This is an archive of the discontinued LLVM Phabricator instance.

Differential D92440

[dfsan] Support passing non-i16 shadow values in TLS mode
ClosedPublic

Authored by stephan.yichao.zhao on Dec 1 2020, 5:24 PM.

Details

Reviewers
morehouse
pcc
Commits
rG80e326a8c4cf: [dfsan] Support passing non-i16 shadow values in TLS mode
Summary
This is a child diff of D92261.

It extended TLS arg/ret to work with aggregate types.

For a function
  t foo(t1 a1, t2 a2, ... tn an)
Its arguments shadow are saved in TLS args like
  a1_s, a2_s, ..., an_s
TLS ret simply includes r_s. By calculating the type size of each shadow
value, we can get their offset.

This is similar to what MSan does. See __msan_retval_tls and __msan_param_tls
from llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp.

Note that this change does not add test cases for overflowed TLS
arg/ret because this is hard to test w/o supporting aggregate shdow
types. We will be adding them after supporting that.

Diff Detail

Unit TestsFailed

TimeTest
1,800 msx64 debian > libarcher.races::lock-unrelated.c

Event Timeline

stephan.yichao.zhao created this revision.Dec 1 2020, 5:24 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptDec 1 2020, 5:24 PM
Herald added subscribers: llvm-commits, Restricted Project, hiraditya. · View Herald Transcript
stephan.yichao.zhao requested review of this revision.Dec 1 2020, 5:24 PM
Harbormaster completed remote builds in B80743: Diff 308822.Dec 1 2020, 5:43 PM
stephan.yichao.zhao updated this revision to Diff 308832.Dec 1 2020, 6:27 PM
stephan.yichao.zhao edited the summary of this revision. (Show Details)

update

Harbormaster completed remote builds in B80747: Diff 308832.Dec 1 2020, 7:08 PM
morehouse added inline comments.Dec 2 2020, 8:25 AM
llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp
1078

This is a duplicate of the declaration comment. Let's remove this one. (Same for functions below).

1100

Nit: omit curly braces for one-line bodies. (Same elsewhere)

1108

Nit: This comment can fit on the same line as the break. (Same below)

1121

Nit: Base is a confusing name since it sounds like the base pointer to the TLS, not the offset. Let's rename it something else, maybe ArgShadowPtr?

llvm/test/Instrumentation/DataFlowSanitizer/arith.ll
7–10

Should we verify that align is 8?

8

IIUC, this adds 8 to __dfsan_arg_tls to get b's shadow. This is because we have 8-byte alignment, right?

Why do we need 8 byte alignment?

12

The ST and VT names are a little confusing to me. What do they mean?

llvm/test/Instrumentation/DataFlowSanitizer/select.ll
9

Should we verify offsets in the TLS for each argument?

stephan.yichao.zhao updated this revision to Diff 309031.Dec 2 2020, 12:22 PM
stephan.yichao.zhao marked 6 inline comments as done.

addressed comments

stephan.yichao.zhao marked an inline comment as done.Dec 2 2020, 12:22 PM
stephan.yichao.zhao added inline comments.
llvm/test/Instrumentation/DataFlowSanitizer/arith.ll
8

This flows MSan's setting. https://github.com/llvm/llvm-project/commit/d2bd319adc7cf19d6e47d3caf3b6f508f299ea57 introduced 8-byte alignment for MSan. It sounds like sometimes the origin arg's alignment can be too large. This makes arg_tls run out of space.

12

renamed ST to SHADOWTYPE, and VT to ARGTLSTYPE

Harbormaster completed remote builds in B80847: Diff 309031.Dec 2 2020, 12:35 PM
stephan.yichao.zhao updated this revision to Diff 309158.Dec 2 2020, 10:45 PM

rebased after submitting D92459

Harbormaster completed remote builds in B80912: Diff 309158.Dec 2 2020, 11:19 PM
morehouse added a comment.Dec 3 2020, 7:03 AM

Looks like load.ll and phi.ll need to be updated.

Also, what is the impact on code size with this change?

stephan.yichao.zhao updated this revision to Diff 309339.Dec 3 2020, 12:46 PM

updated load.ll and phi.ll.

Evaluated code size.

  1. for large binaries with original size 2G, the additional overhead is within 0.2%.
  1. We also examined a small case.

Loading TLS arguments and storing TLS ret inside a function have the same overhead
between the two approaches.

At callsite, if all parameters are variables, their overheads are also the same.
When any parameter is a constant, the i16-shadow shadow can be of less overhead.

At a callsite this diff stores shadows for the 6 parameters like this:

mov 0x0(%rip),%rax
xor %ecx,%ecx
mov %cx,%fs:(%rax)
mov %cx,%fs:0x8(%rax)
mov %cx,%fs:0x10(%rax)
mov %cx,%fs:0x18(%rax)
mov %cx,%fs:0x20(%rax)
mov %cx,%fs:0x28(%rax)

The i16-shadow stores shadows for the 6 parameters like this:

mov 0x0(%rip),%rax
movq $0x0,%fs:(%rax)
movl $0x0,%fs:0x8(%rax)

Because of the 8-byte alignment codegen cannot zero-out consecutive memory addresses
with fewer instructions. If this turns out to be a common case, we may want to revisit this.

morehouse added a comment.Dec 3 2020, 1:12 PM

Why do we need the 8 byte alignment at all? It seems a little silly to have gaps in the TLS shadow.

Currently, when there's 6 params we get the following TLS pattern:

xxxxxx11xxxxxx22xxxxxx33xxxxxx44xxxxxx55xxxxxx66

where each x is an unused byte.

stephan.yichao.zhao added a comment.EditedDec 3 2020, 1:27 PM

Hm, I checked the diff that introduced 8-byte alignment for MSan again.

It seems that this is specific to MSan because MSan's shadow type is the same to its original type: m128i's shadow type is also m128i. If m128i is set with a large alignment,
so does its shadow type. However DFSan's approach always uses i16 for all primitive types: if m128i exists, its shadow type is still i16.

So it is not necessary to follow MSan's. I will update.

Harbormaster completed remote builds in B81004: Diff 309339.Dec 3 2020, 1:41 PM
stephan.yichao.zhao updated this revision to Diff 309387.Dec 3 2020, 3:26 PM

switched to 2-byte alignment to be consistent with 16bit shadow values.

