This is an archive of the discontinued LLVM Phabricator instance.

Differential D146858

[msan] Fix handling of ParamTLS overflow.
ClosedPublic

Authored by eugenis on Mar 24 2023, 6:10 PM.

Details

Reviewers
vitalybuka
Commits
rGe0f7ef4b9ccf: [msan] Fix handling of ParamTLS overflow.
Summary

Ironically, MSan copies uninitialized data off the stack into
VAArgTLSCopy in the callee-side handling of va_start. Clamp the copy
size to the actual length of the buffer, and zero-initialize the
remainder.

Diff Detail

Event Timeline

eugenis created this revision.Mar 24 2023, 6:10 PM
Herald added a project: Restricted Project. · View Herald TranscriptMar 24 2023, 6:10 PM
Herald added subscribers: Enna1, atanasyan, jrtc27 and 4 others. · View Herald Transcript
eugenis requested review of this revision.Mar 24 2023, 6:10 PM
Herald added a project: Restricted Project. · View Herald TranscriptMar 24 2023, 6:10 PM
Harbormaster completed remote builds in B221711: Diff 508259.Mar 24 2023, 7:12 PM
vitalybuka added inline comments.Mar 27 2023, 11:24 AM
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
5734

should the tail be poisoned instead?

eugenis added inline comments.Mar 29 2023, 11:40 AM
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
5734

no, the tail is for the arguments whose shadow did not fit in ParamTLS - we have to assume they are good to avoid false positives

vitalybuka accepted this revision.Mar 31 2023, 8:01 PM
This revision is now accepted and ready to land.Mar 31 2023, 8:01 PM
Closed by commit rGe0f7ef4b9ccf: [msan] Fix handling of ParamTLS overflow. (authored by eugenis). · Explain WhyApr 4 2023, 1:52 PM
This revision was automatically updated to reflect the committed changes.
eugenis added a commit: rGe0f7ef4b9ccf: [msan] Fix handling of ParamTLS overflow..

Revision Contents

PathSize
llvm/
lib/
Transforms/
Instrumentation/
75 lines
test/
Instrumentation/
MemorySanitizer/
Mips/
5 lines
5 lines
PowerPC/
5 lines
5 lines
10 lines
6 lines

