This is an archive of the discontinued LLVM Phabricator instance.

Differential D26177

[tsan] Add support for C++ exceptions into TSan (call __tsan_func_exit during unwinding)
ClosedPublic

Authored by kubamracek on Oct 31 2016, 5:49 PM.

Details

Reviewers
kcc
dvyukov
rnk
Commits
rGddfdba3b01fa: [tsan] Add support for C++ exceptions into TSan (call __tsan_func_exit during…
rGb0dd454a1aab: [tsan] Add support for C++ exceptions into TSan (call __tsan_func_exit during…
rCRT286894: [tsan] Add support for C++ exceptions into TSan (call __tsan_func_exit during…
rL286894: [tsan] Add support for C++ exceptions into TSan (call __tsan_func_exit during…
rL286893: [tsan] Add support for C++ exceptions into TSan (call __tsan_func_exit during…
Summary

This patch is a re-incarnation of https://reviews.llvm.org/D10740 (which seems to be abandoned now). This adds support for TSan C++ exception handling, where we need to add extra calls to __tsan_func_exit when a function is exitted via exception mechanisms. Otherwise the shadow stack gets corrupted (leaked). There is an existing implementation that finds all possible function exit points, and adds extra EH cleanup blocks where needed.

I moved the implementation of EscapeEnumerator to a header file, but note that I made one change, which is the addition of the II->setDebugLoc(CI->getDebugLoc()); line. This makes sure we don't lose debug information.

Diff Detail

Repository
rL LLVM

Event Timeline

kubamracek updated this revision to Diff 76509.Oct 31 2016, 5:49 PM
kubamracek retitled this revision from to [tsan] Add support for C++ exceptions into TSan (call __tsan_func_exit during unwinding).
kubamracek updated this object.
kubamracek added reviewers: dvyukov, kcc, rnk.
kubamracek set the repository for this revision to rL LLVM.
kubamracek added a project: Restricted Project.
kubamracek added subscribers: llvm-commits, zaks.anna.
kubamracek added a comment.Nov 1 2016, 3:31 PM

Also note that this change increases the code size of TSanified binaries, roughly by 10-20%.

rnk edited edge metadata.Nov 2 2016, 10:06 AM
In D26177#585299, @kubabrecka wrote:

Also note that this change increases the code size of TSanified binaries, roughly by 10-20%.

I don't expect there will be any increase in code size if -fno-exceptions is set, because all functions will be marked nounwind, so we won't do the call-to-invoke transformation.

include/llvm/Transforms/Utils/EscapeEnumerator.h
30–31 ↗(On Diff #76509)

The state machine is superfluous, it only has two real states: 1 (running) and 2 (done). The state 0 logic could be handled in the constructor by setting StateBB and StateE. Mind killing the switch and this comment, assuming we don't implement the code size optimization I described below?

45 ↗(On Diff #76509)

The implementation of Next should not live in a header.

54 ↗(On Diff #76509)

LLVM_FALLTHROUGH would help me understand what's supposed to happen here.

74–76 ↗(On Diff #76509)

Range-based for?

78–79 ↗(On Diff #76509)

The right way to ask this is !CI->doesNotThrow(). I'm surprised we don't have a non-virtual override of Instruction::mayThrow in CallInst, but whatever.

92 ↗(On Diff #76509)

This isn't going to be right everywhere. You probably want to add some function to lib/Analysis/EHPersonalities.cpp to pick a good default based on the target triple.

97 ↗(On Diff #76509)

A landingpad instruction would be wrong on Windows, you would want to insert a cleanuppad that unwinds to the caller. For now I think it would be OK to report_fatal_error if isFuncletEHPersonality(classifyEHPersonality(PersFn)) is true.

122 ↗(On Diff #76509)

This fails to handle operand bundles on calls. We should factor this logic out of the inliner, which gets it 100% correct, into lib/Transforms/Util/Local.cpp next to changeToCall, and use it from here.

lib/Transforms/Instrumentation/ThreadSanitizer.cpp
448–449 ↗(On Diff #76509)

This is probably outside the scope of this patch, but is this really what you want to do? Instead of inserting a call before every return, you could create a new single return block with only one call. That might be better for code size. The same is true for resumes: you can make all resumes a jump to the same resume block, and then you only need one exit call, for a total of two calls per function, max.

Actually, this gives me a maybe too clever idea for code size reduction... what if we had __tsan_func_exit check if we are unwinding and call _Unwind_Resume from there? We'd still have binary size increase from the LSDA and we probably couldn't eliminate the landingpad basic block, but it's an interesting idea.

kubamracek added a comment.Nov 2 2016, 11:03 AM

Note that I'm just moving the code for EscapeEnumerator, which is some pretty old code (r45670), and I'd CC the author, but I don't think he works on LLVM anymore. Anyway, thanks for the review, I'll update the patch!

kubamracek updated this revision to Diff 76796.Nov 2 2016, 3:12 PM
kubamracek edited edge metadata.
kubamracek removed rL LLVM as the repository for this revision.

Updating patch. Added some helper function to EHPersonalitites.h/.cpp. I still kept getDefaultEHPersonality always return EHPersonality::GNU_C -- please advise what the behavior should be. Annotated all TSan callbacks as "nounwind", which means we don't need to transform leaf functions. Extracted the BB splitting and CallInst-to-InvokeInst logic from InlineFunction.cpp into Utils/Local.cpp. Removed the state machine from EscapeEnumerator.

I'll look into the size optimizations later, but shouldn't the optimizer already do what you describe for higher -O levels?

Herald added subscribers: modocache, mgorny. · View Herald TranscriptNov 2 2016, 3:12 PM
rnk added a comment.Nov 2 2016, 3:34 PM

Looks good to me, but we should probably wait to see if Dmitry has any concerns about turning this on by default.

In D26177#586077, @kubabrecka wrote:

Note that I'm just moving the code for EscapeEnumerator, which is some pretty old code (r45670), and I'd CC the author, but I don't think he works on LLVM anymore. Anyway, thanks for the review, I'll update the patch!

Yeah, I noticed that after I got halfway through it, and then I felt like it was still worth a good rewrite. :)

dvyukov edited edge metadata.Nov 8 2016, 4:42 PM
  1. Please add tsan pass flag that turns exception interception off. We may need to disable it during deployment if it causes instability, compilation errors or too large binary increase.
  1. Are we sure that longjmp won't cause double call to __tsan_func_exit? At least MSVC longjmp will unwind stack and call destructors, which will most likely lead to double exit calls. Linux docs are vague in this regard. Not sure about mac.
projects/compiler-rt/test/tsan/exceptions.cc
111 ↗(On Diff #76796)

More than 80 columns. Please fix.

kubamracek added a comment.Nov 8 2016, 5:14 PM
In D26177#590185, @dvyukov wrote:
  1. Please add tsan pass flag that turns exception interception off. We may need to disable it during deployment if it causes instability, compilation errors or too large binary increase.

Will do. What's "too large" for you? This does cause increases, which are larger in -O0 builds.

  1. Are we sure that longjmp won't cause double call to __tsan_func_exit? At least MSVC longjmp will unwind stack and call destructors, which will most likely lead to double exit calls. Linux docs are vague in this regard. Not sure about mac.

I'll try to check. Besides longjmp, do you have some particular scenario that's worth adding a testcase for?

dvyukov added a comment.Nov 8 2016, 5:24 PM
In D26177#590243, @kubabrecka wrote:
In D26177#590185, @dvyukov wrote:
  1. Please add tsan pass flag that turns exception interception off. We may need to disable it during deployment if it causes instability, compilation errors or too large binary increase.

Will do. What's "too large" for you? This does cause increases, which are larger in -O0 builds.

Any increase will cause some failures. We should have -fno-exceptions for most binaries, but maybe not for all.

  1. Are we sure that longjmp won't cause double call to __tsan_func_exit? At least MSVC longjmp will unwind stack and call destructors, which will most likely lead to double exit calls. Linux docs are vague in this regard. Not sure about mac.

I'll try to check. Besides longjmp, do you have some particular scenario that's worth adding a testcase for?

Can't think of anything else.

rnk added a comment.Nov 9 2016, 11:32 AM

Maybe there's a better way to do this. What if we wrote a custom personality function in the TSan RTL that wraps the normal personality function variants, and calls __tsan_func_exit internally? We can definitely do this for now, but it might be nice to experiment with the custom personality to win back the 10% code size bloat here.

kubamracek updated this revision to Diff 77571.Nov 10 2016, 4:38 PM
kubamracek edited edge metadata.