With this alignment, its binary code about TLS is the same as the code before this diff.
For large binaries with original size > 2G, the additional overhead is -0.1%. So its
overall code size overhead is slightly smaller than the current codegen.

morehouse accepted this revision.Dec 3 2020, 3:30 PM

LGTM

This revision is now accepted and ready to land.Dec 3 2020, 3:30 PM
Harbormaster completed remote builds in B81027: Diff 309387.Dec 3 2020, 4:18 PM
This revision was landed with ongoing or failed builds.Dec 3 2020, 6:46 PM
Closed by commit rG80e326a8c4cf: [dfsan] Support passing non-i16 shadow values in TLS mode (authored by Jianzhou Zhao <jianzhouzh@google.com>). · Explain Why
This revision was automatically updated to reflect the committed changes.
Jianzhou Zhao <jianzhouzh@google.com> added a commit: rG80e326a8c4cf: [dfsan] Support passing non-i16 shadow values in TLS mode.
stephan.yichao.zhao mentioned this in D92261: [dfsan] Track field/index-level shadow values in variables.Dec 8 2020, 1:25 AM

Revision Contents

PathSize
compiler-rt/
lib/
dfsan/
11 lines
llvm/
lib/
Transforms/
Instrumentation/
121 lines
test/
Instrumentation/
DataFlowSanitizer/
10 lines
4 lines
2 lines
6 lines
4 lines
4 lines
50 lines

Diff 309339

compiler-rt/lib/dfsan/dfsan.cpp

Show All 35 Lines
static const uptr kNumLabels = 1 << (sizeof(dfsan_label) * 8); static const uptr kNumLabels = 1 << (sizeof(dfsan_label) * 8);
static atomic_dfsan_label __dfsan_last_label; static atomic_dfsan_label __dfsan_last_label;
static dfsan_label_info __dfsan_label_info[kNumLabels]; static dfsan_label_info __dfsan_label_info[kNumLabels];
Flags __dfsan::flags_data; Flags __dfsan::flags_data;
SANITIZER_INTERFACE_ATTRIBUTE THREADLOCAL dfsan_label __dfsan_retval_tls; // The size of TLS variables. These constants must be kept in sync with the ones
SANITIZER_INTERFACE_ATTRIBUTE THREADLOCAL dfsan_label __dfsan_arg_tls[64]; // in DataFlowSanitizer.cpp.
static const int kDFsanArgTlsSize = 800;
static const int kDFsanRetvalTlsSize = 800;
SANITIZER_INTERFACE_ATTRIBUTE THREADLOCAL u64
__dfsan_retval_tls[kDFsanRetvalTlsSize / sizeof(u64)];
SANITIZER_INTERFACE_ATTRIBUTE THREADLOCAL u64
__dfsan_arg_tls[kDFsanArgTlsSize / sizeof(u64)];
SANITIZER_INTERFACE_ATTRIBUTE uptr __dfsan_shadow_ptr_mask; SANITIZER_INTERFACE_ATTRIBUTE uptr __dfsan_shadow_ptr_mask;
// On Linux/x86_64, memory is laid out as follows: // On Linux/x86_64, memory is laid out as follows:
// //
// +--------------------+ 0x800000000000 (top of memory) // +--------------------+ 0x800000000000 (top of memory)
// | application memory | // | application memory |
// +--------------------+ 0x700000008000 (kAppAddr) // +--------------------+ 0x700000008000 (kAppAddr)
▲ Show 20 LinesShow All 468 LinesShow Last 20 Lines

llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp

Show First 20 LinesShow All 100 Lines▼ Show 20 Lines
#include <memory> #include <memory>
#include <set> #include <set>
#include <string> #include <string>
#include <utility> #include <utility>
#include <vector> #include <vector>
using namespace llvm; using namespace llvm;
static const Align kShadowTLSAlignment = Align(8);
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for variable 'kShadowTLSAlignment' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for variable 'kShadowTLSAlignment' [readability…
// The size of TLS variables. These constants must be kept in sync with the ones
// in dfsan.cpp.
static const unsigned kArgTLSSize = 800;
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for variable 'kArgTLSSize' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for variable 'kArgTLSSize' [readability-identifier…
static const unsigned kRetvalTLSSize = 800;
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for variable 'kRetvalTLSSize' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for variable 'kRetvalTLSSize' [readability-identifier…
// External symbol to be used when generating the shadow address for // External symbol to be used when generating the shadow address for
// architectures with multiple VMAs. Instead of using a constant integer // architectures with multiple VMAs. Instead of using a constant integer
// the runtime will set the external mask based on the VMA range. // the runtime will set the external mask based on the VMA range.
const char kDFSanExternShadowPtrMask[] = "__dfsan_shadow_ptr_mask"; const char kDFSanExternShadowPtrMask[] = "__dfsan_shadow_ptr_mask";
// The -dfsan-preserve-alignment flag controls whether this pass assumes that // The -dfsan-preserve-alignment flag controls whether this pass assumes that
// alignment requirements provided by the input IR are correct. For example, // alignment requirements provided by the input IR are correct. For example,
// if the input IR contains a load with alignment 8, this flag will cause // if the input IR contains a load with alignment 8, this flag will cause
▲ Show 20 LinesShow All 325 Lines▼ Show 20 Linesstruct DFSanFunction {
DFSanFunction(DataFlowSanitizer &DFS, Function *F, bool IsNativeABI) DFSanFunction(DataFlowSanitizer &DFS, Function *F, bool IsNativeABI)
: DFS(DFS), F(F), IA(DFS.getInstrumentedABI()), IsNativeABI(IsNativeABI) { : DFS(DFS), F(F), IA(DFS.getInstrumentedABI()), IsNativeABI(IsNativeABI) {
DT.recalculate(*F); DT.recalculate(*F);
// FIXME: Need to track down the register allocator issue which causes poor // FIXME: Need to track down the register allocator issue which causes poor
// performance in pathological cases with large numbers of basic blocks. // performance in pathological cases with large numbers of basic blocks.
AvoidNewBlocks = F->size() > 1000; AvoidNewBlocks = F->size() > 1000;
} }
Value *getArgTLS(unsigned Index, Instruction *Pos); /// Computes the shadow address for a given function argument.
///
/// Shadow = ArgTLS+ArgOffset.
Value *getArgTLS(unsigned ArgOffset, IRBuilder<> &IRB);
/// Computes the shadow address for a retval.
Value *getRetvalTLS(IRBuilder<> &IRB);
Value *getShadow(Value *V); Value *getShadow(Value *V);
void setShadow(Instruction *I, Value *Shadow); void setShadow(Instruction *I, Value *Shadow);
Value *combineShadows(Value *V1, Value *V2, Instruction *Pos); Value *combineShadows(Value *V1, Value *V2, Instruction *Pos);
Value *combineOperandShadows(Instruction *Inst); Value *combineOperandShadows(Instruction *Inst);
Value *loadShadow(Value *ShadowAddr, uint64_t Size, uint64_t Align, Value *loadShadow(Value *ShadowAddr, uint64_t Size, uint64_t Align,
Instruction *Pos); Instruction *Pos);
void storeShadow(Value *Addr, uint64_t Size, Align Alignment, Value *Shadow, void storeShadow(Value *Addr, uint64_t Size, Align Alignment, Value *Shadow,
Instruction *Pos); Instruction *Pos);
private:
/// Returns the shadow value of an argument A.
Value *getShadowForTLSArgument(Argument *A);
}; };
class DFSanVisitor : public InstVisitor<DFSanVisitor> { class DFSanVisitor : public InstVisitor<DFSanVisitor> {
public: public:
DFSanFunction &DFSF; DFSanFunction &DFSF;
DFSanVisitor(DFSanFunction &DFSF) : DFSF(DFSF) {} DFSanVisitor(DFSanFunction &DFSF) : DFSF(DFSF) {}
▲ Show 20 LinesShow All 344 Lines▼ Show 20 Linesbool DataFlowSanitizer::runImpl(Module &M) {
if (ABIList.isIn(M, "skip")) if (ABIList.isIn(M, "skip"))
return false; return false;
const unsigned InitialGlobalSize = M.global_size(); const unsigned InitialGlobalSize = M.global_size();
const unsigned InitialModuleSize = M.size(); const unsigned InitialModuleSize = M.size();
bool Changed = false; bool Changed = false;
Type *ArgTLSTy = ArrayType::get(PrimitiveShadowTy, 64); Type *ArgTLSTy = ArrayType::get(Type::getInt64Ty(*Ctx), kArgTLSSize / 8);
ArgTLS = Mod->getOrInsertGlobal("__dfsan_arg_tls", ArgTLSTy); ArgTLS = Mod->getOrInsertGlobal("__dfsan_arg_tls", ArgTLSTy);
if (GlobalVariable *G = dyn_cast<GlobalVariable>(ArgTLS)) { if (GlobalVariable *G = dyn_cast<GlobalVariable>(ArgTLS)) {
Changed |= G->getThreadLocalMode() != GlobalVariable::InitialExecTLSModel; Changed |= G->getThreadLocalMode() != GlobalVariable::InitialExecTLSModel;
G->setThreadLocalMode(GlobalVariable::InitialExecTLSModel); G->setThreadLocalMode(GlobalVariable::InitialExecTLSModel);
} }
RetvalTLS = Mod->getOrInsertGlobal("__dfsan_retval_tls", PrimitiveShadowTy); Type *RetvalTLSTy =
ArrayType::get(Type::getInt64Ty(*Ctx), kRetvalTLSSize / 8);
RetvalTLS = Mod->getOrInsertGlobal("__dfsan_retval_tls", RetvalTLSTy);
if (GlobalVariable *G = dyn_cast<GlobalVariable>(RetvalTLS)) { if (GlobalVariable *G = dyn_cast<GlobalVariable>(RetvalTLS)) {
Changed |= G->getThreadLocalMode() != GlobalVariable::InitialExecTLSModel; Changed |= G->getThreadLocalMode() != GlobalVariable::InitialExecTLSModel;
G->setThreadLocalMode(GlobalVariable::InitialExecTLSModel); G->setThreadLocalMode(GlobalVariable::InitialExecTLSModel);
} }
ExternalShadowMask = ExternalShadowMask =
Mod->getOrInsertGlobal(kDFSanExternShadowPtrMask, IntptrTy); Mod->getOrInsertGlobal(kDFSanExternShadowPtrMask, IntptrTy);
▲ Show 20 LinesShow All 215 Lines▼ Show 20 Lines if (ClDebugNonzeroLabels) {
} }
} }
} }
return Changed || !FnsToInstrument.empty() || return Changed || !FnsToInstrument.empty() ||
M.global_size() != InitialGlobalSize || M.size() != InitialModuleSize; M.global_size() != InitialGlobalSize || M.size() != InitialModuleSize;
} }
Value *DFSanFunction::getArgTLS(unsigned Idx, Instruction *Pos) { Value *DFSanFunction::getArgTLS(unsigned ArgOffset, IRBuilder<> &IRB) {
IRBuilder<> IRB(Pos); Value *Base = IRB.CreatePointerCast(DFS.ArgTLS, DFS.IntptrTy);
morehouseUnsubmitted
Done
ReplyInline Actions