Diff 510919

llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp

Show First 20 LinesShow All 4,603 Lines▼ Show 20 Linesstruct VarArgAMD64Helper : public VarArgHelper {
static const unsigned AMD64FpEndOffsetSSE = 176; static const unsigned AMD64FpEndOffsetSSE = 176;
// If SSE is disabled, fp_offset in va_list is zero. // If SSE is disabled, fp_offset in va_list is zero.
static const unsigned AMD64FpEndOffsetNoSSE = AMD64GpEndOffset; static const unsigned AMD64FpEndOffsetNoSSE = AMD64GpEndOffset;
unsigned AMD64FpEndOffset; unsigned AMD64FpEndOffset;
Function &F; Function &F;
MemorySanitizer &MS; MemorySanitizer &MS;
MemorySanitizerVisitor &MSV; MemorySanitizerVisitor &MSV;
Value *VAArgTLSCopy = nullptr; AllocaInst *VAArgTLSCopy = nullptr;
Value *VAArgTLSOriginCopy = nullptr; AllocaInst *VAArgTLSOriginCopy = nullptr;
Value *VAArgOverflowSize = nullptr; Value *VAArgOverflowSize = nullptr;
SmallVector<CallInst *, 16> VAStartInstrumentationList; SmallVector<CallInst *, 16> VAStartInstrumentationList;
enum ArgKind { AK_GeneralPurpose, AK_FloatingPoint, AK_Memory }; enum ArgKind { AK_GeneralPurpose, AK_FloatingPoint, AK_Memory };
VarArgAMD64Helper(Function &F, MemorySanitizer &MS, VarArgAMD64Helper(Function &F, MemorySanitizer &MS,
MemorySanitizerVisitor &MSV) MemorySanitizerVisitor &MSV)
▲ Show 20 LinesShow All 179 Lines▼ Show 20 Lines if (!VAStartInstrumentationList.empty()) {
// If there is a va_start in this function, make a backup copy of // If there is a va_start in this function, make a backup copy of
// va_arg_tls somewhere in the function entry block. // va_arg_tls somewhere in the function entry block.
IRBuilder<> IRB(MSV.FnPrologueEnd); IRBuilder<> IRB(MSV.FnPrologueEnd);
VAArgOverflowSize = VAArgOverflowSize =
IRB.CreateLoad(IRB.getInt64Ty(), MS.VAArgOverflowSizeTLS); IRB.CreateLoad(IRB.getInt64Ty(), MS.VAArgOverflowSizeTLS);
Value *CopySize = IRB.CreateAdd( Value *CopySize = IRB.CreateAdd(
ConstantInt::get(MS.IntptrTy, AMD64FpEndOffset), VAArgOverflowSize); ConstantInt::get(MS.IntptrTy, AMD64FpEndOffset), VAArgOverflowSize);
VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize); VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize);
IRB.CreateMemCpy(VAArgTLSCopy, Align(8), MS.VAArgTLS, Align(8), CopySize); VAArgTLSCopy->setAlignment(kShadowTLSAlignment);
IRB.CreateMemSet(VAArgTLSCopy, Constant::getNullValue(IRB.getInt8Ty()),
CopySize, kShadowTLSAlignment, false);
Value *SrcSize = IRB.CreateBinaryIntrinsic(
Intrinsic::umin, CopySize,
ConstantInt::get(MS.IntptrTy, kParamTLSSize));
IRB.CreateMemCpy(VAArgTLSCopy, kShadowTLSAlignment, MS.VAArgTLS,
kShadowTLSAlignment, SrcSize);
if (MS.TrackOrigins) { if (MS.TrackOrigins) {
VAArgTLSOriginCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize); VAArgTLSOriginCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize);
IRB.CreateMemCpy(VAArgTLSOriginCopy, Align(8), MS.VAArgOriginTLS, VAArgTLSOriginCopy->setAlignment(kShadowTLSAlignment);
Align(8), CopySize); IRB.CreateMemCpy(VAArgTLSOriginCopy, kShadowTLSAlignment,
MS.VAArgOriginTLS, kShadowTLSAlignment, SrcSize);
} }
} }
// Instrument va_start. // Instrument va_start.
// Copy va_list shadow from the backup copy of the TLS contents. // Copy va_list shadow from the backup copy of the TLS contents.
for (size_t i = 0, n = VAStartInstrumentationList.size(); i < n; i++) { for (size_t i = 0, n = VAStartInstrumentationList.size(); i < n; i++) {
CallInst *OrigInst = VAStartInstrumentationList[i]; CallInst *OrigInst = VAStartInstrumentationList[i];
NextNodeIRBuilder IRB(OrigInst); NextNodeIRBuilder IRB(OrigInst);
▲ Show 20 LinesShow All 41 Lines▼ Show 20 Linesstruct VarArgAMD64Helper : public VarArgHelper {
} }
}; };
/// MIPS64-specific implementation of VarArgHelper. /// MIPS64-specific implementation of VarArgHelper.
struct VarArgMIPS64Helper : public VarArgHelper { struct VarArgMIPS64Helper : public VarArgHelper {
Function &F; Function &F;
MemorySanitizer &MS; MemorySanitizer &MS;
MemorySanitizerVisitor &MSV; MemorySanitizerVisitor &MSV;
Value *VAArgTLSCopy = nullptr; AllocaInst *VAArgTLSCopy = nullptr;
Value *VAArgSize = nullptr; Value *VAArgSize = nullptr;
SmallVector<CallInst *, 16> VAStartInstrumentationList; SmallVector<CallInst *, 16> VAStartInstrumentationList;
VarArgMIPS64Helper(Function &F, MemorySanitizer &MS, VarArgMIPS64Helper(Function &F, MemorySanitizer &MS,
MemorySanitizerVisitor &MSV) MemorySanitizerVisitor &MSV)
: F(F), MS(MS), MSV(MSV) {} : F(F), MS(MS), MSV(MSV) {}
▲ Show 20 LinesShow All 68 Lines▼ Show 20 Lines void finalizeInstrumentation() override {
VAArgSize = IRB.CreateLoad(IRB.getInt64Ty(), MS.VAArgOverflowSizeTLS); VAArgSize = IRB.CreateLoad(IRB.getInt64Ty(), MS.VAArgOverflowSizeTLS);
Value *CopySize = Value *CopySize =
