This is an archive of the discontinued LLVM Phabricator instance.

Differential D83867

[TSan] Add option for emitting compound read-write instrumentation
ClosedPublic

Authored by melver on Jul 15 2020, 5:59 AM.

Details

Reviewers
dvyukov
glider
Commits
rG785d41a261d1: [TSan] Add option for emitting compound read-write instrumentation
Summary

This adds option -tsan-compound-read-before-write to emit different
instrumentation for the write if the read before that write is omitted
from instrumentation. The default TSan runtime currently does not
support the different instrumentation, and the option is disable by
default.

Alternative runtimes, such as the Kernel Concurrency Sanitizer (KCSAN)
can make use of the feature. Indeed, the initial motivation is for use
in KCSAN as it was determined that due to the Linux kernel having a
large number of unaddressed data races, it makes sense to improve
performance and reporting by distinguishing compounded operations. E.g.
the compounded instrumentation is typically emitted for compound
operations such as ++, +=, |=, etc. By emitting different reports, such
data races can automatically be bucketed differently (currently the plan
is to prioritize them).

Diff Detail

Event Timeline

melver created this revision.Jul 15 2020, 5:59 AM
Herald added a project: Restricted Project. · View Herald TranscriptJul 15 2020, 5:59 AM
Herald added subscribers: llvm-commits, jfb, hiraditya. · View Herald Transcript
melver added a comment.Jul 15 2020, 6:01 AM

It seems the linter/clang-format did a number of non-functional changes here. I'm inclined to keep them, because they more closely adhere to LLVM's style guide.

melver added a comment.Jul 15 2020, 6:05 AM

KCSAN change (draft) is here: https://github.com/melver/linux/commit/a04e683f457ea94b4bbba80cf05b5bcb50857fa7 -- tested and working as intended.

Harbormaster failed remote builds in B64336: Diff 278159!Jul 15 2020, 6:45 AM
dvyukov added inline comments.Jul 16 2020, 2:41 AM
llvm/test/Instrumentation/ThreadSanitizer/read_before_write.ll
17

I think tsan_read expectation will be matched against tsan_read_write call. Is there a single way to refine it? Add an opening bracket or something?

glider added a comment.Jul 16 2020, 3:29 AM

What happens if the load and the store are separated by a barrier atomic load or store? Will they also be combined into a single operation?

llvm/test/Instrumentation/ThreadSanitizer/read_before_write.ll
78

Don't we want to treat pairs of volatile loads and stores as separate accesses? E.g. a volatile load may be racing with a completely different store somewhere else.

melver updated this revision to Diff 278455.Jul 16 2020, 6:47 AM
melver marked 4 inline comments as done.

Address comments.

melver added a comment.Jul 16 2020, 6:48 AM
In D83867#2155324, @glider wrote:

What happens if the load and the store are separated by a barrier atomic load or store? Will they also be combined into a single operation?

Hmm, good question. My intent wasn't to change the existing behaviour of how it compounds reads and writes, so I think it shouldn't be in this change.

I added a test and it does compound them. This also affects normal TSAN actually, which by default compounds reads and writes to same addr to a single __tsan_write. Let me do this as a separate change after this: https://reviews.llvm.org/D83949

llvm/test/Instrumentation/ThreadSanitizer/read_before_write.ll
17

I can just add the size.

78

Yes. Note the difference between CHECK-COMPOUND and CHECK-COMPOUND-VOLATILE.

For the kernel we'll have the CHECK-COMPOUND-VOLATILE behaviour, i.e. -tsan-distinguish-volatile -tsan-compound-read-before-write is set. And it will treat them separately and not compound them.

If volatiles are not to be distinguished, it'll just compound them, i.e. revert to the standard behaviour (arguably also perfectly in line with the non-kernel standard, because racing volatiles are still a data race).

Harbormaster failed remote builds in B64508: Diff 278455!Jul 16 2020, 7:19 AM
dvyukov accepted this revision.Jul 16 2020, 7:21 AM

LGTM on my side

This revision is now accepted and ready to land.Jul 16 2020, 7:21 AM
glider accepted this revision.Jul 16 2020, 10:11 AM
glider added inline comments.
llvm/test/Instrumentation/ThreadSanitizer/read_before_write.ll
78

This is probably unrelated to this patch, but I suppose that even if -tsan-distinguish-volatile is disabled (i.e. we don't use special functions to instrument volatile accesses), we still must not combine them.

Closed by commit rG785d41a261d1: [TSan] Add option for emitting compound read-write instrumentation (authored by melver). · Explain WhyJul 17 2020, 1:25 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
lib/
Transforms/
Instrumentation/
180 lines
test/
Instrumentation/
ThreadSanitizer/
63 lines

