2017-10-21 08:57:46 +08:00
|
|
|
//===- DataFlowSanitizer.cpp - dynamic data flow analysis -----------------===//
|
2013-08-08 06:47:18 +08:00
|
|
|
//
|
|
|
|
// The LLVM Compiler Infrastructure
|
|
|
|
//
|
|
|
|
// This file is distributed under the University of Illinois Open Source
|
|
|
|
// License. See LICENSE.TXT for details.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
2017-10-21 08:57:46 +08:00
|
|
|
//
|
2013-08-08 06:47:18 +08:00
|
|
|
/// \file
|
|
|
|
/// This file is a part of DataFlowSanitizer, a generalised dynamic data flow
|
|
|
|
/// analysis.
|
|
|
|
///
|
|
|
|
/// Unlike other Sanitizer tools, this tool is not designed to detect a specific
|
|
|
|
/// class of bugs on its own. Instead, it provides a generic dynamic data flow
|
|
|
|
/// analysis framework to be used by clients to help detect application-specific
|
|
|
|
/// issues within their own code.
|
|
|
|
///
|
|
|
|
/// The analysis is based on automatic propagation of data flow labels (also
|
|
|
|
/// known as taint labels) through a program as it performs computation. Each
|
|
|
|
/// byte of application memory is backed by two bytes of shadow memory which
|
|
|
|
/// hold the label. On Linux/x86_64, memory is laid out as follows:
|
|
|
|
///
|
|
|
|
/// +--------------------+ 0x800000000000 (top of memory)
|
|
|
|
/// | application memory |
|
|
|
|
/// +--------------------+ 0x700000008000 (kAppAddr)
|
|
|
|
/// | |
|
|
|
|
/// | unused |
|
|
|
|
/// | |
|
|
|
|
/// +--------------------+ 0x200200000000 (kUnusedAddr)
|
|
|
|
/// | union table |
|
|
|
|
/// +--------------------+ 0x200000000000 (kUnionTableAddr)
|
|
|
|
/// | shadow memory |
|
|
|
|
/// +--------------------+ 0x000000010000 (kShadowAddr)
|
|
|
|
/// | reserved by kernel |
|
|
|
|
/// +--------------------+ 0x000000000000
|
|
|
|
///
|
|
|
|
/// To derive a shadow memory address from an application memory address,
|
|
|
|
/// bits 44-46 are cleared to bring the address into the range
|
|
|
|
/// [0x000000008000,0x100000000000). Then the address is shifted left by 1 to
|
|
|
|
/// account for the double byte representation of shadow labels and move the
|
|
|
|
/// address into the shadow memory range. See the function
|
|
|
|
/// DataFlowSanitizer::getShadowAddress below.
|
|
|
|
///
|
|
|
|
/// For more information, please refer to the design document:
|
|
|
|
/// http://clang.llvm.org/docs/DataFlowSanitizerDesign.html
|
2017-10-21 08:57:46 +08:00
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
2013-08-08 06:47:18 +08:00
|
|
|
|
|
|
|
#include "llvm/ADT/DenseMap.h"
|
|
|
|
#include "llvm/ADT/DenseSet.h"
|
|
|
|
#include "llvm/ADT/DepthFirstIterator.h"
|
2017-10-21 08:57:46 +08:00
|
|
|
#include "llvm/ADT/None.h"
|
|
|
|
#include "llvm/ADT/SmallPtrSet.h"
|
|
|
|
#include "llvm/ADT/SmallVector.h"
|
2013-08-28 06:09:06 +08:00
|
|
|
#include "llvm/ADT/StringExtras.h"
|
2017-10-21 08:57:46 +08:00
|
|
|
#include "llvm/ADT/StringRef.h"
|
2014-12-06 05:22:32 +08:00
|
|
|
#include "llvm/ADT/Triple.h"
|
2018-03-22 06:34:23 +08:00
|
|
|
#include "llvm/Analysis/Utils/Local.h"
|
2013-08-08 06:47:18 +08:00
|
|
|
#include "llvm/Analysis/ValueTracking.h"
|
2017-10-21 08:57:46 +08:00
|
|
|
#include "llvm/IR/Argument.h"
|
|
|
|
#include "llvm/IR/Attributes.h"
|
|
|
|
#include "llvm/IR/BasicBlock.h"
|
|
|
|
#include "llvm/IR/CallSite.h"
|
|
|
|
#include "llvm/IR/Constant.h"
|
|
|
|
#include "llvm/IR/Constants.h"
|
|
|
|
#include "llvm/IR/DataLayout.h"
|
|
|
|
#include "llvm/IR/DerivedTypes.h"
|
2017-06-06 19:49:48 +08:00
|
|
|
#include "llvm/IR/Dominators.h"
|
2017-10-21 08:57:46 +08:00
|
|
|
#include "llvm/IR/Function.h"
|
|
|
|
#include "llvm/IR/GlobalAlias.h"
|
|
|
|
#include "llvm/IR/GlobalValue.h"
|
|
|
|
#include "llvm/IR/GlobalVariable.h"
|
2013-08-08 06:47:18 +08:00
|
|
|
#include "llvm/IR/IRBuilder.h"
|
2014-01-07 19:48:04 +08:00
|
|
|
#include "llvm/IR/InlineAsm.h"
|
2014-03-06 11:23:41 +08:00
|
|
|
#include "llvm/IR/InstVisitor.h"
|
2017-10-21 08:57:46 +08:00
|
|
|
#include "llvm/IR/InstrTypes.h"
|
|
|
|
#include "llvm/IR/Instruction.h"
|
|
|
|
#include "llvm/IR/Instructions.h"
|
|
|
|
#include "llvm/IR/IntrinsicInst.h"
|
2013-08-08 06:47:18 +08:00
|
|
|
#include "llvm/IR/LLVMContext.h"
|
|
|
|
#include "llvm/IR/MDBuilder.h"
|
2017-10-21 08:57:46 +08:00
|
|
|
#include "llvm/IR/Module.h"
|
2013-08-08 06:47:18 +08:00
|
|
|
#include "llvm/IR/Type.h"
|
2017-10-21 08:57:46 +08:00
|
|
|
#include "llvm/IR/User.h"
|
2013-08-08 06:47:18 +08:00
|
|
|
#include "llvm/IR/Value.h"
|
|
|
|
#include "llvm/Pass.h"
|
2017-10-21 08:57:46 +08:00
|
|
|
#include "llvm/Support/Casting.h"
|
2013-08-08 06:47:18 +08:00
|
|
|
#include "llvm/Support/CommandLine.h"
|
2017-10-21 08:57:46 +08:00
|
|
|
#include "llvm/Support/ErrorHandling.h"
|
2014-07-10 03:40:08 +08:00
|
|
|
#include "llvm/Support/SpecialCaseList.h"
|
2017-06-06 19:49:48 +08:00
|
|
|
#include "llvm/Transforms/Instrumentation.h"
|
2013-08-08 06:47:18 +08:00
|
|
|
#include "llvm/Transforms/Utils/BasicBlockUtils.h"
|
2014-07-16 06:13:19 +08:00
|
|
|
#include <algorithm>
|
2017-10-21 08:57:46 +08:00
|
|
|
#include <cassert>
|
|
|
|
#include <cstddef>
|
|
|
|
#include <cstdint>
|
2013-08-08 06:47:18 +08:00
|
|
|
#include <iterator>
|
2017-10-21 08:57:46 +08:00
|
|
|
#include <memory>
|
2014-07-16 06:13:19 +08:00
|
|
|
#include <set>
|
2017-10-21 08:57:46 +08:00
|
|
|
#include <string>
|
2014-07-16 06:13:19 +08:00
|
|
|
#include <utility>
|
2017-10-21 08:57:46 +08:00
|
|
|
#include <vector>
|
2013-08-08 06:47:18 +08:00
|
|
|
|
|
|
|
using namespace llvm;
|
|
|
|
|
2015-11-27 20:42:39 +08:00
|
|
|
// External symbol to be used when generating the shadow address for
|
|
|
|
// architectures with multiple VMAs. Instead of using a constant integer
|
|
|
|
// the runtime will set the external mask based on the VMA range.
|
|
|
|
static const char *const kDFSanExternShadowPtrMask = "__dfsan_shadow_ptr_mask";
|
2015-08-24 21:48:10 +08:00
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
// The -dfsan-preserve-alignment flag controls whether this pass assumes that
|
|
|
|
// alignment requirements provided by the input IR are correct. For example,
|
|
|
|
// if the input IR contains a load with alignment 8, this flag will cause
|
|
|
|
// the shadow load to have alignment 16. This flag is disabled by default as
|
|
|
|
// we have unfortunately encountered too much code (including Clang itself;
|
|
|
|
// see PR14291) which performs misaligned access.
|
|
|
|
static cl::opt<bool> ClPreserveAlignment(
|
|
|
|
"dfsan-preserve-alignment",
|
|
|
|
cl::desc("respect alignment requirements provided by input IR"), cl::Hidden,
|
|
|
|
cl::init(false));
|
|
|
|
|
2015-02-05 01:39:48 +08:00
|
|
|
// The ABI list files control how shadow parameters are passed. The pass treats
|
2013-08-15 02:54:12 +08:00
|
|
|
// every function labelled "uninstrumented" in the ABI list file as conforming
|
|
|
|
// to the "native" (i.e. unsanitized) ABI. Unless the ABI list contains
|
|
|
|
// additional annotations for those functions, a call to one of those functions
|
|
|
|
// will produce a warning message, as the labelling behaviour of the function is
|
|
|
|
// unknown. The other supported annotations are "functional" and "discard",
|
|
|
|
// which are described below under DataFlowSanitizer::WrapperKind.
|
2015-02-05 01:39:48 +08:00
|
|
|
static cl::list<std::string> ClABIListFiles(
|
2013-08-15 02:54:12 +08:00
|
|
|
"dfsan-abilist",
|
|
|
|
cl::desc("File listing native ABI functions and how the pass treats them"),
|
2013-08-08 06:47:18 +08:00
|
|
|
cl::Hidden);
|
|
|
|
|
2013-08-15 02:54:12 +08:00
|
|
|
// Controls whether the pass uses IA_Args or IA_TLS as the ABI for instrumented
|
|
|
|
// functions (see DataFlowSanitizer::InstrumentedABI below).
|
2013-08-08 06:47:18 +08:00
|
|
|
static cl::opt<bool> ClArgsABI(
|
|
|
|
"dfsan-args-abi",
|
|
|
|
cl::desc("Use the argument ABI rather than the TLS ABI"),
|
|
|
|
cl::Hidden);
|
|
|
|
|
2013-11-22 07:20:54 +08:00
|
|
|
// Controls whether the pass includes or ignores the labels of pointers in load
|
|
|
|
// instructions.
|
|
|
|
static cl::opt<bool> ClCombinePointerLabelsOnLoad(
|
|
|
|
"dfsan-combine-pointer-labels-on-load",
|
|
|
|
cl::desc("Combine the label of the pointer with the label of the data when "
|
|
|
|
"loading from memory."),
|
|
|
|
cl::Hidden, cl::init(true));
|
|
|
|
|
|
|
|
// Controls whether the pass includes or ignores the labels of pointers in
|
|
|
|
// stores instructions.
|
|
|
|
static cl::opt<bool> ClCombinePointerLabelsOnStore(
|
|
|
|
"dfsan-combine-pointer-labels-on-store",
|
|
|
|
cl::desc("Combine the label of the pointer with the label of the data when "
|
|
|
|
"storing in memory."),
|
|
|
|
cl::Hidden, cl::init(false));
|
|
|
|
|
2013-08-16 02:51:12 +08:00
|
|
|
static cl::opt<bool> ClDebugNonzeroLabels(
|
|
|
|
"dfsan-debug-nonzero-labels",
|
|
|
|
cl::desc("Insert calls to __dfsan_nonzero_label on observing a parameter, "
|
|
|
|
"load or return with a nonzero label"),
|
|
|
|
cl::Hidden);
|
|
|
|
|
2017-10-21 08:57:46 +08:00
|
|
|
static StringRef GetGlobalTypeString(const GlobalValue &G) {
|
2014-07-10 03:40:08 +08:00
|
|
|
// Types of GlobalVariables are always pointer types.
|
2016-01-17 04:30:46 +08:00
|
|
|
Type *GType = G.getValueType();
|
2014-07-10 03:40:08 +08:00
|
|
|
// For now we support blacklisting struct types only.
|
|
|
|
if (StructType *SGType = dyn_cast<StructType>(GType)) {
|
|
|
|
if (!SGType->isLiteral())
|
|
|
|
return SGType->getName();
|
|
|
|
}
|
|
|
|
return "<unknown type>";
|
|
|
|
}
|
|
|
|
|
2017-10-21 08:57:46 +08:00
|
|
|
namespace {
|
|
|
|
|
2014-07-10 03:40:08 +08:00
|
|
|
class DFSanABIList {
|
|
|
|
std::unique_ptr<SpecialCaseList> SCL;
|
|
|
|
|
|
|
|
public:
|
2017-10-21 08:57:46 +08:00
|
|
|
DFSanABIList() = default;
|
2015-02-05 01:39:48 +08:00
|
|
|
|
|
|
|
void set(std::unique_ptr<SpecialCaseList> List) { SCL = std::move(List); }
|
2014-07-10 03:40:08 +08:00
|
|
|
|
|
|
|
/// Returns whether either this function or its source file are listed in the
|
|
|
|
/// given category.
|
2014-08-31 00:48:02 +08:00
|
|
|
bool isIn(const Function &F, StringRef Category) const {
|
2014-07-10 03:40:08 +08:00
|
|
|
return isIn(*F.getParent(), Category) ||
|
2017-09-26 06:11:11 +08:00
|
|
|
SCL->inSection("dataflow", "fun", F.getName(), Category);
|
2014-07-10 03:40:08 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Returns whether this global alias is listed in the given category.
|
|
|
|
///
|
|
|
|
/// If GA aliases a function, the alias's name is matched as a function name
|
|
|
|
/// would be. Similarly, aliases of globals are matched like globals.
|
2014-08-31 00:48:02 +08:00
|
|
|
bool isIn(const GlobalAlias &GA, StringRef Category) const {
|
2014-07-10 03:40:08 +08:00
|
|
|
if (isIn(*GA.getParent(), Category))
|
|
|
|
return true;
|
|
|
|
|
2016-01-17 04:30:46 +08:00
|
|
|
if (isa<FunctionType>(GA.getValueType()))
|
2017-09-26 06:11:11 +08:00
|
|
|
return SCL->inSection("dataflow", "fun", GA.getName(), Category);
|
2014-07-10 03:40:08 +08:00
|
|
|
|
2017-09-26 06:11:11 +08:00
|
|
|
return SCL->inSection("dataflow", "global", GA.getName(), Category) ||
|
|
|
|
SCL->inSection("dataflow", "type", GetGlobalTypeString(GA),
|
|
|
|
Category);
|
2014-07-10 03:40:08 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Returns whether this module is listed in the given category.
|
2014-08-31 00:48:02 +08:00
|
|
|
bool isIn(const Module &M, StringRef Category) const {
|
2017-09-26 06:11:11 +08:00
|
|
|
return SCL->inSection("dataflow", "src", M.getModuleIdentifier(), Category);
|
2014-07-10 03:40:08 +08:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2018-02-23 03:09:07 +08:00
|
|
|
/// TransformedFunction is used to express the result of transforming one
|
|
|
|
/// function type into another. This struct is immutable. It holds metadata
|
|
|
|
/// useful for updating calls of the old function to the new type.
|
|
|
|
struct TransformedFunction {
|
|
|
|
TransformedFunction(FunctionType* OriginalType,
|
|
|
|
FunctionType* TransformedType,
|
|
|
|
std::vector<unsigned> ArgumentIndexMapping)
|
|
|
|
: OriginalType(OriginalType),
|
|
|
|
TransformedType(TransformedType),
|
|
|
|
ArgumentIndexMapping(ArgumentIndexMapping) {}
|
|
|
|
|
|
|
|
// Disallow copies.
|
|
|
|
TransformedFunction(const TransformedFunction&) = delete;
|
|
|
|
TransformedFunction& operator=(const TransformedFunction&) = delete;
|
|
|
|
|
|
|
|
// Allow moves.
|
|
|
|
TransformedFunction(TransformedFunction&&) = default;
|
|
|
|
TransformedFunction& operator=(TransformedFunction&&) = default;
|
|
|
|
|
|
|
|
/// Type of the function before the transformation.
|
|
|
|
FunctionType* const OriginalType;
|
|
|
|
|
|
|
|
/// Type of the function after the transformation.
|
|
|
|
FunctionType* const TransformedType;
|
|
|
|
|
|
|
|
/// Transforming a function may change the position of arguments. This
|
|
|
|
/// member records the mapping from each argument's old position to its new
|
|
|
|
/// position. Argument positions are zero-indexed. If the transformation
|
|
|
|
/// from F to F' made the first argument of F into the third argument of F',
|
|
|
|
/// then ArgumentIndexMapping[0] will equal 2.
|
|
|
|
const std::vector<unsigned> ArgumentIndexMapping;
|
|
|
|
};
|
|
|
|
|
|
|
|
/// Given function attributes from a call site for the original function,
|
|
|
|
/// return function attributes appropriate for a call to the transformed
|
|
|
|
/// function.
|
|
|
|
AttributeList TransformFunctionAttributes(
|
|
|
|
const TransformedFunction& TransformedFunction,
|
|
|
|
LLVMContext& Ctx, AttributeList CallSiteAttrs) {
|
|
|
|
|
|
|
|
// Construct a vector of AttributeSet for each function argument.
|
|
|
|
std::vector<llvm::AttributeSet> ArgumentAttributes(
|
|
|
|
TransformedFunction.TransformedType->getNumParams());
|
|
|
|
|
|
|
|
// Copy attributes from the parameter of the original function to the
|
|
|
|
// transformed version. 'ArgumentIndexMapping' holds the mapping from
|
|
|
|
// old argument position to new.
|
|
|
|
for (unsigned i=0, ie = TransformedFunction.ArgumentIndexMapping.size();
|
|
|
|
i < ie; ++i) {
|
|
|
|
unsigned TransformedIndex = TransformedFunction.ArgumentIndexMapping[i];
|
|
|
|
ArgumentAttributes[TransformedIndex] = CallSiteAttrs.getParamAttributes(i);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Copy annotations on varargs arguments.
|
|
|
|
for (unsigned i = TransformedFunction.OriginalType->getNumParams(),
|
|
|
|
ie = CallSiteAttrs.getNumAttrSets(); i<ie; ++i) {
|
|
|
|
ArgumentAttributes.push_back(CallSiteAttrs.getParamAttributes(i));
|
|
|
|
}
|
|
|
|
|
|
|
|
return AttributeList::get(
|
|
|
|
Ctx,
|
|
|
|
CallSiteAttrs.getFnAttributes(),
|
|
|
|
CallSiteAttrs.getRetAttributes(),
|
|
|
|
llvm::makeArrayRef(ArgumentAttributes));
|
|
|
|
}
|
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
class DataFlowSanitizer : public ModulePass {
|
|
|
|
friend struct DFSanFunction;
|
|
|
|
friend class DFSanVisitor;
|
|
|
|
|
|
|
|
enum {
|
|
|
|
ShadowWidth = 16
|
|
|
|
};
|
|
|
|
|
2013-08-15 02:54:12 +08:00
|
|
|
/// Which ABI should be used for instrumented functions?
|
2013-08-08 06:47:18 +08:00
|
|
|
enum InstrumentedABI {
|
2013-08-15 02:54:12 +08:00
|
|
|
/// Argument and return value labels are passed through additional
|
|
|
|
/// arguments and by modifying the return type.