IRB.CreateAdd(ConstantInt::get(MS.IntptrTy, 0), VAArgSize); IRB.CreateAdd(ConstantInt::get(MS.IntptrTy, 0), VAArgSize);
if (!VAStartInstrumentationList.empty()) { if (!VAStartInstrumentationList.empty()) {
// If there is a va_start in this function, make a backup copy of // If there is a va_start in this function, make a backup copy of
// va_arg_tls somewhere in the function entry block. // va_arg_tls somewhere in the function entry block.
VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize); VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize);
IRB.CreateMemCpy(VAArgTLSCopy, Align(8), MS.VAArgTLS, Align(8), CopySize); VAArgTLSCopy->setAlignment(kShadowTLSAlignment);
IRB.CreateMemSet(VAArgTLSCopy, Constant::getNullValue(IRB.getInt8Ty()),
CopySize, kShadowTLSAlignment, false);
Value *SrcSize = IRB.CreateBinaryIntrinsic(
Intrinsic::umin, CopySize,
ConstantInt::get(MS.IntptrTy, kParamTLSSize));
IRB.CreateMemCpy(VAArgTLSCopy, kShadowTLSAlignment, MS.VAArgTLS,
kShadowTLSAlignment, SrcSize);
} }
// Instrument va_start. // Instrument va_start.
// Copy va_list shadow from the backup copy of the TLS contents. // Copy va_list shadow from the backup copy of the TLS contents.
for (size_t i = 0, n = VAStartInstrumentationList.size(); i < n; i++) { for (size_t i = 0, n = VAStartInstrumentationList.size(); i < n; i++) {
CallInst *OrigInst = VAStartInstrumentationList[i]; CallInst *OrigInst = VAStartInstrumentationList[i];
NextNodeIRBuilder IRB(OrigInst); NextNodeIRBuilder IRB(OrigInst);
Value *VAListTag = OrigInst->getArgOperand(0); Value *VAListTag = OrigInst->getArgOperand(0);
Show All 25 Linesstruct VarArgAArch64Helper : public VarArgHelper {
static const unsigned AArch64VrBegOffset = AArch64GrEndOffset; static const unsigned AArch64VrBegOffset = AArch64GrEndOffset;
static const unsigned AArch64VrEndOffset = static const unsigned AArch64VrEndOffset =
AArch64VrBegOffset + kAArch64VrArgSize; AArch64VrBegOffset + kAArch64VrArgSize;
static const unsigned AArch64VAEndOffset = AArch64VrEndOffset; static const unsigned AArch64VAEndOffset = AArch64VrEndOffset;
Function &F; Function &F;
MemorySanitizer &MS; MemorySanitizer &MS;
MemorySanitizerVisitor &MSV; MemorySanitizerVisitor &MSV;
Value *VAArgTLSCopy = nullptr; AllocaInst *VAArgTLSCopy = nullptr;
Value *VAArgOverflowSize = nullptr; Value *VAArgOverflowSize = nullptr;
SmallVector<CallInst *, 16> VAStartInstrumentationList; SmallVector<CallInst *, 16> VAStartInstrumentationList;
enum ArgKind { AK_GeneralPurpose, AK_FloatingPoint, AK_Memory }; enum ArgKind { AK_GeneralPurpose, AK_FloatingPoint, AK_Memory };
VarArgAArch64Helper(Function &F, MemorySanitizer &MS, VarArgAArch64Helper(Function &F, MemorySanitizer &MS,
MemorySanitizerVisitor &MSV) MemorySanitizerVisitor &MSV)
▲ Show 20 LinesShow All 127 Lines▼ Show 20 Lines if (!VAStartInstrumentationList.empty()) {
// If there is a va_start in this function, make a backup copy of // If there is a va_start in this function, make a backup copy of
// va_arg_tls somewhere in the function entry block. // va_arg_tls somewhere in the function entry block.
IRBuilder<> IRB(MSV.FnPrologueEnd); IRBuilder<> IRB(MSV.FnPrologueEnd);
VAArgOverflowSize = VAArgOverflowSize =
IRB.CreateLoad(IRB.getInt64Ty(), MS.VAArgOverflowSizeTLS); IRB.CreateLoad(IRB.getInt64Ty(), MS.VAArgOverflowSizeTLS);
Value *CopySize = IRB.CreateAdd( Value *CopySize = IRB.CreateAdd(
ConstantInt::get(MS.IntptrTy, AArch64VAEndOffset), VAArgOverflowSize); ConstantInt::get(MS.IntptrTy, AArch64VAEndOffset), VAArgOverflowSize);
VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize); VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize);
IRB.CreateMemCpy(VAArgTLSCopy, Align(8), MS.VAArgTLS, Align(8), CopySize); VAArgTLSCopy->setAlignment(kShadowTLSAlignment);
IRB.CreateMemSet(VAArgTLSCopy, Constant::getNullValue(IRB.getInt8Ty()),
CopySize, kShadowTLSAlignment, false);
Value *SrcSize = IRB.CreateBinaryIntrinsic(
Intrinsic::umin, CopySize,
ConstantInt::get(MS.IntptrTy, kParamTLSSize));
IRB.CreateMemCpy(VAArgTLSCopy, kShadowTLSAlignment, MS.VAArgTLS,
kShadowTLSAlignment, SrcSize);
} }
Value *GrArgSize = ConstantInt::get(MS.IntptrTy, kAArch64GrArgSize); Value *GrArgSize = ConstantInt::get(MS.IntptrTy, kAArch64GrArgSize);
Value *VrArgSize = ConstantInt::get(MS.IntptrTy, kAArch64VrArgSize); Value *VrArgSize = ConstantInt::get(MS.IntptrTy, kAArch64VrArgSize);
// Instrument va_start, copy va_list shadow from the backup copy of // Instrument va_start, copy va_list shadow from the backup copy of
// the TLS contents. // the TLS contents.
for (size_t i = 0, n = VAStartInstrumentationList.size(); i < n; i++) { for (size_t i = 0, n = VAStartInstrumentationList.size(); i < n; i++) {
▲ Show 20 LinesShow All 83 Lines▼ Show 20 Linesstruct VarArgAArch64Helper : public VarArgHelper {
} }
}; };