Diff 278676

llvm/lib/Transforms/Instrumentation/ThreadSanitizer.cpp

Show All 13 Lines
// The instrumentation phase is quite simple: // The instrumentation phase is quite simple:
// - Insert calls to run-time library before every memory access. // - Insert calls to run-time library before every memory access.
// - Optimizations may apply to avoid instrumenting some of the accesses. // - Optimizations may apply to avoid instrumenting some of the accesses.
// - Insert calls at function entry/exit. // - Insert calls at function entry/exit.
// The rest is handled by the run-time library. // The rest is handled by the run-time library.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "llvm/Transforms/Instrumentation/ThreadSanitizer.h" #include "llvm/Transforms/Instrumentation/ThreadSanitizer.h"
#include "llvm/ADT/SmallPtrSet.h" #include "llvm/ADT/DenseMap.h"
#include "llvm/ADT/Optional.h"
#include "llvm/ADT/SmallString.h" #include "llvm/ADT/SmallString.h"
#include "llvm/ADT/SmallVector.h" #include "llvm/ADT/SmallVector.h"
#include "llvm/ADT/Statistic.h" #include "llvm/ADT/Statistic.h"
#include "llvm/ADT/StringExtras.h" #include "llvm/ADT/StringExtras.h"
#include "llvm/Analysis/CaptureTracking.h" #include "llvm/Analysis/CaptureTracking.h"
#include "llvm/Analysis/TargetLibraryInfo.h" #include "llvm/Analysis/TargetLibraryInfo.h"
#include "llvm/Analysis/ValueTracking.h" #include "llvm/Analysis/ValueTracking.h"
#include "llvm/IR/DataLayout.h" #include "llvm/IR/DataLayout.h"
Show All 16 Lines
#include "llvm/Transforms/Utils/EscapeEnumerator.h" #include "llvm/Transforms/Utils/EscapeEnumerator.h"
#include "llvm/Transforms/Utils/Local.h" #include "llvm/Transforms/Utils/Local.h"
#include "llvm/Transforms/Utils/ModuleUtils.h" #include "llvm/Transforms/Utils/ModuleUtils.h"
using namespace llvm; using namespace llvm;
#define DEBUG_TYPE "tsan" #define DEBUG_TYPE "tsan"
static cl::opt<bool> ClInstrumentMemoryAccesses( static cl::opt<bool> ClInstrumentMemoryAccesses(
"tsan-instrument-memory-accesses", cl::init(true), "tsan-instrument-memory-accesses", cl::init(true),
cl::desc("Instrument memory accesses"), cl::Hidden); cl::desc("Instrument memory accesses"), cl::Hidden);
static cl::opt<bool> ClInstrumentFuncEntryExit( static cl::opt<bool>
"tsan-instrument-func-entry-exit", cl::init(true), ClInstrumentFuncEntryExit("tsan-instrument-func-entry-exit", cl::init(true),
cl::desc("Instrument function entry and exit"), cl::Hidden); cl::desc("Instrument function entry and exit"),
cl::Hidden);
static cl::opt<bool> ClHandleCxxExceptions( static cl::opt<bool> ClHandleCxxExceptions(
"tsan-handle-cxx-exceptions", cl::init(true), "tsan-handle-cxx-exceptions", cl::init(true),
cl::desc("Handle C++ exceptions (insert cleanup blocks for unwinding)"), cl::desc("Handle C++ exceptions (insert cleanup blocks for unwinding)"),
cl::Hidden); cl::Hidden);
static cl::opt<bool> ClInstrumentAtomics( static cl::opt<bool> ClInstrumentAtomics("tsan-instrument-atomics",
"tsan-instrument-atomics", cl::init(true), cl::init(true),
cl::desc("Instrument atomics"), cl::Hidden); cl::desc("Instrument atomics"),
cl::Hidden);
static cl::opt<bool> ClInstrumentMemIntrinsics( static cl::opt<bool> ClInstrumentMemIntrinsics(
"tsan-instrument-memintrinsics", cl::init(true), "tsan-instrument-memintrinsics", cl::init(true),
cl::desc("Instrument memintrinsics (memset/memcpy/memmove)"), cl::Hidden); cl::desc("Instrument memintrinsics (memset/memcpy/memmove)"), cl::Hidden);
static cl::opt<bool> ClDistinguishVolatile( static cl::opt<bool> ClDistinguishVolatile(
"tsan-distinguish-volatile", cl::init(false), "tsan-distinguish-volatile", cl::init(false),
cl::desc("Emit special instrumentation for accesses to volatiles"), cl::desc("Emit special instrumentation for accesses to volatiles"),
cl::Hidden); cl::Hidden);
static cl::opt<bool> ClInstrumentReadBeforeWrite( static cl::opt<bool> ClInstrumentReadBeforeWrite(
"tsan-instrument-read-before-write", cl::init(false), "tsan-instrument-read-before-write", cl::init(false),
cl::desc("Do not eliminate read instrumentation for read-before-writes"), cl::desc("Do not eliminate read instrumentation for read-before-writes"),
cl::Hidden); cl::Hidden);
static cl::opt<bool> ClCompoundReadBeforeWrite(
"tsan-compound-read-before-write", cl::init(false),
cl::desc("Emit special compound instrumentation for reads-before-writes"),
cl::Hidden);
STATISTIC(NumInstrumentedReads, "Number of instrumented reads"); STATISTIC(NumInstrumentedReads, "Number of instrumented reads");
STATISTIC(NumInstrumentedWrites, "Number of instrumented writes"); STATISTIC(NumInstrumentedWrites, "Number of instrumented writes");
STATISTIC(NumOmittedReadsBeforeWrite, STATISTIC(NumOmittedReadsBeforeWrite,
"Number of reads ignored due to following writes"); "Number of reads ignored due to following writes");
STATISTIC(NumAccessesWithBadSize, "Number of accesses with bad size"); STATISTIC(NumAccessesWithBadSize, "Number of accesses with bad size");