Updating patch:

  • added a switch to turn this off
  • added a testcase for the IR transformations and for the switch
  • added two testcase for setjmp/longjmp
  • changed EscapeEnumerator to have an "HandleExceptions" argument (default true)
  • changed EscapeEnumerator to not insert EH landingpads when the function itself is nounwind
kubamracek added a comment.Nov 10 2016, 4:45 PM

I tested the setjmp/longjmp and it's okay on Darwin and Linux. Since this C++ exceptions support doesn't support exceptions on Windows, I didn't even try that. Reid, could you test this patch for me if it breaks compilation on Windows?

I'm also not sure what does it mean when a nounwind function calls something that's not nounwind. Should we instrument in this case?

Lastly, do you have an example that would trigger this instrumentation, but should not with -fno-exceptions?

rnk added a comment.Nov 10 2016, 4:54 PM
In D26177#592464, @kubabrecka wrote:

I tested the setjmp/longjmp and it's okay on Darwin and Linux. Since this C++ exceptions support doesn't support exceptions on Windows, I didn't even try that. Reid, could you test this patch for me if it breaks compilation on Windows?

I'm not set up to build tsan on Windows, it's only supported for gotsan. Dmitry knows how to build that, maybe he has time to test it.

I'm also not sure what does it mean when a nounwind function calls something that's not nounwind. Should we instrument in this case?

That's UB, so we don't need a cleanup, and we shouldn't insert one.

Lastly, do you have an example that would trigger this instrumentation, but should not with -fno-exceptions?

I think the only way this can happen is if there's a bug in clang or a subsequent IR instrumentation pass that inserts new functions.

dvyukov added a comment.Nov 10 2016, 8:48 PM

I'm not set up to build tsan on Windows, it's only supported for gotsan. Dmitry knows how to build that, maybe he has time to test it.

gotsan uses Go compiler for instrumentation.

dvyukov added a comment.Nov 10 2016, 8:50 PM

I am happy with tsan pass and runtime changes, leaving to Reid for approval.

rnk accepted this revision.Nov 11 2016, 7:24 AM
rnk edited edge metadata.

lgtm

This revision is now accepted and ready to land.Nov 11 2016, 7:24 AM
Closed by commit rL286894: [tsan] Add support for C++ exceptions into TSan (call __tsan_func_exit during… (authored by kuba.brecka). · Explain WhyNov 14 2016, 1:51 PM
Closed by commit rL286893: [tsan] Add support for C++ exceptions into TSan (call __tsan_func_exit during… (authored by kuba.brecka). · Explain Why
This revision was automatically updated to reflect the committed changes.
This revision was automatically updated to reflect the committed changes.
kubamracek added a comment.Nov 14 2016, 2:03 PM

This landed in r286893 (LLVM) and r286894 (compiler-rt). Thanks for reviewing!

Revision Contents

PathSize
llvm/
trunk/
include/
llvm/
Analysis/
5 lines
Transforms/
Utils/
49 lines
7 lines
lib/
Analysis/
23 lines
CodeGen/
116 lines
Transforms/
Instrumentation/
68 lines
Utils/
1 line
96 lines
32 lines
37 lines
test/
Instrumentation/
ThreadSanitizer/
57 lines
2 lines
2 lines
14 lines

Diff 77881

llvm/trunk/include/llvm/Analysis/EHPersonalities.h

//===- EHPersonalities.h - Compute EH-related information -----------------===// //===- EHPersonalities.h - Compute EH-related information -----------------===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_ANALYSIS_EHPERSONALITIES_H #ifndef LLVM_ANALYSIS_EHPERSONALITIES_H
#define LLVM_ANALYSIS_EHPERSONALITIES_H #define LLVM_ANALYSIS_EHPERSONALITIES_H
#include "llvm/ADT/DenseMap.h" #include "llvm/ADT/DenseMap.h"
#include "llvm/ADT/TinyPtrVector.h" #include "llvm/ADT/TinyPtrVector.h"
#include "llvm/ADT/Triple.h"
#include "llvm/Support/ErrorHandling.h" #include "llvm/Support/ErrorHandling.h"
namespace llvm { namespace llvm {
class BasicBlock; class BasicBlock;
class Function; class Function;
class Value; class Value;
enum class EHPersonality { enum class EHPersonality {
Show All 11 Linesenum class EHPersonality {
Rust Rust
}; };
/// \brief See if the given exception handling personality function is one /// \brief See if the given exception handling personality function is one
/// that we understand. If so, return a description of it; otherwise return /// that we understand. If so, return a description of it; otherwise return
/// Unknown. /// Unknown.
EHPersonality classifyEHPersonality(const Value *Pers); EHPersonality classifyEHPersonality(const Value *Pers);
StringRef getEHPersonalityName(EHPersonality Pers);
EHPersonality getDefaultEHPersonality(const Triple &T);
/// \brief Returns true if this personality function catches asynchronous /// \brief Returns true if this personality function catches asynchronous
/// exceptions. /// exceptions.
inline bool isAsynchronousEHPersonality(EHPersonality Pers) { inline bool isAsynchronousEHPersonality(EHPersonality Pers) {
// The two SEH personality functions can catch asynch exceptions. We assume // The two SEH personality functions can catch asynch exceptions. We assume
// unknown personalities don't catch asynch exceptions. // unknown personalities don't catch asynch exceptions.
switch (Pers) { switch (Pers) {
case EHPersonality::MSVC_X86SEH: case EHPersonality::MSVC_X86SEH:
case EHPersonality::MSVC_Win64SEH: case EHPersonality::MSVC_Win64SEH:
▲ Show 20 LinesShow All 48 LinesShow Last 20 Lines

llvm/trunk/include/llvm/Transforms/Utils/EscapeEnumerator.h

//===-- EscapeEnumerator.h --------------------------------------*- C++ -*-===//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
//
// Defines a helper class that enumerates all possible exits from a function,
// including exception handling.
//
//===----------------------------------------------------------------------===//
#ifndef LLVM_TRANSFORMS_UTILS_ESCAPEENUMERATOR_H
#define LLVM_TRANSFORMS_UTILS_ESCAPEENUMERATOR_H
#include "llvm/IR/IRBuilder.h"
#include "llvm/IR/Function.h"
namespace llvm {
/// EscapeEnumerator - This is a little algorithm to find all escape points
/// from a function so that "finally"-style code can be inserted. In addition
/// to finding the existing return and unwind instructions, it also (if
/// necessary) transforms any call instructions into invokes and sends them to
/// a landing pad.
class EscapeEnumerator {
Function &F;
const char *CleanupBBName;
Function::iterator StateBB, StateE;
IRBuilder<> Builder;
bool Done;
bool HandleExceptions;
public:
EscapeEnumerator(Function &F, const char *N = "cleanup",
bool HandleExceptions = true)
: F(F), CleanupBBName(N), StateBB(F.begin()), StateE(F.end()),
Builder(F.getContext()), Done(false),
HandleExceptions(HandleExceptions) {}
IRBuilder<> *Next();
};
}
#endif // LLVM_TRANSFORMS_UTILS_ESCAPEENUMERATOR_H

llvm/trunk/include/llvm/Transforms/Utils/Local.h

Show First 20 LinesShow All 308 Lines▼ Show 20 Lines
/// Remove all instructions from a basic block other than it's terminator /// Remove all instructions from a basic block other than it's terminator
/// and any present EH pad instructions. /// and any present EH pad instructions.
unsigned removeAllNonTerminatorAndEHPadInstructions(BasicBlock *BB); unsigned removeAllNonTerminatorAndEHPadInstructions(BasicBlock *BB);
/// Insert an unreachable instruction before the specified /// Insert an unreachable instruction before the specified
/// instruction, making it and the rest of the code in the block dead. /// instruction, making it and the rest of the code in the block dead.
unsigned changeToUnreachable(Instruction *I, bool UseLLVMTrap); unsigned changeToUnreachable(Instruction *I, bool UseLLVMTrap);
/// Convert the CallInst to InvokeInst with the specified unwind edge basic
/// block. This also splits the basic block where CI is located, because
/// InvokeInst is a terminator instruction. Returns the newly split basic
/// block.
BasicBlock *changeToInvokeAndSplitBasicBlock(CallInst *CI,
BasicBlock *UnwindEdge);
/// Replace 'BB's terminator with one that does not have an unwind successor /// Replace 'BB's terminator with one that does not have an unwind successor
/// block. Rewrites `invoke` to `call`, etc. Updates any PHIs in unwind /// block. Rewrites `invoke` to `call`, etc. Updates any PHIs in unwind
/// successor. /// successor.
/// ///
/// \param BB Block whose terminator will be replaced. Its terminator must /// \param BB Block whose terminator will be replaced. Its terminator must
/// have an unwind successor. /// have an unwind successor.
void removeUnwindEdge(BasicBlock *BB); void removeUnwindEdge(BasicBlock *BB);
▲ Show 20 LinesShow All 69 LinesShow Last 20 Lines

