[PATCH] D119594: [sancov] Don't instrument calls to bitcast funcs: they're not indirect.

Ahmed Bougacha via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri Feb 11 14:06:46 PST 2022 

ab created this revision.
ab added reviewers: kcc, MaskRay.
Herald added a subscriber: hiraditya.
Herald added a reviewer: apazos.
ab requested review of this revision.
Herald added a project: LLVM.

Currently, when instrumenting indirect calls, this uses
CallBase::getCalledFunction to determine whether a given callsite is
eligible.

However, that returns null if:

>   this is an indirect function invocation or the function signature
>   does not match the call signature.

So, we end up instrumenting direct calls where the callee is a bitcast
ConstantExpr, even though we presumably don't need to.

Use isIndirectCall to ignore those funky direct calls.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D119594

Files:
  llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
  llvm/test/Instrumentation/SanitizerCoverage/trace-pc-guard.ll


Index: llvm/test/Instrumentation/SanitizerCoverage/trace-pc-guard.ll
===================================================================
--- llvm/test/Instrumentation/SanitizerCoverage/trace-pc-guard.ll
+++ llvm/test/Instrumentation/SanitizerCoverage/trace-pc-guard.ll
@@ -9,19 +9,22 @@
 
 ; ELF:        @__sancov_gen_ = private global [3 x i32] zeroinitializer, section "__sancov_guards", comdat($foo), align 4{{$}}
 ; ELF-NEXT:   @__sancov_gen_.1 = private global [1 x i32] zeroinitializer, section "__sancov_guards", comdat($CallViaVptr), align 4{{$}}
+; ELF-NEXT:   @__sancov_gen_.2 = private global [1 x i32] zeroinitializer, section "__sancov_guards", comdat($DirectBitcastCall), align 4{{$}}
 
 ; MACHO:      @__sancov_gen_ = private global [3 x i32] zeroinitializer, section "__DATA,__sancov_guards", align 4{{$}}
 ; MACHO-NEXT: @__sancov_gen_.1 = private global [1 x i32] zeroinitializer, section "__DATA,__sancov_guards", align 4{{$}}
+; MACHO-NEXT: @__sancov_gen_.2 = private global [1 x i32] zeroinitializer, section "__DATA,__sancov_guards", align 4{{$}}
 
 ; WIN:        @__sancov_gen_ = private global [3 x i32] zeroinitializer, section ".SCOV$GM", comdat($foo), align 4{{$}}
 ; WIN-NEXT:   @__sancov_gen_.1 = private global [1 x i32] zeroinitializer, section ".SCOV$GM", comdat($CallViaVptr), align 4{{$}}
+; WIN-NEXT:   @__sancov_gen_.2 = private global [1 x i32] zeroinitializer, section ".SCOV$GM", comdat($DirectBitcastCall), align 4{{$}}
 
 ; ELF:        @llvm.used = appending global [1 x i8*] [i8* bitcast (void ()* @sancov.module_ctor_trace_pc_guard to i8*)]
-; ELF:        @llvm.compiler.used = appending global [2 x i8*] [i8* bitcast ([3 x i32]* @__sancov_gen_ to i8*), i8* bitcast ([1 x i32]* @__sancov_gen_.1 to i8*)], section "llvm.metadata"
-; MACHO:      @llvm.used = appending global [3 x i8*] [i8* bitcast (void ()* @sancov.module_ctor_trace_pc_guard to i8*), i8* bitcast ([3 x i32]* @__sancov_gen_ to i8*), i8* bitcast ([1 x i32]* @__sancov_gen_.1 to i8*)]
+; ELF:        @llvm.compiler.used = appending global [3 x i8*] [i8* bitcast ([3 x i32]* @__sancov_gen_ to i8*), i8* bitcast ([1 x i32]* @__sancov_gen_.1 to i8*), i8* bitcast ([1 x i32]* @__sancov_gen_.2 to i8*)], section "llvm.metadata"
+; MACHO:      @llvm.used = appending global [4 x i8*] [i8* bitcast (void ()* @sancov.module_ctor_trace_pc_guard to i8*), i8* bitcast ([3 x i32]* @__sancov_gen_ to i8*), i8* bitcast ([1 x i32]* @__sancov_gen_.1 to i8*), i8* bitcast ([1 x i32]* @__sancov_gen_.2 to i8*)]
 ; MACHO-NOT:  @llvm.compiler.used =
 ; WIN:        @llvm.used = appending global [1 x i8*] [i8* bitcast (void ()* @sancov.module_ctor_trace_pc_guard to i8*)], section "llvm.metadata"
-; WIN-NEXT:   @llvm.compiler.used = appending global [2 x i8*] [i8* bitcast ([3 x i32]* @__sancov_gen_ to i8*), i8* bitcast ([1 x i32]* @__sancov_gen_.1 to i8*)], section "llvm.metadata"
+; WIN-NEXT:   @llvm.compiler.used = appending global [3 x i8*] [i8* bitcast ([3 x i32]* @__sancov_gen_ to i8*), i8* bitcast ([1 x i32]* @__sancov_gen_.1 to i8*), i8* bitcast ([1 x i32]* @__sancov_gen_.2 to i8*)], section "llvm.metadata"
 
 ; CHECK-LABEL: define void @foo
 ; CHECK:         call void @__sanitizer_cov_trace_pc
@@ -58,6 +61,18 @@
   ret void
 }
 
+; CHECK-LABEL: define void @DirectBitcastCall
+; CHECK-NOT:     call void @__sanitizer_cov_trace_pc_indir
+; CHECK:         call void bitcast (i32 ()* @direct_callee to void ()*)()
+; CHECK:         ret void
+
+declare i32 @direct_callee()
+
+define void @DirectBitcastCall() sanitize_address {
+  call void bitcast (i32 ()* @direct_callee to void ()*)()
+  ret void
+}
+
 ; ELF-LABEL: define internal void @sancov.module_ctor_trace_pc_guard() #2 comdat {
 ; MACHO-LABEL: define internal void @sancov.module_ctor_trace_pc_guard() #2 {
 
Index: llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
===================================================================
--- llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
+++ llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
@@ -695,7 +695,7 @@
     for (auto &Inst : BB) {
       if (Options.IndirectCalls) {
         CallBase *CB = dyn_cast<CallBase>(&Inst);
-        if (CB && !CB->getCalledFunction())
+        if (CB && CB->isIndirectCall())
           IndirCalls.push_back(&Inst);
       }
       if (Options.TraceCmp) {


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D119594.408046.patch
Type: text/x-patch
Size: 4331 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220211/3b9a830f/attachment.bin>

More information about the llvm-commits mailing list