Index: lib/Transforms/Instrumentation/HWAddressSanitizer.cpp =================================================================== --- lib/Transforms/Instrumentation/HWAddressSanitizer.cpp +++ lib/Transforms/Instrumentation/HWAddressSanitizer.cpp @@ -152,6 +152,10 @@ cl::desc("create static frame descriptions"), cl::Hidden, cl::init(true)); +static cl::opt + ClInstrumentMemIntrinsics("hwasan-instrument-mem-intrinsics", + cl::desc("instrument memory intrinsics"), + cl::Hidden, cl::init(false)); namespace { /// An instrumentation pass implementing detection of addressability bugs @@ -182,6 +186,7 @@ void instrumentMemAccessInline(Value *PtrLong, bool IsWrite, unsigned AccessSizeIndex, Instruction *InsertBefore); + void instrumentMemIntrinsic(MemIntrinsic *MI); bool instrumentMemAccess(Instruction *I); Value *isInterestingMemoryAccess(Instruction *I, bool *IsWrite, uint64_t *TypeSize, unsigned *Alignment, @@ -206,6 +211,7 @@ LLVMContext *C; std::string CurModuleUniqueId; Triple TargetTriple; + Function *HWAsanMemmove, *HWAsanMemcpy, *HWAsanMemset; // Frame description is a way to pass names/sizes of local variables // to the run-time w/o adding extra executable code in every function. @@ -364,6 +370,18 @@ if (Mapping.InGlobal) ShadowGlobal = M.getOrInsertGlobal("__hwasan_shadow", ArrayType::get(IRB.getInt8Ty(), 0)); + + const std::string MemIntrinCallbackPrefix = + CompileKernel ? std::string("") : ClMemoryAccessCallbackPrefix; + HWAsanMemmove = checkSanitizerInterfaceFunction(M.getOrInsertFunction( + MemIntrinCallbackPrefix + "memmove", IRB.getInt8PtrTy(), + IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy)); + HWAsanMemcpy = checkSanitizerInterfaceFunction(M.getOrInsertFunction( + MemIntrinCallbackPrefix + "memcpy", IRB.getInt8PtrTy(), + IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy)); + HWAsanMemset = checkSanitizerInterfaceFunction(M.getOrInsertFunction( + MemIntrinCallbackPrefix + "memset", IRB.getInt8PtrTy(), + IRB.getInt8PtrTy(), IRB.getInt32Ty(), IntptrTy)); } Value *HWAddressSanitizer::getDynamicShadowNonTls(IRBuilder<> &IRB) { @@ -539,12 +557,36 @@ IRB.CreateCall(Asm, PtrLong); } +void HWAddressSanitizer::instrumentMemIntrinsic(MemIntrinsic *MI) { + IRBuilder<> IRB(MI); + if (isa(MI)) { + IRB.CreateCall( + isa(MI) ? HWAsanMemmove : HWAsanMemcpy, + {IRB.CreatePointerCast(MI->getOperand(0), IRB.getInt8PtrTy()), + IRB.CreatePointerCast(MI->getOperand(1), IRB.getInt8PtrTy()), + IRB.CreateIntCast(MI->getOperand(2), IntptrTy, false)}); + } else if (isa(MI)) { + IRB.CreateCall( + HWAsanMemset, + {IRB.CreatePointerCast(MI->getOperand(0), IRB.getInt8PtrTy()), + IRB.CreateIntCast(MI->getOperand(1), IRB.getInt32Ty(), false), + IRB.CreateIntCast(MI->getOperand(2), IntptrTy, false)}); + } + MI->eraseFromParent(); +} + bool HWAddressSanitizer::instrumentMemAccess(Instruction *I) { LLVM_DEBUG(dbgs() << "Instrumenting: " << *I << "\n"); bool IsWrite = false; unsigned Alignment = 0; uint64_t TypeSize = 0; Value *MaybeMask = nullptr; + + if (ClInstrumentMemIntrinsics && isa(I)) { + instrumentMemIntrinsic(cast(I)); + return true; + } + Value *Addr = isInterestingMemoryAccess(I, &IsWrite, &TypeSize, &Alignment, &MaybeMask); Index: test/Instrumentation/HWAddressSanitizer/mem-intrinsics.ll =================================================================== --- test/Instrumentation/HWAddressSanitizer/mem-intrinsics.ll +++ test/Instrumentation/HWAddressSanitizer/mem-intrinsics.ll @@ -0,0 +1,40 @@ +; RUN: opt -S -hwasan -hwasan-instrument-mem-intrinsics %s | FileCheck %s + +target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" +target triple = "x86_64-unknown-linux-gnu" + +; Function Attrs: noinline nounwind optnone uwtable +define dso_local i32 @main() sanitize_hwaddress { +entry: + %retval = alloca i32, align 4 + %Q = alloca [10 x i8], align 1 + %P = alloca [10 x i8], align 1 + store i32 0, i32* %retval, align 4 + %arraydecay = getelementptr inbounds [10 x i8], [10 x i8]* %Q, i32 0, i32 0 + + call void @llvm.memset.p0i8.i64(i8* align 1 %arraydecay, i8 0, i64 10, i1 false) +; CHECK: call i8* @__hwasan_memset + + %arraydecay1 = getelementptr inbounds [10 x i8], [10 x i8]* %Q, i32 0, i32 0 + %arraydecay2 = getelementptr inbounds [10 x i8], [10 x i8]* %Q, i32 0, i32 0 + %add.ptr = getelementptr inbounds i8, i8* %arraydecay2, i64 5 + + call void @llvm.memmove.p0i8.p0i8.i64(i8* align 1 %arraydecay1, i8* align 1 %add.ptr, i64 5, i1 false) +; CHECK: call i8* @__hwasan_memmove + + %arraydecay3 = getelementptr inbounds [10 x i8], [10 x i8]* %P, i32 0, i32 0 + %arraydecay4 = getelementptr inbounds [10 x i8], [10 x i8]* %Q, i32 0, i32 0 + + call void @llvm.memcpy.p0i8.p0i8.i64(i8* align 1 %arraydecay3, i8* align 1 %arraydecay4, i64 10, i1 false) +; CHECK: call i8* @__hwasan_memcpy + ret i32 0 +} + +; Function Attrs: argmemonly nounwind +declare void @llvm.memset.p0i8.i64(i8* nocapture writeonly, i8, i64, i1) #1 + +; Function Attrs: argmemonly nounwind +declare void @llvm.memmove.p0i8.p0i8.i64(i8* nocapture, i8* nocapture readonly, i64, i1) #1 + +; Function Attrs: argmemonly nounwind +declare void @llvm.memcpy.p0i8.p0i8.i64(i8* nocapture writeonly, i8* nocapture readonly, i64, i1) #1