|
2013-08-08 06:47:18 +08:00
|
|
|
IA_Args,
|
2013-08-15 02:54:12 +08:00
|
|
|
|
|
|
|
/// Argument and return value labels are passed through TLS variables
|
|
|
|
/// __dfsan_arg_tls and __dfsan_retval_tls.
|
2013-08-08 06:47:18 +08:00
|
|
|
IA_TLS
|
|
|
|
};
|
|
|
|
|
2013-08-15 02:54:12 +08:00
|
|
|
/// How should calls to uninstrumented functions be handled?
|
|
|
|
enum WrapperKind {
|
|
|
|
/// This function is present in an uninstrumented form but we don't know
|
|
|
|
/// how it should be handled. Print a warning and call the function anyway.
|
|
|
|
/// Don't label the return value.
|
|
|
|
WK_Warning,
|
|
|
|
|
|
|
|
/// This function does not write to (user-accessible) memory, and its return
|
|
|
|
/// value is unlabelled.
|
|
|
|
WK_Discard,
|
|
|
|
|
|
|
|
/// This function does not write to (user-accessible) memory, and the label
|
|
|
|
/// of its return value is the union of the label of its arguments.
|
|
|
|
WK_Functional,
|
|
|
|
|
|
|
|
/// Instead of calling the function, a custom wrapper __dfsw_F is called,
|
|
|
|
/// where F is the name of the function. This function may wrap the
|
|
|
|
/// original function or provide its own implementation. This is similar to
|
|
|
|
/// the IA_Args ABI, except that IA_Args uses a struct return type to
|
|
|
|
/// pass the return value shadow in a register, while WK_Custom uses an
|
|
|
|
/// extra pointer argument to return the shadow. This allows the wrapped
|
|
|
|
/// form of the function type to be expressed in C.
|
|
|
|
WK_Custom
|
|
|
|
};
|
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
Module *Mod;
|
|
|
|
LLVMContext *Ctx;
|
|
|
|
IntegerType *ShadowTy;
|
|
|
|
PointerType *ShadowPtrTy;
|
|
|
|
IntegerType *IntptrTy;
|
|
|
|
ConstantInt *ZeroShadow;
|
|
|
|
ConstantInt *ShadowPtrMask;
|
|
|
|
ConstantInt *ShadowPtrMul;
|
|
|
|
Constant *ArgTLS;
|
|
|
|
Constant *RetvalTLS;
|
|
|
|
void *(*GetArgTLSPtr)();
|
|
|
|
void *(*GetRetvalTLSPtr)();
|
|
|
|
Constant *GetArgTLS;
|
|
|
|
Constant *GetRetvalTLS;
|
2015-11-27 20:42:39 +08:00
|
|
|
Constant *ExternalShadowMask;
|
2013-08-08 06:47:18 +08:00
|
|
|
FunctionType *DFSanUnionFnTy;
|
|
|
|
FunctionType *DFSanUnionLoadFnTy;
|
2013-08-15 02:54:12 +08:00
|
|
|
FunctionType *DFSanUnimplementedFnTy;
|
2013-08-15 04:51:38 +08:00
|
|
|
FunctionType *DFSanSetLabelFnTy;
|
2013-08-16 02:51:12 +08:00
|
|
|
FunctionType *DFSanNonzeroLabelFnTy;
|
2014-11-06 01:21:00 +08:00
|
|
|
FunctionType *DFSanVarargWrapperFnTy;
|
2013-08-08 06:47:18 +08:00
|
|
|
Constant *DFSanUnionFn;
|
2014-08-06 08:33:40 +08:00
|
|
|
Constant *DFSanCheckedUnionFn;
|
2013-08-08 06:47:18 +08:00
|
|
|
Constant *DFSanUnionLoadFn;
|
2013-08-15 02:54:12 +08:00
|
|
|
Constant *DFSanUnimplementedFn;
|
2013-08-15 04:51:38 +08:00
|
|
|
Constant *DFSanSetLabelFn;
|
2013-08-16 02:51:12 +08:00
|
|
|
Constant *DFSanNonzeroLabelFn;
|
2014-11-06 01:21:00 +08:00
|
|
|
Constant *DFSanVarargWrapperFn;
|
2013-08-08 06:47:18 +08:00
|
|
|
MDNode *ColdCallWeights;
|
2014-07-10 03:40:08 +08:00
|
|
|
DFSanABIList ABIList;
|
2013-08-08 06:47:18 +08:00
|
|
|
DenseMap<Value *, Function *> UnwrappedFnMap;
|
2017-05-03 06:07:37 +08:00
|
|
|
AttrBuilder ReadOnlyNoneAttrs;
|
2017-10-21 08:57:46 +08:00
|
|
|
bool DFSanRuntimeShadowMask = false;
|
2013-08-08 06:47:18 +08:00
|
|
|
|
|
|
|
Value *getShadowAddress(Value *Addr, Instruction *Pos);
|
2013-08-23 04:08:08 +08:00
|
|
|
bool isInstrumented(const Function *F);
|
|
|
|
bool isInstrumented(const GlobalAlias *GA);
|
2013-08-15 02:54:12 +08:00
|
|
|
FunctionType *getArgsFunctionType(FunctionType *T);
|
2013-08-28 06:09:06 +08:00
|
|
|
FunctionType *getTrampolineFunctionType(FunctionType *T);
|
2018-02-23 03:09:07 +08:00
|
|
|
TransformedFunction getCustomFunctionType(FunctionType *T);
|
2013-08-15 02:54:12 +08:00
|
|
|
InstrumentedABI getInstrumentedABI();
|
|
|
|
WrapperKind getWrapperKind(Function *F);
|
2013-08-23 04:08:08 +08:00
|
|
|
void addGlobalNamePrefix(GlobalValue *GV);
|
2013-08-23 04:08:11 +08:00
|
|
|
Function *buildWrapperFunction(Function *F, StringRef NewFName,
|
|
|
|
GlobalValue::LinkageTypes NewFLink,
|
|
|
|
FunctionType *NewFT);
|
2013-08-28 06:09:06 +08:00
|
|
|
Constant *getOrBuildTrampolineFunction(FunctionType *FT, StringRef FName);
|
2013-08-08 06:47:18 +08:00
|
|
|
|
2017-10-21 08:57:46 +08:00
|
|
|
public:
|
|
|
|
static char ID;
|
|
|
|
|
2015-02-05 01:39:48 +08:00
|
|
|
DataFlowSanitizer(
|
|
|
|
const std::vector<std::string> &ABIListFiles = std::vector<std::string>(),
|
|
|
|
void *(*getArgTLS)() = nullptr, void *(*getRetValTLS)() = nullptr);
|
2017-10-21 08:57:46 +08:00
|
|
|
|
2014-03-05 17:10:37 +08:00
|
|
|
bool doInitialization(Module &M) override;
|
|
|
|
bool runOnModule(Module &M) override;
|
2013-08-08 06:47:18 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct DFSanFunction {
|
|
|
|
DataFlowSanitizer &DFS;
|
|
|
|
Function *F;
|
2014-07-15 12:41:17 +08:00
|
|
|
DominatorTree DT;
|
2013-08-08 06:47:18 +08:00
|
|
|
DataFlowSanitizer::InstrumentedABI IA;
|
2013-08-15 02:54:12 +08:00
|
|
|
bool IsNativeABI;
|
2017-10-21 08:57:46 +08:00
|
|
|
Value *ArgTLSPtr = nullptr;
|
|
|
|
Value *RetvalTLSPtr = nullptr;
|
|
|
|
AllocaInst *LabelReturnAlloca = nullptr;
|
2013-08-08 06:47:18 +08:00
|
|
|
DenseMap<Value *, Value *> ValShadowMap;
|
|
|
|
DenseMap<AllocaInst *, AllocaInst *> AllocaShadowMap;
|
2017-10-21 08:57:46 +08:00
|
|
|
std::vector<std::pair<PHINode *, PHINode *>> PHIFixups;
|
2013-08-08 06:47:18 +08:00
|
|
|
DenseSet<Instruction *> SkipInsts;
|
2014-08-22 09:18:18 +08:00
|
|
|
std::vector<Value *> NonZeroChecks;
|
2014-08-06 08:33:40 +08:00
|
|
|
bool AvoidNewBlocks;
|
2013-08-08 06:47:18 +08:00
|
|
|
|
2014-07-15 12:41:17 +08:00
|
|
|
struct CachedCombinedShadow {
|
|
|
|
BasicBlock *Block;
|
|
|
|
Value *Shadow;
|
|
|
|
};
|
|
|
|
DenseMap<std::pair<Value *, Value *>, CachedCombinedShadow>
|
|
|
|
CachedCombinedShadows;
|
2014-07-16 06:13:19 +08:00
|
|
|
DenseMap<Value *, std::set<Value *>> ShadowElements;
|
2014-07-15 12:41:17 +08:00
|
|
|
|
2013-08-15 02:54:12 +08:00
|
|
|
DFSanFunction(DataFlowSanitizer &DFS, Function *F, bool IsNativeABI)
|
2017-10-21 08:57:46 +08:00
|
|
|
: DFS(DFS), F(F), IA(DFS.getInstrumentedABI()), IsNativeABI(IsNativeABI) {
|
2014-07-15 12:41:17 +08:00
|
|
|
DT.recalculate(*F);
|
2014-08-06 08:33:40 +08:00
|
|
|
// FIXME: Need to track down the register allocator issue which causes poor
|
|
|
|
// performance in pathological cases with large numbers of basic blocks.
|
|
|
|
AvoidNewBlocks = F->size() > 1000;
|
2014-07-15 12:41:17 +08:00
|
|
|
}
|
2017-10-21 08:57:46 +08:00
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
Value *getArgTLSPtr();
|
|
|
|
Value *getArgTLS(unsigned Index, Instruction *Pos);
|
|
|
|
Value *getRetvalTLS();
|
|
|
|
Value *getShadow(Value *V);
|
|
|
|
void setShadow(Instruction *I, Value *Shadow);
|
2014-07-15 12:41:14 +08:00
|
|
|
Value *combineShadows(Value *V1, Value *V2, Instruction *Pos);
|
2013-08-08 06:47:18 +08:00
|
|
|
Value *combineOperandShadows(Instruction *Inst);
|
|
|
|
Value *loadShadow(Value *ShadowAddr, uint64_t Size, uint64_t Align,
|
|
|
|
Instruction *Pos);
|
|
|
|
void storeShadow(Value *Addr, uint64_t Size, uint64_t Align, Value *Shadow,
|
|
|
|
Instruction *Pos);
|
|
|
|
};
|
|
|
|
|
|
|
|
class DFSanVisitor : public InstVisitor<DFSanVisitor> {
|
2017-10-21 08:57:46 +08:00
|
|
|
public:
|
2013-08-08 06:47:18 +08:00
|
|
|
DFSanFunction &DFSF;
|
2017-10-21 08:57:46 +08:00
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
DFSanVisitor(DFSanFunction &DFSF) : DFSF(DFSF) {}
|
|
|
|
|
2017-04-11 06:27:50 +08:00
|
|
|
const DataLayout &getDataLayout() const {
|
|
|
|
return DFSF.F->getParent()->getDataLayout();
|
|
|
|
}
|
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
void visitOperandShadowInst(Instruction &I);
|
|
|
|
void visitBinaryOperator(BinaryOperator &BO);
|
|
|
|
void visitCastInst(CastInst &CI);
|
|
|
|
void visitCmpInst(CmpInst &CI);
|
|
|
|
void visitGetElementPtrInst(GetElementPtrInst &GEPI);
|
|
|
|
void visitLoadInst(LoadInst &LI);
|
|
|
|
void visitStoreInst(StoreInst &SI);
|
|
|
|
void visitReturnInst(ReturnInst &RI);
|
|
|
|
void visitCallSite(CallSite CS);
|
|
|
|
void visitPHINode(PHINode &PN);
|
|
|
|
void visitExtractElementInst(ExtractElementInst &I);
|
|
|
|
void visitInsertElementInst(InsertElementInst &I);
|
|
|
|
void visitShuffleVectorInst(ShuffleVectorInst &I);
|
|
|
|
void visitExtractValueInst(ExtractValueInst &I);
|
|
|
|
void visitInsertValueInst(InsertValueInst &I);
|
|
|
|
void visitAllocaInst(AllocaInst &I);
|
|
|
|
void visitSelectInst(SelectInst &I);
|
2013-08-15 04:51:38 +08:00
|
|
|
void visitMemSetInst(MemSetInst &I);
|
2013-08-08 06:47:18 +08:00
|
|
|
void visitMemTransferInst(MemTransferInst &I);
|
|
|
|
};
|
|
|
|
|
2017-10-21 08:57:46 +08:00
|
|
|
} // end anonymous namespace
|
2013-08-08 06:47:18 +08:00
|
|
|
|
|
|
|
char DataFlowSanitizer::ID;
|
2017-10-21 08:57:46 +08:00
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
INITIALIZE_PASS(DataFlowSanitizer, "dfsan",
|
|
|
|
"DataFlowSanitizer: dynamic data flow analysis.", false, false)
|
|
|
|
|
2015-02-05 01:39:48 +08:00
|
|
|
ModulePass *
|
|
|
|
llvm::createDataFlowSanitizerPass(const std::vector<std::string> &ABIListFiles,
|
|
|
|
void *(*getArgTLS)(),
|
|
|
|
void *(*getRetValTLS)()) {
|
|
|
|
return new DataFlowSanitizer(ABIListFiles, getArgTLS, getRetValTLS);
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
|
2015-02-05 01:39:48 +08:00
|
|
|
DataFlowSanitizer::DataFlowSanitizer(
|
|
|
|
const std::vector<std::string> &ABIListFiles, void *(*getArgTLS)(),
|
|
|
|
void *(*getRetValTLS)())
|
2017-10-21 08:57:46 +08:00
|
|
|
: ModulePass(ID), GetArgTLSPtr(getArgTLS), GetRetvalTLSPtr(getRetValTLS) {
|
2015-02-05 01:39:48 +08:00
|
|
|
std::vector<std::string> AllABIListFiles(std::move(ABIListFiles));
|
|
|
|
AllABIListFiles.insert(AllABIListFiles.end(), ClABIListFiles.begin(),
|
|
|
|
ClABIListFiles.end());
|
|
|
|
ABIList.set(SpecialCaseList::createOrDie(AllABIListFiles));
|
2013-08-15 02:54:12 +08:00
|
|
|
}
|
2013-08-08 06:47:18 +08:00
|
|
|
|
2013-08-15 02:54:12 +08:00
|
|
|
FunctionType *DataFlowSanitizer::getArgsFunctionType(FunctionType *T) {
|
2017-10-21 08:57:46 +08:00
|
|
|
SmallVector<Type *, 4> ArgTypes(T->param_begin(), T->param_end());
|
2015-02-17 23:29:18 +08:00
|
|
|
ArgTypes.append(T->getNumParams(), ShadowTy);
|
2013-08-08 06:47:18 +08:00
|
|
|
if (T->isVarArg())
|
|
|
|
ArgTypes.push_back(ShadowPtrTy);
|
|
|
|
Type *RetType = T->getReturnType();
|
|
|
|
if (!RetType->isVoidTy())
|
2017-05-10 03:31:13 +08:00
|
|
|
RetType = StructType::get(RetType, ShadowTy);
|
2013-08-08 06:47:18 +08:00
|
|
|
return FunctionType::get(RetType, ArgTypes, T->isVarArg());
|
|
|
|
}
|
|
|
|
|
2013-08-28 06:09:06 +08:00
|
|
|
FunctionType *DataFlowSanitizer::getTrampolineFunctionType(FunctionType *T) {
|
2013-08-15 02:54:12 +08:00
|
|
|
assert(!T->isVarArg());
|
2017-10-21 08:57:46 +08:00
|
|
|
SmallVector<Type *, 4> ArgTypes;
|
2013-08-28 06:09:06 +08:00
|
|
|
ArgTypes.push_back(T->getPointerTo());
|
2015-02-17 23:29:18 +08:00
|
|
|
ArgTypes.append(T->param_begin(), T->param_end());
|
|
|
|
ArgTypes.append(T->getNumParams(), ShadowTy);
|
2013-08-15 02:54:12 +08:00
|
|
|
Type *RetType = T->getReturnType();
|
|
|
|
if (!RetType->isVoidTy())
|
|
|
|
ArgTypes.push_back(ShadowPtrTy);
|
|
|
|
return FunctionType::get(T->getReturnType(), ArgTypes, false);
|
|
|
|
}
|
|
|
|
|
2018-02-23 03:09:07 +08:00
|
|
|
TransformedFunction DataFlowSanitizer::getCustomFunctionType(FunctionType *T) {
|
2017-10-21 08:57:46 +08:00
|
|
|
SmallVector<Type *, 4> ArgTypes;
|
2018-02-23 03:09:07 +08:00
|
|
|
|
|
|
|
// Some parameters of the custom function being constructed are
|
|
|
|
// parameters of T. Record the mapping from parameters of T to
|
|
|
|
// parameters of the custom function, so that parameter attributes
|
|
|
|
// at call sites can be updated.
|
|
|
|
std::vector<unsigned> ArgumentIndexMapping;
|
|
|
|
for (unsigned i = 0, ie = T->getNumParams(); i != ie; ++i) {
|
|
|
|
Type* param_type = T->getParamType(i);
|
2013-08-28 06:09:06 +08:00
|
|
|
FunctionType *FT;
|
2018-02-23 03:09:07 +08:00
|
|
|
if (isa<PointerType>(param_type) && (FT = dyn_cast<FunctionType>(
|
|
|
|
cast<PointerType>(param_type)->getElementType()))) {
|
|
|
|
ArgumentIndexMapping.push_back(ArgTypes.size());
|
2013-08-28 06:09:06 +08:00
|
|
|
ArgTypes.push_back(getTrampolineFunctionType(FT)->getPointerTo());
|
|
|
|
ArgTypes.push_back(Type::getInt8PtrTy(*Ctx));
|
|
|
|
} else {
|
2018-02-23 03:09:07 +08:00
|
|
|
ArgumentIndexMapping.push_back(ArgTypes.size());
|
|
|
|
ArgTypes.push_back(param_type);
|
2013-08-28 06:09:06 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
for (unsigned i = 0, e = T->getNumParams(); i != e; ++i)
|
|
|
|
ArgTypes.push_back(ShadowTy);
|
2014-10-30 21:22:57 +08:00
|
|
|
if (T->isVarArg())
|
|
|
|
ArgTypes.push_back(ShadowPtrTy);
|
2013-08-28 06:09:06 +08:00
|
|
|
Type *RetType = T->getReturnType();
|
|
|
|
if (!RetType->isVoidTy())
|
|
|
|
ArgTypes.push_back(ShadowPtrTy);
|
2018-02-23 03:09:07 +08:00
|
|
|
return TransformedFunction(
|
|
|
|
T, FunctionType::get(T->getReturnType(), ArgTypes, T->isVarArg()),
|
|
|
|
ArgumentIndexMapping);
|
2013-08-28 06:09:06 +08:00
|
|
|
}
|
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
bool DataFlowSanitizer::doInitialization(Module &M) {
|
2017-10-21 08:57:46 +08:00
|
|
|
Triple TargetTriple(M.getTargetTriple());
|
|
|
|
bool IsX86_64 = TargetTriple.getArch() == Triple::x86_64;
|
|
|
|
bool IsMIPS64 = TargetTriple.getArch() == Triple::mips64 ||
|
|
|
|
TargetTriple.getArch() == Triple::mips64el;
|
|
|
|
bool IsAArch64 = TargetTriple.getArch() == Triple::aarch64 ||
|
|
|
|
TargetTriple.getArch() == Triple::aarch64_be;
|
2014-12-06 05:22:32 +08:00
|
|
|
|
2015-03-10 10:37:25 +08:00
|
|
|
const DataLayout &DL = M.getDataLayout();
|
2013-08-08 06:47:18 +08:00
|
|
|
|
|
|
|
Mod = &M;
|
|
|
|
Ctx = &M.getContext();
|
|
|
|
ShadowTy = IntegerType::get(*Ctx, ShadowWidth);
|
|
|
|
ShadowPtrTy = PointerType::getUnqual(ShadowTy);
|
2015-03-10 10:37:25 +08:00
|
|
|
IntptrTy = DL.getIntPtrType(*Ctx);
|
2013-08-08 06:47:18 +08:00
|
|
|
ZeroShadow = ConstantInt::getSigned(ShadowTy, 0);
|
|
|
|
ShadowPtrMul = ConstantInt::getSigned(IntptrTy, ShadowWidth / 8);
|
2014-12-06 05:22:32 +08:00
|
|
|
if (IsX86_64)
|
|
|
|
ShadowPtrMask = ConstantInt::getSigned(IntptrTy, ~0x700000000000LL);
|
|
|
|
else if (IsMIPS64)
|
|
|
|
ShadowPtrMask = ConstantInt::getSigned(IntptrTy, ~0xF000000000LL);
|
2015-11-27 20:42:39 +08:00
|
|
|
// AArch64 supports multiple VMAs and the shadow mask is set at runtime.
