diff options
| author | Evgeniy Stepanov <eugeni.stepanov@gmail.com> | 2014-11-28 11:17:58 +0000 |
|---|---|---|
| committer | Evgeniy Stepanov <eugeni.stepanov@gmail.com> | 2014-11-28 11:17:58 +0000 |
| commit | a0b689923446176db3da4ce0d54f066700e142ef (patch) | |
| tree | d999884b78a7b090ae41dc9640e65f90e2e0f631 | |
| parent | ab9524ecdba9c9fa64ca2fc0b66f08a687df605a (diff) | |
| download | bcm5719-llvm-a0b689923446176db3da4ce0d54f066700e142ef.tar.gz bcm5719-llvm-a0b689923446176db3da4ce0d54f066700e142ef.zip | |
[msan] Fix origin propagation for select of floats.
MSan does not assign origin for instrumentation temps (i.e. the ones that do
not come from the application code), but "select" instrumentation erroneously
tried to use one of those.
https://code.google.com/p/memory-sanitizer/issues/detail?id=78
llvm-svn: 222918
| -rw-r--r-- | compiler-rt/test/msan/select_float_origin.cc | 24 | ||||
| -rw-r--r-- | llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp | 7 | ||||
| -rw-r--r-- | llvm/test/Instrumentation/MemorySanitizer/missing_origin.ll | 14 |
3 files changed, 42 insertions, 3 deletions
diff --git a/compiler-rt/test/msan/select_float_origin.cc b/compiler-rt/test/msan/select_float_origin.cc new file mode 100644 index 00000000000..ca8f3a83b0e --- /dev/null +++ b/compiler-rt/test/msan/select_float_origin.cc @@ -0,0 +1,24 @@ +// Regression test for origin propagation in "select i1, float, float". +// https://code.google.com/p/memory-sanitizer/issues/detail?id=78 + +// RUN: %clangxx_msan -O2 -fsanitize-memory-track-origins %s -o %t && not %run %t >%t.out 2>&1 +// RUN: FileCheck %s < %t.out + +// RUN: %clangxx_msan -O2 -fsanitize-memory-track-origins=2 %s -o %t && not %run %t >%t.out 2>&1 +// RUN: FileCheck %s < %t.out + +#include <stdio.h> +#include <sanitizer/msan_interface.h> + +int main() { + volatile bool b = true; + float x, y; + __msan_allocated_memory(&x, sizeof(x)); + __msan_allocated_memory(&y, sizeof(y)); + float z = b ? x : y; + if (z > 0) printf(".\n"); + // CHECK: Uninitialized value was created by a heap allocation + // CHECK: {{#0 0x.* in .*__msan_allocated_memory}} + // CHECK: {{#1 0x.* in main .*select_float_origin.cc:}}[[@LINE-6]] + return 0; +} diff --git a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp index fecf5bedf5a..15a67d7c697 100644 --- a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp +++ b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp @@ -2452,9 +2452,10 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> { } // a = select b, c, d // Oa = Sb ? Ob : (b ? Oc : Od) - setOrigin(&I, IRB.CreateSelect( - Sb, getOrigin(I.getCondition()), - IRB.CreateSelect(B, getOrigin(C), getOrigin(D)))); + setOrigin( + &I, IRB.CreateSelect(Sb, getOrigin(I.getCondition()), + IRB.CreateSelect(B, getOrigin(I.getTrueValue()), + getOrigin(I.getFalseValue())))); } } diff --git a/llvm/test/Instrumentation/MemorySanitizer/missing_origin.ll b/llvm/test/Instrumentation/MemorySanitizer/missing_origin.ll index 673e85369a3..f7385b9dd4c 100644 --- a/llvm/test/Instrumentation/MemorySanitizer/missing_origin.ll +++ b/llvm/test/Instrumentation/MemorySanitizer/missing_origin.ll @@ -17,3 +17,17 @@ entry: ; CHECK: [[A:%.*]] = load i32* {{.*}}@__msan_param_origin_tls, ; CHECK: store i32 [[A]], i32* @__msan_retval_origin_tls ; CHECK: ret <4 x i32> + + +; Regression test for origin propagation in "select i1, float, float". +; https://code.google.com/p/memory-sanitizer/issues/detail?id=78 + +define float @SelectFloat(i1 %b, float %x, float %y) nounwind uwtable sanitize_memory { +entry: + %z = select i1 %b, float %x, float %y + ret float %z +} + +; CHECK-LABEL: @SelectFloat( +; CHECK-NOT: select {{.*}} i32 0, i32 0 +; CHECK: ret float |
