[llvm] [msan] Add experimental '-msan-or-shadow-for-strict-instructions' flag to pessimize output (PR #128036)

Thu Feb 20 10:01:56 PST 2025

================
@@ -5596,13 +5606,29 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {
     if (ClDumpStrictInstructions)
       dumpInst(I);
     LLVM_DEBUG(dbgs() << "DEFAULT: " << I << "\n");
+
+    bool allSized = true;
     for (size_t i = 0, n = I.getNumOperands(); i < n; i++) {
       Value *Operand = I.getOperand(i);
       if (Operand->getType()->isSized())
         insertShadowCheck(Operand, &I);
+      else
+        allSized = false;
+    }
+
+    Type *RetTy = cast<Value>(I).getType();
+    if (ClOrShadowForStrictInstructions && allSized && !RetTy->isVoidTy()) {
+      // - In recover mode: the shadow will be computed instead of reset to
----------------
thurstond wrote:

Suppose:
1. We have an 8-byte variable, foo, where some bytes are initialized.
2. We use a move intrinsic, which is handled strictly, that copies the contents of foo to bar.
3. We use a truncate intrinsic that copies the top half of bar to baz.
4. baz is used in a branch instruction (shadow check performed)

The current behavior of visitInstruction in recover mode will print a UUM report at step 2, but the shadow is cleaned, and any subsequent UUM is unreported (even though there may be a meaningful UUM depending on which bytes of foo - top half or other bytes - were uninitialized).

----

So far, though, the interesting use case is actually the non-recover mode (even though it is conceptually a no-op).

https://github.com/llvm/llvm-project/pull/128036