/// PowerPC64-specific implementation of VarArgHelper. /// PowerPC64-specific implementation of VarArgHelper.
struct VarArgPowerPC64Helper : public VarArgHelper { struct VarArgPowerPC64Helper : public VarArgHelper {
Function &F; Function &F;
MemorySanitizer &MS; MemorySanitizer &MS;
MemorySanitizerVisitor &MSV; MemorySanitizerVisitor &MSV;
Value *VAArgTLSCopy = nullptr; AllocaInst *VAArgTLSCopy = nullptr;
Value *VAArgSize = nullptr; Value *VAArgSize = nullptr;
SmallVector<CallInst *, 16> VAStartInstrumentationList; SmallVector<CallInst *, 16> VAStartInstrumentationList;
VarArgPowerPC64Helper(Function &F, MemorySanitizer &MS, VarArgPowerPC64Helper(Function &F, MemorySanitizer &MS,
MemorySanitizerVisitor &MSV) MemorySanitizerVisitor &MSV)
: F(F), MS(MS), MSV(MSV) {} : F(F), MS(MS), MSV(MSV) {}
▲ Show 20 LinesShow All 126 Lines▼ Show 20 Lines void finalizeInstrumentation() override {
IRBuilder<> IRB(MSV.FnPrologueEnd); IRBuilder<> IRB(MSV.FnPrologueEnd);
VAArgSize = IRB.CreateLoad(IRB.getInt64Ty(), MS.VAArgOverflowSizeTLS); VAArgSize = IRB.CreateLoad(IRB.getInt64Ty(), MS.VAArgOverflowSizeTLS);
Value *CopySize = Value *CopySize =
IRB.CreateAdd(ConstantInt::get(MS.IntptrTy, 0), VAArgSize); IRB.CreateAdd(ConstantInt::get(MS.IntptrTy, 0), VAArgSize);
if (!VAStartInstrumentationList.empty()) { if (!VAStartInstrumentationList.empty()) {
// If there is a va_start in this function, make a backup copy of // If there is a va_start in this function, make a backup copy of
// va_arg_tls somewhere in the function entry block. // va_arg_tls somewhere in the function entry block.
VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize); VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize);
IRB.CreateMemCpy(VAArgTLSCopy, Align(8), MS.VAArgTLS, Align(8), CopySize); VAArgTLSCopy->setAlignment(kShadowTLSAlignment);
IRB.CreateMemSet(VAArgTLSCopy, Constant::getNullValue(IRB.getInt8Ty()),
CopySize, kShadowTLSAlignment, false);
Value *SrcSize = IRB.CreateBinaryIntrinsic(
Intrinsic::umin, CopySize,
ConstantInt::get(MS.IntptrTy, kParamTLSSize));
IRB.CreateMemCpy(VAArgTLSCopy, kShadowTLSAlignment, MS.VAArgTLS,
kShadowTLSAlignment, SrcSize);
} }
// Instrument va_start. // Instrument va_start.
// Copy va_list shadow from the backup copy of the TLS contents. // Copy va_list shadow from the backup copy of the TLS contents.
for (size_t i = 0, n = VAStartInstrumentationList.size(); i < n; i++) { for (size_t i = 0, n = VAStartInstrumentationList.size(); i < n; i++) {
CallInst *OrigInst = VAStartInstrumentationList[i]; CallInst *OrigInst = VAStartInstrumentationList[i];
NextNodeIRBuilder IRB(OrigInst); NextNodeIRBuilder IRB(OrigInst);
Value *VAListTag = OrigInst->getArgOperand(0); Value *VAListTag = OrigInst->getArgOperand(0);
Show All 26 Linesstruct VarArgSystemZHelper : public VarArgHelper {
static const unsigned SystemZVAListTagSize = 32; static const unsigned SystemZVAListTagSize = 32;
static const unsigned SystemZOverflowArgAreaPtrOffset = 16; static const unsigned SystemZOverflowArgAreaPtrOffset = 16;
static const unsigned SystemZRegSaveAreaPtrOffset = 24; static const unsigned SystemZRegSaveAreaPtrOffset = 24;
Function &F; Function &F;
MemorySanitizer &MS; MemorySanitizer &MS;
MemorySanitizerVisitor &MSV; MemorySanitizerVisitor &MSV;
bool IsSoftFloatABI; bool IsSoftFloatABI;
Value *VAArgTLSCopy = nullptr; AllocaInst *VAArgTLSCopy = nullptr;
Value *VAArgTLSOriginCopy = nullptr; AllocaInst *VAArgTLSOriginCopy = nullptr;
Value *VAArgOverflowSize = nullptr; Value *VAArgOverflowSize = nullptr;
SmallVector<CallInst *, 16> VAStartInstrumentationList; SmallVector<CallInst *, 16> VAStartInstrumentationList;
enum class ArgKind { enum class ArgKind {
GeneralPurpose, GeneralPurpose,
FloatingPoint, FloatingPoint,
Vector, Vector,
▲ Show 20 LinesShow All 252 Lines▼ Show 20 Lines if (!VAStartInstrumentationList.empty()) {
// va_arg_tls somewhere in the function entry block. // va_arg_tls somewhere in the function entry block.
IRBuilder<> IRB(MSV.FnPrologueEnd); IRBuilder<> IRB(MSV.FnPrologueEnd);
VAArgOverflowSize = VAArgOverflowSize =
IRB.CreateLoad(IRB.getInt64Ty(), MS.VAArgOverflowSizeTLS); IRB.CreateLoad(IRB.getInt64Ty(), MS.VAArgOverflowSizeTLS);
Value *CopySize = Value *CopySize =
IRB.CreateAdd(ConstantInt::get(MS.IntptrTy, SystemZOverflowOffset), IRB.CreateAdd(ConstantInt::get(MS.IntptrTy, SystemZOverflowOffset),
VAArgOverflowSize); VAArgOverflowSize);
VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize); VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize);
IRB.CreateMemCpy(VAArgTLSCopy, Align(8), MS.VAArgTLS, Align(8), CopySize); VAArgTLSCopy->setAlignment(kShadowTLSAlignment);
IRB.CreateMemSet(VAArgTLSCopy, Constant::getNullValue(IRB.getInt8Ty()),
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

