[PATCH] D123602: [MSan] Ensure argument shadow initialized on memcpy
Nikita Popov via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Apr 12 06:19:28 PDT 2022
nikic created this revision.
nikic added a reviewer: vitalybuka.
Herald added a subscriber: hiraditya.
Herald added a project: All.
nikic requested review of this revision.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.
We need to explicitly query the shadow here, because it is lazily initialized for arguments. Without opaque pointers this used to mostly work out, because there would be a bitcast to `i8*` present, and that would query the argument shadow.
https://reviews.llvm.org/D123602
Files:
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
llvm/test/Instrumentation/MemorySanitizer/opaque-ptr.ll
Index: llvm/test/Instrumentation/MemorySanitizer/opaque-ptr.ll
===================================================================
--- /dev/null
+++ llvm/test/Instrumentation/MemorySanitizer/opaque-ptr.ll
@@ -0,0 +1,35 @@
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
+; RUN: opt -S -passes=msan < %s | FileCheck %s
+
+target triple = "x86_64-unknown-linux-gnu"
+
+define void @test_memcpy(ptr %p, ptr byval(i32) %p2) sanitize_memory {
+; CHECK-LABEL: @test_memcpy(
+; CHECK-NEXT: [[TMP1:%.*]] = ptrtoint ptr [[P2:%.*]] to i64
+; CHECK-NEXT: [[TMP2:%.*]] = xor i64 [[TMP1]], 87960930222080
+; CHECK-NEXT: [[TMP3:%.*]] = inttoptr i64 [[TMP2]] to ptr
+; CHECK-NEXT: call void @llvm.memcpy.p0.p0.i64(ptr align 4 [[TMP3]], ptr align 4 inttoptr (i64 add (i64 ptrtoint (ptr @__msan_param_tls to i64), i64 8) to ptr), i64 4, i1 false)
+; CHECK-NEXT: call void @llvm.donothing()
+; CHECK-NEXT: [[TMP4:%.*]] = call ptr @__msan_memcpy(ptr [[P:%.*]], ptr [[P2]], i64 4)
+; CHECK-NEXT: ret void
+;
+ call void @llvm.memcpy.p0.p0.i64(i8* %p, i8* %p2, i64 4, i1 false)
+ ret void
+}
+
+define void @test_memmove(ptr %p, ptr byval(i32) %p2) sanitize_memory {
+; CHECK-LABEL: @test_memmove(
+; CHECK-NEXT: [[TMP1:%.*]] = ptrtoint ptr [[P2:%.*]] to i64
+; CHECK-NEXT: [[TMP2:%.*]] = xor i64 [[TMP1]], 87960930222080
+; CHECK-NEXT: [[TMP3:%.*]] = inttoptr i64 [[TMP2]] to ptr
+; CHECK-NEXT: call void @llvm.memcpy.p0.p0.i64(ptr align 4 [[TMP3]], ptr align 4 inttoptr (i64 add (i64 ptrtoint (ptr @__msan_param_tls to i64), i64 8) to ptr), i64 4, i1 false)
+; CHECK-NEXT: call void @llvm.donothing()
+; CHECK-NEXT: [[TMP4:%.*]] = call ptr @__msan_memmove(ptr [[P:%.*]], ptr [[P2]], i64 4)
+; CHECK-NEXT: ret void
+;
+ call void @llvm.memmove.p0.p0.i64(i8* %p, i8* %p2, i64 4, i1 false)
+ ret void
+}
+
+declare void @llvm.memcpy.p0.p0.i64(i8*, i8*, i64, i1)
+declare void @llvm.memmove.p0.p0.i64(i8*, i8*, i64, i1)
Index: llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
===================================================================
--- llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
+++ llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
@@ -2570,6 +2570,7 @@
///
/// Similar situation exists for memcpy and memset.
void visitMemMoveInst(MemMoveInst &I) {
+ getShadow(I.getArgOperand(1)); // Ensure shadow initialized
IRBuilder<> IRB(&I);
IRB.CreateCall(
MS.MemmoveFn,
@@ -2584,6 +2585,7 @@
// FIXME: consider doing manual inline for small constant sizes and proper
// alignment.
void visitMemCpyInst(MemCpyInst &I) {
+ getShadow(I.getArgOperand(1)); // Ensure shadow initialized
IRBuilder<> IRB(&I);
IRB.CreateCall(
MS.MemcpyFn,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D123602.422208.patch
Type: text/x-patch
Size: 2775 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220412/e995a187/attachment-0001.bin>
More information about the llvm-commits
mailing list