This is an archive of the discontinued LLVM Phabricator instance.

Differential D85559

[MSAN] Reintroduce libatomic load/store instrumentation
ClosedPublic

Authored by guiand on Aug 7 2020, 2:33 PM.

Details

Reviewers
eugenis
vitalybuka
Summary
Have the front-end use the `nounwind` attribute on atomic libcalls.
This prevents us from seeing `invoke __atomic_load` in MSAN, which
is problematic as it has no successor for instrumentation to be added.

Diff Detail

Unit TestsFailed

TimeTest
1,110 mslinux > MemorySanitizer-X86_64.MemorySanitizer-X86_64::libatomic_load_exceptions.cpp
410 mslinux > MemorySanitizer-lld-X86_64.MemorySanitizer-lld-X86_64::libatomic_load_exceptions.cpp
110 mswindows > Clang.CodeGen::debug-info-unused-types.c

Event Timeline

guiand created this revision.Aug 7 2020, 2:33 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptAug 7 2020, 2:33 PM
Herald added subscribers: llvm-commits, Restricted Project, jfb, hiraditya. · View Herald Transcript
guiand requested review of this revision.Aug 7 2020, 2:33 PM
guiand added inline comments.
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3518

TODO: Remove

eugenis added a comment.Aug 7 2020, 3:30 PM

__libatomic_load might come at the end of the function, with no succeeding BB

Not exactly. It may come at the end of a BB.

We should probably fix it in clang by adding nounwind to libatomic calls, and ignore invokes here.

llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3508

Check if the function already exists.

3510

addVisibility(GlobalValue::HiddenVisibility);

Harbormaster completed remote builds in B67542: Diff 284060.Aug 7 2020, 3:43 PM
guiand updated this revision to Diff 284076.Aug 7 2020, 3:50 PM
guiand edited the summary of this revision. (Show Details)
guiand added a reviewer: rsmith.

Simplified by returning to the old implementation, but having libatomic calls made nounwind (so we never see them as invokes).

Herald added a project: Restricted Project. · View Herald TranscriptAug 7 2020, 3:50 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
Harbormaster completed remote builds in B67551: Diff 284076.Aug 7 2020, 3:51 PM
guiand updated this revision to Diff 284079.Aug 7 2020, 3:51 PM
guiand marked 2 inline comments as done.

Rebased on master

Harbormaster completed remote builds in B67553: Diff 284079.Aug 7 2020, 3:53 PM
guiand updated this revision to Diff 284080.Aug 7 2020, 3:54 PM

Rebased on master (again)

eugenis added inline comments.Aug 7 2020, 4:03 PM
clang/lib/CodeGen/CGAtomic.cpp
315

This needs a clang test, and better move it to a separate change.

llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3509

Better explicitly check that this an invoke and not call. Call always has a next instruction.

And move this check to the parent function to apply regular call instrumentation to the unrecognized call.

3511

It has a successor. Two successors, actually.
I'd rather say something like "invoke of __atomic_load".

Harbormaster completed remote builds in B67554: Diff 284080.Aug 7 2020, 4:46 PM
guiand updated this revision to Diff 284102.Aug 7 2020, 5:26 PM
guiand removed a reviewer: rsmith.

Separated out the frontend change. Addressed other comments.

guiand added a parent revision: D85573: [CGAtomic] Mark atomic libcall functions `nounwind`.Aug 7 2020, 5:26 PM
guiand marked 2 inline comments as done.
guiand added inline comments.
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3513

TODO: Remove this redudant call

Harbormaster completed remote builds in B67570: Diff 284102.Aug 7 2020, 6:09 PM
eugenis added inline comments.Aug 13 2020, 3:53 PM
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3513

you've already checked it with assert(isa<CallInst>) - which could be changed to isTerminator(), and this could be simplified to NextIRB(CB.getNextNode()).

guiand updated this revision to Diff 285572.Aug 14 2020, 12:52 AM

Addressed comments

guiand marked an inline comment as done.Aug 14 2020, 12:53 AM
Harbormaster completed remote builds in B68380: Diff 285572.Aug 14 2020, 1:29 AM
eugenis accepted this revision.Aug 14 2020, 12:47 PM

LGTM with 1 comment

llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3576

Probably need the same check for atomic_store.