llvm/trunk/lib/Analysis/EHPersonalities.cpp

Show All 34 Lines return StringSwitch<EHPersonality>(F->getName())
.Case("_except_handler4", EHPersonality::MSVC_X86SEH) .Case("_except_handler4", EHPersonality::MSVC_X86SEH)
.Case("__C_specific_handler", EHPersonality::MSVC_Win64SEH) .Case("__C_specific_handler", EHPersonality::MSVC_Win64SEH)
.Case("__CxxFrameHandler3", EHPersonality::MSVC_CXX) .Case("__CxxFrameHandler3", EHPersonality::MSVC_CXX)
.Case("ProcessCLRException", EHPersonality::CoreCLR) .Case("ProcessCLRException", EHPersonality::CoreCLR)
.Case("rust_eh_personality", EHPersonality::Rust) .Case("rust_eh_personality", EHPersonality::Rust)
.Default(EHPersonality::Unknown); .Default(EHPersonality::Unknown);
} }
StringRef llvm::getEHPersonalityName(EHPersonality Pers) {
switch (Pers) {
case EHPersonality::GNU_Ada: return "__gnat_eh_personality";
case EHPersonality::GNU_CXX: return "__gxx_personality_v0";
case EHPersonality::GNU_CXX_SjLj: return "__gxx_personality_sj0";
case EHPersonality::GNU_C: return "__gcc_personality_v0";
case EHPersonality::GNU_C_SjLj: return "__gcc_personality_sj0";
case EHPersonality::GNU_ObjC: return "__objc_personality_v0";
case EHPersonality::MSVC_X86SEH: return "_except_handler3";
case EHPersonality::MSVC_Win64SEH: return "__C_specific_handler";
case EHPersonality::MSVC_CXX: return "__CxxFrameHandler3";
case EHPersonality::CoreCLR: return "ProcessCLRException";
case EHPersonality::Rust: return "rust_eh_personality";
case EHPersonality::Unknown: llvm_unreachable("Unknown EHPersonality!");
}
llvm_unreachable("Invalid EHPersonality!");
}
EHPersonality llvm::getDefaultEHPersonality(const Triple &T) {
return EHPersonality::GNU_C;
}
bool llvm::canSimplifyInvokeNoUnwind(const Function *F) { bool llvm::canSimplifyInvokeNoUnwind(const Function *F) {
EHPersonality Personality = classifyEHPersonality(F->getPersonalityFn()); EHPersonality Personality = classifyEHPersonality(F->getPersonalityFn());
// We can't simplify any invokes to nounwind functions if the personality // We can't simplify any invokes to nounwind functions if the personality
// function wants to catch asynch exceptions. The nounwind attribute only // function wants to catch asynch exceptions. The nounwind attribute only
// implies that the function does not throw synchronous exceptions. // implies that the function does not throw synchronous exceptions.
return !isAsynchronousEHPersonality(Personality); return !isAsynchronousEHPersonality(Personality);
} }
▲ Show 20 LinesShow All 59 LinesShow Last 20 Lines

llvm/trunk/lib/CodeGen/ShadowStackGCLowering.cpp

Show All 17 Lines
#include "llvm/CodeGen/Passes.h" #include "llvm/CodeGen/Passes.h"
#include "llvm/ADT/StringExtras.h" #include "llvm/ADT/StringExtras.h"
#include "llvm/CodeGen/GCStrategy.h" #include "llvm/CodeGen/GCStrategy.h"
#include "llvm/IR/CallSite.h" #include "llvm/IR/CallSite.h"
#include "llvm/IR/IRBuilder.h" #include "llvm/IR/IRBuilder.h"
#include "llvm/IR/IntrinsicInst.h" #include "llvm/IR/IntrinsicInst.h"
#include "llvm/IR/Module.h" #include "llvm/IR/Module.h"
#include "llvm/Transforms/Utils/EscapeEnumerator.h"
using namespace llvm; using namespace llvm;
#define DEBUG_TYPE "shadowstackgclowering" #define DEBUG_TYPE "shadowstackgclowering"
namespace { namespace {
class ShadowStackGCLowering : public FunctionPass { class ShadowStackGCLowering : public FunctionPass {
▲ Show 20 LinesShow All 42 Lines▼ Show 20 Lines
char ShadowStackGCLowering::ID = 0; char ShadowStackGCLowering::ID = 0;
ShadowStackGCLowering::ShadowStackGCLowering() ShadowStackGCLowering::ShadowStackGCLowering()
: FunctionPass(ID), Head(nullptr), StackEntryTy(nullptr), : FunctionPass(ID), Head(nullptr), StackEntryTy(nullptr),
FrameMapTy(nullptr) { FrameMapTy(nullptr) {
initializeShadowStackGCLoweringPass(*PassRegistry::getPassRegistry()); initializeShadowStackGCLoweringPass(*PassRegistry::getPassRegistry());
} }
namespace {
/// EscapeEnumerator - This is a little algorithm to find all escape points
/// from a function so that "finally"-style code can be inserted. In addition
/// to finding the existing return and unwind instructions, it also (if
/// necessary) transforms any call instructions into invokes and sends them to
/// a landing pad.
///
/// It's wrapped up in a state machine using the same transform C# uses for
/// 'yield return' enumerators, This transform allows it to be non-allocating.
class EscapeEnumerator {
Function &F;
const char *CleanupBBName;
// State.
int State;
Function::iterator StateBB, StateE;
IRBuilder<> Builder;
public:
EscapeEnumerator(Function &F, const char *N = "cleanup")
: F(F), CleanupBBName(N), State(0), Builder(F.getContext()) {}
IRBuilder<> *Next() {
switch (State) {
default:
return nullptr;
case 0:
StateBB = F.begin();
StateE = F.end();
State = 1;
case 1:
// Find all 'return', 'resume', and 'unwind' instructions.
while (StateBB != StateE) {
BasicBlock *CurBB = &*StateBB++;
// Branches and invokes do not escape, only unwind, resume, and return
// do.
TerminatorInst *TI = CurBB->getTerminator();
if (!isa<ReturnInst>(TI) && !isa<ResumeInst>(TI))
continue;
Builder.SetInsertPoint(TI);
return &Builder;
}
State = 2;
// Find all 'call' instructions.
SmallVector<Instruction *, 16> Calls;
for (Function::iterator BB = F.begin(), E = F.end(); BB != E; ++BB)
for (BasicBlock::iterator II = BB->begin(), EE = BB->end(); II != EE;
++II)
if (CallInst *CI = dyn_cast<CallInst>(II))
if (!CI->getCalledFunction() ||
!CI->getCalledFunction()->getIntrinsicID())
Calls.push_back(CI);
if (Calls.empty())
return nullptr;
// Create a cleanup block.
LLVMContext &C = F.getContext();
BasicBlock *CleanupBB = BasicBlock::Create(C, CleanupBBName, &F);
Type *ExnTy =
StructType::get(Type::getInt8PtrTy(C), Type::getInt32Ty(C), nullptr);
if (!F.hasPersonalityFn()) {
Constant *PersFn = F.getParent()->getOrInsertFunction(
"__gcc_personality_v0",
FunctionType::get(Type::getInt32Ty(C), true));
F.setPersonalityFn(PersFn);
}
LandingPadInst *LPad =
LandingPadInst::Create(ExnTy, 1, "cleanup.lpad", CleanupBB);
LPad->setCleanup(true);
ResumeInst *RI = ResumeInst::Create(LPad, CleanupBB);
// Transform the 'call' instructions into 'invoke's branching to the
// cleanup block. Go in reverse order to make prettier BB names.
SmallVector<Value *, 16> Args;
for (unsigned I = Calls.size(); I != 0;) {
CallInst *CI = cast<CallInst>(Calls[--I]);
// Split the basic block containing the function call.
BasicBlock *CallBB = CI->getParent();
BasicBlock *NewBB = CallBB->splitBasicBlock(
CI->getIterator(), CallBB->getName() + ".cont");
// Remove the unconditional branch inserted at the end of CallBB.
CallBB->getInstList().pop_back();
NewBB->getInstList().remove(CI);
// Create a new invoke instruction.
Args.clear();
CallSite CS(CI);
Args.append(CS.arg_begin(), CS.arg_end());
InvokeInst *II =
InvokeInst::Create(CI->getCalledValue(), NewBB, CleanupBB, Args,
CI->getName(), CallBB);
II->setCallingConv(CI->getCallingConv());
II->setAttributes(CI->getAttributes());
CI->replaceAllUsesWith(II);
delete CI;
}
Builder.SetInsertPoint(RI);
return &Builder;
}
}
};
}
Constant *ShadowStackGCLowering::GetFrameMap(Function &F) { Constant *ShadowStackGCLowering::GetFrameMap(Function &F) {
// doInitialization creates the abstract type of this value. // doInitialization creates the abstract type of this value.
Type *VoidPtr = Type::getInt8PtrTy(F.getContext()); Type *VoidPtr = Type::getInt8PtrTy(F.getContext());
// Truncate the ShadowStackDescriptor if some metadata is null. // Truncate the ShadowStackDescriptor if some metadata is null.
unsigned NumMeta = 0; unsigned NumMeta = 0;
SmallVector<Constant *, 16> Metadata; SmallVector<Constant *, 16> Metadata;
for (unsigned I = 0; I != Roots.size(); ++I) { for (unsigned I = 0; I != Roots.size(); ++I) {
▲ Show 20 LinesShow All 262 LinesShow Last 20 Lines

