This is an archive of the discontinued LLVM Phabricator instance.

Differential D148596

[KMSAN] Enable on SystemZ
ClosedPublic

Authored by iii on Apr 17 2023, 6:12 PM.

Details

Reviewers
eugenis
vitalybuka
glider
uweigand
jonpa
Commits
rGa3e56a8792ff: [KMSAN] Enable on SystemZ
Summary

Enable -fsanitize=kernel-memory support in Clang.

The x86_64 ABI requires that shadow_origin_ptr_t must be returned via a
register pair, and the s390x ABI requires that it must be returned via
memory pointed to by a hidden parameter. Normally Clang takes care of
the ABI, but the sanitizers run long after it, so unfortunately they
have to duplicate the ABI logic.

Therefore add a special case for SystemZ and manually emit the
s390x-ABI-compliant calling sequences. Since it's only 2 architectures,
do not create a VarArgHelper-like abstraction layer.

The kernel functions are compiled with the "packed-stack" and
"use-soft-float" attributes. For the "packed-stack" functions, it's not
correct for copyRegSaveArea() to copy 160 bytes of shadow and origins,
since the save area is dynamically sized. Things are greatly simplified
by the fact that the vararg "use-soft-float" functions use precisely
56 bytes in order to save the argument registers to where va_arg() can
find them.

Make copyRegSaveArea() copy only 56 bytes in the "use-soft-float" case.
The "packed-stack" && !"use-soft-float" case has no practical uses at
the moment, so leave it for the future.

Add tests.

Diff Detail

Event Timeline

iii created this revision.Apr 17 2023, 6:12 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 17 2023, 6:12 PM
Herald added subscribers: Enna1, pengfei, hiraditya. · View Herald Transcript
iii requested review of this revision.Apr 17 2023, 6:12 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptApr 17 2023, 6:12 PM
Herald added subscribers: llvm-commits, cfe-commits, MaskRay. · View Herald Transcript
Harbormaster completed remote builds in B226282: Diff 514489.Apr 17 2023, 8:02 PM
glider added a comment.Apr 18 2023, 1:41 AM

Do you have a working kernel patch for SystemZ?
I think we'd better name the functions taking the extra parameter differently - maybe at some point we'll even want them to coexist on certain architectures. Anyway, it might just look cleaner in the kernel code.

llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
118

You are changing KMSAN API, so this comment needs to be updated.

142

Please update this comment as well.

750

Can we add a bool to MemorySanitizerPass to indicate whether or not we want to return the metadata as a pointer?
We'll then set it based on Triple::systemz once and check everywhere, making the code more readable.

1497

Have you considered using per-CPU data instead of this alloca (there might be pitfalls as well, so just curious).
Same question for passing a single struct vs. two separate allocas for shadow/origin.

llvm/test/Instrumentation/MemorySanitizer/SystemZ/basic-kernel.ll
7

This test should cover all the newly introduced API functions.

iii added a comment.Apr 18 2023, 2:03 AM

The kernel patch is currently WIP; I'm trying to get rid of false positives.
Just some examples of the findings so far:

  • s390x always uses separate address spaces for kernel and userspace, so we need to skip the addr < TASK_SIZE check in is_bad_asm_addr().
  • There is a 4k asm store, so the limit in __msan_instrument_asm_store() needs to be bumped.

There were a couple build issues with the common code too:

  • _PAGE_NX is called _PAGE_NOEXEC on s390x
  • asm/pgtable_64_types.h is called asm/pgtable.h on s390x
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
118

The API stays exactly the same here; I haven't touched kernel function signatures.

What changes here is that I've implemented the s390x ABI for the KMSAN API.

142

Ok.

750

We could do that, but that's really the detail of the s390x ABI. Other platforms might have different conventions for large return values. That's why I didn't want to introduce generic concepts for this and highlight that it's s390x specific, where possible.

1497

Yes, but I was wondering if there was any benefit? I thought that maybe that would save a frame for leaf functions, but since we are calling KMSAN API, we already need one (and technically they are not leaf functions anymore).

Passing two separate allocas would actually change the API, as opposed to implementing the new ABI, so I wanted to avoid that for now, even if it were more efficient.

llvm/test/Instrumentation/MemorySanitizer/SystemZ/basic-kernel.ll
7

Ok.

glider added inline comments.Apr 18 2023, 2:47 AM
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
118

Ahh, pardon my ignorance, I've had no idea s390x is doing that fancy stuff with a hidden parameter.
Perhaps you could elaborate on it a bit more in the patch description? (I already educated myself reading the s390x ABI spec and playing with Godbolt, but still).

It might be still worth mentioning in this comment that for s390x we emulate the ABI manually.

750

Ok, sounds good.

1497

Ok, got it. Given that this is actually the desired way to pass the struct parameters in SystemZ, it should be fine.

iii updated this revision to Diff 514692.Apr 18 2023, 10:58 AM
  • Better explain the ABI situation.
  • Extend the test.
iii marked 8 inline comments as done.Apr 18 2023, 10:59 AM
iii edited the summary of this revision. (Show Details)
Harbormaster completed remote builds in B226416: Diff 514692.Apr 18 2023, 12:05 PM
glider added a comment.Apr 20 2023, 2:19 AM

LGTM with a nit.

llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
750

I think people unfamiliar with the s390 ABI will still stumble upon this code.
Can you please add some comment along the lines of "On SystemZ, metadata hooks return the shadow/origin pair via an extra *MsanMetadata parameter"?

iii updated this revision to Diff 515266.Apr 20 2023, 3:06 AM
  • Add a comment to getOrInsertMsanMetadataFunction().
iii marked an inline comment as done.Apr 20 2023, 3:07 AM
Harbormaster completed remote builds in B226830: Diff 515266.Apr 20 2023, 4:00 AM
eugenis accepted this revision.Apr 20 2023, 4:02 PM

LGTM

This revision is now accepted and ready to land.Apr 20 2023, 4:02 PM
MaskRay added inline comments.Apr 20 2023, 5:22 PM
llvm/test/Instrumentation/MemorySanitizer/SystemZ/basic-kernel.ll
13

; CHECK-LABEL: define {{[^@]+}}@Store1( to match the @Store definition, not calls.

MaskRay added inline comments.Apr 20 2023, 5:24 PM
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
1498

Just use 0.

