diff options
| author | Philip Reames <listmail@philipreames.com> | 2019-07-09 18:49:29 +0000 |
|---|---|---|
| committer | Philip Reames <listmail@philipreames.com> | 2019-07-09 18:49:29 +0000 |
| commit | f47a313e717acb9c1b5bbdcf732cf08b042a8053 (patch) | |
| tree | d3bf2459062d5cdd7ab46a8c17ae970efb24cd53 /llvm/lib/Passes | |
| parent | 210314ae8c59bc0a8801c2528eda892cd5960c31 (diff) | |
| download | bcm5719-llvm-f47a313e717acb9c1b5bbdcf732cf08b042a8053.tar.gz bcm5719-llvm-f47a313e717acb9c1b5bbdcf732cf08b042a8053.zip | |
Add a transform pass to make the executable semantics of poison explicit in the IR
Implements a transform pass which instruments IR such that poison semantics are made explicit. That is, it provides a (possibly partial) executable semantics for every instruction w.r.t. poison as specified in the LLVM LangRef. There are obvious parallels to the sanitizer tools, but this pass is focused purely on the semantics of LLVM IR, not any particular source language.
The target audience for this tool is developers working on or targetting LLVM from a frontend. The idea is to be able to take arbitrary IR (with the assumption of known inputs), and evaluate it concretely after having made poison semantics explicit to detect cases where either a) the original code executes UB, or b) a transform pass introduces UB which didn't exist in the original program.
At the moment, this is mostly the framework and still needs to be fleshed out. By reusing existing code we have decent coverage, but there's a lot of cases not yet handled. What's here is good enough to handle interesting cases though; for instance, one of the recent LFTR bugs involved UB being triggered by integer induction variables with nsw/nuw flags would be reported by the current code.
(See comment in PoisonChecking.cpp for full explanation and context)
Differential Revision: https://reviews.llvm.org/D64215
llvm-svn: 365536
Diffstat (limited to 'llvm/lib/Passes')
| -rw-r--r-- | llvm/lib/Passes/PassBuilder.cpp | 1 | ||||
| -rw-r--r-- | llvm/lib/Passes/PassRegistry.def | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/llvm/lib/Passes/PassBuilder.cpp b/llvm/lib/Passes/PassBuilder.cpp index bd7ec65052a..e2b2a2b2526 100644 --- a/llvm/lib/Passes/PassBuilder.cpp +++ b/llvm/lib/Passes/PassBuilder.cpp @@ -100,6 +100,7 @@ #include "llvm/Transforms/Instrumentation/InstrProfiling.h" #include "llvm/Transforms/Instrumentation/MemorySanitizer.h" #include "llvm/Transforms/Instrumentation/PGOInstrumentation.h" +#include "llvm/Transforms/Instrumentation/PoisonChecking.h" #include "llvm/Transforms/Instrumentation/ThreadSanitizer.h" #include "llvm/Transforms/Scalar/ADCE.h" #include "llvm/Transforms/Scalar/AlignmentFromAssumptions.h" diff --git a/llvm/lib/Passes/PassRegistry.def b/llvm/lib/Passes/PassRegistry.def index 6e7f4177e56..e785558d5a7 100644 --- a/llvm/lib/Passes/PassRegistry.def +++ b/llvm/lib/Passes/PassRegistry.def @@ -86,6 +86,7 @@ MODULE_PASS("wholeprogramdevirt", WholeProgramDevirtPass(nullptr, nullptr)) MODULE_PASS("verify", VerifierPass()) MODULE_PASS("asan-module", ModuleAddressSanitizerPass(/*CompileKernel=*/false, false, true, false)) MODULE_PASS("kasan-module", ModuleAddressSanitizerPass(/*CompileKernel=*/true, false, true, false)) +MODULE_PASS("poison-checking", PoisonCheckingPass()) #undef MODULE_PASS #ifndef CGSCC_ANALYSIS |
