[PATCH] DataFlowSanitizer; LLVM changes.

Evgeniy Stepanov eugenis at google.com
Wed Jun 19 05:40:54 PDT 2013 


================
Comment at: include/llvm/Transforms/Instrumentation.h:96
@@ +95,3 @@
+#ifdef __GNUC__
+inline ModulePass *createDataFlowSanitizerPassForJIT() {
+  return createDataFlowSanitizerPass(getDFSanArgTLSPtrForJIT,
----------------
This does not seem to be used anywhere. And why is it guarded by __GNUC__?

================
Comment at: lib/Transforms/Instrumentation/DataFlowSanitizer.cpp:40
@@ +39,3 @@
+// if the input IR contains a load with alignment 8, this flag will cause
+// the shadow load to have alignment 16.  This flag is disabled by default as
+// we have unfortunately encountered too much code (including Clang itself;
----------------
A general description of the tool logic and shadow format would be nice to have somewhere above. Perhaps in the file comment.

================
Comment at: lib/Transforms/Instrumentation/DataFlowSanitizer.cpp:60
@@ +59,3 @@
+static cl::opt<bool> ClArgsABI(
+    "dfsan-args-abi",
+    cl::desc("Use the argument ABI rather than the TLS ABI"),
----------------
Does it mean you are passing shadow through argument list? Please comment.

================
Comment at: lib/Transforms/Instrumentation/DataFlowSanitizer.cpp:190
@@ +189,3 @@
+    ArgTypes.push_back(ShadowTy);
+  if (T->isVarArg())
+    ArgTypes.push_back(ShadowPtrTy);
----------------
I wonder if you need to do something special with ByVal arguments, too.

================
Comment at: lib/Transforms/Instrumentation/DataFlowSanitizer.cpp:318
@@ +317,3 @@
+          BlockAddress *BA = dyn_cast<BlockAddress>(ui.getUse().getUser());
+          ++ui;
+          if (BA) {
----------------
Why not ++ui in the for() clause?

================
Comment at: lib/Transforms/Instrumentation/DataFlowSanitizer.cpp:782
@@ +781,3 @@
+    IRBuilder<> IRB(&I);
+    DFSF.AllocaShadowMap[&I] = IRB.CreateAlloca(DFSF.DFS.ShadowTy);
+  }
----------------
Thsi is an optimization to skip calculation of shadow address on every load/store of allocas that are always accessed as a whole and don't escape, right?
Looks like it applies to MSan as well?

Btw, does it ever happen in optimized IR?



http://llvm-reviews.chandlerc.com/D965

More information about the llvm-commits mailing list