This is a duplicate of the declaration comment. Let's remove this one. (Same for functions below).

morehouse: This is a duplicate of the declaration comment. Let's remove this one. (Same for functions…
return IRB.CreateConstGEP2_64(ArrayType::get(DFS.PrimitiveShadowTy, 64), if (ArgOffset)
DFS.ArgTLS, 0, Idx); Base = IRB.CreateAdd(Base, ConstantInt::get(DFS.IntptrTy, ArgOffset));
return IRB.CreateIntToPtr(Base, PointerType::get(DFS.PrimitiveShadowTy, 0),
"_dfsarg");
}
Value *DFSanFunction::getRetvalTLS(IRBuilder<> &IRB) {
return IRB.CreatePointerCast(
DFS.RetvalTLS, PointerType::get(DFS.PrimitiveShadowTy, 0), "_dfsret");
}
Value *DFSanFunction::getShadowForTLSArgument(Argument *A) {
unsigned ArgOffset = 0;
const DataLayout &DL = F->getParent()->getDataLayout();
for (auto &FArg : F->args()) {
if (!FArg.getType()->isSized()) {
if (A == &FArg)
break;
continue;
}
unsigned Size = DL.getTypeAllocSize(DFS.PrimitiveShadowTy);
morehouseUnsubmitted
Done
ReplyInline Actions

Nit: omit curly braces for one-line bodies. (Same elsewhere)

morehouse: Nit: omit curly braces for one-line bodies. (Same elsewhere)
if (A != &FArg) {
ArgOffset += alignTo(Size, kShadowTLSAlignment);
if (ArgOffset > kArgTLSSize)
break; // ArgTLS overflows, uses a zero shadow.
continue;
}
if (ArgOffset + Size > kArgTLSSize)
morehouseUnsubmitted
Done
ReplyInline Actions

Nit: This comment can fit on the same line as the break. (Same below)

morehouse: Nit: This comment can fit on the same line as the break. (Same below)
break; // ArgTLS overflows, uses a zero shadow.
Instruction *ArgTLSPos = &*F->getEntryBlock().begin();
IRBuilder<> IRB(ArgTLSPos);
Value *ArgShadowPtr = getArgTLS(ArgOffset, IRB);
return IRB.CreateAlignedLoad(DFS.PrimitiveShadowTy, ArgShadowPtr,
kShadowTLSAlignment);
}
return DFS.ZeroPrimitiveShadow;
} }
Value *DFSanFunction::getShadow(Value *V) { Value *DFSanFunction::getShadow(Value *V) {
morehouseUnsubmitted
Done
ReplyInline Actions

Nit: Base is a confusing name since it sounds like the base pointer to the TLS, not the offset. Let's rename it something else, maybe ArgShadowPtr?

