This is an archive of the discontinued LLVM Phabricator instance.

[asan] Don't poison variables for lifitime analysis on function entry
AbandonedPublic

Authored by vitalybuka on Sep 12 2016, 4:48 PM.

Download Raw Diff

Details

Reviewers: None

Summary

In most cases such poisoning makes sense, however PR28267 allows to jump over
intrinsic.

void f2(int cond) {
     switch (cond) {
       case 1: {
         ++cond;
         int tmp = 1;
         ptr = &tmp;
         exit(0);
       case 2:
         ptr = &tmp;
         *ptr = 5;
         exit(0);
       }
     }
   }

Diff Detail

Event Timeline

vitalybuka updated this revision to Diff 71077.Sep 12 2016, 4:48 PM

vitalybuka retitled this revision from to [asan] Don't poison variables as for lifitime analysis on function entry..

vitalybuka updated this object.

vitalybuka added a reviewer: eugenis.

vitalybuka added a subscriber: llvm-commits.

Fixed test

eugenis added inline comments.Sep 12 2016, 6:24 PM

lib/Transforms/Instrumentation/AddressSanitizer.cpp
2388	functions

relaxed AllocaLifetimeChecker
check only successors of lifetime markers, no entry

Description

vitalybuka retitled this revision from [asan] Don't poison variables as for lifitime analysis on function entry. to [asan] Don't poison variables for lifitime analysis on function entry.Sep 12 2016, 6:51 PM

vitalybuka updated this object.

vitalybuka removed a reviewer: eugenis.Sep 13 2016, 11:08 AM

vitalybuka abandoned this revision.Sep 16 2016, 6:06 PM

Revision Contents

Path

Size

lib/

Transforms/

Instrumentation/

AddressSanitizer.cpp

46 lines

test/

Instrumentation/

AddressSanitizer/

lifetime-throw.ll

8 lines

lifetime-uar-uas.ll

4 lines

lifetime.ll

13 lines

stack-poisoning-experimental-be.ll

26 lines

stack-poisoning-experimental.ll

26 lines

Diff 71093

lib/Transforms/Instrumentation/AddressSanitizer.cpp

Show First 20 Lines • Show All 845 Lines • ▼ Show 20 Lines	class AllocaLifetimeChecker {
// Contains the lifetime state we detected doing depth-first search on the		// Contains the lifetime state we detected doing depth-first search on the
// control flow graph. We expect all future hits will have the same value.		// control flow graph. We expect all future hits will have the same value.
// true: llvm.lifetime.start, false: llvm.lifetime.end		// true: llvm.lifetime.start, false: llvm.lifetime.end
DenseMap<const BasicBlock *, bool> InboundState;		DenseMap<const BasicBlock *, bool> InboundState;
bool Processed = false;		bool Processed = false;
bool CollisionDetected = false;		bool CollisionDetected = false;

bool FindCollision(const std::pair<const BasicBlock *, bool> &BlockState) {		bool FindCollision(const std::pair<const BasicBlock *, bool> &BlockState) {
auto Ins = InboundState.insert(BlockState);		for (const BasicBlock *SB : successors(BlockState.first)) {
		// We may get into EHPad with any lifetime state, so ignore them.
		if (SB->isEHPad())
		continue;

		std::pair<const BasicBlock *, bool> NewState = {SB, BlockState.second};
		auto Ins = InboundState.insert(NewState);
if (!Ins.second) {		if (!Ins.second) {
// Already there. Return collision if they are different.		// Already there. Return collision if they are different.
return BlockState.second != Ins.first->second;		if (NewState.second != Ins.first->second)
}

// Use marker for successors if block contains any.
auto M = Markers.find(BlockState.first);
bool NewState = (M != Markers.end() ? M->second : BlockState.second);
for (const BasicBlock *SB : successors(BlockState.first))
// We may get into EHPad with any lifetime state, so ignore them.
if (!SB->isEHPad() && FindCollision({SB, NewState}))
return true;		return true;
		} else {
		// Don't recurse into markers, we will start search from each of them.
		if (Markers.find(SB) == Markers.end() && FindCollision(NewState))
		return true;
		}
		}
return false;		return false;
}		}

public:		public:
// Assume that markers of the same block will be added in the same order as		// Assume that markers of the same block will be added in the same order as
// the order of corresponding intrinsics, so in the end we will keep only		// the order of corresponding intrinsics, so in the end we will keep only
// value of the last intrinsic.		// value of the last intrinsic.
void AddMarker(const BasicBlock *BB, bool start) {		void AddMarker(const BasicBlock *BB, bool start) {
assert(!Processed);		assert(!Processed);
Markers[BB] = start;		Markers[BB] = start;
}		}