|
2015-07-31 04:49:35 +08:00
|
|
|
else if (IsAArch64)
|
2015-11-27 20:42:39 +08:00
|
|
|
DFSanRuntimeShadowMask = true;
|
2014-12-06 05:22:32 +08:00
|
|
|
else
|
|
|
|
report_fatal_error("unsupported triple");
|
2013-08-08 06:47:18 +08:00
|
|
|
|
|
|
|
Type *DFSanUnionArgs[2] = { ShadowTy, ShadowTy };
|
|
|
|
DFSanUnionFnTy =
|
|
|
|
FunctionType::get(ShadowTy, DFSanUnionArgs, /*isVarArg=*/ false);
|
|
|
|
Type *DFSanUnionLoadArgs[2] = { ShadowPtrTy, IntptrTy };
|
|
|
|
DFSanUnionLoadFnTy =
|
|
|
|
FunctionType::get(ShadowTy, DFSanUnionLoadArgs, /*isVarArg=*/ false);
|
2013-08-15 02:54:12 +08:00
|
|
|
DFSanUnimplementedFnTy = FunctionType::get(
|
|
|
|
Type::getVoidTy(*Ctx), Type::getInt8PtrTy(*Ctx), /*isVarArg=*/false);
|
2013-08-15 04:51:38 +08:00
|
|
|
Type *DFSanSetLabelArgs[3] = { ShadowTy, Type::getInt8PtrTy(*Ctx), IntptrTy };
|
|
|
|
DFSanSetLabelFnTy = FunctionType::get(Type::getVoidTy(*Ctx),
|
|
|
|
DFSanSetLabelArgs, /*isVarArg=*/false);
|
2013-08-16 02:51:12 +08:00
|
|
|
DFSanNonzeroLabelFnTy = FunctionType::get(
|
2014-08-27 13:25:25 +08:00
|
|
|
Type::getVoidTy(*Ctx), None, /*isVarArg=*/false);
|
2014-11-06 01:21:00 +08:00
|
|
|
DFSanVarargWrapperFnTy = FunctionType::get(
|
|
|
|
Type::getVoidTy(*Ctx), Type::getInt8PtrTy(*Ctx), /*isVarArg=*/false);
|
2013-08-08 06:47:18 +08:00
|
|
|
|
|
|
|
if (GetArgTLSPtr) {
|
|
|
|
Type *ArgTLSTy = ArrayType::get(ShadowTy, 64);
|
2014-04-25 13:29:35 +08:00
|
|
|
ArgTLS = nullptr;
|
2013-08-08 06:47:18 +08:00
|
|
|
GetArgTLS = ConstantExpr::getIntToPtr(
|
|
|
|
ConstantInt::get(IntptrTy, uintptr_t(GetArgTLSPtr)),
|
|
|
|
PointerType::getUnqual(
|
2017-05-10 21:24:17 +08:00
|
|
|
FunctionType::get(PointerType::getUnqual(ArgTLSTy), false)));
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
if (GetRetvalTLSPtr) {
|
2014-04-25 13:29:35 +08:00
|
|
|
RetvalTLS = nullptr;
|
2013-08-08 06:47:18 +08:00
|
|
|
GetRetvalTLS = ConstantExpr::getIntToPtr(
|
|
|
|
ConstantInt::get(IntptrTy, uintptr_t(GetRetvalTLSPtr)),
|
|
|
|
PointerType::getUnqual(
|
2017-05-10 21:24:17 +08:00
|
|
|
FunctionType::get(PointerType::getUnqual(ShadowTy), false)));
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
ColdCallWeights = MDBuilder(*Ctx).createBranchWeights(1, 1000);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2013-08-23 04:08:08 +08:00
|
|
|
bool DataFlowSanitizer::isInstrumented(const Function *F) {
|
2014-07-10 03:40:08 +08:00
|
|
|
return !ABIList.isIn(*F, "uninstrumented");
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
|
2013-08-23 04:08:08 +08:00
|
|
|
bool DataFlowSanitizer::isInstrumented(const GlobalAlias *GA) {
|
2014-07-10 03:40:08 +08:00
|
|
|
return !ABIList.isIn(*GA, "uninstrumented");
|
2013-08-23 04:08:08 +08:00
|
|
|
}
|
|
|
|
|
2013-08-15 02:54:12 +08:00
|
|
|
DataFlowSanitizer::InstrumentedABI DataFlowSanitizer::getInstrumentedABI() {
|
2013-08-08 06:47:18 +08:00
|
|
|
return ClArgsABI ? IA_Args : IA_TLS;
|
|
|
|
}
|
|
|
|
|
2013-08-15 02:54:12 +08:00
|
|
|
DataFlowSanitizer::WrapperKind DataFlowSanitizer::getWrapperKind(Function *F) {
|
2014-07-10 03:40:08 +08:00
|
|
|
if (ABIList.isIn(*F, "functional"))
|
2013-08-15 02:54:12 +08:00
|
|
|
return WK_Functional;
|
2014-07-10 03:40:08 +08:00
|
|
|
if (ABIList.isIn(*F, "discard"))
|
2013-08-15 02:54:12 +08:00
|
|
|
return WK_Discard;
|
2014-09-30 20:33:16 +08:00
|
|
|
if (ABIList.isIn(*F, "custom"))
|
2013-08-15 02:54:12 +08:00
|
|
|
return WK_Custom;
|
|
|
|
|
|
|
|
return WK_Warning;
|
|
|
|
}
|
|
|
|
|
2013-08-23 04:08:08 +08:00
|
|
|
void DataFlowSanitizer::addGlobalNamePrefix(GlobalValue *GV) {
|
|
|
|
std::string GVName = GV->getName(), Prefix = "dfs$";
|
|
|
|
GV->setName(Prefix + GVName);
|
|
|
|
|
|
|
|
// Try to change the name of the function in module inline asm. We only do
|
|
|
|
// this for specific asm directives, currently only ".symver", to try to avoid
|
|
|
|
// corrupting asm which happens to contain the symbol name as a substring.
|
|
|
|
// Note that the substitution for .symver assumes that the versioned symbol
|
|
|
|
// also has an instrumented name.
|
|
|
|
std::string Asm = GV->getParent()->getModuleInlineAsm();
|
|
|
|
std::string SearchStr = ".symver " + GVName + ",";
|
|
|
|
size_t Pos = Asm.find(SearchStr);
|
|
|
|
if (Pos != std::string::npos) {
|
|
|
|
Asm.replace(Pos, SearchStr.size(),
|
|
|
|
".symver " + Prefix + GVName + "," + Prefix);
|
|
|
|
GV->getParent()->setModuleInlineAsm(Asm);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-08-23 04:08:11 +08:00
|
|
|
Function *
|
|
|
|
DataFlowSanitizer::buildWrapperFunction(Function *F, StringRef NewFName,
|
|
|
|
GlobalValue::LinkageTypes NewFLink,
|
|
|
|
FunctionType *NewFT) {
|
|
|
|
FunctionType *FT = F->getFunctionType();
|
|
|
|
Function *NewF = Function::Create(NewFT, NewFLink, NewFName,
|
|
|
|
F->getParent());
|
|
|
|
NewF->copyAttributesFrom(F);
|
|
|
|
NewF->removeAttributes(
|
Rename AttributeSet to AttributeList
Summary:
This class is a list of AttributeSetNodes corresponding the function
prototype of a call or function declaration. This class used to be
called ParamAttrListPtr, then AttrListPtr, then AttributeSet. It is
typically accessed by parameter and return value index, so
"AttributeList" seems like a more intuitive name.
Rename AttributeSetImpl to AttributeListImpl to follow suit.
It's useful to rename this class so that we can rename AttributeSetNode
to AttributeSet later. AttributeSet is the set of attributes that apply
to a single function, argument, or return value.
Reviewers: sanjoy, javed.absar, chandlerc, pete
Reviewed By: pete
Subscribers: pete, jholewinski, arsenm, dschuff, mehdi_amini, jfb, nhaehnle, sbc100, void, llvm-commits
Differential Revision: https://reviews.llvm.org/D31102
llvm-svn: 298393
2017-03-22 00:57:19 +08:00
|
|
|
AttributeList::ReturnIndex,
|
2017-05-03 06:07:37 +08:00
|
|
|
AttributeFuncs::typeIncompatible(NewFT->getReturnType()));
|
2013-08-23 04:08:11 +08:00
|
|
|
|
|
|
|
BasicBlock *BB = BasicBlock::Create(*Ctx, "entry", NewF);
|
2014-11-06 01:21:00 +08:00
|
|
|
if (F->isVarArg()) {
|
2017-05-03 06:07:37 +08:00
|
|
|
NewF->removeAttributes(AttributeList::FunctionIndex,
|
|
|
|
AttrBuilder().addAttribute("split-stack"));
|
2014-11-06 01:21:00 +08:00
|
|
|
CallInst::Create(DFSanVarargWrapperFn,
|
|
|
|
IRBuilder<>(BB).CreateGlobalStringPtr(F->getName()), "",
|
|
|
|
BB);
|
|
|
|
new UnreachableInst(*Ctx, BB);
|
|
|
|
} else {
|
|
|
|
std::vector<Value *> Args;
|
|
|
|
unsigned n = FT->getNumParams();
|
|
|
|
for (Function::arg_iterator ai = NewF->arg_begin(); n != 0; ++ai, --n)
|
|
|
|
Args.push_back(&*ai);
|
|
|
|
CallInst *CI = CallInst::Create(F, Args, "", BB);
|
|
|
|
if (FT->getReturnType()->isVoidTy())
|
|
|
|
ReturnInst::Create(*Ctx, BB);
|
|
|
|
else
|
|
|
|
ReturnInst::Create(*Ctx, CI, BB);
|
|
|
|
}
|
2013-08-23 04:08:11 +08:00
|
|
|
|
|
|
|
return NewF;
|
|
|
|
}
|
|
|
|
|
2013-08-28 06:09:06 +08:00
|
|
|
Constant *DataFlowSanitizer::getOrBuildTrampolineFunction(FunctionType *FT,
|
|
|
|
StringRef FName) {
|
|
|
|
FunctionType *FTT = getTrampolineFunctionType(FT);
|
|
|
|
Constant *C = Mod->getOrInsertFunction(FName, FTT);
|
|
|
|
Function *F = dyn_cast<Function>(C);
|
|
|
|
if (F && F->isDeclaration()) {
|
|
|
|
F->setLinkage(GlobalValue::LinkOnceODRLinkage);
|
|
|
|
BasicBlock *BB = BasicBlock::Create(*Ctx, "entry", F);
|
|
|
|
std::vector<Value *> Args;
|
|
|
|
Function::arg_iterator AI = F->arg_begin(); ++AI;
|
|
|
|
for (unsigned N = FT->getNumParams(); N != 0; ++AI, --N)
|
|
|
|
Args.push_back(&*AI);
|
Remove getArgumentList() in favor of arg_begin(), args(), etc
Users often call getArgumentList().size(), which is a linear way to get
the number of function arguments. arg_size(), on the other hand, is
constant time.
In general, the fact that arguments are stored in an iplist is an
implementation detail, so I've removed it from the Function interface
and moved all other users to the argument container APIs (arg_begin(),
arg_end(), args(), arg_size()).
Reviewed By: chandlerc
Differential Revision: https://reviews.llvm.org/D31052
llvm-svn: 298010
2017-03-17 06:59:15 +08:00
|
|
|
CallInst *CI = CallInst::Create(&*F->arg_begin(), Args, "", BB);
|
2013-08-28 06:09:06 +08:00
|
|
|
ReturnInst *RI;
|
|
|
|
if (FT->getReturnType()->isVoidTy())
|
|
|
|
RI = ReturnInst::Create(*Ctx, BB);
|
|
|
|
else
|
|
|
|
RI = ReturnInst::Create(*Ctx, CI, BB);
|
|
|
|
|
|
|
|
DFSanFunction DFSF(*this, F, /*IsNativeABI=*/true);
|
|
|
|
Function::arg_iterator ValAI = F->arg_begin(), ShadowAI = AI; ++ValAI;
|
|
|
|
for (unsigned N = FT->getNumParams(); N != 0; ++ValAI, ++ShadowAI, --N)
|
2015-10-14 01:39:10 +08:00
|
|
|
DFSF.ValShadowMap[&*ValAI] = &*ShadowAI;
|
2013-08-28 06:09:06 +08:00
|
|
|
DFSanVisitor(DFSF).visitCallInst(*CI);
|
|
|
|
if (!FT->getReturnType()->isVoidTy())
|
|
|
|
new StoreInst(DFSF.getShadow(RI->getReturnValue()),
|
Remove getArgumentList() in favor of arg_begin(), args(), etc
Users often call getArgumentList().size(), which is a linear way to get
the number of function arguments. arg_size(), on the other hand, is
constant time.
In general, the fact that arguments are stored in an iplist is an
implementation detail, so I've removed it from the Function interface
and moved all other users to the argument container APIs (arg_begin(),
arg_end(), args(), arg_size()).
Reviewed By: chandlerc
Differential Revision: https://reviews.llvm.org/D31052
llvm-svn: 298010
2017-03-17 06:59:15 +08:00
|
|
|
&*std::prev(F->arg_end()), RI);
|
2013-08-28 06:09:06 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return C;
|
|
|
|
}
|
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
bool DataFlowSanitizer::runOnModule(Module &M) {
|
2014-07-10 03:40:08 +08:00
|
|
|
if (ABIList.isIn(M, "skip"))
|
2013-08-15 02:54:12 +08:00
|
|
|
return false;
|
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
if (!GetArgTLSPtr) {
|
|
|
|
Type *ArgTLSTy = ArrayType::get(ShadowTy, 64);
|
|
|
|
ArgTLS = Mod->getOrInsertGlobal("__dfsan_arg_tls", ArgTLSTy);
|
|
|
|
if (GlobalVariable *G = dyn_cast<GlobalVariable>(ArgTLS))
|
|
|
|
G->setThreadLocalMode(GlobalVariable::InitialExecTLSModel);
|
|
|
|
}
|
|
|
|
if (!GetRetvalTLSPtr) {
|
|
|
|
RetvalTLS = Mod->getOrInsertGlobal("__dfsan_retval_tls", ShadowTy);
|
|
|
|
if (GlobalVariable *G = dyn_cast<GlobalVariable>(RetvalTLS))
|
|
|
|
G->setThreadLocalMode(GlobalVariable::InitialExecTLSModel);
|
|
|
|
}
|
|
|
|
|
2015-11-27 20:42:39 +08:00
|
|
|
ExternalShadowMask =
|
|
|
|
Mod->getOrInsertGlobal(kDFSanExternShadowPtrMask, IntptrTy);
|
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
DFSanUnionFn = Mod->getOrInsertFunction("__dfsan_union", DFSanUnionFnTy);
|
|
|
|
if (Function *F = dyn_cast<Function>(DFSanUnionFn)) {
|
Rename AttributeSet to AttributeList
Summary:
This class is a list of AttributeSetNodes corresponding the function
prototype of a call or function declaration. This class used to be
called ParamAttrListPtr, then AttrListPtr, then AttributeSet. It is
typically accessed by parameter and return value index, so
"AttributeList" seems like a more intuitive name.
Rename AttributeSetImpl to AttributeListImpl to follow suit.
It's useful to rename this class so that we can rename AttributeSetNode
to AttributeSet later. AttributeSet is the set of attributes that apply
to a single function, argument, or return value.
Reviewers: sanjoy, javed.absar, chandlerc, pete
Reviewed By: pete
Subscribers: pete, jholewinski, arsenm, dschuff, mehdi_amini, jfb, nhaehnle, sbc100, void, llvm-commits
Differential Revision: https://reviews.llvm.org/D31102
llvm-svn: 298393
2017-03-22 00:57:19 +08:00
|
|
|
F->addAttribute(AttributeList::FunctionIndex, Attribute::NoUnwind);
|
|
|
|
F->addAttribute(AttributeList::FunctionIndex, Attribute::ReadNone);
|
|
|
|
F->addAttribute(AttributeList::ReturnIndex, Attribute::ZExt);
|
2017-05-04 02:17:31 +08:00
|
|
|
F->addParamAttr(0, Attribute::ZExt);
|
|
|
|
F->addParamAttr(1, Attribute::ZExt);
|
2014-08-06 08:33:40 +08:00
|
|
|
}
|
|
|
|
DFSanCheckedUnionFn = Mod->getOrInsertFunction("dfsan_union", DFSanUnionFnTy);
|
|
|
|
if (Function *F = dyn_cast<Function>(DFSanCheckedUnionFn)) {
|
Rename AttributeSet to AttributeList
Summary:
This class is a list of AttributeSetNodes corresponding the function
prototype of a call or function declaration. This class used to be
called ParamAttrListPtr, then AttrListPtr, then AttributeSet. It is
typically accessed by parameter and return value index, so
"AttributeList" seems like a more intuitive name.
Rename AttributeSetImpl to AttributeListImpl to follow suit.
It's useful to rename this class so that we can rename AttributeSetNode
to AttributeSet later. AttributeSet is the set of attributes that apply
to a single function, argument, or return value.
Reviewers: sanjoy, javed.absar, chandlerc, pete
Reviewed By: pete
Subscribers: pete, jholewinski, arsenm, dschuff, mehdi_amini, jfb, nhaehnle, sbc100, void, llvm-commits
Differential Revision: https://reviews.llvm.org/D31102
llvm-svn: 298393
2017-03-22 00:57:19 +08:00
|
|
|
F->addAttribute(AttributeList::FunctionIndex, Attribute::NoUnwind);
|
|
|
|
F->addAttribute(AttributeList::FunctionIndex, Attribute::ReadNone);
|
|
|
|
F->addAttribute(AttributeList::ReturnIndex, Attribute::ZExt);
|
2017-05-04 02:17:31 +08:00
|
|
|
F->addParamAttr(0, Attribute::ZExt);
|
|
|
|
F->addParamAttr(1, Attribute::ZExt);
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
DFSanUnionLoadFn =
|
|
|
|
Mod->getOrInsertFunction("__dfsan_union_load", DFSanUnionLoadFnTy);
|
|
|
|
if (Function *F = dyn_cast<Function>(DFSanUnionLoadFn)) {
|
Rename AttributeSet to AttributeList
Summary:
This class is a list of AttributeSetNodes corresponding the function
prototype of a call or function declaration. This class used to be
called ParamAttrListPtr, then AttrListPtr, then AttributeSet. It is
typically accessed by parameter and return value index, so
"AttributeList" seems like a more intuitive name.
Rename AttributeSetImpl to AttributeListImpl to follow suit.