STATISTIC(NumInstrumentedVtableWrites, "Number of vtable ptr writes"); STATISTIC(NumInstrumentedVtableWrites, "Number of vtable ptr writes");
STATISTIC(NumInstrumentedVtableReads, "Number of vtable ptr reads"); STATISTIC(NumInstrumentedVtableReads, "Number of vtable ptr reads");
Show All 9 Lines
/// ThreadSanitizer: instrument the code in module to find races. /// ThreadSanitizer: instrument the code in module to find races.
/// ///
/// Instantiating ThreadSanitizer inserts the tsan runtime library API function /// Instantiating ThreadSanitizer inserts the tsan runtime library API function
/// declarations into the module if they don't exist already. Instantiating /// declarations into the module if they don't exist already. Instantiating
/// ensures the __tsan_init function is in the list of global constructors for /// ensures the __tsan_init function is in the list of global constructors for
/// the module. /// the module.
struct ThreadSanitizer { struct ThreadSanitizer {
ThreadSanitizer() {
// Sanity check options and warn user.
if (ClInstrumentReadBeforeWrite && ClCompoundReadBeforeWrite) {
errs()
<< "warning: Option -tsan-compound-read-before-write has no effect "
"when -tsan-instrument-read-before-write is set.\n";
}
}
bool sanitizeFunction(Function &F, const TargetLibraryInfo &TLI); bool sanitizeFunction(Function &F, const TargetLibraryInfo &TLI);
private: private:
// Internal Instruction wrapper that contains more information about the
// Instruction from prior analysis.
struct InstructionInfo {
// Instrumentation emitted for this instruction is for a compounded set of
// read and write operations in the same basic block.
static constexpr unsigned kCompoundRW = (1U << 0);
explicit InstructionInfo(Instruction *Inst) : Inst(Inst) {}
Instruction *Inst;
unsigned Flags = 0;
};
void initialize(Module &M); void initialize(Module &M);
bool instrumentLoadOrStore(Instruction *I, const DataLayout &DL); bool instrumentLoadOrStore(const InstructionInfo &II, const DataLayout &DL);
bool instrumentAtomic(Instruction *I, const DataLayout &DL); bool instrumentAtomic(Instruction *I, const DataLayout &DL);
bool instrumentMemIntrinsic(Instruction *I); bool instrumentMemIntrinsic(Instruction *I);
void chooseInstructionsToInstrument(SmallVectorImpl<Instruction *> &Local, void chooseInstructionsToInstrument(SmallVectorImpl<Instruction *> &Local,
SmallVectorImpl<Instruction *> &All, SmallVectorImpl<InstructionInfo> &All,
const DataLayout &DL); const DataLayout &DL);
bool addrPointsToConstantData(Value *Addr); bool addrPointsToConstantData(Value *Addr);
int getMemoryAccessFuncIndex(Value *Addr, const DataLayout &DL); int getMemoryAccessFuncIndex(Value *Addr, const DataLayout &DL);
void InsertRuntimeIgnores(Function &F); void InsertRuntimeIgnores(Function &F);
Type *IntptrTy; Type *IntptrTy;
FunctionCallee TsanFuncEntry; FunctionCallee TsanFuncEntry;
FunctionCallee TsanFuncExit; FunctionCallee TsanFuncExit;
FunctionCallee TsanIgnoreBegin; FunctionCallee TsanIgnoreBegin;
FunctionCallee TsanIgnoreEnd; FunctionCallee TsanIgnoreEnd;
// Accesses sizes are powers of two: 1, 2, 4, 8, 16. // Accesses sizes are powers of two: 1, 2, 4, 8, 16.
static const size_t kNumberOfAccessSizes = 5; static const size_t kNumberOfAccessSizes = 5;
FunctionCallee TsanRead[kNumberOfAccessSizes]; FunctionCallee TsanRead[kNumberOfAccessSizes];
FunctionCallee TsanWrite[kNumberOfAccessSizes]; FunctionCallee TsanWrite[kNumberOfAccessSizes];
FunctionCallee TsanUnalignedRead[kNumberOfAccessSizes]; FunctionCallee TsanUnalignedRead[kNumberOfAccessSizes];
FunctionCallee TsanUnalignedWrite[kNumberOfAccessSizes]; FunctionCallee TsanUnalignedWrite[kNumberOfAccessSizes];
FunctionCallee TsanVolatileRead[kNumberOfAccessSizes]; FunctionCallee TsanVolatileRead[kNumberOfAccessSizes];
FunctionCallee TsanVolatileWrite[kNumberOfAccessSizes]; FunctionCallee TsanVolatileWrite[kNumberOfAccessSizes];
FunctionCallee TsanUnalignedVolatileRead[kNumberOfAccessSizes]; FunctionCallee TsanUnalignedVolatileRead[kNumberOfAccessSizes];
FunctionCallee TsanUnalignedVolatileWrite[kNumberOfAccessSizes]; FunctionCallee TsanUnalignedVolatileWrite[kNumberOfAccessSizes];
FunctionCallee TsanCompoundRW[kNumberOfAccessSizes];
FunctionCallee TsanUnalignedCompoundRW[kNumberOfAccessSizes];
FunctionCallee TsanAtomicLoad[kNumberOfAccessSizes]; FunctionCallee TsanAtomicLoad[kNumberOfAccessSizes];
FunctionCallee TsanAtomicStore[kNumberOfAccessSizes]; FunctionCallee TsanAtomicStore[kNumberOfAccessSizes];
FunctionCallee TsanAtomicRMW[AtomicRMWInst::LAST_BINOP + 1] FunctionCallee TsanAtomicRMW[AtomicRMWInst::LAST_BINOP + 1]
[kNumberOfAccessSizes]; [kNumberOfAccessSizes];
FunctionCallee TsanAtomicCAS[kNumberOfAccessSizes]; FunctionCallee TsanAtomicCAS[kNumberOfAccessSizes];
FunctionCallee TsanAtomicThreadFence; FunctionCallee TsanAtomicThreadFence;
FunctionCallee TsanAtomicSignalFence; FunctionCallee TsanAtomicSignalFence;
FunctionCallee TsanVptrUpdate; FunctionCallee TsanVptrUpdate;
▲ Show 20 LinesShow All 122 Lines▼ Show 20 Lines for (size_t i = 0; i < kNumberOfAccessSizes; ++i) {
