[PATCH] D117278: [msan] Fix byval shadow in ignored functions
Vitaly Buka via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Jan 13 22:06:54 PST 2022
vitalybuka created this revision.
vitalybuka added reviewers: kda, eugenis.
Herald added a subscriber: hiraditya.
vitalybuka requested review of this revision.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.
If function has no sanitize_memory we still reset shadow
for nested calls.
The first return from getShadow() correcly returned shadow for argument,
but it didn't reset shadow of byval pointee.
Depends on D117277 <https://reviews.llvm.org/D117277>
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D117278
Files:
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
llvm/test/Instrumentation/MemorySanitizer/byval.ll
Index: llvm/test/Instrumentation/MemorySanitizer/byval.ll
===================================================================
--- llvm/test/Instrumentation/MemorySanitizer/byval.ll
+++ llvm/test/Instrumentation/MemorySanitizer/byval.ll
@@ -25,6 +25,7 @@
define i16 @ByValArgumentNoSanitize(i32 %unused, i16* byval(i16) %p) {
; CHECK-LABEL: @ByValArgumentNoSanitize(
; CHECK-NEXT: entry:
+; CHECK: call void @llvm.memset.p0i8.i64(i8* align 2 {{.*}}, i8 0, i64 2, i1 false)
; CHECK: %x = load i16, i16* %p
; CHECK: store i16 0, i16* bitcast ([100 x i64]* @__msan_retval_tls to i16*), align 8
; CHECK-NEXT: store i32 0, i32* @__msan_retval_origin_tls, align 4
@@ -49,10 +50,10 @@
ret void
}
-; FIXME: Shadow of byval pointee is not set.
define void @ByValForwardNoSanitize(i32 %unused, i16* byval(i16) %p) {
; CHECK-LABEL: @ByValForwardNoSanitize(
; CHECK-NEXT: entry:
+; CHECK: call void @llvm.memset.p0i8.i64(i8* align 2 {{.*}}, i8 0, i64 2, i1 false)
; CHECK: store i64 0, i64* getelementptr inbounds ([100 x i64], [100 x i64]* @__msan_param_tls, i32 0, i32 0), align 8
; CHECK-NEXT: call void @Fn(i16*
; CHECK-NEXT: ret void
Index: llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
===================================================================
--- llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
+++ llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
@@ -1672,9 +1672,8 @@
/// This function either returns the value set earlier with setShadow,
/// or extracts if from ParamTLS (for function arguments).
Value *getShadow(Value *V) {
- if (!PropagateShadow) return getCleanShadow(V);
if (Instruction *I = dyn_cast<Instruction>(V)) {
- if (I->getMetadata("nosanitize"))
+ if (!PropagateShadow || I->getMetadata("nosanitize"))
return getCleanShadow(V);
// For instructions the shadow is already stored in the map.
Value *Shadow = ShadowMap[V];
@@ -1686,7 +1685,7 @@
return Shadow;
}
if (UndefValue *U = dyn_cast<UndefValue>(V)) {
- Value *AllOnes = PoisonUndef ? getPoisonedShadow(V) : getCleanShadow(V);
+ Value *AllOnes = (PropagateShadow && PoisonUndef) ? getPoisonedShadow(V) : getCleanShadow(V);
LLVM_DEBUG(dbgs() << "Undef: " << *U << " ==> " << *AllOnes << "\n");
(void)U;
return AllOnes;
@@ -1723,7 +1722,7 @@
/*isStore*/ true)
.first;
// TODO(glider): need to copy origins.
- if (Overflow) {
+ if (!PropagateShadow || Overflow) {
// ParamTLS overflow.
EntryIRB.CreateMemSet(
CpShadowPtr, Constant::getNullValue(EntryIRB.getInt8Ty()),
@@ -1738,7 +1737,7 @@
}
}
- if (Overflow || FArg.hasByValAttr() ||
+ if (!PropagateShadow || Overflow || FArg.hasByValAttr() ||
(MS.EagerChecks && FArg.hasAttribute(Attribute::NoUndef))) {
*ShadowPtr = getCleanShadow(V);
setOrigin(A, getCleanOrigin());
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D117278.399893.patch
Type: text/x-patch
Size: 3111 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220114/e7462de1/attachment.bin>
More information about the llvm-commits
mailing list