[msan] Precise instrumentation for icmp sgt %x, -1.

Extend signed relational comparison instrumentation with a special case for comparisons with -1. This fixes an MSan false positive when such comparison is used as a sign bit test. https://llvm.org/bugs/show_bug.cgi?id=24561 llvm-svn: 245980
author: Evgeniy Stepanov <eugeni.stepanov@gmail.com> 2015-08-25 22:19:11 +0000
committer: Evgeniy Stepanov <eugeni.stepanov@gmail.com> 2015-08-25 22:19:11 +0000
commit: d04d07e65eed49e438b7ecb8f770deab7e00dbad (patch)
tree: 889226c1e32bc6e5930756c0f74900865014982f /llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
parent: 08426e2098aaab9b26bf236fe6ce9570e9ea3c4a (diff)
download: bcm5719-llvm-d04d07e65eed49e438b7ecb8f770deab7e00dbad.tar.gz
bcm5719-llvm-d04d07e65eed49e438b7ecb8f770deab7e00dbad.zip
1 files changed, 20 insertions, 15 deletions
diff --git a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
index e36637a4fd8..d296474abe1 100644
--- a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
+++ b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
@@ -1736,25 +1736,30 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {
 
   /// \brief Instrument signed relational comparisons.
   ///
-  /// Handle (x<0) and (x>=0) comparisons (essentially, sign bit tests) by
-  /// propagating the highest bit of the shadow. Everything else is delegated
-  /// to handleShadowOr().
+  /// Handle sign bit tests: x<0, x>=0, x<=-1, x>-1 by propagating the highest
+  /// bit of the shadow. Everything else is delegated to handleShadowOr().
   void handleSignedRelationalComparison(ICmpInst &I) {
-    Constant *constOp0 = dyn_cast<Constant>(I.getOperand(0));
-    Constant *constOp1 = dyn_cast<Constant>(I.getOperand(1));
-    Value* op = nullptr;
-    CmpInst::Predicate pre = I.getPredicate();
-    if (constOp0 && constOp0->isNullValue() &&
-        (pre == CmpInst::ICMP_SGT || pre == CmpInst::ICMP_SLE)) {
-      op = I.getOperand(1);
-    } else if (constOp1 && constOp1->isNullValue() &&
-               (pre == CmpInst::ICMP_SLT || pre == CmpInst::ICMP_SGE)) {
+    Constant *constOp;
+    Value *op = nullptr;
+    CmpInst::Predicate pre;
+    if ((constOp = dyn_cast<Constant>(I.getOperand(1)))) {
       op = I.getOperand(0);
+      pre = I.getPredicate();
+    } else if ((constOp = dyn_cast<Constant>(I.getOperand(0)))) {
+      op = I.getOperand(1);
+      pre = I.getSwappedPredicate();
+    } else {
+      handleShadowOr(I);
+      return;
     }
-    if (op) {
+
+    if ((constOp->isNullValue() &&
+         (pre == CmpInst::ICMP_SLT || pre == CmpInst::ICMP_SGE)) ||
+        (constOp->isAllOnesValue() &&
+         (pre == CmpInst::ICMP_SGT || pre == CmpInst::ICMP_SLE))) {
       IRBuilder<> IRB(&I);
-      Value* Shadow =
-        IRB.CreateICmpSLT(getShadow(op), getCleanShadow(op), "_msprop_icmpslt");
+      Value *Shadow = IRB.CreateICmpSLT(getShadow(op), getCleanShadow(op),
+                                        "_msprop_icmp_s");
       setShadow(&I, Shadow);
       setOrigin(&I, getOrigin(op));
     } else {
author	Evgeniy Stepanov <eugeni.stepanov@gmail.com>	2015-08-25 22:19:11 +0000
committer	Evgeniy Stepanov <eugeni.stepanov@gmail.com>	2015-08-25 22:19:11 +0000
commit	d04d07e65eed49e438b7ecb8f770deab7e00dbad (patch)
tree	889226c1e32bc6e5930756c0f74900865014982f /llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
parent	08426e2098aaab9b26bf236fe6ce9570e9ea3c4a (diff)
download	bcm5719-llvm-d04d07e65eed49e438b7ecb8f770deab7e00dbad.tar.gz bcm5719-llvm-d04d07e65eed49e438b7ecb8f770deab7e00dbad.zip