TsanUnalignedVolatileRead[i] = M.getOrInsertFunction( TsanUnalignedVolatileRead[i] = M.getOrInsertFunction(
UnalignedVolatileReadName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy()); UnalignedVolatileReadName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy());
SmallString<64> UnalignedVolatileWriteName( SmallString<64> UnalignedVolatileWriteName(
"__tsan_unaligned_volatile_write" + ByteSizeStr); "__tsan_unaligned_volatile_write" + ByteSizeStr);
TsanUnalignedVolatileWrite[i] = M.getOrInsertFunction( TsanUnalignedVolatileWrite[i] = M.getOrInsertFunction(
UnalignedVolatileWriteName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy()); UnalignedVolatileWriteName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy());
SmallString<64> CompoundRWName("__tsan_read_write" + ByteSizeStr);
TsanCompoundRW[i] = M.getOrInsertFunction(
CompoundRWName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy());
SmallString<64> UnalignedCompoundRWName("__tsan_unaligned_read_write" +
ByteSizeStr);
TsanUnalignedCompoundRW[i] = M.getOrInsertFunction(
UnalignedCompoundRWName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy());
Type *Ty = Type::getIntNTy(M.getContext(), BitSize); Type *Ty = Type::getIntNTy(M.getContext(), BitSize);
Type *PtrTy = Ty->getPointerTo(); Type *PtrTy = Ty->getPointerTo();
SmallString<32> AtomicLoadName("__tsan_atomic" + BitSizeStr + "_load"); SmallString<32> AtomicLoadName("__tsan_atomic" + BitSizeStr + "_load");
TsanAtomicLoad[i] = TsanAtomicLoad[i] =
M.getOrInsertFunction(AtomicLoadName, Attr, Ty, PtrTy, OrdTy); M.getOrInsertFunction(AtomicLoadName, Attr, Ty, PtrTy, OrdTy);
SmallString<32> AtomicStoreName("__tsan_atomic" + BitSizeStr + "_store"); SmallString<32> AtomicStoreName("__tsan_atomic" + BitSizeStr + "_store");
TsanAtomicStore[i] = M.getOrInsertFunction( TsanAtomicStore[i] = M.getOrInsertFunction(
▲ Show 20 LinesShow All 118 Lines▼ Show 20 Lines
// We do not handle some of the patterns that should not survive // We do not handle some of the patterns that should not survive
// after the classic compiler optimizations. // after the classic compiler optimizations.
// E.g. two reads from the same temp should be eliminated by CSE, // E.g. two reads from the same temp should be eliminated by CSE,
// two writes should be eliminated by DSE, etc. // two writes should be eliminated by DSE, etc.
// //
// 'Local' is a vector of insns within the same BB (no calls between). // 'Local' is a vector of insns within the same BB (no calls between).
// 'All' is a vector of insns that will be instrumented. // 'All' is a vector of insns that will be instrumented.
void ThreadSanitizer::chooseInstructionsToInstrument( void ThreadSanitizer::chooseInstructionsToInstrument(
SmallVectorImpl<Instruction *> &Local, SmallVectorImpl<Instruction *> &All, SmallVectorImpl<Instruction *> &Local,
const DataLayout &DL) { SmallVectorImpl<InstructionInfo> &All, const DataLayout &DL) {
SmallPtrSet<Value*, 8> WriteTargets; DenseMap<Value *, size_t> WriteTargets; // Map of addresses to index in All
// Iterate from the end. // Iterate from the end.
for (Instruction *I : reverse(Local)) { for (Instruction *I : reverse(Local)) {
if (StoreInst *Store = dyn_cast<StoreInst>(I)) { const bool IsWrite = isa<StoreInst>(*I);
Value *Addr = Store->getPointerOperand(); Value *Addr = IsWrite ? cast<StoreInst>(I)->getPointerOperand()
if (!shouldInstrumentReadWriteFromAddress(I->getModule(), Addr)) : cast<LoadInst>(I)->getPointerOperand();
continue;
WriteTargets.insert(Addr);
} else {
LoadInst *Load = cast<LoadInst>(I);
Value *Addr = Load->getPointerOperand();
if (!shouldInstrumentReadWriteFromAddress(I->getModule(), Addr)) if (!shouldInstrumentReadWriteFromAddress(I->getModule(), Addr))
continue; continue;
if (!ClInstrumentReadBeforeWrite && WriteTargets.count(Addr)) {
if (!IsWrite) {
const auto WriteEntry = WriteTargets.find(Addr);
if (!ClInstrumentReadBeforeWrite && WriteEntry != WriteTargets.end()) {
auto &WI = All[WriteEntry->second];
// If we distinguish volatile accesses and if either the read or write
// is volatile, do not omit any instrumentation.
const bool AnyVolatile =
ClDistinguishVolatile && (cast<LoadInst>(I)->isVolatile() ||
cast<StoreInst>(WI.Inst)->isVolatile());
if (!AnyVolatile) {
// We will write to this temp, so no reason to analyze the read. // We will write to this temp, so no reason to analyze the read.
// Mark the write instruction as compound.
WI.Flags |= InstructionInfo::kCompoundRW;
NumOmittedReadsBeforeWrite++; NumOmittedReadsBeforeWrite++;
continue; continue;
} }
}
if (addrPointsToConstantData(Addr)) { if (addrPointsToConstantData(Addr)) {
// Addr points to some constant data -- it can not race with any writes. // Addr points to some constant data -- it can not race with any writes.
continue; continue;
} }
} }
Value *Addr = isa<StoreInst>(*I)
? cast<StoreInst>(I)->getPointerOperand()
: cast<LoadInst>(I)->getPointerOperand();