should the tail be poisoned instead?

vitalybuka: should the tail be poisoned instead?
eugenisAuthorUnsubmitted
Done
ReplyInline Actions

no, the tail is for the arguments whose shadow did not fit in ParamTLS - we have to assume they are good to avoid false positives

eugenis: no, the tail is for the arguments whose shadow did not fit in ParamTLS - we have to assume they…
CopySize, kShadowTLSAlignment, false);
Value *SrcSize = IRB.CreateBinaryIntrinsic(
Intrinsic::umin, CopySize,
ConstantInt::get(MS.IntptrTy, kParamTLSSize));
IRB.CreateMemCpy(VAArgTLSCopy, kShadowTLSAlignment, MS.VAArgTLS,
kShadowTLSAlignment, SrcSize);
if (MS.TrackOrigins) { if (MS.TrackOrigins) {
VAArgTLSOriginCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize); VAArgTLSOriginCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize);
IRB.CreateMemCpy(VAArgTLSOriginCopy, Align(8), MS.VAArgOriginTLS, VAArgTLSOriginCopy->setAlignment(kShadowTLSAlignment);
Align(8), CopySize); IRB.CreateMemCpy(VAArgTLSOriginCopy, kShadowTLSAlignment,
MS.VAArgOriginTLS, kShadowTLSAlignment, SrcSize);
} }
} }
// Instrument va_start. // Instrument va_start.
// Copy va_list shadow from the backup copy of the TLS contents. // Copy va_list shadow from the backup copy of the TLS contents.
for (size_t VaStartNo = 0, VaStartNum = VAStartInstrumentationList.size(); for (size_t VaStartNo = 0, VaStartNum = VAStartInstrumentationList.size();
VaStartNo < VaStartNum; VaStartNo++) { VaStartNo < VaStartNum; VaStartNo++) {
CallInst *OrigInst = VAStartInstrumentationList[VaStartNo]; CallInst *OrigInst = VAStartInstrumentationList[VaStartNo];
▲ Show 20 LinesShow All 60 LinesShow Last 20 Lines

llvm/test/Instrumentation/MemorySanitizer/Mips/vararg-mips64.ll

Show All 13 Lines
; First, check allocation of the save area. ; First, check allocation of the save area.
; CHECK-LABEL: @foo ; CHECK-LABEL: @foo
; CHECK: [[A:%.*]] = load {{.*}} @__msan_va_arg_overflow_size_tls ; CHECK: [[A:%.*]] = load {{.*}} @__msan_va_arg_overflow_size_tls
; CHECK: [[B:%.*]] = add i64 0, [[A]] ; CHECK: [[B:%.*]] = add i64 0, [[A]]
; CHECK: [[C:%.*]] = alloca {{.*}} [[B]] ; CHECK: [[C:%.*]] = alloca {{.*}} [[B]]
; CHECK: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[C]], ptr align 8 @__msan_va_arg_tls, i64 [[B]], i1 false) ; CHECK: call void @llvm.memset.p0.i64(ptr align 8 [[C]], i8 0, i64 [[B]], i1 false)
; CHECK: [[D:%.*]] = call i64 @llvm.umin.i64(i64 [[B]], i64 800)
; CHECK: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[C]], ptr align 8 @__msan_va_arg_tls, i64 [[D]], i1 false)
declare void @llvm.lifetime.start.p0(i64, ptr nocapture) #1 declare void @llvm.lifetime.start.p0(i64, ptr nocapture) #1
declare void @llvm.va_start(ptr) #2 declare void @llvm.va_start(ptr) #2
declare void @llvm.va_end(ptr) #2 declare void @llvm.va_end(ptr) #2
declare void @llvm.lifetime.end.p0(i64, ptr nocapture) #1 declare void @llvm.lifetime.end.p0(i64, ptr nocapture) #1
define i32 @bar() { define i32 @bar() {
%1 = call i32 (i32, ...) @foo(i32 0, i32 1, i64 2, double 3.000000e+00) %1 = call i32 (i32, ...) @foo(i32 0, i32 1, i64 2, double 3.000000e+00)
▲ Show 20 LinesShow All 59 LinesShow Last 20 Lines

