This is an archive of the discontinued LLVM Phabricator instance.

Differential D85559

[MSAN] Reintroduce libatomic load/store instrumentation
ClosedPublic

Authored by guiand on Aug 7 2020, 2:33 PM.

Details

Reviewers
eugenis
vitalybuka
Summary
Have the front-end use the `nounwind` attribute on atomic libcalls.
This prevents us from seeing `invoke __atomic_load` in MSAN, which
is problematic as it has no successor for instrumentation to be added.

Diff Detail

Event Timeline

guiand created this revision.Aug 7 2020, 2:33 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptAug 7 2020, 2:33 PM
Herald added subscribers: llvm-commits, Restricted Project, jfb, hiraditya. · View Herald Transcript
guiand requested review of this revision.Aug 7 2020, 2:33 PM
guiand added inline comments.
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3518

TODO: Remove

eugenis added a comment.Aug 7 2020, 3:30 PM

__libatomic_load might come at the end of the function, with no succeeding BB

Not exactly. It may come at the end of a BB.

We should probably fix it in clang by adding nounwind to libatomic calls, and ignore invokes here.

llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3508

Check if the function already exists.

3510

addVisibility(GlobalValue::HiddenVisibility);

Harbormaster completed remote builds in B67542: Diff 284060.Aug 7 2020, 3:43 PM
guiand updated this revision to Diff 284076.Aug 7 2020, 3:50 PM
guiand edited the summary of this revision. (Show Details)
guiand added a reviewer: rsmith.

Simplified by returning to the old implementation, but having libatomic calls made nounwind (so we never see them as invokes).

Herald added a project: Restricted Project. · View Herald TranscriptAug 7 2020, 3:50 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
Harbormaster completed remote builds in B67551: Diff 284076.Aug 7 2020, 3:51 PM
guiand updated this revision to Diff 284079.Aug 7 2020, 3:51 PM
guiand marked 2 inline comments as done.

Rebased on master

Harbormaster completed remote builds in B67553: Diff 284079.Aug 7 2020, 3:53 PM
guiand updated this revision to Diff 284080.Aug 7 2020, 3:54 PM

Rebased on master (again)

eugenis added inline comments.Aug 7 2020, 4:03 PM
clang/lib/CodeGen/CGAtomic.cpp
315

This needs a clang test, and better move it to a separate change.

llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3509

Better explicitly check that this an invoke and not call. Call always has a next instruction.

And move this check to the parent function to apply regular call instrumentation to the unrecognized call.

3511

It has a successor. Two successors, actually.
I'd rather say something like "invoke of __atomic_load".

Harbormaster completed remote builds in B67554: Diff 284080.Aug 7 2020, 4:46 PM
guiand updated this revision to Diff 284102.Aug 7 2020, 5:26 PM
guiand removed a reviewer: rsmith.

Separated out the frontend change. Addressed other comments.

guiand added a parent revision: D85573: [CGAtomic] Mark atomic libcall functions `nounwind`.Aug 7 2020, 5:26 PM
guiand marked 2 inline comments as done.
guiand added inline comments.
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3513

TODO: Remove this redudant call

Harbormaster completed remote builds in B67570: Diff 284102.Aug 7 2020, 6:09 PM
eugenis added inline comments.Aug 13 2020, 3:53 PM
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3513

you've already checked it with assert(isa<CallInst>) - which could be changed to isTerminator(), and this could be simplified to NextIRB(CB.getNextNode()).

guiand updated this revision to Diff 285572.Aug 14 2020, 12:52 AM

Addressed comments

guiand marked an inline comment as done.Aug 14 2020, 12:53 AM
Harbormaster completed remote builds in B68380: Diff 285572.Aug 14 2020, 1:29 AM
eugenis accepted this revision.Aug 14 2020, 12:47 PM

LGTM with 1 comment

llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3576

Probably need the same check for atomic_store.

This revision is now accepted and ready to land.Aug 14 2020, 12:47 PM
guiand added inline comments.Aug 14 2020, 12:56 PM
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3576

Although it would be good for consistency I don't think it's strictly needed since with atomic_store we don't need to use getNextNode()

eugenis added inline comments.Aug 14 2020, 1:03 PM
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3576

ah, good point. LGTM

guiand closed this revision.Aug 14 2020, 1:42 PM

Committed as 97de0188dd5d845ff90c8ac779a2ea09688b17df

Revision Contents

PathSize
clang/
lib/
CodeGen/
7 lines
compiler-rt/
test/
msan/
36 lines
llvm/
lib/
Transforms/
Instrumentation/
8 lines