bool HasAmbiguousLifetime() {		bool HasAmbiguousLifetime() {
if (!Processed) {		if (!Processed) {
Processed = true;		Processed = true;
const Function *F = Markers.begin()->first->getParent();		for (const auto& M : Markers) {
CollisionDetected = FindCollision({&F->getEntryBlock(), false});		CollisionDetected = FindCollision(M);
		if (CollisionDetected)
		break;
		}
}		}
return CollisionDetected;		return CollisionDetected;
}		}
};		};

// Removes allocas for which exists at least one block simultaneously		// Removes allocas for which exists at least one block simultaneously
// reachable in both states: allocas is inside the scope, and alloca is outside		// reachable in both states: allocas is inside the scope, and alloca is outside
// of the scope. We don't have enough information to validate access to such		// of the scope. We don't have enough information to validate access to such
▲ Show 20 Lines • Show All 1,475 Lines • ▼ Show 20 Lines	void FunctionStackPoisoner::processStaticAllocas() {
// Write the PC to redzone[2].		// Write the PC to redzone[2].
Value *BasePlus2 = IRB.CreateIntToPtr(		Value *BasePlus2 = IRB.CreateIntToPtr(
IRB.CreateAdd(LocalStackBase,		IRB.CreateAdd(LocalStackBase,
ConstantInt::get(IntptrTy, 2 * ASan.LongSize / 8)),		ConstantInt::get(IntptrTy, 2 * ASan.LongSize / 8)),
IntptrPtrTy);		IntptrPtrTy);
IRB.CreateStore(IRB.CreatePointerCast(&F, IntptrTy), BasePlus2);		IRB.CreateStore(IRB.CreatePointerCast(&F, IntptrTy), BasePlus2);

const auto &ShadowAfterScope = GetShadowBytesAfterScope(SVD, L);		const auto &ShadowAfterScope = GetShadowBytesAfterScope(SVD, L);
		const auto &ShadowInScope = GetShadowBytes(SVD, L);

// Poison the stack red zones at the entry.		// Poison the stack red zones at the entry.
Value *ShadowBase = ASan.memToShadow(LocalStackBase, IRB);		Value *ShadowBase = ASan.memToShadow(LocalStackBase, IRB);
// As mask we must use most poisoned case: red zones and after scope.		// As mask we must use most poisoned case: red zones and after scope.
// As bytes we can use either the same or just red zones only.		// In most cases as bytes we can use either the same or just red zones only.
copyToShadow(ShadowAfterScope, ShadowAfterScope, IRB, ShadowBase);		// However PR28267 allows functions with several branches, when some
		eugenisUnsubmitted Not Done Reply Inline Actions functions eugenis: functions
		// branches have proper sets of lifetime.start/lifetime.end, and some have
		// none at all. To avoid reports in such cases we assume that on entry
		// variable is alive, and it will be poisoned only by lifetime.end.
		// So we poison frame with red zones only, like var inside of the scope.
		copyToShadow(ShadowAfterScope, ShadowInScope, IRB, ShadowBase);

if (ClExperimentalPoisoning && !StaticAllocaPoisonCallVec.empty()) {		if (ClExperimentalPoisoning && !StaticAllocaPoisonCallVec.empty()) {
// Complete AllocaToSVDMap		// Complete AllocaToSVDMap
for (const auto &Desc : SVD) {		for (const auto &Desc : SVD) {
auto It = AllocaToSVDMap.find(Desc.AI);		auto It = AllocaToSVDMap.find(Desc.AI);
if (It != AllocaToSVDMap.end()) {		if (It != AllocaToSVDMap.end()) {
It->second = &Desc;		It->second = &Desc;
}		}
}		}

const auto &ShadowInScope = GetShadowBytes(SVD, L);