Even 0u is better than (unsigned)0.

iii updated this revision to Diff 515661.Apr 21 2023, 2:37 AM
  • (unsigned)0 -> 0u (0 doesn't work, because the overload becomes ambiguous).
  • Improve matching in the testcase.
iii marked 2 inline comments as done.Apr 21 2023, 2:38 AM
Harbormaster completed remote builds in B227127: Diff 515661.Apr 21 2023, 3:20 AM
iii updated this revision to Diff 516926.Apr 25 2023, 2:42 PM
  • Fixed an issue with copyRegSaveArea() overwriting shadow of caller's locals. The problem was that the kernel is compiled with "packed-stack", so register save areas may be smaller than 160 bytes. Since the kernel is compiled with "use-soft-float", it's enough (and also correct) to copy only 56 bytes. Now all kernel selftests pass.
  • Added a test for this case.
Herald added a subscriber: hoy. · View Herald TranscriptApr 25 2023, 2:42 PM
iii edited the summary of this revision. (Show Details)Apr 25 2023, 2:43 PM
Harbormaster completed remote builds in B228116: Diff 516926.Apr 25 2023, 3:53 PM
This revision was landed with ongoing or failed builds.Apr 27 2023, 5:21 AM
Closed by commit rGa3e56a8792ff: [KMSAN] Enable on SystemZ (authored by iii). · Explain Why
This revision was automatically updated to reflect the committed changes.
iii added a commit: rGa3e56a8792ff: [KMSAN] Enable on SystemZ.

Revision Contents

PathSize
clang/
lib/
Driver/
ToolChains/
2 lines
llvm/
lib/
Transforms/
Instrumentation/
91 lines
test/
Instrumentation/
MemorySanitizer/
SystemZ/
169 lines
55 lines

Diff 517518

clang/lib/Driver/ToolChains/Linux.cpp

Show First 20 LinesShow All 789 Lines▼ Show 20 LinesSanitizerMask Linux::getSupportedSanitizers() const {
if (IsX86_64 || IsMIPS64 || IsAArch64) if (IsX86_64 || IsMIPS64 || IsAArch64)
Res |= SanitizerKind::DataFlow; Res |= SanitizerKind::DataFlow;
if (IsX86_64 || IsMIPS64 || IsAArch64 || IsX86 || IsArmArch || IsPowerPC64 || if (IsX86_64 || IsMIPS64 || IsAArch64 || IsX86 || IsArmArch || IsPowerPC64 ||
IsRISCV64 || IsSystemZ || IsHexagon || IsLoongArch64) IsRISCV64 || IsSystemZ || IsHexagon || IsLoongArch64)
Res |= SanitizerKind::Leak; Res |= SanitizerKind::Leak;
if (IsX86_64 || IsMIPS64 || IsAArch64 || IsPowerPC64 || IsSystemZ || if (IsX86_64 || IsMIPS64 || IsAArch64 || IsPowerPC64 || IsSystemZ ||
IsLoongArch64) IsLoongArch64)
Res |= SanitizerKind::Thread; Res |= SanitizerKind::Thread;
if (IsX86_64) if (IsX86_64 || IsSystemZ)
Res |= SanitizerKind::KernelMemory; Res |= SanitizerKind::KernelMemory;
if (IsX86 || IsX86_64) if (IsX86 || IsX86_64)
Res |= SanitizerKind::Function; Res |= SanitizerKind::Function;
if (IsX86_64 || IsMIPS64 || IsAArch64 || IsX86 || IsMIPS || IsArmArch || if (IsX86_64 || IsMIPS64 || IsAArch64 || IsX86 || IsMIPS || IsArmArch ||
IsPowerPC64 || IsHexagon || IsLoongArch64 || IsRISCV64) IsPowerPC64 || IsHexagon || IsLoongArch64 || IsRISCV64)
Res |= SanitizerKind::Scudo; Res |= SanitizerKind::Scudo;
if (IsX86_64 || IsAArch64 || IsRISCV64) { if (IsX86_64 || IsAArch64 || IsRISCV64) {
Res |= SanitizerKind::HWAddress; Res |= SanitizerKind::HWAddress;
▲ Show 20 LinesShow All 46 LinesShow Last 20 Lines

llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp

Show First 20 LinesShow All 109 Lines▼ Show 20 Lines
/// ///
/// The major differences between KMSAN and MSan instrumentation are: /// The major differences between KMSAN and MSan instrumentation are:
/// - KMSAN always tracks the origins and implies msan-keep-going=true; /// - KMSAN always tracks the origins and implies msan-keep-going=true;
/// - KMSAN allocates shadow and origin memory for each page separately, so /// - KMSAN allocates shadow and origin memory for each page separately, so
/// there are no explicit accesses to shadow and origin in the /// there are no explicit accesses to shadow and origin in the
/// instrumentation. /// instrumentation.
/// Shadow and origin values for a particular X-byte memory location /// Shadow and origin values for a particular X-byte memory location
/// (X=1,2,4,8) are accessed through pointers obtained via the /// (X=1,2,4,8) are accessed through pointers obtained via the
/// __msan_metadata_ptr_for_load_X(ptr) /// __msan_metadata_ptr_for_load_X(ptr)
gliderUnsubmitted
Done
ReplyInline Actions

You are changing KMSAN API, so this comment needs to be updated.

glider: You are changing KMSAN API, so this comment needs to be updated.
iiiAuthorUnsubmitted
Done
ReplyInline Actions

The API stays exactly the same here; I haven't touched kernel function signatures.

What changes here is that I've implemented the s390x ABI for the KMSAN API.

iii: The API stays exactly the same here; I haven't touched kernel function signatures. What…
gliderUnsubmitted
Done
ReplyInline Actions

Ahh, pardon my ignorance, I've had no idea s390x is doing that fancy stuff with a hidden parameter.
Perhaps you could elaborate on it a bit more in the patch description? (I already educated myself reading the s390x ABI spec and playing with Godbolt, but still).

It might be still worth mentioning in this comment that for s390x we emulate the ABI manually.

glider: Ahh, pardon my ignorance, I've had no idea s390x is doing that fancy stuff with a hidden…
/// __msan_metadata_ptr_for_store_X(ptr) /// __msan_metadata_ptr_for_store_X(ptr)
/// functions. The corresponding functions check that the X-byte accesses /// functions. The corresponding functions check that the X-byte accesses
/// are possible and returns the pointers to shadow and origin memory. /// are possible and returns the pointers to shadow and origin memory.
/// Arbitrary sized accesses are handled with: /// Arbitrary sized accesses are handled with:
/// __msan_metadata_ptr_for_load_n(ptr, size) /// __msan_metadata_ptr_for_load_n(ptr, size)
/// __msan_metadata_ptr_for_store_n(ptr, size); /// __msan_metadata_ptr_for_store_n(ptr, size);
/// Note that the sanitizer code has to deal with how shadow/origin pairs
/// returned by the these functions are represented in different ABIs. In
/// the X86_64 ABI they are returned in RDX:RAX, and in the SystemZ ABI they
/// are written to memory pointed to by a hidden parameter.
/// - TLS variables are stored in a single per-task struct. A call to a /// - TLS variables are stored in a single per-task struct. A call to a
/// function __msan_get_context_state() returning a pointer to that struct /// function __msan_get_context_state() returning a pointer to that struct
/// is inserted into every instrumented function before the entry block; /// is inserted into every instrumented function before the entry block;
/// - __msan_warning() takes a 32-bit origin parameter; /// - __msan_warning() takes a 32-bit origin parameter;
/// - local variables are poisoned with __msan_poison_alloca() upon function /// - local variables are poisoned with __msan_poison_alloca() upon function
/// entry and unpoisoned with __msan_unpoison_alloca() before leaving the /// entry and unpoisoned with __msan_unpoison_alloca() before leaving the
/// function; /// function;
/// - the pass doesn't declare any global variables or add global constructors /// - the pass doesn't declare any global variables or add global constructors
/// to the translation unit. /// to the translation unit.
/// ///
/// Also, KMSAN currently ignores uninitialized memory passed into inline asm /// Also, KMSAN currently ignores uninitialized memory passed into inline asm
/// calls, making sure we're on the safe side wrt. possible false positives. /// calls, making sure we're on the safe side wrt. possible false positives.
/// ///
/// KernelMemorySanitizer only supports X86_64 at the moment. /// KernelMemorySanitizer only supports X86_64 and SystemZ at the moment.
gliderUnsubmitted
Done
ReplyInline Actions