morehouse: Nit: `Base` is a confusing name since it sounds like the base pointer to the TLS, not the…
if (!isa<Argument>(V) && !isa<Instruction>(V)) if (!isa<Argument>(V) && !isa<Instruction>(V))
return DFS.ZeroPrimitiveShadow; return DFS.ZeroPrimitiveShadow;
Value *&Shadow = ValShadowMap[V]; Value *&Shadow = ValShadowMap[V];
if (!Shadow) { if (!Shadow) {
if (Argument *A = dyn_cast<Argument>(V)) { if (Argument *A = dyn_cast<Argument>(V)) {
if (IsNativeABI) if (IsNativeABI)
return DFS.ZeroPrimitiveShadow; return DFS.ZeroPrimitiveShadow;
switch (IA) { switch (IA) {
case DataFlowSanitizer::IA_TLS: { case DataFlowSanitizer::IA_TLS: {
Value *ArgTLSPtr = DFS.ArgTLS; Shadow = getShadowForTLSArgument(A);
Instruction *ArgTLSPos =
DFS.ArgTLS ? &*F->getEntryBlock().begin()
: cast<Instruction>(ArgTLSPtr)->getNextNode();
IRBuilder<> IRB(ArgTLSPos);
Shadow = IRB.CreateLoad(DFS.PrimitiveShadowTy,
getArgTLS(A->getArgNo(), ArgTLSPos));
break; break;
} }
case DataFlowSanitizer::IA_Args: { case DataFlowSanitizer::IA_Args: {
unsigned ArgIdx = A->getArgNo() + F->arg_size() / 2; unsigned ArgIdx = A->getArgNo() + F->arg_size() / 2;
Function::arg_iterator i = F->arg_begin(); Function::arg_iterator i = F->arg_begin();
while (ArgIdx--) while (ArgIdx--)
++i; ++i;
Shadow = &*i; Shadow = &*i;
▲ Show 20 LinesShow All 502 Lines▼ Show 20 Lines
} }
void DFSanVisitor::visitReturnInst(ReturnInst &RI) { void DFSanVisitor::visitReturnInst(ReturnInst &RI) {
if (!DFSF.IsNativeABI && RI.getReturnValue()) { if (!DFSF.IsNativeABI && RI.getReturnValue()) {
switch (DFSF.IA) { switch (DFSF.IA) {
case DataFlowSanitizer::IA_TLS: { case DataFlowSanitizer::IA_TLS: {
Value *S = DFSF.getShadow(RI.getReturnValue()); Value *S = DFSF.getShadow(RI.getReturnValue());
IRBuilder<> IRB(&RI); IRBuilder<> IRB(&RI);
IRB.CreateStore(S, DFSF.DFS.RetvalTLS); unsigned Size =
getDataLayout().getTypeAllocSize(DFSF.DFS.PrimitiveShadowTy);
if (Size <= kRetvalTLSSize) {
// If the size overflows, stores nothing. At callsite, oversized return
// shadows are set to zero.
IRB.CreateAlignedStore(S, DFSF.getRetvalTLS(IRB), kShadowTLSAlignment);
}
break; break;
} }
case DataFlowSanitizer::IA_Args: { case DataFlowSanitizer::IA_Args: {
IRBuilder<> IRB(&RI); IRBuilder<> IRB(&RI);
Type *RT = DFSF.F->getFunctionType()->getReturnType(); Type *RT = DFSF.F->getFunctionType()->getReturnType();
Value *InsVal = Value *InsVal =
IRB.CreateInsertValue(UndefValue::get(RT), RI.getReturnValue(), 0); IRB.CreateInsertValue(UndefValue::get(RT), RI.getReturnValue(), 0);
Value *InsShadow = Value *InsShadow =
▲ Show 20 LinesShow All 140 Lines▼ Show 20 Lines case DataFlowSanitizer::WK_Custom:
return; return;
} }
break; break;
} }
} }
FunctionType *FT = CB.getFunctionType(); FunctionType *FT = CB.getFunctionType();
if (DFSF.DFS.getInstrumentedABI() == DataFlowSanitizer::IA_TLS) { if (DFSF.DFS.getInstrumentedABI() == DataFlowSanitizer::IA_TLS) {
for (unsigned i = 0, n = FT->getNumParams(); i != n; ++i) { unsigned ArgOffset = 0;
IRB.CreateStore(DFSF.getShadow(CB.getArgOperand(i)), const DataLayout &DL = getDataLayout();
DFSF.getArgTLS(i, &CB)); for (unsigned I = 0, N = FT->getNumParams(); I != N; ++I) {
unsigned Size = DL.getTypeAllocSize(DFSF.DFS.PrimitiveShadowTy);
// Stop storing if arguments' size overflows. Inside a function, arguments
// after overflow have zero shadow values.
if (ArgOffset + Size > kArgTLSSize)
break;
IRB.CreateAlignedStore(DFSF.getShadow(CB.getArgOperand(I)),
DFSF.getArgTLS(ArgOffset, IRB),
kShadowTLSAlignment);
ArgOffset += alignTo(Size, kShadowTLSAlignment);
} }
} }
Instruction *Next = nullptr; Instruction *Next = nullptr;
if (!CB.getType()->isVoidTy()) { if (!CB.getType()->isVoidTy()) {
if (InvokeInst *II = dyn_cast<InvokeInst>(&CB)) { if (InvokeInst *II = dyn_cast<InvokeInst>(&CB)) {
if (II->getNormalDest()->getSinglePredecessor()) { if (II->getNormalDest()->getSinglePredecessor()) {
Next = &II->getNormalDest()->front(); Next = &II->getNormalDest()->front();
} else { } else {
BasicBlock *NewBB = BasicBlock *NewBB =
SplitEdge(II->getParent(), II->getNormalDest(), &DFSF.DT); SplitEdge(II->getParent(), II->getNormalDest(), &DFSF.DT);
Next = &NewBB->front(); Next = &NewBB->front();
} }
} else { } else {
assert(CB.getIterator() != CB.getParent()->end()); assert(CB.getIterator() != CB.getParent()->end());
Next = CB.getNextNode(); Next = CB.getNextNode();
} }
if (DFSF.DFS.getInstrumentedABI() == DataFlowSanitizer::IA_TLS) { if (DFSF.DFS.getInstrumentedABI() == DataFlowSanitizer::IA_TLS) {
IRBuilder<> NextIRB(Next); IRBuilder<> NextIRB(Next);
LoadInst *LI = const DataLayout &DL = getDataLayout();
NextIRB.CreateLoad(DFSF.DFS.PrimitiveShadowTy, DFSF.DFS.RetvalTLS); unsigned Size = DL.getTypeAllocSize(DFSF.DFS.PrimitiveShadowTy);
if (Size > kRetvalTLSSize) {
// Set overflowed return shadow to be zero.
DFSF.setShadow(&CB, DFSF.DFS.ZeroPrimitiveShadow);
} else {
LoadInst *LI = NextIRB.CreateAlignedLoad(
DFSF.DFS.PrimitiveShadowTy, DFSF.getRetvalTLS(NextIRB),
kShadowTLSAlignment, "_dfsret");
DFSF.SkipInsts.insert(LI); DFSF.SkipInsts.insert(LI);
DFSF.setShadow(&CB, LI); DFSF.setShadow(&CB, LI);
DFSF.NonZeroChecks.push_back(LI); DFSF.NonZeroChecks.push_back(LI);
} }
} }
}
// Do all instrumentation for IA_Args down here to defer tampering with the // Do all instrumentation for IA_Args down here to defer tampering with the
// CFG in a way that SplitEdge may be able to detect. // CFG in a way that SplitEdge may be able to detect.
if (DFSF.DFS.getInstrumentedABI() == DataFlowSanitizer::IA_Args) { if (DFSF.DFS.getInstrumentedABI() == DataFlowSanitizer::IA_Args) {
FunctionType *NewFT = DFSF.DFS.getArgsFunctionType(FT); FunctionType *NewFT = DFSF.DFS.getArgsFunctionType(FT);
Value *Func = Value *Func =
IRB.CreateBitCast(CB.getCalledOperand(), PointerType::getUnqual(NewFT)); IRB.CreateBitCast(CB.getCalledOperand(), PointerType::getUnqual(NewFT));
std::vector<Value *> Args; std::vector<Value *> Args;
▲ Show 20 LinesShow All 102 LinesShow Last 20 Lines