It's useful to rename this class so that we can rename AttributeSetNode
to AttributeSet later. AttributeSet is the set of attributes that apply
to a single function, argument, or return value.
Reviewers: sanjoy, javed.absar, chandlerc, pete
Reviewed By: pete
Subscribers: pete, jholewinski, arsenm, dschuff, mehdi_amini, jfb, nhaehnle, sbc100, void, llvm-commits
Differential Revision: https://reviews.llvm.org/D31102
llvm-svn: 298393
2017-03-22 00:57:19 +08:00
|
|
|
F->addAttribute(AttributeList::FunctionIndex, Attribute::NoUnwind);
|
|
|
|
F->addAttribute(AttributeList::FunctionIndex, Attribute::ReadOnly);
|
|
|
|
F->addAttribute(AttributeList::ReturnIndex, Attribute::ZExt);
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
2013-08-15 02:54:12 +08:00
|
|
|
DFSanUnimplementedFn =
|
|
|
|
Mod->getOrInsertFunction("__dfsan_unimplemented", DFSanUnimplementedFnTy);
|
2013-08-15 04:51:38 +08:00
|
|
|
DFSanSetLabelFn =
|
|
|
|
Mod->getOrInsertFunction("__dfsan_set_label", DFSanSetLabelFnTy);
|
|
|
|
if (Function *F = dyn_cast<Function>(DFSanSetLabelFn)) {
|
2017-05-04 02:17:31 +08:00
|
|
|
F->addParamAttr(0, Attribute::ZExt);
|
2013-08-15 04:51:38 +08:00
|
|
|
}
|
2013-08-16 02:51:12 +08:00
|
|
|
DFSanNonzeroLabelFn =
|
|
|
|
Mod->getOrInsertFunction("__dfsan_nonzero_label", DFSanNonzeroLabelFnTy);
|
2014-11-06 01:21:00 +08:00
|
|
|
DFSanVarargWrapperFn = Mod->getOrInsertFunction("__dfsan_vararg_wrapper",
|
|
|
|
DFSanVarargWrapperFnTy);
|
2013-08-08 06:47:18 +08:00
|
|
|
|
|
|
|
std::vector<Function *> FnsToInstrument;
|
2017-10-21 08:57:46 +08:00
|
|
|
SmallPtrSet<Function *, 2> FnsWithNativeABI;
|
2015-10-14 01:39:10 +08:00
|
|
|
for (Function &i : M) {
|
|
|
|
if (!i.isIntrinsic() &&
|
|
|
|
&i != DFSanUnionFn &&
|
|
|
|
&i != DFSanCheckedUnionFn &&
|
|
|
|
&i != DFSanUnionLoadFn &&
|
|
|
|
&i != DFSanUnimplementedFn &&
|
|
|
|
&i != DFSanSetLabelFn &&
|
|
|
|
&i != DFSanNonzeroLabelFn &&
|
|
|
|
&i != DFSanVarargWrapperFn)
|
|
|
|
FnsToInstrument.push_back(&i);
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
|
2013-08-23 04:08:15 +08:00
|
|
|
// Give function aliases prefixes when necessary, and build wrappers where the
|
|
|
|
// instrumentedness is inconsistent.
|
2013-08-23 04:08:08 +08:00
|
|
|
for (Module::alias_iterator i = M.alias_begin(), e = M.alias_end(); i != e;) {
|
|
|
|
GlobalAlias *GA = &*i;
|
|
|
|
++i;
|
|
|
|
// Don't stop on weak. We assume people aren't playing games with the
|
|
|
|
// instrumentedness of overridden weak aliases.
|
2014-07-10 09:30:39 +08:00
|
|
|
if (auto F = dyn_cast<Function>(GA->getBaseObject())) {
|
2013-08-23 04:08:08 +08:00
|
|
|
bool GAInst = isInstrumented(GA), FInst = isInstrumented(F);
|
|
|
|
if (GAInst && FInst) {
|
|
|
|
addGlobalNamePrefix(GA);
|
2013-08-23 04:08:15 +08:00
|
|
|
} else if (GAInst != FInst) {
|
|
|
|
// Non-instrumented alias of an instrumented function, or vice versa.
|
|
|
|
// Replace the alias with a native-ABI wrapper of the aliasee. The pass
|
|
|
|
// below will take care of instrumenting it.
|
|
|
|
Function *NewF =
|
|
|
|
buildWrapperFunction(F, "", GA->getLinkage(), F->getFunctionType());
|
2014-07-10 09:30:39 +08:00
|
|
|
GA->replaceAllUsesWith(ConstantExpr::getBitCast(NewF, GA->getType()));
|
2013-08-23 04:08:15 +08:00
|
|
|
NewF->takeName(GA);
|
|
|
|
GA->eraseFromParent();
|
|
|
|
FnsToInstrument.push_back(NewF);
|
2013-08-23 04:08:08 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-05-03 06:07:37 +08:00
|
|
|
ReadOnlyNoneAttrs.addAttribute(Attribute::ReadOnly)
|
|
|
|
.addAttribute(Attribute::ReadNone);
|
2013-08-15 02:54:12 +08:00
|
|
|
|
|
|
|
// First, change the ABI of every function in the module. ABI-listed
|
2013-08-08 06:47:18 +08:00
|
|
|
// functions keep their original ABI and get a wrapper function.
|
|
|
|
for (std::vector<Function *>::iterator i = FnsToInstrument.begin(),
|
|
|
|
e = FnsToInstrument.end();
|
|
|
|
i != e; ++i) {
|
|
|
|
Function &F = **i;
|
|
|
|
FunctionType *FT = F.getFunctionType();
|
2013-08-15 02:54:12 +08:00
|
|
|
|
2013-08-23 04:08:08 +08:00
|
|
|
bool IsZeroArgsVoidRet = (FT->getNumParams() == 0 && !FT->isVarArg() &&
|
|
|
|
FT->getReturnType()->isVoidTy());
|
2013-08-15 02:54:12 +08:00
|
|
|
|
|
|
|
if (isInstrumented(&F)) {
|
2013-08-23 04:08:08 +08:00
|
|
|
// Instrumented functions get a 'dfs$' prefix. This allows us to more
|
|
|
|
// easily identify cases of mismatching ABIs.
|
|
|
|
if (getInstrumentedABI() == IA_Args && !IsZeroArgsVoidRet) {
|
2013-08-15 02:54:12 +08:00
|
|
|
FunctionType *NewFT = getArgsFunctionType(FT);
|
2013-08-08 06:47:18 +08:00
|
|
|
Function *NewF = Function::Create(NewFT, F.getLinkage(), "", &M);
|
2013-08-15 02:54:12 +08:00
|
|
|
NewF->copyAttributesFrom(&F);
|
|
|
|
NewF->removeAttributes(
|
Rename AttributeSet to AttributeList
Summary:
This class is a list of AttributeSetNodes corresponding the function
prototype of a call or function declaration. This class used to be
called ParamAttrListPtr, then AttrListPtr, then AttributeSet. It is
typically accessed by parameter and return value index, so
"AttributeList" seems like a more intuitive name.
Rename AttributeSetImpl to AttributeListImpl to follow suit.
It's useful to rename this class so that we can rename AttributeSetNode
to AttributeSet later. AttributeSet is the set of attributes that apply
to a single function, argument, or return value.
Reviewers: sanjoy, javed.absar, chandlerc, pete
Reviewed By: pete
Subscribers: pete, jholewinski, arsenm, dschuff, mehdi_amini, jfb, nhaehnle, sbc100, void, llvm-commits
Differential Revision: https://reviews.llvm.org/D31102
llvm-svn: 298393
2017-03-22 00:57:19 +08:00
|
|
|
AttributeList::ReturnIndex,
|
2017-05-03 06:07:37 +08:00
|
|
|
AttributeFuncs::typeIncompatible(NewFT->getReturnType()));
|
2013-08-08 06:47:18 +08:00
|
|
|
for (Function::arg_iterator FArg = F.arg_begin(),
|
|
|
|
NewFArg = NewF->arg_begin(),
|
|
|
|
FArgEnd = F.arg_end();
|
|
|
|
FArg != FArgEnd; ++FArg, ++NewFArg) {
|
2015-10-14 01:39:10 +08:00
|
|
|
FArg->replaceAllUsesWith(&*NewFArg);
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
NewF->getBasicBlockList().splice(NewF->begin(), F.getBasicBlockList());
|
|
|
|
|
2014-03-09 11:16:01 +08:00
|
|
|
for (Function::user_iterator UI = F.user_begin(), UE = F.user_end();
|
|
|
|
UI != UE;) {
|
|
|
|
BlockAddress *BA = dyn_cast<BlockAddress>(*UI);
|
|
|
|
++UI;
|
2013-08-08 06:47:18 +08:00
|
|
|
if (BA) {
|
|
|
|
BA->replaceAllUsesWith(
|
|
|
|
BlockAddress::get(NewF, BA->getBasicBlock()));
|
|
|
|
delete BA;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
F.replaceAllUsesWith(
|
|
|
|
ConstantExpr::getBitCast(NewF, PointerType::getUnqual(FT)));
|
|
|
|
NewF->takeName(&F);
|
|
|
|
F.eraseFromParent();
|
|
|
|
*i = NewF;
|
2013-08-23 04:08:08 +08:00
|
|
|
addGlobalNamePrefix(NewF);
|
|
|
|
} else {
|
|
|
|
addGlobalNamePrefix(&F);
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
2013-08-23 04:08:08 +08:00
|
|
|
} else if (!IsZeroArgsVoidRet || getWrapperKind(&F) == WK_Custom) {
|
2013-08-15 02:54:12 +08:00
|
|
|
// Build a wrapper function for F. The wrapper simply calls F, and is
|
|
|
|
// added to FnsToInstrument so that any instrumentation according to its
|
|
|
|
// WrapperKind is done in the second pass below.
|
|
|
|
FunctionType *NewFT = getInstrumentedABI() == IA_Args
|
|
|
|
? getArgsFunctionType(FT)
|
|
|
|
: FT;
|
2018-03-31 02:37:55 +08:00
|
|
|
|
|
|
|
// If the function being wrapped has local linkage, then preserve the
|
|
|
|
// function's linkage in the wrapper function.
|
|
|
|
GlobalValue::LinkageTypes wrapperLinkage =
|
|
|
|
F.hasLocalLinkage()
|
|
|
|
? F.getLinkage()
|
|
|
|
: GlobalValue::LinkOnceODRLinkage;
|
|
|
|
|
2013-08-23 15:42:51 +08:00
|
|
|
Function *NewF = buildWrapperFunction(
|
|
|
|
&F, std::string("dfsw$") + std::string(F.getName()),
|
2018-03-31 02:37:55 +08:00
|
|
|
wrapperLinkage, NewFT);
|
2013-08-15 02:54:12 +08:00
|
|
|
if (getInstrumentedABI() == IA_TLS)
|
Rename AttributeSet to AttributeList
Summary:
This class is a list of AttributeSetNodes corresponding the function
prototype of a call or function declaration. This class used to be
called ParamAttrListPtr, then AttrListPtr, then AttributeSet. It is
typically accessed by parameter and return value index, so
"AttributeList" seems like a more intuitive name.
Rename AttributeSetImpl to AttributeListImpl to follow suit.
It's useful to rename this class so that we can rename AttributeSetNode
to AttributeSet later. AttributeSet is the set of attributes that apply
to a single function, argument, or return value.
Reviewers: sanjoy, javed.absar, chandlerc, pete
Reviewed By: pete
Subscribers: pete, jholewinski, arsenm, dschuff, mehdi_amini, jfb, nhaehnle, sbc100, void, llvm-commits
Differential Revision: https://reviews.llvm.org/D31102
llvm-svn: 298393
2017-03-22 00:57:19 +08:00
|
|
|
NewF->removeAttributes(AttributeList::FunctionIndex, ReadOnlyNoneAttrs);
|
2013-08-15 02:54:12 +08:00
|
|
|
|
|
|
|
Value *WrappedFnCst =
|
|
|
|
ConstantExpr::getBitCast(NewF, PointerType::getUnqual(FT));
|
|
|
|
F.replaceAllUsesWith(WrappedFnCst);
|
2014-10-08 06:59:46 +08:00
|
|
|
|
2013-08-15 02:54:12 +08:00
|
|
|
UnwrappedFnMap[WrappedFnCst] = &F;
|
|
|
|
*i = NewF;
|
|
|
|
|
|
|
|
if (!F.isDeclaration()) {
|
|
|
|
// This function is probably defining an interposition of an
|
|
|
|
// uninstrumented function and hence needs to keep the original ABI.
|
|
|
|
// But any functions it may call need to use the instrumented ABI, so
|
|
|
|
// we instrument it in a mode which preserves the original ABI.
|
|
|
|
FnsWithNativeABI.insert(&F);
|
|
|
|
|
|
|
|
// This code needs to rebuild the iterators, as they may be invalidated
|
|
|
|
// by the push_back, taking care that the new range does not include
|
|
|
|
// any functions added by this code.
|
|
|
|
size_t N = i - FnsToInstrument.begin(),
|
|
|
|
Count = e - FnsToInstrument.begin();
|
|
|
|
FnsToInstrument.push_back(&F);
|
|
|
|
i = FnsToInstrument.begin() + N;
|
|
|
|
e = FnsToInstrument.begin() + Count;
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
2014-09-30 20:33:16 +08:00
|
|
|
// Hopefully, nobody will try to indirectly call a vararg
|
|
|
|
// function... yet.
|
|
|
|
} else if (FT->isVarArg()) {
|
|
|
|
UnwrappedFnMap[&F] = &F;
|
|
|
|
*i = nullptr;
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-06-26 20:28:59 +08:00
|
|
|
for (Function *i : FnsToInstrument) {
|
|
|
|
if (!i || i->isDeclaration())
|
2013-08-08 06:47:18 +08:00
|
|
|
continue;
|
|
|
|
|
2016-06-26 20:28:59 +08:00
|
|
|
removeUnreachableBlocks(*i);
|
2013-08-10 05:42:53 +08:00
|
|
|
|
2016-06-26 20:28:59 +08:00
|
|
|
DFSanFunction DFSF(*this, i, FnsWithNativeABI.count(i));
|
2013-08-08 06:47:18 +08:00
|
|
|
|
|
|
|
// DFSanVisitor may create new basic blocks, which confuses df_iterator.
|
|
|
|
// Build a copy of the list before iterating over it.
|
2017-10-21 08:57:46 +08:00
|
|
|
SmallVector<BasicBlock *, 4> BBList(depth_first(&i->getEntryBlock()));
|
2013-08-08 06:47:18 +08:00
|
|
|
|
2016-06-26 20:28:59 +08:00
|
|
|
for (BasicBlock *i : BBList) {
|
|
|
|
Instruction *Inst = &i->front();
|
2017-10-21 08:57:46 +08:00
|
|
|
while (true) {
|
2013-08-08 06:47:18 +08:00
|
|
|
// DFSanVisitor may split the current basic block, changing the current
|
|
|
|
// instruction's next pointer and moving the next instruction to the
|
|
|
|
// tail block from which we should continue.
|
|
|
|
Instruction *Next = Inst->getNextNode();
|
2013-08-13 06:38:39 +08:00
|
|
|
// DFSanVisitor may delete Inst, so keep track of whether it was a
|
|
|
|
// terminator.
|
|
|
|
bool IsTerminator = isa<TerminatorInst>(Inst);
|
2013-08-08 06:47:18 +08:00
|
|
|
if (!DFSF.SkipInsts.count(Inst))
|
|
|
|
DFSanVisitor(DFSF).visit(Inst);
|
2013-08-13 06:38:39 +08:00
|
|
|
if (IsTerminator)
|
2013-08-08 06:47:18 +08:00
|
|
|
break;
|
|
|
|
Inst = Next;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-08-15 02:54:12 +08:00
|
|
|
// We will not necessarily be able to compute the shadow for every phi node
|
|
|
|
// until we have visited every block. Therefore, the code that handles phi
|
|
|
|
// nodes adds them to the PHIFixups list so that they can be properly
|
|
|
|
// handled here.
|
2017-10-21 08:57:46 +08:00
|
|
|
for (std::vector<std::pair<PHINode *, PHINode *>>::iterator
|
2013-08-08 06:47:18 +08:00
|
|
|
i = DFSF.PHIFixups.begin(),
|
|
|
|
e = DFSF.PHIFixups.end();
|
|
|
|
i != e; ++i) {
|
|
|
|
for (unsigned val = 0, n = i->first->getNumIncomingValues(); val != n;
|
|
|
|
++val) {
|
|
|
|
i->second->setIncomingValue(
|
|
|
|
val, DFSF.getShadow(i->first->getIncomingValue(val)));
|
|
|
|
}
|
|
|
|
}
|
2013-08-16 02:51:12 +08:00
|
|
|
|
|
|
|
// -dfsan-debug-nonzero-labels will split the CFG in all kinds of crazy
|
|
|
|
// places (i.e. instructions in basic blocks we haven't even begun visiting
|
|
|
|
// yet). To make our life easier, do this work in a pass after the main
|
|
|
|
// instrumentation.
|
|
|
|
if (ClDebugNonzeroLabels) {
|
2014-08-22 09:18:18 +08:00
|
|
|
for (Value *V : DFSF.NonZeroChecks) {
|
2013-08-16 02:51:12 +08:00
|
|
|
Instruction *Pos;
|
2014-08-22 09:18:18 +08:00
|
|
|
if (Instruction *I = dyn_cast<Instruction>(V))
|
2013-08-16 02:51:12 +08:00
|
|
|
Pos = I->getNextNode();
|
|
|
|
else
|
2015-10-14 01:39:10 +08:00
|
|
|
Pos = &DFSF.F->getEntryBlock().front();
|
2013-08-16 02:51:12 +08:00
|
|
|
while (isa<PHINode>(Pos) || isa<AllocaInst>(Pos))
|
|
|
|
Pos = Pos->getNextNode();
|
|
|
|
IRBuilder<> IRB(Pos);
|
2014-08-22 09:18:18 +08:00
|
|
|
Value *Ne = IRB.CreateICmpNE(V, DFSF.DFS.ZeroShadow);
|
2013-08-16 02:51:12 +08:00
|
|
|
BranchInst *BI = cast<BranchInst>(SplitBlockAndInsertIfThen(
|
2013-12-19 21:29:56 +08:00
|
|
|
Ne, Pos, /*Unreachable=*/false, ColdCallWeights));
|
2013-08-16 02:51:12 +08:00
|
|
|
IRBuilder<> ThenIRB(BI);
|
2015-05-19 06:13:54 +08:00
|
|
|
ThenIRB.CreateCall(DFSF.DFS.DFSanNonzeroLabelFn, {});
|
2013-08-16 02:51:12 +08:00
|
|
|
}
|
|
|
|
}
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
Value *DFSanFunction::getArgTLSPtr() {
|
|
|
|
if (ArgTLSPtr)
|
|
|
|
return ArgTLSPtr;
|
|
|
|
if (DFS.ArgTLS)
|
|
|
|
return ArgTLSPtr = DFS.ArgTLS;
|
|
|
|
|
2015-10-14 01:39:10 +08:00
|
|
|
IRBuilder<> IRB(&F->getEntryBlock().front());
|
2015-05-19 06:13:54 +08:00
|
|
|
return ArgTLSPtr = IRB.CreateCall(DFS.GetArgTLS, {});
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
Value *DFSanFunction::getRetvalTLS() {
|
|
|
|
if (RetvalTLSPtr)
|
|
|
|
return RetvalTLSPtr;
|
|
|
|
if (DFS.RetvalTLS)
|
|
|
|
return RetvalTLSPtr = DFS.RetvalTLS;
|
|
|
|
|
2015-10-14 01:39:10 +08:00
|
|
|
IRBuilder<> IRB(&F->getEntryBlock().front());
|
2015-05-19 06:13:54 +08:00
|
|
|
return RetvalTLSPtr = IRB.CreateCall(DFS.GetRetvalTLS, {});
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
Value *DFSanFunction::getArgTLS(unsigned Idx, Instruction *Pos) {
|
|
|
|
IRBuilder<> IRB(Pos);
|
|
|
|
return IRB.CreateConstGEP2_64(getArgTLSPtr(), 0, Idx);
|
|
|
|
}
|
|
|
|
|
|
|
|
Value *DFSanFunction::getShadow(Value *V) {
|
|
|
|
if (!isa<Argument>(V) && !isa<Instruction>(V))
|
|
|
|
return DFS.ZeroShadow;
|
|
|
|
Value *&Shadow = ValShadowMap[V];
|
|
|
|
if (!Shadow) {
|
|
|
|
if (Argument *A = dyn_cast<Argument>(V)) {
|
2013-08-15 02:54:12 +08:00
|
|
|
if (IsNativeABI)
|
|
|
|
return DFS.ZeroShadow;
|
2013-08-08 06:47:18 +08:00
|
|
|
switch (IA) {
|
|
|
|
case DataFlowSanitizer::IA_TLS: {
|
|
|
|
Value *ArgTLSPtr = getArgTLSPtr();
|
|
|
|
Instruction *ArgTLSPos =
|
|
|
|
DFS.ArgTLS ? &*F->getEntryBlock().begin()
|
|
|
|
: cast<Instruction>(ArgTLSPtr)->getNextNode();
|
|
|
|
IRBuilder<> IRB(ArgTLSPos);
|
|
|
|
Shadow = IRB.CreateLoad(getArgTLS(A->getArgNo(), ArgTLSPos));
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
case DataFlowSanitizer::IA_Args: {
|
Remove getArgumentList() in favor of arg_begin(), args(), etc
Users often call getArgumentList().size(), which is a linear way to get
the number of function arguments. arg_size(), on the other hand, is
constant time.