// Poison static allocas near lifetime intrinsics.		// Poison static allocas near lifetime intrinsics.
for (const auto &APC : StaticAllocaPoisonCallVec) {		for (const auto &APC : StaticAllocaPoisonCallVec) {
// Must be already set.		// Must be already set.
assert(AllocaToSVDMap[APC.AI]);		assert(AllocaToSVDMap[APC.AI]);
const auto &Desc = *AllocaToSVDMap[APC.AI];		const auto &Desc = *AllocaToSVDMap[APC.AI];
assert(Desc.Offset % L.Granularity == 0);		assert(Desc.Offset % L.Granularity == 0);
size_t Begin = Desc.Offset / L.Granularity;		size_t Begin = Desc.Offset / L.Granularity;
size_t End = Begin + (APC.Size + L.Granularity - 1) / L.Granularity;		size_t End = Begin + (APC.Size + L.Granularity - 1) / L.Granularity;
▲ Show 20 Lines • Show All 209 Lines • Show Last 20 Lines

test/Instrumentation/AddressSanitizer/lifetime-throw.ll

	Show All 14 Lines
	@_ZTI3ABC = linkonce_odr constant { i8, i8 } { i8* bitcast (i8** getelementptr inbounds (i8, i8* @_ZTVN10__cxxabiv117__class_type_infoE, i64 2) to i8), i8 getelementptr inbounds ([5 x i8], [5 x i8]* @_ZTS3ABC, i32 0, i32 0) }, comdat			@_ZTI3ABC = linkonce_odr constant { i8, i8 } { i8* bitcast (i8** getelementptr inbounds (i8, i8* @_ZTVN10__cxxabiv117__class_type_infoE, i64 2) to i8), i8 getelementptr inbounds ([5 x i8], [5 x i8]* @_ZTS3ABC, i32 0, i32 0) }, comdat

	define void @Throw() sanitize_address personality i8* bitcast (i32 (...)* @__gxx_personality_v0 to i8*) {			define void @Throw() sanitize_address personality i8* bitcast (i32 (...)* @__gxx_personality_v0 to i8*) {
	; CHECK-LABEL: define void @Throw()			; CHECK-LABEL: define void @Throw()
	entry:			entry:
	%x = alloca %struct.ABC, align 4			%x = alloca %struct.ABC, align 4
	%0 = bitcast %struct.ABC* %x to i8*			%0 = bitcast %struct.ABC* %x to i8*

	; Poison memory in prologue: F1F1F1F1F8F3F3F3			; Poison memory in prologue: F1F1F1F104F3F3F3
	; CHECK: store i64 -868082052615769615, i64* %{{[0-9]+}}			; CHECK: store i64 -868083100587789839, i64* %{{[0-9]+}}

	call void @llvm.lifetime.start(i64 4, i8* %0)			call void @llvm.lifetime.start(i64 4, i8* %0)
	; CHECK: store i8 4, i8* %{{[0-9]+}}			; CHECK: store i8 4, i8* %{{[0-9]+}}
	; CHECK-NEXT: @llvm.lifetime.start			; CHECK-NEXT: @llvm.lifetime.start

	%exception = call i8* @__cxa_allocate_exception(i64 4)			%exception = call i8* @__cxa_allocate_exception(i64 4)
	invoke void @__cxa_throw(i8* %exception, i8* bitcast ({ i8, i8 }* @_ZTI3ABC to i8), i8 bitcast (void (%struct.ABC) @_ZN3ABCD2Ev to i8*)) noreturn			invoke void @__cxa_throw(i8* %exception, i8* bitcast ({ i8, i8 }* @_ZTI3ABC to i8), i8 bitcast (void (%struct.ABC) @_ZN3ABCD2Ev to i8*)) noreturn
	to label %unreachable unwind label %lpad			to label %unreachable unwind label %lpad
	Show All 36 Lines

	define void @ThrowWin() sanitize_address personality i8* bitcast (i32 (...)* @__CxxFrameHandler3 to i8*) {			define void @ThrowWin() sanitize_address personality i8* bitcast (i32 (...)* @__CxxFrameHandler3 to i8*) {
	; CHECK-LABEL: define void @ThrowWin()			; CHECK-LABEL: define void @ThrowWin()
	entry:			entry:
	%x = alloca %struct.ABC, align 4			%x = alloca %struct.ABC, align 4
	%tmp = alloca %struct.ABC, align 4			%tmp = alloca %struct.ABC, align 4
	%0 = bitcast %struct.ABC* %x to i8*			%0 = bitcast %struct.ABC* %x to i8*

