This is an archive of the discontinued LLVM Phabricator instance.

Differential D109816

[hwasan] also omit safe mem[cpy|mov|set].
ClosedPublic

Authored by fmayer on Sep 15 2021, 2:14 AM.

Details

Reviewers
eugenis
Commits
rG36daf074d997: [hwasan] also omit safe mem[cpy|mov|set].

Diff Detail

Event Timeline

fmayer created this revision.Sep 15 2021, 2:14 AM
Herald added a subscriber: hiraditya. · View Herald TranscriptSep 15 2021, 2:14 AM
fmayer updated this revision to Diff 372665.Sep 15 2021, 2:28 AM

more test

Harbormaster completed remote builds in B123981: Diff 372665.Sep 15 2021, 3:05 AM
fmayer updated this revision to Diff 372686.Sep 15 2021, 6:19 AM

fix test

fmayer published this revision for review.Sep 15 2021, 6:35 AM
fmayer added a reviewer: eugenis.
Herald added a project: Restricted Project. · View Herald TranscriptSep 15 2021, 6:35 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
Harbormaster completed remote builds in B123996: Diff 372686.Sep 15 2021, 7:04 AM
fmayer added a comment.Sep 15 2021, 10:01 AM

This leads to a 20 % runtime improvement on PDFium, when stack instrumentation is disabled.

eugenis added inline comments.Sep 15 2021, 12:37 PM
llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
806–807

Is this a separate bugfix?

Am I right that this is not needed for regular load/store because the argument is required to be 100% traceable to a single alloca, but 2-args memintrinsics are safe if one arg is 100%, and the other is 100% not stack? That does not sound right.

The comment on accessIsSafe does not even try to cover such cases. Also, I do not see any tests under Analysis/StackSafety for the mixed memintrinsic case.

llvm/test/Instrumentation/HWAddressSanitizer/stack-safety-analysis.ll
132

If lifetimes are irrelevant to a test case, you can just remove them altogether.

eugenis added inline comments.Sep 15 2021, 4:06 PM
llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
1000

Consider getDest / getSource for readability.

fmayer updated this revision to Diff 372902.Sep 16 2021, 5:04 AM
fmayer marked an inline comment as done.

use getDest/getSource

fmayer added inline comments.Sep 16 2021, 5:05 AM
llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
806–807

Before this change, we only checked this for instructions that took a single pointer variable. There were two cases in accessIsSafe:

  • the pointer is non stack: we never reached this instruction in the stack safety pass, and we return false because we do not find it in the mapping.
  • the pointer is potentially stack: we reach this instruction in the pass, and SECV will take care of checking whether we can *only* reach it from the alloca.

Now, for memcpy / memmove there is the extra case that we can have both cases for two arguments. Now the problem becomes if one argument is in range of the alloca, but the other one isn't reachable from any alloca, accessIsSafe will return true.

What I did in this change is clarify the semantics (as they already were) of accessIsSafe in the comment, and defer responsibility to check whether *all* arguments are potentially stack to the caller. As such, we only hit the second case above.

llvm/test/Instrumentation/HWAddressSanitizer/stack-safety-analysis.ll
132

The stack safety does look at lifetimes, so to make it more representative I put them there. Either way is fine, WDYT?

Harbormaster completed remote builds in B124161: Diff 372902.Sep 16 2021, 6:31 AM
eugenis added inline comments.Sep 16 2021, 1:44 PM
llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
806–807

Yeah, I agree with that. I just want it clarified even more.

For a sample of cases:

  1. dest and source both are always stack and safe
  2. dest is always stack and safe; source is never stack
  3. dest is either stack and safe or not stack; source is never stack

the comment does not give me confidence in what isAccessSafe answer would be.

llvm/test/Instrumentation/HWAddressSanitizer/stack-safety-analysis.ll
132

There are no lifetimes at -O0, for example. It is generally a good idea to focus each test case on a single concern - if you are testing hwasan handling of memmove() with one safe and one unsafe argument, lifetimes are irrelevant and only hurt test readability.

It is good to have some tests with lifetimes, but they don't really need to be present *everywhere*.

fmayer updated this revision to Diff 373528.Sep 20 2021, 2:49 AM

more tests & comments

fmayer marked 4 inline comments as done.Sep 20 2021, 2:51 AM
fmayer added inline comments.
llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
806–807

I clarified the comment and added some more tests.

llvm/test/Instrumentation/HWAddressSanitizer/stack-safety-analysis.ll
132

Sure, removed for legibility (though with sanitizers enabled, there are always lifetimes, and this is a sanitizer test).

Harbormaster completed remote builds in B124623: Diff 373528.Sep 20 2021, 3:27 AM
eugenis added a subscriber: vitalybuka.Sep 20 2021, 1:59 PM
eugenis added inline comments.
llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
806–807

I still find the description confusing, especially around "potential stack accesses".

How about this:

  • rename to stackAccessIsSafe
  • describe approx. like this: "returns true if the instruction can be proven to do only two types of memory accesses (1) live stack locations in-bounds or (2) non-stack locations"

i.e. not "accesses that may go to stack are safe" but "safe when goes to stack".
And this makes it clear that predicating the check with findAllocaForValue() makes it indeed 100% safe.

To be true to this description, the function should return true if the argument can not be traced back to an alloca. I think this can be implemented by removing "SafeAccesses" and looking straight at "AccessIsUnsafe".

WDYT?
@vitalybuka

806–807

Now since both branches do interesting stuff only when findAllocaForValue is non-null, we can hoist this predicate.

if (findAllocaForValue(Ptr)) {
  if (!InstrumentedStack) return true;
  if ((SSI && SSI->accessIsSafe(*Inst)) return true;
}
fmayer updated this revision to Diff 373820.Sep 21 2021, 2:33 AM
fmayer marked 2 inline comments as done.

address comment

fmayer marked an inline comment as done.Sep 21 2021, 2:34 AM
Harbormaster completed remote builds in B124834: Diff 373820.Sep 21 2021, 3:15 AM
fmayer updated this revision to Diff 373878.Sep 21 2021, 5:40 AM

match logic to comment

Harbormaster completed remote builds in B124880: Diff 373878.Sep 21 2021, 6:12 AM
fmayer added a comment.Sep 21 2021, 7:26 AM

Sorry, still need to sort out the other stack safety IR tests.

fmayer updated this revision to Diff 373926.Sep 21 2021, 7:34 AM

fix tests

fmayer added a comment.Sep 21 2021, 7:34 AM
In D109816#3012578, @fmayer wrote:

Sorry, still need to sort out the other stack safety IR tests.

done.

Harbormaster completed remote builds in B124912: Diff 373926.Sep 21 2021, 7:42 AM
kstoimenov added a subscriber: kstoimenov.Sep 21 2021, 9:51 AM

I remember from the my C days that one of gotchas with memmove/memcpy is overlapping regions. Not sure if it is relevant the context of this change, just wanted to mention it.

llvm/include/llvm/Analysis/StackSafetyAnalysis.h
82
fmayer added a comment.Sep 21 2021, 9:53 AM
In D109816#3012979, @kstoimenov wrote:

I remember from the my C days that one of gotchas with memmove/memcpy is overlapping regions. Not sure if it is relevant the context of this change, just wanted to mention it.

Thanks! That should be okay, we look at the two parameters separately; there is even a test that has memmove to itself (@test_in_range4).

eugenis accepted this revision.Sep 21 2021, 10:22 AM

LGTM

llvm/lib/Analysis/StackSafetyAnalysis.cpp
928

This is kind of ugly, but ok for a debug print. We could also

  • skip the instructions that are not in AccessIsUnsafe
  • print unsafe instructions instead of safe ones.

Up to your what seems easiest.