In general, the fact that arguments are stored in an iplist is an
implementation detail, so I've removed it from the Function interface
and moved all other users to the argument container APIs (arg_begin(),
arg_end(), args(), arg_size()).
Reviewed By: chandlerc
Differential Revision: https://reviews.llvm.org/D31052
llvm-svn: 298010
2017-03-17 06:59:15 +08:00
|
|
|
unsigned ArgIdx = A->getArgNo() + F->arg_size() / 2;
|
2013-08-08 06:47:18 +08:00
|
|
|
Function::arg_iterator i = F->arg_begin();
|
|
|
|
while (ArgIdx--)
|
|
|
|
++i;
|
2015-10-14 01:39:10 +08:00
|
|
|
Shadow = &*i;
|
2013-08-15 02:54:12 +08:00
|
|
|
assert(Shadow->getType() == DFS.ShadowTy);
|
2013-08-08 06:47:18 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2014-08-22 09:18:18 +08:00
|
|
|
NonZeroChecks.push_back(Shadow);
|
2013-08-08 06:47:18 +08:00
|
|
|
} else {
|
|
|
|
Shadow = DFS.ZeroShadow;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return Shadow;
|
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanFunction::setShadow(Instruction *I, Value *Shadow) {
|
|
|
|
assert(!ValShadowMap.count(I));
|
|
|
|
assert(Shadow->getType() == DFS.ShadowTy);
|
|
|
|
ValShadowMap[I] = Shadow;
|
|
|
|
}
|
|
|
|
|
|
|
|
Value *DataFlowSanitizer::getShadowAddress(Value *Addr, Instruction *Pos) {
|
|
|
|
assert(Addr != RetvalTLS && "Reinstrumenting?");
|
|
|
|
IRBuilder<> IRB(Pos);
|
2015-11-27 20:42:39 +08:00
|
|
|
Value *ShadowPtrMaskValue;
|
|
|
|
if (DFSanRuntimeShadowMask)
|
|
|
|
ShadowPtrMaskValue = IRB.CreateLoad(IntptrTy, ExternalShadowMask);
|
|
|
|
else
|
|
|
|
ShadowPtrMaskValue = ShadowPtrMask;
|
2013-08-08 06:47:18 +08:00
|
|
|
return IRB.CreateIntToPtr(
|
|
|
|
IRB.CreateMul(
|
2015-11-27 20:42:39 +08:00
|
|
|
IRB.CreateAnd(IRB.CreatePtrToInt(Addr, IntptrTy),
|
|
|
|
IRB.CreatePtrToInt(ShadowPtrMaskValue, IntptrTy)),
|
2013-08-08 06:47:18 +08:00
|
|
|
ShadowPtrMul),
|
|
|
|
ShadowPtrTy);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Generates IR to compute the union of the two given shadows, inserting it
|
|
|
|
// before Pos. Returns the computed union Value.
|
2014-07-15 12:41:14 +08:00
|
|
|
Value *DFSanFunction::combineShadows(Value *V1, Value *V2, Instruction *Pos) {
|
|
|
|
if (V1 == DFS.ZeroShadow)
|
2013-08-08 06:47:18 +08:00
|
|
|
return V2;
|
2014-07-15 12:41:14 +08:00
|
|
|
if (V2 == DFS.ZeroShadow)
|
2013-08-08 06:47:18 +08:00
|
|
|
return V1;
|
|
|
|
if (V1 == V2)
|
|
|
|
return V1;
|
2014-07-15 12:41:17 +08:00
|
|
|
|
2014-07-16 06:13:19 +08:00
|
|
|
auto V1Elems = ShadowElements.find(V1);
|
|
|
|
auto V2Elems = ShadowElements.find(V2);
|
|
|
|
if (V1Elems != ShadowElements.end() && V2Elems != ShadowElements.end()) {
|
|
|
|
if (std::includes(V1Elems->second.begin(), V1Elems->second.end(),
|
|
|
|
V2Elems->second.begin(), V2Elems->second.end())) {
|
|
|
|
return V1;
|
|
|
|
} else if (std::includes(V2Elems->second.begin(), V2Elems->second.end(),
|
|
|
|
V1Elems->second.begin(), V1Elems->second.end())) {
|
|
|
|
return V2;
|
|
|
|
}
|
|
|
|
} else if (V1Elems != ShadowElements.end()) {
|
|
|
|
if (V1Elems->second.count(V2))
|
|
|
|
return V1;
|
|
|
|
} else if (V2Elems != ShadowElements.end()) {
|
|
|
|
if (V2Elems->second.count(V1))
|
|
|
|
return V2;
|
|
|
|
}
|
|
|
|
|
2014-07-15 12:41:17 +08:00
|
|
|
auto Key = std::make_pair(V1, V2);
|
|
|
|
if (V1 > V2)
|
|
|
|
std::swap(Key.first, Key.second);
|
|
|
|
CachedCombinedShadow &CCS = CachedCombinedShadows[Key];
|
|
|
|
if (CCS.Block && DT.dominates(CCS.Block, Pos->getParent()))
|
|
|
|
return CCS.Shadow;
|
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
IRBuilder<> IRB(Pos);
|
2014-08-06 08:33:40 +08:00
|
|
|
if (AvoidNewBlocks) {
|
2015-05-19 06:13:54 +08:00
|
|
|
CallInst *Call = IRB.CreateCall(DFS.DFSanCheckedUnionFn, {V1, V2});
|
Rename AttributeSet to AttributeList
Summary:
This class is a list of AttributeSetNodes corresponding the function
prototype of a call or function declaration. This class used to be
called ParamAttrListPtr, then AttrListPtr, then AttributeSet. It is
typically accessed by parameter and return value index, so
"AttributeList" seems like a more intuitive name.
Rename AttributeSetImpl to AttributeListImpl to follow suit.
It's useful to rename this class so that we can rename AttributeSetNode
to AttributeSet later. AttributeSet is the set of attributes that apply
to a single function, argument, or return value.
Reviewers: sanjoy, javed.absar, chandlerc, pete
Reviewed By: pete
Subscribers: pete, jholewinski, arsenm, dschuff, mehdi_amini, jfb, nhaehnle, sbc100, void, llvm-commits
Differential Revision: https://reviews.llvm.org/D31102
llvm-svn: 298393
2017-03-22 00:57:19 +08:00
|
|
|
Call->addAttribute(AttributeList::ReturnIndex, Attribute::ZExt);
|
2017-05-04 02:17:31 +08:00
|
|
|
Call->addParamAttr(0, Attribute::ZExt);
|
|
|
|
Call->addParamAttr(1, Attribute::ZExt);
|
2014-08-06 08:33:40 +08:00
|
|
|
|
|
|
|
CCS.Block = Pos->getParent();
|
|
|
|
CCS.Shadow = Call;
|
|
|
|
} else {
|
|
|
|
BasicBlock *Head = Pos->getParent();
|
|
|
|
Value *Ne = IRB.CreateICmpNE(V1, V2);
|
|
|
|
BranchInst *BI = cast<BranchInst>(SplitBlockAndInsertIfThen(
|
|
|
|
Ne, Pos, /*Unreachable=*/false, DFS.ColdCallWeights, &DT));
|
|
|
|
IRBuilder<> ThenIRB(BI);
|
2015-05-19 06:13:54 +08:00
|
|
|
CallInst *Call = ThenIRB.CreateCall(DFS.DFSanUnionFn, {V1, V2});
|
Rename AttributeSet to AttributeList
Summary:
This class is a list of AttributeSetNodes corresponding the function
prototype of a call or function declaration. This class used to be
called ParamAttrListPtr, then AttrListPtr, then AttributeSet. It is
typically accessed by parameter and return value index, so
"AttributeList" seems like a more intuitive name.
Rename AttributeSetImpl to AttributeListImpl to follow suit.
It's useful to rename this class so that we can rename AttributeSetNode
to AttributeSet later. AttributeSet is the set of attributes that apply
to a single function, argument, or return value.
Reviewers: sanjoy, javed.absar, chandlerc, pete
Reviewed By: pete
Subscribers: pete, jholewinski, arsenm, dschuff, mehdi_amini, jfb, nhaehnle, sbc100, void, llvm-commits
Differential Revision: https://reviews.llvm.org/D31102
llvm-svn: 298393
2017-03-22 00:57:19 +08:00
|
|
|
Call->addAttribute(AttributeList::ReturnIndex, Attribute::ZExt);
|
2017-05-04 02:17:31 +08:00
|
|
|
Call->addParamAttr(0, Attribute::ZExt);
|
|
|
|
Call->addParamAttr(1, Attribute::ZExt);
|
2014-08-06 08:33:40 +08:00
|
|
|
|
|
|
|
BasicBlock *Tail = BI->getSuccessor(0);
|
2015-10-14 01:39:10 +08:00
|
|
|
PHINode *Phi = PHINode::Create(DFS.ShadowTy, 2, "", &Tail->front());
|
2014-08-06 08:33:40 +08:00
|
|
|
Phi->addIncoming(Call, Call->getParent());
|
|
|
|
Phi->addIncoming(V1, Head);
|
|
|
|
|
|
|
|
CCS.Block = Tail;
|
|
|
|
CCS.Shadow = Phi;
|
|
|
|
}
|
2014-07-16 06:13:19 +08:00
|
|
|
|
|
|
|
std::set<Value *> UnionElems;
|
|
|
|
if (V1Elems != ShadowElements.end()) {
|
|
|
|
UnionElems = V1Elems->second;
|
|
|
|
} else {
|
|
|
|
UnionElems.insert(V1);
|
|
|
|
}
|
|
|
|
if (V2Elems != ShadowElements.end()) {
|
|
|
|
UnionElems.insert(V2Elems->second.begin(), V2Elems->second.end());
|
|
|
|
} else {
|
|
|
|
UnionElems.insert(V2);
|
|
|
|
}
|
2014-08-06 08:33:40 +08:00
|
|
|
ShadowElements[CCS.Shadow] = std::move(UnionElems);
|
2014-07-16 06:13:19 +08:00
|
|
|
|
2014-08-06 08:33:40 +08:00
|
|
|
return CCS.Shadow;
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
// A convenience function which folds the shadows of each of the operands
|
|
|
|
// of the provided instruction Inst, inserting the IR before Inst. Returns
|
|
|
|
// the computed union Value.
|
|
|
|
Value *DFSanFunction::combineOperandShadows(Instruction *Inst) {
|
|
|
|
if (Inst->getNumOperands() == 0)
|
|
|
|
return DFS.ZeroShadow;
|
|
|
|
|
|
|
|
Value *Shadow = getShadow(Inst->getOperand(0));
|
|
|
|
for (unsigned i = 1, n = Inst->getNumOperands(); i != n; ++i) {
|
2014-07-15 12:41:14 +08:00
|
|
|
Shadow = combineShadows(Shadow, getShadow(Inst->getOperand(i)), Inst);
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
return Shadow;
|
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanVisitor::visitOperandShadowInst(Instruction &I) {
|
|
|
|
Value *CombinedShadow = DFSF.combineOperandShadows(&I);
|
|
|
|
DFSF.setShadow(&I, CombinedShadow);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Generates IR to load shadow corresponding to bytes [Addr, Addr+Size), where
|
|
|
|
// Addr has alignment Align, and take the union of each of those shadows.
|
|
|
|
Value *DFSanFunction::loadShadow(Value *Addr, uint64_t Size, uint64_t Align,
|
|
|
|
Instruction *Pos) {
|
|
|
|
if (AllocaInst *AI = dyn_cast<AllocaInst>(Addr)) {
|
2017-10-21 08:57:46 +08:00
|
|
|
const auto i = AllocaShadowMap.find(AI);
|
2013-08-08 06:47:18 +08:00
|
|
|
if (i != AllocaShadowMap.end()) {
|
|
|
|
IRBuilder<> IRB(Pos);
|
|
|
|
return IRB.CreateLoad(i->second);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
uint64_t ShadowAlign = Align * DFS.ShadowWidth / 8;
|
|
|
|
SmallVector<Value *, 2> Objs;
|
2015-03-10 10:37:25 +08:00
|
|
|
GetUnderlyingObjects(Addr, Objs, Pos->getModule()->getDataLayout());
|
2013-08-08 06:47:18 +08:00
|
|
|
bool AllConstants = true;
|
2016-06-26 20:28:59 +08:00
|
|
|
for (Value *Obj : Objs) {
|
|
|
|
if (isa<Function>(Obj) || isa<BlockAddress>(Obj))
|
2013-08-08 06:47:18 +08:00
|
|
|
continue;
|
2016-06-26 20:28:59 +08:00
|
|
|
if (isa<GlobalVariable>(Obj) && cast<GlobalVariable>(Obj)->isConstant())
|
2013-08-08 06:47:18 +08:00
|
|
|
continue;
|
|
|
|
|
|
|
|
AllConstants = false;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (AllConstants)
|
|
|
|
return DFS.ZeroShadow;
|
|
|
|
|
|
|
|
Value *ShadowAddr = DFS.getShadowAddress(Addr, Pos);
|
|
|
|
switch (Size) {
|
|
|
|
case 0:
|
|
|
|
return DFS.ZeroShadow;
|
|
|
|
case 1: {
|
|
|
|
LoadInst *LI = new LoadInst(ShadowAddr, "", Pos);
|
|
|
|
LI->setAlignment(ShadowAlign);
|
|
|
|
return LI;
|
|
|
|
}
|
|
|
|
case 2: {
|
|
|
|
IRBuilder<> IRB(Pos);
|
2015-04-04 03:41:44 +08:00
|
|
|
Value *ShadowAddr1 = IRB.CreateGEP(DFS.ShadowTy, ShadowAddr,
|
|
|
|
ConstantInt::get(DFS.IntptrTy, 1));
|
2014-07-15 12:41:14 +08:00
|
|
|
return combineShadows(IRB.CreateAlignedLoad(ShadowAddr, ShadowAlign),
|
|
|
|
IRB.CreateAlignedLoad(ShadowAddr1, ShadowAlign), Pos);
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
}
|
2014-08-06 08:33:40 +08:00
|
|
|
if (!AvoidNewBlocks && Size % (64 / DFS.ShadowWidth) == 0) {
|
2013-08-08 06:47:18 +08:00
|
|
|
// Fast path for the common case where each byte has identical shadow: load
|
|
|
|
// shadow 64 bits at a time, fall out to a __dfsan_union_load call if any
|
|
|
|
// shadow is non-equal.
|
|
|
|
BasicBlock *FallbackBB = BasicBlock::Create(*DFS.Ctx, "", F);
|
|
|
|
IRBuilder<> FallbackIRB(FallbackBB);
|
2015-05-19 06:13:54 +08:00
|
|
|
CallInst *FallbackCall = FallbackIRB.CreateCall(
|
|
|
|
DFS.DFSanUnionLoadFn,
|
|
|
|
{ShadowAddr, ConstantInt::get(DFS.IntptrTy, Size)});
|
Rename AttributeSet to AttributeList
Summary:
This class is a list of AttributeSetNodes corresponding the function
prototype of a call or function declaration. This class used to be
called ParamAttrListPtr, then AttrListPtr, then AttributeSet. It is
typically accessed by parameter and return value index, so
"AttributeList" seems like a more intuitive name.
Rename AttributeSetImpl to AttributeListImpl to follow suit.
It's useful to rename this class so that we can rename AttributeSetNode
to AttributeSet later. AttributeSet is the set of attributes that apply
to a single function, argument, or return value.
