[PATCH] Disable branch folding with MemorySanitizer

Evgeniy Stepanov eugenis at google.com
Tue Nov 19 01:59:27 PST 2013 

  Daniel, good point. By code inspection, there is at least one optimization applicable to conditional branches that is bad for sanitizers: HoistThenElseCodeToIf. This new version of the patch disables the entire conditional branch simplification code.

  I don't have a good idea of what -O1 is supposed to be. If we define it is a set of optimizations that are "universally good", then one could argue that "stacktrace sanity" is an important feature of a program which is worth preseving at -O1.

http://llvm-reviews.chandlerc.com/D2214

CHANGE SINCE LAST DIFF
  http://llvm-reviews.chandlerc.com/D2214?vs=5634&id=5652#toc

Files:
  lib/Transforms/Utils/SimplifyCFG.cpp
  test/Transforms/SimplifyCFG/branch-fold-msan.ll

Index: lib/Transforms/Utils/SimplifyCFG.cpp
===================================================================
--- lib/Transforms/Utils/SimplifyCFG.cpp
+++ lib/Transforms/Utils/SimplifyCFG.cpp
@@ -4126,7 +4126,16 @@
     if (BI->isUnconditional()) {
       if (SimplifyUncondBranch(BI, Builder)) return true;
     } else {
-      if (SimplifyCondBranch(BI, Builder)) return true;
+      // Various conditional branch optimizations lead to confusing sanitizer
+      // reports. Branch folding results in MemorySanitizer reporting use of
+      // uninitialized value at the unrelated branch instruction. Common code
+      // hoisting messes up stack traces when common code contains call
+      // instructions.
+      Function *Fn = BI->getParent()->getParent();
+      if (!Fn->hasFnAttribute(Attribute::SanitizeAddress) &&
+          !Fn->hasFnAttribute(Attribute::SanitizeMemory) &&
+          !Fn->hasFnAttribute(Attribute::SanitizeThread))
+        if (SimplifyCondBranch(BI, Builder)) return true;
     }
   } else if (ReturnInst *RI = dyn_cast<ReturnInst>(BB->getTerminator())) {
     if (SimplifyReturn(RI, Builder)) return true;
Index: test/Transforms/SimplifyCFG/branch-fold-msan.ll
===================================================================
--- test/Transforms/SimplifyCFG/branch-fold-msan.ll
+++ test/Transforms/SimplifyCFG/branch-fold-msan.ll
@@ -0,0 +1,29 @@
+; RUN: opt < %s -simplifycfg -S | FileCheck %s
+
+declare void @callee()
+
+; Test that conditional branches are not folded with sanitize_memory.
+define void @caller(i32 %x, i32 %y) sanitize_memory {
+; CHECK: define void @caller(i32 [[X:%.*]], i32 [[Y:%.*]])
+; CHECK: icmp slt i32 {{.*}}[[X]]
+; CHECK: icmp slt i32 {{.*}}[[Y]]
+; CHECK: ret void
+
+entry:
+  %cmp = icmp slt i32 %x, 0
+  br i1 %cmp, label %if.then, label %if.end3
+
+if.then:                                          ; preds = %entry
+  %cmp1 = icmp slt i32 %y, 0
+  br i1 %cmp1, label %if.then2, label %if.end
+
+if.then2:                                         ; preds = %if.then
+  call void @callee()
+  br label %if.end
+
+if.end:                                           ; preds = %if.then2, %if.then
+  br label %if.end3
+
+if.end3:                                          ; preds = %if.end, %entry
+  ret void
+}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D2214.2.patch
Type: text/x-patch
Size: 2281 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20131119/f3b3f6ab/attachment.bin>

More information about the llvm-commits mailing list