Please update this comment as well.

glider: Please update this comment as well.
iiiAuthorUnsubmitted
Done
ReplyInline Actions

Ok.

iii: Ok.
/// ///
// //
// FIXME: This sanitizer does not yet handle scalable vectors // FIXME: This sanitizer does not yet handle scalable vectors
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "llvm/Transforms/Instrumentation/MemorySanitizer.h" #include "llvm/Transforms/Instrumentation/MemorySanitizer.h"
#include "llvm/ADT/APInt.h" #include "llvm/ADT/APInt.h"
▲ Show 20 LinesShow All 391 Lines▼ Show 20 Linesprivate:
friend struct VarArgPowerPC64Helper; friend struct VarArgPowerPC64Helper;
friend struct VarArgSystemZHelper; friend struct VarArgSystemZHelper;
void initializeModule(Module &M); void initializeModule(Module &M);
void initializeCallbacks(Module &M, const TargetLibraryInfo &TLI); void initializeCallbacks(Module &M, const TargetLibraryInfo &TLI);
void createKernelApi(Module &M, const TargetLibraryInfo &TLI); void createKernelApi(Module &M, const TargetLibraryInfo &TLI);
void createUserspaceApi(Module &M, const TargetLibraryInfo &TLI); void createUserspaceApi(Module &M, const TargetLibraryInfo &TLI);
template <typename... ArgsTy>
FunctionCallee getOrInsertMsanMetadataFunction(Module &M, StringRef Name,
ArgsTy... Args);
/// True if we're compiling the Linux kernel. /// True if we're compiling the Linux kernel.
bool CompileKernel; bool CompileKernel;
/// Track origins (allocation points) of uninitialized values. /// Track origins (allocation points) of uninitialized values.
int TrackOrigins; int TrackOrigins;
bool Recover; bool Recover;
bool EagerChecks; bool EagerChecks;
Triple TargetTriple;
LLVMContext *C; LLVMContext *C;
Type *IntptrTy; Type *IntptrTy;
Type *OriginTy; Type *OriginTy;
// XxxTLS variables represent the per-thread state in MSan and per-task state // XxxTLS variables represent the per-thread state in MSan and per-task state
// in KMSAN. // in KMSAN.
// For the userspace these point to thread-local globals. In the kernel land // For the userspace these point to thread-local globals. In the kernel land
// they point to the members of a per-task struct obtained via a call to // they point to the members of a per-task struct obtained via a call to
▲ Show 20 LinesShow All 54 Lines▼ Show 20 Linesprivate:
/// KMSAN callback for task-local function argument shadow. /// KMSAN callback for task-local function argument shadow.
StructType *MsanContextStateTy; StructType *MsanContextStateTy;
FunctionCallee MsanGetContextStateFn; FunctionCallee MsanGetContextStateFn;
/// Functions for poisoning/unpoisoning local variables /// Functions for poisoning/unpoisoning local variables
FunctionCallee MsanPoisonAllocaFn, MsanUnpoisonAllocaFn; FunctionCallee MsanPoisonAllocaFn, MsanUnpoisonAllocaFn;
/// Each of the MsanMetadataPtrXxx functions returns a pair of shadow/origin /// Pair of shadow/origin pointers.
/// pointers. Type *MsanMetadata;
/// Each of the MsanMetadataPtrXxx functions returns a MsanMetadata.
FunctionCallee MsanMetadataPtrForLoadN, MsanMetadataPtrForStoreN; FunctionCallee MsanMetadataPtrForLoadN, MsanMetadataPtrForStoreN;
FunctionCallee MsanMetadataPtrForLoad_1_8[4]; FunctionCallee MsanMetadataPtrForLoad_1_8[4];
FunctionCallee MsanMetadataPtrForStore_1_8[4]; FunctionCallee MsanMetadataPtrForStore_1_8[4];
FunctionCallee MsanInstrumentAsmStoreFn; FunctionCallee MsanInstrumentAsmStoreFn;
/// Storage for return values of the MsanMetadataPtrXxx functions.
Value *MsanMetadataAlloca;
/// Helper to choose between different MsanMetadataPtrXxx(). /// Helper to choose between different MsanMetadataPtrXxx().
FunctionCallee getKmsanShadowOriginAccessFn(bool isStore, int size); FunctionCallee getKmsanShadowOriginAccessFn(bool isStore, int size);
/// Memory map parameters used in application-to-shadow calculation. /// Memory map parameters used in application-to-shadow calculation.
const MemoryMapParams *MapParams; const MemoryMapParams *MapParams;
/// Custom memory map parameters used when -msan-shadow-base or /// Custom memory map parameters used when -msan-shadow-base or
// -msan-origin-base is provided. // -msan-origin-base is provided.
▲ Show 20 LinesShow All 86 Lines▼ Show 20 Lines
/// frame ID, so the string needs to be mutable. /// frame ID, so the string needs to be mutable.
static GlobalVariable *createPrivateConstGlobalForString(Module &M, static GlobalVariable *createPrivateConstGlobalForString(Module &M,
StringRef Str) { StringRef Str) {
Constant *StrConst = ConstantDataArray::getString(M.getContext(), Str); Constant *StrConst = ConstantDataArray::getString(M.getContext(), Str);
return new GlobalVariable(M, StrConst->getType(), /*isConstant=*/true, return new GlobalVariable(M, StrConst->getType(), /*isConstant=*/true,
GlobalValue::PrivateLinkage, StrConst, ""); GlobalValue::PrivateLinkage, StrConst, "");
} }
template <typename... ArgsTy>
FunctionCallee
MemorySanitizer::getOrInsertMsanMetadataFunction(Module &M, StringRef Name,
ArgsTy... Args) {
if (TargetTriple.getArch() == Triple::systemz) {
gliderUnsubmitted
Done
ReplyInline Actions

Can we add a bool to MemorySanitizerPass to indicate whether or not we want to return the metadata as a pointer?
We'll then set it based on Triple::systemz once and check everywhere, making the code more readable.

glider: Can we add a bool to MemorySanitizerPass to indicate whether or not we want to return the…
iiiAuthorUnsubmitted
Done
ReplyInline Actions