llvm/test/Instrumentation/MemorySanitizer/Mips/vararg-mips64el.ll

Show All 13 Lines
; First, check allocation of the save area. ; First, check allocation of the save area.
; CHECK-LABEL: @foo ; CHECK-LABEL: @foo
; CHECK: [[A:%.*]] = load {{.*}} @__msan_va_arg_overflow_size_tls ; CHECK: [[A:%.*]] = load {{.*}} @__msan_va_arg_overflow_size_tls
; CHECK: [[B:%.*]] = add i64 0, [[A]] ; CHECK: [[B:%.*]] = add i64 0, [[A]]
; CHECK: [[C:%.*]] = alloca {{.*}} [[B]] ; CHECK: [[C:%.*]] = alloca {{.*}} [[B]]
; CHECK: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[C]], ptr align 8 @__msan_va_arg_tls, i64 [[B]], i1 false) ; CHECK: call void @llvm.memset.p0.i64(ptr align 8 [[C]], i8 0, i64 [[B]], i1 false)
; CHECK: [[D:%.*]] = call i64 @llvm.umin.i64(i64 [[B]], i64 800)
; CHECK: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[C]], ptr align 8 @__msan_va_arg_tls, i64 [[D]], i1 false)
declare void @llvm.lifetime.start.p0(i64, ptr nocapture) #1 declare void @llvm.lifetime.start.p0(i64, ptr nocapture) #1
declare void @llvm.va_start(ptr) #2 declare void @llvm.va_start(ptr) #2
declare void @llvm.va_end(ptr) #2 declare void @llvm.va_end(ptr) #2
declare void @llvm.lifetime.end.p0(i64, ptr nocapture) #1 declare void @llvm.lifetime.end.p0(i64, ptr nocapture) #1
define i32 @bar() { define i32 @bar() {
%1 = call i32 (i32, ...) @foo(i32 0, i32 1, i64 2, double 3.000000e+00) %1 = call i32 (i32, ...) @foo(i32 0, i32 1, i64 2, double 3.000000e+00)
▲ Show 20 LinesShow All 49 LinesShow Last 20 Lines

llvm/test/Instrumentation/MemorySanitizer/PowerPC/vararg-ppc64.ll

Show All 13 Lines
; First, check allocation of the save area. ; First, check allocation of the save area.
; CHECK-LABEL: @foo ; CHECK-LABEL: @foo
; CHECK: [[A:%.*]] = load {{.*}} @__msan_va_arg_overflow_size_tls ; CHECK: [[A:%.*]] = load {{.*}} @__msan_va_arg_overflow_size_tls
; CHECK: [[B:%.*]] = add i64 0, [[A]] ; CHECK: [[B:%.*]] = add i64 0, [[A]]
; CHECK: [[C:%.*]] = alloca {{.*}} [[B]] ; CHECK: [[C:%.*]] = alloca {{.*}} [[B]]
; CHECK: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[C]], ptr align 8 @__msan_va_arg_tls, i64 [[B]], i1 false) ; CHECK: call void @llvm.memset.p0.i64(ptr align 8 [[C]], i8 0, i64 [[B]], i1 false)
; CHECK: [[D:%.*]] = call i64 @llvm.umin.i64(i64 [[B]], i64 800)
; CHECK: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[C]], ptr align 8 @__msan_va_arg_tls, i64 [[D]], i1 false)
declare void @llvm.lifetime.start.p0(i64, ptr nocapture) #1 declare void @llvm.lifetime.start.p0(i64, ptr nocapture) #1
declare void @llvm.va_start(ptr) #2 declare void @llvm.va_start(ptr) #2
declare void @llvm.va_end(ptr) #2 declare void @llvm.va_end(ptr) #2
declare void @llvm.lifetime.end.p0(i64, ptr nocapture) #1 declare void @llvm.lifetime.end.p0(i64, ptr nocapture) #1
define i32 @bar() { define i32 @bar() {
%1 = call i32 (i32, ...) @foo(i32 0, i32 1, i64 2, double 3.000000e+00) %1 = call i32 (i32, ...) @foo(i32 0, i32 1, i64 2, double 3.000000e+00)
▲ Show 20 LinesShow All 92 LinesShow Last 20 Lines