llvm/test/Instrumentation/DataFlowSanitizer/arith.ll

; RUN: opt < %s -dfsan -S | FileCheck %s ; RUN: opt < %s -dfsan -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define i8 @add(i8 %a, i8 %b) { define i8 @add(i8 %a, i8 %b) {
; CHECK: @"dfs$add" ; CHECK: @"dfs$add"
; CHECK-DAG: %[[ALABEL:.*]] = load{{.*}}__dfsan_arg_tls, i64 0, i64 0 ; CHECK-DAG: %[[ALABEL:.*]] = load [[SHADOWTYPE:i16]], [[SHADOWTYPE]]* bitcast ([[ARGTLSTYPE:\[100 x i64\]]]* @__dfsan_arg_tls to [[SHADOWTYPE]]*), align [[ALIGN:8]]
; CHECK-DAG: %[[BLABEL:.*]] = load{{.*}}__dfsan_arg_tls, i64 0, i64 1 ; CHECK-DAG: %[[BLABEL:.*]] = load [[SHADOWTYPE]], [[SHADOWTYPE]]* inttoptr (i64 add (i64 ptrtoint ([[ARGTLSTYPE]]* @__dfsan_arg_tls to i64), i64 8) to [[SHADOWTYPE]]*), align [[ALIGN]]
morehouseUnsubmitted
Not Done
ReplyInline Actions

IIUC, this adds 8 to __dfsan_arg_tls to get b's shadow. This is because we have 8-byte alignment, right?

Why do we need 8 byte alignment?

morehouse: IIUC, this adds 8 to `__dfsan_arg_tls` to get `b`'s shadow. This is because we have 8-byte…
stephan.yichao.zhaoAuthorUnsubmitted
Done
ReplyInline Actions

This flows MSan's setting. https://github.com/llvm/llvm-project/commit/d2bd319adc7cf19d6e47d3caf3b6f508f299ea57 introduced 8-byte alignment for MSan. It sounds like sometimes the origin arg's alignment can be too large. This makes arg_tls run out of space.

stephan.yichao.zhao: This flows MSan's setting. https://github.com/llvm/llvm…
; CHECK: %[[UNION:.*]] = call{{.*}}__dfsan_union(i16 zeroext %[[ALABEL]], i16 zeroext %[[BLABEL]]) ; CHECK: %[[UNION:.*]] = call zeroext [[SHADOWTYPE]] @__dfsan_union([[SHADOWTYPE]] zeroext %[[ALABEL]], [[SHADOWTYPE]] zeroext %[[BLABEL]])
; CHECK: %[[ADDLABEL:.*]] = phi i16 [ %[[UNION]], {{.*}} ], [ %[[ALABEL]], {{.*}} ] ; CHECK: %[[ADDLABEL:.*]] = phi [[SHADOWTYPE]] [ %[[UNION]], {{.*}} ], [ %[[ALABEL]], {{.*}} ]
morehouseUnsubmitted
Done
ReplyInline Actions

Should we verify that align is 8?

morehouse: Should we verify that align is 8?
; CHECK: add i8 ; CHECK: add i8
; CHECK: store i16 %[[ADDLABEL]], i16* @__dfsan_retval_tls ; CHECK: store [[SHADOWTYPE]] %[[ADDLABEL]], [[SHADOWTYPE]]* bitcast ([100 x i64]* @__dfsan_retval_tls to [[SHADOWTYPE]]*), align [[ALIGN]]
morehouseUnsubmitted
Done
ReplyInline Actions

The ST and VT names are a little confusing to me. What do they mean?

morehouse: The `ST` and `VT` names are a little confusing to me. What do they mean?
stephan.yichao.zhaoAuthorUnsubmitted
Done
ReplyInline Actions

renamed ST to SHADOWTYPE, and VT to ARGTLSTYPE

stephan.yichao.zhao: renamed ST to SHADOWTYPE, and VT to ARGTLSTYPE
; CHECK: ret i8 ; CHECK: ret i8
%c = add i8 %a, %b %c = add i8 %a, %b
ret i8 %c ret i8 %c
} }
define i8 @sub(i8 %a, i8 %b) { define i8 @sub(i8 %a, i8 %b) {
; CHECK: @"dfs$sub" ; CHECK: @"dfs$sub"
; CHECK: load{{.*}}__dfsan_arg_tls ; CHECK: load{{.*}}__dfsan_arg_tls
▲ Show 20 LinesShow All 54 LinesShow Last 20 Lines

llvm/test/Instrumentation/DataFlowSanitizer/call.ll

; RUN: opt < %s -dfsan -S | FileCheck %s ; RUN: opt < %s -dfsan -S | FileCheck %s
; RUN: opt < %s -passes=dfsan -S | FileCheck %s ; RUN: opt < %s -passes=dfsan -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
; CHECK-LABEL: @__dfsan_arg_tls ; CHECK-LABEL: @__dfsan_arg_tls
; CHECK: = external thread_local(initialexec) global [64 x i16] ; CHECK: = external thread_local(initialexec) global [100 x i64]
; CHECK-LABEL: @__dfsan_retval_tls ; CHECK-LABEL: @__dfsan_retval_tls
; CHECK: = external thread_local(initialexec) global i16 ; CHECK: = external thread_local(initialexec) global [100 x i64]
declare i32 @f(i32) declare i32 @f(i32)
declare float @llvm.sqrt.f32(float) declare float @llvm.sqrt.f32(float)
; CHECK-LABEL: @"dfs$call" ; CHECK-LABEL: @"dfs$call"
define i32 @call() { define i32 @call() {
; CHECK: store{{.*}}__dfsan_arg_tls ; CHECK: store{{.*}}__dfsan_arg_tls
; CHECK: call{{.*}}@"dfs$f" ; CHECK: call{{.*}}@"dfs$f"
▲ Show 20 LinesShow All 44 LinesShow Last 20 Lines

llvm/test/Instrumentation/DataFlowSanitizer/callback.ll

Show All 16 Linesdefine void @store8(i8* %p, i8 %a) {
store i8 %a, i8* %p store i8 %a, i8* %p
ret void ret void
} }
define i1 @cmp(i8 %a, i8 %b) { define i1 @cmp(i8 %a, i8 %b) {
; CHECK: call void @__dfsan_cmp_callback(i16 %[[l:.*]]) ; CHECK: call void @__dfsan_cmp_callback(i16 %[[l:.*]])
; CHECK: %c = icmp ne i8 %a, %b ; CHECK: %c = icmp ne i8 %a, %b
; CHECK: store i16 %[[l]], i16* @__dfsan_retval_tls ; CHECK: store i16 %[[l]], i16* bitcast ({{.*}}* @__dfsan_retval_tls to i16*)
%c = icmp ne i8 %a, %b %c = icmp ne i8 %a, %b
ret i1 %c ret i1 %c
} }
No newline at end of file No newline at end of file

