<div dir="ltr">very nice! </div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 20, 2017 at 11:29 AM, Benjamin Kramer via llvm-commits <span dir="ltr"><<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Author: d0k<br>
Date: Thu Apr 20 13:29:37 2017<br>
New Revision: 300868<br>
<br>
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=300868&view=rev" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project?rev=300868&view=rev</a><br>
Log:<br>
[Recycler] Add asan/msan annotations.<br>
<br>
This enables use after free and uninit memory checking for memory<br>
returned by a recycler. SelectionDAG currently relies on the opcode of a<br>
free'd node being ISD::DELETED_NODE, so poke a hole in the asan poison<br>
for SDNode opcodes. This means that we won't find some issues, but only<br>
in SDag.<br>
<br>
Modified:<br>
    llvm/trunk/include/llvm/<wbr>Support/ArrayRecycler.h<br>
    llvm/trunk/include/llvm/<wbr>Support/Recycler.h<br>
    llvm/trunk/lib/CodeGen/<wbr>SelectionDAG/SelectionDAG.cpp<br>
<br>
Modified: llvm/trunk/include/llvm/<wbr>Support/ArrayRecycler.h<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/Support/ArrayRecycler.h?rev=300868&r1=300867&r2=300868&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/llvm/trunk/include/<wbr>llvm/Support/ArrayRecycler.h?<wbr>rev=300868&r1=300867&r2=<wbr>300868&view=diff</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- llvm/trunk/include/llvm/<wbr>Support/ArrayRecycler.h (original)<br>
+++ llvm/trunk/include/llvm/<wbr>Support/ArrayRecycler.h Thu Apr 20 13:29:37 2017<br>
@@ -48,12 +48,16 @@ template <class T, size_t Align = aligno<br>
     if (!Entry)<br>
       return nullptr;<br>
     Bucket[Idx] = Entry->Next;<br>
+    __msan_allocated_memory(Entry, Capacity::get(Idx).getSize());<br>
+    __asan_unpoison_memory_region(<wbr>Entry, Capacity::get(Idx).getSize());<br>
     return reinterpret_cast<T*>(Entry);<br>
   }<br>
<br>
   // Add an entry to the free list at Bucket[Idx].<br>
   void push(unsigned Idx, T *Ptr) {<br>
     assert(Ptr && "Cannot recycle NULL pointer");<br>
+    __asan_poison_memory_region(<wbr>Ptr, Capacity::get(Idx).getSize());<br>
+    __asan_unpoison_memory_region(<wbr>Ptr, sizeof(FreeList));<br>
     FreeList *Entry = reinterpret_cast<FreeList*>(<wbr>Ptr);<br>
     if (Idx >= Bucket.size())<br>
       Bucket.resize(size_t(Idx) + 1);<br>
<br>
Modified: llvm/trunk/include/llvm/<wbr>Support/Recycler.h<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/Support/Recycler.h?rev=300868&r1=300867&r2=300868&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/llvm/trunk/include/<wbr>llvm/Support/Recycler.h?rev=<wbr>300868&r1=300867&r2=300868&<wbr>view=diff</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- llvm/trunk/include/llvm/<wbr>Support/Recycler.h (original)<br>
+++ llvm/trunk/include/llvm/<wbr>Support/Recycler.h Thu Apr 20 13:29:37 2017<br>
@@ -43,10 +43,14 @@ class Recycler {<br>
   FreeNode *pop_val() {<br>
     auto *Val = FreeList;<br>
     FreeList = FreeList->Next;<br>
+    __msan_allocated_memory(Val, Size);<br>
+    __asan_unpoison_memory_region(<wbr>Val, Size);<br>
     return Val;<br>
   }<br>
<br>
   void push(FreeNode *N) {<br>
+    __asan_poison_memory_region(N, Size);<br>
+    __asan_unpoison_memory_region(<wbr>N, sizeof(FreeNode));<br>
     N->Next = FreeList;<br>
     FreeList = N;<br>
   }<br>
<br>
Modified: llvm/trunk/lib/CodeGen/<wbr>SelectionDAG/SelectionDAG.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/CodeGen/SelectionDAG/SelectionDAG.cpp?rev=300868&r1=300867&r2=300868&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/llvm/trunk/lib/<wbr>CodeGen/SelectionDAG/<wbr>SelectionDAG.cpp?rev=300868&<wbr>r1=300867&r2=300868&view=diff</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- llvm/trunk/lib/CodeGen/<wbr>SelectionDAG/SelectionDAG.cpp (original)<br>
+++ llvm/trunk/lib/CodeGen/<wbr>SelectionDAG/SelectionDAG.cpp Thu Apr 20 13:29:37 2017<br>
@@ -639,12 +639,15 @@ void SelectionDAG::DeallocateNode(<wbr>SDNode<br>
   // If we have operands, deallocate them.<br>
   removeOperands(N);<br>
<br>
+  NodeAllocator.Deallocate(<wbr>AllNodes.remove(N));<br>
+<br>
   // Set the opcode to DELETED_NODE to help catch bugs when node<br>
   // memory is reallocated.<br>
+  // FIXME: There are places in SDag that have grown a dependency on the opcode<br>
+  // value in the released node.<br>
+  __asan_unpoison_memory_region(<wbr>&N->NodeType, sizeof(N->NodeType));<br>
   N->NodeType = ISD::DELETED_NODE;<br>
<br>
-  NodeAllocator.Deallocate(<wbr>AllNodes.remove(N));<br>
-<br>
   // If any of the SDDbgValue nodes refer to this SDNode, invalidate<br>
   // them and forget about that node.<br>
   DbgInfo->erase(N);<br>
<br>
<br>
______________________________<wbr>_________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@lists.llvm.org">llvm-commits@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/llvm-commits</a><br>
</blockquote></div><br></div>