Reviewers: sanjoy, javed.absar, chandlerc, pete
Reviewed By: pete
Subscribers: pete, jholewinski, arsenm, dschuff, mehdi_amini, jfb, nhaehnle, sbc100, void, llvm-commits
Differential Revision: https://reviews.llvm.org/D31102
llvm-svn: 298393
2017-03-22 00:57:19 +08:00
|
|
|
FallbackCall->addAttribute(AttributeList::ReturnIndex, Attribute::ZExt);
|
2013-08-08 06:47:18 +08:00
|
|
|
|
|
|
|
// Compare each of the shadows stored in the loaded 64 bits to each other,
|
|
|
|
// by computing (WideShadow rotl ShadowWidth) == WideShadow.
|
|
|
|
IRBuilder<> IRB(Pos);
|
|
|
|
Value *WideAddr =
|
|
|
|
IRB.CreateBitCast(ShadowAddr, Type::getInt64PtrTy(*DFS.Ctx));
|
|
|
|
Value *WideShadow = IRB.CreateAlignedLoad(WideAddr, ShadowAlign);
|
|
|
|
Value *TruncShadow = IRB.CreateTrunc(WideShadow, DFS.ShadowTy);
|
|
|
|
Value *ShlShadow = IRB.CreateShl(WideShadow, DFS.ShadowWidth);
|
|
|
|
Value *ShrShadow = IRB.CreateLShr(WideShadow, 64 - DFS.ShadowWidth);
|
|
|
|
Value *RotShadow = IRB.CreateOr(ShlShadow, ShrShadow);
|
|
|
|
Value *ShadowsEq = IRB.CreateICmpEQ(WideShadow, RotShadow);
|
|
|
|
|
|
|
|
BasicBlock *Head = Pos->getParent();
|
2015-10-14 01:39:10 +08:00
|
|
|
BasicBlock *Tail = Head->splitBasicBlock(Pos->getIterator());
|
2014-07-15 12:41:17 +08:00
|
|
|
|
|
|
|
if (DomTreeNode *OldNode = DT.getNode(Head)) {
|
|
|
|
std::vector<DomTreeNode *> Children(OldNode->begin(), OldNode->end());
|
|
|
|
|
|
|
|
DomTreeNode *NewNode = DT.addNewBlock(Tail, Head);
|
|
|
|
for (auto Child : Children)
|
|
|
|
DT.changeImmediateDominator(Child, NewNode);
|
|
|
|
}
|
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
// In the following code LastBr will refer to the previous basic block's
|
|
|
|
// conditional branch instruction, whose true successor is fixed up to point
|
|
|
|
// to the next block during the loop below or to the tail after the final
|
|
|
|
// iteration.
|
|
|
|
BranchInst *LastBr = BranchInst::Create(FallbackBB, FallbackBB, ShadowsEq);
|
|
|
|
ReplaceInstWithInst(Head->getTerminator(), LastBr);
|
2014-07-15 12:41:17 +08:00
|
|
|
DT.addNewBlock(FallbackBB, Head);
|
2013-08-08 06:47:18 +08:00
|
|
|
|
|
|
|
for (uint64_t Ofs = 64 / DFS.ShadowWidth; Ofs != Size;
|
|
|
|
Ofs += 64 / DFS.ShadowWidth) {
|
|
|
|
BasicBlock *NextBB = BasicBlock::Create(*DFS.Ctx, "", F);
|
2014-07-15 12:41:17 +08:00
|
|
|
DT.addNewBlock(NextBB, LastBr->getParent());
|
2013-08-08 06:47:18 +08:00
|
|
|
IRBuilder<> NextIRB(NextBB);
|
2015-04-04 03:41:44 +08:00
|
|
|
WideAddr = NextIRB.CreateGEP(Type::getInt64Ty(*DFS.Ctx), WideAddr,
|
|
|
|
ConstantInt::get(DFS.IntptrTy, 1));
|
2013-08-08 06:47:18 +08:00
|
|
|
Value *NextWideShadow = NextIRB.CreateAlignedLoad(WideAddr, ShadowAlign);
|
|
|
|
ShadowsEq = NextIRB.CreateICmpEQ(WideShadow, NextWideShadow);
|
|
|
|
LastBr->setSuccessor(0, NextBB);
|
|
|
|
LastBr = NextIRB.CreateCondBr(ShadowsEq, FallbackBB, FallbackBB);
|
|
|
|
}
|
|
|
|
|
|
|
|
LastBr->setSuccessor(0, Tail);
|
|
|
|
FallbackIRB.CreateBr(Tail);
|
|
|
|
PHINode *Shadow = PHINode::Create(DFS.ShadowTy, 2, "", &Tail->front());
|
|
|
|
Shadow->addIncoming(FallbackCall, FallbackBB);
|
|
|
|
Shadow->addIncoming(TruncShadow, LastBr->getParent());
|
|
|
|
return Shadow;
|
|
|
|
}
|
|
|
|
|
|
|
|
IRBuilder<> IRB(Pos);
|
2015-05-19 06:13:54 +08:00
|
|
|
CallInst *FallbackCall = IRB.CreateCall(
|
|
|
|
DFS.DFSanUnionLoadFn, {ShadowAddr, ConstantInt::get(DFS.IntptrTy, Size)});
|
Rename AttributeSet to AttributeList
Summary:
This class is a list of AttributeSetNodes corresponding the function
prototype of a call or function declaration. This class used to be
called ParamAttrListPtr, then AttrListPtr, then AttributeSet. It is
typically accessed by parameter and return value index, so
"AttributeList" seems like a more intuitive name.
Rename AttributeSetImpl to AttributeListImpl to follow suit.
It's useful to rename this class so that we can rename AttributeSetNode
to AttributeSet later. AttributeSet is the set of attributes that apply
to a single function, argument, or return value.
Reviewers: sanjoy, javed.absar, chandlerc, pete
Reviewed By: pete
Subscribers: pete, jholewinski, arsenm, dschuff, mehdi_amini, jfb, nhaehnle, sbc100, void, llvm-commits
Differential Revision: https://reviews.llvm.org/D31102
llvm-svn: 298393
2017-03-22 00:57:19 +08:00
|
|
|
FallbackCall->addAttribute(AttributeList::ReturnIndex, Attribute::ZExt);
|
2013-08-08 06:47:18 +08:00
|
|
|
return FallbackCall;
|
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanVisitor::visitLoadInst(LoadInst &LI) {
|
2015-03-10 10:37:25 +08:00
|
|
|
auto &DL = LI.getModule()->getDataLayout();
|
|
|
|
uint64_t Size = DL.getTypeStoreSize(LI.getType());
|
2014-08-02 05:18:18 +08:00
|
|
|
if (Size == 0) {
|
|
|
|
DFSF.setShadow(&LI, DFSF.DFS.ZeroShadow);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
uint64_t Align;
|
|
|
|
if (ClPreserveAlignment) {
|
|
|
|
Align = LI.getAlignment();
|
|
|
|
if (Align == 0)
|
2015-03-10 10:37:25 +08:00
|
|
|
Align = DL.getABITypeAlignment(LI.getType());
|
2013-08-08 06:47:18 +08:00
|
|
|
} else {
|
|
|
|
Align = 1;
|
|
|
|
}
|
|
|
|
IRBuilder<> IRB(&LI);
|
2013-11-22 07:20:54 +08:00
|
|
|
Value *Shadow = DFSF.loadShadow(LI.getPointerOperand(), Size, Align, &LI);
|
|
|
|
if (ClCombinePointerLabelsOnLoad) {
|
|
|
|
Value *PtrShadow = DFSF.getShadow(LI.getPointerOperand());
|
2014-07-15 12:41:14 +08:00
|
|
|
Shadow = DFSF.combineShadows(Shadow, PtrShadow, &LI);
|
2013-11-22 07:20:54 +08:00
|
|
|
}
|
|
|
|
if (Shadow != DFSF.DFS.ZeroShadow)
|
2014-08-22 09:18:18 +08:00
|
|
|
DFSF.NonZeroChecks.push_back(Shadow);
|
2013-11-22 07:20:54 +08:00
|
|
|
|
|
|
|
DFSF.setShadow(&LI, Shadow);
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanFunction::storeShadow(Value *Addr, uint64_t Size, uint64_t Align,
|
|
|
|
Value *Shadow, Instruction *Pos) {
|
|
|
|
if (AllocaInst *AI = dyn_cast<AllocaInst>(Addr)) {
|
2017-10-21 08:57:46 +08:00
|
|
|
const auto i = AllocaShadowMap.find(AI);
|
2013-08-08 06:47:18 +08:00
|
|
|
if (i != AllocaShadowMap.end()) {
|
|
|
|
IRBuilder<> IRB(Pos);
|
|
|
|
IRB.CreateStore(Shadow, i->second);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
uint64_t ShadowAlign = Align * DFS.ShadowWidth / 8;
|
|
|
|
IRBuilder<> IRB(Pos);
|
|
|
|
Value *ShadowAddr = DFS.getShadowAddress(Addr, Pos);
|
|
|
|
if (Shadow == DFS.ZeroShadow) {
|
|
|
|
IntegerType *ShadowTy = IntegerType::get(*DFS.Ctx, Size * DFS.ShadowWidth);
|
|
|
|
Value *ExtZeroShadow = ConstantInt::get(ShadowTy, 0);
|
|
|
|
Value *ExtShadowAddr =
|
|
|
|
IRB.CreateBitCast(ShadowAddr, PointerType::getUnqual(ShadowTy));
|
|
|
|
IRB.CreateAlignedStore(ExtZeroShadow, ExtShadowAddr, ShadowAlign);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
const unsigned ShadowVecSize = 128 / DFS.ShadowWidth;
|
|
|
|
uint64_t Offset = 0;
|
|
|
|
if (Size >= ShadowVecSize) {
|
|
|
|
VectorType *ShadowVecTy = VectorType::get(DFS.ShadowTy, ShadowVecSize);
|
|
|
|
Value *ShadowVec = UndefValue::get(ShadowVecTy);
|
|
|
|
for (unsigned i = 0; i != ShadowVecSize; ++i) {
|
|
|
|
ShadowVec = IRB.CreateInsertElement(
|
|
|
|
ShadowVec, Shadow, ConstantInt::get(Type::getInt32Ty(*DFS.Ctx), i));
|
|
|
|
}
|
|
|
|
Value *ShadowVecAddr =
|
|
|
|
IRB.CreateBitCast(ShadowAddr, PointerType::getUnqual(ShadowVecTy));
|
|
|
|
do {
|
2015-04-04 07:03:54 +08:00
|
|
|
Value *CurShadowVecAddr =
|
|
|
|
IRB.CreateConstGEP1_32(ShadowVecTy, ShadowVecAddr, Offset);
|
2013-08-08 06:47:18 +08:00
|
|
|
IRB.CreateAlignedStore(ShadowVec, CurShadowVecAddr, ShadowAlign);
|
|
|
|
Size -= ShadowVecSize;
|
|
|
|
++Offset;
|
|
|
|
} while (Size >= ShadowVecSize);
|
|
|
|
Offset *= ShadowVecSize;
|
|
|
|
}
|
|
|
|
while (Size > 0) {
|
2015-04-04 07:03:54 +08:00
|
|
|
Value *CurShadowAddr =
|
|
|
|
IRB.CreateConstGEP1_32(DFS.ShadowTy, ShadowAddr, Offset);
|
2013-08-08 06:47:18 +08:00
|
|
|
IRB.CreateAlignedStore(Shadow, CurShadowAddr, ShadowAlign);
|
|
|
|
--Size;
|
|
|
|
++Offset;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanVisitor::visitStoreInst(StoreInst &SI) {
|
2015-03-10 10:37:25 +08:00
|
|
|
auto &DL = SI.getModule()->getDataLayout();
|
|
|
|
uint64_t Size = DL.getTypeStoreSize(SI.getValueOperand()->getType());
|
2014-08-02 05:18:18 +08:00
|
|
|
if (Size == 0)
|
|
|
|
return;
|
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
uint64_t Align;
|
|
|
|
if (ClPreserveAlignment) {
|
|
|
|
Align = SI.getAlignment();
|
|
|
|
if (Align == 0)
|
2015-03-10 10:37:25 +08:00
|
|
|
Align = DL.getABITypeAlignment(SI.getValueOperand()->getType());
|
2013-08-08 06:47:18 +08:00
|
|
|
} else {
|
|
|
|
Align = 1;
|
|
|
|
}
|
2013-11-22 07:20:54 +08:00
|
|
|
|
|
|
|
Value* Shadow = DFSF.getShadow(SI.getValueOperand());
|
|
|
|
if (ClCombinePointerLabelsOnStore) {
|
|
|
|
Value *PtrShadow = DFSF.getShadow(SI.getPointerOperand());
|
2014-07-15 12:41:14 +08:00
|
|
|
Shadow = DFSF.combineShadows(Shadow, PtrShadow, &SI);
|
2013-11-22 07:20:54 +08:00
|
|
|
}
|
|
|
|
DFSF.storeShadow(SI.getPointerOperand(), Size, Align, Shadow, &SI);
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanVisitor::visitBinaryOperator(BinaryOperator &BO) {
|
|
|
|
visitOperandShadowInst(BO);
|
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanVisitor::visitCastInst(CastInst &CI) { visitOperandShadowInst(CI); }
|
|
|
|
|
|
|
|
void DFSanVisitor::visitCmpInst(CmpInst &CI) { visitOperandShadowInst(CI); }
|
|
|
|
|
|
|
|
void DFSanVisitor::visitGetElementPtrInst(GetElementPtrInst &GEPI) {
|
|
|
|
visitOperandShadowInst(GEPI);
|
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanVisitor::visitExtractElementInst(ExtractElementInst &I) {
|
|
|
|
visitOperandShadowInst(I);
|
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanVisitor::visitInsertElementInst(InsertElementInst &I) {
|
|
|
|
visitOperandShadowInst(I);
|
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanVisitor::visitShuffleVectorInst(ShuffleVectorInst &I) {
|
|
|
|
visitOperandShadowInst(I);
|
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanVisitor::visitExtractValueInst(ExtractValueInst &I) {
|
|
|
|
visitOperandShadowInst(I);
|
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanVisitor::visitInsertValueInst(InsertValueInst &I) {
|
|
|
|
visitOperandShadowInst(I);
|
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanVisitor::visitAllocaInst(AllocaInst &I) {
|
|
|
|
bool AllLoadsStores = true;
|
2014-03-09 11:16:01 +08:00
|
|
|
for (User *U : I.users()) {
|
|
|
|
if (isa<LoadInst>(U))
|
2013-08-08 06:47:18 +08:00
|
|
|
continue;
|
|
|
|
|
2014-03-09 11:16:01 +08:00
|
|
|
if (StoreInst *SI = dyn_cast<StoreInst>(U)) {
|
2013-08-08 06:47:18 +08:00
|
|
|
if (SI->getPointerOperand() == &I)
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
AllLoadsStores = false;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (AllLoadsStores) {
|
|
|
|
IRBuilder<> IRB(&I);
|
|
|
|
DFSF.AllocaShadowMap[&I] = IRB.CreateAlloca(DFSF.DFS.ShadowTy);
|
|
|
|
}
|
|
|
|
DFSF.setShadow(&I, DFSF.DFS.ZeroShadow);
|
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanVisitor::visitSelectInst(SelectInst &I) {
|
|
|
|
Value *CondShadow = DFSF.getShadow(I.getCondition());
|
|
|
|
Value *TrueShadow = DFSF.getShadow(I.getTrueValue());
|
|
|
|
Value *FalseShadow = DFSF.getShadow(I.getFalseValue());
|
|
|
|
|
|
|
|
if (isa<VectorType>(I.getCondition()->getType())) {
|
|
|
|
DFSF.setShadow(
|
2014-07-15 12:41:14 +08:00
|
|
|
&I,
|
|
|
|
DFSF.combineShadows(
|
|
|
|
CondShadow, DFSF.combineShadows(TrueShadow, FalseShadow, &I), &I));
|
2013-08-08 06:47:18 +08:00
|
|
|
} else {
|
|
|
|
Value *ShadowSel;
|
|
|
|
if (TrueShadow == FalseShadow) {
|
|
|
|
ShadowSel = TrueShadow;
|
|
|
|
} else {
|
|
|
|
ShadowSel =
|
|
|
|
SelectInst::Create(I.getCondition(), TrueShadow, FalseShadow, "", &I);
|
|
|
|
}
|
2014-07-15 12:41:14 +08:00
|
|
|
DFSF.setShadow(&I, DFSF.combineShadows(CondShadow, ShadowSel, &I));
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-08-15 04:51:38 +08:00
|
|
|
void DFSanVisitor::visitMemSetInst(MemSetInst &I) {
|
|
|
|
IRBuilder<> IRB(&I);
|
|
|
|
Value *ValShadow = DFSF.getShadow(I.getValue());
|
2015-05-19 06:13:54 +08:00
|
|
|
IRB.CreateCall(DFSF.DFS.DFSanSetLabelFn,
|
|
|
|
{ValShadow, IRB.CreateBitCast(I.getDest(), Type::getInt8PtrTy(
|
|
|
|
*DFSF.DFS.Ctx)),
|
|
|
|
IRB.CreateZExtOrTrunc(I.getLength(), DFSF.DFS.IntptrTy)});
|
2013-08-15 04:51:38 +08:00
|
|
|
}
|
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
void DFSanVisitor::visitMemTransferInst(MemTransferInst &I) {
|
|
|
|
IRBuilder<> IRB(&I);
|
|
|
|
Value *DestShadow = DFSF.DFS.getShadowAddress(I.getDest(), &I);
|
|
|
|
Value *SrcShadow = DFSF.DFS.getShadowAddress(I.getSource(), &I);
|
|
|
|
Value *LenShadow = IRB.CreateMul(
|
|
|
|
I.getLength(),
|
|
|
|
ConstantInt::get(I.getLength()->getType(), DFSF.DFS.ShadowWidth / 8));
|
2015-11-19 13:56:52 +08:00
|
|
|
Type *Int8Ptr = Type::getInt8PtrTy(*DFSF.DFS.Ctx);
|
|
|
|
DestShadow = IRB.CreateBitCast(DestShadow, Int8Ptr);
|
|
|
|
SrcShadow = IRB.CreateBitCast(SrcShadow, Int8Ptr);
|
Remove alignment argument from memcpy/memmove/memset in favour of alignment attributes (Step 1)
Summary:
This is a resurrection of work first proposed and discussed in Aug 2015:
http://lists.llvm.org/pipermail/llvm-dev/2015-August/089384.html
and initially landed (but then backed out) in Nov 2015:
http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20151109/312083.html
The @llvm.memcpy/memmove/memset intrinsics currently have an explicit argument
which is required to be a constant integer. It represents the alignment of the
dest (and source), and so must be the minimum of the actual alignment of the
two.
This change is the first in a series that allows source and dest to each
have their own alignments by using the alignment attribute on their arguments.
In this change we:
1) Remove the alignment argument.
2) Add alignment attributes to the source & dest arguments. We, temporarily,
require that the alignments for source & dest be equal.
For example, code which used to read:
call void @llvm.memcpy.p0i8.p0i8.i32(i8* %dest, i8* %src, i32 100, i32 4, i1 false)
will now read
call void @llvm.memcpy.p0i8.p0i8.i32(i8* align 4 %dest, i8* align 4 %src, i32 100, i1 false)
Downstream users may have to update their lit tests that check for
@llvm.memcpy/memmove/memset call/declaration patterns. The following extended sed script
may help with updating the majority of your tests, but it does not catch all possible
patterns so some manual checking and updating will be required.
s~declare void @llvm\.mem(set|cpy|move)\.p([^(]*)\((.*), i32, i1\)~declare void @llvm.mem\1.p\2(\3, i1)~g
s~call void @llvm\.memset\.p([^(]*)i8\(i8([^*]*)\* (.*), i8 (.*), i8 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.memset.p\1i8(i8\2* \3, i8 \4, i8 \5, i1 \6)~g
s~call void @llvm\.memset\.p([^(]*)i16\(i8([^*]*)\* (.*), i8 (.*), i16 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.memset.p\1i16(i8\2* \3, i8 \4, i16 \5, i1 \6)~g
s~call void @llvm\.memset\.p([^(]*)i32\(i8([^*]*)\* (.*), i8 (.*), i32 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.memset.p\1i32(i8\2* \3, i8 \4, i32 \5, i1 \6)~g
s~call void @llvm\.memset\.p([^(]*)i64\(i8([^*]*)\* (.*), i8 (.*), i64 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.memset.p\1i64(i8\2* \3, i8 \4, i64 \5, i1 \6)~g
s~call void @llvm\.memset\.p([^(]*)i128\(i8([^*]*)\* (.*), i8 (.*), i128 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.memset.p\1i128(i8\2* \3, i8 \4, i128 \5, i1 \6)~g
s~call void @llvm\.memset\.p([^(]*)i8\(i8([^*]*)\* (.*), i8 (.*), i8 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.memset.p\1i8(i8\2* align \6 \3, i8 \4, i8 \5, i1 \7)~g
s~call void @llvm\.memset\.p([^(]*)i16\(i8([^*]*)\* (.*), i8 (.*), i16 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.memset.p\1i16(i8\2* align \6 \3, i8 \4, i16 \5, i1 \7)~g
s~call void @llvm\.memset\.p([^(]*)i32\(i8([^*]*)\* (.*), i8 (.*), i32 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.memset.p\1i32(i8\2* align \6 \3, i8 \4, i32 \5, i1 \7)~g
s~call void @llvm\.memset\.p([^(]*)i64\(i8([^*]*)\* (.*), i8 (.*), i64 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.memset.p\1i64(i8\2* align \6 \3, i8 \4, i64 \5, i1 \7)~g
s~call void @llvm\.memset\.p([^(]*)i128\(i8([^*]*)\* (.*), i8 (.*), i128 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.memset.p\1i128(i8\2* align \6 \3, i8 \4, i128 \5, i1 \7)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i8\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i8 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.mem\1.p\2i8(i8\3* \4, i8\5* \6, i8 \7, i1 \8)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i16\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i16 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.mem\1.p\2i16(i8\3* \4, i8\5* \6, i16 \7, i1 \8)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i32\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i32 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.mem\1.p\2i32(i8\3* \4, i8\5* \6, i32 \7, i1 \8)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i64\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i64 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.mem\1.p\2i64(i8\3* \4, i8\5* \6, i64 \7, i1 \8)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i128\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i128 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.mem\1.p\2i128(i8\3* \4, i8\5* \6, i128 \7, i1 \8)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i8\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i8 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.mem\1.p\2i8(i8\3* align \8 \4, i8\5* align \8 \6, i8 \7, i1 \9)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i16\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i16 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.mem\1.p\2i16(i8\3* align \8 \4, i8\5* align \8 \6, i16 \7, i1 \9)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i32\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i32 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.mem\1.p\2i32(i8\3* align \8 \4, i8\5* align \8 \6, i32 \7, i1 \9)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i64\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i64 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.mem\1.p\2i64(i8\3* align \8 \4, i8\5* align \8 \6, i64 \7, i1 \9)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i128\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i128 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.mem\1.p\2i128(i8\3* align \8 \4, i8\5* align \8 \6, i128 \7, i1 \9)~g
The remaining changes in the series will:
Step 2) Expand the IRBuilder API to allow creation of memcpy/memmove with differing
source and dest alignments.
