diff --git a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp --- a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp +++ b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp @@ -284,6 +284,11 @@ cl::desc("report accesses through a pointer which has poisoned shadow"), cl::Hidden, cl::init(true)); +static cl::opt ClEagerChecks( + "msan-eager-checks", + cl::desc("check arguments and return values at function call boundaries"), + cl::Hidden, cl::init(false)); + static cl::opt ClDumpStrictInstructions("msan-dump-strict-instructions", cl::desc("print out instructions with default strict semantics"), cl::Hidden, cl::init(false)); @@ -1618,14 +1623,23 @@ LLVM_DEBUG(dbgs() << "Arg is not sized\n"); continue; } + + bool FArgByVal = FArg.hasByValAttr(); + bool FArgNoUndef = FArg.hasAttribute(Attribute::NoUndef); + bool FArgEagerCheck = ClEagerChecks && !FArgByVal && FArgNoUndef; unsigned Size = FArg.hasByValAttr() ? DL.getTypeAllocSize(FArg.getParamByValType()) : DL.getTypeAllocSize(FArg.getType()); + if (A == &FArg) { bool Overflow = ArgOffset + Size > kParamTLSSize; + if (FArgEagerCheck) { + *ShadowPtr = getCleanShadow(V); + setOrigin(A, getCleanOrigin()); + continue; + } else if (FArgByVal) { Value *Base = getShadowPtrForArgument(&FArg, EntryIRB, ArgOffset); - if (FArg.hasByValAttr()) { // ByVal pointer itself has clean shadow. We copy the actual // argument shadow to the underlying memory. // Figure out maximal valid memcpy alignment. @@ -1650,6 +1664,8 @@ } *ShadowPtr = getCleanShadow(V); } else { + // Shadow over TLS + Value *Base = getShadowPtrForArgument(&FArg, EntryIRB, ArgOffset); if (Overflow) { // ParamTLS overflow. *ShadowPtr = getCleanShadow(V); @@ -1668,6 +1684,8 @@ setOrigin(A, getCleanOrigin()); } } + + if (!FArgEagerCheck) ArgOffset += alignTo(Size, kShadowTLSAlignment); } assert(*ShadowPtr && "Could not find shadow for an argument"); @@ -3391,7 +3409,17 @@ << " Shadow: " << *ArgShadow << "\n"); bool ArgIsInitialized = false; const DataLayout &DL = F.getParent()->getDataLayout(); - if (CB.paramHasAttr(i, Attribute::ByVal)) { + + bool ByVal = CB.paramHasAttr(i, Attribute::ByVal); + bool NoUndef = CB.paramHasAttr(i, Attribute::NoUndef); + bool EagerCheck = ClEagerChecks && !ByVal && NoUndef; + + if (EagerCheck) { + insertShadowCheck(A, &CB); + continue; + } else if (ByVal) { + // ByVal requires some special handling as it's too big for a single + // load assert(A->getType()->isPointerTy() && "ByVal argument is not a pointer!"); Size = DL.getTypeAllocSize(CB.getParamByValType(i)); @@ -3409,6 +3437,7 @@ Alignment, Size); // TODO(glider): need to copy origins. } else { + // Any other parameters mean we need bit-grained tracking of uninit data Size = DL.getTypeAllocSize(A->getType()); if (ArgOffset + Size > kParamTLSSize) break; Store = IRB.CreateAlignedStore(ArgShadow, ArgShadowBase, @@ -3437,6 +3466,13 @@ // Don't emit the epilogue for musttail call returns. if (isa(CB) && cast(CB).isMustTailCall()) return; + + if (ClEagerChecks && CB.hasRetAttr(Attribute::NoUndef)) { + setShadow(&CB, getCleanShadow(&CB)); + setOrigin(&CB, getCleanOrigin()); + return; + } + IRBuilder<> IRBBefore(&CB); // Until we have full dynamic coverage, make sure the retval shadow is 0. Value *Base = getShadowPtrForRetval(&CB, IRBBefore); @@ -3489,14 +3525,22 @@ // Don't emit the epilogue for musttail call returns. if (isAMustTailRetVal(RetVal)) return; Value *ShadowPtr = getShadowPtrForRetval(RetVal, IRB); - if (CheckReturnValue) { + bool GlobalChecks = + ClEagerChecks && + F.hasAttribute(AttributeList::ReturnIndex, Attribute::NoUndef); + + Value *Shadow = getShadow(RetVal); + bool StoreOrigin = true; + if (CheckReturnValue || GlobalChecks) { insertShadowCheck(RetVal, &I); - Value *Shadow = getCleanShadow(RetVal); - IRB.CreateAlignedStore(Shadow, ShadowPtr, kShadowTLSAlignment); - } else { - Value *Shadow = getShadow(RetVal); + Shadow = getCleanShadow(RetVal); + StoreOrigin = false; + } + + // The caller still expects information passed over TLS if we pass our check + if (!GlobalChecks) { IRB.CreateAlignedStore(Shadow, ShadowPtr, kShadowTLSAlignment); - if (MS.TrackOrigins) + if (MS.TrackOrigins && StoreOrigin) IRB.CreateStore(getOrigin(RetVal), getOriginPtrForRetval(IRB)); } } diff --git a/llvm/test/Instrumentation/MemorySanitizer/msan_eager.ll b/llvm/test/Instrumentation/MemorySanitizer/msan_eager.ll new file mode 100644 --- /dev/null +++ b/llvm/test/Instrumentation/MemorySanitizer/msan_eager.ll @@ -0,0 +1,98 @@ +; RUN: opt < %s -msan-check-access-address=0 -msan-track-origins=1 -msan-eager-checks -S -passes='module(msan-module),function(msan)' 2>&1 | \ +; RUN: FileCheck -allow-deprecated-dag-overlap -check-prefixes=CHECK,CHECK-ORIGINS %s + +target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128" +target triple = "x86_64-unknown-linux-gnu" + +define noundef i32 @NormalRet() nounwind uwtable sanitize_memory { + ret i32 123 +} + +; CHECK-LABEL: @NormalRet +; CHECK: ret i32 + +define i32 @PartialRet() nounwind uwtable sanitize_memory { + ret i32 123 +} + +; CHECK-LABEL: @PartialRet +; CHECK: store i32 0,{{.*}}__msan_retval_tls +; CHECK-NOT: call void @__msan_warning +; CHECK: ret i32 + +define noundef i32 @LoadedRet() nounwind uwtable sanitize_memory { + %p = inttoptr i64 0 to i32 * + %o = load i32, i32 *%p + ret i32 %o +} + +; CHECK-LABEL: @LoadedRet +; CHECK-NOT: __msan_retval_tls +; CHECK: call void @__msan_warning +; CHECK: unreachable +; CHECK-NOT: __msan_retval_tls +; CHECK: ret i32 %o + + +define void @NormalArg(i32 noundef %a) nounwind uwtable sanitize_memory { + %p = inttoptr i64 0 to i32 * + store i32 %a, i32 *%p + ret void +} + +; CHECK-LABEL: @NormalArg +; CHECK-NOT: __msan_retval_tls +; CHECK: %p = inttoptr +; CHECK: ret void + +define void @PartialArg(i32 %a) nounwind uwtable sanitize_memory { + %p = inttoptr i64 0 to i32 * + store i32 %a, i32 *%p + ret void +} + +; CHECK-LABEL: @PartialArg +; CHECK: load {{.*}}__msan_param_tls +; CHECK: %p = inttoptr +; CHECK: ret void + +define void @CallNormal() nounwind uwtable sanitize_memory { + %r = call i32 @NormalRet() nounwind uwtable sanitize_memory + call void @NormalArg(i32 %r) nounwind uwtable sanitize_memory + ret void +} + +; CHECK-LABEL: @CallNormal +; CHECK: call i32 @NormalRet() +; CHECK-NOT: __msan_{{\w+}}_tls +; CHECK: call void @NormalArg +; CHECK: ret void + +define void @CallWithLoaded() nounwind uwtable sanitize_memory { + %p = inttoptr i64 0 to i32 * + %o = load i32, i32 *%p + call void @NormalArg(i32 %o) nounwind uwtable sanitize_memory + ret void +} + +; CHECK-LABEL: @CallWithLoaded +; CHECK: %p = inttoptr +; CHECK-NOT: __msan_{{\w+}}_tls +; CHECK: call void @__msan_warning +; CHECK: unreachable +; CHECK-NOT: __msan_{{\w+}}_tls +; CHECK: call void @NormalArg +; CHECK: ret void + +define void @CallPartial() nounwind uwtable sanitize_memory { + %r = call i32 @PartialRet() nounwind uwtable sanitize_memory + call void @PartialArg(i32 %r) nounwind uwtable sanitize_memory + ret void +} + +; CHECK-LABEL: @CallPartial +; CHECK: call i32 @PartialRet() +; CHECK: load {{.*}}__msan_retval_tls +; CHECK: store {{.*}}__msan_param_tls +; CHECK: call void @PartialArg +; CHECK: ret void