llvm/test/Instrumentation/DataFlowSanitizer/fast16labels.ll

; Test that -dfsan-fast-16-labels mode uses inline ORs rather than calling ; Test that -dfsan-fast-16-labels mode uses inline ORs rather than calling
; __dfsan_union or __dfsan_union_load. ; __dfsan_union or __dfsan_union_load.
; RUN: opt < %s -dfsan -dfsan-fast-16-labels -S | FileCheck %s --implicit-check-not="call{{.*}}__dfsan_union" ; RUN: opt < %s -dfsan -dfsan-fast-16-labels -S | FileCheck %s --implicit-check-not="call{{.*}}__dfsan_union"
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define i8 @add(i8 %a, i8 %b) { define i8 @add(i8 %a, i8 %b) {
; CHECK-LABEL: define i8 @"dfs$add" ; CHECK-LABEL: define i8 @"dfs$add"
; CHECK-DAG: %[[ALABEL:.*]] = load{{.*}}__dfsan_arg_tls, i64 0, i64 0 ; CHECK-DAG: %[[ALABEL:.*]] = load [[ST:.*]], [[ST]]* bitcast ([[VT:\[.*\]]]* @__dfsan_arg_tls to [[ST]]*), align [[ALIGN:.*]]
; CHECK-DAG: %[[BLABEL:.*]] = load{{.*}}__dfsan_arg_tls, i64 0, i64 1 ; CHECK-DAG: %[[BLABEL:.*]] = load [[ST]], [[ST]]* inttoptr (i64 add (i64 ptrtoint ([[VT]]* @__dfsan_arg_tls to i64), i64 8) to [[ST]]*), align [[ALIGN]]
; CHECK: %[[ADDLABEL:.*]] = or i16 %[[ALABEL]], %[[BLABEL]] ; CHECK: %[[ADDLABEL:.*]] = or i16 %[[ALABEL]], %[[BLABEL]]
; CHECK: add i8 ; CHECK: add i8
; CHECK: store i16 %[[ADDLABEL]], i16* @__dfsan_retval_tls ; CHECK: store [[ST]] %[[ADDLABEL]], [[ST]]* bitcast ([[VT]]* @__dfsan_retval_tls to [[ST]]*), align [[ALIGN]]
; CHECK: ret i8 ; CHECK: ret i8
%c = add i8 %a, %b %c = add i8 %a, %b
ret i8 %c ret i8 %c
} }
define i8 @load8(i8* %p) { define i8 @load8(i8* %p) {
; CHECK-LABEL: define i8 @"dfs$load8" ; CHECK-LABEL: define i8 @"dfs$load8"
; CHECK: load i16, i16* ; CHECK: load i16, i16*
▲ Show 20 LinesShow All 79 LinesShow Last 20 Lines

llvm/test/Instrumentation/DataFlowSanitizer/load.ll

Show First 20 LinesShow All 164 Lines▼ Show 20 Linesdefine i64 @load64(i64* %p) {
%a = load i64, i64* %p %a = load i64, i64* %p
ret i64 %a ret i64 %a
} }
@X = constant i1 1 @X = constant i1 1
define i1 @load_global() { define i1 @load_global() {
; NO_COMBINE_PTR_LABEL: @"dfs$load_global" ; NO_COMBINE_PTR_LABEL: @"dfs$load_global"
; NO_COMBINE_PTR_LABEL: store i16 0, i16* @__dfsan_retval_tls, align 2 ; NO_COMBINE_PTR_LABEL: store i16 0, i16* bitcast ([100 x i64]* @__dfsan_retval_tls to i16*), align 8
%a = load i1, i1* @X %a = load i1, i1* @X
ret i1 %a ret i1 %a
} }
No newline at end of file

llvm/test/Instrumentation/DataFlowSanitizer/phi.ll

; RUN: opt < %s -dfsan -S | FileCheck %s ; RUN: opt < %s -dfsan -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define {i32, i32} @test({i32, i32} %a, i1 %c) { define {i32, i32} @test({i32, i32} %a, i1 %c) {
; CHECK: [[E0:%.*]] = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 0), align 2 ; CHECK: [[E0:%.*]] = load i16, i16* bitcast ([100 x i64]* @__dfsan_arg_tls to i16*), align 8
; CHECK: [[E3:%.*]] = phi i16 [ [[E0]], %T ], [ [[E0]], %F ] ; CHECK: [[E3:%.*]] = phi i16 [ [[E0]], %T ], [ [[E0]], %F ]
; CHECK: store i16 [[E3]], i16* @__dfsan_retval_tls, align 2 ; CHECK: store i16 [[E3]], i16* bitcast ([100 x i64]* @__dfsan_retval_tls to i16*), align 8
entry: entry:
br i1 %c, label %T, label %F br i1 %c, label %T, label %F
T: T:
%at = insertvalue {i32, i32} %a, i32 1, 0 %at = insertvalue {i32, i32} %a, i32 1, 0
br label %done br label %done
F: F:
%af = insertvalue {i32, i32} %a, i32 1, 1 %af = insertvalue {i32, i32} %a, i32 1, 1
br label %done br label %done
done: done:
%b = phi {i32, i32} [%at, %T], [%af, %F] %b = phi {i32, i32} [%at, %T], [%af, %F]
ret {i32, i32} %b ret {i32, i32} %b
} }

llvm/test/Instrumentation/DataFlowSanitizer/select.ll

; RUN: opt < %s -dfsan -dfsan-track-select-control-flow=1 -S | FileCheck %s --check-prefix=TRACK_CONTROL_FLOW ; RUN: opt < %s -dfsan -dfsan-track-select-control-flow=1 -S | FileCheck %s --check-prefix=TRACK_CONTROL_FLOW
; RUN: opt < %s -dfsan -dfsan-track-select-control-flow=0 -S | FileCheck %s --check-prefix=NO_TRACK_CONTROL_FLOW ; RUN: opt < %s -dfsan -dfsan-track-select-control-flow=0 -S | FileCheck %s --check-prefix=NO_TRACK_CONTROL_FLOW
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
define i8 @select8(i1 %c, i8 %t, i8 %f) { define i8 @select8(i1 %c, i8 %t, i8 %f) {
; TRACK_CONTROL_FLOW: %1 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 2) ; TRACK_CONTROL_FLOW: @"dfs$select8"
; TRACK_CONTROL_FLOW: %2 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 1) ; TRACK_CONTROL_FLOW: %1 = load i16, i16* inttoptr (i64 add (i64 ptrtoint ([[ARGTLSTYPE:\[100 x i64\]]]* @__dfsan_arg_tls to i64), i64 16) to i16*), align [[ALIGN:8]]
; TRACK_CONTROL_FLOW: %3 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 0) ; TRACK_CONTROL_FLOW: %2 = load i16, i16* inttoptr (i64 add (i64 ptrtoint ([[ARGTLSTYPE]]* @__dfsan_arg_tls to i64), i64 8) to i16*), align [[ALIGN]]
morehouseUnsubmitted
Done
ReplyInline Actions