This revision is now accepted and ready to land.Aug 14 2020, 12:47 PM
guiand added inline comments.Aug 14 2020, 12:56 PM
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3576

Although it would be good for consistency I don't think it's strictly needed since with atomic_store we don't need to use getNextNode()

eugenis added inline comments.Aug 14 2020, 1:03 PM
llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
3576

ah, good point. LGTM

guiand closed this revision.Aug 14 2020, 1:42 PM

Committed as 97de0188dd5d845ff90c8ac779a2ea09688b17df

Revision Contents

PathSize
clang/
lib/
CodeGen/
7 lines
compiler-rt/
test/
msan/
41 lines
36 lines
llvm/
lib/
Transforms/
Instrumentation/
119 lines
test/
Instrumentation/
MemorySanitizer/
69 lines

Diff 284080

clang/lib/CodeGen/CGAtomic.cpp

Show First 20 LinesShow All 301 Lines▼ Show 20 Lines
static RValue emitAtomicLibcall(CodeGenFunction &CGF, static RValue emitAtomicLibcall(CodeGenFunction &CGF,
StringRef fnName, StringRef fnName,
QualType resultType, QualType resultType,
CallArgList &args) { CallArgList &args) {
const CGFunctionInfo &fnInfo = const CGFunctionInfo &fnInfo =
CGF.CGM.getTypes().arrangeBuiltinFunctionCall(resultType, args); CGF.CGM.getTypes().arrangeBuiltinFunctionCall(resultType, args);
llvm::FunctionType *fnTy = CGF.CGM.getTypes().GetFunctionType(fnInfo); llvm::FunctionType *fnTy = CGF.CGM.getTypes().GetFunctionType(fnInfo);
llvm::FunctionCallee fn = CGF.CGM.CreateRuntimeFunction(fnTy, fnName); llvm::AttributeList fnAttrs;
fnAttrs = fnAttrs.addAttribute(CGF.getLLVMContext(),
llvm::AttributeList::FunctionIndex,
llvm::Attribute::NoUnwind);
llvm::FunctionCallee fn =
CGF.CGM.CreateRuntimeFunction(fnTy, fnName, fnAttrs);
eugenisUnsubmitted
Not Done
ReplyInline Actions

This needs a clang test, and better move it to a separate change.

eugenis: This needs a clang test, and better move it to a separate change.
auto callee = CGCallee::forDirect(fn); auto callee = CGCallee::forDirect(fn);
return CGF.EmitCall(fnInfo, callee, ReturnValueSlot(), args); return CGF.EmitCall(fnInfo, callee, ReturnValueSlot(), args);
} }
/// Does a store of the given IR type modify the full expected width? /// Does a store of the given IR type modify the full expected width?
static bool isFullSizeType(CodeGenModule &CGM, llvm::Type *type, static bool isFullSizeType(CodeGenModule &CGM, llvm::Type *type,
uint64_t expectedSize) { uint64_t expectedSize) {
return (CGM.getDataLayout().getTypeStoreSize(type) * 8 == expectedSize); return (CGM.getDataLayout().getTypeStoreSize(type) * 8 == expectedSize);
▲ Show 20 LinesShow All 1,797 LinesShow Last 20 Lines

compiler-rt/test/msan/libatomic.c

  • This file was added.
// RUN: %clang_msan -fsanitize-memory-track-origins=2 -latomic -DTEST_STORE -O0 %s -o %t && %run %t 2>&1
// RUN: %clang_msan -fsanitize-memory-track-origins=0 -latomic -DTEST_LOAD -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK
// RUN: %clang_msan -fsanitize-memory-track-origins=2 -latomic -DTEST_LOAD -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK-SHADOW
// PPC has no libatomic
// UNSUPPORTED: powerpc64-target-arch
// UNSUPPORTED: powerpc64le-target-arch
#include <sanitizer/msan_interface.h>
#include <stdatomic.h>
typedef struct __attribute((packed)) {
uint8_t val[3];
} i24;
void copy(i24 *dst, i24 *src);
int main() {
i24 uninit;
i24 init = {0};
__msan_check_mem_is_initialized(&init, 3);
copy(&init, &uninit);
__msan_check_mem_is_initialized(&init, 3);
}
void copy(i24 *dst, i24 *src) {
#ifdef TEST_LOAD
__atomic_load(src, dst, __ATOMIC_RELAXED);
// CHECK: MemorySanitizer: use-of-uninitialized-value
// CHECK: #0 {{0x[a-f0-9]+}} in main{{.*}}libatomic.c:[[@LINE-8]]
// CHECK-SHADOW: Uninitialized value was stored to memory at
// CHECK-SHADOW: #0 {{0x[a-f0-9]+}} in copy{{.*}}libatomic.c:[[@LINE-6]]
#endif
#ifdef TEST_STORE
// Store always writes a clean shadow
__atomic_store(src, dst, __ATOMIC_RELAXED);
#endif
}