We could do that, but that's really the detail of the s390x ABI. Other platforms might have different conventions for large return values. That's why I didn't want to introduce generic concepts for this and highlight that it's s390x specific, where possible.

iii: We could do that, but that's really the detail of the s390x ABI. Other platforms might have…
gliderUnsubmitted
Done
ReplyInline Actions

Ok, sounds good.

glider: Ok, sounds good.
gliderUnsubmitted
Done
ReplyInline Actions

I think people unfamiliar with the s390 ABI will still stumble upon this code.
Can you please add some comment along the lines of "On SystemZ, metadata hooks return the shadow/origin pair via an extra *MsanMetadata parameter"?

glider: I think people unfamiliar with the s390 ABI will still stumble upon this code. Can you please…
// SystemZ ABI: shadow/origin pair is returned via a hidden parameter.
return M.getOrInsertFunction(Name, Type::getVoidTy(*C),
PointerType::get(MsanMetadata, 0),
std::forward<ArgsTy>(Args)...);
}
return M.getOrInsertFunction(Name, MsanMetadata,
std::forward<ArgsTy>(Args)...);
}
/// Create KMSAN API callbacks. /// Create KMSAN API callbacks.
void MemorySanitizer::createKernelApi(Module &M, const TargetLibraryInfo &TLI) { void MemorySanitizer::createKernelApi(Module &M, const TargetLibraryInfo &TLI) {
IRBuilder<> IRB(*C); IRBuilder<> IRB(*C);
// These will be initialized in insertKmsanPrologue(). // These will be initialized in insertKmsanPrologue().
RetvalTLS = nullptr; RetvalTLS = nullptr;
RetvalOriginTLS = nullptr; RetvalOriginTLS = nullptr;
ParamTLS = nullptr; ParamTLS = nullptr;
Show All 13 Lines MsanContextStateTy = StructType::get(
ArrayType::get(IRB.getInt64Ty(), kRetvalTLSSize / 8), ArrayType::get(IRB.getInt64Ty(), kRetvalTLSSize / 8),
ArrayType::get(IRB.getInt64Ty(), kParamTLSSize / 8), ArrayType::get(IRB.getInt64Ty(), kParamTLSSize / 8),
ArrayType::get(IRB.getInt64Ty(), kParamTLSSize / 8), /* va_arg_origin */ ArrayType::get(IRB.getInt64Ty(), kParamTLSSize / 8), /* va_arg_origin */
IRB.getInt64Ty(), ArrayType::get(OriginTy, kParamTLSSize / 4), OriginTy, IRB.getInt64Ty(), ArrayType::get(OriginTy, kParamTLSSize / 4), OriginTy,
OriginTy); OriginTy);
MsanGetContextStateFn = M.getOrInsertFunction( MsanGetContextStateFn = M.getOrInsertFunction(
"__msan_get_context_state", PointerType::get(MsanContextStateTy, 0)); "__msan_get_context_state", PointerType::get(MsanContextStateTy, 0));
Type *RetTy = StructType::get(PointerType::get(IRB.getInt8Ty(), 0), MsanMetadata = StructType::get(PointerType::get(IRB.getInt8Ty(), 0),
PointerType::get(IRB.getInt32Ty(), 0)); PointerType::get(IRB.getInt32Ty(), 0));
for (int ind = 0, size = 1; ind < 4; ind++, size <<= 1) { for (int ind = 0, size = 1; ind < 4; ind++, size <<= 1) {
std::string name_load = std::string name_load =
"__msan_metadata_ptr_for_load_" + std::to_string(size); "__msan_metadata_ptr_for_load_" + std::to_string(size);
std::string name_store = std::string name_store =
"__msan_metadata_ptr_for_store_" + std::to_string(size); "__msan_metadata_ptr_for_store_" + std::to_string(size);
MsanMetadataPtrForLoad_1_8[ind] = M.getOrInsertFunction( MsanMetadataPtrForLoad_1_8[ind] = getOrInsertMsanMetadataFunction(
name_load, RetTy, PointerType::get(IRB.getInt8Ty(), 0)); M, name_load, PointerType::get(IRB.getInt8Ty(), 0));
MsanMetadataPtrForStore_1_8[ind] = M.getOrInsertFunction( MsanMetadataPtrForStore_1_8[ind] = getOrInsertMsanMetadataFunction(
name_store, RetTy, PointerType::get(IRB.getInt8Ty(), 0)); M, name_store, PointerType::get(IRB.getInt8Ty(), 0));
} }
MsanMetadataPtrForLoadN = M.getOrInsertFunction( MsanMetadataPtrForLoadN = getOrInsertMsanMetadataFunction(
"__msan_metadata_ptr_for_load_n", RetTy, M, "__msan_metadata_ptr_for_load_n", PointerType::get(IRB.getInt8Ty(), 0),
PointerType::get(IRB.getInt8Ty(), 0), IRB.getInt64Ty()); IRB.getInt64Ty());
MsanMetadataPtrForStoreN = M.getOrInsertFunction( MsanMetadataPtrForStoreN = getOrInsertMsanMetadataFunction(
"__msan_metadata_ptr_for_store_n", RetTy, M, "__msan_metadata_ptr_for_store_n",
PointerType::get(IRB.getInt8Ty(), 0), IRB.getInt64Ty()); PointerType::get(IRB.getInt8Ty(), 0), IRB.getInt64Ty());
// Functions for poisoning and unpoisoning memory. // Functions for poisoning and unpoisoning memory.
MsanPoisonAllocaFn = MsanPoisonAllocaFn =
M.getOrInsertFunction("__msan_poison_alloca", IRB.getVoidTy(), M.getOrInsertFunction("__msan_poison_alloca", IRB.getVoidTy(),
IRB.getInt8PtrTy(), IntptrTy, IRB.getInt8PtrTy()); IRB.getInt8PtrTy(), IntptrTy, IRB.getInt8PtrTy());
MsanUnpoisonAllocaFn = M.getOrInsertFunction( MsanUnpoisonAllocaFn = M.getOrInsertFunction(
"__msan_unpoison_alloca", IRB.getVoidTy(), IRB.getInt8PtrTy(), IntptrTy); "__msan_unpoison_alloca", IRB.getVoidTy(), IRB.getInt8PtrTy(), IntptrTy);
▲ Show 20 LinesShow All 134 Lines▼ Show 20 Lines
} }
/// Module-level initialization. /// Module-level initialization.
/// ///
/// inserts a call to __msan_init to the module's constructor list. /// inserts a call to __msan_init to the module's constructor list.
void MemorySanitizer::initializeModule(Module &M) { void MemorySanitizer::initializeModule(Module &M) {
auto &DL = M.getDataLayout(); auto &DL = M.getDataLayout();
TargetTriple = Triple(M.getTargetTriple());
bool ShadowPassed = ClShadowBase.getNumOccurrences() > 0; bool ShadowPassed = ClShadowBase.getNumOccurrences() > 0;
bool OriginPassed = ClOriginBase.getNumOccurrences() > 0; bool OriginPassed = ClOriginBase.getNumOccurrences() > 0;
// Check the overrides first // Check the overrides first
if (ShadowPassed || OriginPassed) { if (ShadowPassed || OriginPassed) {
CustomMapParams.AndMask = ClAndMask; CustomMapParams.AndMask = ClAndMask;
CustomMapParams.XorMask = ClXorMask; CustomMapParams.XorMask = ClXorMask;
CustomMapParams.ShadowBase = ClShadowBase; CustomMapParams.ShadowBase = ClShadowBase;
CustomMapParams.OriginBase = ClOriginBase; CustomMapParams.OriginBase = ClOriginBase;
MapParams = &CustomMapParams; MapParams = &CustomMapParams;
} else { } else {
Triple TargetTriple(M.getTargetTriple());
switch (TargetTriple.getOS()) { switch (TargetTriple.getOS()) {
case Triple::FreeBSD: case Triple::FreeBSD:
switch (TargetTriple.getArch()) { switch (TargetTriple.getArch()) {
case Triple::aarch64: case Triple::aarch64:
MapParams = FreeBSD_ARM_MemoryMapParams.bits64; MapParams = FreeBSD_ARM_MemoryMapParams.bits64;
break; break;
case Triple::x86_64: case Triple::x86_64:
MapParams = FreeBSD_X86_MemoryMapParams.bits64; MapParams = FreeBSD_X86_MemoryMapParams.bits64;
▲ Show 20 LinesShow All 510 Lines▼ Show 20 Lines void insertKmsanPrologue(IRBuilder<> &IRB) {
MS.VAArgOverflowSizeTLS = MS.VAArgOverflowSizeTLS =
IRB.CreateGEP(MS.MsanContextStateTy, ContextState, IRB.CreateGEP(MS.MsanContextStateTy, ContextState,
{Zero, IRB.getInt32(4)}, "va_arg_overflow_size"); {Zero, IRB.getInt32(4)}, "va_arg_overflow_size");
MS.ParamOriginTLS = IRB.CreateGEP(MS.MsanContextStateTy, ContextState, MS.ParamOriginTLS = IRB.CreateGEP(MS.MsanContextStateTy, ContextState,
{Zero, IRB.getInt32(5)}, "param_origin"); {Zero, IRB.getInt32(5)}, "param_origin");
MS.RetvalOriginTLS = MS.RetvalOriginTLS =
IRB.CreateGEP(MS.MsanContextStateTy, ContextState, IRB.CreateGEP(MS.MsanContextStateTy, ContextState,
{Zero, IRB.getInt32(6)}, "retval_origin"); {Zero, IRB.getInt32(6)}, "retval_origin");
if (MS.TargetTriple.getArch() == Triple::systemz)
gliderUnsubmitted
Done
ReplyInline Actions

