This is an archive of the discontinued LLVM Phabricator instance.

Differential D22842

[asan] Do not remove empty lifetime.start/lifetime.end ranges
ClosedPublic

Authored by vitalybuka on Jul 26 2016, 6:56 PM.

Details

Reviewers
kcc
eugenis
Commits
rG0ab23cf1c8c9: Do not remove empty lifetime.start/lifetime.end ranges
rGf0500b6ae526: Do not remove empty lifetime.start/lifetime.end ranges
rL277072: Do not remove empty lifetime.start/lifetime.end ranges
rL277068: Do not remove empty lifetime.start/lifetime.end ranges
Summary

Asan stack-use-after-scope check should poison alloca even if there is
no access between start and end.

This is possible for code like this:
for (int i = 0; i < 3; i++) {

int x;
p = &x;

}

"Loop Invariant Code Motion" will move "p = &x;" out of the loop, making
start/end range empty.

PR27453

Diff Detail

Repository
rL LLVM

Event Timeline

vitalybuka updated this revision to Diff 65645.Jul 26 2016, 6:56 PM
vitalybuka retitled this revision from to Do not remove empty lifetime.start/lifetime.end ranges.
vitalybuka updated this object.
vitalybuka added a reviewer: eugenis.
eugenis added a reviewer: kcc.Jul 27 2016, 11:37 AM
eugenis set the repository for this revision to rL LLVM.
eugenis added a subscriber: llvm-commits.
eugenis added inline comments.
lib/Transforms/InstCombine/InstCombineCalls.cpp
2246 ↗(On Diff #65645)

code style: "F"

vitalybuka marked an inline comment as done.Jul 27 2016, 11:44 AM
vitalybuka updated this revision to Diff 65783.Jul 27 2016, 11:44 AM

naming

majnemer added a subscriber: majnemer.Jul 27 2016, 11:46 AM
majnemer added inline comments.
test/Transforms/InstCombine/lifetime-asan.ll
10–11 ↗(On Diff #65783)

Instead of alloca + gep, why not just make you alloca have type i8?

27–28 ↗(On Diff #65783)

Ditto.

vitalybuka updated this revision to Diff 65786.Jul 27 2016, 12:09 PM

Simplified ll test

vitalybuka marked 2 inline comments as done.Jul 27 2016, 12:09 PM
majnemer added inline comments.Jul 27 2016, 12:26 PM
lib/Transforms/InstCombine/InstCombineCalls.cpp
2249 ↗(On Diff #65786)

Is it really possible for Func to be null?

vitalybuka added inline comments.Jul 27 2016, 2:23 PM
lib/Transforms/InstCombine/InstCombineCalls.cpp
2249 ↗(On Diff #65786)

I have no confident answer, but seems I can compile entire clang without null check.

vitalybuka updated this revision to Diff 65812.Jul 27 2016, 3:03 PM
vitalybuka marked 2 inline comments as done.

removed null check

majnemer added a comment.Jul 27 2016, 3:10 PM

I am satisfied with this change from a code and test point of view but have no idea if this is correct behavior for the sanitizer. Can somebody with more experience on that side of things comment?

lib/Transforms/InstCombine/InstCombineCalls.cpp
2246–2248 ↗(On Diff #65812)

I'd prefer that this check get split out from the other.

vitalybuka updated this revision to Diff 65817.Jul 27 2016, 3:23 PM

"if" split

vitalybuka marked an inline comment as done.Jul 27 2016, 3:23 PM
eugenis accepted this revision.Jul 27 2016, 3:27 PM
eugenis edited edge metadata.

I think this is correct from the sanitizer standpoint. It would help asan report use-after-scope for accesses after lifetime.end.

This may have performance implications (lots of poisoning/unpoisoning of locals in tight loops), but that can be fixed on the ASan side.

This revision is now accepted and ready to land.Jul 27 2016, 3:27 PM
vitalybuka retitled this revision from Do not remove empty lifetime.start/lifetime.end ranges to [asan] Do not remove empty lifetime.start/lifetime.end ranges.Jul 27 2016, 5:13 PM
vitalybuka edited edge metadata.
Closed by commit rL277068: Do not remove empty lifetime.start/lifetime.end ranges (authored by vitalybuka). · Explain WhyJul 28 2016, 3:58 PM
This revision was automatically updated to reflect the committed changes.
vitalybuka reopened this revision.Jul 28 2016, 4:03 PM
This revision is now accepted and ready to land.Jul 28 2016, 4:03 PM
Closed by commit rL277072: Do not remove empty lifetime.start/lifetime.end ranges (authored by vitalybuka). · Explain WhyJul 28 2016, 4:06 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
trunk/
lib/
Transforms/
InstCombine/
5 lines
test/
Transforms/
InstCombine/
35 lines

Diff 66049

llvm/trunk/lib/Transforms/InstCombine/InstCombineCalls.cpp

Show First 20 LinesShow All 2,237 Lines▼ Show 20 Lines case Intrinsic::stackrestore: {
// If the stack restore is in a return, resume, or unwind block and if there // If the stack restore is in a return, resume, or unwind block and if there
// are no allocas or calls between the restore and the return, nuke the // are no allocas or calls between the restore and the return, nuke the
// restore. // restore.
if (!CannotRemove && (isa<ReturnInst>(TI) || isa<ResumeInst>(TI))) if (!CannotRemove && (isa<ReturnInst>(TI) || isa<ResumeInst>(TI)))
return eraseInstFromFunction(CI); return eraseInstFromFunction(CI);
break; break;
} }
case Intrinsic::lifetime_start: case Intrinsic::lifetime_start:
// Asan needs to poison memory to detect invalid access which is possible
// even for empty lifetime range.
if (II->getFunction()->hasFnAttribute(Attribute::SanitizeAddress))
break;
if (removeTriviallyEmptyRange(*II, Intrinsic::lifetime_start, if (removeTriviallyEmptyRange(*II, Intrinsic::lifetime_start,
Intrinsic::lifetime_end, *this)) Intrinsic::lifetime_end, *this))
return nullptr; return nullptr;
break; break;
case Intrinsic::assume: { case Intrinsic::assume: {
Value *IIOperand = II->getArgOperand(0); Value *IIOperand = II->getArgOperand(0);
// Remove an assume if it is immediately followed by an identical assume. // Remove an assume if it is immediately followed by an identical assume.
if (match(II->getNextNode(), if (match(II->getNextNode(),
▲ Show 20 LinesShow All 796 LinesShow Last 20 Lines

llvm/trunk/test/Transforms/InstCombine/lifetime-asan.ll

; RUN: opt < %s -instcombine -S | FileCheck %s
declare void @llvm.lifetime.start(i64, i8* nocapture)
declare void @llvm.lifetime.end(i64, i8* nocapture)
declare void @foo(i8* nocapture)
define void @asan() sanitize_address {
entry:
; CHECK-LABEL: @asan(
%text = alloca i8, align 1
call void @llvm.lifetime.start(i64 1, i8* %text)
call void @llvm.lifetime.end(i64 1, i8* %text)
; CHECK: call void @llvm.lifetime.start
; CHECK-NEXT: call void @llvm.lifetime.end
call void @foo(i8* %text) ; Keep alloca alive
ret void
}
define void @no_asan() {
entry:
; CHECK-LABEL: @no_asan(
%text = alloca i8, align 1
call void @llvm.lifetime.start(i64 1, i8* %text)
call void @llvm.lifetime.end(i64 1, i8* %text)
; CHECK-NO: call void @llvm.lifetime
call void @foo(i8* %text) ; Keep alloca alive
ret void
}