llvm/test/Instrumentation/MemorySanitizer/PowerPC/vararg-ppc64le.ll

Show All 13 Lines
; First, check allocation of the save area. ; First, check allocation of the save area.
; CHECK-LABEL: @foo ; CHECK-LABEL: @foo
; CHECK: [[A:%.*]] = load {{.*}} @__msan_va_arg_overflow_size_tls ; CHECK: [[A:%.*]] = load {{.*}} @__msan_va_arg_overflow_size_tls
; CHECK: [[B:%.*]] = add i64 0, [[A]] ; CHECK: [[B:%.*]] = add i64 0, [[A]]
; CHECK: [[C:%.*]] = alloca {{.*}} [[B]] ; CHECK: [[C:%.*]] = alloca {{.*}} [[B]]
; CHECK: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[C]], ptr align 8 @__msan_va_arg_tls, i64 [[B]], i1 false) ; CHECK: call void @llvm.memset.p0.i64(ptr align 8 [[C]], i8 0, i64 [[B]], i1 false)
; CHECK: [[D:%.*]] = call i64 @llvm.umin.i64(i64 [[B]], i64 800)
; CHECK: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[C]], ptr align 8 @__msan_va_arg_tls, i64 [[D]], i1 false)
declare void @llvm.lifetime.start.p0(i64, ptr nocapture) #1 declare void @llvm.lifetime.start.p0(i64, ptr nocapture) #1
declare void @llvm.va_start(ptr) #2 declare void @llvm.va_start(ptr) #2
declare void @llvm.va_end(ptr) #2 declare void @llvm.va_end(ptr) #2
declare void @llvm.lifetime.end.p0(i64, ptr nocapture) #1 declare void @llvm.lifetime.end.p0(i64, ptr nocapture) #1
define i32 @bar() { define i32 @bar() {
%1 = call i32 (i32, ...) @foo(i32 0, i32 1, i64 2, double 3.000000e+00) %1 = call i32 (i32, ...) @foo(i32 0, i32 1, i64 2, double 3.000000e+00)
▲ Show 20 LinesShow All 90 LinesShow Last 20 Lines

llvm/test/Instrumentation/MemorySanitizer/msan_debug_info.ll

Show First 20 LinesShow All 495 Lines▼ Show 20 Lines
%struct.__va_list_tag = type { i32, i32, ptr, ptr } %struct.__va_list_tag = type { i32, i32, ptr, ptr }
declare void @llvm.va_start(ptr) nounwind declare void @llvm.va_start(ptr) nounwind
define void @VAStart(i32 %x, ...) sanitize_memory { define void @VAStart(i32 %x, ...) sanitize_memory {
; CHECK-LABEL: @VAStart( ; CHECK-LABEL: @VAStart(
; CHECK-NEXT: entry: ; CHECK-NEXT: entry:
; CHECK-NEXT: [[TMP0:%.*]] = load i64, ptr @__msan_va_arg_overflow_size_tls, align 8, !dbg [[DBG1]] ; CHECK-NEXT: [[TMP0:%.*]] = load i64, ptr @__msan_va_arg_overflow_size_tls, align 8, !dbg [[DBG1]]
; CHECK-NEXT: [[TMP1:%.*]] = add i64 176, [[TMP0]], !dbg [[DBG1]] ; CHECK-NEXT: [[TMP1:%.*]] = add i64 176, [[TMP0]], !dbg [[DBG1]]
; CHECK-NEXT: [[TMP2:%.*]] = alloca i8, i64 [[TMP1]], align 1, !dbg [[DBG1]] ; CHECK-NEXT: [[TMP2:%.*]] = alloca i8, i64 [[TMP1]], align 8, !dbg [[DBG1]]
; CHECK-NEXT: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[TMP2]], ptr align 8 @__msan_va_arg_tls, i64 [[TMP1]], i1 false), !dbg [[DBG1]] ; CHECK-NEXT: call void @llvm.memset.p0.i64(ptr align 8 [[TMP2]], i8 0, i64 [[TMP1]], i1 false), !dbg [[DBG1]]
; CHECK-NEXT: [[TMP3:%.*]] = alloca i8, i64 [[TMP1]], align 1, !dbg [[DBG1]] ; CHECK-NEXT: [[SRCSZ:%.*]] = call i64 @llvm.umin.i64(i64 [[TMP1]], i64 800), !dbg [[DBG1]]
; CHECK-NEXT: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[TMP3]], ptr align 8 @__msan_va_arg_origin_tls, i64 [[TMP1]], i1 false), !dbg [[DBG1]] ; CHECK-NEXT: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[TMP2]], ptr align 8 @__msan_va_arg_tls, i64 [[SRCSZ]], i1 false), !dbg [[DBG1]]
; CHECK-NEXT: [[TMP3:%.*]] = alloca i8, i64 [[TMP1]], align 8, !dbg [[DBG1]]
; CHECK-NEXT: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[TMP3]], ptr align 8 @__msan_va_arg_origin_tls, i64 [[SRCSZ]], i1 false), !dbg [[DBG1]]
; CHECK-NEXT: [[TMP4:%.*]] = load i32, ptr @__msan_param_tls, align 8, !dbg [[DBG1]] ; CHECK-NEXT: [[TMP4:%.*]] = load i32, ptr @__msan_param_tls, align 8, !dbg [[DBG1]]
; CHECK-NEXT: [[TMP5:%.*]] = load i32, ptr @__msan_param_origin_tls, align 4, !dbg [[DBG1]] ; CHECK-NEXT: [[TMP5:%.*]] = load i32, ptr @__msan_param_origin_tls, align 4, !dbg [[DBG1]]
; CHECK-NEXT: call void @llvm.donothing(), !dbg [[DBG1]] ; CHECK-NEXT: call void @llvm.donothing(), !dbg [[DBG1]]
; CHECK-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4, !dbg [[DBG1]] ; CHECK-NEXT: [[X_ADDR:%.*]] = alloca i32, align 4, !dbg [[DBG1]]
; CHECK-NEXT: [[TMP6:%.*]] = ptrtoint ptr [[X_ADDR]] to i64, !dbg [[DBG1]] ; CHECK-NEXT: [[TMP6:%.*]] = ptrtoint ptr [[X_ADDR]] to i64, !dbg [[DBG1]]
; CHECK-NEXT: [[TMP7:%.*]] = xor i64 [[TMP6]], 87960930222080, !dbg [[DBG1]] ; CHECK-NEXT: [[TMP7:%.*]] = xor i64 [[TMP6]], 87960930222080, !dbg [[DBG1]]
; CHECK-NEXT: [[TMP8:%.*]] = inttoptr i64 [[TMP7]] to ptr, !dbg [[DBG1]] ; CHECK-NEXT: [[TMP8:%.*]] = inttoptr i64 [[TMP7]] to ptr, !dbg [[DBG1]]
; CHECK-NEXT: [[TMP9:%.*]] = add i64 [[TMP7]], 17592186044416, !dbg [[DBG1]] ; CHECK-NEXT: [[TMP9:%.*]] = add i64 [[TMP7]], 17592186044416, !dbg [[DBG1]]
▲ Show 20 LinesShow All 180 LinesShow Last 20 Lines