llvm/trunk/lib/Transforms/Instrumentation/ThreadSanitizer.cpp

Show All 37 Lines
#include "llvm/IR/Module.h" #include "llvm/IR/Module.h"
#include "llvm/IR/Type.h" #include "llvm/IR/Type.h"
#include "llvm/ProfileData/InstrProf.h" #include "llvm/ProfileData/InstrProf.h"
#include "llvm/Support/CommandLine.h" #include "llvm/Support/CommandLine.h"
#include "llvm/Support/Debug.h" #include "llvm/Support/Debug.h"
#include "llvm/Support/MathExtras.h" #include "llvm/Support/MathExtras.h"
#include "llvm/Support/raw_ostream.h" #include "llvm/Support/raw_ostream.h"
#include "llvm/Transforms/Utils/BasicBlockUtils.h" #include "llvm/Transforms/Utils/BasicBlockUtils.h"
#include "llvm/Transforms/Utils/EscapeEnumerator.h"
#include "llvm/Transforms/Utils/Local.h" #include "llvm/Transforms/Utils/Local.h"
#include "llvm/Transforms/Utils/ModuleUtils.h" #include "llvm/Transforms/Utils/ModuleUtils.h"
using namespace llvm; using namespace llvm;
#define DEBUG_TYPE "tsan" #define DEBUG_TYPE "tsan"
static cl::opt<bool> ClInstrumentMemoryAccesses( static cl::opt<bool> ClInstrumentMemoryAccesses(
"tsan-instrument-memory-accesses", cl::init(true), "tsan-instrument-memory-accesses", cl::init(true),
cl::desc("Instrument memory accesses"), cl::Hidden); cl::desc("Instrument memory accesses"), cl::Hidden);
static cl::opt<bool> ClInstrumentFuncEntryExit( static cl::opt<bool> ClInstrumentFuncEntryExit(
"tsan-instrument-func-entry-exit", cl::init(true), "tsan-instrument-func-entry-exit", cl::init(true),
cl::desc("Instrument function entry and exit"), cl::Hidden); cl::desc("Instrument function entry and exit"), cl::Hidden);
static cl::opt<bool> ClHandleCxxExceptions(
"tsan-handle-cxx-exceptions", cl::init(true),
cl::desc("Handle C++ exceptions (insert cleanup blocks for unwinding)"),
cl::Hidden);
static cl::opt<bool> ClInstrumentAtomics( static cl::opt<bool> ClInstrumentAtomics(
"tsan-instrument-atomics", cl::init(true), "tsan-instrument-atomics", cl::init(true),
cl::desc("Instrument atomics"), cl::Hidden); cl::desc("Instrument atomics"), cl::Hidden);
static cl::opt<bool> ClInstrumentMemIntrinsics( static cl::opt<bool> ClInstrumentMemIntrinsics(
"tsan-instrument-memintrinsics", cl::init(true), "tsan-instrument-memintrinsics", cl::init(true),
cl::desc("Instrument memintrinsics (memset/memcpy/memmove)"), cl::Hidden); cl::desc("Instrument memintrinsics (memset/memcpy/memmove)"), cl::Hidden);
STATISTIC(NumInstrumentedReads, "Number of instrumented reads"); STATISTIC(NumInstrumentedReads, "Number of instrumented reads");
Show All 27 Lines private:
bool instrumentLoadOrStore(Instruction *I, const DataLayout &DL); bool instrumentLoadOrStore(Instruction *I, const DataLayout &DL);
bool instrumentAtomic(Instruction *I, const DataLayout &DL); bool instrumentAtomic(Instruction *I, const DataLayout &DL);
bool instrumentMemIntrinsic(Instruction *I); bool instrumentMemIntrinsic(Instruction *I);
void chooseInstructionsToInstrument(SmallVectorImpl<Instruction *> &Local, void chooseInstructionsToInstrument(SmallVectorImpl<Instruction *> &Local,
SmallVectorImpl<Instruction *> &All, SmallVectorImpl<Instruction *> &All,
const DataLayout &DL); const DataLayout &DL);
bool addrPointsToConstantData(Value *Addr); bool addrPointsToConstantData(Value *Addr);
int getMemoryAccessFuncIndex(Value *Addr, const DataLayout &DL); int getMemoryAccessFuncIndex(Value *Addr, const DataLayout &DL);
void InsertRuntimeIgnores(Function &F, SmallVector<Instruction*, 8> &RetVec); void InsertRuntimeIgnores(Function &F);
Type *IntptrTy; Type *IntptrTy;
IntegerType *OrdTy; IntegerType *OrdTy;
// Callbacks to run-time library are computed in doInitialization. // Callbacks to run-time library are computed in doInitialization.
Function *TsanFuncEntry; Function *TsanFuncEntry;
Function *TsanFuncExit; Function *TsanFuncExit;
Function *TsanIgnoreBegin; Function *TsanIgnoreBegin;
Function *TsanIgnoreEnd; Function *TsanIgnoreEnd;
Show All 34 Lines
} }
FunctionPass *llvm::createThreadSanitizerPass() { FunctionPass *llvm::createThreadSanitizerPass() {
return new ThreadSanitizer(); return new ThreadSanitizer();
} }
void ThreadSanitizer::initializeCallbacks(Module &M) { void ThreadSanitizer::initializeCallbacks(Module &M) {
IRBuilder<> IRB(M.getContext()); IRBuilder<> IRB(M.getContext());
AttributeSet Attr;
Attr = Attr.addAttribute(M.getContext(), AttributeSet::FunctionIndex, Attribute::NoUnwind);
// Initialize the callbacks. // Initialize the callbacks.
TsanFuncEntry = checkSanitizerInterfaceFunction(M.getOrInsertFunction( TsanFuncEntry = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
"__tsan_func_entry", IRB.getVoidTy(), IRB.getInt8PtrTy(), nullptr)); "__tsan_func_entry", Attr, IRB.getVoidTy(), IRB.getInt8PtrTy(), nullptr));
TsanFuncExit = checkSanitizerInterfaceFunction( TsanFuncExit = checkSanitizerInterfaceFunction(
M.getOrInsertFunction("__tsan_func_exit", IRB.getVoidTy(), nullptr)); M.getOrInsertFunction("__tsan_func_exit", Attr, IRB.getVoidTy(), nullptr));
TsanIgnoreBegin = checkSanitizerInterfaceFunction(M.getOrInsertFunction( TsanIgnoreBegin = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
"__tsan_ignore_thread_begin", IRB.getVoidTy(), nullptr)); "__tsan_ignore_thread_begin", Attr, IRB.getVoidTy(), nullptr));
TsanIgnoreEnd = checkSanitizerInterfaceFunction(M.getOrInsertFunction( TsanIgnoreEnd = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
"__tsan_ignore_thread_end", IRB.getVoidTy(), nullptr)); "__tsan_ignore_thread_end", Attr, IRB.getVoidTy(), nullptr));
OrdTy = IRB.getInt32Ty(); OrdTy = IRB.getInt32Ty();
for (size_t i = 0; i < kNumberOfAccessSizes; ++i) { for (size_t i = 0; i < kNumberOfAccessSizes; ++i) {
const unsigned ByteSize = 1U << i; const unsigned ByteSize = 1U << i;
const unsigned BitSize = ByteSize * 8; const unsigned BitSize = ByteSize * 8;
std::string ByteSizeStr = utostr(ByteSize); std::string ByteSizeStr = utostr(ByteSize);
std::string BitSizeStr = utostr(BitSize); std::string BitSizeStr = utostr(BitSize);
SmallString<32> ReadName("__tsan_read" + ByteSizeStr); SmallString<32> ReadName("__tsan_read" + ByteSizeStr);
TsanRead[i] = checkSanitizerInterfaceFunction(M.getOrInsertFunction( TsanRead[i] = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