if (isa<AllocaInst>(GetUnderlyingObject(Addr, DL)) && if (isa<AllocaInst>(GetUnderlyingObject(Addr, DL)) &&
!PointerMayBeCaptured(Addr, true, true)) { !PointerMayBeCaptured(Addr, true, true)) {
// The variable is addressable but not captured, so it cannot be // The variable is addressable but not captured, so it cannot be
// referenced from a different thread and participate in a data race // referenced from a different thread and participate in a data race
// (see llvm/Analysis/CaptureTracking.h for details). // (see llvm/Analysis/CaptureTracking.h for details).
NumOmittedNonCaptured++; NumOmittedNonCaptured++;
continue; continue;
} }
All.push_back(I);
// Instrument this instruction.
All.emplace_back(I);
if (IsWrite) {
// For read-before-write and compound instrumentation we only need one
// write target, and we can override any previous entry if it exists.
WriteTargets[Addr] = All.size() - 1;
}
} }
Local.clear(); Local.clear();
} }
static bool isAtomic(Instruction *I) { static bool isAtomic(Instruction *I) {
// TODO: Ask TTI whether synchronization scope is between threads. // TODO: Ask TTI whether synchronization scope is between threads.
if (LoadInst *LI = dyn_cast<LoadInst>(I)) if (LoadInst *LI = dyn_cast<LoadInst>(I))
return LI->isAtomic() && LI->getSyncScopeID() != SyncScope::SingleThread; return LI->isAtomic() && LI->getSyncScopeID() != SyncScope::SingleThread;
Show All 24 Linesbool ThreadSanitizer::sanitizeFunction(Function &F,
if (F.getName() == kTsanModuleCtorName) if (F.getName() == kTsanModuleCtorName)
return false; return false;
// Naked functions can not have prologue/epilogue // Naked functions can not have prologue/epilogue
// (__tsan_func_entry/__tsan_func_exit) generated, so don't instrument them at // (__tsan_func_entry/__tsan_func_exit) generated, so don't instrument them at
// all. // all.
if (F.hasFnAttribute(Attribute::Naked)) if (F.hasFnAttribute(Attribute::Naked))
return false; return false;
initialize(*F.getParent()); initialize(*F.getParent());
SmallVector<Instruction*, 8> AllLoadsAndStores; SmallVector<InstructionInfo, 8> AllLoadsAndStores;
SmallVector<Instruction*, 8> LocalLoadsAndStores; SmallVector<Instruction*, 8> LocalLoadsAndStores;
SmallVector<Instruction*, 8> AtomicAccesses; SmallVector<Instruction*, 8> AtomicAccesses;
SmallVector<Instruction*, 8> MemIntrinCalls; SmallVector<Instruction*, 8> MemIntrinCalls;
bool Res = false; bool Res = false;
bool HasCalls = false; bool HasCalls = false;
bool SanitizeFunction = F.hasFnAttribute(Attribute::SanitizeThread); bool SanitizeFunction = F.hasFnAttribute(Attribute::SanitizeThread);
const DataLayout &DL = F.getParent()->getDataLayout(); const DataLayout &DL = F.getParent()->getDataLayout();
Show All 18 Linesbool ThreadSanitizer::sanitizeFunction(Function &F,
} }
// We have collected all loads and stores. // We have collected all loads and stores.
// FIXME: many of these accesses do not need to be checked for races // FIXME: many of these accesses do not need to be checked for races
// (e.g. variables that do not escape, etc). // (e.g. variables that do not escape, etc).
// Instrument memory accesses only if we want to report bugs in the function. // Instrument memory accesses only if we want to report bugs in the function.
if (ClInstrumentMemoryAccesses && SanitizeFunction) if (ClInstrumentMemoryAccesses && SanitizeFunction)
for (auto Inst : AllLoadsAndStores) { for (const auto &II : AllLoadsAndStores) {
Res |= instrumentLoadOrStore(Inst, DL); Res |= instrumentLoadOrStore(II, DL);
} }
// Instrument atomic memory accesses in any case (they can be used to // Instrument atomic memory accesses in any case (they can be used to
// implement synchronization). // implement synchronization).
if (ClInstrumentAtomics) if (ClInstrumentAtomics)
for (auto Inst : AtomicAccesses) { for (auto Inst : AtomicAccesses) {
Res |= instrumentAtomic(Inst, DL); Res |= instrumentAtomic(Inst, DL);
} }
Show All 21 Lines if ((Res || HasCalls) && ClInstrumentFuncEntryExit) {
while (IRBuilder<> *AtExit = EE.Next()) { while (IRBuilder<> *AtExit = EE.Next()) {
AtExit->CreateCall(TsanFuncExit, {}); AtExit->CreateCall(TsanFuncExit, {});
} }
Res = true; Res = true;
} }
return Res; return Res;
} }
bool ThreadSanitizer::instrumentLoadOrStore(Instruction *I, bool ThreadSanitizer::instrumentLoadOrStore(const InstructionInfo &II,
const DataLayout &DL) { const DataLayout &DL) {
IRBuilder<> IRB(I); IRBuilder<> IRB(II.Inst);
bool IsWrite = isa<StoreInst>(*I); const bool IsWrite = isa<StoreInst>(*II.Inst);
Value *Addr = IsWrite Value *Addr = IsWrite ? cast<StoreInst>(II.Inst)->getPointerOperand()
? cast<StoreInst>(I)->getPointerOperand() : cast<LoadInst>(II.Inst)->getPointerOperand();
: cast<LoadInst>(I)->getPointerOperand();
// swifterror memory addresses are mem2reg promoted by instruction selection. // swifterror memory addresses are mem2reg promoted by instruction selection.
// As such they cannot have regular uses like an instrumentation function and // As such they cannot have regular uses like an instrumentation function and