Diff 284079

clang/lib/CodeGen/CGAtomic.cpp

Show First 20 LinesShow All 301 Lines▼ Show 20 Lines
static RValue emitAtomicLibcall(CodeGenFunction &CGF, static RValue emitAtomicLibcall(CodeGenFunction &CGF,
StringRef fnName, StringRef fnName,
QualType resultType, QualType resultType,
CallArgList &args) { CallArgList &args) {
const CGFunctionInfo &fnInfo = const CGFunctionInfo &fnInfo =
CGF.CGM.getTypes().arrangeBuiltinFunctionCall(resultType, args); CGF.CGM.getTypes().arrangeBuiltinFunctionCall(resultType, args);
llvm::FunctionType *fnTy = CGF.CGM.getTypes().GetFunctionType(fnInfo); llvm::FunctionType *fnTy = CGF.CGM.getTypes().GetFunctionType(fnInfo);
llvm::FunctionCallee fn = CGF.CGM.CreateRuntimeFunction(fnTy, fnName); llvm::AttributeList fnAttrs;
fnAttrs = fnAttrs.addAttribute(CGF.getLLVMContext(),
llvm::AttributeList::FunctionIndex,
llvm::Attribute::NoUnwind);
llvm::FunctionCallee fn =
CGF.CGM.CreateRuntimeFunction(fnTy, fnName, fnAttrs);
eugenisUnsubmitted
Not Done
ReplyInline Actions

This needs a clang test, and better move it to a separate change.

eugenis: This needs a clang test, and better move it to a separate change.
auto callee = CGCallee::forDirect(fn); auto callee = CGCallee::forDirect(fn);
return CGF.EmitCall(fnInfo, callee, ReturnValueSlot(), args); return CGF.EmitCall(fnInfo, callee, ReturnValueSlot(), args);
} }
/// Does a store of the given IR type modify the full expected width? /// Does a store of the given IR type modify the full expected width?
static bool isFullSizeType(CodeGenModule &CGM, llvm::Type *type, static bool isFullSizeType(CodeGenModule &CGM, llvm::Type *type,
uint64_t expectedSize) { uint64_t expectedSize) {
return (CGM.getDataLayout().getTypeStoreSize(type) * 8 == expectedSize); return (CGM.getDataLayout().getTypeStoreSize(type) * 8 == expectedSize);
▲ Show 20 LinesShow All 1,797 LinesShow Last 20 Lines

compiler-rt/test/msan/libatomic_load_exceptions.cpp

  • This file was added.
// RUN: %clangxx_msan -fexceptions -fsanitize-memory-track-origins=2 -latomic -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK-SHADOW
// PPC has no libatomic
// UNSUPPORTED: powerpc64-target-arch
// UNSUPPORTED: powerpc64le-target-arch
#include <sanitizer/msan_interface.h>
#include <stdatomic.h>
typedef struct __attribute((packed)) {
uint8_t val[3];
} i24;
void copy(i24 *dst, i24 *src);
int main() {
i24 uninit;
i24 init = {0};
__msan_check_mem_is_initialized(&init, 3);
copy(&init, &uninit);
__msan_check_mem_is_initialized(&init, 3);
}
void copy(i24 *dst, i24 *src) {
try {
__atomic_load(src, dst, __ATOMIC_RELAXED);
} catch (...) {
}
}
// CHECK: MemorySanitizer: use-of-uninitialized-value
// CHECK: #0 {{0x[a-f0-9]+}} in main{{.*}}libatomic_load_exceptions.cpp:[[@LINE-10]]
// CHECK-SHADOW: Uninitialized value was stored to memory at
// CHECK-SHADOW: #0 {{0x[a-f0-9]+}} in copy{{.*}}libatomic_load_exceptions.cpp:[[@LINE-8]]

llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp

Show First 20 LinesShow All 3,499 Lines▼ Show 20 Lines void visitLibAtomicLoad(CallBase &CB) {
Value *DstPtr = CB.getArgOperand(2); Value *DstPtr = CB.getArgOperand(2);
Value *Ordering = CB.getArgOperand(3); Value *Ordering = CB.getArgOperand(3);
// Convert the call to have at least Acquire ordering to make sure // Convert the call to have at least Acquire ordering to make sure
// the shadow operations aren't reordered before it. // the shadow operations aren't reordered before it.
Value *NewOrdering = Value *NewOrdering =
IRB.CreateExtractElement(makeAddAcquireOrderingTable(IRB), Ordering); IRB.CreateExtractElement(makeAddAcquireOrderingTable(IRB), Ordering);
CB.setArgOperand(3, NewOrdering); CB.setArgOperand(3, NewOrdering);
IRBuilder<> NextIRB(CB.getNextNode()); Instruction *InsPoint = CB.getNextNode();
eugenisUnsubmitted
Done
ReplyInline Actions

Check if the function already exists.

eugenis: Check if the function already exists.
if (!InsPoint) {
eugenisUnsubmitted
Done
ReplyInline Actions

Better explicitly check that this an invoke and not call. Call always has a next instruction.