This revision is now accepted and ready to land.Sep 21 2021, 10:22 AM
fmayer updated this revision to Diff 374165.Sep 22 2021, 2:30 AM

nit

fmayer marked 2 inline comments as done.Sep 22 2021, 2:31 AM
fmayer added inline comments.
llvm/lib/Analysis/StackSafetyAnalysis.cpp
928

Makes sense. Let's submit this and maybe do this in a follow up.

Harbormaster completed remote builds in B125076: Diff 374165.Sep 22 2021, 2:38 AM
fmayer updated this revision to Diff 374170.Sep 22 2021, 3:07 AM
fmayer marked an inline comment as done.

resolve test confusion

This revision was landed with ongoing or failed builds.Sep 22 2021, 3:09 AM
Closed by commit rG36daf074d997: [hwasan] also omit safe mem[cpy|mov|set]. (authored by fmayer). · Explain Why
This revision was automatically updated to reflect the committed changes.
fmayer added a commit: rG36daf074d997: [hwasan] also omit safe mem[cpy|mov|set]..
Harbormaster completed remote builds in B125079: Diff 374170.Sep 22 2021, 3:33 AM

Revision Contents

PathSize
llvm/
include/
llvm/
Analysis/
9 lines
lib/
Analysis/
22 lines
Transforms/
Instrumentation/
22 lines
test/
Analysis/
StackSafetyAnalysis/
1 line
13 lines
62 lines
Instrumentation/
HWAddressSanitizer/
2 lines
125 lines

Diff 374171

llvm/include/llvm/Analysis/StackSafetyAnalysis.h

Show First 20 LinesShow All 72 Lines▼ Show 20 Lines StackSafetyGlobalInfo(
const ModuleSummaryIndex *Index); const ModuleSummaryIndex *Index);
StackSafetyGlobalInfo(StackSafetyGlobalInfo &&); StackSafetyGlobalInfo(StackSafetyGlobalInfo &&);
StackSafetyGlobalInfo &operator=(StackSafetyGlobalInfo &&); StackSafetyGlobalInfo &operator=(StackSafetyGlobalInfo &&);
~StackSafetyGlobalInfo(); ~StackSafetyGlobalInfo();
// Whether we can prove that all accesses to this Alloca are in-range and // Whether we can prove that all accesses to this Alloca are in-range and
// during its lifetime. // during its lifetime.
bool isSafe(const AllocaInst &AI) const; bool isSafe(const AllocaInst &AI) const;
// Whether we can prove that an instruction only accesses a live alloca in
// range. // Returns true if the instruction can be proven to do only two types of
kstoimenovUnsubmitted
Done
ReplyInline Actions
bool isSafe(const AllocaInst &AI) const;
- // returns true if the instruction can be proven to do only two types of
+ // Returns true if the instruction can be proven to do only two types of
// memory accesses:
kstoimenov:
bool accessIsSafe(const Instruction &I) const; // memory accesses:
// (1) live stack locations in-bounds or
// (2) non-stack locations.
bool stackAccessIsSafe(const Instruction &I) const;
void print(raw_ostream &O) const; void print(raw_ostream &O) const;
void dump() const; void dump() const;
}; };
/// StackSafetyInfo wrapper for the new pass manager. /// StackSafetyInfo wrapper for the new pass manager.
class StackSafetyAnalysis : public AnalysisInfoMixin<StackSafetyAnalysis> { class StackSafetyAnalysis : public AnalysisInfoMixin<StackSafetyAnalysis> {
friend AnalysisInfoMixin<StackSafetyAnalysis>; friend AnalysisInfoMixin<StackSafetyAnalysis>;
static AnalysisKey Key; static AnalysisKey Key;
▲ Show 20 LinesShow All 79 LinesShow Last 20 Lines

llvm/lib/Analysis/StackSafetyAnalysis.cpp

Show First 20 LinesShow All 224 Lines▼ Show 20 Lines
struct StackSafetyInfo::InfoTy { struct StackSafetyInfo::InfoTy {
FunctionInfo<GlobalValue> Info; FunctionInfo<GlobalValue> Info;
}; };
struct StackSafetyGlobalInfo::InfoTy { struct StackSafetyGlobalInfo::InfoTy {
GVToSSI Info; GVToSSI Info;
SmallPtrSet<const AllocaInst *, 8> SafeAllocas; SmallPtrSet<const AllocaInst *, 8> SafeAllocas;
SmallPtrSet<const Instruction *, 8> SafeAccesses; std::map<const Instruction *, bool> AccessIsUnsafe;
}; };
namespace { namespace {
class StackSafetyLocalAnalysis { class StackSafetyLocalAnalysis {
Function &F; Function &F;
const DataLayout &DL; const DataLayout &DL;
ScalarEvolution &SE; ScalarEvolution &SE;
▲ Show 20 LinesShow All 573 Lines▼ Show 20 Lines for (auto &F : M->functions()) {
if (!F.isDeclaration()) { if (!F.isDeclaration()) {
auto FI = GetSSI(F).getInfo().Info; auto FI = GetSSI(F).getInfo().Info;
Functions.emplace(&F, std::move(FI)); Functions.emplace(&F, std::move(FI));
} }
} }
Info.reset(new InfoTy{ Info.reset(new InfoTy{
createGlobalStackSafetyInfo(std::move(Functions), Index), {}, {}}); createGlobalStackSafetyInfo(std::move(Functions), Index), {}, {}});
std::map<const Instruction *, bool> AccessIsUnsafe;
for (auto &FnKV : Info->Info) { for (auto &FnKV : Info->Info) {
for (auto &KV : FnKV.second.Allocas) { for (auto &KV : FnKV.second.Allocas) {
++NumAllocaTotal; ++NumAllocaTotal;
const AllocaInst *AI = KV.first; const AllocaInst *AI = KV.first;
auto AIRange = getStaticAllocaSizeRange(*AI); auto AIRange = getStaticAllocaSizeRange(*AI);
if (AIRange.contains(KV.second.Range)) { if (AIRange.contains(KV.second.Range)) {
Info->SafeAllocas.insert(AI); Info->SafeAllocas.insert(AI);
++NumAllocaStackSafe; ++NumAllocaStackSafe;
} }
for (const auto &A : KV.second.Accesses) for (const auto &A : KV.second.Accesses)
AccessIsUnsafe[A.first] |= !AIRange.contains(A.second); Info->AccessIsUnsafe[A.first] |= !AIRange.contains(A.second);
} }
} }
for (const auto &KV : AccessIsUnsafe)
if (!KV.second)
Info->SafeAccesses.insert(KV.first);
if (StackSafetyPrint) if (StackSafetyPrint)
print(errs()); print(errs());
} }
return *Info; return *Info;
} }
std::vector<FunctionSummary::ParamAccess> std::vector<FunctionSummary::ParamAccess>
StackSafetyInfo::getParamAccesses(ModuleSummaryIndex &Index) const { StackSafetyInfo::getParamAccesses(ModuleSummaryIndex &Index) const {
▲ Show 20 LinesShow All 53 Lines▼ Show 20 Lines
StackSafetyGlobalInfo::~StackSafetyGlobalInfo() = default; StackSafetyGlobalInfo::~StackSafetyGlobalInfo() = default;
bool StackSafetyGlobalInfo::isSafe(const AllocaInst &AI) const { bool StackSafetyGlobalInfo::isSafe(const AllocaInst &AI) const {
const auto &Info = getInfo(); const auto &Info = getInfo();
return Info.SafeAllocas.count(&AI); return Info.SafeAllocas.count(&AI);
} }
bool StackSafetyGlobalInfo::accessIsSafe(const Instruction &I) const { bool StackSafetyGlobalInfo::stackAccessIsSafe(const Instruction &I) const {
const auto &Info = getInfo(); const auto &Info = getInfo();
return Info.SafeAccesses.count(&I); auto It = Info.AccessIsUnsafe.find(&I);
if (It == Info.AccessIsUnsafe.end()) {
return true;
}
return !It->second;
} }
void StackSafetyGlobalInfo::print(raw_ostream &O) const { void StackSafetyGlobalInfo::print(raw_ostream &O) const {
auto &SSI = getInfo().Info; auto &SSI = getInfo().Info;
if (SSI.empty()) if (SSI.empty())
return; return;
const Module &M = *SSI.begin()->first->getParent(); const Module &M = *SSI.begin()->first->getParent();
for (auto &F : M.functions()) { for (auto &F : M.functions()) {
if (!F.isDeclaration()) { if (!F.isDeclaration()) {
SSI.find(&F)->second.print(O, F.getName(), &F); SSI.find(&F)->second.print(O, F.getName(), &F);
O << " safe accesses:" O << " safe accesses:"
<< "\n"; << "\n";
for (const auto &I : instructions(F)) { for (const auto &I : instructions(F)) {
if (accessIsSafe(I)) { const CallInst *Call = dyn_cast<CallInst>(&I);
if ((isa<StoreInst>(I) || isa<LoadInst>(I) || isa<MemIntrinsic>(I) ||
(Call && Call->hasByValArgument())) &&
eugenisUnsubmitted
Done
ReplyInline Actions