Step 3) Update Clang to use the new IRBuilder API.
Step 4) Update Polly to use the new IRBuilder API.
Step 5) Update LLVM passes that create memcpy/memmove calls to use the new IRBuilder API,
and those that use use MemIntrinsicInst::[get|set]Alignment() to use
getDestAlignment() and getSourceAlignment() instead.
Step 6) Remove the single-alignment IRBuilder API for memcpy/memmove, and the
MemIntrinsicInst::[get|set]Alignment() methods.
Reviewers: pete, hfinkel, lhames, reames, bollu
Reviewed By: reames
Subscribers: niosHD, reames, jholewinski, qcolombet, jfb, sanjoy, arsenm, dschuff, dylanmckay, mehdi_amini, sdardis, nemanjai, david2050, nhaehnle, javed.absar, sbc100, jgravelle-google, eraman, aheejin, kbarton, JDevlieghere, asb, rbar, johnrusso, simoncook, jordy.potman.lists, apazos, sabuasal, llvm-commits
Differential Revision: https://reviews.llvm.org/D41675
llvm-svn: 322965
2018-01-20 01:13:12 +08:00
|
|
|
auto *MTI = cast<MemTransferInst>(
|
|
|
|
IRB.CreateCall(I.getCalledValue(),
|
|
|
|
{DestShadow, SrcShadow, LenShadow, I.getVolatileCst()}));
|
|
|
|
if (ClPreserveAlignment) {
|
[DSan] Update uses of memory intrinsic get/setAlignment to new API (NFC)
Summary:
This change is part of step five in the series of changes to remove alignment argument from
memcpy/memmove/memset in favour of alignment attributes. In particular, this changes the
DataFlowSanitizer pass to cease using the old get/setAlignment() API of MemoryIntrinsic
in favour of getting source & dest specific alignments through the new API.
Steps:
Step 1) Remove alignment parameter and create alignment parameter attributes for
memcpy/memmove/memset. ( rL322965, rC322964, rL322963 )
Step 2) Expand the IRBuilder API to allow creation of memcpy/memmove with differing
source and dest alignments. ( rL323597 )
Step 3) Update Clang to use the new IRBuilder API. ( rC323617 )
Step 4) Update Polly to use the new IRBuilder API. ( rL323618 )
Step 5) Update LLVM passes that create memcpy/memmove calls to use the new IRBuilder API,
and those that use use MemIntrinsicInst::[get|set]Alignment() to use [get|set]DestAlignment()
and [get|set]SourceAlignment() instead. ( rL323886, rL323891, rL324148, rL324273, rL324278,
rL324384, rL324395, rL324402, rL324626, rL324642, rL324653 )
Step 6) Remove the single-alignment IRBuilder API for memcpy/memmove, and the
MemIntrinsicInst::[get|set]Alignment() methods.
Reference
http://lists.llvm.org/pipermail/llvm-dev/2015-August/089384.html
http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20151109/312083.html
llvm-svn: 324654
2018-02-09 05:28:26 +08:00
|
|
|
MTI->setDestAlignment(I.getDestAlignment() * (DFSF.DFS.ShadowWidth / 8));
|
|
|
|
MTI->setSourceAlignment(I.getSourceAlignment() * (DFSF.DFS.ShadowWidth / 8));
|
Remove alignment argument from memcpy/memmove/memset in favour of alignment attributes (Step 1)
Summary:
This is a resurrection of work first proposed and discussed in Aug 2015:
http://lists.llvm.org/pipermail/llvm-dev/2015-August/089384.html
and initially landed (but then backed out) in Nov 2015:
http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20151109/312083.html
The @llvm.memcpy/memmove/memset intrinsics currently have an explicit argument
which is required to be a constant integer. It represents the alignment of the
dest (and source), and so must be the minimum of the actual alignment of the
two.
This change is the first in a series that allows source and dest to each
have their own alignments by using the alignment attribute on their arguments.
In this change we:
1) Remove the alignment argument.
2) Add alignment attributes to the source & dest arguments. We, temporarily,
require that the alignments for source & dest be equal.
For example, code which used to read:
call void @llvm.memcpy.p0i8.p0i8.i32(i8* %dest, i8* %src, i32 100, i32 4, i1 false)
will now read
call void @llvm.memcpy.p0i8.p0i8.i32(i8* align 4 %dest, i8* align 4 %src, i32 100, i1 false)
Downstream users may have to update their lit tests that check for
@llvm.memcpy/memmove/memset call/declaration patterns. The following extended sed script
may help with updating the majority of your tests, but it does not catch all possible
patterns so some manual checking and updating will be required.
s~declare void @llvm\.mem(set|cpy|move)\.p([^(]*)\((.*), i32, i1\)~declare void @llvm.mem\1.p\2(\3, i1)~g
s~call void @llvm\.memset\.p([^(]*)i8\(i8([^*]*)\* (.*), i8 (.*), i8 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.memset.p\1i8(i8\2* \3, i8 \4, i8 \5, i1 \6)~g
s~call void @llvm\.memset\.p([^(]*)i16\(i8([^*]*)\* (.*), i8 (.*), i16 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.memset.p\1i16(i8\2* \3, i8 \4, i16 \5, i1 \6)~g
s~call void @llvm\.memset\.p([^(]*)i32\(i8([^*]*)\* (.*), i8 (.*), i32 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.memset.p\1i32(i8\2* \3, i8 \4, i32 \5, i1 \6)~g
s~call void @llvm\.memset\.p([^(]*)i64\(i8([^*]*)\* (.*), i8 (.*), i64 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.memset.p\1i64(i8\2* \3, i8 \4, i64 \5, i1 \6)~g
s~call void @llvm\.memset\.p([^(]*)i128\(i8([^*]*)\* (.*), i8 (.*), i128 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.memset.p\1i128(i8\2* \3, i8 \4, i128 \5, i1 \6)~g
s~call void @llvm\.memset\.p([^(]*)i8\(i8([^*]*)\* (.*), i8 (.*), i8 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.memset.p\1i8(i8\2* align \6 \3, i8 \4, i8 \5, i1 \7)~g
s~call void @llvm\.memset\.p([^(]*)i16\(i8([^*]*)\* (.*), i8 (.*), i16 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.memset.p\1i16(i8\2* align \6 \3, i8 \4, i16 \5, i1 \7)~g
s~call void @llvm\.memset\.p([^(]*)i32\(i8([^*]*)\* (.*), i8 (.*), i32 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.memset.p\1i32(i8\2* align \6 \3, i8 \4, i32 \5, i1 \7)~g
s~call void @llvm\.memset\.p([^(]*)i64\(i8([^*]*)\* (.*), i8 (.*), i64 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.memset.p\1i64(i8\2* align \6 \3, i8 \4, i64 \5, i1 \7)~g
s~call void @llvm\.memset\.p([^(]*)i128\(i8([^*]*)\* (.*), i8 (.*), i128 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.memset.p\1i128(i8\2* align \6 \3, i8 \4, i128 \5, i1 \7)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i8\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i8 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.mem\1.p\2i8(i8\3* \4, i8\5* \6, i8 \7, i1 \8)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i16\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i16 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.mem\1.p\2i16(i8\3* \4, i8\5* \6, i16 \7, i1 \8)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i32\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i32 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.mem\1.p\2i32(i8\3* \4, i8\5* \6, i32 \7, i1 \8)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i64\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i64 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.mem\1.p\2i64(i8\3* \4, i8\5* \6, i64 \7, i1 \8)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i128\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i128 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.mem\1.p\2i128(i8\3* \4, i8\5* \6, i128 \7, i1 \8)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i8\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i8 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.mem\1.p\2i8(i8\3* align \8 \4, i8\5* align \8 \6, i8 \7, i1 \9)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i16\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i16 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.mem\1.p\2i16(i8\3* align \8 \4, i8\5* align \8 \6, i16 \7, i1 \9)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i32\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i32 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.mem\1.p\2i32(i8\3* align \8 \4, i8\5* align \8 \6, i32 \7, i1 \9)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i64\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i64 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.mem\1.p\2i64(i8\3* align \8 \4, i8\5* align \8 \6, i64 \7, i1 \9)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i128\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i128 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.mem\1.p\2i128(i8\3* align \8 \4, i8\5* align \8 \6, i128 \7, i1 \9)~g
The remaining changes in the series will:
Step 2) Expand the IRBuilder API to allow creation of memcpy/memmove with differing
source and dest alignments.
Step 3) Update Clang to use the new IRBuilder API.
Step 4) Update Polly to use the new IRBuilder API.
Step 5) Update LLVM passes that create memcpy/memmove calls to use the new IRBuilder API,
and those that use use MemIntrinsicInst::[get|set]Alignment() to use
getDestAlignment() and getSourceAlignment() instead.
Step 6) Remove the single-alignment IRBuilder API for memcpy/memmove, and the
MemIntrinsicInst::[get|set]Alignment() methods.
Reviewers: pete, hfinkel, lhames, reames, bollu
Reviewed By: reames
Subscribers: niosHD, reames, jholewinski, qcolombet, jfb, sanjoy, arsenm, dschuff, dylanmckay, mehdi_amini, sdardis, nemanjai, david2050, nhaehnle, javed.absar, sbc100, jgravelle-google, eraman, aheejin, kbarton, JDevlieghere, asb, rbar, johnrusso, simoncook, jordy.potman.lists, apazos, sabuasal, llvm-commits
Differential Revision: https://reviews.llvm.org/D41675
llvm-svn: 322965
2018-01-20 01:13:12 +08:00
|
|
|
} else {
|
[DSan] Update uses of memory intrinsic get/setAlignment to new API (NFC)
Summary:
This change is part of step five in the series of changes to remove alignment argument from
memcpy/memmove/memset in favour of alignment attributes. In particular, this changes the
DataFlowSanitizer pass to cease using the old get/setAlignment() API of MemoryIntrinsic
in favour of getting source & dest specific alignments through the new API.
Steps:
Step 1) Remove alignment parameter and create alignment parameter attributes for
memcpy/memmove/memset. ( rL322965, rC322964, rL322963 )
Step 2) Expand the IRBuilder API to allow creation of memcpy/memmove with differing
source and dest alignments. ( rL323597 )
Step 3) Update Clang to use the new IRBuilder API. ( rC323617 )
Step 4) Update Polly to use the new IRBuilder API. ( rL323618 )
Step 5) Update LLVM passes that create memcpy/memmove calls to use the new IRBuilder API,
and those that use use MemIntrinsicInst::[get|set]Alignment() to use [get|set]DestAlignment()
and [get|set]SourceAlignment() instead. ( rL323886, rL323891, rL324148, rL324273, rL324278,
rL324384, rL324395, rL324402, rL324626, rL324642, rL324653 )
Step 6) Remove the single-alignment IRBuilder API for memcpy/memmove, and the
MemIntrinsicInst::[get|set]Alignment() methods.
Reference
http://lists.llvm.org/pipermail/llvm-dev/2015-August/089384.html
http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20151109/312083.html
llvm-svn: 324654
2018-02-09 05:28:26 +08:00
|
|
|
MTI->setDestAlignment(DFSF.DFS.ShadowWidth / 8);
|
|
|
|
MTI->setSourceAlignment(DFSF.DFS.ShadowWidth / 8);
|
Remove alignment argument from memcpy/memmove/memset in favour of alignment attributes (Step 1)
Summary:
This is a resurrection of work first proposed and discussed in Aug 2015:
http://lists.llvm.org/pipermail/llvm-dev/2015-August/089384.html
and initially landed (but then backed out) in Nov 2015:
http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20151109/312083.html
The @llvm.memcpy/memmove/memset intrinsics currently have an explicit argument
which is required to be a constant integer. It represents the alignment of the
dest (and source), and so must be the minimum of the actual alignment of the
two.
This change is the first in a series that allows source and dest to each
have their own alignments by using the alignment attribute on their arguments.
In this change we:
1) Remove the alignment argument.
2) Add alignment attributes to the source & dest arguments. We, temporarily,
require that the alignments for source & dest be equal.
For example, code which used to read:
call void @llvm.memcpy.p0i8.p0i8.i32(i8* %dest, i8* %src, i32 100, i32 4, i1 false)
will now read
call void @llvm.memcpy.p0i8.p0i8.i32(i8* align 4 %dest, i8* align 4 %src, i32 100, i1 false)
Downstream users may have to update their lit tests that check for
@llvm.memcpy/memmove/memset call/declaration patterns. The following extended sed script
may help with updating the majority of your tests, but it does not catch all possible
patterns so some manual checking and updating will be required.
s~declare void @llvm\.mem(set|cpy|move)\.p([^(]*)\((.*), i32, i1\)~declare void @llvm.mem\1.p\2(\3, i1)~g
s~call void @llvm\.memset\.p([^(]*)i8\(i8([^*]*)\* (.*), i8 (.*), i8 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.memset.p\1i8(i8\2* \3, i8 \4, i8 \5, i1 \6)~g
s~call void @llvm\.memset\.p([^(]*)i16\(i8([^*]*)\* (.*), i8 (.*), i16 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.memset.p\1i16(i8\2* \3, i8 \4, i16 \5, i1 \6)~g
s~call void @llvm\.memset\.p([^(]*)i32\(i8([^*]*)\* (.*), i8 (.*), i32 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.memset.p\1i32(i8\2* \3, i8 \4, i32 \5, i1 \6)~g
s~call void @llvm\.memset\.p([^(]*)i64\(i8([^*]*)\* (.*), i8 (.*), i64 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.memset.p\1i64(i8\2* \3, i8 \4, i64 \5, i1 \6)~g
s~call void @llvm\.memset\.p([^(]*)i128\(i8([^*]*)\* (.*), i8 (.*), i128 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.memset.p\1i128(i8\2* \3, i8 \4, i128 \5, i1 \6)~g
s~call void @llvm\.memset\.p([^(]*)i8\(i8([^*]*)\* (.*), i8 (.*), i8 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.memset.p\1i8(i8\2* align \6 \3, i8 \4, i8 \5, i1 \7)~g
s~call void @llvm\.memset\.p([^(]*)i16\(i8([^*]*)\* (.*), i8 (.*), i16 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.memset.p\1i16(i8\2* align \6 \3, i8 \4, i16 \5, i1 \7)~g
s~call void @llvm\.memset\.p([^(]*)i32\(i8([^*]*)\* (.*), i8 (.*), i32 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.memset.p\1i32(i8\2* align \6 \3, i8 \4, i32 \5, i1 \7)~g
s~call void @llvm\.memset\.p([^(]*)i64\(i8([^*]*)\* (.*), i8 (.*), i64 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.memset.p\1i64(i8\2* align \6 \3, i8 \4, i64 \5, i1 \7)~g
s~call void @llvm\.memset\.p([^(]*)i128\(i8([^*]*)\* (.*), i8 (.*), i128 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.memset.p\1i128(i8\2* align \6 \3, i8 \4, i128 \5, i1 \7)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i8\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i8 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.mem\1.p\2i8(i8\3* \4, i8\5* \6, i8 \7, i1 \8)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i16\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i16 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.mem\1.p\2i16(i8\3* \4, i8\5* \6, i16 \7, i1 \8)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i32\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i32 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.mem\1.p\2i32(i8\3* \4, i8\5* \6, i32 \7, i1 \8)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i64\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i64 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.mem\1.p\2i64(i8\3* \4, i8\5* \6, i64 \7, i1 \8)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i128\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i128 (.*), i32 [01], i1 ([^)]*)\)~call void @llvm.mem\1.p\2i128(i8\3* \4, i8\5* \6, i128 \7, i1 \8)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i8\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i8 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.mem\1.p\2i8(i8\3* align \8 \4, i8\5* align \8 \6, i8 \7, i1 \9)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i16\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i16 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.mem\1.p\2i16(i8\3* align \8 \4, i8\5* align \8 \6, i16 \7, i1 \9)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i32\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i32 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.mem\1.p\2i32(i8\3* align \8 \4, i8\5* align \8 \6, i32 \7, i1 \9)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i64\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i64 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.mem\1.p\2i64(i8\3* align \8 \4, i8\5* align \8 \6, i64 \7, i1 \9)~g
s~call void @llvm\.mem(cpy|move)\.p([^(]*)i128\(i8([^*]*)\* (.*), i8([^*]*)\* (.*), i128 (.*), i32 ([0-9]*), i1 ([^)]*)\)~call void @llvm.mem\1.p\2i128(i8\3* align \8 \4, i8\5* align \8 \6, i128 \7, i1 \9)~g
The remaining changes in the series will:
Step 2) Expand the IRBuilder API to allow creation of memcpy/memmove with differing
source and dest alignments.
Step 3) Update Clang to use the new IRBuilder API.
Step 4) Update Polly to use the new IRBuilder API.
Step 5) Update LLVM passes that create memcpy/memmove calls to use the new IRBuilder API,
and those that use use MemIntrinsicInst::[get|set]Alignment() to use
getDestAlignment() and getSourceAlignment() instead.
Step 6) Remove the single-alignment IRBuilder API for memcpy/memmove, and the
MemIntrinsicInst::[get|set]Alignment() methods.
