llvm.org GIT mirror llvm / 6591308
[msan] Wrap indirect functions. Adds a flag to the MemorySanitizer pass that enables runtime rewriting of indirect calls. This is part of MSanDR implementation and is needed to return control to the DynamiRio-based helper tool on transition between instrumented and non-instrumented modules. Disabled by default. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@191006 91177308-0d34-0410-b5e6-96231b3b80d8 Evgeniy Stepanov 7 years ago
2 changed file(s) with 64 addition(s) and 7 deletion(s). Raw diff Collapse all Expand all
156156 cl::desc("File containing the list of functions where MemorySanitizer "
157157 "should not report bugs"), cl::Hidden);
158158
159 // Experimental. Wraps all indirect calls in the instrumented code with
160 // a call to the given function. This is needed to assist the dynamic
161 // helper tool (MSanDR) to regain control on transition between instrumented and
162 // non-instrumented code.
163 static cl::opt ClWrapIndirectCalls("msan-wrap-indirect-calls",
164 cl::desc("Wrap indirect calls with a given function"),
165 cl::Hidden);
166
159167 namespace {
160168
161169 /// \brief An instrumentation pass implementing detection of uninitialized
167175 public:
168176 MemorySanitizer(bool TrackOrigins = false,
169177 StringRef BlacklistFile = StringRef())
170 : FunctionPass(ID),
171 TrackOrigins(TrackOrigins || ClTrackOrigins),
172 TD(0),
173 WarningFn(0),
174 BlacklistFile(BlacklistFile.empty() ? ClBlacklistFile
175 : BlacklistFile) { }
178 : FunctionPass(ID),
179 TrackOrigins(TrackOrigins || ClTrackOrigins),
180 TD(0),
181 WarningFn(0),
182 BlacklistFile(BlacklistFile.empty() ? ClBlacklistFile : BlacklistFile),
183 WrapIndirectCalls(!ClWrapIndirectCalls.empty()) {}
176184 const char *getPassName() const { return "MemorySanitizer"; }
177185 bool runOnFunction(Function &F);
178186 bool doInitialization(Module &M);
235243 /// \brief An empty volatile inline asm that prevents callback merge.
236244 InlineAsm *EmptyAsm;
237245
246 bool WrapIndirectCalls;
247 /// \brief Run-time wrapper for indirect calls.
248 Value *IndirectCallWrapperFn;
249 // Argument and return type of IndirectCallWrapperFn: void (*f)(void).
250 Type *AnyFunctionPtrTy;
251
238252 friend struct MemorySanitizerVisitor;
239253 friend struct VarArgAMD64Helper;
240254 };
328342 EmptyAsm = InlineAsm::get(FunctionType::get(IRB.getVoidTy(), false),
329343 StringRef(""), StringRef(""),
330344 /*hasSideEffects=*/true);
345
346 if (WrapIndirectCalls) {
347 AnyFunctionPtrTy =
348 PointerType::getUnqual(FunctionType::get(IRB.getVoidTy(), false));
349 IndirectCallWrapperFn = M.getOrInsertFunction(
350 ClWrapIndirectCalls, AnyFunctionPtrTy, AnyFunctionPtrTy, NULL);
351 }
331352 }
332353
333354 /// \brief Module-level initialization.
15691590 }
15701591 }
15711592
1593 // Replace call to (*Fn) with a call to (*IndirectCallWrapperFn(Fn)).
1594 void wrapIndirectCall(IRBuilder<> &IRB, CallSite CS) {
1595 Value *Fn = CS.getCalledValue();
1596 Value *NewFn = IRB.CreateBitCast(
1597 IRB.CreateCall(MS.IndirectCallWrapperFn,
1598 IRB.CreateBitCast(Fn, MS.AnyFunctionPtrTy)),
1599 Fn->getType());
1600 setShadow(NewFn, getShadow(Fn));
1601 CS.setCalledFunction(NewFn);
1602 }
1603
15721604 void visitCallSite(CallSite CS) {
15731605 Instruction &I = *CS.getInstruction();
15741606 assert((CS.isCall() || CS.isInvoke()) && "Unknown type of CallSite");
16071639 }
16081640 }
16091641 IRBuilder<> IRB(&I);
1642
1643 if (MS.WrapIndirectCalls && !CS.getCalledFunction())
1644 wrapIndirectCall(IRB, CS);
1645
16101646 unsigned ArgOffset = 0;
16111647 DEBUG(dbgs() << " CallSite: " << I << "\n");
16121648 for (CallSite::arg_iterator ArgIt = CS.arg_begin(), End = CS.arg_end();
16501686 DEBUG(dbgs() << " done with call args\n");
16511687
16521688 FunctionType *FT =
1653 cast(CS.getCalledValue()->getType()-> getContainedType(0));
1689 cast(CS.getCalledValue()->getType()->getContainedType(0));
16541690 if (FT->isVarArg()) {
16551691 VAHelper->visitCallSite(CS, IRB);
16561692 }
0 ; RUN: opt < %s -msan -msan-check-access-address=0 -msan-wrap-indirect-calls=zzz -S | FileCheck %s
1 target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
2 target triple = "x86_64-unknown-linux-gnu"
3
4 ; Test for -msan-wrap-indirect-calls functionality.
5 ; Replaces indirect call to %f with a call to whatever is returned from the
6 ; wrapper function.
7
8 ; This does not depend on the sanitize_memory attribute.
9 define i32 @func(i32 (i32, i32)* nocapture %f, i32 %x, i32 %y) {
10 entry:
11 %call = tail call i32 %f(i32 %x, i32 %y)
12 ret i32 %call
13 }
14
15 ; CHECK: @func
16 ; CHECK: bitcast i32 (i32, i32)* %f to void ()*
17 ; CHECK: call void ()* (void ()*)* @zzz(void ()*
18 ; CHECK: [[A:%[01-9a-z]+]] = bitcast void ()* {{.*}} to i32 (i32, i32)*
19 ; CHECK: call i32 {{.*}}[[A]](i32 {{.*}}, i32 {{.*}})
20 ; CHECK: ret i32