Index: lib/Transforms/Instrumentation/MemorySanitizer.cpp =================================================================== --- lib/Transforms/Instrumentation/MemorySanitizer.cpp +++ lib/Transforms/Instrumentation/MemorySanitizer.cpp @@ -912,15 +912,12 @@ Type *ShadowTy = Shadow->getType(); unsigned Alignment = SI->getAlignment(); unsigned OriginAlignment = std::max(kMinOriginAlignment, Alignment); - std::tie(ShadowPtr, OriginPtr) = - getShadowOriginPtr(Addr, IRB, ShadowTy, Alignment, /*isStore*/ true); + std::tie(ShadowPtr, OriginPtr) = getShadowOriginPtr( + Addr, IRB, ShadowTy, Alignment, /*isStore*/ true, /*checkAddr*/ false); StoreInst *NewSI = IRB.CreateAlignedStore(Shadow, ShadowPtr, Alignment); LLVM_DEBUG(dbgs() << " STORE: " << *NewSI << "\n"); - if (ClCheckAccessAddress) - insertShadowCheck(Addr, NewSI); - if (SI->isAtomic()) SI->setOrdering(addReleaseOrdering(SI->getOrdering())); @@ -1024,13 +1021,13 @@ InstrumentationList.size() + StoreList.size() > (unsigned)ClInstrumentationWithCallThreshold; - // Delayed instrumentation of StoreInst. - // This may add new checks to be inserted later. - materializeStores(InstrumentWithCalls); - // Insert shadow value checks. materializeChecks(InstrumentWithCalls); + // Delayed instrumentation of StoreInst. + // This may not add new address checks. + materializeStores(InstrumentWithCalls); + return true; } @@ -1141,12 +1138,18 @@ return std::make_pair(ShadowPtr, OriginPtr); } + /// Generate code that obtains the pair of shadow and origin pointers for a + /// given address. If necessary, a check for that address's shadow is + /// performed beforehand. std::pair getShadowOriginPtr(Value *Addr, IRBuilder<> &IRB, Type *ShadowTy, unsigned Alignment, - bool isStore) { + bool isStore, bool checkAddr) { + Instruction *InsPoint = &*IRB.GetInsertPoint(); std::pair ret = getShadowOriginPtrUserspace(Addr, IRB, ShadowTy, Alignment); + if (ClCheckAccessAddress && checkAddr) + insertShadowCheck(Addr, InsPoint); return ret; } @@ -1303,7 +1306,7 @@ } Value *CpShadowPtr = getShadowOriginPtr(V, EntryIRB, EntryIRB.getInt8Ty(), ArgAlign, - /*isStore*/ true) + /*isStore*/ true, /*checkAddr*/ false) .first; if (Overflow) { // ParamTLS overflow. @@ -1462,15 +1465,13 @@ unsigned Alignment = I.getAlignment(); if (PropagateShadow) { std::tie(ShadowPtr, OriginPtr) = - getShadowOriginPtr(Addr, IRB, ShadowTy, Alignment, /*isStore*/ false); + getShadowOriginPtr(Addr, IRB, ShadowTy, Alignment, /*isStore*/ false, + /*checkAddr*/ true); setShadow(&I, IRB.CreateAlignedLoad(ShadowPtr, Alignment, "_msld")); } else { setShadow(&I, getCleanShadow(&I)); } - if (ClCheckAccessAddress) - insertShadowCheck(I.getPointerOperand(), &I); - if (I.isAtomic()) I.setOrdering(addAcquireOrdering(I.getOrdering())); @@ -1490,6 +1491,8 @@ /// Optionally, checks that the store address is fully defined. void visitStoreInst(StoreInst &I) { StoreList.push_back(&I); + if (ClCheckAccessAddress) + insertShadowCheck(I.getPointerOperand(), &I); } void handleCASOrRMW(Instruction &I) { @@ -1498,12 +1501,10 @@ IRBuilder<> IRB(&I); Value *Addr = I.getOperand(0); Value *ShadowPtr = getShadowOriginPtr(Addr, IRB, I.getType(), - /*Alignment*/ 1, /*isStore*/ true) + /*Alignment*/ 1, /*isStore*/ true, + /*checkAddr*/ true) .first; - if (ClCheckAccessAddress) - insertShadowCheck(Addr, &I); - // Only test the conditional argument of cmpxchg instruction. // The other argument can potentially be uninitialized, but we can not // detect this situation reliably without possible false positives. @@ -2127,13 +2128,11 @@ // We don't know the pointer alignment (could be unaligned SSE store!). // Have to assume to worst case. - std::tie(ShadowPtr, OriginPtr) = getShadowOriginPtr( - Addr, IRB, Shadow->getType(), /*Alignment*/ 1, /*isStore*/ true); + std::tie(ShadowPtr, OriginPtr) = + getShadowOriginPtr(Addr, IRB, Shadow->getType(), /*Alignment*/ 1, + /*isStore*/ true, /*checkAddr*/ true); IRB.CreateAlignedStore(Shadow, ShadowPtr, 1); - if (ClCheckAccessAddress) - insertShadowCheck(Addr, &I); - // FIXME: factor out common code from materializeStores if (MS.TrackOrigins) IRB.CreateStore(getOrigin(&I, 1), OriginPtr); return true; @@ -2154,15 +2153,13 @@ // Have to assume to worst case. unsigned Alignment = 1; std::tie(ShadowPtr, OriginPtr) = - getShadowOriginPtr(Addr, IRB, ShadowTy, Alignment, /*isStore*/ false); + getShadowOriginPtr(Addr, IRB, ShadowTy, Alignment, /*isStore*/ false, + /*checkAddr*/ true); setShadow(&I, IRB.CreateAlignedLoad(ShadowPtr, Alignment, "_msld")); } else { setShadow(&I, getCleanShadow(&I)); } - if (ClCheckAccessAddress) - insertShadowCheck(Addr, &I); - if (MS.TrackOrigins) { if (PropagateShadow) setOrigin(&I, IRB.CreateLoad(OriginPtr)); @@ -2523,15 +2520,12 @@ IRBuilder<> IRB(&I); Value* Addr = I.getArgOperand(0); Type *Ty = IRB.getInt32Ty(); - Value *ShadowPtr = - getShadowOriginPtr(Addr, IRB, Ty, /*Alignment*/ 1, /*isStore*/ true) - .first; + Value *ShadowPtr = getShadowOriginPtr(Addr, IRB, Ty, /*Alignment*/ 1, + /*isStore*/ true, /*checkAddr*/ true) + .first; IRB.CreateStore(getCleanShadow(Ty), IRB.CreatePointerCast(ShadowPtr, Ty->getPointerTo())); - - if (ClCheckAccessAddress) - insertShadowCheck(Addr, &I); } void handleLdmxcsr(IntrinsicInst &I) { @@ -2542,11 +2536,8 @@ Type *Ty = IRB.getInt32Ty(); unsigned Alignment = 1; Value *ShadowPtr, *OriginPtr; - std::tie(ShadowPtr, OriginPtr) = - getShadowOriginPtr(Addr, IRB, Ty, Alignment, /*isStore*/ false); - - if (ClCheckAccessAddress) - insertShadowCheck(Addr, &I); + std::tie(ShadowPtr, OriginPtr) = getShadowOriginPtr( + Addr, IRB, Ty, Alignment, /*isStore*/ false, /*checkAddr*/ true); Value *Shadow = IRB.CreateAlignedLoad(ShadowPtr, Alignment, "_ldmxcsr"); Value *Origin = @@ -2564,11 +2555,11 @@ Value *ShadowPtr; Value *OriginPtr; - std::tie(ShadowPtr, OriginPtr) = getShadowOriginPtr( - Addr, IRB, Shadow->getType(), Align, /*isStore*/ true); + std::tie(ShadowPtr, OriginPtr) = + getShadowOriginPtr(Addr, IRB, Shadow->getType(), Align, + /*isStore*/ true, /*checkAddr*/ true); if (ClCheckAccessAddress) { - insertShadowCheck(Addr, &I); // Uninitialized mask is kind of like uninitialized address, but not as // scary. insertShadowCheck(Mask, &I); @@ -2594,8 +2585,8 @@ Type *ShadowTy = getShadowTy(&I); Value *ShadowPtr, *OriginPtr; if (PropagateShadow) { - std::tie(ShadowPtr, OriginPtr) = - getShadowOriginPtr(Addr, IRB, ShadowTy, Align, /*isStore*/ false); + std::tie(ShadowPtr, OriginPtr) = getShadowOriginPtr( + Addr, IRB, ShadowTy, Align, /*isStore*/ false, /*checkAddr*/ true); setShadow(&I, IRB.CreateMaskedLoad(ShadowPtr, Align, Mask, getShadow(PassThru), "_msmaskedld")); } else { @@ -2603,7 +2594,6 @@ } if (ClCheckAccessAddress) { - insertShadowCheck(Addr, &I); insertShadowCheck(Mask, &I); } @@ -2921,9 +2911,10 @@ if (ArgOffset + Size > kParamTLSSize) break; unsigned ParamAlignment = CS.getParamAlignment(i); unsigned Alignment = std::min(ParamAlignment, kShadowTLSAlignment); - Value *AShadowPtr = getShadowOriginPtr(A, IRB, IRB.getInt8Ty(), - Alignment, /*isStore*/ false) - .first; + Value *AShadowPtr = + getShadowOriginPtr(A, IRB, IRB.getInt8Ty(), Alignment, + /*isStore*/ false, /*checkAddr*/ false) + .first; Store = IRB.CreateMemCpy(ArgShadowBase, Alignment, AShadowPtr, Alignment, Size); @@ -3046,9 +3037,10 @@ IRB.CreateCall(MS.MsanPoisonStackFn, {IRB.CreatePointerCast(&I, IRB.getInt8PtrTy()), Len}); } else { - Value *ShadowBase = getShadowOriginPtr(&I, IRB, IRB.getInt8Ty(), - I.getAlignment(), /*isStore*/ true) - .first; + Value *ShadowBase = + getShadowOriginPtr(&I, IRB, IRB.getInt8Ty(), I.getAlignment(), + /*isStore*/ true, /*checkAddr*/ false) + .first; Value *PoisonValue = IRB.getInt8(PoisonStack ? ClPoisonStackPattern : 0); IRB.CreateMemSet(ShadowBase, PoisonValue, Len, I.getAlignment()); @@ -3220,8 +3212,9 @@ if (!ElType->isSized()) continue; Value *ShadowPtr, *OriginPtr; - std::tie(ShadowPtr, OriginPtr) = getShadowOriginPtr( - Operand, IRB, ElType, /*Alignment*/ 1, /*isStore*/ true); + std::tie(ShadowPtr, OriginPtr) = + getShadowOriginPtr(Operand, IRB, ElType, /*Alignment*/ 1, + /*isStore*/ true, /*checkAddr*/ false); Value *CShadow = getCleanShadow(ElType); IRB.CreateStore( CShadow, @@ -3310,7 +3303,7 @@ Value *ShadowPtr, *OriginPtr; std::tie(ShadowPtr, OriginPtr) = MSV.getShadowOriginPtr(A, IRB, IRB.getInt8Ty(), kShadowTLSAlignment, - /*isStore*/ false); + /*isStore*/ false, /*checkAddr*/ false); IRB.CreateMemCpy(ShadowBase, kShadowTLSAlignment, ShadowPtr, kShadowTLSAlignment, ArgSize); @@ -3367,7 +3360,7 @@ unsigned Alignment = 8; std::tie(ShadowPtr, OriginPtr) = MSV.getShadowOriginPtr(VAListTag, IRB, IRB.getInt8Ty(), Alignment, - /*isStore*/ true); + /*isStore*/ true, /*checkAddr*/ false); // Unpoison the whole __va_list_tag. // FIXME: magic ABI constants. @@ -3420,7 +3413,8 @@ unsigned Alignment = 16; std::tie(RegSaveAreaShadowPtr, RegSaveAreaOriginPtr) = MSV.getShadowOriginPtr(RegSaveAreaPtr, IRB, IRB.getInt8Ty(), - Alignment, /*isStore*/ true); + Alignment, /*isStore*/ true, + /*checkAddr*/ false); IRB.CreateMemCpy(RegSaveAreaShadowPtr, Alignment, VAArgTLSCopy, Alignment, AMD64FpEndOffset); Value *OverflowArgAreaPtrPtr = IRB.CreateIntToPtr( @@ -3431,7 +3425,8 @@ Value *OverflowArgAreaShadowPtr, *OverflowArgAreaOriginPtr; std::tie(OverflowArgAreaShadowPtr, OverflowArgAreaOriginPtr) = MSV.getShadowOriginPtr(OverflowArgAreaPtr, IRB, IRB.getInt8Ty(), - Alignment, /*isStore*/ true); + Alignment, /*isStore*/ true, + /*checkAddr*/ false); Value *SrcPtr = IRB.CreateConstGEP1_32(IRB.getInt8Ty(), VAArgTLSCopy, AMD64FpEndOffset); IRB.CreateMemCpy(OverflowArgAreaShadowPtr, Alignment, SrcPtr, Alignment, @@ -3496,8 +3491,9 @@ Value *VAListTag = I.getArgOperand(0); Value *ShadowPtr, *OriginPtr; unsigned Alignment = 8; - std::tie(ShadowPtr, OriginPtr) = MSV.getShadowOriginPtr( - VAListTag, IRB, IRB.getInt8Ty(), Alignment, /*isStore*/ true); + std::tie(ShadowPtr, OriginPtr) = + MSV.getShadowOriginPtr(VAListTag, IRB, IRB.getInt8Ty(), Alignment, + /*isStore*/ true, /*checkAddr*/ false); IRB.CreateMemSet(ShadowPtr, Constant::getNullValue(IRB.getInt8Ty()), /* size */ 8, Alignment, false); } @@ -3508,8 +3504,9 @@ Value *VAListTag = I.getArgOperand(0); Value *ShadowPtr, *OriginPtr; unsigned Alignment = 8; - std::tie(ShadowPtr, OriginPtr) = MSV.getShadowOriginPtr( - VAListTag, IRB, IRB.getInt8Ty(), Alignment, /*isStore*/ true); + std::tie(ShadowPtr, OriginPtr) = + MSV.getShadowOriginPtr(VAListTag, IRB, IRB.getInt8Ty(), Alignment, + /*isStore*/ true, /*checkAddr*/ false); IRB.CreateMemSet(ShadowPtr, Constant::getNullValue(IRB.getInt8Ty()), /* size */ 8, Alignment, false); } @@ -3543,7 +3540,8 @@ unsigned Alignment = 8; std::tie(RegSaveAreaShadowPtr, RegSaveAreaOriginPtr) = MSV.getShadowOriginPtr(RegSaveAreaPtr, IRB, IRB.getInt8Ty(), - Alignment, /*isStore*/ true); + Alignment, /*isStore*/ true, + /*checkAddr*/ false); IRB.CreateMemCpy(RegSaveAreaShadowPtr, Alignment, VAArgTLSCopy, Alignment, CopySize); } @@ -3657,8 +3655,9 @@ Value *VAListTag = I.getArgOperand(0); Value *ShadowPtr, *OriginPtr; unsigned Alignment = 8; - std::tie(ShadowPtr, OriginPtr) = MSV.getShadowOriginPtr( - VAListTag, IRB, IRB.getInt8Ty(), Alignment, /*isStore*/ true); + std::tie(ShadowPtr, OriginPtr) = + MSV.getShadowOriginPtr(VAListTag, IRB, IRB.getInt8Ty(), Alignment, + /*isStore*/ true, /*checkAddr*/ false); IRB.CreateMemSet(ShadowPtr, Constant::getNullValue(IRB.getInt8Ty()), /* size */ 32, Alignment, false); } @@ -3669,8 +3668,9 @@ Value *VAListTag = I.getArgOperand(0); Value *ShadowPtr, *OriginPtr; unsigned Alignment = 