ReadName, IRB.getVoidTy(), IRB.getInt8PtrTy(), nullptr)); ReadName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy(), nullptr));
SmallString<32> WriteName("__tsan_write" + ByteSizeStr); SmallString<32> WriteName("__tsan_write" + ByteSizeStr);
TsanWrite[i] = checkSanitizerInterfaceFunction(M.getOrInsertFunction( TsanWrite[i] = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
WriteName, IRB.getVoidTy(), IRB.getInt8PtrTy(), nullptr)); WriteName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy(), nullptr));
SmallString<64> UnalignedReadName("__tsan_unaligned_read" + ByteSizeStr); SmallString<64> UnalignedReadName("__tsan_unaligned_read" + ByteSizeStr);
TsanUnalignedRead[i] = TsanUnalignedRead[i] =
checkSanitizerInterfaceFunction(M.getOrInsertFunction( checkSanitizerInterfaceFunction(M.getOrInsertFunction(
UnalignedReadName, IRB.getVoidTy(), IRB.getInt8PtrTy(), nullptr)); UnalignedReadName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy(), nullptr));
SmallString<64> UnalignedWriteName("__tsan_unaligned_write" + ByteSizeStr); SmallString<64> UnalignedWriteName("__tsan_unaligned_write" + ByteSizeStr);
TsanUnalignedWrite[i] = TsanUnalignedWrite[i] =
checkSanitizerInterfaceFunction(M.getOrInsertFunction( checkSanitizerInterfaceFunction(M.getOrInsertFunction(
UnalignedWriteName, IRB.getVoidTy(), IRB.getInt8PtrTy(), nullptr)); UnalignedWriteName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy(), nullptr));
Type *Ty = Type::getIntNTy(M.getContext(), BitSize); Type *Ty = Type::getIntNTy(M.getContext(), BitSize);
Type *PtrTy = Ty->getPointerTo(); Type *PtrTy = Ty->getPointerTo();
SmallString<32> AtomicLoadName("__tsan_atomic" + BitSizeStr + "_load"); SmallString<32> AtomicLoadName("__tsan_atomic" + BitSizeStr + "_load");
TsanAtomicLoad[i] = checkSanitizerInterfaceFunction( TsanAtomicLoad[i] = checkSanitizerInterfaceFunction(
M.getOrInsertFunction(AtomicLoadName, Ty, PtrTy, OrdTy, nullptr)); M.getOrInsertFunction(AtomicLoadName, Attr, Ty, PtrTy, OrdTy, nullptr));
SmallString<32> AtomicStoreName("__tsan_atomic" + BitSizeStr + "_store"); SmallString<32> AtomicStoreName("__tsan_atomic" + BitSizeStr + "_store");
TsanAtomicStore[i] = checkSanitizerInterfaceFunction(M.getOrInsertFunction( TsanAtomicStore[i] = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
AtomicStoreName, IRB.getVoidTy(), PtrTy, Ty, OrdTy, nullptr)); AtomicStoreName, Attr, IRB.getVoidTy(), PtrTy, Ty, OrdTy, nullptr));
for (int op = AtomicRMWInst::FIRST_BINOP; for (int op = AtomicRMWInst::FIRST_BINOP;
op <= AtomicRMWInst::LAST_BINOP; ++op) { op <= AtomicRMWInst::LAST_BINOP; ++op) {
TsanAtomicRMW[op][i] = nullptr; TsanAtomicRMW[op][i] = nullptr;
const char *NamePart = nullptr; const char *NamePart = nullptr;
if (op == AtomicRMWInst::Xchg) if (op == AtomicRMWInst::Xchg)
NamePart = "_exchange"; NamePart = "_exchange";
else if (op == AtomicRMWInst::Add) else if (op == AtomicRMWInst::Add)
NamePart = "_fetch_add"; NamePart = "_fetch_add";
else if (op == AtomicRMWInst::Sub) else if (op == AtomicRMWInst::Sub)
NamePart = "_fetch_sub"; NamePart = "_fetch_sub";
else if (op == AtomicRMWInst::And) else if (op == AtomicRMWInst::And)
NamePart = "_fetch_and"; NamePart = "_fetch_and";
else if (op == AtomicRMWInst::Or) else if (op == AtomicRMWInst::Or)
NamePart = "_fetch_or"; NamePart = "_fetch_or";
else if (op == AtomicRMWInst::Xor) else if (op == AtomicRMWInst::Xor)
NamePart = "_fetch_xor"; NamePart = "_fetch_xor";
else if (op == AtomicRMWInst::Nand) else if (op == AtomicRMWInst::Nand)
NamePart = "_fetch_nand"; NamePart = "_fetch_nand";
else else
continue; continue;
SmallString<32> RMWName("__tsan_atomic" + itostr(BitSize) + NamePart); SmallString<32> RMWName("__tsan_atomic" + itostr(BitSize) + NamePart);
TsanAtomicRMW[op][i] = checkSanitizerInterfaceFunction( TsanAtomicRMW[op][i] = checkSanitizerInterfaceFunction(
M.getOrInsertFunction(RMWName, Ty, PtrTy, Ty, OrdTy, nullptr)); M.getOrInsertFunction(RMWName, Attr, Ty, PtrTy, Ty, OrdTy, nullptr));
} }
SmallString<32> AtomicCASName("__tsan_atomic" + BitSizeStr + SmallString<32> AtomicCASName("__tsan_atomic" + BitSizeStr +
"_compare_exchange_val"); "_compare_exchange_val");
TsanAtomicCAS[i] = checkSanitizerInterfaceFunction(M.getOrInsertFunction( TsanAtomicCAS[i] = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
AtomicCASName, Ty, PtrTy, Ty, Ty, OrdTy, OrdTy, nullptr)); AtomicCASName, Attr, Ty, PtrTy, Ty, Ty, OrdTy, OrdTy, nullptr));
} }
TsanVptrUpdate = checkSanitizerInterfaceFunction( TsanVptrUpdate = checkSanitizerInterfaceFunction(
M.getOrInsertFunction("__tsan_vptr_update", IRB.getVoidTy(), M.getOrInsertFunction("__tsan_vptr_update", Attr, IRB.getVoidTy(),
IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), nullptr)); IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), nullptr));
TsanVptrLoad = checkSanitizerInterfaceFunction(M.getOrInsertFunction( TsanVptrLoad = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
"__tsan_vptr_read", IRB.getVoidTy(), IRB.getInt8PtrTy(), nullptr)); "__tsan_vptr_read", Attr, IRB.getVoidTy(), IRB.getInt8PtrTy(), nullptr));
TsanAtomicThreadFence = checkSanitizerInterfaceFunction(M.getOrInsertFunction( TsanAtomicThreadFence = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
"__tsan_atomic_thread_fence", IRB.getVoidTy(), OrdTy, nullptr)); "__tsan_atomic_thread_fence", Attr, IRB.getVoidTy(), OrdTy, nullptr));
TsanAtomicSignalFence = checkSanitizerInterfaceFunction(M.getOrInsertFunction( TsanAtomicSignalFence = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
"__tsan_atomic_signal_fence", IRB.getVoidTy(), OrdTy, nullptr)); "__tsan_atomic_signal_fence", Attr, IRB.getVoidTy(), OrdTy, nullptr));
MemmoveFn = checkSanitizerInterfaceFunction( MemmoveFn = checkSanitizerInterfaceFunction(
M.getOrInsertFunction("memmove", IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), M.getOrInsertFunction("memmove", Attr, IRB.getInt8PtrTy(), IRB.getInt8PtrTy(),
IRB.getInt8PtrTy(), IntptrTy, nullptr)); IRB.getInt8PtrTy(), IntptrTy, nullptr));
MemcpyFn = checkSanitizerInterfaceFunction( MemcpyFn = checkSanitizerInterfaceFunction(
M.getOrInsertFunction("memcpy", IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), M.getOrInsertFunction("memcpy", Attr, IRB.getInt8PtrTy(), IRB.getInt8PtrTy(),
IRB.getInt8PtrTy(), IntptrTy, nullptr)); IRB.getInt8PtrTy(), IntptrTy, nullptr));
