[PATCH] D133034: [MSan] Fix determinism issue when using msan-track-origins.

Jordan Rupprecht via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Wed Aug 31 10:33:58 PDT 2022 

rupprecht created this revision.
rupprecht added reviewers: kda, eugenis, vitalybuka.
Herald added subscribers: Enna1, mgrang, hiraditya.
Herald added a project: All.
rupprecht requested review of this revision.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.

When instrumenting `alloca`s, we use a `SmallSet` (i.e. `SmallPtrSet`). When there are fewer elements than the `SmallSet` size, it behaves like a vector, offering stable iteration order. Once we have too many `alloca`s to instrument, the iteration order becomes unstable. This manifests as non-deterministic builds because of the global constant we create while instrumenting the alloca.

The test added is a simple IR file, but was discovered while building `libcxx/src/filesystem/operations.cpp` from libc++. A reduced C++ example from that:

  c++
  // clang++ -fsanitize=memory -fsanitize-memory-track-origins \
  //   -fno-discard-value-names -S -emit-llvm \
  //   -c op.cpp -o op.ll
  struct Foo {
    ~Foo();
  };
  bool func1(Foo);
  void func2(Foo);
  void func3(int) {
    int f_st, t_st;
    Foo f, t;
    func1(f) || func1(f) || func1(t) || func1(f) && func1(t);
    func2(f);
  }


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D133034

Files:
  llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
  llvm/test/Instrumentation/MemorySanitizer/stable_set_alloca_origin.ll


Index: llvm/test/Instrumentation/MemorySanitizer/stable_set_alloca_origin.ll
===================================================================
--- /dev/null
+++ llvm/test/Instrumentation/MemorySanitizer/stable_set_alloca_origin.ll
@@ -0,0 +1,55 @@
+; RUN: opt < %s -msan-check-access-address=0 -msan-track-origins=1 -S          \
+; RUN: -passes=msan 2>&1 | FileCheck %s
+; RUN: opt < %s -msan-check-access-address=0 -msan-track-origins=2 -S          \
+; RUN: -passes=msan 2>&1 | FileCheck %s
+
+target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128"
+target triple = "x86_64-unknown-linux-gnu"
+
+define void @func() sanitize_memory {
+entry:
+  %0 = alloca i32, i32 0, align 4
+  %1 = alloca i32, i32 0, align 4
+  %2 = alloca i32, i32 0, align 4
+  %3 = alloca i32, i32 0, align 4
+  %4 = alloca i32, i32 0, align 4
+  %5 = alloca i32, i32 0, align 4
+  %6 = alloca i32, i32 0, align 4
+  %7 = alloca i32, i32 0, align 4
+  %8 = alloca i32, i32 0, align 4
+  %9 = alloca i32, i32 0, align 4
+  %10 = alloca i32, i32 0, align 4
+  %11 = alloca i32, i32 0, align 4
+  %12 = alloca i32, i32 0, align 4
+  %13 = alloca i32, i32 0, align 4
+  %14 = alloca i32, i32 0, align 4
+  %15 = alloca i32, i32 0, align 4
+  %16 = alloca i32, i32 0, align 4
+  %17 = alloca i32, i32 0, align 4
+  %18 = alloca i32, i32 0, align 4
+  %19 = alloca i32, i32 0, align 4
+  %20 = alloca i32, i32 0, align 4
+  ret void
+}
+
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @0, ptr @1)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @2, ptr @3)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @4, ptr @5)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @6, ptr @7)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @8, ptr @9)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @10, ptr @11)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @12, ptr @13)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @14, ptr @15)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @16, ptr @17)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @18, ptr @19)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @20, ptr @21)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @22, ptr @23)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @24, ptr @25)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @26, ptr @27)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @28, ptr @29)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @30, ptr @31)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @32, ptr @33)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @34, ptr @35)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @36, ptr @37)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @38, ptr @39)
+; CHECK: call void @__msan_set_alloca_origin_with_descr(ptr %{{[0-9]+}}, i64 0, ptr @40, ptr @41)
Index: llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
===================================================================
--- llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
+++ llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
@@ -146,7 +146,7 @@
 #include "llvm/ADT/APInt.h"
 #include "llvm/ADT/ArrayRef.h"
 #include "llvm/ADT/DepthFirstIterator.h"
-#include "llvm/ADT/SmallSet.h"
+#include "llvm/ADT/SetVector.h"
 #include "llvm/ADT/SmallString.h"
 #include "llvm/ADT/SmallVector.h"
 #include "llvm/ADT/StringExtras.h"
@@ -1078,7 +1078,7 @@
   };
   SmallVector<ShadowOriginAndInsertPoint, 16> InstrumentationList;
   bool InstrumentLifetimeStart = ClHandleLifetimeIntrinsics;
-  SmallSet<AllocaInst *, 16> AllocaSet;
+  SmallSetVector<AllocaInst *, 16> AllocaSet;
   SmallVector<std::pair<IntrinsicInst *, AllocaInst *>, 16> LifetimeStartList;
   SmallVector<StoreInst *, 16> StoreList;
 
@@ -1347,7 +1347,7 @@
     if (InstrumentLifetimeStart) {
       for (auto Item : LifetimeStartList) {
         instrumentAlloca(*Item.second, Item.first);
-        AllocaSet.erase(Item.second);
+        AllocaSet.remove(Item.second);
       }
     }
     // Poison the allocas for which we didn't instrument the corresponding


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D133034.457018.patch
Type: text/x-patch
Size: 4760 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220831/38f7bf04/attachment.bin>

More information about the llvm-commits mailing list