This is kind of ugly, but ok for a debug print. We could also

  • skip the instructions that are not in AccessIsUnsafe
  • print unsafe instructions instead of safe ones.

Up to your what seems easiest.

eugenis: This is kind of ugly, but ok for a debug print. We could also * skip the instructions that are…
fmayerAuthorUnsubmitted
Done
ReplyInline Actions

Makes sense. Let's submit this and maybe do this in a follow up.

fmayer: Makes sense. Let's submit this and maybe do this in a follow up.
stackAccessIsSafe(I)) {
O << " " << I << "\n"; O << " " << I << "\n";
} }
} }
O << "\n"; O << "\n";
} }
} }
} }
▲ Show 20 LinesShow All 196 LinesShow Last 20 Lines

llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp

Show First 20 LinesShow All 284 Lines▼ Show 20 Linespublic:
int64_t getAccessInfo(bool IsWrite, unsigned AccessSizeIndex); int64_t getAccessInfo(bool IsWrite, unsigned AccessSizeIndex);
void instrumentMemAccessOutline(Value *Ptr, bool IsWrite, void instrumentMemAccessOutline(Value *Ptr, bool IsWrite,
unsigned AccessSizeIndex, unsigned AccessSizeIndex,
Instruction *InsertBefore); Instruction *InsertBefore);
void instrumentMemAccessInline(Value *Ptr, bool IsWrite, void instrumentMemAccessInline(Value *Ptr, bool IsWrite,
unsigned AccessSizeIndex, unsigned AccessSizeIndex,
Instruction *InsertBefore); Instruction *InsertBefore);
bool ignoreMemIntrinsic(MemIntrinsic *MI);
void instrumentMemIntrinsic(MemIntrinsic *MI); void instrumentMemIntrinsic(MemIntrinsic *MI);
bool instrumentMemAccess(InterestingMemoryOperand &O); bool instrumentMemAccess(InterestingMemoryOperand &O);
bool ignoreAccess(Instruction *Inst, Value *Ptr); bool ignoreAccess(Instruction *Inst, Value *Ptr);
void getInterestingMemoryOperands( void getInterestingMemoryOperands(
Instruction *I, SmallVectorImpl<InterestingMemoryOperand> &Interesting); Instruction *I, SmallVectorImpl<InterestingMemoryOperand> &Interesting);
bool isInterestingAlloca(const AllocaInst &AI); bool isInterestingAlloca(const AllocaInst &AI);
void tagAlloca(IRBuilder<> &IRB, AllocaInst *AI, Value *Tag, size_t Size); void tagAlloca(IRBuilder<> &IRB, AllocaInst *AI, Value *Tag, size_t Size);
▲ Show 20 LinesShow All 492 Lines▼ Show 20 Linesbool HWAddressSanitizer::ignoreAccess(Instruction *Inst, Value *Ptr) {
// Ignore swifterror addresses. // Ignore swifterror addresses.
// swifterror memory addresses are mem2reg promoted by instruction // swifterror memory addresses are mem2reg promoted by instruction
// selection. As such they cannot have regular uses like an instrumentation // selection. As such they cannot have regular uses like an instrumentation
// function and it makes no sense to track them as memory. // function and it makes no sense to track them as memory.
if (Ptr->isSwiftError()) if (Ptr->isSwiftError())
return true; return true;
if (!InstrumentStack) { if (findAllocaForValue(Ptr)) {
if (findAllocaForValue(Ptr)) if (!InstrumentStack)
return true; return true;
} else if (SSI && SSI->accessIsSafe(*Inst)) { if (SSI && SSI->stackAccessIsSafe(*Inst))
return true; return true;
} }
eugenisUnsubmitted
Done
ReplyInline Actions

Is this a separate bugfix?

Am I right that this is not needed for regular load/store because the argument is required to be 100% traceable to a single alloca, but 2-args memintrinsics are safe if one arg is 100%, and the other is 100% not stack? That does not sound right.

The comment on accessIsSafe does not even try to cover such cases. Also, I do not see any tests under Analysis/StackSafety for the mixed memintrinsic case.

eugenis: Is this a separate bugfix? Am I right that this is not needed for regular load/store because…
fmayerAuthorUnsubmitted
Done
ReplyInline Actions

Before this change, we only checked this for instructions that took a single pointer variable. There were two cases in accessIsSafe:

  • the pointer is non stack: we never reached this instruction in the stack safety pass, and we return false because we do not find it in the mapping.
  • the pointer is potentially stack: we reach this instruction in the pass, and SECV will take care of checking whether we can *only* reach it from the alloca.

Now, for memcpy / memmove there is the extra case that we can have both cases for two arguments. Now the problem becomes if one argument is in range of the alloca, but the other one isn't reachable from any alloca, accessIsSafe will return true.

What I did in this change is clarify the semantics (as they already were) of accessIsSafe in the comment, and defer responsibility to check whether *all* arguments are potentially stack to the caller. As such, we only hit the second case above.

fmayer: Before this change, we only checked this for instructions that took a single pointer variable.
eugenisUnsubmitted
Done
ReplyInline Actions

Yeah, I agree with that. I just want it clarified even more.

For a sample of cases:

  1. dest and source both are always stack and safe
  2. dest is always stack and safe; source is never stack
  3. dest is either stack and safe or not stack; source is never stack

the comment does not give me confidence in what isAccessSafe answer would be.

eugenis: Yeah, I agree with that. I just want it clarified even more. For a sample of cases: 1. dest…
fmayerAuthorUnsubmitted
Done
ReplyInline Actions

I clarified the comment and added some more tests.

fmayer: I clarified the comment and added some more tests.
eugenisUnsubmitted
Done
ReplyInline Actions

I still find the description confusing, especially around "potential stack accesses".

How about this:

  • rename to stackAccessIsSafe
  • describe approx. like this: "returns true if the instruction can be proven to do only two types of memory accesses (1) live stack locations in-bounds or (2) non-stack locations"

i.e. not "accesses that may go to stack are safe" but "safe when goes to stack".
And this makes it clear that predicating the check with findAllocaForValue() makes it indeed 100% safe.

To be true to this description, the function should return true if the argument can not be traced back to an alloca. I think this can be implemented by removing "SafeAccesses" and looking straight at "AccessIsUnsafe".