	; Poison memory in prologue: F1F1F1F1F8F304F2			; Poison memory in prologue: F1F1F1F104F204F3
	; CHECK: store i64 -935355671561244175, i64* %{{[0-9]+}}			; CHECK: store i64 -935356719533264399, i64* %{{[0-9]+}}

	call void @llvm.lifetime.start(i64 4, i8* %0)			call void @llvm.lifetime.start(i64 4, i8* %0)
	; CHECK: store i8 4, i8* %{{[0-9]+}}			; CHECK: store i8 4, i8* %{{[0-9]+}}
	; CHECK-NEXT: @llvm.lifetime.start			; CHECK-NEXT: @llvm.lifetime.start

	%1 = bitcast %struct.ABC* %tmp to i8*			%1 = bitcast %struct.ABC* %tmp to i8*
	invoke void @_CxxThrowException(i8* %1, %eh.ThrowInfo* nonnull @"_TI1?AUABC@@") noreturn			invoke void @_CxxThrowException(i8* %1, %eh.ThrowInfo* nonnull @"_TI1?AUABC@@") noreturn
	to label %unreachable unwind label %ehcleanup			to label %unreachable unwind label %ehcleanup
	Show All 28 Lines

test/Instrumentation/AddressSanitizer/lifetime-uar-uas.ll

	Show All 10 Lines

	define i32 @basic_test() sanitize_address {			define i32 @basic_test() sanitize_address {
	; CHECK-LABEL: define i32 @basic_test()			; CHECK-LABEL: define i32 @basic_test()

	entry:			entry:
	%retval = alloca i32, align 4			%retval = alloca i32, align 4
	%c = alloca i8, align 1			%c = alloca i8, align 1

	; Memory is poisoned in prologue: F1F1F1F104F3F8F2			; Memory is poisoned in prologue: F1F1F1F104F201F3
	; CHECK-UAS: store i64 -866676825215864335, i64* %{{[0-9]+}}			; CHECK-UAS: store i64 -936201144463396367, i64* %{{[0-9]+}}

	call void @llvm.lifetime.start(i64 1, i8* %c)			call void @llvm.lifetime.start(i64 1, i8* %c)
	; Memory is unpoisoned at llvm.lifetime.start: 01			; Memory is unpoisoned at llvm.lifetime.start: 01
	; CHECK-UAS: store i8 1, i8* %{{[0-9]+}}			; CHECK-UAS: store i8 1, i8* %{{[0-9]+}}

	store volatile i32 0, i32* %retval			store volatile i32 0, i32* %retval
	store volatile i8 0, i8* %c, align 1			store volatile i8 0, i8* %c, align 1

	Show All 13 Lines

test/Instrumentation/AddressSanitizer/lifetime.ll

Show All 39 Lines
; Generic case of lifetime analysis.		; Generic case of lifetime analysis.
define void @lifetime() sanitize_address {		define void @lifetime() sanitize_address {
; CHECK-LABEL: define void @lifetime()		; CHECK-LABEL: define void @lifetime()

; Regular variable lifetime intrinsics.		; Regular variable lifetime intrinsics.
%i = alloca i32, align 4		%i = alloca i32, align 4
%i.ptr = bitcast i32* %i to i8*		%i.ptr = bitcast i32* %i to i8*

; Poison memory in prologue: F1F1F1F1F8F3F3F3		; Poison memory in prologue: F1F1F1F104F3F3F3
; CHECK: store i64 -868082052615769615, i64* %{{[0-9]+}}		; CHECK: store i64 -868083100587789839, i64* %{{[0-9]+}}

; Memory is unpoisoned at llvm.lifetime.start		; Memory is unpoisoned at llvm.lifetime.start
call void @llvm.lifetime.start(i64 3, i8* %i.ptr)		call void @llvm.lifetime.start(i64 3, i8* %i.ptr)
; CHECK: store i8 4, i8* %{{[0-9]+}}		; CHECK: store i8 4, i8* %{{[0-9]+}}
; CHECK-NEXT: llvm.lifetime.start		; CHECK-NEXT: llvm.lifetime.start

store volatile i8 0, i8* %i.ptr		store volatile i8 0, i8* %i.ptr
; CHECK: store volatile		; CHECK: store volatile
▲ Show 20 Lines • Show All 48 Lines • ▼ Show 20 Lines	entry:
; Regular variable lifetime intrinsics.		; Regular variable lifetime intrinsics.
%i = alloca i8, align 4 ; Good		%i = alloca i8, align 4 ; Good
%j = alloca i8, align 4 ; Bad		%j = alloca i8, align 4 ; Bad

