head->getTerminator();<br>

-  LLVMContext &C = Head->getParent()->getParent()->getContext();<br>

-  BasicBlock *ThenBlock = BasicBlock::Create(C, "", Head->getParent());<br>

-  BranchInst *HeadNewTerm =<br>

-    BranchInst::Create(/*ifTrue*/ThenBlock, /*ifFalse*/Tail, Cmp);<br>

-  ReplaceInstWithInst(HeadOldTerm, HeadNewTerm);<br>

+  IRBuilder<>(HeadOldTerm).CreateCondBr(Cmp, Then, Tail);<br>

+  HeadOldTerm->eraseFromParent();<br>

<br>

-  BranchInst *CheckTerm = BranchInst::Create(Tail, ThenBlock);<br>

-  return CheckTerm;<br>

+  return cast<BranchInst>(Then->getTerminator());<br>

 }<br>

<br>

 Value *AddressSanitizer::memToShadow(Value *Shadow, IRBuilder<> &IRB) {<br>

@@ -387,28 +387,28 @@<br>

   Value *Cmp = IRB.CreateICmpNE(ShadowValue, CmpVal);<br>

<br>

   Instruction *CheckTerm = splitBlockAndInsertIfThen(Cmp);<br>

-  IRBuilder<> IRB2(CheckTerm);<br>

+  IRB.SetInsertPoint(CheckTerm);<br>

<br>

   size_t Granularity = 1 << MappingScale;<br>

   if (TypeSize < 8 * Granularity) {<br>

     // Addr & (Granularity - 1)<br>

-    Value *LastAccessedByte = IRB2.CreateAnd(<br>

+    Value *LastAccessedByte = IRB.CreateAnd(<br>

         AddrLong, ConstantInt::get(IntptrTy, Granularity - 1));<br>

     // (Addr & (Granularity - 1)) + size - 1<br>

     if (TypeSize / 8 > 1)<br>

-      LastAccessedByte = IRB2.CreateAdd(<br>

+      LastAccessedByte = IRB.CreateAdd(<br>

           LastAccessedByte, ConstantInt::get(IntptrTy, TypeSize / 8 - 1));<br>

     // (uint8_t) ((Addr & (Granularity-1)) + size - 1)<br>

-    LastAccessedByte = IRB2.CreateIntCast(<br>

+    LastAccessedByte = IRB.CreateIntCast(<br>

         LastAccessedByte, IRB.getInt8Ty(), false);<br>

     // ((uint8_t) ((Addr & (Granularity-1)) + size - 1)) >= ShadowValue<br>

-    Value *Cmp2 = IRB2.CreateICmpSGE(LastAccessedByte, ShadowValue);<br>

+    Value *Cmp2 = IRB.CreateICmpSGE(LastAccessedByte, ShadowValue);<br>

<br>

     CheckTerm = splitBlockAndInsertIfThen(Cmp2);<br>

+    IRB.SetInsertPoint(CheckTerm);<br>

   }<br>

<br>

-  IRBuilder<> IRB1(CheckTerm);<br>

-  Instruction *Crash = generateCrashCode(IRB1, AddrLong, IsWrite, TypeSize);<br>

+  Instruction *Crash = generateCrashCode(IRB, AddrLong, IsWrite, TypeSize);<br>

   Crash->setDebugLoc(OrigIns->getDebugLoc());<br>

   ReplaceInstWithInst(CheckTerm, new UnreachableInst(*C));<br>

 }<br>

<br>

Modified: llvm/trunk/test/Instrumentation/AddressSanitizer/basic.ll<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Instrumentation/AddressSanitizer/basic.ll?rev=160254&r1=160253&r2=160254&view=diff" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Instrumentation/AddressSanitizer/basic.ll?rev=160254&r1=160253&r2=160254&view=diff</a><br>


==============================================================================<br>

--- llvm/trunk/test/Instrumentation/AddressSanitizer/basic.ll (original)<br>

+++ llvm/trunk/test/Instrumentation/AddressSanitizer/basic.ll Mon Jul 16 03:58:53 2012<br>

@@ -16,11 +16,6 @@<br>

 ; CHECK:   icmp ne i8<br>

 ; CHECK:   br i1 %{{.*}}, label %{{.*}}, label %{{.*}}<br>

 ;<br>

-; The actual load comes next because ASan adds the last instrumentation block<br>

-; to the end of the function.<br>

-; CHECK:   %tmp1 = load i32* %a<br>

-; CHECK:   ret i32 %tmp1<br>

-;<br>

 ; First instrumentation block refines the shadow test.<br>

 ; CHECK:   and i64 %[[LOAD_ADDR]], 7<br>

 ; CHECK:   add i64 %{{.*}}, 3<br>

@@ -28,9 +23,13 @@<br>

 ; CHECK:   icmp sge i8 %{{.*}}, %[[LOAD_SHADOW]]<br>

 ; CHECK:   br i1 %{{.*}}, label %{{.*}}, label %{{.*}}<br>

 ;<br>

-; Final instrumentation block reports the error.<br>

+; Second instrumentation block reports the error.<br>

 ; CHECK:   call void @__asan_report_load4(i64 %[[LOAD_ADDR]]) noreturn<br>

 ; CHECK:   unreachable<br>

+;<br>

+; Finally the instrumented load.<br>

+; CHECK:   %tmp1 = load i32* %a<br>

+; CHECK:   ret i32 %tmp1<br>

<br>

 entry:<br>

   %tmp1 = load i32* %a<br>

@@ -48,11 +47,6 @@<br>

 ; CHECK:   icmp ne i8<br>

 ; CHECK:   br i1 %{{.*}}, label %{{.*}}, label %{{.*}}<br>

 ;<br>

-; The actual store comes next because ASan adds the last instrumentation block<br>

-; to the end of the function.<br>

-; CHECK:   store i32 42, i32* %a<br>

-; CHECK:   ret void<br>

-;<br>

 ; First instrumentation block refines the shadow test.<br>

 ; CHECK:   and i64 %[[STORE_ADDR]], 7<br>

 ; CHECK:   add i64 %{{.*}}, 3<br>

@@ -60,9 +54,13 @@<br>

 ; CHECK:   icmp sge i8 %{{.*}}, %[[STORE_SHADOW]]<br>

 ; CHECK:   br i1 %{{.*}}, label %{{.*}}, label %{{.*}}<br>

 ;<br>

-; Final instrumentation block reports the error.<br>

+; Second instrumentation block reports the error.<br>

 ; CHECK:   call void @__asan_report_store4(i64 %[[STORE_ADDR]]) noreturn<br>

 ; CHECK:   unreachable<br>

+;<br>

+; Finally the instrumented store.<br>

+; CHECK:   store i32 42, i32* %a<br>

+; CHECK:   ret void<br>

<br>

 entry:<br>

   store i32 42, i32* %a<br>

<br>

<br>

_______________________________________________<br>

llvm-commits mailing list<br>

<a href="mailto:llvm-commits@cs.uiuc.edu" target="_blank">llvm-commits@cs.uiuc.edu</a><br>

<a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits</a><br>

</blockquote></div><br></div></div></div>

</blockquote></div><br>