WDYT?
@vitalybuka

eugenis: I still find the description confusing, especially around "potential stack accesses". How…
eugenisUnsubmitted
Not Done
ReplyInline Actions

Now since both branches do interesting stuff only when findAllocaForValue is non-null, we can hoist this predicate.

if (findAllocaForValue(Ptr)) {
  if (!InstrumentedStack) return true;
  if ((SSI && SSI->accessIsSafe(*Inst)) return true;
}
eugenis: Now since both branches do interesting stuff only when findAllocaForValue is non-null, we can…
return false; return false;
} }
void HWAddressSanitizer::getInterestingMemoryOperands( void HWAddressSanitizer::getInterestingMemoryOperands(
Instruction *I, SmallVectorImpl<InterestingMemoryOperand> &Interesting) { Instruction *I, SmallVectorImpl<InterestingMemoryOperand> &Interesting) {
// Skip memory accesses inserted by another instrumentation. // Skip memory accesses inserted by another instrumentation.
if (I->hasMetadata("nosanitize")) if (I->hasMetadata("nosanitize"))
return; return;
▲ Show 20 LinesShow All 174 Lines▼ Show 20 Linesvoid HWAddressSanitizer::instrumentMemAccessInline(Value *Ptr, bool IsWrite,
default: default:
report_fatal_error("unsupported architecture"); report_fatal_error("unsupported architecture");
} }
IRB.CreateCall(Asm, PtrLong); IRB.CreateCall(Asm, PtrLong);
if (Recover) if (Recover)
cast<BranchInst>(CheckFailTerm)->setSuccessor(0, CheckTerm->getParent()); cast<BranchInst>(CheckFailTerm)->setSuccessor(0, CheckTerm->getParent());
} }
bool HWAddressSanitizer::ignoreMemIntrinsic(MemIntrinsic *MI) {
if (MemTransferInst *MTI = dyn_cast<MemTransferInst>(MI)) {
return (!ClInstrumentWrites || ignoreAccess(MTI, MTI->getDest())) &&
eugenisUnsubmitted
Done
ReplyInline Actions

Consider getDest / getSource for readability.

eugenis: Consider getDest / getSource for readability.
(!ClInstrumentReads || ignoreAccess(MTI, MTI->getSource()));
}
if (isa<MemSetInst>(MI))
return !ClInstrumentWrites || ignoreAccess(MI, MI->getDest());
return false;
}
void HWAddressSanitizer::instrumentMemIntrinsic(MemIntrinsic *MI) { void HWAddressSanitizer::instrumentMemIntrinsic(MemIntrinsic *MI) {
IRBuilder<> IRB(MI); IRBuilder<> IRB(MI);
if (isa<MemTransferInst>(MI)) { if (isa<MemTransferInst>(MI)) {
IRB.CreateCall( IRB.CreateCall(
isa<MemMoveInst>(MI) ? HWAsanMemmove : HWAsanMemcpy, isa<MemMoveInst>(MI) ? HWAsanMemmove : HWAsanMemcpy,
{IRB.CreatePointerCast(MI->getOperand(0), IRB.getInt8PtrTy()), {IRB.CreatePointerCast(MI->getOperand(0), IRB.getInt8PtrTy()),
IRB.CreatePointerCast(MI->getOperand(1), IRB.getInt8PtrTy()), IRB.CreatePointerCast(MI->getOperand(1), IRB.getInt8PtrTy()),
IRB.CreateIntCast(MI->getOperand(2), IntptrTy, false)}); IRB.CreateIntCast(MI->getOperand(2), IntptrTy, false)});
▲ Show 20 LinesShow All 532 Lines▼ Show 20 Lines for (auto &Inst : BB) {
} }
if (InstrumentLandingPads && isa<LandingPadInst>(Inst)) if (InstrumentLandingPads && isa<LandingPadInst>(Inst))
LandingPadVec.push_back(&Inst); LandingPadVec.push_back(&Inst);
getInterestingMemoryOperands(&Inst, OperandsToInstrument); getInterestingMemoryOperands(&Inst, OperandsToInstrument);
if (MemIntrinsic *MI = dyn_cast<MemIntrinsic>(&Inst)) if (MemIntrinsic *MI = dyn_cast<MemIntrinsic>(&Inst))
if (!ignoreMemIntrinsic(MI))
IntrinToInstrument.push_back(MI); IntrinToInstrument.push_back(MI);
} }
} }
initializeCallbacks(*F.getParent()); initializeCallbacks(*F.getParent());
bool Changed = false; bool Changed = false;
if (!LandingPadVec.empty()) if (!LandingPadVec.empty())
▲ Show 20 LinesShow All 318 LinesShow Last 20 Lines

llvm/test/Analysis/StackSafetyAnalysis/ipa-alias.ll

Show First 20 LinesShow All 130 Lines▼ Show 20 Lines
; The rest is from Inputs/ipa-alias.ll ; The rest is from Inputs/ipa-alias.ll
; CHECK-LABEL: @Write1{{$}} ; CHECK-LABEL: @Write1{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: [0,1){{$}} ; CHECK-NEXT: p[]: [0,1){{$}}
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: store i8 0, i8* %p, align 1
; CHECK-EMPTY: ; CHECK-EMPTY:

llvm/test/Analysis/StackSafetyAnalysis/ipa.ll

Show First 20 LinesShow All 266 Lines▼ Show 20 Lines
} }
define private void @PrivateWrite1(i8* %p) #0 { define private void @PrivateWrite1(i8* %p) #0 {
; CHECK-LABEL: @PrivateWrite1{{$}} ; CHECK-LABEL: @PrivateWrite1{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: [0,1){{$}} ; CHECK-NEXT: p[]: [0,1){{$}}
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: store i8 0, i8* %p, align 1
; CHECK-EMPTY: ; CHECK-EMPTY:
entry: entry:
store i8 0, i8* %p, align 1 store i8 0, i8* %p, align 1
ret void ret void
} }
; Caller returns a dependent value. ; Caller returns a dependent value.
; FIXME: alloca considered unsafe even if the return value is unused. ; FIXME: alloca considered unsafe even if the return value is unused.
▲ Show 20 LinesShow All 275 Lines▼ Show 20 Lines
; The rest is from Inputs/ipa.ll ; The rest is from Inputs/ipa.ll
; CHECK-LABEL: @Write1{{$}} ; CHECK-LABEL: @Write1{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: [0,1){{$}} ; CHECK-NEXT: p[]: [0,1){{$}}
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: store i8 0, i8* %p, align 1
; CHECK-EMPTY: ; CHECK-EMPTY:
; CHECK-LABEL: @Write4{{$}} ; CHECK-LABEL: @Write4{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: [0,4){{$}} ; CHECK-NEXT: p[]: [0,4){{$}}
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: store i32 0, i32* %0, align 1
; CHECK-EMPTY: ; CHECK-EMPTY:
; CHECK-LABEL: @Write4_2{{$}} ; CHECK-LABEL: @Write4_2{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: [0,4){{$}} ; CHECK-NEXT: p[]: [0,4){{$}}
; CHECK-NEXT: q[]: [0,4){{$}} ; CHECK-NEXT: q[]: [0,4){{$}}
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: store i32 0, i32* %0, align 1
; GLOBAL-NEXT: store i32 0, i32* %1, align 1
; CHECK-EMPTY: ; CHECK-EMPTY:
; CHECK-LABEL: @Write8{{$}} ; CHECK-LABEL: @Write8{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: [0,8){{$}} ; CHECK-NEXT: p[]: [0,8){{$}}
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: store i64 0, i64* %0, align 1
; CHECK-EMPTY: ; CHECK-EMPTY:
; CHECK-LABEL: @WriteAndReturn8{{$}} ; CHECK-LABEL: @WriteAndReturn8{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: full-set{{$}} ; CHECK-NEXT: p[]: full-set{{$}}
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: store i8 0, i8* %p, align 1
; CHECK-EMPTY: ; CHECK-EMPTY:
; CHECK-LABEL: @PreemptableWrite1 dso_preemptable{{$}} ; CHECK-LABEL: @PreemptableWrite1 dso_preemptable{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: [0,1){{$}} ; CHECK-NEXT: p[]: [0,1){{$}}
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: store i8 0, i8* %p, align 1
; CHECK-EMPTY: ; CHECK-EMPTY:
; CHECK-LABEL: @InterposableWrite1 interposable{{$}} ; CHECK-LABEL: @InterposableWrite1 interposable{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: [0,1){{$}} ; CHECK-NEXT: p[]: [0,1){{$}}
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: store i8 0, i8* %p, align 1
; CHECK-EMPTY: ; CHECK-EMPTY:
; CHECK-LABEL: @ReturnDependent{{$}} ; CHECK-LABEL: @ReturnDependent{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: full-set{{$}} ; CHECK-NEXT: p[]: full-set{{$}}
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; CHECK-EMPTY: ; CHECK-EMPTY:
Show All 24 Lines
; CHECK-LABEL: @RecursiveNoOffset{{$}} ; CHECK-LABEL: @RecursiveNoOffset{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; LOCAL-NEXT: p[]: [0,4), @RecursiveNoOffset(arg0, [4,5)){{$}} ; LOCAL-NEXT: p[]: [0,4), @RecursiveNoOffset(arg0, [4,5)){{$}}
; GLOBAL-NEXT: p[]: full-set, @RecursiveNoOffset(arg0, [4,5)){{$}} ; GLOBAL-NEXT: p[]: full-set, @RecursiveNoOffset(arg0, [4,5)){{$}}
; CHECK-NEXT: acc[]: [0,4), @RecursiveNoOffset(arg2, [0,1)){{$}} ; CHECK-NEXT: acc[]: [0,4), @RecursiveNoOffset(arg2, [0,1)){{$}}
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: %0 = load i32, i32* %p, align 4
; GLOBAL-NEXT: %1 = load i32, i32* %acc, align 4
; GLOBAL-NEXT: store i32 %add, i32* %acc, align 4
; CHECK-EMPTY: ; CHECK-EMPTY:
; CHECK-LABEL: @RecursiveWithOffset{{$}} ; CHECK-LABEL: @RecursiveWithOffset{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; LOCAL-NEXT: acc[]: [0,4), @RecursiveWithOffset(arg1, [4,5)){{$}} ; LOCAL-NEXT: acc[]: [0,4), @RecursiveWithOffset(arg1, [4,5)){{$}}
; GLOBAL-NEXT: acc[]: full-set, @RecursiveWithOffset(arg1, [4,5)){{$}} ; GLOBAL-NEXT: acc[]: full-set, @RecursiveWithOffset(arg1, [4,5)){{$}}
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: store i32 0, i32* %acc, align 4
; CHECK-EMPTY: ; CHECK-EMPTY:
; CHECK-LABEL: @ReturnAlloca ; CHECK-LABEL: @ReturnAlloca
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; CHECK-NEXT: x[8]: full-set ; CHECK-NEXT: x[8]: full-set
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; CHECK-EMPTY: ; CHECK-EMPTY:
▲ Show 20 LinesShow All 96 LinesShow Last 20 Lines