compiler-rt/test/msan/libatomic_load_exceptions.cpp

  • This file was added.
// RUN: %clangxx_msan -fexceptions -fsanitize-memory-track-origins=2 -latomic -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CHECK-SHADOW
// PPC has no libatomic
// UNSUPPORTED: powerpc64-target-arch
// UNSUPPORTED: powerpc64le-target-arch
#include <sanitizer/msan_interface.h>
#include <stdatomic.h>
typedef struct __attribute((packed)) {
uint8_t val[3];
} i24;
void copy(i24 *dst, i24 *src);
int main() {
i24 uninit;
i24 init = {0};
__msan_check_mem_is_initialized(&init, 3);
copy(&init, &uninit);
__msan_check_mem_is_initialized(&init, 3);
}
void copy(i24 *dst, i24 *src) {
try {
__atomic_load(src, dst, __ATOMIC_RELAXED);
} catch (...) {
}
}
// CHECK: MemorySanitizer: use-of-uninitialized-value
// CHECK: #0 {{0x[a-f0-9]+}} in main{{.*}}libatomic_load_exceptions.cpp:[[@LINE-10]]
// CHECK-SHADOW: Uninitialized value was stored to memory at
// CHECK-SHADOW: #0 {{0x[a-f0-9]+}} in copy{{.*}}libatomic_load_exceptions.cpp:[[@LINE-8]]

llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp

Show First 20 LinesShow All 567 Lines▼ Show 20 Linesprivate:
/// Run-time helper that poisons stack on function entry. /// Run-time helper that poisons stack on function entry.
FunctionCallee MsanPoisonStackFn; FunctionCallee MsanPoisonStackFn;
/// Run-time helper that records a store (or any event) of an /// Run-time helper that records a store (or any event) of an
/// uninitialized value and returns an updated origin id encoding this info. /// uninitialized value and returns an updated origin id encoding this info.
FunctionCallee MsanChainOriginFn; FunctionCallee MsanChainOriginFn;
/// Run-time helper that paints an origin over a region.
FunctionCallee MsanSetOriginFn;
/// MSan runtime replacements for memmove, memcpy and memset. /// MSan runtime replacements for memmove, memcpy and memset.
FunctionCallee MemmoveFn, MemcpyFn, MemsetFn; FunctionCallee MemmoveFn, MemcpyFn, MemsetFn;
/// KMSAN callback for task-local function argument shadow. /// KMSAN callback for task-local function argument shadow.
StructType *MsanContextStateTy; StructType *MsanContextStateTy;
FunctionCallee MsanGetContextStateFn; FunctionCallee MsanGetContextStateFn;
/// Functions for poisoning/unpoisoning local variables /// Functions for poisoning/unpoisoning local variables
▲ Show 20 LinesShow All 262 Lines▼ Show 20 Linesvoid MemorySanitizer::initializeCallbacks(Module &M) {
if (CallbacksInitialized) if (CallbacksInitialized)
return; return;
IRBuilder<> IRB(*C); IRBuilder<> IRB(*C);
// Initialize callbacks that are common for kernel and userspace // Initialize callbacks that are common for kernel and userspace
// instrumentation. // instrumentation.
MsanChainOriginFn = M.getOrInsertFunction( MsanChainOriginFn = M.getOrInsertFunction(
"__msan_chain_origin", IRB.getInt32Ty(), IRB.getInt32Ty()); "__msan_chain_origin", IRB.getInt32Ty(), IRB.getInt32Ty());
MsanSetOriginFn =
M.getOrInsertFunction("__msan_set_origin", IRB.getVoidTy(),
IRB.getInt8PtrTy(), IntptrTy, IRB.getInt32Ty());
MemmoveFn = M.getOrInsertFunction( MemmoveFn = M.getOrInsertFunction(
"__msan_memmove", IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), "__msan_memmove", IRB.getInt8PtrTy(), IRB.getInt8PtrTy(),
IRB.getInt8PtrTy(), IntptrTy); IRB.getInt8PtrTy(), IntptrTy);
MemcpyFn = M.getOrInsertFunction( MemcpyFn = M.getOrInsertFunction(
"__msan_memcpy", IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), "__msan_memcpy", IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IRB.getInt8PtrTy(),
IntptrTy); IntptrTy);
MemsetFn = M.getOrInsertFunction( MemsetFn = M.getOrInsertFunction(
"__msan_memset", IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IRB.getInt32Ty(), "__msan_memset", IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IRB.getInt32Ty(),
▲ Show 20 LinesShow All 951 Lines▼ Show 20 Lines switch (a) {
case AtomicOrdering::AcquireRelease: case AtomicOrdering::AcquireRelease:
return AtomicOrdering::AcquireRelease; return AtomicOrdering::AcquireRelease;
case AtomicOrdering::SequentiallyConsistent: case AtomicOrdering::SequentiallyConsistent:
return AtomicOrdering::SequentiallyConsistent; return AtomicOrdering::SequentiallyConsistent;
} }
llvm_unreachable("Unknown ordering"); llvm_unreachable("Unknown ordering");
} }
Value *makeAddReleaseOrderingTable(IRBuilder<> &IRB) {
constexpr int NumOrderings = (int)AtomicOrderingCABI::seq_cst + 1;
uint32_t OrderingTable[NumOrderings] = {};
OrderingTable[(int)AtomicOrderingCABI::relaxed] =
OrderingTable[(int)AtomicOrderingCABI::release] =
(int)AtomicOrderingCABI::release;
OrderingTable[(int)AtomicOrderingCABI::consume] =
OrderingTable[(int)AtomicOrderingCABI::acquire] =
OrderingTable[(int)AtomicOrderingCABI::acq_rel] =
(int)AtomicOrderingCABI::acq_rel;
OrderingTable[(int)AtomicOrderingCABI::seq_cst] =
(int)AtomicOrderingCABI::seq_cst;
return ConstantDataVector::get(IRB.getContext(),
makeArrayRef(OrderingTable, NumOrderings));
}
AtomicOrdering addAcquireOrdering(AtomicOrdering a) { AtomicOrdering addAcquireOrdering(AtomicOrdering a) {
switch (a) { switch (a) {
case AtomicOrdering::NotAtomic: case AtomicOrdering::NotAtomic:
return AtomicOrdering::NotAtomic; return AtomicOrdering::NotAtomic;
case AtomicOrdering::Unordered: case AtomicOrdering::Unordered:
case AtomicOrdering::Monotonic: case AtomicOrdering::Monotonic:
case AtomicOrdering::Acquire: case AtomicOrdering::Acquire:
return AtomicOrdering::Acquire; return AtomicOrdering::Acquire;
case AtomicOrdering::Release: case AtomicOrdering::Release:
case AtomicOrdering::AcquireRelease: case AtomicOrdering::AcquireRelease:
return AtomicOrdering::AcquireRelease; return AtomicOrdering::AcquireRelease;
case AtomicOrdering::SequentiallyConsistent: case AtomicOrdering::SequentiallyConsistent:
return AtomicOrdering::SequentiallyConsistent; return AtomicOrdering::SequentiallyConsistent;
} }
llvm_unreachable("Unknown ordering"); llvm_unreachable("Unknown ordering");
} }
Value *makeAddAcquireOrderingTable(IRBuilder<> &IRB) {
constexpr int NumOrderings = (int)AtomicOrderingCABI::seq_cst + 1;
uint32_t OrderingTable[NumOrderings] = {};
OrderingTable[(int)AtomicOrderingCABI::relaxed] =
OrderingTable[(int)AtomicOrderingCABI::acquire] =
OrderingTable[(int)AtomicOrderingCABI::consume] =
(int)AtomicOrderingCABI::acquire;
OrderingTable[(int)AtomicOrderingCABI::release] =
OrderingTable[(int)AtomicOrderingCABI::acq_rel] =
(int)AtomicOrderingCABI::acq_rel;
OrderingTable[(int)AtomicOrderingCABI::seq_cst] =
(int)AtomicOrderingCABI::seq_cst;
return ConstantDataVector::get(IRB.getContext(),
makeArrayRef(OrderingTable, NumOrderings));
}
// ------------------- Visitors. // ------------------- Visitors.
using InstVisitor<MemorySanitizerVisitor>::visit; using InstVisitor<MemorySanitizerVisitor>::visit;
void visit(Instruction &I) { void visit(Instruction &I) {
if (!I.getMetadata("nosanitize")) if (!I.getMetadata("nosanitize"))
InstVisitor<MemorySanitizerVisitor>::visit(I); InstVisitor<MemorySanitizerVisitor>::visit(I);
} }
/// Instrument LoadInst /// Instrument LoadInst
▲ Show 20 LinesShow All 1,600 Lines▼ Show 20 Lines void visitIntrinsicInst(IntrinsicInst &I) {
default: default:
if (!handleUnknownIntrinsic(I)) if (!handleUnknownIntrinsic(I))
visitInstruction(I); visitInstruction(I);
break; break;
} }
} }
void visitLibAtomicLoad(CallBase &CB) {
IRBuilder<> IRB(&CB);
Value *Size = CB.getArgOperand(0);
Value *SrcPtr = CB.getArgOperand(1);
Value *DstPtr = CB.getArgOperand(2);
Value *Ordering = CB.getArgOperand(3);
// Convert the call to have at least Acquire ordering to make sure
// the shadow operations aren't reordered before it.
Value *NewOrdering =
IRB.CreateExtractElement(makeAddAcquireOrderingTable(IRB), Ordering);
CB.setArgOperand(3, NewOrdering);
Instruction *InsPoint = CB.getNextNode();
eugenisUnsubmitted
Done
ReplyInline Actions

