[llvm] 0ccf926 - [ASAN] Make sure we are only processing lifetime markers with offset 0 to alloca

Tue Oct 13 10:22:05 PDT 2020

Author: Xun Li
Date: 2020-10-13T10:21:45-07:00
New Revision: 0ccf9263cceb462a5f3b823becf7e9471e5fb212

URL: https://github.com/llvm/llvm-project/commit/0ccf9263cceb462a5f3b823becf7e9471e5fb212
DIFF: https://github.com/llvm/llvm-project/commit/0ccf9263cceb462a5f3b823becf7e9471e5fb212.diff

LOG: [ASAN] Make sure we are only processing lifetime markers with offset 0 to alloca

This patch addresses https://bugs.llvm.org/show_bug.cgi?id=47787 (and hence https://bugs.llvm.org/show_bug.cgi?id=47767 as well).
In latter instrumentation code, we always use the beginning of the alloca as the base for instrumentation, ignoring any offset into the alloca.
Because of that, we should only instrument a lifetime marker if it's actually pointing to the beginning of the alloca.

Differential Revision: https://reviews.llvm.org/D89191

Added: 
    llvm/test/Instrumentation/AddressSanitizer/alloca-offset-lifetime.ll

Modified: 
    llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp

Removed: 
    


################################################################################
diff  --git a/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
index 2d4e94386e45..8e3b645aad2e 100644

--- a/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
+++ b/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
@@ -1083,7 +1083,9 @@ struct FunctionStackPoisoner : public InstVisitor<FunctionStackPoisoner> {
         !ConstantInt::isValueValidForType(IntptrTy, SizeValue))
       return;
     // Find alloca instruction that corresponds to llvm.lifetime argument.
-    AllocaInst *AI = findAllocaForValue(II.getArgOperand(1));
+    // Currently we can only handle lifetime markers pointing to the
+    // beginning of the alloca.
+    AllocaInst *AI = findAllocaForValue(II.getArgOperand(1), true);
     if (!AI) {
       HasUntracedLifetimeIntrinsic = true;
       return;

diff  --git a/llvm/test/Instrumentation/AddressSanitizer/alloca-offset-lifetime.ll b/llvm/test/Instrumentation/AddressSanitizer/alloca-offset-lifetime.ll
new file mode 100644
index 000000000000..d4bacbcae4d9
--- /dev/null
+++ b/llvm/test/Instrumentation/AddressSanitizer/alloca-offset-lifetime.ll
@@ -0,0 +1,28 @@
+; Test that ASAN will not instrument lifetime markers on alloca offsets.
+;
+; RUN: opt < %s --asan --asan-use-after-scope -S | FileCheck %s
+
+target datalayout = "e-m:o-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128"
+target triple = "x86_64-apple-macosx10.15.0"
+
+%t = type { void (%t*)*, void (%t*)*, %sub, i64 }
+%sub = type { i32 }
+
+define void @foo() sanitize_address {
+entry:
+  %0 = alloca %t, align 8
+  %x = getelementptr inbounds %t, %t* %0, i64 0, i32 2
+  %1 = bitcast %sub* %x to i8*
+  call void @llvm.lifetime.start.p0i8(i64 4, i8* nonnull %1)
+  call void @bar(%sub* nonnull %x)
+  call void @llvm.lifetime.end.p0i8(i64 4, i8* nonnull %1) #3
+  ret void
+}
+
+declare void @llvm.lifetime.start.p0i8(i64 immarg, i8* nocapture)
+declare void @bar(%sub*)
+declare void @llvm.lifetime.end.p0i8(i64 immarg, i8* nocapture)
+
+; CHECK: store i64 %[[STACK_BASE:.+]], i64* %asan_local_stack_base, align 8
+; CHECK-NOT: store i8 0
+; CHECK: call void @bar(%sub* nonnull %x)


        
