This is an archive of the discontinued LLVM Phabricator instance.

Differential D44511

[MSan] Introduce ActualFnStart. NFC
ClosedPublic

Authored by glider on Mar 15 2018, 3:57 AM.

Details

Reviewers
vitalybuka
dvyukov
eugenis
Summary

This is a step towards the upcoming KMSAN implementation patch.
KMSAN is going to prepend a special basic block containing tool-specific calls to each function. Because we still want to instrument the original entry block, we'll need to store it in ActualFnStart.
For MSan this will still be F.getEntryBlock(), whereas for KMSAN it'll contain the second BB.

Diff Detail

Repository
rL LLVM

Event Timeline

glider created this revision.Mar 15 2018, 3:57 AM
Herald added a subscriber: llvm-commits. · View Herald TranscriptMar 15 2018, 3:57 AM
eugenis added a comment.Mar 16 2018, 3:52 PM

What kind of code will this basic block contain? Can it be created later, at the end of instrumentation pass?

glider added a comment.Mar 18 2018, 4:55 AM

This basic block will contain a runtime call, which provides addresses of TLS structs used later in the instrumentation.
If we insert the call late, we'll have to fix all the users of its return values, which is trickier than inserting the call in advance.

vitalybuka added inline comments.Mar 21 2018, 1:26 PM
lib/Transforms/Instrumentation/MemorySanitizer.cpp
741

can you initialize ActualFnStart here?

eugenis accepted this revision.Mar 23 2018, 3:27 PM

Please address Vitaly's comment.

This revision is now accepted and ready to land.Mar 23 2018, 3:27 PM
glider added inline comments.Mar 26 2018, 1:48 AM
lib/Transforms/Instrumentation/MemorySanitizer.cpp
741

Note that this code will finally look like:

if (MS.CompileKernel)
  ActualFnStart = insertKmsanPrologue(F);
else
  ActualFnStart = &F.getEntryBlock();

, so we'll be basically performing some instrumentation in the constructor instead of runOnFunction().
If you're fine with that, I'll proceed, but the ActualFnStart initialization needs to be performed after setting InsertChecks, PropagateShadow, PoisonStack etc., i.e. at the very end of the constructor.
Also, we'll have to move MS.initializeCallbacks(*F.getParent()); into the constructor as well.

glider closed this revision.Mar 28 2018, 4:40 AM

I've moved the initialization of ActualFnStart and callbacks to the end of the constructor and landed r328697.

Revision Contents

PathSize
lib/
Transforms/
Instrumentation/
MemorySanitizer.cpp
MemorySanitizer.cpp.isstore
14 lines

Diff 138520

lib/Transforms/Instrumentation/MemorySanitizer.cpp

Show First 20 LinesShow All 709 Lines▼ Show 20 Lines
/// non-zero. /// non-zero.
struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> { struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {
Function &F; Function &F;
MemorySanitizer &MS; MemorySanitizer &MS;
SmallVector<PHINode *, 16> ShadowPHINodes, OriginPHINodes; SmallVector<PHINode *, 16> ShadowPHINodes, OriginPHINodes;
ValueMap<Value*, Value*> ShadowMap, OriginMap; ValueMap<Value*, Value*> ShadowMap, OriginMap;
std::unique_ptr<VarArgHelper> VAHelper; std::unique_ptr<VarArgHelper> VAHelper;
const TargetLibraryInfo *TLI; const TargetLibraryInfo *TLI;
BasicBlock *ActualFnStart;
// The following flags disable parts of MSan instrumentation based on // The following flags disable parts of MSan instrumentation based on
// blacklist contents and command-line options. // blacklist contents and command-line options.
bool InsertChecks; bool InsertChecks;
bool PropagateShadow; bool PropagateShadow;
bool PoisonStack; bool PoisonStack;
bool PoisonUndef; bool PoisonUndef;
bool CheckReturnValue; bool CheckReturnValue;
struct ShadowOriginAndInsertPoint { struct ShadowOriginAndInsertPoint {
Value *Shadow; Value *Shadow;
Value *Origin; Value *Origin;
Instruction *OrigIns; Instruction *OrigIns;
ShadowOriginAndInsertPoint(Value *S, Value *O, Instruction *I) ShadowOriginAndInsertPoint(Value *S, Value *O, Instruction *I)
: Shadow(S), Origin(O), OrigIns(I) {} : Shadow(S), Origin(O), OrigIns(I) {}
}; };
SmallVector<ShadowOriginAndInsertPoint, 16> InstrumentationList; SmallVector<ShadowOriginAndInsertPoint, 16> InstrumentationList;
SmallVector<StoreInst *, 16> StoreList; SmallVector<StoreInst *, 16> StoreList;
MemorySanitizerVisitor(Function &F, MemorySanitizer &MS) MemorySanitizerVisitor(Function &F, MemorySanitizer &MS)
: F(F), MS(MS), VAHelper(CreateVarArgHelper(F, MS, *this)) { : F(F), MS(MS), VAHelper(CreateVarArgHelper(F, MS, *this)) {
bool SanitizeFunction = F.hasFnAttribute(Attribute::SanitizeMemory); bool SanitizeFunction = F.hasFnAttribute(Attribute::SanitizeMemory);
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