Check if the function already exists.

eugenis: Check if the function already exists.
if (!InsPoint) {
eugenisUnsubmitted
Done
ReplyInline Actions

Better explicitly check that this an invoke and not call. Call always has a next instruction.

And move this check to the parent function to apply regular call instrumentation to the unrecognized call.

eugenis: Better explicitly check that this an invoke and not call. Call always has a next instruction.
llvm::errs() << "MSAN -- cannot instrument libatomic call with no "
eugenisUnsubmitted
Done
ReplyInline Actions

addVisibility(GlobalValue::HiddenVisibility);

eugenis: addVisibility(GlobalValue::HiddenVisibility);
"successor. Ignoring!\n";
eugenisUnsubmitted
Done
ReplyInline Actions

It has a successor. Two successors, actually.
I'd rather say something like "invoke of __atomic_load".

eugenis: It has a successor. Two successors, actually. I'd rather say something like "invoke of…
return;
}
guiandAuthorUnsubmitted
Done
ReplyInline Actions

TODO: Remove this redudant call

guiand: TODO: Remove this redudant call
eugenisUnsubmitted
Done
ReplyInline Actions

you've already checked it with assert(isa<CallInst>) - which could be changed to isTerminator(), and this could be simplified to NextIRB(CB.getNextNode()).

eugenis: you've already checked it with assert(isa<CallInst>) - which could be changed to isTerminator()…
IRBuilder<> NextIRB(InsPoint);
NextIRB.SetCurrentDebugLocation(CB.getDebugLoc());
Value *SrcShadowPtr, *SrcOriginPtr;
std::tie(SrcShadowPtr, SrcOriginPtr) =
guiandAuthorUnsubmitted
Done
ReplyInline Actions

