Handle llvm.launder.invariant.group in msan.

Summary: [MSan] handle llvm.launder.invariant.group Msan used to give false-positives in class Foo { public: virtual ~Foo() {}; }; // Return true iff *x is set. bool f1(void **x, bool flag); Foo* f() { void *p; bool found; found = f1(&p,flag); if (found) { // p is always set here. return static_cast<Foo*>(p); // False positive here. } return nullptr; } Patch by Ilya Tokar. Reviewers: #sanitizers, eugenis Reviewed By: #sanitizers, eugenis Subscribers: eugenis, Prazek, hiraditya, llvm-commits Tags: #llvm Differential Revision: https://reviews.llvm.org/D68236 llvm-svn: 373515
author: Evgeniy Stepanov <eugeni.stepanov@gmail.com> 2019-10-02 19:53:19 +0000
committer: Evgeniy Stepanov <eugeni.stepanov@gmail.com> 2019-10-02 19:53:19 +0000
commit: 464df87288f7ff734119da26a1e5eab0d1f57681 (patch)
tree: 586612567b2d3589149d18b865a7897305b5d579
parent: e139a73c5fc1fc7139b08c7ff3adf3a29e1f7dc8 (diff)
download: bcm5719-llvm-464df87288f7ff734119da26a1e5eab0d1f57681.tar.gz
bcm5719-llvm-464df87288f7ff734119da26a1e5eab0d1f57681.zip
3 files changed, 68 insertions, 0 deletions
diff --git a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
index 81bd2f3c18a..f9354069da3 100644
--- a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
+++ b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
@@ -2562,6 +2562,11 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {
     return false;
   }
 
+  void handleInvariantGroup(IntrinsicInst &I) {
+    setShadow(&I, getShadow(&I, 0));
+    setOrigin(&I, getOrigin(&I, 0));
+  }
+
   void handleLifetimeStart(IntrinsicInst &I) {
     if (!PoisonStack)
       return;
@@ -2993,6 +2998,10 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {
     case Intrinsic::lifetime_start:
       handleLifetimeStart(I);
       break;
+    case Intrinsic::launder_invariant_group:
+    case Intrinsic::strip_invariant_group:
+      handleInvariantGroup(I);
+      break;
     case Intrinsic::bswap:
       handleBswap(I);
       break;
diff --git a/llvm/test/Instrumentation/MemorySanitizer/msan_llvm_launder_invariant.ll b/llvm/test/Instrumentation/MemorySanitizer/msan_llvm_launder_invariant.ll
new file mode 100644
index 00000000000..63de8663e07
--- /dev/null
+++ b/llvm/test/Instrumentation/MemorySanitizer/msan_llvm_launder_invariant.ll
@@ -0,0 +1,38 @@
+; Make sure MSan handles llvm.launder.invariant.group correctly.
+
+; RUN: opt < %s -msan -msan-kernel=1 -O1 -S | FileCheck -check-prefixes=CHECK %s
+; RUN: opt < %s -msan -O1 -S | FileCheck -check-prefixes=CHECK %s
+
+target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128"
+target triple = "x86_64-unknown-linux-gnu"
+
+%class.Foo = type { i32 (...)** }
+@flag = dso_local local_unnamed_addr global i8 0, align 1
+
+define dso_local %class.Foo* @_Z1fv() local_unnamed_addr #0 {
+entry:
+  %p = alloca i8*, align 8
+  %0 = bitcast i8** %p to i8*
+  call void @llvm.lifetime.start.p0i8(i64 8, i8* nonnull %0)
+  %1 = load i8, i8* @flag, align 1
+  %tobool = icmp ne i8 %1, 0
+  %call = call zeroext i1 @_Z2f1PPvb(i8** nonnull %p, i1 zeroext %tobool)
+  %2 = load i8*, i8** %p, align 8
+  %3 = call i8* @llvm.launder.invariant.group.p0i8(i8* %2)
+  %4 = bitcast i8* %3 to %class.Foo*
+  %retval.0 = select i1 %call, %class.Foo* %4, %class.Foo* null
+  call void @llvm.lifetime.end.p0i8(i64 8, i8* nonnull %0)
+  ret %class.Foo* %retval.0
+}
+
+; CHECK-NOT: call void @__msan_warning_noreturn
+
+declare dso_local zeroext i1 @_Z2f1PPvb(i8**, i1 zeroext) local_unnamed_addr
+
+declare i8* @llvm.launder.invariant.group.p0i8(i8*)
+
+declare void @llvm.lifetime.start.p0i8(i64 immarg, i8* nocapture)
+
+declare void @llvm.lifetime.end.p0i8(i64 immarg, i8* nocapture)
+
+attributes #0 = { sanitize_memory uwtable }
diff --git a/llvm/test/Instrumentation/MemorySanitizer/msan_llvm_strip_invariant.ll b/llvm/test/Instrumentation/MemorySanitizer/msan_llvm_strip_invariant.ll
new file mode 100644
index 00000000000..f3b5c0d722c
--- /dev/null
+++ b/llvm/test/Instrumentation/MemorySanitizer/msan_llvm_strip_invariant.ll
@@ -0,0 +1,21 @@
+; Make sure MSan handles llvm.launder.invariant.group correctly.
+
+; RUN: opt < %s -msan -msan-kernel=1 -O1 -S | FileCheck -check-prefixes=CHECK %s
+; RUN: opt < %s -msan -O1 -S | FileCheck -check-prefixes=CHECK %s
+
+target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128"
+target triple = "x86_64-unknown-linux-gnu"
+
+@flag = dso_local local_unnamed_addr global i8 0, align 1
+
+define dso_local i8* @f(i8* %x) local_unnamed_addr #0 {
+entry:
+  %0 = call i8* @llvm.strip.invariant.group.p0i8(i8* %x)
+  ret i8* %0
+}
+
+; CHECK-NOT: call void @__msan_warning_noreturn
+
+declare i8* @llvm.strip.invariant.group.p0i8(i8*)
+
+attributes #0 = { sanitize_memory uwtable }
author	Evgeniy Stepanov <eugeni.stepanov@gmail.com>	2019-10-02 19:53:19 +0000
committer	Evgeniy Stepanov <eugeni.stepanov@gmail.com>	2019-10-02 19:53:19 +0000
commit	464df87288f7ff734119da26a1e5eab0d1f57681 (patch)
tree	586612567b2d3589149d18b865a7897305b5d579
parent	e139a73c5fc1fc7139b08c7ff3adf3a29e1f7dc8 (diff)
download	bcm5719-llvm-464df87288f7ff734119da26a1e5eab0d1f57681.tar.gz bcm5719-llvm-464df87288f7ff734119da26a1e5eab0d1f57681.zip