can you initialize ActualFnStart here?

vitalybuka: can you initialize ActualFnStart here?
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Note that this code will finally look like:

if (MS.CompileKernel)
  ActualFnStart = insertKmsanPrologue(F);
else
  ActualFnStart = &F.getEntryBlock();

, so we'll be basically performing some instrumentation in the constructor instead of runOnFunction().
If you're fine with that, I'll proceed, but the ActualFnStart initialization needs to be performed after setting InsertChecks, PropagateShadow, PoisonStack etc., i.e. at the very end of the constructor.
Also, we'll have to move MS.initializeCallbacks(*F.getParent()); into the constructor as well.

glider: Note that this code will finally look like: ``` if (MS.CompileKernel)…
InsertChecks = SanitizeFunction; InsertChecks = SanitizeFunction;
PropagateShadow = SanitizeFunction; PropagateShadow = SanitizeFunction;
PoisonStack = SanitizeFunction && ClPoisonStack; PoisonStack = SanitizeFunction && ClPoisonStack;
PoisonUndef = SanitizeFunction && ClPoisonUndef; PoisonUndef = SanitizeFunction && ClPoisonUndef;
// FIXME: Consider using SpecialCaseList to specify a list of functions that // FIXME: Consider using SpecialCaseList to specify a list of functions that
// must always return fully initialized values. For now, we hardcode "main". // must always return fully initialized values. For now, we hardcode "main".
CheckReturnValue = SanitizeFunction && (F.getName() == "main"); CheckReturnValue = SanitizeFunction && (F.getName() == "main");
TLI = &MS.getAnalysis<TargetLibraryInfoWrapperPass>().getTLI(); TLI = &MS.getAnalysis<TargetLibraryInfoWrapperPass>().getTLI();
▲ Show 20 LinesShow All 177 Lines▼ Show 20 Lines for (const auto &ShadowData : InstrumentationList) {
materializeOneCheck(OrigIns, Shadow, Origin, InstrumentWithCalls); materializeOneCheck(OrigIns, Shadow, Origin, InstrumentWithCalls);
} }
DEBUG(dbgs() << "DONE:\n" << F); DEBUG(dbgs() << "DONE:\n" << F);
} }
/// \brief Add MemorySanitizer instrumentation to a function. /// \brief Add MemorySanitizer instrumentation to a function.
bool runOnFunction() { bool runOnFunction() {
MS.initializeCallbacks(*F.getParent()); MS.initializeCallbacks(*F.getParent());
ActualFnStart = &F.getEntryBlock();
// In the presence of unreachable blocks, we may see Phi nodes with // In the presence of unreachable blocks, we may see Phi nodes with
// incoming nodes from such blocks. Since InstVisitor skips unreachable // incoming nodes from such blocks. Since InstVisitor skips unreachable
// blocks, such nodes will not have any shadow value associated with them. // blocks, such nodes will not have any shadow value associated with them.
// It's easier to remove unreachable blocks than deal with missing shadow. // It's easier to remove unreachable blocks than deal with missing shadow.
removeUnreachableBlocks(F); removeUnreachableBlocks(F);
// Iterate all BBs in depth-first order and create shadow instructions // Iterate all BBs in depth-first order and create shadow instructions
// for all instructions (where applicable). // for all instructions (where applicable).
// For PHI nodes we create dummy shadow PHIs which will be finalized later. // For PHI nodes we create dummy shadow PHIs which will be finalized later.
for (BasicBlock *BB : depth_first(&F.getEntryBlock())) for (BasicBlock *BB : depth_first(ActualFnStart))
visit(*BB); visit(*BB);
// Finalize PHI nodes. // Finalize PHI nodes.
for (PHINode *PN : ShadowPHINodes) { for (PHINode *PN : ShadowPHINodes) {
PHINode *PNS = cast<PHINode>(getShadow(PN)); PHINode *PNS = cast<PHINode>(getShadow(PN));
