forked from OSchip/llvm-project
b6c06dc28f
Summary: UBSan wants to detect when unreachable code is actually reached, so it adds instrumentation before every unreachable instruction. However, the optimizer will remove code after calls to functions marked with noreturn. To avoid this UBSan removes noreturn from both the call instruction as well as from the function itself. Unfortunately, ASan relies on this annotation to unpoison the stack by inserting calls to _asan_handle_no_return before noreturn functions. This is important for functions that do not return but access the the stack memory, e.g., unwinder functions *like* longjmp (longjmp itself is actually "double-proofed" via its interceptor). The result is that when ASan and UBSan are combined, the noreturn attributes are missing and ASan cannot unpoison the stack, so it has false positives when stack unwinding is used. Changes: Clang-CodeGen now directly insert calls to `__asan_handle_no_return` when a call to a noreturn function is encountered and both UBsan-unreachable and ASan are enabled. This allows UBSan to continue removing the noreturn attribute from functions without any changes to the ASan pass. Previously generated code: ``` call void @longjmp call void @__asan_handle_no_return call void @__ubsan_handle_builtin_unreachable ``` Generated code (for now): ``` call void @__asan_handle_no_return call void @longjmp call void @__asan_handle_no_return call void @__ubsan_handle_builtin_unreachable ``` rdar://problem/40723397 Reviewers: delcypher, eugenis, vsk Differential Revision: https://reviews.llvm.org/D57278 > llvm-svn: 352690 llvm-svn: 352829 |
||
|---|---|---|
| .. | ||
| ABIInfo.h | ||
| Address.h | ||
| BackendUtil.cpp | ||
| CGAtomic.cpp | ||
| CGBlocks.cpp | ||
| CGBlocks.h | ||
| CGBuilder.h | ||
| CGBuiltin.cpp | ||
| CGCUDANV.cpp | ||
| CGCUDARuntime.cpp | ||
| CGCUDARuntime.h | ||
| CGCXX.cpp | ||
| CGCXXABI.cpp | ||
| CGCXXABI.h | ||
| CGCall.cpp | ||
| CGCall.h | ||
| CGClass.cpp | ||
| CGCleanup.cpp | ||
| CGCleanup.h | ||
| CGCoroutine.cpp | ||
| CGDebugInfo.cpp | ||
| CGDebugInfo.h | ||
| CGDecl.cpp | ||
| CGDeclCXX.cpp | ||
| CGException.cpp | ||
| CGExpr.cpp | ||
| CGExprAgg.cpp | ||
| CGExprCXX.cpp | ||
| CGExprComplex.cpp | ||
| CGExprConstant.cpp | ||
| CGExprScalar.cpp | ||
| CGGPUBuiltin.cpp | ||
| CGLoopInfo.cpp | ||
| CGLoopInfo.h | ||
| CGNonTrivialStruct.cpp | ||
| CGObjC.cpp | ||
| CGObjCGNU.cpp | ||
| CGObjCMac.cpp | ||
| CGObjCRuntime.cpp | ||
| CGObjCRuntime.h | ||
| CGOpenCLRuntime.cpp | ||
| CGOpenCLRuntime.h | ||
| CGOpenMPRuntime.cpp | ||
| CGOpenMPRuntime.h | ||
| CGOpenMPRuntimeNVPTX.cpp | ||
| CGOpenMPRuntimeNVPTX.h | ||
| CGRecordLayout.h | ||
| CGRecordLayoutBuilder.cpp | ||
| CGStmt.cpp | ||
| CGStmtOpenMP.cpp | ||
| CGVTT.cpp | ||
| CGVTables.cpp | ||
| CGVTables.h | ||
| CGValue.h | ||
| CMakeLists.txt | ||
| CodeGenABITypes.cpp | ||
| CodeGenAction.cpp | ||
| CodeGenFunction.cpp | ||
| CodeGenFunction.h | ||
| CodeGenModule.cpp | ||
| CodeGenModule.h | ||
| CodeGenPGO.cpp | ||
| CodeGenPGO.h | ||
| CodeGenTBAA.cpp | ||
| CodeGenTBAA.h | ||
| CodeGenTypeCache.h | ||
| CodeGenTypes.cpp | ||
| CodeGenTypes.h | ||
| ConstantEmitter.h | ||
| ConstantInitBuilder.cpp | ||
| CoverageMappingGen.cpp | ||
| CoverageMappingGen.h | ||
| EHScopeStack.h | ||
| ItaniumCXXABI.cpp | ||
| MacroPPCallbacks.cpp | ||
| MacroPPCallbacks.h | ||
| MicrosoftCXXABI.cpp | ||
| ModuleBuilder.cpp | ||
| ObjectFilePCHContainerOperations.cpp | ||
| README.txt | ||
| SanitizerMetadata.cpp | ||
| SanitizerMetadata.h | ||
| SwiftCallingConv.cpp | ||
| TargetInfo.cpp | ||
| TargetInfo.h | ||
| VarBypassDetector.cpp | ||
| VarBypassDetector.h | ||
README.txt
IRgen optimization opportunities. //===---------------------------------------------------------------------===// The common pattern of -- short x; // or char, etc (x == 10) -- generates an zext/sext of x which can easily be avoided. //===---------------------------------------------------------------------===// Bitfields accesses can be shifted to simplify masking and sign extension. For example, if the bitfield width is 8 and it is appropriately aligned then is is a lot shorter to just load the char directly. //===---------------------------------------------------------------------===// It may be worth avoiding creation of alloca's for formal arguments for the common situation where the argument is never written to or has its address taken. The idea would be to begin generating code by using the argument directly and if its address is taken or it is stored to then generate the alloca and patch up the existing code. In theory, the same optimization could be a win for block local variables as long as the declaration dominates all statements in the block. NOTE: The main case we care about this for is for -O0 -g compile time performance, and in that scenario we will need to emit the alloca anyway currently to emit proper debug info. So this is blocked by being able to emit debug information which refers to an LLVM temporary, not an alloca. //===---------------------------------------------------------------------===// We should try and avoid generating basic blocks which only contain jumps. At -O0, this penalizes us all the way from IRgen (malloc & instruction overhead), all the way down through code generation and assembly time. On 176.gcc:expr.ll, it looks like over 12% of basic blocks are just direct branches! //===---------------------------------------------------------------------===//