llvm/test/Analysis/StackSafetyAnalysis/local.ll

Show First 20 LinesShow All 108 Lines▼ Show 20 Lines
} }
define dso_local void @WriteMinMax(i8* %p) { define dso_local void @WriteMinMax(i8* %p) {
; CHECK-LABEL: @WriteMinMax{{$}} ; CHECK-LABEL: @WriteMinMax{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: full-set ; CHECK-NEXT: p[]: full-set
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: store i8 0, i8* %p1, align 1
; GLOBAL-NEXT: store i8 0, i8* %p2, align 1
; CHECK-EMPTY: ; CHECK-EMPTY:
entry: entry:
%p1 = getelementptr i8, i8* %p, i64 9223372036854775805 %p1 = getelementptr i8, i8* %p, i64 9223372036854775805
store i8 0, i8* %p1, align 1 store i8 0, i8* %p1, align 1
%p2 = getelementptr i8, i8* %p, i64 -9223372036854775805 %p2 = getelementptr i8, i8* %p, i64 -9223372036854775805
store i8 0, i8* %p2, align 1 store i8 0, i8* %p2, align 1
ret void ret void
} }
define dso_local void @WriteMax(i8* %p) { define dso_local void @WriteMax(i8* %p) {
; CHECK-LABEL: @WriteMax{{$}} ; CHECK-LABEL: @WriteMax{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: [-9223372036854775807,9223372036854775806) ; CHECK-NEXT: p[]: [-9223372036854775807,9223372036854775806)
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: call void @llvm.memset.p0i8.i64(i8* %p, i8 1, i64 9223372036854775806, i1 false)
; GLOBAL-NEXT: call void @llvm.memset.p0i8.i64(i8* %p2, i8 1, i64 9223372036854775806, i1 false)
; CHECK-EMPTY: ; CHECK-EMPTY:
entry: entry:
call void @llvm.memset.p0i8.i64(i8* %p, i8 1, i64 9223372036854775806, i1 0) call void @llvm.memset.p0i8.i64(i8* %p, i8 1, i64 9223372036854775806, i1 0)
%p2 = getelementptr i8, i8* %p, i64 -9223372036854775807 %p2 = getelementptr i8, i8* %p, i64 -9223372036854775807
call void @llvm.memset.p0i8.i64(i8* %p2, i8 1, i64 9223372036854775806, i1 0) call void @llvm.memset.p0i8.i64(i8* %p2, i8 1, i64 9223372036854775806, i1 0)
ret void ret void
} }
▲ Show 20 LinesShow All 331 Lines▼ Show 20 Lines
define void @Scalable(<vscale x 4 x i32>* %p, <vscale x 4 x i32>* %unused, <vscale x 4 x i32> %v) { define void @Scalable(<vscale x 4 x i32>* %p, <vscale x 4 x i32>* %unused, <vscale x 4 x i32> %v) {
; CHECK-LABEL: @Scalable dso_preemptable{{$}} ; CHECK-LABEL: @Scalable dso_preemptable{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: full-set ; CHECK-NEXT: p[]: full-set
; CHECK-NEXT: unused[]: empty-set ; CHECK-NEXT: unused[]: empty-set
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; CHECK-NEXT: x[0]: [0,1){{$}} ; CHECK-NEXT: x[0]: [0,1){{$}}
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: store <vscale x 4 x i32> %v, <vscale x 4 x i32>* %p, align 4
; CHECK-EMPTY: ; CHECK-EMPTY:
entry: entry:
%x = alloca <vscale x 4 x i32>, align 4 %x = alloca <vscale x 4 x i32>, align 4
%x1 = bitcast <vscale x 4 x i32>* %x to i8* %x1 = bitcast <vscale x 4 x i32>* %x to i8*
store i8 0, i8* %x1, align 1 store i8 0, i8* %x1, align 1
store <vscale x 4 x i32> %v, <vscale x 4 x i32>* %p, align 4 store <vscale x 4 x i32> %v, <vscale x 4 x i32>* %p, align 4
ret void ret void
} }
%zerosize_type = type {} %zerosize_type = type {}
define void @ZeroSize(%zerosize_type *%p) { define void @ZeroSize(%zerosize_type *%p) {
; CHECK-LABEL: @ZeroSize dso_preemptable{{$}} ; CHECK-LABEL: @ZeroSize dso_preemptable{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: empty-set ; CHECK-NEXT: p[]: empty-set
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; CHECK-NEXT: x[0]: empty-set ; CHECK-NEXT: x[0]: empty-set
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: store %zerosize_type undef, %zerosize_type* %x, align 4 ; GLOBAL-NEXT: store %zerosize_type undef, %zerosize_type* %x, align 4
; GLOBAL-NEXT: store %zerosize_type undef, %zerosize_type* undef, align 4
; GLOBAL-NEXT: load %zerosize_type, %zerosize_type* %p, align
; CHECK-EMPTY: ; CHECK-EMPTY:
entry: entry:
%x = alloca %zerosize_type, align 4 %x = alloca %zerosize_type, align 4
store %zerosize_type undef, %zerosize_type* %x, align 4 store %zerosize_type undef, %zerosize_type* %x, align 4
store %zerosize_type undef, %zerosize_type* undef, align 4 store %zerosize_type undef, %zerosize_type* undef, align 4
%val = load %zerosize_type, %zerosize_type* %p, align 4 %val = load %zerosize_type, %zerosize_type* %p, align 4
ret void ret void
} }
▲ Show 20 LinesShow All 61 Lines▼ Show 20 Lines
} }
define dso_local i8 @LoadMinInt64(i8* %p) { define dso_local i8 @LoadMinInt64(i8* %p) {
; CHECK-LABEL: @LoadMinInt64{{$}} ; CHECK-LABEL: @LoadMinInt64{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: [-9223372036854775808,-9223372036854775807){{$}} ; CHECK-NEXT: p[]: [-9223372036854775808,-9223372036854775807){{$}}
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: load i8, i8* %p2, align 1
; CHECK-EMPTY: ; CHECK-EMPTY:
%p2 = getelementptr i8, i8* %p, i64 -9223372036854775808 %p2 = getelementptr i8, i8* %p, i64 -9223372036854775808
%v = load i8, i8* %p2, align 1 %v = load i8, i8* %p2, align 1
ret i8 %v ret i8 %v
} }
define void @Overflow() { define void @Overflow() {
; CHECK-LABEL: @Overflow dso_preemptable{{$}} ; CHECK-LABEL: @Overflow dso_preemptable{{$}}
Show All 12 Lines
define void @DeadBlock(i64* %p) { define void @DeadBlock(i64* %p) {
; CHECK-LABEL: @DeadBlock dso_preemptable{{$}} ; CHECK-LABEL: @DeadBlock dso_preemptable{{$}}
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: p[]: empty-set{{$}} ; CHECK-NEXT: p[]: empty-set{{$}}
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; CHECK-NEXT: x[1]: empty-set{{$}} ; CHECK-NEXT: x[1]: empty-set{{$}}
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: store i8 5, i8* %x
; GLOBAL-NEXT: store i64 -5, i64* %p
; CHECK-EMPTY: ; CHECK-EMPTY:
entry: entry:
%x = alloca i8, align 4 %x = alloca i8, align 4
br label %end br label %end
dead: dead:
store i8 5, i8* %x store i8 5, i8* %x
store i64 -5, i64* %p store i64 -5, i64* %p
▲ Show 20 LinesShow All 230 Lines▼ Show 20 Linesentry:
br i1 %x, label %tlabel, label %flabel br i1 %x, label %tlabel, label %flabel
flabel: flabel:
%n = load i32, i32* %a, align 4 %n = load i32, i32* %a, align 4
ret i32* %y ret i32* %y
tlabel: tlabel:
ret i32* %a ret i32* %a
} }
define void @MixedAccesses6(i8* %arg) {
; CHECK-LABEL: @MixedAccesses6
; CHECK-NEXT: args uses:
; CHECK-NEXT: arg[]: [0,4)
; CHECK-NEXT: allocas uses:
; CHECK: a[4]: [0,4)
; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: call void @llvm.memcpy.p0i8.p0i8.i32(i8* %x, i8* %arg, i32 4, i1 false)
; CHECK-EMPTY:
entry:
%a = alloca i32, align 4
%x = bitcast i32* %a to i8*
call void @llvm.memcpy.p0i8.p0i8.i32(i8* %x, i8* %arg, i32 4, i1 false)
ret void
}
define void @MixedAccesses7(i1 %cond, i8* %arg) {
; SECV doesn't support select, so we consider this non-stack-safe, even through
; it is.
;
; CHECK-LABEL: @MixedAccesses7
; CHECK-NEXT: args uses:
; CHECK-NEXT: arg[]: full-set
; CHECK-NEXT: allocas uses:
; CHECK: a[4]: full-set
; GLOBAL-NEXT: safe accesses:
; CHECK-EMPTY:
entry:
%a = alloca i32, align 4
%x = bitcast i32* %a to i8*
%x1 = select i1 %cond, i8* %arg, i8* %x
call void @llvm.memcpy.p0i8.p0i8.i32(i8* %x1, i8* %arg, i32 4, i1 false)
ret void
}
define void @NoStackAccess(i8* %arg1, i8* %arg2) {
; CHECK-LABEL: @NoStackAccess
; CHECK-NEXT: args uses:
; CHECK-NEXT: arg1[]: [0,4)
; CHECK-NEXT: arg2[]: [0,4)
; CHECK-NEXT: allocas uses:
; CHECK: a[4]: empty-set{{$}}
; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: call void @llvm.memcpy.p0i8.p0i8.i32(i8* %arg1, i8* %arg2, i32 4, i1 false)
; CHECK-EMPTY:
entry:
%a = alloca i32, align 4
%x = bitcast i32* %a to i8*
call void @llvm.memcpy.p0i8.p0i8.i32(i8* %arg1, i8* %arg2, i32 4, i1 false)
ret void
}
define void @DoubleLifetime() { define void @DoubleLifetime() {
; CHECK-LABEL: @DoubleLifetime ; CHECK-LABEL: @DoubleLifetime
; CHECK-NEXT: args uses: ; CHECK-NEXT: args uses:
; CHECK-NEXT: allocas uses: ; CHECK-NEXT: allocas uses:
; CHECK: a[4]: full-set{{$}} ; CHECK: a[4]: full-set{{$}}
; GLOBAL-NEXT: safe accesses: ; GLOBAL-NEXT: safe accesses:
; GLOBAL-NEXT: call void @llvm.memset.p0i8.i32(i8* %x, i8 1, i32 4, i1 false) ; GLOBAL-NEXT: call void @llvm.memset.p0i8.i32(i8* %x, i8 1, i32 4, i1 false)
; CHECK-EMPTY: ; CHECK-EMPTY:
▲ Show 20 LinesShow All 75 LinesShow Last 20 Lines

llvm/test/Instrumentation/HWAddressSanitizer/mem-intrinsics.ll

; RUN: opt -S -passes=hwasan %s | FileCheck %s ; RUN: opt -S -passes=hwasan -hwasan-use-stack-safety=0 %s | FileCheck %s
target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
; Function Attrs: noinline nounwind optnone uwtable ; Function Attrs: noinline nounwind optnone uwtable
define dso_local i32 @main() sanitize_hwaddress { define dso_local i32 @main() sanitize_hwaddress {
entry: entry:
%retval = alloca i32, align 4 %retval = alloca i32, align 4
Show All 31 Lines