// it makes no sense to track them as memory. // it makes no sense to track them as memory.
if (Addr->isSwiftError()) if (Addr->isSwiftError())
return false; return false;
int Idx = getMemoryAccessFuncIndex(Addr, DL); int Idx = getMemoryAccessFuncIndex(Addr, DL);
if (Idx < 0) if (Idx < 0)
return false; return false;
if (IsWrite && isVtableAccess(I)) { if (IsWrite && isVtableAccess(II.Inst)) {
LLVM_DEBUG(dbgs() << " VPTR : " << *I << "\n"); LLVM_DEBUG(dbgs() << " VPTR : " << *II.Inst << "\n");
Value *StoredValue = cast<StoreInst>(I)->getValueOperand(); Value *StoredValue = cast<StoreInst>(II.Inst)->getValueOperand();
// StoredValue may be a vector type if we are storing several vptrs at once. // StoredValue may be a vector type if we are storing several vptrs at once.
// In this case, just take the first element of the vector since this is // In this case, just take the first element of the vector since this is
// enough to find vptr races. // enough to find vptr races.
if (isa<VectorType>(StoredValue->getType())) if (isa<VectorType>(StoredValue->getType()))
StoredValue = IRB.CreateExtractElement( StoredValue = IRB.CreateExtractElement(
StoredValue, ConstantInt::get(IRB.getInt32Ty(), 0)); StoredValue, ConstantInt::get(IRB.getInt32Ty(), 0));
if (StoredValue->getType()->isIntegerTy()) if (StoredValue->getType()->isIntegerTy())
StoredValue = IRB.CreateIntToPtr(StoredValue, IRB.getInt8PtrTy()); StoredValue = IRB.CreateIntToPtr(StoredValue, IRB.getInt8PtrTy());
// Call TsanVptrUpdate. // Call TsanVptrUpdate.
IRB.CreateCall(TsanVptrUpdate, IRB.CreateCall(TsanVptrUpdate,
{IRB.CreatePointerCast(Addr, IRB.getInt8PtrTy()), {IRB.CreatePointerCast(Addr, IRB.getInt8PtrTy()),
IRB.CreatePointerCast(StoredValue, IRB.getInt8PtrTy())}); IRB.CreatePointerCast(StoredValue, IRB.getInt8PtrTy())});
NumInstrumentedVtableWrites++; NumInstrumentedVtableWrites++;
return true; return true;
} }
if (!IsWrite && isVtableAccess(I)) { if (!IsWrite && isVtableAccess(II.Inst)) {
IRB.CreateCall(TsanVptrLoad, IRB.CreateCall(TsanVptrLoad,
IRB.CreatePointerCast(Addr, IRB.getInt8PtrTy())); IRB.CreatePointerCast(Addr, IRB.getInt8PtrTy()));
NumInstrumentedVtableReads++; NumInstrumentedVtableReads++;
return true; return true;
} }
const unsigned Alignment = IsWrite
? cast<StoreInst>(I)->getAlignment() const unsigned Alignment = IsWrite ? cast<StoreInst>(II.Inst)->getAlignment()
: cast<LoadInst>(I)->getAlignment(); : cast<LoadInst>(II.Inst)->getAlignment();
const bool IsVolatile = const bool IsCompoundRW =
ClDistinguishVolatile && (IsWrite ? cast<StoreInst>(I)->isVolatile() ClCompoundReadBeforeWrite && (II.Flags & InstructionInfo::kCompoundRW);
: cast<LoadInst>(I)->isVolatile()); const bool IsVolatile = ClDistinguishVolatile &&
(IsWrite ? cast<StoreInst>(II.Inst)->isVolatile()
: cast<LoadInst>(II.Inst)->isVolatile());
assert((!IsVolatile || !IsCompoundRW) && "Compound volatile invalid!");
Type *OrigTy = cast<PointerType>(Addr->getType())->getElementType(); Type *OrigTy = cast<PointerType>(Addr->getType())->getElementType();
const uint32_t TypeSize = DL.getTypeStoreSizeInBits(OrigTy); const uint32_t TypeSize = DL.getTypeStoreSizeInBits(OrigTy);
FunctionCallee OnAccessFunc = nullptr; FunctionCallee OnAccessFunc = nullptr;
if (Alignment == 0 || Alignment >= 8 || (Alignment % (TypeSize / 8)) == 0) { if (Alignment == 0 || Alignment >= 8 || (Alignment % (TypeSize / 8)) == 0) {
if (IsVolatile) if (IsCompoundRW)
OnAccessFunc = TsanCompoundRW[Idx];
else if (IsVolatile)
OnAccessFunc = IsWrite ? TsanVolatileWrite[Idx] : TsanVolatileRead[Idx]; OnAccessFunc = IsWrite ? TsanVolatileWrite[Idx] : TsanVolatileRead[Idx];
else else
OnAccessFunc = IsWrite ? TsanWrite[Idx] : TsanRead[Idx]; OnAccessFunc = IsWrite ? TsanWrite[Idx] : TsanRead[Idx];
} else { } else {
if (IsVolatile) if (IsCompoundRW)
OnAccessFunc = TsanUnalignedCompoundRW[Idx];
else if (IsVolatile)
OnAccessFunc = IsWrite ? TsanUnalignedVolatileWrite[Idx] OnAccessFunc = IsWrite ? TsanUnalignedVolatileWrite[Idx]
: TsanUnalignedVolatileRead[Idx]; : TsanUnalignedVolatileRead[Idx];
else else
OnAccessFunc = IsWrite ? TsanUnalignedWrite[Idx] : TsanUnalignedRead[Idx]; OnAccessFunc = IsWrite ? TsanUnalignedWrite[Idx] : TsanUnalignedRead[Idx];
} }
IRB.CreateCall(OnAccessFunc, IRB.CreatePointerCast(Addr, IRB.getInt8PtrTy())); IRB.CreateCall(OnAccessFunc, IRB.CreatePointerCast(Addr, IRB.getInt8PtrTy()));
if (IsWrite) NumInstrumentedWrites++; if (IsCompoundRW || IsWrite)
else NumInstrumentedReads++; NumInstrumentedWrites++;
if (IsCompoundRW || !IsWrite)
NumInstrumentedReads++;
return true; return true;
} }
static ConstantInt *createOrdering(IRBuilder<> *IRB, AtomicOrdering ord) { static ConstantInt *createOrdering(IRBuilder<> *IRB, AtomicOrdering ord) {
uint32_t v = 0; uint32_t v = 0;
switch (ord) { switch (ord) {
case AtomicOrdering::NotAtomic: case AtomicOrdering::NotAtomic:
llvm_unreachable("unexpected atomic ordering!"); llvm_unreachable("unexpected atomic ordering!");
▲ Show 20 LinesShow All 156 LinesShow Last 20 Lines