Should we verify offsets in the TLS for each argument?

morehouse: Should we verify offsets in the TLS for each argument?
; TRACK_CONTROL_FLOW: %3 = load i16, i16* bitcast ([[ARGTLSTYPE]]* @__dfsan_arg_tls to i16*), align [[ALIGN]]
; TRACK_CONTROL_FLOW: %4 = select i1 %c, i16 %2, i16 %1 ; TRACK_CONTROL_FLOW: %4 = select i1 %c, i16 %2, i16 %1
; TRACK_CONTROL_FLOW: %5 = icmp ne i16 %3, %4 ; TRACK_CONTROL_FLOW: %5 = icmp ne i16 %3, %4
; TRACK_CONTROL_FLOW: %7 = call {{.*}} i16 @__dfsan_union(i16 {{.*}} %3, i16 {{.*}} %4) ; TRACK_CONTROL_FLOW: %7 = call {{.*}} i16 @__dfsan_union(i16 {{.*}} %3, i16 {{.*}} %4)
; TRACK_CONTROL_FLOW: %9 = phi i16 [ %7, {{.*}} ], [ %3, {{.*}} ] ; TRACK_CONTROL_FLOW: %9 = phi i16 [ %7, {{.*}} ], [ %3, {{.*}} ]
; TRACK_CONTROL_FLOW: %a = select i1 %c, i8 %t, i8 %f ; TRACK_CONTROL_FLOW: %a = select i1 %c, i8 %t, i8 %f
; TRACK_CONTROL_FLOW: store i16 %9, i16* @__dfsan_retval_tls ; TRACK_CONTROL_FLOW: store i16 %9, i16* bitcast ([100 x i64]* @__dfsan_retval_tls to i16*), align [[ALIGN]]
; TRACK_CONTROL_FLOW: ret i8 %a ; TRACK_CONTROL_FLOW: ret i8 %a
; NO_TRACK_CONTROL_FLOW: %1 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 2) ; NO_TRACK_CONTROL_FLOW: @"dfs$select8"
; NO_TRACK_CONTROL_FLOW: %2 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 1) ; NO_TRACK_CONTROL_FLOW: %1 = load i16, i16* inttoptr (i64 add (i64 ptrtoint ([[ARGTLSTYPE:\[100 x i64\]]]* @__dfsan_arg_tls to i64), i64 16) to i16*), align [[ALIGN:8]]
; NO_TRACK_CONTROL_FLOW: %3 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 0) ; NO_TRACK_CONTROL_FLOW: %2 = load i16, i16* inttoptr (i64 add (i64 ptrtoint ([[ARGTLSTYPE]]* @__dfsan_arg_tls to i64), i64 8) to i16*), align [[ALIGN]]
; NO_TRACK_CONTROL_FLOW: %3 = load i16, i16* bitcast ([[ARGTLSTYPE]]* @__dfsan_arg_tls to i16*), align [[ALIGN]]
; NO_TRACK_CONTROL_FLOW: %4 = select i1 %c, i16 %2, i16 %1 ; NO_TRACK_CONTROL_FLOW: %4 = select i1 %c, i16 %2, i16 %1
; NO_TRACK_CONTROL_FLOW: %a = select i1 %c, i8 %t, i8 %f ; NO_TRACK_CONTROL_FLOW: %a = select i1 %c, i8 %t, i8 %f
; NO_TRACK_CONTROL_FLOW: store i16 %4, i16* @__dfsan_retval_tls ; NO_TRACK_CONTROL_FLOW: store i16 %4, i16* bitcast ([100 x i64]* @__dfsan_retval_tls to i16*), align [[ALIGN]]
; NO_TRACK_CONTROL_FLOW: ret i8 %a ; NO_TRACK_CONTROL_FLOW: ret i8 %a
%a = select i1 %c, i8 %t, i8 %f %a = select i1 %c, i8 %t, i8 %f
ret i8 %a ret i8 %a
} }
define i8 @select8e(i1 %c, i8 %tf) { define i8 @select8e(i1 %c, i8 %tf) {
; TRACK_CONTROL_FLOW: %1 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 1) ; TRACK_CONTROL_FLOW: @"dfs$select8e"
; TRACK_CONTROL_FLOW: %2 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 0) ; TRACK_CONTROL_FLOW: %1 = load i16, i16* inttoptr (i64 add (i64 ptrtoint ([[ARGTLSTYPE]]* @__dfsan_arg_tls to i64), i64 8) to i16*), align [[ALIGN]]
; TRACK_CONTROL_FLOW: %2 = load i16, i16* bitcast ([[ARGTLSTYPE]]* @__dfsan_arg_tls to i16*), align [[ALIGN]]
; TRACK_CONTROL_FLOW: %3 = icmp ne i16 %2, %1 ; TRACK_CONTROL_FLOW: %3 = icmp ne i16 %2, %1
; TRACK_CONTROL_FLOW: %5 = call {{.*}} i16 @__dfsan_union(i16 {{.*}} %2, i16 {{.*}} %1) ; TRACK_CONTROL_FLOW: %5 = call {{.*}} i16 @__dfsan_union(i16 {{.*}} %2, i16 {{.*}} %1)
; TRACK_CONTROL_FLOW: %7 = phi i16 [ %5, {{.*}} ], [ %2, {{.*}} ] ; TRACK_CONTROL_FLOW: %7 = phi i16 [ %5, {{.*}} ], [ %2, {{.*}} ]
; TRACK_CONTROL_FLOW: %a = select i1 %c, i8 %tf, i8 %tf ; TRACK_CONTROL_FLOW: %a = select i1 %c, i8 %tf, i8 %tf
; TRACK_CONTROL_FLOW: store i16 %7, i16* @__dfsan_retval_tls ; TRACK_CONTROL_FLOW: store i16 %7, i16* bitcast ([100 x i64]* @__dfsan_retval_tls to i16*), align [[ALIGN]]
; TRACK_CONTROL_FLOW: ret i8 %a ; TRACK_CONTROL_FLOW: ret i8 %a
; NO_TRACK_CONTROL_FLOW: %1 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 1) ; NO_TRACK_CONTROL_FLOW: @"dfs$select8e"
; NO_TRACK_CONTROL_FLOW: %2 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 0) ; NO_TRACK_CONTROL_FLOW: %1 = load i16, i16* inttoptr (i64 add (i64 ptrtoint ([[ARGTLSTYPE]]* @__dfsan_arg_tls to i64), i64 8) to i16*), align [[ALIGN]]
; NO_TRACK_CONTROL_FLOW: %2 = load i16, i16* bitcast ([[ARGTLSTYPE]]* @__dfsan_arg_tls to i16*), align [[ALIGN]]
; NO_TRACK_CONTROL_FLOW: %a = select i1 %c, i8 %tf, i8 %tf ; NO_TRACK_CONTROL_FLOW: %a = select i1 %c, i8 %tf, i8 %tf