Have you considered using per-CPU data instead of this alloca (there might be pitfalls as well, so just curious).
Same question for passing a single struct vs. two separate allocas for shadow/origin.

glider: Have you considered using per-CPU data instead of this alloca (there might be pitfalls as well…
iiiAuthorUnsubmitted
Done
ReplyInline Actions

Yes, but I was wondering if there was any benefit? I thought that maybe that would save a frame for leaf functions, but since we are calling KMSAN API, we already need one (and technically they are not leaf functions anymore).

Passing two separate allocas would actually change the API, as opposed to implementing the new ABI, so I wanted to avoid that for now, even if it were more efficient.

iii: Yes, but I was wondering if there was any benefit? I thought that maybe that would save a frame…
gliderUnsubmitted
Done
ReplyInline Actions

Ok, got it. Given that this is actually the desired way to pass the struct parameters in SystemZ, it should be fine.

glider: Ok, got it. Given that this is actually the desired way to pass the struct parameters in…
MS.MsanMetadataAlloca = IRB.CreateAlloca(MS.MsanMetadata, 0u);
MaskRayUnsubmitted
Done
ReplyInline Actions

Just use 0.

Even 0u is better than (unsigned)0.

MaskRay: Just use 0. Even 0u is better than `(unsigned)0`.
} }
/// Add MemorySanitizer instrumentation to a function. /// Add MemorySanitizer instrumentation to a function.
bool runOnFunction() { bool runOnFunction() {
// Iterate all BBs in depth-first order and create shadow instructions // Iterate all BBs in depth-first order and create shadow instructions
// for all instructions (where applicable). // for all instructions (where applicable).
// For PHI nodes we create dummy shadow PHIs which will be finalized later. // For PHI nodes we create dummy shadow PHIs which will be finalized later.
for (BasicBlock *BB : depth_first(FnPrologueEnd->getParent())) for (BasicBlock *BB : depth_first(FnPrologueEnd->getParent()))
▲ Show 20 LinesShow All 216 Lines▼ Show 20 Lines if (MS.TrackOrigins) {
OriginLong = IRB.CreateAnd(OriginLong, constToIntPtr(IntptrTy, ~Mask)); OriginLong = IRB.CreateAnd(OriginLong, constToIntPtr(IntptrTy, ~Mask));
} }
OriginPtr = IRB.CreateIntToPtr( OriginPtr = IRB.CreateIntToPtr(
OriginLong, getPtrToShadowPtrType(IntptrTy, MS.OriginTy)); OriginLong, getPtrToShadowPtrType(IntptrTy, MS.OriginTy));
} }
return std::make_pair(ShadowPtr, OriginPtr); return std::make_pair(ShadowPtr, OriginPtr);
} }
template <typename... ArgsTy>
Value *createMetadataCall(IRBuilder<> &IRB, FunctionCallee Callee,
ArgsTy... Args) {
if (MS.TargetTriple.getArch() == Triple::systemz) {
IRB.CreateCall(Callee,
{MS.MsanMetadataAlloca, std::forward<ArgsTy>(Args)...});
return IRB.CreateLoad(MS.MsanMetadata, MS.MsanMetadataAlloca);
}
return IRB.CreateCall(Callee, {std::forward<ArgsTy>(Args)...});
}
std::pair<Value *, Value *> getShadowOriginPtrKernelNoVec(Value *Addr, std::pair<Value *, Value *> getShadowOriginPtrKernelNoVec(Value *Addr,
IRBuilder<> &IRB, IRBuilder<> &IRB,
Type *ShadowTy, Type *ShadowTy,
bool isStore) { bool isStore) {
Value *ShadowOriginPtrs; Value *ShadowOriginPtrs;
const DataLayout &DL = F.getParent()->getDataLayout(); const DataLayout &DL = F.getParent()->getDataLayout();
TypeSize Size = DL.getTypeStoreSize(ShadowTy); TypeSize Size = DL.getTypeStoreSize(ShadowTy);
FunctionCallee Getter = MS.getKmsanShadowOriginAccessFn(isStore, Size); FunctionCallee Getter = MS.getKmsanShadowOriginAccessFn(isStore, Size);
Value *AddrCast = Value *AddrCast =
IRB.CreatePointerCast(Addr, PointerType::get(IRB.getInt8Ty(), 0)); IRB.CreatePointerCast(Addr, PointerType::get(IRB.getInt8Ty(), 0));
if (Getter) { if (Getter) {
ShadowOriginPtrs = IRB.CreateCall(Getter, AddrCast); ShadowOriginPtrs = createMetadataCall(IRB, Getter, AddrCast);
} else { } else {