llvm/test/Instrumentation/ThreadSanitizer/read_before_write.ll

; RUN: opt < %s -tsan -S | FileCheck %s ; RUN: opt < %s -tsan -S | FileCheck --check-prefixes=CHECK,CHECK-OPT %s
; RUN: opt < %s -tsan -tsan-instrument-read-before-write -S | FileCheck %s --check-prefixes=CHECK,CHECK-UNOPT ; RUN: opt < %s -tsan -tsan-instrument-read-before-write -S | FileCheck %s --check-prefixes=CHECK,CHECK-UNOPT
; RUN: opt < %s -tsan -tsan-compound-read-before-write -S | FileCheck %s --check-prefixes=CHECK,CHECK-COMPOUND
; RUN: opt < %s -tsan -tsan-distinguish-volatile -tsan-compound-read-before-write -S | FileCheck %s --check-prefixes=CHECK,CHECK-COMPOUND-VOLATILE
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
define void @IncrementMe(i32* nocapture %ptr) nounwind uwtable sanitize_thread { define void @IncrementMe(i32* nocapture %ptr) nounwind uwtable sanitize_thread {
entry: entry:
%0 = load i32, i32* %ptr, align 4 %0 = load i32, i32* %ptr, align 4
%inc = add nsw i32 %0, 1 %inc = add nsw i32 %0, 1
store i32 %inc, i32* %ptr, align 4 store i32 %inc, i32* %ptr, align 4
ret void ret void
} }
; CHECK: define void @IncrementMe ; CHECK-LABEL: define void @IncrementMe
; CHECK-NOT: __tsan_read ; CHECK-OPT-NOT: __tsan_read4
; CHECK-UNOPT: __tsan_read ; CHECK-COMPOUND-NOT: __tsan_read4
dvyukovUnsubmitted
Done
ReplyInline Actions

