[PATCH] D131846: [MSAN] Handle array alloca with non-i64 size specification

Sat Aug 13 19:28:51 PDT 2022

loladiro created this revision.
loladiro added a reviewer: eugenis.
Herald added subscribers: Enna1, hiraditya.
Herald added a project: All.
loladiro requested review of this revision.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.

The array size specification of the an alloca can be any integer,
so zext or trunc it to intptr before attempting to multiply it
with an intptr constant.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D131846

Files:
  llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
  llvm/test/Instrumentation/MemorySanitizer/alloca.ll


Index: llvm/test/Instrumentation/MemorySanitizer/alloca.ll
===================================================================

--- llvm/test/Instrumentation/MemorySanitizer/alloca.ll
+++ llvm/test/Instrumentation/MemorySanitizer/alloca.ll
@@ -65,6 +65,20 @@
 ; KMSAN: call void @__msan_poison_alloca(i8* {{.*}}, i64 20,
 ; CHECK: ret void
 
+define void @array32() sanitize_memory {
+entry:
+  %x = alloca i32, i32 5, align 4
+  ret void
+}
+
+; CHECK-LABEL: define void @array32(
+; INLINE: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 -1, i64 20, i1 false)
+; CALL: call void @__msan_poison_stack(i8* {{.*}}, i64 20)
+; ORIGIN: call void @__msan_set_alloca_origin_with_descr(i8* {{.*}}, i64 20,
+; ORIGIN-LEAN: call void @__msan_set_alloca_origin_no_descr(i8* {{.*}}, i64 20,
+; KMSAN: call void @__msan_poison_alloca(i8* {{.*}}, i64 20,
+; CHECK: ret void
+
 define void @array_non_const(i64 %cnt) sanitize_memory {
 entry:
   %x = alloca i32, i64 %cnt, align 4
@@ -80,6 +94,22 @@
 ; KMSAN: call void @__msan_poison_alloca(i8* {{.*}}, i64 %[[A]],
 ; CHECK: ret void
 
+define void @array_non_const32(i32 %cnt) sanitize_memory {
+entry:
+  %x = alloca i32, i32 %cnt, align 4
+  ret void
+}
+
+; CHECK-LABEL: define void @array_non_const32(
+; CHECK: %[[Z:.*]] = zext i32 %cnt to i64
+; CHECK: %[[A:.*]] = mul i64 4, %[[Z]]
+; INLINE: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 -1, i64 %[[A]], i1 false)
+; CALL: call void @__msan_poison_stack(i8* {{.*}}, i64 %[[A]])
+; ORIGIN: call void @__msan_set_alloca_origin_with_descr(i8* {{.*}}, i64 %[[A]],
+; ORIGIN-LEAN: call void @__msan_set_alloca_origin_no_descr(i8* {{.*}}, i64 %[[A]],
+; KMSAN: call void @__msan_poison_alloca(i8* {{.*}}, i64 %[[A]],
+; CHECK: ret void
+
 ; Check that the local is unpoisoned in the absence of sanitize_memory
 define void @unpoison_local() {
 entry:
Index: llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
===================================================================
--- llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
+++ llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
@@ -3948,7 +3948,8 @@
     uint64_t TypeSize = DL.getTypeAllocSize(I.getAllocatedType());
     Value *Len = ConstantInt::get(MS.IntptrTy, TypeSize);
     if (I.isArrayAllocation())
-      Len = IRB.CreateMul(Len, I.getArraySize());
+      Len = IRB.CreateMul(Len,
+                          IRB.CreateZExtOrTrunc(I.getArraySize(), MS.IntptrTy));
 
     if (MS.CompileKernel)
       poisonAllocaKmsan(I, IRB, Len);


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D131846.452470.patch
Type: text/x-patch
Size: 2523 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220814/3f6d54f6/attachment.bin>