Value *SizeVal = ConstantInt::get(MS.IntptrTy, Size); Value *SizeVal = ConstantInt::get(MS.IntptrTy, Size);
ShadowOriginPtrs = IRB.CreateCall(isStore ? MS.MsanMetadataPtrForStoreN ShadowOriginPtrs = createMetadataCall(
: MS.MsanMetadataPtrForLoadN, IRB,
{AddrCast, SizeVal}); isStore ? MS.MsanMetadataPtrForStoreN : MS.MsanMetadataPtrForLoadN,
AddrCast, SizeVal);
} }
Value *ShadowPtr = IRB.CreateExtractValue(ShadowOriginPtrs, 0); Value *ShadowPtr = IRB.CreateExtractValue(ShadowOriginPtrs, 0);
ShadowPtr = IRB.CreatePointerCast(ShadowPtr, PointerType::get(ShadowTy, 0)); ShadowPtr = IRB.CreatePointerCast(ShadowPtr, PointerType::get(ShadowTy, 0));
Value *OriginPtr = IRB.CreateExtractValue(ShadowOriginPtrs, 1); Value *OriginPtr = IRB.CreateExtractValue(ShadowOriginPtrs, 1);
return std::make_pair(ShadowPtr, OriginPtr); return std::make_pair(ShadowPtr, OriginPtr);
} }
▲ Show 20 LinesShow All 3,954 Lines▼ Show 20 Lines Value *RegSaveAreaPtrPtr = IRB.CreateIntToPtr(
PointerType::get(RegSaveAreaPtrTy, 0)); PointerType::get(RegSaveAreaPtrTy, 0));
Value *RegSaveAreaPtr = IRB.CreateLoad(RegSaveAreaPtrTy, RegSaveAreaPtrPtr); Value *RegSaveAreaPtr = IRB.CreateLoad(RegSaveAreaPtrTy, RegSaveAreaPtrPtr);
Value *RegSaveAreaShadowPtr, *RegSaveAreaOriginPtr; Value *RegSaveAreaShadowPtr, *RegSaveAreaOriginPtr;
const Align Alignment = Align(8); const Align Alignment = Align(8);
std::tie(RegSaveAreaShadowPtr, RegSaveAreaOriginPtr) = std::tie(RegSaveAreaShadowPtr, RegSaveAreaOriginPtr) =
MSV.getShadowOriginPtr(RegSaveAreaPtr, IRB, IRB.getInt8Ty(), Alignment, MSV.getShadowOriginPtr(RegSaveAreaPtr, IRB, IRB.getInt8Ty(), Alignment,
/*isStore*/ true); /*isStore*/ true);
// TODO(iii): copy only fragments filled by visitCallBase() // TODO(iii): copy only fragments filled by visitCallBase()
// TODO(iii): support packed-stack && !use-soft-float
// For use-soft-float functions, it is enough to copy just the GPRs.
unsigned RegSaveAreaSize =
IsSoftFloatABI ? SystemZGpEndOffset : SystemZRegSaveAreaSize;
IRB.CreateMemCpy(RegSaveAreaShadowPtr, Alignment, VAArgTLSCopy, Alignment, IRB.CreateMemCpy(RegSaveAreaShadowPtr, Alignment, VAArgTLSCopy, Alignment,
SystemZRegSaveAreaSize); RegSaveAreaSize);
if (MS.TrackOrigins) if (MS.TrackOrigins)
IRB.CreateMemCpy(RegSaveAreaOriginPtr, Alignment, VAArgTLSOriginCopy, IRB.CreateMemCpy(RegSaveAreaOriginPtr, Alignment, VAArgTLSOriginCopy,
Alignment, SystemZRegSaveAreaSize); Alignment, RegSaveAreaSize);
} }
void copyOverflowArea(IRBuilder<> &IRB, Value *VAListTag) { void copyOverflowArea(IRBuilder<> &IRB, Value *VAListTag) {
Type *OverflowArgAreaPtrTy = Type::getInt64PtrTy(*MS.C); Type *OverflowArgAreaPtrTy = Type::getInt64PtrTy(*MS.C);
Value *OverflowArgAreaPtrPtr = IRB.CreateIntToPtr( Value *OverflowArgAreaPtrPtr = IRB.CreateIntToPtr(
IRB.CreateAdd( IRB.CreateAdd(
IRB.CreatePtrToInt(VAListTag, MS.IntptrTy), IRB.CreatePtrToInt(VAListTag, MS.IntptrTy),
ConstantInt::get(MS.IntptrTy, SystemZOverflowArgAreaPtrOffset)), ConstantInt::get(MS.IntptrTy, SystemZOverflowArgAreaPtrOffset)),
▲ Show 20 LinesShow All 115 LinesShow Last 20 Lines

llvm/test/Instrumentation/MemorySanitizer/SystemZ/basic-kernel.ll

  • This file was added.
; RUN: opt < %s -S -mcpu=z13 -msan-kernel=1 -float-abi=soft -passes=msan 2>&1 | FileCheck %s
target datalayout = "E-m:e-i1:8:16-i8:8:16-i64:64-f128:64-a:8:16-n32:64"
target triple = "s390x-unknown-linux-gnu"
define void @Store1(ptr %p, i8 %x) sanitize_memory {
entry:
gliderUnsubmitted
Done
ReplyInline Actions

This test should cover all the newly introduced API functions.

glider: This test should cover all the newly introduced API functions.
iiiAuthorUnsubmitted
Done
ReplyInline Actions

Ok.

iii: Ok.
store i8 %x, ptr %p
ret void
}
; CHECK-LABEL: define {{[^@]+}}@Store1(
; CHECK: [[META_PTR:%[a-z0-9_]+]] = alloca { ptr, ptr }
MaskRayUnsubmitted
Done
ReplyInline Actions

; CHECK-LABEL: define {{[^@]+}}@Store1( to match the @Store definition, not calls.

