llvm.org GIT mirror llvm / 76a2f8d
[msan] Stop propagating shadow in blacklisted functions. With this change all values passed through blacklisted functions become fully initialized. Previous behavior was to initialize all loads in blacklisted functions, but apply normal shadow propagation logic for all other operation. This makes blacklist applicable in a wider range of situations. It also makes code for blacklisted functions a lot shorter, which works as yet another workaround for PR17409. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@212268 91177308-0d34-0410-b5e6-96231b3b80d8 Evgeniy Stepanov 5 years ago
2 changed file(s) with 14 addition(s) and 14 deletion(s). Raw diff Collapse all Expand all
510510 // The following flags disable parts of MSan instrumentation based on
511511 // blacklist contents and command-line options.
512512 bool InsertChecks;
513 bool LoadShadow;
513 bool PropagateShadow;
514514 bool PoisonStack;
515515 bool PoisonUndef;
516516 bool CheckReturnValue;
531531 bool SanitizeFunction = F.getAttributes().hasAttribute(
532532 AttributeSet::FunctionIndex, Attribute::SanitizeMemory);
533533 InsertChecks = SanitizeFunction;
534 LoadShadow = SanitizeFunction;
534 PropagateShadow = SanitizeFunction;
535535 PoisonStack = SanitizeFunction && ClPoisonStack;
536536 PoisonUndef = SanitizeFunction && ClPoisonUndef;
537537 // FIXME: Consider using SpecialCaseList to specify a list of functions that
715715
716716 // Finalize PHI nodes.
717717 for (PHINode *PN : ShadowPHINodes) {
718 Value *S = getShadow(PN);
719 if (isa(S)) continue;
718720 PHINode *PNS = cast(getShadow(PN));
719721 PHINode *PNO = MS.TrackOrigins ? cast(getOrigin(PN)) : nullptr;
720722 size_t NumValues = PN->getNumIncomingValues();
721723 for (size_t v = 0; v < NumValues; v++) {
722724 PNS->addIncoming(getShadow(PN, v), PN->getIncomingBlock(v));
723 if (PNO)
724 PNO->addIncoming(getOrigin(PN, v), PN->getIncomingBlock(v));
725 if (PNO) PNO->addIncoming(getOrigin(PN, v), PN->getIncomingBlock(v));
725726 }
726727 }
727728
855856 /// \brief Set SV to be the shadow value for V.
856857 void setShadow(Value *V, Value *SV) {
857858 assert(!ShadowMap.count(V) && "Values may only have one shadow");
858 ShadowMap[V] = SV;
859 ShadowMap[V] = PropagateShadow ? SV : getCleanShadow(V);
859860 }
860861
861862 /// \brief Set Origin to be the origin value for V.
907908 /// This function either returns the value set earlier with setShadow,
908909 /// or extracts if from ParamTLS (for function arguments).
909910 Value *getShadow(Value *V) {
911 if (!PropagateShadow) return getCleanShadow(V);
910912 if (Instruction *I = dyn_cast(V)) {
911913 // For instructions the shadow is already stored in the map.
912914 Value *Shadow = ShadowMap[V];
10741076 IRBuilder<> IRB(I.getNextNode());
10751077 Type *ShadowTy = getShadowTy(&I);
10761078 Value *Addr = I.getPointerOperand();
1077 if (LoadShadow) {
1079 if (PropagateShadow) {
10781080 Value *ShadowPtr = getShadowPtr(Addr, ShadowTy, IRB);
10791081 setShadow(&I,
10801082 IRB.CreateAlignedLoad(ShadowPtr, I.getAlignment(), "_msld"));
10891091 I.setOrdering(addAcquireOrdering(I.getOrdering()));
10901092
10911093 if (MS.TrackOrigins) {
1092 if (LoadShadow) {
1094 if (PropagateShadow) {
10931095 unsigned Alignment = std::max(kMinOriginAlignment, I.getAlignment());
10941096 setOrigin(&I,
10951097 IRB.CreateAlignedLoad(getOriginPtr(Addr, IRB), Alignment));
17561758 Value *Addr = I.getArgOperand(0);
17571759
17581760 Type *ShadowTy = getShadowTy(&I);
1759 if (LoadShadow) {
1761 if (PropagateShadow) {
17601762 Value *ShadowPtr = getShadowPtr(Addr, ShadowTy, IRB);
17611763 // We don't know the pointer alignment (could be unaligned SSE load!).
17621764 // Have to assume to worst case.
17691771 insertShadowCheck(Addr, &I);
17701772
17711773 if (MS.TrackOrigins) {
1772 if (LoadShadow)
1774 if (PropagateShadow)
17731775 setOrigin(&I, IRB.CreateLoad(getOriginPtr(Addr, IRB)));
17741776 else
17751777 setOrigin(&I, getCleanOrigin());
682682 ; CHECK: ret void
683683
684684
685 ; Test that checks are omitted but shadow propagation is kept if
685 ; Test that checks are omitted and returned value is always initialized if
686686 ; sanitize_memory attribute is missing.
687687
688688 define i32 @NoSanitizeMemory(i32 %x) uwtable {
702702
703703 ; CHECK: @NoSanitizeMemory
704704 ; CHECK-NOT: @__msan_warning
705 ; CHECK: load i32* {{.*}} @__msan_param_tls
706 ; CHECK-NOT: @__msan_warning
707 ; CHECK: store {{.*}} @__msan_retval_tls
705 ; CHECK: store i32 0, {{.*}} @__msan_retval_tls
708706 ; CHECK-NOT: @__msan_warning
709707 ; CHECK: ret i32
710708
827825
828826 declare i32 @InnerTailCall(i32 %a)
829827
830 define void @MismatchedReturnTypeTailCall(i32 %a) {
828 define void @MismatchedReturnTypeTailCall(i32 %a) sanitize_memory {
831829 %b = tail call i32 @InnerTailCall(i32 %a)
832830 ret void
833831 }