llvm/test/Instrumentation/HWAddressSanitizer/stack-safety-analysis.ll

Show First 20 LinesShow All 72 Lines▼ Show 20 Linesentry:
%ptr = getelementptr [10 x i8], [10 x i8]* %buf.sroa.0, i32 0, i32 9 %ptr = getelementptr [10 x i8], [10 x i8]* %buf.sroa.0, i32 0, i32 9
%x = bitcast [10 x i8]* %buf.sroa.0 to i8* %x = bitcast [10 x i8]* %buf.sroa.0 to i8*
call void @llvm.lifetime.start.p0i8(i64 10, i8* nonnull %x) call void @llvm.lifetime.start.p0i8(i64 10, i8* nonnull %x)
store volatile i8 0, i8* %ptr, align 4, !tbaa !8 store volatile i8 0, i8* %ptr, align 4, !tbaa !8
call void @llvm.lifetime.end.p0i8(i64 10, i8* nonnull %x) call void @llvm.lifetime.end.p0i8(i64 10, i8* nonnull %x)
ret i32 0 ret i32 0
} }
define i32 @test_in_range3(i32* %a) sanitize_hwaddress {
entry:
; CHECK-LABEL: @test_in_range3
; NOSAFETY: call {{.*}}__hwasan_generate_tag
; NOSAFETY: call {{.*}}__hwasan_memset
; SAFETY-NOT: call {{.*}}__hwasan_generate_tag
; SAFETY-NOT: call {{.*}}__hwasan_memset
; NOSTACK-NOT: call {{.*}}__hwasan_generate_tag
; NOSTACK-NOT: call {{.*}}__hwasan_memset
%buf.sroa.0 = alloca [10 x i8], align 4
%ptr = getelementptr [10 x i8], [10 x i8]* %buf.sroa.0, i32 0, i32 9
%x = bitcast [10 x i8]* %buf.sroa.0 to i8*
call void @llvm.memset.p0i8.i32(i8* %ptr, i8 0, i32 1, i1 true)
ret i32 0
}
define i32 @test_in_range4(i32* %a) sanitize_hwaddress {
entry:
; CHECK-LABEL: @test_in_range4
; NOSAFETY: call {{.*}}__hwasan_generate_tag
; NOSAFETY: call {{.*}}__hwasan_memmove
; SAFETY-NOT: call {{.*}}__hwasan_generate_tag
; SAFETY-NOT: call {{.*}}__hwasan_memmove
; NOSTACK-NOT: call {{.*}}__hwasan_generate_tag
; NOSTACK-NOT: call {{.*}}__hwasan_memmove
%buf.sroa.0 = alloca [10 x i8], align 4
%ptr = getelementptr [10 x i8], [10 x i8]* %buf.sroa.0, i32 0, i32 9
%x = bitcast [10 x i8]* %buf.sroa.0 to i8*
call void @llvm.memmove.p0i8.p0i8.i32(i8* %ptr, i8* %ptr, i32 1, i1 true)
ret i32 0
}
define i32 @test_in_range5(i32* %a) sanitize_hwaddress {
entry:
; CHECK-LABEL: @test_in_range5
; NOSAFETY: call {{.*}}__hwasan_generate_tag
; NOSAFETY: call {{.*}}__hwasan_memmove
; SAFETY-NOT: call {{.*}}__hwasan_generate_tag
; SAFETY-NOT: call {{.*}}__hwasan_memmove
; NOSTACK-NOT: call {{.*}}__hwasan_generate_tag
; NOSTACK-NOT: call {{.*}}__hwasan_memmove
%buf.sroa.0 = alloca [10 x i8], align 4
%ptr = getelementptr [10 x i8], [10 x i8]* %buf.sroa.0, i32 0, i32 9
%x = bitcast [10 x i8]* %buf.sroa.0 to i8*
%buf.sroa.1 = alloca [10 x i8], align 4
%ptr1 = getelementptr [10 x i8], [10 x i8]* %buf.sroa.0, i32 0, i32 9
%y = bitcast [10 x i8]* %buf.sroa.1 to i8*
call void @llvm.memmove.p0i8.p0i8.i32(i8* %ptr, i8* %ptr1, i32 1, i1 true)
ret i32 0
}
; Check an alloca with out of range GEP to ensure it gets a tag and check. ; Check an alloca with out of range GEP to ensure it gets a tag and check.
eugenisUnsubmitted
Done
ReplyInline Actions

If lifetimes are irrelevant to a test case, you can just remove them altogether.

eugenis: If lifetimes are irrelevant to a test case, you can just remove them altogether.
fmayerAuthorUnsubmitted
Done
ReplyInline Actions

The stack safety does look at lifetimes, so to make it more representative I put them there. Either way is fine, WDYT?

fmayer: The stack safety does look at lifetimes, so to make it more representative I put them there.
eugenisUnsubmitted
Done
ReplyInline Actions

There are no lifetimes at -O0, for example. It is generally a good idea to focus each test case on a single concern - if you are testing hwasan handling of memmove() with one safe and one unsafe argument, lifetimes are irrelevant and only hurt test readability.

It is good to have some tests with lifetimes, but they don't really need to be present *everywhere*.

eugenis: There are no lifetimes at -O0, for example. It is generally a good idea to focus each test case…
fmayerAuthorUnsubmitted
Done
ReplyInline Actions

Sure, removed for legibility (though with sanitizers enabled, there are always lifetimes, and this is a sanitizer test).