call void @llvm.lifetime.start(i64 1, i8* %i)		call void @llvm.lifetime.start(i64 1, i8* %i)
; CHECK: store i8 1, i8* %{{[0-9]+}}		; CHECK: store i8 1, i8* %{{[0-9]+}}
; CHECK-NEXT: call void @llvm.lifetime.start		; CHECK-NEXT: call void @llvm.lifetime.start

		call void @llvm.lifetime.end(i64 1, i8* %j)
		; CHECK-DEFAULT-NOT: store i8 -8, i8* %{{[0-9]+}}
		; CHECK-AMBIGUOUS: store i8 -8, i8* %{{[0-9]+}}
		; CHECK-NEXT: call void @llvm.lifetime.end

br i1 %x, label %bb0, label %bb1		br i1 %x, label %bb0, label %bb1

bb0:		bb0:
; CHECK-LABEL: bb0:		; CHECK-LABEL: bb0:

call void @llvm.lifetime.start(i64 1, i8* %j)		call void @llvm.lifetime.start(i64 1, i8* %j)
; CHECK-DEFAULT-NOT: store i8 1, i8* %{{[0-9]+}}		; CHECK-DEFAULT-NOT: store i8 1, i8* %{{[0-9]+}}
; CHECK-AMBIGUOUS: store i8 1, i8* %{{[0-9]+}}		; CHECK-AMBIGUOUS: store i8 1, i8* %{{[0-9]+}}
Show All 22 Lines
; Check that arguments of lifetime may come from phi nodes.		; Check that arguments of lifetime may come from phi nodes.
define void @phi_args(i1 %x) sanitize_address {		define void @phi_args(i1 %x) sanitize_address {
; CHECK-LABEL: define void @phi_args(i1 %x)		; CHECK-LABEL: define void @phi_args(i1 %x)

entry:		entry:
%i = alloca i64, align 4		%i = alloca i64, align 4
%i.ptr = bitcast i64* %i to i8*		%i.ptr = bitcast i64* %i to i8*

; Poison memory in prologue: F1F1F1F1F8F3F3F3		; Poison memory in prologue: F1F1F1F100F3F3F3
; CHECK: store i64 -868082052615769615, i64* %{{[0-9]+}}		; CHECK: store i64 -868083117767659023, i64* %{{[0-9]+}}

call void @llvm.lifetime.start(i64 8, i8* %i.ptr)		call void @llvm.lifetime.start(i64 8, i8* %i.ptr)
; CHECK: store i8 0, i8* %{{[0-9]+}}		; CHECK: store i8 0, i8* %{{[0-9]+}}
; CHECK-NEXT: llvm.lifetime.start		; CHECK-NEXT: llvm.lifetime.start

store volatile i8 0, i8* %i.ptr		store volatile i8 0, i8* %i.ptr
; CHECK: store volatile		; CHECK: store volatile

▲ Show 20 Lines • Show All 69 Lines • Show Last 20 Lines

test/Instrumentation/AddressSanitizer/stack-poisoning-experimental-be.ll

Show First 20 Lines • Show All 60 Lines • ▼ Show 20 Lines	entry:
; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i8]]*		; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i8]]*
; ENTRY-NEXT: store [[TYPE]] -13, [[TYPE]]* [[PTR]], align 1		; ENTRY-NEXT: store [[TYPE]] -13, [[TYPE]]* [[PTR]], align 1

; F1F1F1F1		; F1F1F1F1
; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 0		; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 0
; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]*		; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]*
; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -235802127, [[TYPE]]* [[PTR]], align 1		; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -235802127, [[TYPE]]* [[PTR]], align 1

; F8F8F8...		; 000000...
; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 4		; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 4
; ENTRY-UAS-EXP-NEXT: call void @__asan_set_shadow_f8(i64 [[OFFSET]], i64 82)		; ENTRY-UAS-EXP-NEXT: call void @__asan_set_shadow_00(i64 [[OFFSET]], i64 81)

; F2F2F2F2F2F2F2F2		; F2F2F2F2F2F2F202
; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 86		; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 85
; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]*		; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]*
; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -940422246894996750, [[TYPE]]* [[PTR]], align 1		; ENTRY-UAS-EXP-NEXT: store [[TYPE]] 212499257711850226, [[TYPE]]* [[PTR]], align 1

; F2F2F2F2F2F2F2F2		; F2F2F2F2F2F2F2F2
; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 94		; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 93
; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]*		; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]*
; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -940422246894996750, [[TYPE]]* [[PTR]], align 1		; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -940422246894996750, [[TYPE]]* [[PTR]], align 1