llvm/test/Instrumentation/MemorySanitizer/msan_kernel_basic.ll

Show First 20 LinesShow All 335 Lines▼ Show 20 Lines
; CHECK: [[VA_ARG_SHADOW:%[a-z0-9_]+]] = getelementptr {{.*}} i32 0, i32 2 ; CHECK: [[VA_ARG_SHADOW:%[a-z0-9_]+]] = getelementptr {{.*}} i32 0, i32 2
; CHECK: [[VA_ARG_ORIGIN:%[a-z0-9_]+]] = getelementptr {{.*}} i32 0, i32 3 ; CHECK: [[VA_ARG_ORIGIN:%[a-z0-9_]+]] = getelementptr {{.*}} i32 0, i32 3
; CHECK: [[VA_ARG_OVERFLOW_SIZE:%[a-z0-9_]+]] = getelementptr {{.*}} i32 0, i32 4 ; CHECK: [[VA_ARG_OVERFLOW_SIZE:%[a-z0-9_]+]] = getelementptr {{.*}} i32 0, i32 4
; CHECK: [[OSIZE:%[0-9]+]] = load i64, ptr [[VA_ARG_OVERFLOW_SIZE]] ; CHECK: [[OSIZE:%[0-9]+]] = load i64, ptr [[VA_ARG_OVERFLOW_SIZE]]
; Register save area is 48 bytes for non-SSE builds. ; Register save area is 48 bytes for non-SSE builds.
; CHECK: [[SIZE:%[0-9]+]] = add i64 48, [[OSIZE]] ; CHECK: [[SIZE:%[0-9]+]] = add i64 48, [[OSIZE]]
; CHECK: [[SHADOWS:%[0-9]+]] = alloca i8, i64 [[SIZE]] ; CHECK: [[SHADOWS:%[0-9]+]] = alloca i8, i64 [[SIZE]]
; CHECK: call void @llvm.memcpy{{.*}}(ptr align 8 [[SHADOWS]], ptr align 8 [[VA_ARG_SHADOW]], i64 [[SIZE]] ; CHECK: call void @llvm.memset{{.*}}(ptr align 8 [[SHADOWS]], i8 0, i64 [[SIZE]], i1 false)
; CHECK: [[COPYSZ:%[0-9]+]] = call i64 @llvm.umin.i64(i64 [[SIZE]], i64 800)
; CHECK: call void @llvm.memcpy{{.*}}(ptr align 8 [[SHADOWS]], ptr align 8 [[VA_ARG_SHADOW]], i64 [[COPYSZ]]
; CHECK: [[ORIGINS:%[0-9]+]] = alloca i8, i64 [[SIZE]] ; CHECK: [[ORIGINS:%[0-9]+]] = alloca i8, i64 [[SIZE]]
; CHECK: call void @llvm.memcpy{{.*}}(ptr align 8 [[ORIGINS]], ptr align 8 [[VA_ARG_ORIGIN]], i64 [[SIZE]] ; CHECK: call void @llvm.memcpy{{.*}}(ptr align 8 [[ORIGINS]], ptr align 8 [[VA_ARG_ORIGIN]], i64 [[COPYSZ]]
; CHECK: call i32 @VAListFn ; CHECK: call i32 @VAListFn
; Function Attrs: nounwind uwtable ; Function Attrs: nounwind uwtable
define dso_local void @VarArgCaller() local_unnamed_addr sanitize_memory { define dso_local void @VarArgCaller() local_unnamed_addr sanitize_memory {
entry: entry:
%call = tail call i32 (ptr, ...) @VarArgFn(ptr @.str, i32 123) %call = tail call i32 (ptr, ...) @VarArgFn(ptr @.str, i32 123)
ret void ret void
} }
Show All 26 Lines