PHINode *PNO = MS.TrackOrigins ? cast<PHINode>(getOrigin(PN)) : nullptr; PHINode *PNO = MS.TrackOrigins ? cast<PHINode>(getOrigin(PN)) : nullptr;
size_t NumValues = PN->getNumIncomingValues(); size_t NumValues = PN->getNumIncomingValues();
for (size_t v = 0; v < NumValues; v++) { for (size_t v = 0; v < NumValues; v++) {
▲ Show 20 LinesShow All 255 Lines▼ Show 20 Lines if (UndefValue *U = dyn_cast<UndefValue>(V)) {
return AllOnes; return AllOnes;
} }
if (Argument *A = dyn_cast<Argument>(V)) { if (Argument *A = dyn_cast<Argument>(V)) {
// For arguments we compute the shadow on demand and store it in the map. // For arguments we compute the shadow on demand and store it in the map.
Value **ShadowPtr = &ShadowMap[V]; Value **ShadowPtr = &ShadowMap[V];
if (*ShadowPtr) if (*ShadowPtr)
return *ShadowPtr; return *ShadowPtr;
Function *F = A->getParent(); Function *F = A->getParent();
IRBuilder<> EntryIRB(F->getEntryBlock().getFirstNonPHI()); IRBuilder<> EntryIRB(ActualFnStart->getFirstNonPHI());
unsigned ArgOffset = 0; unsigned ArgOffset = 0;
const DataLayout &DL = F->getParent()->getDataLayout(); const DataLayout &DL = F->getParent()->getDataLayout();
for (auto &FArg : F->args()) { for (auto &FArg : F->args()) {
if (!FArg.getType()->isSized()) { if (!FArg.getType()->isSized()) {
DEBUG(dbgs() << "Arg is not sized\n"); DEBUG(dbgs() << "Arg is not sized\n");
continue; continue;
} }
unsigned Size = unsigned Size =
▲ Show 20 LinesShow All 1,981 Lines▼ Show 20 Linesstruct VarArgAMD64Helper : public VarArgHelper {
} }
void finalizeInstrumentation() override { void finalizeInstrumentation() override {
assert(!VAArgOverflowSize && !VAArgTLSCopy && assert(!VAArgOverflowSize && !VAArgTLSCopy &&
"finalizeInstrumentation called twice"); "finalizeInstrumentation called twice");
if (!VAStartInstrumentationList.empty()) { if (!VAStartInstrumentationList.empty()) {
// If there is a va_start in this function, make a backup copy of // If there is a va_start in this function, make a backup copy of
// va_arg_tls somewhere in the function entry block. // va_arg_tls somewhere in the function entry block.
IRBuilder<> IRB(F.getEntryBlock().getFirstNonPHI()); IRBuilder<> IRB(MSV.ActualFnStart->getFirstNonPHI());
VAArgOverflowSize = IRB.CreateLoad(MS.VAArgOverflowSizeTLS); VAArgOverflowSize = IRB.CreateLoad(MS.VAArgOverflowSizeTLS);
Value *CopySize = Value *CopySize =
IRB.CreateAdd(ConstantInt::get(MS.IntptrTy, AMD64FpEndOffset), IRB.CreateAdd(ConstantInt::get(MS.IntptrTy, AMD64FpEndOffset),
VAArgOverflowSize); VAArgOverflowSize);
VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize); VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize);
IRB.CreateMemCpy(VAArgTLSCopy, 8, MS.VAArgTLS, 8, CopySize); IRB.CreateMemCpy(VAArgTLSCopy, 8, MS.VAArgTLS, 8, CopySize);
} }
▲ Show 20 LinesShow All 105 Lines▼ Show 20 Lines std::tie(ShadowPtr, OriginPtr) = MSV.getShadowOriginPtr(
VAListTag, IRB, IRB.getInt8Ty(), Alignment, /*isStore*/ true); VAListTag, IRB, IRB.getInt8Ty(), Alignment, /*isStore*/ true);
IRB.CreateMemSet(ShadowPtr, Constant::getNullValue(IRB.getInt8Ty()), IRB.CreateMemSet(ShadowPtr, Constant::getNullValue(IRB.getInt8Ty()),
/* size */ 8, Alignment, false); /* size */ 8, Alignment, false);
} }
void finalizeInstrumentation() override { void finalizeInstrumentation() override {
assert(!VAArgSize && !VAArgTLSCopy && assert(!VAArgSize && !VAArgTLSCopy &&
"finalizeInstrumentation called twice"); "finalizeInstrumentation called twice");
IRBuilder<> IRB(F.getEntryBlock().getFirstNonPHI()); IRBuilder<> IRB(MSV.ActualFnStart->getFirstNonPHI());