TODO: Remove

guiand: TODO: Remove
getShadowOriginPtr(SrcPtr, NextIRB, NextIRB.getInt8Ty(), Align(1),
/*isStore*/ false);
Value *DstShadowPtr =
getShadowOriginPtr(DstPtr, NextIRB, NextIRB.getInt8Ty(), Align(1),
/*isStore*/ true)
.first;
NextIRB.CreateMemCpy(DstShadowPtr, Align(1), SrcShadowPtr, Align(1), Size);
if (MS.TrackOrigins) {
Value *SrcOrigin = NextIRB.CreateAlignedLoad(MS.OriginTy, SrcOriginPtr,
kMinOriginAlignment);
Value *NewOrigin = updateOrigin(SrcOrigin, NextIRB);
NextIRB.CreateCall(MS.MsanSetOriginFn, {DstPtr, Size, NewOrigin});
}
}
void visitLibAtomicStore(CallBase &CB) {
IRBuilder<> IRB(&CB);
Value *Size = CB.getArgOperand(0);
Value *DstPtr = CB.getArgOperand(2);
Value *Ordering = CB.getArgOperand(3);
// Convert the call to have at least Release ordering to make sure
// the shadow operations aren't reordered after it.
Value *NewOrdering =
IRB.CreateExtractElement(makeAddReleaseOrderingTable(IRB), Ordering);
CB.setArgOperand(3, NewOrdering);
Value *DstShadowPtr =
getShadowOriginPtr(DstPtr, IRB, IRB.getInt8Ty(), Align(1),
/*isStore*/ true)
.first;
// Atomic store always paints clean shadow/origin. See file header.
IRB.CreateMemSet(DstShadowPtr, getCleanShadow(IRB.getInt8Ty()), Size,
Align(1));
}
void visitCallBase(CallBase &CB) { void visitCallBase(CallBase &CB) {
assert(!CB.getMetadata("nosanitize")); assert(!CB.getMetadata("nosanitize"));
if (CB.isInlineAsm()) { if (CB.isInlineAsm()) {
// For inline asm (either a call to asm function, or callbr instruction), // For inline asm (either a call to asm function, or callbr instruction),
// do the usual thing: check argument shadow and mark all outputs as // do the usual thing: check argument shadow and mark all outputs as
// clean. Note that any side effects of the inline asm that are not // clean. Note that any side effects of the inline asm that are not
// immediately visible in its constraints are not handled. // immediately visible in its constraints are not handled.
if (ClHandleAsmConservative && MS.CompileKernel) if (ClHandleAsmConservative && MS.CompileKernel)
visitAsmInstruction(CB); visitAsmInstruction(CB);
else else
visitInstruction(CB); visitInstruction(CB);
return; return;
} }
LibFunc LF;
if (TLI->getLibFunc(CB, LF)) {
// libatomic.a functions need to have special handling because there isn't
// a good way to intercept them or compile the library with
// instrumentation.
switch (LF) {
case LibFunc_atomic_load:
visitLibAtomicLoad(CB);
eugenisUnsubmitted
Not Done
ReplyInline Actions

Probably need the same check for atomic_store.

eugenis: Probably need the same check for atomic_store.
guiandAuthorUnsubmitted
Done
ReplyInline Actions

Although it would be good for consistency I don't think it's strictly needed since with atomic_store we don't need to use getNextNode()

guiand: Although it would be good for consistency I don't think it's strictly needed since with…
eugenisUnsubmitted
Not Done
ReplyInline Actions

ah, good point. LGTM

eugenis: ah, good point. LGTM
return;
case LibFunc_atomic_store:
visitLibAtomicStore(CB);
return;
default:
break;
}
}
if (auto *Call = dyn_cast<CallInst>(&CB)) { if (auto *Call = dyn_cast<CallInst>(&CB)) {
assert(!isa<IntrinsicInst>(Call) && "intrinsics are handled elsewhere"); assert(!isa<IntrinsicInst>(Call) && "intrinsics are handled elsewhere");
// We are going to insert code that relies on the fact that the callee // We are going to insert code that relies on the fact that the callee
// will become a non-readonly function after it is instrumented by us. To // will become a non-readonly function after it is instrumented by us. To
// prevent this code from being optimized out, mark that function // prevent this code from being optimized out, mark that function
// non-readonly in advance. // non-readonly in advance.
AttrBuilder B; AttrBuilder B;
▲ Show 20 LinesShow All 1,697 LinesShow Last 20 Lines

