diff options
| author | Alexander Potapenko <glider@google.com> | 2018-07-20 16:28:49 +0000 |
|---|---|---|
| committer | Alexander Potapenko <glider@google.com> | 2018-07-20 16:28:49 +0000 |
| commit | 5ff3abbc3151f28b990f14cff844b8724acdb12b (patch) | |
| tree | 764457281977c2b55d58beeda446faba2c0f5fcf /llvm/lib/Transforms/Instrumentation | |
| parent | c7132031a2a10b2d6fa2333f7e1d397b16014563 (diff) | |
| download | bcm5719-llvm-5ff3abbc3151f28b990f14cff844b8724acdb12b.tar.gz bcm5719-llvm-5ff3abbc3151f28b990f14cff844b8724acdb12b.zip | |
[MSan] run materializeChecks() before materializeStores()
When pointer checking is enabled, it's important that every pointer is
checked before its value is used.
For stores MSan used to generate code that calculates shadow/origin
addresses from a pointer before checking it.
For userspace this isn't a problem, because the shadow calculation code
is quite simple and compiler is able to move it after the check on -O2.
But for KMSAN getShadowOriginPtr() creates a runtime call, so we want the
check to be performed strictly before that call.
Swapping materializeChecks() and materializeStores() resolves the issue:
both functions insert code before the given IR location, so the new
insertion order guarantees that the code calculating shadow address is
between the address check and the memory access.
llvm-svn: 337571
Diffstat (limited to 'llvm/lib/Transforms/Instrumentation')
| -rw-r--r-- | llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp index 7828fcc432c..40033fc7eb0 100644 --- a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp +++ b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp @@ -918,9 +918,6 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> { StoreInst *NewSI = IRB.CreateAlignedStore(Shadow, ShadowPtr, Alignment); LLVM_DEBUG(dbgs() << " STORE: " << *NewSI << "\n"); - if (ClCheckAccessAddress) - insertShadowCheck(Addr, NewSI); - if (SI->isAtomic()) SI->setOrdering(addReleaseOrdering(SI->getOrdering())); @@ -1024,13 +1021,13 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> { InstrumentationList.size() + StoreList.size() > (unsigned)ClInstrumentationWithCallThreshold; - // Delayed instrumentation of StoreInst. - // This may add new checks to be inserted later. - materializeStores(InstrumentWithCalls); - // Insert shadow value checks. materializeChecks(InstrumentWithCalls); + // Delayed instrumentation of StoreInst. + // This may not add new address checks. + materializeStores(InstrumentWithCalls); + return true; } @@ -1490,6 +1487,8 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> { /// Optionally, checks that the store address is fully defined. void visitStoreInst(StoreInst &I) { StoreList.push_back(&I); + if (ClCheckAccessAddress) + insertShadowCheck(I.getPointerOperand(), &I); } void handleCASOrRMW(Instruction &I) { |