MemsetFn = checkSanitizerInterfaceFunction( MemsetFn = checkSanitizerInterfaceFunction(
M.getOrInsertFunction("memset", IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), M.getOrInsertFunction("memset", Attr, IRB.getInt8PtrTy(), IRB.getInt8PtrTy(),
IRB.getInt32Ty(), IntptrTy, nullptr)); IRB.getInt32Ty(), IntptrTy, nullptr));
} }
bool ThreadSanitizer::doInitialization(Module &M) { bool ThreadSanitizer::doInitialization(Module &M) {
const DataLayout &DL = M.getDataLayout(); const DataLayout &DL = M.getDataLayout();
IntptrTy = DL.getIntPtrType(M.getContext()); IntptrTy = DL.getIntPtrType(M.getContext());
std::tie(TsanCtorFunction, std::ignore) = createSanitizerCtorAndInitFunctions( std::tie(TsanCtorFunction, std::ignore) = createSanitizerCtorAndInitFunctions(
M, kTsanModuleCtorName, kTsanInitName, /*InitArgTypes=*/{}, M, kTsanModuleCtorName, kTsanInitName, /*InitArgTypes=*/{},
▲ Show 20 LinesShow All 126 Lines▼ Show 20 Lines if (isa<AtomicRMWInst>(I))
return true; return true;
if (isa<AtomicCmpXchgInst>(I)) if (isa<AtomicCmpXchgInst>(I))
return true; return true;
if (isa<FenceInst>(I)) if (isa<FenceInst>(I))
return true; return true;
return false; return false;
} }
void ThreadSanitizer::InsertRuntimeIgnores(Function &F, void ThreadSanitizer::InsertRuntimeIgnores(Function &F) {
SmallVector<Instruction*, 8> &RetVec) {
IRBuilder<> IRB(F.getEntryBlock().getFirstNonPHI()); IRBuilder<> IRB(F.getEntryBlock().getFirstNonPHI());
IRB.CreateCall(TsanIgnoreBegin); IRB.CreateCall(TsanIgnoreBegin);
for (auto RetInst : RetVec) { EscapeEnumerator EE(F, "tsan_ignore_cleanup", ClHandleCxxExceptions);
IRBuilder<> IRB(RetInst); while (IRBuilder<> *AtExit = EE.Next()) {
IRB.CreateCall(TsanIgnoreEnd); AtExit->CreateCall(TsanIgnoreEnd);
} }
} }
bool ThreadSanitizer::runOnFunction(Function &F) { bool ThreadSanitizer::runOnFunction(Function &F) {
// This is required to prevent instrumenting call to __tsan_init from within // This is required to prevent instrumenting call to __tsan_init from within
// the module constructor. // the module constructor.
if (&F == TsanCtorFunction) if (&F == TsanCtorFunction)
return false; return false;
initializeCallbacks(*F.getParent()); initializeCallbacks(*F.getParent());
SmallVector<Instruction*, 8> RetVec;
SmallVector<Instruction*, 8> AllLoadsAndStores; SmallVector<Instruction*, 8> AllLoadsAndStores;
SmallVector<Instruction*, 8> LocalLoadsAndStores; SmallVector<Instruction*, 8> LocalLoadsAndStores;
SmallVector<Instruction*, 8> AtomicAccesses; SmallVector<Instruction*, 8> AtomicAccesses;
SmallVector<Instruction*, 8> MemIntrinCalls; SmallVector<Instruction*, 8> MemIntrinCalls;
bool Res = false; bool Res = false;
bool HasCalls = false; bool HasCalls = false;
bool SanitizeFunction = F.hasFnAttribute(Attribute::SanitizeThread); bool SanitizeFunction = F.hasFnAttribute(Attribute::SanitizeThread);
const DataLayout &DL = F.getParent()->getDataLayout(); const DataLayout &DL = F.getParent()->getDataLayout();
const TargetLibraryInfo *TLI = const TargetLibraryInfo *TLI =
&getAnalysis<TargetLibraryInfoWrapperPass>().getTLI(); &getAnalysis<TargetLibraryInfoWrapperPass>().getTLI();
// Traverse all instructions, collect loads/stores/returns, check for calls. // Traverse all instructions, collect loads/stores/returns, check for calls.
for (auto &BB : F) { for (auto &BB : F) {
for (auto &Inst : BB) { for (auto &Inst : BB) {
if (isAtomic(&Inst)) if (isAtomic(&Inst))
AtomicAccesses.push_back(&Inst); AtomicAccesses.push_back(&Inst);
else if (isa<LoadInst>(Inst) || isa<StoreInst>(Inst)) else if (isa<LoadInst>(Inst) || isa<StoreInst>(Inst))
LocalLoadsAndStores.push_back(&Inst); LocalLoadsAndStores.push_back(&Inst);
else if (isa<ReturnInst>(Inst))
RetVec.push_back(&Inst);
else if (isa<CallInst>(Inst) || isa<InvokeInst>(Inst)) { else if (isa<CallInst>(Inst) || isa<InvokeInst>(Inst)) {
if (CallInst *CI = dyn_cast<CallInst>(&Inst)) if (CallInst *CI = dyn_cast<CallInst>(&Inst))
maybeMarkSanitizerLibraryCallNoBuiltin(CI, TLI); maybeMarkSanitizerLibraryCallNoBuiltin(CI, TLI);
if (isa<MemIntrinsic>(Inst)) if (isa<MemIntrinsic>(Inst))
MemIntrinCalls.push_back(&Inst); MemIntrinCalls.push_back(&Inst);
HasCalls = true; HasCalls = true;
chooseInstructionsToInstrument(LocalLoadsAndStores, AllLoadsAndStores, chooseInstructionsToInstrument(LocalLoadsAndStores, AllLoadsAndStores,
DL); DL);
Show All 22 Linesbool ThreadSanitizer::runOnFunction(Function &F) {
if (ClInstrumentMemIntrinsics && SanitizeFunction) if (ClInstrumentMemIntrinsics && SanitizeFunction)
for (auto Inst : MemIntrinCalls) { for (auto Inst : MemIntrinCalls) {
Res |= instrumentMemIntrinsic(Inst); Res |= instrumentMemIntrinsic(Inst);
} }
if (F.hasFnAttribute("sanitize_thread_no_checking_at_run_time")) { if (F.hasFnAttribute("sanitize_thread_no_checking_at_run_time")) {
assert(!F.hasFnAttribute(Attribute::SanitizeThread)); assert(!F.hasFnAttribute(Attribute::SanitizeThread));
if (HasCalls) if (HasCalls)
InsertRuntimeIgnores(F, RetVec); InsertRuntimeIgnores(F);
} }
// Instrument function entry/exit points if there were instrumented accesses. // Instrument function entry/exit points if there were instrumented accesses.
if ((Res || HasCalls) && ClInstrumentFuncEntryExit) { if ((Res || HasCalls) && ClInstrumentFuncEntryExit) {
IRBuilder<> IRB(F.getEntryBlock().getFirstNonPHI()); IRBuilder<> IRB(F.getEntryBlock().getFirstNonPHI());
Value *ReturnAddress = IRB.CreateCall( Value *ReturnAddress = IRB.CreateCall(
Intrinsic::getDeclaration(F.getParent(), Intrinsic::returnaddress), Intrinsic::getDeclaration(F.getParent(), Intrinsic::returnaddress),
IRB.getInt32(0)); IRB.getInt32(0));
IRB.CreateCall(TsanFuncEntry, ReturnAddress); IRB.CreateCall(TsanFuncEntry, ReturnAddress);
for (auto RetInst : RetVec) {
IRBuilder<> IRBRet(RetInst); EscapeEnumerator EE(F, "tsan_cleanup", ClHandleCxxExceptions);
IRBRet.CreateCall(TsanFuncExit, {}); while (IRBuilder<> *AtExit = EE.Next()) {
AtExit->CreateCall(TsanFuncExit, {});
} }
Res = true; Res = true;
} }
return Res; return Res;
} }
bool ThreadSanitizer::instrumentLoadOrStore(Instruction *I, bool ThreadSanitizer::instrumentLoadOrStore(Instruction *I,
const DataLayout &DL) { const DataLayout &DL) {
▲ Show 20 LinesShow All 208 LinesShow Last 20 Lines