fmayer: Sure, removed for legibility (though with sanitizers enabled, there are always lifetimes, and…
define i32 @test_out_of_range(i32* %a) sanitize_hwaddress { define i32 @test_out_of_range(i32* %a) sanitize_hwaddress {
entry: entry:
; CHECK-LABEL: @test_out_of_range ; CHECK-LABEL: @test_out_of_range
; NOSAFETY: call {{.*}}__hwasan_generate_tag ; NOSAFETY: call {{.*}}__hwasan_generate_tag
; NOSAFETY: call {{.*}}__hwasan_store ; NOSAFETY: call {{.*}}__hwasan_store
; SAFETY: call {{.*}}__hwasan_generate_tag ; SAFETY: call {{.*}}__hwasan_generate_tag
; SAFETY: call {{.*}}__hwasan_store ; SAFETY: call {{.*}}__hwasan_store
; NOSTACK-NOT: call {{.*}}__hwasan_generate_tag ; NOSTACK-NOT: call {{.*}}__hwasan_generate_tag
; NOSTACK-NOT: call {{.*}}__hwasan_store ; NOSTACK-NOT: call {{.*}}__hwasan_store
%buf.sroa.0 = alloca [10 x i8], align 4 %buf.sroa.0 = alloca [10 x i8], align 4
%ptr = getelementptr [10 x i8], [10 x i8]* %buf.sroa.0, i32 0, i32 10 %ptr = getelementptr [10 x i8], [10 x i8]* %buf.sroa.0, i32 0, i32 10
%x = bitcast [10 x i8]* %buf.sroa.0 to i8* %x = bitcast [10 x i8]* %buf.sroa.0 to i8*
call void @llvm.lifetime.start.p0i8(i64 10, i8* nonnull %x) call void @llvm.lifetime.start.p0i8(i64 10, i8* nonnull %x)
store volatile i8 0, i8* %ptr, align 4, !tbaa !8 store volatile i8 0, i8* %ptr, align 4, !tbaa !8
call void @llvm.lifetime.end.p0i8(i64 10, i8* nonnull %x) call void @llvm.lifetime.end.p0i8(i64 10, i8* nonnull %x)
ret i32 0 ret i32 0
} }
define i32 @test_out_of_range3(i32* %a) sanitize_hwaddress {
entry:
; CHECK-LABEL: @test_out_of_range3
; NOSAFETY: call {{.*}}__hwasan_generate_tag
; NOSAFETY: call {{.*}}__hwasan_memset
; SAFETY: call {{.*}}__hwasan_generate_tag
; SAFETY: call {{.*}}__hwasan_memset
; NOSTACK-NOT: call {{.*}}__hwasan_generate_tag
; NOSTACK-NOT: call {{.*}}__hwasan_memset
%buf.sroa.0 = alloca [10 x i8], align 4
%ptr = getelementptr [10 x i8], [10 x i8]* %buf.sroa.0, i32 0, i32 9
%x = bitcast [10 x i8]* %buf.sroa.0 to i8*
call void @llvm.memset.p0i8.i32(i8* %ptr, i8 0, i32 2, i1 true)
ret i32 0
}
define i32 @test_out_of_range4(i32* %a) sanitize_hwaddress {
entry:
; CHECK-LABEL: @test_out_of_range4
; NOSAFETY: call {{.*}}__hwasan_generate_tag
; NOSAFETY: call {{.*}}__hwasan_memmove
; SAFETY: call {{.*}}__hwasan_generate_tag
; SAFETY: call {{.*}}__hwasan_memmove
; NOSTACK-NOT: call {{.*}}__hwasan_generate_tag
; NOSTACK-NOT: call {{.*}}__hwasan_memmove
%buf.sroa.0 = alloca [10 x i8], align 4
%ptr = getelementptr [10 x i8], [10 x i8]* %buf.sroa.0, i32 0, i32 9
%x = bitcast [10 x i8]* %buf.sroa.0 to i8*
call void @llvm.memmove.p0i8.p0i8.i32(i8* %ptr, i8* %ptr, i32 2, i1 true)
ret i32 0
}
define i32 @test_out_of_range5(i32* %a) sanitize_hwaddress {
entry:
; CHECK-LABEL: @test_out_of_range5
; NOSAFETY: call {{.*}}__hwasan_generate_tag
; NOSAFETY: call {{.*}}__hwasan_memmove
; SAFETY: call {{.*}}__hwasan_generate_tag
; SAFETY: call {{.*}}__hwasan_memmove
; NOSTACK-NOT: call {{.*}}__hwasan_generate_tag
; NOSTACK-NOT: call {{.*}}__hwasan_memmove
%buf.sroa.0 = alloca [10 x i8], align 4
%ptr = getelementptr [10 x i8], [10 x i8]* %buf.sroa.0, i32 0, i32 9
%x = bitcast [10 x i8]* %buf.sroa.0 to i8*
%buf.sroa.1 = alloca [10 x i8], align 4
%ptr1 = getelementptr [10 x i8], [10 x i8]* %buf.sroa.0, i32 0, i32 9
%y = bitcast [10 x i8]* %buf.sroa.1 to i8*
call void @llvm.lifetime.start.p0i8(i64 10, i8* nonnull %x)
call void @llvm.lifetime.end.p0i8(i64 10, i8* nonnull %x)
call void @llvm.lifetime.start.p0i8(i64 10, i8* nonnull %y)
call void @llvm.memmove.p0i8.p0i8.i32(i8* %ptr, i8* %ptr1, i32 1, i1 true)
call void @llvm.lifetime.end.p0i8(i64 10, i8* nonnull %y)
ret i32 0
}
; Check an alloca with potentially out of range GEP to ensure it gets a tag and ; Check an alloca with potentially out of range GEP to ensure it gets a tag and
; check. ; check.
define i32 @test_potentially_out_of_range(i32* %a) sanitize_hwaddress { define i32 @test_potentially_out_of_range(i32* %a) sanitize_hwaddress {
entry: entry:
; CHECK-LABEL: @test_potentially_out_of_range ; CHECK-LABEL: @test_potentially_out_of_range
; NOSAFETY: call {{.*}}__hwasan_generate_tag ; NOSAFETY: call {{.*}}__hwasan_generate_tag
; NOSAFETY: call {{.*}}__hwasan_store ; NOSAFETY: call {{.*}}__hwasan_store
; SAFETY: call {{.*}}__hwasan_generate_tag ; SAFETY: call {{.*}}__hwasan_generate_tag
; SAFETY: call {{.*}}__hwasan_store ; SAFETY: call {{.*}}__hwasan_store
; NOSTACK-NOT: call {{.*}}__hwasan_generate_tag ; NOSTACK-NOT: call {{.*}}__hwasan_generate_tag
; NOSTACK-NOT: call {{.*}}__hwasan_store ; NOSTACK-NOT: call {{.*}}__hwasan_store
%buf.sroa.0 = alloca [10 x i8], align 4 %buf.sroa.0 = alloca [10 x i8], align 4
%off = call i32 @getoffset() %off = call i32 @getoffset()
%ptr = getelementptr [10 x i8], [10 x i8]* %buf.sroa.0, i32 0, i32 %off %ptr = getelementptr [10 x i8], [10 x i8]* %buf.sroa.0, i32 0, i32 %off
call void @llvm.lifetime.start.p0i8(i64 10, i8* nonnull %ptr) call void @llvm.lifetime.start.p0i8(i64 10, i8* nonnull %ptr)
store volatile i8 0, i8* %ptr, align 4, !tbaa !8 store volatile i8 0, i8* %ptr, align 4, !tbaa !8
call void @llvm.lifetime.end.p0i8(i64 10, i8* nonnull %ptr) call void @llvm.lifetime.end.p0i8(i64 10, i8* nonnull %ptr)
ret i32 0 ret i32 0
} }
define i32 @test_potentially_out_of_range2(i8* %a) sanitize_hwaddress {
entry:
; CHECK-LABEL: @test_potentially_out_of_range2
; NOSAFETY: call {{.*}}__hwasan_generate_tag
; NOSAFETY: call {{.*}}__hwasan_memmove
; SAFETY-NOT: call {{.*}}__hwasan_generate_tag
; SAFETY: call {{.*}}__hwasan_memmove
; NOSTACK-NOT: call {{.*}}__hwasan_generate_tag
; NOSTACK: call {{.*}}__hwasan_memmove
%buf.sroa.0 = alloca [10 x i8], align 4
%ptr = getelementptr [10 x i8], [10 x i8]* %buf.sroa.0, i32 0, i32 9
%x = bitcast [10 x i8]* %buf.sroa.0 to i8*
call void @llvm.memmove.p0i8.p0i8.i32(i8* %ptr, i8* %a, i32 1, i1 true)
ret i32 0
}
; Check an alloca with potentially out of range GEP to ensure it gets a tag and ; Check an alloca with potentially out of range GEP to ensure it gets a tag and
; check. ; check.
define i32 @test_unclear(i32* %a) sanitize_hwaddress { define i32 @test_unclear(i32* %a) sanitize_hwaddress {
entry: entry:
; CHECK-LABEL: @test_unclear ; CHECK-LABEL: @test_unclear
; NOSAFETY: call {{.*}}__hwasan_generate_tag ; NOSAFETY: call {{.*}}__hwasan_generate_tag
; NOSAFETY: call {{.*}}__hwasan_store ; NOSAFETY: call {{.*}}__hwasan_store
; SAFETY: call {{.*}}__hwasan_generate_tag ; SAFETY: call {{.*}}__hwasan_generate_tag
▲ Show 20 LinesShow All 46 Lines▼ Show 20 Lines
} }
; Function Attrs: argmemonly mustprogress nofree nosync nounwind willreturn ; Function Attrs: argmemonly mustprogress nofree nosync nounwind willreturn
declare void @llvm.lifetime.start.p0i8(i64 immarg, i8* nocapture) declare void @llvm.lifetime.start.p0i8(i64 immarg, i8* nocapture)
; Function Attrs: argmemonly mustprogress nofree nosync nounwind willreturn ; Function Attrs: argmemonly mustprogress nofree nosync nounwind willreturn
declare void @llvm.lifetime.end.p0i8(i64 immarg, i8* nocapture) declare void @llvm.lifetime.end.p0i8(i64 immarg, i8* nocapture)
declare void @llvm.memset.p0i8.i32(i8*, i8, i32, i1)
declare void @llvm.memcpy.p0i8.p0i8.i32(i8*, i8*, i32, i1)
declare void @llvm.memmove.p0i8.p0i8.i32(i8*, i8*, i32, i1)
declare i1 @cond() declare i1 @cond()
declare void @use(i8* nocapture) declare void @use(i8* nocapture)
declare i32 @getoffset() declare i32 @getoffset()
declare i8* @getptr(i8* nocapture) declare i8* @getptr(i8* nocapture)
declare i8* @retptr(i8* returned) declare i8* @retptr(i8* returned)
!8 = !{!9, !9, i64 0} !8 = !{!9, !9, i64 0}
!9 = !{!"omnipotent char", !10, i64 0} !9 = !{!"omnipotent char", !10, i64 0}
!10 = !{!"Simple C/C++ TBAA"} !10 = !{!"Simple C/C++ TBAA"}