[PATCH] D132761: [msan] Fix handling of constant shadow

Vitaly Buka via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri Aug 26 14:13:37 PDT 2022 

vitalybuka created this revision.
Herald added subscribers: Enna1, hiraditya.
Herald added a project: All.
vitalybuka requested review of this revision.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.

If constant shadown enabled we had false reports because
!isZeroValue() does not guaranty that the values is actually not zero.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D132761

Files:
  llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
  llvm/test/Instrumentation/MemorySanitizer/check-constant-shadow.ll


Index: llvm/test/Instrumentation/MemorySanitizer/check-constant-shadow.ll
===================================================================
--- llvm/test/Instrumentation/MemorySanitizer/check-constant-shadow.ll
+++ llvm/test/Instrumentation/MemorySanitizer/check-constant-shadow.ll
@@ -45,3 +45,32 @@
 ; CHECK: store i32
 ; CHECK: store i32
 ; CHECK: ret void
+
+
+; This function stores known initialized value, but msan can't prove this.
+define i32 @MaybeUninitialized(<2 x i64> noundef %acc) nounwind uwtable sanitize_memory {
+entry:
+  %shift = shufflevector <2 x i64> %acc, <2 x i64> poison, <2 x i32> <i32 1, i32 undef>
+  %0 = add <2 x i64> %shift, %acc
+  %1 = bitcast <2 x i64> %0 to <4 x i32>
+  %conv = extractelement <4 x i32> %1, i64 0
+  ret i32 %conv
+}
+
+; CHECK-LABEL: @MaybeUninitialized
+; CHECK: store i32 extractelement (<4 x i32> bitcast (<2 x i64> <i64 0, i64 undef> to <4 x i32>), i64 0), i32* bitcast ([100 x i64]* @__msan_retval_tls to i32*), align 8
+; CHECK: tore i32 0, i32* @__msan_retval_origin_tls
+
+; This function stores known initialized value, but msan can't prove this.
+define noundef i32 @MaybeUninitializedRetNoUndef(<2 x i64> noundef %acc) nounwind uwtable sanitize_memory {
+entry:
+  %shift = shufflevector <2 x i64> %acc, <2 x i64> poison, <2 x i32> <i32 1, i32 undef>
+  %0 = add <2 x i64> %shift, %acc
+  %1 = bitcast <2 x i64> %0 to <4 x i32>
+  %conv = extractelement <4 x i32> %1, i64 0
+  ret i32 %conv
+}
+
+; CHECK-LABEL: @MaybeUninitializedRetNoUndef
+; CHECK: br i1 icmp ne (i32 extractelement (<4 x i32> bitcast (<2 x i64> <i64 0, i64 undef> to <4 x i32>), i64 0), i32 0)
+; CHECK: call void @__msan_warning_with_origin_noreturn
\ No newline at end of file
Index: llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
===================================================================
--- llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
+++ llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
@@ -1162,10 +1162,18 @@
     unsigned StoreSize = DL.getTypeStoreSize(Shadow->getType());
     Value *ConvertedShadow = convertShadowToScalar(Shadow, IRB);
     if (auto *ConstantShadow = dyn_cast<Constant>(ConvertedShadow)) {
-      if (ClCheckConstantShadow && !ConstantShadow->isZeroValue())
+      if (!ClCheckConstantShadow || ConstantShadow->isZeroValue()) {
+        // Origin is not needed: value is initialized or const shadow is
+        // ignored.
+        return;
+      }
+      if (llvm::isKnownNonZero(ConvertedShadow, DL)) {
+        // Copy origin as the value is definitely uninitialized.
         paintOrigin(IRB, updateOrigin(Origin, IRB), OriginPtr, StoreSize,
                     OriginAlignment);
-      return;
+        return;
+      }
+      // Fallback to runtime check, which still can be optimized out later.
     }
 
     unsigned TypeSizeInBits = DL.getTypeSizeInBits(ConvertedShadow->getType());
@@ -1233,15 +1241,20 @@
     Value *ConvertedShadow = convertShadowToScalar(Shadow, IRB);
     LLVM_DEBUG(dbgs() << "  SHAD1 : " << *ConvertedShadow << "\n");
 
+    const DataLayout &DL = OrigIns->getModule()->getDataLayout();
     if (auto *ConstantShadow = dyn_cast<Constant>(ConvertedShadow)) {
-      if (ClCheckConstantShadow && !ConstantShadow->isZeroValue()) {
+      if (!ClCheckConstantShadow || ConstantShadow->isZeroValue()) {
+        // Value is initialized or const shadow is ignored.
+        return;
+      }
+      if (llvm::isKnownNonZero(ConvertedShadow, DL)) {
+        // Report as the value is definitely uninitialized.
         insertWarningFn(IRB, Origin);
+        return;
       }
-      return;
+      // Fallback to runtime check, which still can be optimized out later.
     }
 
-    const DataLayout &DL = OrigIns->getModule()->getDataLayout();
-
     unsigned TypeSizeInBits = DL.getTypeSizeInBits(ConvertedShadow->getType());
     unsigned SizeIndex = TypeSizeToSizeIndex(TypeSizeInBits);
     if (AsCall && SizeIndex < kNumberOfAccessSizes && !MS.CompileKernel) {


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D132761.456022.patch
Type: text/x-patch
Size: 3997 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220826/c84529e0/attachment.bin>

More information about the llvm-commits mailing list