; F8F8F2F2F8F8F8F8		; 000000F2F20500F2
; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 102		; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 101
; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]*		; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]*
; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -506387832706107144, [[TYPE]]* [[PTR]], align 1		; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -1008799775530680320, [[TYPE]]* [[PTR]], align 1

; F8F3F3F3		; F3F30000
; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 110		; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 109
; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]*		; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]*
; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -118230029, [[TYPE]]* [[PTR]], align 1		; ENTRY-UAS-EXP-NEXT: store [[TYPE]] 62451, [[TYPE]]* [[PTR]], align 1

; F3F3		; F3F3
; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 114		; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 113
; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i16]]*		; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i16]]*
; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -3085, [[TYPE]]* [[PTR]], align 1		; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -3085, [[TYPE]]* [[PTR]], align 1

; CHECK-LABEL: %xx = getelementptr inbounds		; CHECK-LABEL: %xx = getelementptr inbounds
; CHECK-NEXT: %yy = getelementptr inbounds		; CHECK-NEXT: %yy = getelementptr inbounds
; CHECK-NEXT: %zz = getelementptr inbounds		; CHECK-NEXT: %zz = getelementptr inbounds


▲ Show 20 Lines • Show All 222 Lines • Show Last 20 Lines

test/Instrumentation/AddressSanitizer/stack-poisoning-experimental.ll

Show First 20 Lines • Show All 60 Lines • ▼ Show 20 Lines	entry:
; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i8]]*		; ENTRY-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i8]]*
; ENTRY-NEXT: store [[TYPE]] -13, [[TYPE]]* [[PTR]], align 1		; ENTRY-NEXT: store [[TYPE]] -13, [[TYPE]]* [[PTR]], align 1

; F1F1F1F1		; F1F1F1F1
; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 0		; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 0
; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]*		; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]*
; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -235802127, [[TYPE]]* [[PTR]], align 1		; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -235802127, [[TYPE]]* [[PTR]], align 1

; F8F8F8...		; 000000...
; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 4		; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 4
; ENTRY-UAS-EXP-NEXT: call void @__asan_set_shadow_f8(i64 [[OFFSET]], i64 82)		; ENTRY-UAS-EXP-NEXT: call void @__asan_set_shadow_00(i64 [[OFFSET]], i64 81)

; F2F2F2F2F2F2F2F2		; 02F2F2F2F2F2F2F2
; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 86		; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 85
; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]*		; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]*
; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -940422246894996750, [[TYPE]]* [[PTR]], align 1		; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -940422246894996990, [[TYPE]]* [[PTR]], align 1

; F2F2F2F2F2F2F2F2		; F2F2F2F2F2F2F2F2
; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 94		; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 93
; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]*		; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]*
; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -940422246894996750, [[TYPE]]* [[PTR]], align 1		; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -940422246894996750, [[TYPE]]* [[PTR]], align 1

; F8F8F2F2F8F8F8F8		; F20005F2F2000000
; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 102		; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 101
; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]*		; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i64]]*
; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -506381209967593224, [[TYPE]]* [[PTR]], align 1		; ENTRY-UAS-EXP-NEXT: store [[TYPE]] 1043442499826, [[TYPE]]* [[PTR]], align 1

; F8F3F3F3		; 0000F3F3
; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 110		; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 109
; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]*		; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i32]]*
; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -202116104, [[TYPE]]* [[PTR]], align 1		; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -202178560, [[TYPE]]* [[PTR]], align 1

; F3F3		; F3F3
; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 114		; ENTRY-UAS-EXP-NEXT: [[OFFSET:%[0-9]+]] = add i64 [[SHADOW_BASE]], 113
; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i16]]*		; ENTRY-UAS-EXP-NEXT: [[PTR:%[0-9]+]] = inttoptr i64 [[OFFSET]] to [[TYPE:i16]]*
; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -3085, [[TYPE]]* [[PTR]], align 1		; ENTRY-UAS-EXP-NEXT: store [[TYPE]] -3085, [[TYPE]]* [[PTR]], align 1

; CHECK-LABEL: %xx = getelementptr inbounds		; CHECK-LABEL: %xx = getelementptr inbounds
; CHECK-NEXT: %yy = getelementptr inbounds		; CHECK-NEXT: %yy = getelementptr inbounds
; CHECK-NEXT: %zz = getelementptr inbounds		; CHECK-NEXT: %zz = getelementptr inbounds


▲ Show 20 Lines • Show All 222 Lines • Show Last 20 Lines