llvm/test/Instrumentation/MemorySanitizer/libatomic.ll

  • This file was added.
; RUN: opt < %s -msan-check-access-address=0 -S -passes=msan 2>&1 | FileCheck %s
; RUN: opt < %s -msan-check-access-address=0 -msan-track-origins=2 -S -passes=msan 2>&1 | FileCheck %s -check-prefixes=CHECK,CHECK-ORIGIN
; RUN: opt < %s -msan -msan-check-access-address=0 -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"
declare void @__atomic_load(i64, i8*, i8*, i32)
declare void @__atomic_store(i64, i8*, i8*, i32)
define i24 @odd_sized_load(i24* %ptr) sanitize_memory {
; CHECK: @odd_sized_load(i24* {{.*}}[[PTR:%.+]])
; CHECK: [[VAL_PTR:%.*]] = alloca i24, align 1
; CHECK-ORIGIN: @__msan_set_alloca_origin
; CHECK: [[VAL_PTR_I8:%.*]] = bitcast i24* [[VAL_PTR]] to i8*
; CHECK: [[PTR_I8:%.*]] = bitcast i24* [[PTR]] to i8*
; CHECK: call void @__atomic_load(i64 3, i8* [[PTR_I8]], i8* [[VAL_PTR_I8]], i32 2)
; CHECK: ptrtoint i8* [[PTR_I8]]
; CHECK: xor
; CHECK: [[SPTR_I8:%.*]] = inttoptr
; CHECK-ORIGIN: add
; CHECK-ORIGIN: and
; CHECK-ORIGIN: [[OPTR:%.*]] = inttoptr
; CHECK: ptrtoint i8* [[VAL_PTR_I8]]
; CHECK: xor
; CHECK: [[VAL_SPTR_I8:%.*]] = inttoptr
; CHECK-ORIGIN: add
; CHECK-ORIGIN: and
; CHECK-ORIGIN: [[VAL_OPTR:%.*]] = inttoptr
; CHECK: call void @llvm.memcpy{{.*}}(i8* align 1 [[VAL_SPTR_I8]], i8* align 1 [[SPTR_I8]], i64 3
; CHECK-ORIGIN: [[ARG_ORIGIN:%.*]] = load i32, i32* [[OPTR]]
; CHECK-ORIGIN: [[VAL_ORIGIN:%.*]] = call i32 @__msan_chain_origin(i32 [[ARG_ORIGIN]])
; CHECK-ORIGIN: call void @__msan_set_origin(i8* [[VAL_PTR_I8]], i64 3, i32 [[VAL_ORIGIN]])
; CHECK: [[VAL:%.*]] = load i24, i24* [[VAL_PTR]]
; CHECK: ret i24 [[VAL]]
%val_ptr = alloca i24, align 1
%val_ptr_i8 = bitcast i24* %val_ptr to i8*
%ptr_i8 = bitcast i24* %ptr to i8*
call void @__atomic_load(i64 3, i8* %ptr_i8, i8* %val_ptr_i8, i32 0)
%val = load i24, i24* %val_ptr
ret i24 %val
}
define void @odd_sized_store(i24* %ptr, i24 %val) sanitize_memory {
; CHECK: @odd_sized_store(i24* {{.*}}[[PTR:%.+]], i24 {{.*}}[[VAL:%.+]])
; CHECK: [[VAL_PTR:%.*]] = alloca i24, align 1
; CHECK: store i24 [[VAL]], i24* [[VAL_PTR]]
; CHECK: [[VAL_PTR_I8:%.*]] = bitcast i24* [[VAL_PTR]] to i8*
; CHECK: [[PTR_I8:%.*]] = bitcast i24* [[PTR]] to i8*
; CHECK: ptrtoint i8* [[PTR_I8]]
; CHECK: xor
; CHECK: [[SPTR_I8:%.*]] = inttoptr
; CHECK: call void @llvm.memset{{.*}}(i8* align 1 [[SPTR_I8]], i8 0, i64 3
; CHECK: call void @__atomic_store(i64 3, i8* [[VAL_PTR_I8]], i8* [[PTR_I8]], i32 3)
; CHECK: ret void
%val_ptr = alloca i24, align 1
store i24 %val, i24* %val_ptr
%val_ptr_i8 = bitcast i24* %val_ptr to i8*
%ptr_i8 = bitcast i24* %ptr to i8*
call void @__atomic_store(i64 3, i8* %val_ptr_i8, i8* %ptr_i8, i32 0)
ret void
}