MaskRay: `; CHECK-LABEL: define {{[^@]+}}@Store1(` to match the `@Store` definition, not calls.
; CHECK: call void @__msan_metadata_ptr_for_store_1(ptr [[META_PTR]], ptr %p)
; CHECK: [[META:%[a-z0-9_]+]] = load { ptr, ptr }, ptr [[META_PTR]]
; CHECK: [[SHADOW:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 0
; CHECK: [[ORIGIN:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 1
; CHECK: store i8 {{.+}}, ptr [[SHADOW]]
; CHECK: ret void
define void @Store2(ptr %p, i16 %x) sanitize_memory {
entry:
store i16 %x, ptr %p
ret void
}
; CHECK-LABEL: define {{[^@]+}}@Store2(
; CHECK: [[META_PTR:%[a-z0-9_]+]] = alloca { ptr, ptr }
; CHECK: call void @__msan_metadata_ptr_for_store_2(ptr [[META_PTR]], ptr %p)
; CHECK: [[META:%[a-z0-9_]+]] = load { ptr, ptr }, ptr [[META_PTR]]
; CHECK: [[SHADOW:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 0
; CHECK: [[ORIGIN:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 1
; CHECK: store i16 {{.+}}, ptr [[SHADOW]]
; CHECK: ret void
define void @Store4(ptr %p, i32 %x) sanitize_memory {
entry:
store i32 %x, ptr %p
ret void
}
; CHECK-LABEL: define {{[^@]+}}@Store4(
; CHECK: [[META_PTR:%[a-z0-9_]+]] = alloca { ptr, ptr }
; CHECK: call void @__msan_metadata_ptr_for_store_4(ptr [[META_PTR]], ptr %p)
; CHECK: [[META:%[a-z0-9_]+]] = load { ptr, ptr }, ptr [[META_PTR]]
; CHECK: [[SHADOW:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 0
; CHECK: [[ORIGIN:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 1
; CHECK: store i32 {{.+}}, ptr [[SHADOW]]
; CHECK: ret void
define void @Store8(ptr %p, i64 %x) sanitize_memory {
entry:
store i64 %x, ptr %p
ret void
}
; CHECK-LABEL: define {{[^@]+}}@Store8(
; CHECK: [[META_PTR:%[a-z0-9_]+]] = alloca { ptr, ptr }
; CHECK: call void @__msan_metadata_ptr_for_store_8(ptr [[META_PTR]], ptr %p)
; CHECK: [[META:%[a-z0-9_]+]] = load { ptr, ptr }, ptr [[META_PTR]]
; CHECK: [[SHADOW:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 0
; CHECK: [[ORIGIN:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 1
; CHECK: store i64 {{.+}}, ptr [[SHADOW]]
; CHECK: ret void
define void @Store16(ptr %p, i128 %x) sanitize_memory {
entry:
store i128 %x, ptr %p
ret void
}
; CHECK-LABEL: define {{[^@]+}}@Store16(
; CHECK: [[META_PTR:%[a-z0-9_]+]] = alloca { ptr, ptr }
; CHECK: call void @__msan_metadata_ptr_for_store_n(ptr [[META_PTR]], ptr %p, i64 16)
; CHECK: [[META:%[a-z0-9_]+]] = load { ptr, ptr }, ptr [[META_PTR]]
; CHECK: [[SHADOW:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 0
; CHECK: [[ORIGIN:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 1
; CHECK: store i128 {{.+}}, ptr [[SHADOW]]
; CHECK: ret void
define i8 @Load1(ptr %p) sanitize_memory {
entry:
%0 = load i8, ptr %p
ret i8 %0
}
; CHECK-LABEL: define {{[^@]+}}@Load1(
; CHECK: [[META_PTR:%[a-z0-9_]+]] = alloca { ptr, ptr }
; CHECK: call void @__msan_metadata_ptr_for_load_1(ptr [[META_PTR]], ptr %p)
; CHECK: [[META:%[a-z0-9_]+]] = load { ptr, ptr }, ptr [[META_PTR]]
; CHECK: [[SHADOW:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 0
; CHECK: [[ORIGIN:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 1
; CHECK: [[SHADOW_VAL:%[a-z0-9_]+]] = load i8, ptr [[SHADOW]]
; CHECK: [[ORIGIN_VAL:%[a-z0-9_]+]] = load i32, ptr [[ORIGIN]]
; CHECK: store i8 [[SHADOW_VAL]], ptr %retval_shadow
; CHECK: store i32 [[ORIGIN_VAL]], ptr %retval_origin
; CHECK: ret i8 {{.+}}
define i16 @Load2(ptr %p) sanitize_memory {
entry:
%0 = load i16, ptr %p
ret i16 %0
}
; CHECK-LABEL: define {{[^@]+}}@Load2(
; CHECK: [[META_PTR:%[a-z0-9_]+]] = alloca { ptr, ptr }
; CHECK: call void @__msan_metadata_ptr_for_load_2(ptr [[META_PTR]], ptr %p)
; CHECK: [[META:%[a-z0-9_]+]] = load { ptr, ptr }, ptr [[META_PTR]]
; CHECK: [[SHADOW:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 0
; CHECK: [[ORIGIN:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 1
; CHECK: [[SHADOW_VAL:%[a-z0-9_]+]] = load i16, ptr [[SHADOW]]
; CHECK: [[ORIGIN_VAL:%[a-z0-9_]+]] = load i32, ptr [[ORIGIN]]
; CHECK: store i16 [[SHADOW_VAL]], ptr %retval_shadow
; CHECK: store i32 [[ORIGIN_VAL]], ptr %retval_origin
; CHECK: ret i16 {{.+}}
define i32 @Load4(ptr %p) sanitize_memory {
entry:
%0 = load i32, ptr %p
ret i32 %0
}
; CHECK-LABEL: define {{[^@]+}}@Load4(
; CHECK: [[META_PTR:%[a-z0-9_]+]] = alloca { ptr, ptr }
; CHECK: call void @__msan_metadata_ptr_for_load_4(ptr [[META_PTR]], ptr %p)
; CHECK: [[META:%[a-z0-9_]+]] = load { ptr, ptr }, ptr [[META_PTR]]
; CHECK: [[SHADOW:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 0
; CHECK: [[ORIGIN:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 1
; CHECK: [[SHADOW_VAL:%[a-z0-9_]+]] = load i32, ptr [[SHADOW]]
; CHECK: [[ORIGIN_VAL:%[a-z0-9_]+]] = load i32, ptr [[ORIGIN]]
; CHECK: store i32 [[SHADOW_VAL]], ptr %retval_shadow
; CHECK: store i32 [[ORIGIN_VAL]], ptr %retval_origin
; CHECK: ret i32 {{.+}}
define i64 @Load8(ptr %p) sanitize_memory {
entry:
%0 = load i64, ptr %p
ret i64 %0
}
; CHECK-LABEL: define {{[^@]+}}@Load8(
; CHECK: [[META_PTR:%[a-z0-9_]+]] = alloca { ptr, ptr }
; CHECK: call void @__msan_metadata_ptr_for_load_8(ptr [[META_PTR]], ptr %p)
; CHECK: [[META:%[a-z0-9_]+]] = load { ptr, ptr }, ptr [[META_PTR]]
; CHECK: [[SHADOW:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 0
; CHECK: [[ORIGIN:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 1
; CHECK: [[SHADOW_VAL:%[a-z0-9_]+]] = load i64, ptr [[SHADOW]]
; CHECK: [[ORIGIN_VAL:%[a-z0-9_]+]] = load i32, ptr [[ORIGIN]]
; CHECK: store i64 [[SHADOW_VAL]], ptr %retval_shadow
; CHECK: store i32 [[ORIGIN_VAL]], ptr %retval_origin
; CHECK: ret i64 {{.+}}
define i128 @Load16(ptr %p) sanitize_memory {
entry:
%0 = load i128, ptr %p
ret i128 %0
}
; CHECK-LABEL: define {{[^@]+}}@Load16(
; CHECK: [[META_PTR:%[a-z0-9_]+]] = alloca { ptr, ptr }
; CHECK: call void @__msan_metadata_ptr_for_load_n(ptr [[META_PTR]], ptr %p, i64 16)
; CHECK: [[META:%[a-z0-9_]+]] = load { ptr, ptr }, ptr [[META_PTR]]
; CHECK: [[SHADOW:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 0
; CHECK: [[ORIGIN:%[a-z0-9_]+]] = extractvalue { ptr, ptr } [[META]], 1
; CHECK: [[SHADOW_VAL:%[a-z0-9_]+]] = load i128, ptr [[SHADOW]]
; CHECK: [[ORIGIN_VAL:%[a-z0-9_]+]] = load i32, ptr [[ORIGIN]]
; CHECK: store i128 [[SHADOW_VAL]], ptr %retval_shadow
; CHECK: store i32 [[ORIGIN_VAL]], ptr %retval_origin
; CHECK: ret i128 {{.+}}