VAArgSize = IRB.CreateLoad(MS.VAArgOverflowSizeTLS); VAArgSize = IRB.CreateLoad(MS.VAArgOverflowSizeTLS);
Value *CopySize = IRB.CreateAdd(ConstantInt::get(MS.IntptrTy, 0), Value *CopySize = IRB.CreateAdd(ConstantInt::get(MS.IntptrTy, 0),
VAArgSize); VAArgSize);
if (!VAStartInstrumentationList.empty()) { if (!VAStartInstrumentationList.empty()) {
// If there is a va_start in this function, make a backup copy of // If there is a va_start in this function, make a backup copy of
// va_arg_tls somewhere in the function entry block. // va_arg_tls somewhere in the function entry block.
VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize); VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize);
▲ Show 20 LinesShow All 168 Lines▼ Show 20 Linesstruct VarArgAArch64Helper : public VarArgHelper {
} }
void finalizeInstrumentation() override { void finalizeInstrumentation() override {
assert(!VAArgOverflowSize && !VAArgTLSCopy && assert(!VAArgOverflowSize && !VAArgTLSCopy &&
"finalizeInstrumentation called twice"); "finalizeInstrumentation called twice");
if (!VAStartInstrumentationList.empty()) { if (!VAStartInstrumentationList.empty()) {
// If there is a va_start in this function, make a backup copy of // If there is a va_start in this function, make a backup copy of
// va_arg_tls somewhere in the function entry block. // va_arg_tls somewhere in the function entry block.
IRBuilder<> IRB(F.getEntryBlock().getFirstNonPHI()); IRBuilder<> IRB(MSV.ActualFnStart->getFirstNonPHI());
VAArgOverflowSize = IRB.CreateLoad(MS.VAArgOverflowSizeTLS); VAArgOverflowSize = IRB.CreateLoad(MS.VAArgOverflowSizeTLS);
Value *CopySize = Value *CopySize =
IRB.CreateAdd(ConstantInt::get(MS.IntptrTy, AArch64VAEndOffset), IRB.CreateAdd(ConstantInt::get(MS.IntptrTy, AArch64VAEndOffset),
VAArgOverflowSize); VAArgOverflowSize);
VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize); VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize);
IRB.CreateMemCpy(VAArgTLSCopy, 8, MS.VAArgTLS, 8, CopySize); IRB.CreateMemCpy(VAArgTLSCopy, 8, MS.VAArgTLS, 8, CopySize);
} }
▲ Show 20 LinesShow All 219 Lines▼ Show 20 Lines void visitVACopyInst(VACopyInst &I) override {
// FIXME: magic ABI constants. // FIXME: magic ABI constants.
IRB.CreateMemSet(ShadowPtr, Constant::getNullValue(IRB.getInt8Ty()), IRB.CreateMemSet(ShadowPtr, Constant::getNullValue(IRB.getInt8Ty()),
/* size */ 8, Alignment, false); /* size */ 8, Alignment, false);
} }
void finalizeInstrumentation() override { void finalizeInstrumentation() override {
assert(!VAArgSize && !VAArgTLSCopy && assert(!VAArgSize && !VAArgTLSCopy &&
"finalizeInstrumentation called twice"); "finalizeInstrumentation called twice");
IRBuilder<> IRB(F.getEntryBlock().getFirstNonPHI()); IRBuilder<> IRB(MSV.ActualFnStart->getFirstNonPHI());
VAArgSize = IRB.CreateLoad(MS.VAArgOverflowSizeTLS); VAArgSize = IRB.CreateLoad(MS.VAArgOverflowSizeTLS);
Value *CopySize = IRB.CreateAdd(ConstantInt::get(MS.IntptrTy, 0), Value *CopySize = IRB.CreateAdd(ConstantInt::get(MS.IntptrTy, 0),
VAArgSize); VAArgSize);
if (!VAStartInstrumentationList.empty()) { if (!VAStartInstrumentationList.empty()) {
// If there is a va_start in this function, make a backup copy of // If there is a va_start in this function, make a backup copy of
// va_arg_tls somewhere in the function entry block. // va_arg_tls somewhere in the function entry block.
VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize); VAArgTLSCopy = IRB.CreateAlloca(Type::getInt8Ty(*MS.C), CopySize);
▲ Show 20 LinesShow All 72 LinesShow Last 20 Lines