8; - std::tie(ShadowPtr, OriginPtr) = MSV.getShadowOriginPtr( - VAListTag, IRB, IRB.getInt8Ty(), Alignment, /*isStore*/ true); + std::tie(ShadowPtr, OriginPtr) = + MSV.getShadowOriginPtr(VAListTag, IRB, IRB.getInt8Ty(), Alignment, + /*isStore*/ true, /*checkAddr*/ false); IRB.CreateMemSet(ShadowPtr, Constant::getNullValue(IRB.getInt8Ty()), /* size */ 32, Alignment, false); } @@ -3759,7 +3759,8 @@ Value *GrRegSaveAreaShadowPtr = MSV.getShadowOriginPtr(GrRegSaveAreaPtr, IRB, IRB.getInt8Ty(), - /*Alignment*/ 8, /*isStore*/ true) + /*Alignment*/ 8, /*isStore*/ true, + /*checkAddr*/ false) .first; Value *GrSrcPtr = IRB.CreateInBoundsGEP(IRB.getInt8Ty(), VAArgTLSCopy, @@ -3774,7 +3775,8 @@ Value *VrRegSaveAreaShadowPtr = MSV.getShadowOriginPtr(VrRegSaveAreaPtr, IRB, IRB.getInt8Ty(), - /*Alignment*/ 8, /*isStore*/ true) + /*Alignment*/ 8, /*isStore*/ true, + /*checkAddr*/ false) .first; Value *VrSrcPtr = IRB.CreateInBoundsGEP( @@ -3789,7 +3791,8 @@ // And finally for remaining arguments. Value *StackSaveAreaShadowPtr = MSV.getShadowOriginPtr(StackSaveAreaPtr, IRB, IRB.getInt8Ty(), - /*Alignment*/ 16, /*isStore*/ true) + /*Alignment*/ 16, /*isStore*/ true, + /*checkAddr*/ false) .first; Value *StackSrcPtr = @@ -3853,7 +3856,8 @@ VAArgOffset - VAArgBase); Value *AShadowPtr, *AOriginPtr; std::tie(AShadowPtr, AOriginPtr) = MSV.getShadowOriginPtr( - A, IRB, IRB.getInt8Ty(), kShadowTLSAlignment, /*isStore*/ false); + A, IRB, IRB.getInt8Ty(), kShadowTLSAlignment, /*isStore*/ false, + /*checkAddr*/ false); IRB.CreateMemCpy(Base, kShadowTLSAlignment, AShadowPtr, kShadowTLSAlignment, ArgSize); @@ -3916,8 +3920,9 @@ Value *VAListTag = I.getArgOperand(0); Value *ShadowPtr, *OriginPtr; unsigned Alignment = 8; - std::tie(ShadowPtr, OriginPtr) = MSV.getShadowOriginPtr( - VAListTag, IRB, IRB.getInt8Ty(), Alignment, /*isStore*/ true); + std::tie(ShadowPtr, OriginPtr) = + MSV.getShadowOriginPtr(VAListTag, IRB, IRB.getInt8Ty(), Alignment, + /*isStore*/ true, /*checkAddr*/ false); IRB.CreateMemSet(ShadowPtr, Constant::getNullValue(IRB.getInt8Ty()), /* size */ 8, Alignment, false); } @@ -3927,8 +3932,9 @@ Value *VAListTag = I.getArgOperand(0); Value *ShadowPtr, *OriginPtr; unsigned Alignment = 8; - std::tie(ShadowPtr, OriginPtr) = MSV.getShadowOriginPtr( - VAListTag, IRB, IRB.getInt8Ty(), Alignment, /*isStore*/ true); + std::tie(ShadowPtr, OriginPtr) = + MSV.getShadowOriginPtr(VAListTag, IRB, IRB.getInt8Ty(), Alignment, + /*isStore*/ true, /*checkAddr*/ false); // Unpoison the whole __va_list_tag. // FIXME: magic ABI constants. IRB.CreateMemSet(ShadowPtr, Constant::getNullValue(IRB.getInt8Ty()), @@ -3964,7 +3970,8 @@ unsigned Alignment = 8; std::tie(RegSaveAreaShadowPtr, RegSaveAreaOriginPtr) = MSV.getShadowOriginPtr(RegSaveAreaPtr, IRB, IRB.getInt8Ty(), - Alignment, /*isStore*/ true); + Alignment, /*isStore*/ true, + /*checkAddr*/ false); IRB.CreateMemCpy(RegSaveAreaShadowPtr, Alignment, VAArgTLSCopy, Alignment, CopySize); }