llvm/test/Instrumentation/MemorySanitizer/SystemZ/vararg-kernel.ll

; RUN: opt < %s -S -mcpu=z13 -msan-kernel=1 -float-abi=soft -passes=msan 2>&1 | FileCheck %s ; RUN: opt < %s -S -mcpu=z13 -msan-kernel=1 -float-abi=soft -passes=msan 2>&1 | FileCheck %s
target datalayout = "E-m:e-i1:8:16-i8:8:16-i64:64-f128:64-a:8:16-n32:64" target datalayout = "E-m:e-i1:8:16-i8:8:16-i64:64-f128:64-a:8:16-n32:64"
target triple = "s390x-unknown-linux-gnu" target triple = "s390x-unknown-linux-gnu"
declare i64 @foo(i64 %guard, ...) #0 %struct.__va_list = type { i64, i64, ptr, ptr }
declare void @llvm.lifetime.start.p0(i64, ptr)
declare void @llvm.va_start(ptr)
declare void @llvm.va_end(ptr)
declare void @llvm.lifetime.end.p0(i64, ptr)
define i64 @foo(i64 %guard, ...) #1 {
%vl = alloca %struct.__va_list
call void @llvm.lifetime.start.p0(i64 32, ptr %vl)
call void @llvm.va_start(ptr %vl)
call void @llvm.va_end(ptr %vl)
call void @llvm.lifetime.end.p0(i64 32, ptr %vl)
ret i64 0
}
; CHECK-LABEL: define {{[^@]+}}@foo(
attributes #0 = { "target-features"="+soft-float" "use-soft-float"="true" } ; Callers store variadic arguments' shadow and origins into va_arg_shadow and
; va_arg_origin. Their layout is: the register save area (160 bytes) followed
; by the overflow arg area. It does not depend on "packed-stack".
; Check that callees correctly backup shadow into a local variable.
; CHECK: [[TMP:%.*]] = alloca { ptr, ptr }
; CHECK: [[OverflowSize:%.*]] = load i64, ptr %va_arg_overflow_size
; CHECK: [[MetaSize:%.*]] = add i64 160, [[OverflowSize]]
; CHECK: [[ShadowBackup:%.*]] = alloca {{.*}} [[MetaSize]]
; CHECK: [[MetaCopySize:%.*]] = call i64 @llvm.umin.i64(i64 [[MetaSize]], i64 800)
; CHECK: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[ShadowBackup]], ptr align 8 %va_arg_shadow, i64 [[MetaCopySize]], i1 false)
; CHECK: [[OverflowBackup:%.*]] = alloca {{.*}} [[MetaSize]]
; CHECK: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[OverflowBackup]], ptr align 8 %va_arg_origin, i64 [[MetaCopySize]], i1 false)
; Check that va_start() correctly copies the shadow backup into the shadow of
; the va_list. Register save area and overflow arg area are copied separately.
; Only 56 bytes of the register save area is copied, because of
; "use-soft-float".
; CHECK: call void @llvm.va_start(ptr %vl)
; CHECK: [[VlAddr:%.*]] = ptrtoint ptr %vl to i64
; CHECK: [[RegSaveAreaAddrAddr:%.*]] = add i64 [[VlAddr]], 24
; CHECK: [[RegSaveAreaAddr:%.*]] = inttoptr i64 [[RegSaveAreaAddrAddr]] to ptr
; CHECK: [[RegSaveArea:%.*]] = load ptr, ptr [[RegSaveAreaAddr]]
; CHECK: call void @__msan_metadata_ptr_for_store_1(ptr [[TMP]], ptr [[RegSaveArea]])
; CHECK: [[RegSaveAreaMeta:%.*]] = load { ptr, ptr }, ptr [[TMP]]
; CHECK: [[RegSaveAreaShadow:%.*]] = extractvalue { ptr, ptr } [[RegSaveAreaMeta]], 0
; CHECK: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[RegSaveAreaShadow]], ptr align 8 [[ShadowBackup]], i64 56, i1 false)
; CHECK: [[VlAddr:%.*]] = ptrtoint ptr %vl to i64
; CHECK: [[OverflowAddrAddr:%.*]] = add i64 [[VlAddr]], 16
; CHECK: [[OverflowAddr:%.*]] = inttoptr i64 [[OverflowAddrAddr]] to ptr
; CHECK: [[Overflow:%.*]] = load ptr, ptr [[OverflowAddr]]
; CHECK: call void @__msan_metadata_ptr_for_store_1(ptr [[TMP]], ptr [[Overflow]])
; CHECK: [[OverflowMeta:%.*]] = load { ptr, ptr }, ptr [[TMP]]
; CHECK: [[OverflowShadow:%.*]] = extractvalue { ptr, ptr } [[OverflowMeta]], 0
; CHECK: [[OverflowShadowBackup:%.*]] = getelementptr i8, ptr [[ShadowBackup]], i32 160
; CHECK: call void @llvm.memcpy.p0.p0.i64(ptr align 8 [[OverflowShadow]], ptr align 8 [[OverflowShadowBackup]], i64 [[OverflowSize]], i1 false)
declare i32 @random_i32() declare i32 @random_i32()
declare i64 @random_i64() declare i64 @random_i64()
declare float @random_float() declare float @random_float()
declare double @random_double() declare double @random_double()
define i64 @bar() #1 { define i64 @bar() #1 {
%arg2 = call i32 () @random_i32() %arg2 = call i32 () @random_i32()
▲ Show 20 LinesShow All 108 LinesShow Last 20 Lines