llvm/trunk/lib/Transforms/Utils/CMakeLists.txt

add_llvm_library(LLVMTransformUtils add_llvm_library(LLVMTransformUtils
ASanStackFrameLayout.cpp ASanStackFrameLayout.cpp
AddDiscriminators.cpp AddDiscriminators.cpp
BasicBlockUtils.cpp BasicBlockUtils.cpp
BreakCriticalEdges.cpp BreakCriticalEdges.cpp
BuildLibCalls.cpp BuildLibCalls.cpp
BypassSlowDivision.cpp BypassSlowDivision.cpp
CloneFunction.cpp CloneFunction.cpp
CloneModule.cpp CloneModule.cpp
CmpInstAnalysis.cpp CmpInstAnalysis.cpp
CodeExtractor.cpp CodeExtractor.cpp
CtorUtils.cpp CtorUtils.cpp
DemoteRegToStack.cpp DemoteRegToStack.cpp
EscapeEnumerator.cpp
Evaluator.cpp Evaluator.cpp
FlattenCFG.cpp FlattenCFG.cpp
FunctionComparator.cpp FunctionComparator.cpp
FunctionImportUtils.cpp FunctionImportUtils.cpp
GlobalStatus.cpp GlobalStatus.cpp
InlineFunction.cpp InlineFunction.cpp
ImportedFunctionsInliningStatistics.cpp ImportedFunctionsInliningStatistics.cpp
InstructionNamer.cpp InstructionNamer.cpp
Show All 37 Lines

llvm/trunk/lib/Transforms/Utils/EscapeEnumerator.cpp

//===- EscapeEnumerator.cpp -----------------------------------------------===//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
//
// Defines a helper class that enumerates all possible exits from a function,
// including exception handling.
//
//===----------------------------------------------------------------------===//
#include "llvm/Transforms/Utils/EscapeEnumerator.h"
#include "llvm/Analysis/EHPersonalities.h"
#include "llvm/IR/CallSite.h"
#include "llvm/IR/Module.h"
#include "llvm/Transforms/Utils/Local.h"
using namespace llvm;
static Constant *getDefaultPersonalityFn(Module *M) {
LLVMContext &C = M->getContext();
Triple T(M->getTargetTriple());
EHPersonality Pers = getDefaultEHPersonality(T);
return M->getOrInsertFunction(getEHPersonalityName(Pers),
FunctionType::get(Type::getInt32Ty(C), true));
}
IRBuilder<> *EscapeEnumerator::Next() {
if (Done)
return nullptr;
// Find all 'return', 'resume', and 'unwind' instructions.
while (StateBB != StateE) {
BasicBlock *CurBB = &*StateBB++;
// Branches and invokes do not escape, only unwind, resume, and return
// do.
TerminatorInst *TI = CurBB->getTerminator();
if (!isa<ReturnInst>(TI) && !isa<ResumeInst>(TI))
continue;
Builder.SetInsertPoint(TI);
return &Builder;
}
Done = true;
if (!HandleExceptions)
return nullptr;
if (F.doesNotThrow())
return nullptr;
// Find all 'call' instructions that may throw.
SmallVector<Instruction *, 16> Calls;
for (BasicBlock &BB : F)
for (Instruction &II : BB)
if (CallInst *CI = dyn_cast<CallInst>(&II))
if (!CI->doesNotThrow())
Calls.push_back(CI);
if (Calls.empty())
return nullptr;
// Create a cleanup block.
LLVMContext &C = F.getContext();
BasicBlock *CleanupBB = BasicBlock::Create(C, CleanupBBName, &F);
Type *ExnTy =
StructType::get(Type::getInt8PtrTy(C), Type::getInt32Ty(C), nullptr);
if (!F.hasPersonalityFn()) {
Constant *PersFn = getDefaultPersonalityFn(F.getParent());
F.setPersonalityFn(PersFn);
}
if (isFuncletEHPersonality(classifyEHPersonality(F.getPersonalityFn()))) {
report_fatal_error("Funclet EH not supported");
}
LandingPadInst *LPad =
LandingPadInst::Create(ExnTy, 1, "cleanup.lpad", CleanupBB);
LPad->setCleanup(true);
ResumeInst *RI = ResumeInst::Create(LPad, CleanupBB);
// Transform the 'call' instructions into 'invoke's branching to the
// cleanup block. Go in reverse order to make prettier BB names.
SmallVector<Value *, 16> Args;
for (unsigned I = Calls.size(); I != 0;) {
CallInst *CI = cast<CallInst>(Calls[--I]);
changeToInvokeAndSplitBasicBlock(CI, CleanupBB);
}
Builder.SetInsertPoint(RI);
return &Builder;
}

llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp

Show First 20 LinesShow All 529 Lines▼ Show 20 Lines#ifndef NDEBUG
else else
MemoKey = FuncletPad; MemoKey = FuncletPad;
assert(FuncletUnwindMap->count(MemoKey) && assert(FuncletUnwindMap->count(MemoKey) &&
(*FuncletUnwindMap)[MemoKey] == UnwindDestToken && (*FuncletUnwindMap)[MemoKey] == UnwindDestToken &&
"must get memoized to avoid confusing later searches"); "must get memoized to avoid confusing later searches");
#endif // NDEBUG #endif // NDEBUG
} }
// Convert this function call into an invoke instruction. First, split the changeToInvokeAndSplitBasicBlock(CI, UnwindEdge);
// basic block.
BasicBlock *Split =
BB->splitBasicBlock(CI->getIterator(), CI->getName() + ".noexc");
// Delete the unconditional branch inserted by splitBasicBlock
BB->getInstList().pop_back();
// Create the new invoke instruction.
SmallVector<Value*, 8> InvokeArgs(CI->arg_begin(), CI->arg_end());
SmallVector<OperandBundleDef, 1> OpBundles;
CI->getOperandBundlesAsDefs(OpBundles);
// Note: we're round tripping operand bundles through memory here, and that
// can potentially be avoided with a cleverer API design that we do not have
// as of this time.
InvokeInst *II =
InvokeInst::Create(CI->getCalledValue(), Split, UnwindEdge, InvokeArgs,
OpBundles, CI->getName(), BB);
II->setDebugLoc(CI->getDebugLoc());
II->setCallingConv(CI->getCallingConv());
II->setAttributes(CI->getAttributes());
// Make sure that anything using the call now uses the invoke! This also
// updates the CallGraph if present, because it uses a WeakVH.
CI->replaceAllUsesWith(II);
// Delete the original call
Split->getInstList().pop_front();
return BB; return BB;
} }
return nullptr; return nullptr;
} }
/// If we inlined an invoke site, we need to convert calls /// If we inlined an invoke site, we need to convert calls
/// in the body of the inlined function into invokes. /// in the body of the inlined function into invokes.
/// ///
▲ Show 20 LinesShow All 1,651 LinesShow Last 20 Lines

llvm/trunk/lib/Transforms/Utils/Local.cpp

Show First 20 LinesShow All 1,402 Lines▼ Show 20 Linesstatic void changeToCall(InvokeInst *II) {
// Follow the call by a branch to the normal destination. // Follow the call by a branch to the normal destination.
BranchInst::Create(II->getNormalDest(), II); BranchInst::Create(II->getNormalDest(), II);
// Update PHI nodes in the unwind destination // Update PHI nodes in the unwind destination
II->getUnwindDest()->removePredecessor(II->getParent()); II->getUnwindDest()->removePredecessor(II->getParent());
II->eraseFromParent(); II->eraseFromParent();
} }
BasicBlock *llvm::changeToInvokeAndSplitBasicBlock(CallInst *CI,
BasicBlock *UnwindEdge) {
BasicBlock *BB = CI->getParent();
// Convert this function call into an invoke instruction. First, split the
// basic block.
BasicBlock *Split =
BB->splitBasicBlock(CI->getIterator(), CI->getName() + ".noexc");
// Delete the unconditional branch inserted by splitBasicBlock
BB->getInstList().pop_back();
// Create the new invoke instruction.
SmallVector<Value *, 8> InvokeArgs(CI->arg_begin(), CI->arg_end());
SmallVector<OperandBundleDef, 1> OpBundles;
CI->getOperandBundlesAsDefs(OpBundles);
// Note: we're round tripping operand bundles through memory here, and that
// can potentially be avoided with a cleverer API design that we do not have
// as of this time.
InvokeInst *II = InvokeInst::Create(CI->getCalledValue(), Split, UnwindEdge,
InvokeArgs, OpBundles, CI->getName(), BB);
II->setDebugLoc(CI->getDebugLoc());
II->setCallingConv(CI->getCallingConv());
II->setAttributes(CI->getAttributes());
// Make sure that anything using the call now uses the invoke! This also
// updates the CallGraph if present, because it uses a WeakVH.
CI->replaceAllUsesWith(II);
// Delete the original call
Split->getInstList().pop_front();
return Split;
}
static bool markAliveBlocks(Function &F, static bool markAliveBlocks(Function &F,
SmallPtrSetImpl<BasicBlock*> &Reachable) { SmallPtrSetImpl<BasicBlock*> &Reachable) {
SmallVector<BasicBlock*, 128> Worklist; SmallVector<BasicBlock*, 128> Worklist;
BasicBlock *BB = &F.front(); BasicBlock *BB = &F.front();
Worklist.push_back(BB); Worklist.push_back(BB);
Reachable.insert(BB); Reachable.insert(BB);
bool Changed = false; bool Changed = false;
▲ Show 20 LinesShow All 608 LinesShow Last 20 Lines

