[PATCH] D143296: [MSan] Fix calling pointers to varargs functions on SystemZ

Ilya Leoshkevich via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri Feb 3 14:11:25 PST 2023 

iii created this revision.
iii added reviewers: uweigand, jonpa, eugenis, vitalybuka.
Herald added subscribers: Enna1, hiraditya.
Herald added a project: All.
iii requested review of this revision.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.

VarArgSystemZHelper.visitCallBase() checks whether the callee has the
"use-soft-float" attribute, but if the callee is a function pointer, a
null pointer dereference happens.

Fix by checking this attribute on the current function. Alternatively,
one could try the callee first, but this is pointless, since one should
not be mixing hardfloat and softfloat code anyway.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D143296

Files:
  llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
  llvm/test/Instrumentation/MemorySanitizer/SystemZ/vararg-kernel.ll
  llvm/test/Instrumentation/MemorySanitizer/SystemZ/vararg.ll


Index: llvm/test/Instrumentation/MemorySanitizer/SystemZ/vararg.ll
===================================================================
--- llvm/test/Instrumentation/MemorySanitizer/SystemZ/vararg.ll
+++ llvm/test/Instrumentation/MemorySanitizer/SystemZ/vararg.ll
@@ -197,3 +197,16 @@
 ; CHECK: declare void @__msan_maybe_store_origin_4(i32 zeroext, ptr, i32 zeroext)
 ; CHECK: declare void @__msan_maybe_warning_8(i64 zeroext, i32 zeroext)
 ; CHECK: declare void @__msan_maybe_store_origin_8(i64 zeroext, ptr, i32 zeroext)
+
+; Test vararg function pointers.
+;
+; void (*ptr)(int, ...);
+; void call_ptr(void) { ptr(0); }
+
+ at ptr = dso_local global ptr null, align 8
+
+define dso_local void @call_ptr() {
+  %1 = load ptr, ptr @ptr, align 8
+  call void (i32, ...) %1(i32 noundef signext 0)
+  ret void
+}
Index: llvm/test/Instrumentation/MemorySanitizer/SystemZ/vararg-kernel.ll
===================================================================
--- llvm/test/Instrumentation/MemorySanitizer/SystemZ/vararg-kernel.ll
+++ llvm/test/Instrumentation/MemorySanitizer/SystemZ/vararg-kernel.ll
@@ -31,7 +31,7 @@
   ret i64 %1
 }
 
-attributes #1 = { sanitize_memory }
+attributes #1 = { sanitize_memory "target-features"="+soft-float" "use-soft-float"="true" }
 
 ; In kernel the floating point values are passed in GPRs:
 ; - r2 at 16              == i64 1            - skipped, because it's fixed
Index: llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
===================================================================
--- llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
+++ llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
@@ -5416,6 +5416,7 @@
   Function &F;
   MemorySanitizer &MS;
   MemorySanitizerVisitor &MSV;
+  bool IsSoftFloatABI;
   Value *VAArgTLSCopy = nullptr;
   Value *VAArgTLSOriginCopy = nullptr;
   Value *VAArgOverflowSize = nullptr;
@@ -5434,9 +5435,10 @@
 
   VarArgSystemZHelper(Function &F, MemorySanitizer &MS,
                       MemorySanitizerVisitor &MSV)
-      : F(F), MS(MS), MSV(MSV) {}
+      : F(F), MS(MS), MSV(MSV),
+        IsSoftFloatABI(F.getFnAttribute("use-soft-float").getValueAsBool()) {}
 
-  ArgKind classifyArgument(Type *T, bool IsSoftFloatABI) {
+  ArgKind classifyArgument(Type *T) {
     // T is a SystemZABIInfo::classifyArgumentType() output, and there are
     // only a few possibilities of what it can be. In particular, enums, single
     // element structs and large types have already been taken care of.
@@ -5474,9 +5476,6 @@
   }
 
   void visitCallBase(CallBase &CB, IRBuilder<> &IRB) override {
-    bool IsSoftFloatABI = CB.getCalledFunction()
-                              ->getFnAttribute("use-soft-float")
-                              .getValueAsBool();
     unsigned GpOffset = SystemZGpOffset;
     unsigned FpOffset = SystemZFpOffset;
     unsigned VrIndex = 0;
@@ -5487,7 +5486,7 @@
       // SystemZABIInfo does not produce ByVal parameters.
       assert(!CB.paramHasAttr(ArgNo, Attribute::ByVal));
       Type *T = A->getType();
-      ArgKind AK = classifyArgument(T, IsSoftFloatABI);
+      ArgKind AK = classifyArgument(T);
       if (AK == ArgKind::Indirect) {
         T = PointerType::get(T, 0);
         AK = ArgKind::GeneralPurpose;


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D143296.494734.patch
Type: text/x-patch
Size: 3243 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20230203/18c43165/attachment.bin>

More information about the llvm-commits mailing list