I think tsan_read expectation will be matched against tsan_read_write call. Is there a single way to refine it? Add an opening bracket or something?

dvyukov: I think __tsan_read expectation will be matched against __tsan_read_write call. Is there a…
melverAuthorUnsubmitted
Done
ReplyInline Actions

I can just add the size.

melver: I can just add the size.
; CHECK: __tsan_write ; CHECK-UNOPT: __tsan_read4
; CHECK-OPT: __tsan_write4
; CHECK-UNOPT: __tsan_write4
; CHECK-COMPOUND: __tsan_read_write4
; CHECK: ret void ; CHECK: ret void
define void @IncrementMeWithCallInBetween(i32* nocapture %ptr) nounwind uwtable sanitize_thread { define void @IncrementMeWithCallInBetween(i32* nocapture %ptr) nounwind uwtable sanitize_thread {
entry: entry:
%0 = load i32, i32* %ptr, align 4 %0 = load i32, i32* %ptr, align 4
%inc = add nsw i32 %0, 1 %inc = add nsw i32 %0, 1
call void @foo() call void @foo()
store i32 %inc, i32* %ptr, align 4 store i32 %inc, i32* %ptr, align 4
ret void ret void
} }
; CHECK: define void @IncrementMeWithCallInBetween ; CHECK-LABEL: define void @IncrementMeWithCallInBetween
; CHECK: __tsan_read ; CHECK: __tsan_read4
; CHECK: __tsan_write ; CHECK: __tsan_write4
; CHECK: ret void ; CHECK: ret void
declare void @foo() declare void @foo()
define void @VolatileLoad(i32* nocapture %ptr) nounwind uwtable sanitize_thread {
entry:
%0 = load volatile i32, i32* %ptr, align 4
%inc = add nsw i32 %0, 1
store i32 %inc, i32* %ptr, align 4
ret void
}
; CHECK-LABEL: define void @VolatileLoad
; CHECK-COMPOUND-NOT: __tsan_read4
; CHECK-COMPOUND-VOLATILE: __tsan_volatile_read4
; CHECK-COMPOUND: __tsan_read_write4
; CHECK-COMPOUND-VOLATILE: __tsan_write4
; CHECK: ret void
define void @VolatileStore(i32* nocapture %ptr) nounwind uwtable sanitize_thread {
entry:
%0 = load i32, i32* %ptr, align 4
%inc = add nsw i32 %0, 1
store volatile i32 %inc, i32* %ptr, align 4
ret void
}
; CHECK-LABEL: define void @VolatileStore
; CHECK-COMPOUND-NOT: __tsan_read4
; CHECK-COMPOUND-VOLATILE: __tsan_read4
; CHECK-COMPOUND: __tsan_read_write4
; CHECK-COMPOUND-VOLATILE: __tsan_volatile_write4
; CHECK: ret void
define void @VolatileBoth(i32* nocapture %ptr) nounwind uwtable sanitize_thread {
entry:
%0 = load volatile i32, i32* %ptr, align 4
%inc = add nsw i32 %0, 1
store volatile i32 %inc, i32* %ptr, align 4
ret void
}
; CHECK-LABEL: define void @VolatileBoth
; CHECK-COMPOUND-NOT: __tsan_read4
; CHECK-COMPOUND-VOLATILE: __tsan_volatile_read4
; CHECK-COMPOUND: __tsan_read_write4
gliderUnsubmitted
Done
ReplyInline Actions

Don't we want to treat pairs of volatile loads and stores as separate accesses? E.g. a volatile load may be racing with a completely different store somewhere else.

glider: Don't we want to treat pairs of volatile loads and stores as separate accesses? E.g. a volatile…
melverAuthorUnsubmitted
Done
ReplyInline Actions

Yes. Note the difference between CHECK-COMPOUND and CHECK-COMPOUND-VOLATILE.

For the kernel we'll have the CHECK-COMPOUND-VOLATILE behaviour, i.e. -tsan-distinguish-volatile -tsan-compound-read-before-write is set. And it will treat them separately and not compound them.

If volatiles are not to be distinguished, it'll just compound them, i.e. revert to the standard behaviour (arguably also perfectly in line with the non-kernel standard, because racing volatiles are still a data race).

melver: Yes. Note the difference between CHECK-COMPOUND and CHECK-COMPOUND-VOLATILE. For the kernel…
gliderUnsubmitted
Not Done
ReplyInline Actions

This is probably unrelated to this patch, but I suppose that even if -tsan-distinguish-volatile is disabled (i.e. we don't use special functions to instrument volatile accesses), we still must not combine them.

glider: This is probably unrelated to this patch, but I suppose that even if -tsan-distinguish-volatile…
; CHECK-COMPOUND-VOLATILE: __tsan_volatile_write4
; CHECK: ret void