Reviewers: pete, hfinkel, lhames, reames, bollu
Reviewed By: reames
Subscribers: niosHD, reames, jholewinski, qcolombet, jfb, sanjoy, arsenm, dschuff, dylanmckay, mehdi_amini, sdardis, nemanjai, david2050, nhaehnle, javed.absar, sbc100, jgravelle-google, eraman, aheejin, kbarton, JDevlieghere, asb, rbar, johnrusso, simoncook, jordy.potman.lists, apazos, sabuasal, llvm-commits
Differential Revision: https://reviews.llvm.org/D41675
llvm-svn: 322965
2018-01-20 01:13:12 +08:00
|
|
|
}
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanVisitor::visitReturnInst(ReturnInst &RI) {
|
2013-08-15 02:54:12 +08:00
|
|
|
if (!DFSF.IsNativeABI && RI.getReturnValue()) {
|
2013-08-08 06:47:18 +08:00
|
|
|
switch (DFSF.IA) {
|
|
|
|
case DataFlowSanitizer::IA_TLS: {
|
|
|
|
Value *S = DFSF.getShadow(RI.getReturnValue());
|
|
|
|
IRBuilder<> IRB(&RI);
|
|
|
|
IRB.CreateStore(S, DFSF.getRetvalTLS());
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
case DataFlowSanitizer::IA_Args: {
|
|
|
|
IRBuilder<> IRB(&RI);
|
|
|
|
Type *RT = DFSF.F->getFunctionType()->getReturnType();
|
|
|
|
Value *InsVal =
|
|
|
|
IRB.CreateInsertValue(UndefValue::get(RT), RI.getReturnValue(), 0);
|
|
|
|
Value *InsShadow =
|
|
|
|
IRB.CreateInsertValue(InsVal, DFSF.getShadow(RI.getReturnValue()), 1);
|
|
|
|
RI.setOperand(0, InsShadow);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanVisitor::visitCallSite(CallSite CS) {
|
|
|
|
Function *F = CS.getCalledFunction();
|
|
|
|
if ((F && F->isIntrinsic()) || isa<InlineAsm>(CS.getCalledValue())) {
|
|
|
|
visitOperandShadowInst(*CS.getInstruction());
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2014-11-06 01:21:00 +08:00
|
|
|
// Calls to this function are synthesized in wrappers, and we shouldn't
|
|
|
|
// instrument them.
|
|
|
|
if (F == DFSF.DFS.DFSanVarargWrapperFn)
|
|
|
|
return;
|
|
|
|
|
2013-08-15 02:54:12 +08:00
|
|
|
IRBuilder<> IRB(CS.getInstruction());
|
|
|
|
|
2013-08-08 06:47:18 +08:00
|
|
|
DenseMap<Value *, Function *>::iterator i =
|
|
|
|
DFSF.DFS.UnwrappedFnMap.find(CS.getCalledValue());
|
|
|
|
if (i != DFSF.DFS.UnwrappedFnMap.end()) {
|
2013-08-15 02:54:12 +08:00
|
|
|
Function *F = i->second;
|
|
|
|
switch (DFSF.DFS.getWrapperKind(F)) {
|
2017-10-21 08:57:46 +08:00
|
|
|
case DataFlowSanitizer::WK_Warning:
|
2013-08-15 02:54:12 +08:00
|
|
|
CS.setCalledFunction(F);
|
|
|
|
IRB.CreateCall(DFSF.DFS.DFSanUnimplementedFn,
|
|
|
|
IRB.CreateGlobalStringPtr(F->getName()));
|
|
|
|
DFSF.setShadow(CS.getInstruction(), DFSF.DFS.ZeroShadow);
|
|
|
|
return;
|
2017-10-21 08:57:46 +08:00
|
|
|
case DataFlowSanitizer::WK_Discard:
|
2013-08-15 02:54:12 +08:00
|
|
|
CS.setCalledFunction(F);
|
|
|
|
DFSF.setShadow(CS.getInstruction(), DFSF.DFS.ZeroShadow);
|
|
|
|
return;
|
2017-10-21 08:57:46 +08:00
|
|
|
case DataFlowSanitizer::WK_Functional:
|
2013-08-15 02:54:12 +08:00
|
|
|
CS.setCalledFunction(F);
|
|
|
|
visitOperandShadowInst(*CS.getInstruction());
|
|
|
|
return;
|
2017-10-21 08:57:46 +08:00
|
|
|
case DataFlowSanitizer::WK_Custom:
|
2013-08-15 02:54:12 +08:00
|
|
|
// Don't try to handle invokes of custom functions, it's too complicated.
|
|
|
|
// Instead, invoke the dfsw$ wrapper, which will in turn call the __dfsw_
|
|
|
|
// wrapper.
|
|
|
|
if (CallInst *CI = dyn_cast<CallInst>(CS.getInstruction())) {
|
|
|
|
FunctionType *FT = F->getFunctionType();
|
2018-02-23 03:09:07 +08:00
|
|
|
TransformedFunction CustomFn = DFSF.DFS.getCustomFunctionType(FT);
|
2013-08-15 02:54:12 +08:00
|
|
|
std::string CustomFName = "__dfsw_";
|
|
|
|
CustomFName += F->getName();
|
2018-02-23 03:09:07 +08:00
|
|
|
Constant *CustomF = DFSF.DFS.Mod->getOrInsertFunction(
|
|
|
|
CustomFName, CustomFn.TransformedType);
|
2013-08-15 02:54:12 +08:00
|
|
|
if (Function *CustomFn = dyn_cast<Function>(CustomF)) {
|
|
|
|
CustomFn->copyAttributesFrom(F);
|
|
|
|
|
|
|
|
// Custom functions returning non-void will write to the return label.
|
|
|
|
if (!FT->getReturnType()->isVoidTy()) {
|
Rename AttributeSet to AttributeList
Summary:
This class is a list of AttributeSetNodes corresponding the function
prototype of a call or function declaration. This class used to be
called ParamAttrListPtr, then AttrListPtr, then AttributeSet. It is
typically accessed by parameter and return value index, so
"AttributeList" seems like a more intuitive name.
Rename AttributeSetImpl to AttributeListImpl to follow suit.
It's useful to rename this class so that we can rename AttributeSetNode
to AttributeSet later. AttributeSet is the set of attributes that apply
to a single function, argument, or return value.
Reviewers: sanjoy, javed.absar, chandlerc, pete
Reviewed By: pete
Subscribers: pete, jholewinski, arsenm, dschuff, mehdi_amini, jfb, nhaehnle, sbc100, void, llvm-commits
Differential Revision: https://reviews.llvm.org/D31102
llvm-svn: 298393
2017-03-22 00:57:19 +08:00
|
|
|
CustomFn->removeAttributes(AttributeList::FunctionIndex,
|
2013-08-15 02:54:12 +08:00
|
|
|
DFSF.DFS.ReadOnlyNoneAttrs);
|
|
|
|
}
|
|
|
|
}
|
2013-08-08 06:47:18 +08:00
|
|
|
|
2013-08-15 02:54:12 +08:00
|
|
|
std::vector<Value *> Args;
|
|
|
|
|
|
|
|
CallSite::arg_iterator i = CS.arg_begin();
|
2014-10-30 21:22:57 +08:00
|
|
|
for (unsigned n = FT->getNumParams(); n != 0; ++i, --n) {
|
2013-08-28 06:09:06 +08:00
|
|
|
Type *T = (*i)->getType();
|
|
|
|
FunctionType *ParamFT;
|
|
|
|
if (isa<PointerType>(T) &&
|
|
|
|
(ParamFT = dyn_cast<FunctionType>(
|
|
|
|
cast<PointerType>(T)->getElementType()))) {
|
|
|
|
std::string TName = "dfst";
|
|
|
|
TName += utostr(FT->getNumParams() - n);
|
|
|
|
TName += "$";
|
|
|
|
TName += F->getName();
|
|
|
|
Constant *T = DFSF.DFS.getOrBuildTrampolineFunction(ParamFT, TName);
|
|
|
|
Args.push_back(T);
|
|
|
|
Args.push_back(
|
|
|
|
IRB.CreateBitCast(*i, Type::getInt8PtrTy(*DFSF.DFS.Ctx)));
|
|
|
|
} else {
|
|
|
|
Args.push_back(*i);
|
|
|
|
}
|
|
|
|
}
|
2013-08-15 02:54:12 +08:00
|
|
|
|
|
|
|
i = CS.arg_begin();
|
2017-08-17 22:14:25 +08:00
|
|
|
const unsigned ShadowArgStart = Args.size();
|
2014-10-30 21:22:57 +08:00
|
|
|
for (unsigned n = FT->getNumParams(); n != 0; ++i, --n)
|
2013-08-15 02:54:12 +08:00
|
|
|
Args.push_back(DFSF.getShadow(*i));
|
|
|
|
|
2014-10-30 21:22:57 +08:00
|
|
|
if (FT->isVarArg()) {
|
2015-04-06 06:44:57 +08:00
|
|
|
auto *LabelVATy = ArrayType::get(DFSF.DFS.ShadowTy,
|
|
|
|
CS.arg_size() - FT->getNumParams());
|
2015-10-14 01:39:10 +08:00
|
|
|
auto *LabelVAAlloca = new AllocaInst(
|
2017-04-11 06:27:50 +08:00
|
|
|
LabelVATy, getDataLayout().getAllocaAddrSpace(),
|
|
|
|
"labelva", &DFSF.F->getEntryBlock().front());
|
2014-10-30 21:22:57 +08:00
|
|
|
|
|
|
|
for (unsigned n = 0; i != CS.arg_end(); ++i, ++n) {
|
2015-04-06 06:41:44 +08:00
|
|
|
auto LabelVAPtr = IRB.CreateStructGEP(LabelVATy, LabelVAAlloca, n);
|
2014-10-30 21:22:57 +08:00
|
|
|
IRB.CreateStore(DFSF.getShadow(*i), LabelVAPtr);
|
|
|
|
}
|
|
|
|
|
2015-04-06 06:41:44 +08:00
|
|
|
Args.push_back(IRB.CreateStructGEP(LabelVATy, LabelVAAlloca, 0));
|
2014-10-30 21:22:57 +08:00
|
|
|
}
|
|
|
|
|
2013-08-15 02:54:12 +08:00
|
|
|
if (!FT->getReturnType()->isVoidTy()) {
|
|
|
|
if (!DFSF.LabelReturnAlloca) {
|
|
|
|
DFSF.LabelReturnAlloca =
|
2017-04-11 06:27:50 +08:00
|
|
|
new AllocaInst(DFSF.DFS.ShadowTy,
|
|
|
|
getDataLayout().getAllocaAddrSpace(),
|
|
|
|
"labelreturn", &DFSF.F->getEntryBlock().front());
|
2013-08-15 02:54:12 +08:00
|
|
|
}
|
|
|
|
Args.push_back(DFSF.LabelReturnAlloca);
|
|
|
|
}
|
|
|
|
|
2014-10-30 21:22:57 +08:00
|
|
|
for (i = CS.arg_begin() + FT->getNumParams(); i != CS.arg_end(); ++i)
|
|
|
|
Args.push_back(*i);
|
|
|
|
|
2013-08-15 02:54:12 +08:00
|
|
|
CallInst *CustomCI = IRB.CreateCall(CustomF, Args);
|
|
|
|
CustomCI->setCallingConv(CI->getCallingConv());
|
2018-02-23 03:09:07 +08:00
|
|
|
CustomCI->setAttributes(TransformFunctionAttributes(CustomFn,
|
|
|
|
CI->getContext(), CI->getAttributes()));
|
2013-08-15 02:54:12 +08:00
|
|
|
|
2017-08-17 22:14:25 +08:00
|
|
|
// Update the parameter attributes of the custom call instruction to
|
|
|
|
// zero extend the shadow parameters. This is required for targets
|
|
|
|
// which consider ShadowTy an illegal type.
|
|
|
|
for (unsigned n = 0; n < FT->getNumParams(); n++) {
|
|
|
|
const unsigned ArgNo = ShadowArgStart + n;
|
|
|
|
if (CustomCI->getArgOperand(ArgNo)->getType() == DFSF.DFS.ShadowTy)
|
|
|
|
CustomCI->addParamAttr(ArgNo, Attribute::ZExt);
|
|
|
|
}
|
|
|
|
|
2013-08-15 02:54:12 +08:00
|
|
|
if (!FT->getReturnType()->isVoidTy()) {
|
|
|
|
LoadInst *LabelLoad = IRB.CreateLoad(DFSF.LabelReturnAlloca);
|
|
|
|
DFSF.setShadow(CustomCI, LabelLoad);
|
|
|
|
}
|
|
|
|
|
|
|
|
CI->replaceAllUsesWith(CustomCI);
|
|
|
|
CI->eraseFromParent();
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2013-08-08 06:47:18 +08:00
|
|
|
|
|
|
|
FunctionType *FT = cast<FunctionType>(
|
|
|
|
CS.getCalledValue()->getType()->getPointerElementType());
|
2013-08-15 02:54:12 +08:00
|
|
|
if (DFSF.DFS.getInstrumentedABI() == DataFlowSanitizer::IA_TLS) {
|
2013-08-08 06:47:18 +08:00
|
|
|
for (unsigned i = 0, n = FT->getNumParams(); i != n; ++i) {
|
|
|
|
IRB.CreateStore(DFSF.getShadow(CS.getArgument(i)),
|
|
|
|
DFSF.getArgTLS(i, CS.getInstruction()));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-04-25 13:29:35 +08:00
|
|
|
Instruction *Next = nullptr;
|
2013-08-08 06:47:18 +08:00
|
|
|
if (!CS.getType()->isVoidTy()) {
|
|
|
|
if (InvokeInst *II = dyn_cast<InvokeInst>(CS.getInstruction())) {
|
|
|
|
if (II->getNormalDest()->getSinglePredecessor()) {
|
2015-10-14 01:39:10 +08:00
|
|
|
Next = &II->getNormalDest()->front();
|
2013-08-08 06:47:18 +08:00
|
|
|
} else {
|
|
|
|
BasicBlock *NewBB =
|
2015-01-19 20:36:53 +08:00
|
|
|
SplitEdge(II->getParent(), II->getNormalDest(), &DFSF.DT);
|
2015-10-14 01:39:10 +08:00
|
|
|
Next = &NewBB->front();
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
} else {
|
2015-10-14 01:39:10 +08:00
|
|
|
assert(CS->getIterator() != CS->getParent()->end());
|
2013-08-08 06:47:18 +08:00
|
|
|
Next = CS->getNextNode();
|
|
|
|
}
|
|
|
|
|
2013-08-15 02:54:12 +08:00
|
|
|
if (DFSF.DFS.getInstrumentedABI() == DataFlowSanitizer::IA_TLS) {
|
2013-08-08 06:47:18 +08:00
|
|
|
IRBuilder<> NextIRB(Next);
|
|
|
|
LoadInst *LI = NextIRB.CreateLoad(DFSF.getRetvalTLS());
|
|
|
|
DFSF.SkipInsts.insert(LI);
|
|
|
|
DFSF.setShadow(CS.getInstruction(), LI);
|
2014-08-22 09:18:18 +08:00
|
|
|
DFSF.NonZeroChecks.push_back(LI);
|
2013-08-08 06:47:18 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Do all instrumentation for IA_Args down here to defer tampering with the
|
|
|
|
// CFG in a way that SplitEdge may be able to detect.
|
2013-08-15 02:54:12 +08:00
|
|
|
if (DFSF.DFS.getInstrumentedABI() == DataFlowSanitizer::IA_Args) {
|
|
|
|
FunctionType *NewFT = DFSF.DFS.getArgsFunctionType(FT);
|
2013-08-08 06:47:18 +08:00
|
|
|
Value *Func =
|
|
|
|
IRB.CreateBitCast(CS.getCalledValue(), PointerType::getUnqual(NewFT));
|
|
|
|
std::vector<Value *> Args;
|
|
|
|
|
|
|
|
CallSite::arg_iterator i = CS.arg_begin(), e = CS.arg_end();
|
|
|
|
for (unsigned n = FT->getNumParams(); n != 0; ++i, --n)
|
|
|
|
Args.push_back(*i);
|
|
|
|
|
|
|
|
i = CS.arg_begin();
|
|
|
|
for (unsigned n = FT->getNumParams(); n != 0; ++i, --n)
|
|
|
|
Args.push_back(DFSF.getShadow(*i));
|
|
|
|
|
|
|
|
if (FT->isVarArg()) {
|
|
|
|
unsigned VarArgSize = CS.arg_size() - FT->getNumParams();
|
|
|
|
ArrayType *VarArgArrayTy = ArrayType::get(DFSF.DFS.ShadowTy, VarArgSize);
|
|
|
|
AllocaInst *VarArgShadow =
|
2017-04-11 06:27:50 +08:00
|
|
|
new AllocaInst(VarArgArrayTy, getDataLayout().getAllocaAddrSpace(),
|
|
|
|
"", &DFSF.F->getEntryBlock().front());
|
2015-04-05 05:07:10 +08:00
|
|
|
Args.push_back(IRB.CreateConstGEP2_32(VarArgArrayTy, VarArgShadow, 0, 0));
|
2013-08-08 06:47:18 +08:00
|
|
|
for (unsigned n = 0; i != e; ++i, ++n) {
|
2015-04-05 05:07:10 +08:00
|
|
|
IRB.CreateStore(
|
|
|
|
DFSF.getShadow(*i),
|
|
|
|
IRB.CreateConstGEP2_32(VarArgArrayTy, VarArgShadow, 0, n));
|
2013-08-08 06:47:18 +08:00
|
|
|
Args.push_back(*i);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
CallSite NewCS;
|
|
|
|
if (InvokeInst *II = dyn_cast<InvokeInst>(CS.getInstruction())) {
|
|
|
|
NewCS = IRB.CreateInvoke(Func, II->getNormalDest(), II->getUnwindDest(),
|
|
|
|
Args);
|
|
|
|
} else {
|
|
|
|
NewCS = IRB.CreateCall(Func, Args);
|
|
|
|
}
|
|
|
|
NewCS.setCallingConv(CS.getCallingConv());
|
|
|
|
NewCS.setAttributes(CS.getAttributes().removeAttributes(
|
Rename AttributeSet to AttributeList
Summary:
This class is a list of AttributeSetNodes corresponding the function
prototype of a call or function declaration. This class used to be
called ParamAttrListPtr, then AttrListPtr, then AttributeSet. It is
typically accessed by parameter and return value index, so
"AttributeList" seems like a more intuitive name.
Rename AttributeSetImpl to AttributeListImpl to follow suit.
It's useful to rename this class so that we can rename AttributeSetNode
to AttributeSet later. AttributeSet is the set of attributes that apply
to a single function, argument, or return value.
Reviewers: sanjoy, javed.absar, chandlerc, pete
Reviewed By: pete
Subscribers: pete, jholewinski, arsenm, dschuff, mehdi_amini, jfb, nhaehnle, sbc100, void, llvm-commits
Differential Revision: https://reviews.llvm.org/D31102
llvm-svn: 298393
2017-03-22 00:57:19 +08:00
|
|
|
*DFSF.DFS.Ctx, AttributeList::ReturnIndex,
|
2015-05-07 07:19:56 +08:00
|
|
|
AttributeFuncs::typeIncompatible(NewCS.getInstruction()->getType())));
|
2013-08-08 06:47:18 +08:00
|
|
|
|
|
|
|
if (Next) {
|
|
|
|
ExtractValueInst *ExVal =
|
|
|
|
ExtractValueInst::Create(NewCS.getInstruction(), 0, "", Next);
|
|
|
|
DFSF.SkipInsts.insert(ExVal);
|
|
|
|
ExtractValueInst *ExShadow =
|
|
|
|
ExtractValueInst::Create(NewCS.getInstruction(), 1, "", Next);
|
|
|
|
DFSF.SkipInsts.insert(ExShadow);
|
|
|
|
DFSF.setShadow(ExVal, ExShadow);
|
2014-08-22 09:18:18 +08:00
|
|
|
DFSF.NonZeroChecks.push_back(ExShadow);
|
2013-08-08 06:47:18 +08:00
|
|
|
|
|
|
|
CS.getInstruction()->replaceAllUsesWith(ExVal);
|
|
|
|
}
|
|
|
|
|
|
|
|
CS.getInstruction()->eraseFromParent();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void DFSanVisitor::visitPHINode(PHINode &PN) {
|
|
|
|
PHINode *ShadowPN =
|
|
|
|
PHINode::Create(DFSF.DFS.ShadowTy, PN.getNumIncomingValues(), "", &PN);
|
|
|
|
|
|
|
|
// Give the shadow phi node valid predecessors to fool SplitEdge into working.
|
|
|
|
Value *UndefShadow = UndefValue::get(DFSF.DFS.ShadowTy);
|
|
|
|
for (PHINode::block_iterator i = PN.block_begin(), e = PN.block_end(); i != e;
|
|
|
|
++i) {
|
|
|
|
ShadowPN->addIncoming(UndefShadow, *i);
|
|
|
|
}
|
|
|
|
|
|
|
|
DFSF.PHIFixups.push_back(std::make_pair(&PN, ShadowPN));
|
|
|
|
DFSF.setShadow(&PN, ShadowPN);
|
|
|
|
}
|