[llvm] r300868 - [Recycler] Add asan/msan annotations.
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Thu Apr 20 16:45:37 PDT 2017
very nice!
On Thu, Apr 20, 2017 at 11:29 AM, Benjamin Kramer via llvm-commits <
llvm-commits at lists.llvm.org> wrote:
> Author: d0k
> Date: Thu Apr 20 13:29:37 2017
> New Revision: 300868
>
> URL: http://llvm.org/viewvc/llvm-project?rev=300868&view=rev
> Log:
> [Recycler] Add asan/msan annotations.
>
> This enables use after free and uninit memory checking for memory
> returned by a recycler. SelectionDAG currently relies on the opcode of a
> free'd node being ISD::DELETED_NODE, so poke a hole in the asan poison
> for SDNode opcodes. This means that we won't find some issues, but only
> in SDag.
>
> Modified:
> llvm/trunk/include/llvm/Support/ArrayRecycler.h
> llvm/trunk/include/llvm/Support/Recycler.h
> llvm/trunk/lib/CodeGen/SelectionDAG/SelectionDAG.cpp
>
> Modified: llvm/trunk/include/llvm/Support/ArrayRecycler.h
> URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/include/
> llvm/Support/ArrayRecycler.h?rev=300868&r1=300867&r2=300868&view=diff
> ============================================================
> ==================
> --- llvm/trunk/include/llvm/Support/ArrayRecycler.h (original)
> +++ llvm/trunk/include/llvm/Support/ArrayRecycler.h Thu Apr 20 13:29:37
> 2017
> @@ -48,12 +48,16 @@ template <class T, size_t Align = aligno
> if (!Entry)
> return nullptr;
> Bucket[Idx] = Entry->Next;
> + __msan_allocated_memory(Entry, Capacity::get(Idx).getSize());
> + __asan_unpoison_memory_region(Entry, Capacity::get(Idx).getSize());
> return reinterpret_cast<T*>(Entry);
> }
>
> // Add an entry to the free list at Bucket[Idx].
> void push(unsigned Idx, T *Ptr) {
> assert(Ptr && "Cannot recycle NULL pointer");
> + __asan_poison_memory_region(Ptr, Capacity::get(Idx).getSize());
> + __asan_unpoison_memory_region(Ptr, sizeof(FreeList));
> FreeList *Entry = reinterpret_cast<FreeList*>(Ptr);
> if (Idx >= Bucket.size())
> Bucket.resize(size_t(Idx) + 1);
>
> Modified: llvm/trunk/include/llvm/Support/Recycler.h
> URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/include/
> llvm/Support/Recycler.h?rev=300868&r1=300867&r2=300868&view=diff
> ============================================================
> ==================
> --- llvm/trunk/include/llvm/Support/Recycler.h (original)
> +++ llvm/trunk/include/llvm/Support/Recycler.h Thu Apr 20 13:29:37 2017
> @@ -43,10 +43,14 @@ class Recycler {
> FreeNode *pop_val() {
> auto *Val = FreeList;
> FreeList = FreeList->Next;
> + __msan_allocated_memory(Val, Size);
> + __asan_unpoison_memory_region(Val, Size);
> return Val;
> }
>
> void push(FreeNode *N) {
> + __asan_poison_memory_region(N, Size);
> + __asan_unpoison_memory_region(N, sizeof(FreeNode));
> N->Next = FreeList;
> FreeList = N;
> }
>
> Modified: llvm/trunk/lib/CodeGen/SelectionDAG/SelectionDAG.cpp
> URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/
> CodeGen/SelectionDAG/SelectionDAG.cpp?rev=300868&
> r1=300867&r2=300868&view=diff
> ============================================================
> ==================
> --- llvm/trunk/lib/CodeGen/SelectionDAG/SelectionDAG.cpp (original)
> +++ llvm/trunk/lib/CodeGen/SelectionDAG/SelectionDAG.cpp Thu Apr 20
> 13:29:37 2017
> @@ -639,12 +639,15 @@ void SelectionDAG::DeallocateNode(SDNode
> // If we have operands, deallocate them.
> removeOperands(N);
>
> + NodeAllocator.Deallocate(AllNodes.remove(N));
> +
> // Set the opcode to DELETED_NODE to help catch bugs when node
> // memory is reallocated.
> + // FIXME: There are places in SDag that have grown a dependency on the
> opcode
> + // value in the released node.
> + __asan_unpoison_memory_region(&N->NodeType, sizeof(N->NodeType));
> N->NodeType = ISD::DELETED_NODE;
>
> - NodeAllocator.Deallocate(AllNodes.remove(N));
> -
> // If any of the SDDbgValue nodes refer to this SDNode, invalidate
> // them and forget about that node.
> DbgInfo->erase(N);
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20170420/25518f4e/attachment.html>
More information about the llvm-commits
mailing list