And move this check to the parent function to apply regular call instrumentation to the unrecognized call.

eugenis: Better explicitly check that this an invoke and not call. Call always has a next instruction.
llvm::errs() << "MSAN -- cannot instrument libatomic call with no "
eugenisUnsubmitted
Done
ReplyInline Actions

addVisibility(GlobalValue::HiddenVisibility);

eugenis: addVisibility(GlobalValue::HiddenVisibility);
"successor. Ignoring!\n";
eugenisUnsubmitted
Done
ReplyInline Actions

It has a successor. Two successors, actually.
I'd rather say something like "invoke of __atomic_load".

eugenis: It has a successor. Two successors, actually. I'd rather say something like "invoke of…
return;
}
guiandAuthorUnsubmitted
Done
ReplyInline Actions

TODO: Remove this redudant call

guiand: TODO: Remove this redudant call
eugenisUnsubmitted
Done
ReplyInline Actions

you've already checked it with assert(isa<CallInst>) - which could be changed to isTerminator(), and this could be simplified to NextIRB(CB.getNextNode()).

eugenis: you've already checked it with assert(isa<CallInst>) - which could be changed to isTerminator()…
IRBuilder<> NextIRB(InsPoint);
NextIRB.SetCurrentDebugLocation(CB.getDebugLoc()); NextIRB.SetCurrentDebugLocation(CB.getDebugLoc());
Value *SrcShadowPtr, *SrcOriginPtr; Value *SrcShadowPtr, *SrcOriginPtr;
std::tie(SrcShadowPtr, SrcOriginPtr) = std::tie(SrcShadowPtr, SrcOriginPtr) =
guiandAuthorUnsubmitted
Done
ReplyInline Actions

TODO: Remove

guiand: TODO: Remove
getShadowOriginPtr(SrcPtr, NextIRB, NextIRB.getInt8Ty(), Align(1), getShadowOriginPtr(SrcPtr, NextIRB, NextIRB.getInt8Ty(), Align(1),
/*isStore*/ false); /*isStore*/ false);
Value *DstShadowPtr = Value *DstShadowPtr =
getShadowOriginPtr(DstPtr, NextIRB, NextIRB.getInt8Ty(), Align(1), getShadowOriginPtr(DstPtr, NextIRB, NextIRB.getInt8Ty(), Align(1),
/*isStore*/ true) /*isStore*/ true)
.first; .first;
NextIRB.CreateMemCpy(DstShadowPtr, Align(1), SrcShadowPtr, Align(1), Size); NextIRB.CreateMemCpy(DstShadowPtr, Align(1), SrcShadowPtr, Align(1), Size);
▲ Show 20 LinesShow All 41 Lines▼ Show 20 Lines void visitCallBase(CallBase &CB) {
} }
LibFunc LF; LibFunc LF;
if (TLI->getLibFunc(CB, LF)) { if (TLI->getLibFunc(CB, LF)) {
// libatomic.a functions need to have special handling because there isn't // libatomic.a functions need to have special handling because there isn't
// a good way to intercept them or compile the library with // a good way to intercept them or compile the library with
// instrumentation. // instrumentation.
switch (LF) { switch (LF) {
case LibFunc_atomic_load: case LibFunc_atomic_load:
visitLibAtomicLoad(CB); visitLibAtomicLoad(CB);
eugenisUnsubmitted
Not Done
ReplyInline Actions

Probably need the same check for atomic_store.

eugenis: Probably need the same check for atomic_store.
guiandAuthorUnsubmitted
Done
ReplyInline Actions

Although it would be good for consistency I don't think it's strictly needed since with atomic_store we don't need to use getNextNode()

guiand: Although it would be good for consistency I don't think it's strictly needed since with…
eugenisUnsubmitted
Not Done
ReplyInline Actions

ah, good point. LGTM

eugenis: ah, good point. LGTM
return; return;
case LibFunc_atomic_store: case LibFunc_atomic_store:
visitLibAtomicStore(CB); visitLibAtomicStore(CB);
return; return;
default: default:
break; break;
} }
} }
▲ Show 20 LinesShow All 1,706 LinesShow Last 20 Lines