llvm/trunk/test/Instrumentation/ThreadSanitizer/eh.ll

; RUN: opt < %s -tsan -S | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK-EXC
; RUN: opt < %s -tsan -S -tsan-handle-cxx-exceptions=0 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK-NOEXC
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
declare void @can_throw()
declare void @cannot_throw() nounwind
define i32 @func1() sanitize_thread {
call void @can_throw()
ret i32 0
; CHECK-EXC: define i32 @func1()
; CHECK-EXC: call void @__tsan_func_entry
; CHECK-EXC: invoke void @can_throw()
; CHECK-EXC: .noexc:
; CHECK-EXC: call void @__tsan_func_exit()
; CHECK-EXC: ret i32 0
; CHECK-EXC: tsan_cleanup:
; CHECK-EXC: call void @__tsan_func_exit()
; CHECK-EXC: resume
; CHECK-NOEXC: define i32 @func1()
; CHECK-NOEXC: call void @__tsan_func_entry
; CHECK-NOEXC: call void @can_throw()
; CHECK-NOEXC: call void @__tsan_func_exit()
; CHECK-NOEXC: ret i32 0
}
define i32 @func2() sanitize_thread {
call void @cannot_throw()
ret i32 0
; CHECK: define i32 @func2()
; CHECK: call void @__tsan_func_entry
; CHECK: call void @cannot_throw()
; CHECK: call void @__tsan_func_exit()
; CHECK: ret i32 0
}
define i32 @func3(i32* %p) sanitize_thread {
%a = load i32, i32* %p
ret i32 %a
; CHECK: define i32 @func3(i32* %p)
; CHECK: call void @__tsan_func_entry
; CHECK: call void @__tsan_read4
; CHECK: %a = load i32, i32* %p
; CHECK: call void @__tsan_func_exit()
; CHECK: ret i32 %a
}
define i32 @func4() sanitize_thread nounwind {
call void @can_throw()
ret i32 0
; CHECK: define i32 @func4()
; CHECK: call void @__tsan_func_entry
; CHECK: call void @can_throw()
; CHECK: call void @__tsan_func_exit()
; CHECK: ret i32 0
}

llvm/trunk/test/Instrumentation/ThreadSanitizer/no_sanitize_thread.ll

Show All 26 Lines
; CHECK-NEXT: entry: ; CHECK-NEXT: entry:
; CHECK-NEXT: %0 = call i8* @llvm.returnaddress(i32 0) ; CHECK-NEXT: %0 = call i8* @llvm.returnaddress(i32 0)
; CHECK-NEXT: call void @__tsan_func_entry(i8* %0) ; CHECK-NEXT: call void @__tsan_func_entry(i8* %0)
; CHECK-NEXT: call void @foo() ; CHECK-NEXT: call void @foo()
; CHECK-NEXT: %tmp1 = load i32, i32* %a, align 4 ; CHECK-NEXT: %tmp1 = load i32, i32* %a, align 4
; CHECK-NEXT: call void @__tsan_func_exit() ; CHECK-NEXT: call void @__tsan_func_exit()
; CHECK-NEXT: ret i32 %tmp1 ; CHECK-NEXT: ret i32 %tmp1
declare void @foo() declare void @foo() nounwind

llvm/trunk/test/Instrumentation/ThreadSanitizer/sanitize-thread-no-checking.ll

; RUN: opt < %s -tsan -S | FileCheck %s ; RUN: opt < %s -tsan -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define i32 @"\01-[NoCalls dealloc]"(i32* %a) "sanitize_thread_no_checking_at_run_time" { define i32 @"\01-[NoCalls dealloc]"(i32* %a) "sanitize_thread_no_checking_at_run_time" {
entry: entry:
%tmp1 = load i32, i32* %a, align 4 %tmp1 = load i32, i32* %a, align 4
ret i32 %tmp1 ret i32 %tmp1
} }
; CHECK: define i32 @"\01-[NoCalls dealloc]"(i32* %a) ; CHECK: define i32 @"\01-[NoCalls dealloc]"(i32* %a)
; CHECK-NEXT: entry: ; CHECK-NEXT: entry:
; CHECK-NEXT: %tmp1 = load i32, i32* %a, align 4 ; CHECK-NEXT: %tmp1 = load i32, i32* %a, align 4
; CHECK-NEXT: ret i32 %tmp1 ; CHECK-NEXT: ret i32 %tmp1
declare void @"foo"() declare void @"foo"() nounwind
define i32 @"\01-[WithCalls dealloc]"(i32* %a) "sanitize_thread_no_checking_at_run_time" { define i32 @"\01-[WithCalls dealloc]"(i32* %a) "sanitize_thread_no_checking_at_run_time" {
entry: entry:
%tmp1 = load i32, i32* %a, align 4 %tmp1 = load i32, i32* %a, align 4
call void @foo() call void @foo()
ret i32 %tmp1 ret i32 %tmp1
} }
Show All 10 Lines

llvm/trunk/test/Instrumentation/ThreadSanitizer/str-nobuiltin.ll

; Test marking string functions as nobuiltin in thread sanitizer. ; Test marking string functions as nobuiltin in thread sanitizer.
; ;
; RUN: opt < %s -tsan -S | FileCheck %s ; RUN: opt < %s -tsan -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
declare i8* @memchr(i8* %a, i32 %b, i64 %c) declare i8* @memchr(i8* %a, i32 %b, i64 %c) nounwind
declare i32 @memcmp(i8* %a, i8* %b, i64 %c) declare i32 @memcmp(i8* %a, i8* %b, i64 %c) nounwind
declare i32 @strcmp(i8* %a, i8* %b) declare i32 @strcmp(i8* %a, i8* %b) nounwind
declare i8* @strcpy(i8* %a, i8* %b) declare i8* @strcpy(i8* %a, i8* %b) nounwind
declare i8* @stpcpy(i8* %a, i8* %b) declare i8* @stpcpy(i8* %a, i8* %b) nounwind
declare i64 @strlen(i8* %a) declare i64 @strlen(i8* %a) nounwind
declare i64 @strnlen(i8* %a, i64 %b) declare i64 @strnlen(i8* %a, i64 %b) nounwind
; CHECK: call{{.*}}@memchr{{.*}} #[[ATTR:[0-9]+]] ; CHECK: call{{.*}}@memchr{{.*}} #[[ATTR:[0-9]+]]
; CHECK: call{{.*}}@memcmp{{.*}} #[[ATTR]] ; CHECK: call{{.*}}@memcmp{{.*}} #[[ATTR]]
; CHECK: call{{.*}}@strcmp{{.*}} #[[ATTR]] ; CHECK: call{{.*}}@strcmp{{.*}} #[[ATTR]]
; CHECK: call{{.*}}@strcpy{{.*}} #[[ATTR]] ; CHECK: call{{.*}}@strcpy{{.*}} #[[ATTR]]
; CHECK: call{{.*}}@stpcpy{{.*}} #[[ATTR]] ; CHECK: call{{.*}}@stpcpy{{.*}} #[[ATTR]]
; CHECK: call{{.*}}@strlen{{.*}} #[[ATTR]] ; CHECK: call{{.*}}@strlen{{.*}} #[[ATTR]]
; CHECK: call{{.*}}@strnlen{{.*}} #[[ATTR]] ; CHECK: call{{.*}}@strnlen{{.*}} #[[ATTR]]
Show All 12 Lines