; NO_TRACK_CONTROL_FLOW: store i16 %1, i16* @__dfsan_retval_tls ; NO_TRACK_CONTROL_FLOW: store i16 %1, i16* bitcast ([100 x i64]* @__dfsan_retval_tls to i16*), align [[ALIGN]]
; NO_TRACK_CONTROL_FLOW: ret i8 %a ; NO_TRACK_CONTROL_FLOW: ret i8 %a
%a = select i1 %c, i8 %tf, i8 %tf %a = select i1 %c, i8 %tf, i8 %tf
ret i8 %a ret i8 %a
} }
define <4 x i8> @select8v(<4 x i1> %c, <4 x i8> %t, <4 x i8> %f) { define <4 x i8> @select8v(<4 x i1> %c, <4 x i8> %t, <4 x i8> %f) {
; TRACK_CONTROL_FLOW: %1 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 2) ; TRACK_CONTROL_FLOW: @"dfs$select8v"
; TRACK_CONTROL_FLOW: %2 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 1) ; TRACK_CONTROL_FLOW: %1 = load i16, i16* inttoptr (i64 add (i64 ptrtoint ([[ARGTLSTYPE:\[100 x i64\]]]* @__dfsan_arg_tls to i64), i64 16) to i16*), align [[ALIGN:8]]
; TRACK_CONTROL_FLOW: %3 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 0) ; TRACK_CONTROL_FLOW: %2 = load i16, i16* inttoptr (i64 add (i64 ptrtoint ([[ARGTLSTYPE]]* @__dfsan_arg_tls to i64), i64 8) to i16*), align [[ALIGN]]
; TRACK_CONTROL_FLOW: %3 = load i16, i16* bitcast ([[ARGTLSTYPE]]* @__dfsan_arg_tls to i16*), align [[ALIGN]]
; TRACK_CONTROL_FLOW: %4 = icmp ne i16 %2, %1 ; TRACK_CONTROL_FLOW: %4 = icmp ne i16 %2, %1
; TRACK_CONTROL_FLOW: %6 = call {{.*}} i16 @__dfsan_union(i16 {{.*}} %2, i16 zeroext %1) ; TRACK_CONTROL_FLOW: %6 = call {{.*}} i16 @__dfsan_union(i16 {{.*}} %2, i16 zeroext %1)
; TRACK_CONTROL_FLOW: %8 = phi i16 [ %6, {{.*}} ], [ %2, {{.*}} ] ; TRACK_CONTROL_FLOW: %8 = phi i16 [ %6, {{.*}} ], [ %2, {{.*}} ]
; TRACK_CONTROL_FLOW: %9 = icmp ne i16 %3, %8 ; TRACK_CONTROL_FLOW: %9 = icmp ne i16 %3, %8
; TRACK_CONTROL_FLOW: %11 = call {{.*}} i16 @__dfsan_union(i16 {{.*}} %3, i16 zeroext %8) ; TRACK_CONTROL_FLOW: %11 = call {{.*}} i16 @__dfsan_union(i16 {{.*}} %3, i16 zeroext %8)
; TRACK_CONTROL_FLOW: %13 = phi i16 [ %11, {{.*}} ], [ %3, {{.*}} ] ; TRACK_CONTROL_FLOW: %13 = phi i16 [ %11, {{.*}} ], [ %3, {{.*}} ]
; TRACK_CONTROL_FLOW: %a = select <4 x i1> %c, <4 x i8> %t, <4 x i8> %f ; TRACK_CONTROL_FLOW: %a = select <4 x i1> %c, <4 x i8> %t, <4 x i8> %f
; TRACK_CONTROL_FLOW: store i16 %13, i16* @__dfsan_retval_tls ; TRACK_CONTROL_FLOW: store i16 %13, i16* bitcast ([100 x i64]* @__dfsan_retval_tls to i16*), align [[ALIGN]]
; TRACK_CONTROL_FLOW: ret <4 x i8> %a ; TRACK_CONTROL_FLOW: ret <4 x i8> %a
; NO_TRACK_CONTROL_FLOW: %1 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 2) ; NO_TRACK_CONTROL_FLOW: @"dfs$select8v"
; NO_TRACK_CONTROL_FLOW: %2 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 1) ; NO_TRACK_CONTROL_FLOW: %1 = load i16, i16* inttoptr (i64 add (i64 ptrtoint ([[ARGTLSTYPE:\[100 x i64\]]]* @__dfsan_arg_tls to i64), i64 16) to i16*), align [[ALIGN:8]]
; NO_TRACK_CONTROL_FLOW: %3 = load i16, i16* getelementptr inbounds ([64 x i16], [64 x i16]* @__dfsan_arg_tls, i64 0, i64 0) ; NO_TRACK_CONTROL_FLOW: %2 = load i16, i16* inttoptr (i64 add (i64 ptrtoint ([[ARGTLSTYPE]]* @__dfsan_arg_tls to i64), i64 8) to i16*), align [[ALIGN]]
; NO_TRACK_CONTROL_FLOW: %3 = load i16, i16* bitcast ([[ARGTLSTYPE]]* @__dfsan_arg_tls to i16*), align [[ALIGN]]
; NO_TRACK_CONTROL_FLOW: %4 = icmp ne i16 %2, %1 ; NO_TRACK_CONTROL_FLOW: %4 = icmp ne i16 %2, %1
; NO_TRACK_CONTROL_FLOW: %6 = call {{.*}} i16 @__dfsan_union(i16 {{.*}} %2, i16 {{.*}} %1) ; NO_TRACK_CONTROL_FLOW: %6 = call {{.*}} i16 @__dfsan_union(i16 {{.*}} %2, i16 {{.*}} %1)
; NO_TRACK_CONTROL_FLOW: %8 = phi i16 [ %6, {{.*}} ], [ %2, {{.*}} ] ; NO_TRACK_CONTROL_FLOW: %8 = phi i16 [ %6, {{.*}} ], [ %2, {{.*}} ]
; NO_TRACK_CONTROL_FLOW: %a = select <4 x i1> %c, <4 x i8> %t, <4 x i8> %f ; NO_TRACK_CONTROL_FLOW: %a = select <4 x i1> %c, <4 x i8> %t, <4 x i8> %f
; NO_TRACK_CONTROL_FLOW: store i16 %8, i16* @__dfsan_retval_tls ; NO_TRACK_CONTROL_FLOW: store i16 %8, i16* bitcast ([100 x i64]* @__dfsan_retval_tls to i16*), align [[ALIGN]]
; NO_TRACK_CONTROL_FLOW: ret <4 x i8> %a ; NO_TRACK_CONTROL_FLOW: ret <4 x i8> %a
%a = select <4 x i1> %c, <4 x i8> %t, <4 x i8> %f %a = select <4 x i1> %c, <4 x i8> %t, <4 x i8> %f
ret <4 x i8> %a ret <4 x i8> %a
} }
No newline at end of file No newline at end of file