Revert r160254 temporarily.
It turns out that ASan relied on the at-the-end block insertion order to (purely by happenstance) disable some LLVM optimizations, which in turn start firing when the ordering is made more "normal". These optimizations in turn merge many of the instrumentation reporting calls which breaks the return address based error reporting in ASan. We're looking at several different options for fixing this. llvm-svn: 160256
This commit is contained in:
Chandler Carruth
parent
7e22282b68
commit
8b540ab337
|
|
@ -230,17 +230,17 @@ static GlobalVariable *createPrivateGlobalForString(Module &M, StringRef Str) {
|
|||
// Returns the ThenBlock's terminator.
|
||||
static BranchInst *splitBlockAndInsertIfThen(Value *Cmp) {
|
||||
Instruction *SplitBefore = cast<Instruction>(Cmp)->getNextNode();
|
||||
|
||||
// Create three basic blocks, with the middle block empty, by splitting twice.
|
||||
BasicBlock *Head = SplitBefore->getParent();
|
||||
BasicBlock *Then = Head->splitBasicBlock(SplitBefore);
|
||||
BasicBlock *Tail = Then->splitBasicBlock(SplitBefore);
|
||||
|
||||
BasicBlock *Tail = Head->splitBasicBlock(SplitBefore);
|
||||
TerminatorInst *HeadOldTerm = Head->getTerminator();
|
||||
IRBuilder<>(HeadOldTerm).CreateCondBr(Cmp, Then, Tail);
|
||||
HeadOldTerm->eraseFromParent();
|
||||
LLVMContext &C = Head->getParent()->getParent()->getContext();
|
||||
BasicBlock *ThenBlock = BasicBlock::Create(C, "", Head->getParent());
|
||||
BranchInst *HeadNewTerm =
|
||||
BranchInst::Create(/*ifTrue*/ThenBlock, /*ifFalse*/Tail, Cmp);
|
||||
ReplaceInstWithInst(HeadOldTerm, HeadNewTerm);
|
||||
|
||||
return cast<BranchInst>(Then->getTerminator());
|
||||
BranchInst *CheckTerm = BranchInst::Create(Tail, ThenBlock);
|
||||
return CheckTerm;
|
||||
}
|
||||
|
||||
Value *AddressSanitizer::memToShadow(Value *Shadow, IRBuilder<> &IRB) {
|
||||
|
|
@ -387,28 +387,28 @@ void AddressSanitizer::instrumentAddress(Instruction *OrigIns,
|
|||
Value *Cmp = IRB.CreateICmpNE(ShadowValue, CmpVal);
|
||||
|
||||
Instruction *CheckTerm = splitBlockAndInsertIfThen(Cmp);
|
||||
IRB.SetInsertPoint(CheckTerm);
|
||||
IRBuilder<> IRB2(CheckTerm);
|
||||
|
||||
size_t Granularity = 1 << MappingScale;
|
||||
if (TypeSize < 8 * Granularity) {
|
||||
// Addr & (Granularity - 1)
|
||||
Value *LastAccessedByte = IRB.CreateAnd(
|
||||
Value *LastAccessedByte = IRB2.CreateAnd(
|
||||
AddrLong, ConstantInt::get(IntptrTy, Granularity - 1));
|
||||
// (Addr & (Granularity - 1)) + size - 1
|
||||
if (TypeSize / 8 > 1)
|
||||
LastAccessedByte = IRB.CreateAdd(
|
||||
LastAccessedByte = IRB2.CreateAdd(
|
||||
LastAccessedByte, ConstantInt::get(IntptrTy, TypeSize / 8 - 1));
|
||||
// (uint8_t) ((Addr & (Granularity-1)) + size - 1)
|
||||
LastAccessedByte = IRB.CreateIntCast(
|
||||
LastAccessedByte = IRB2.CreateIntCast(
|
||||
LastAccessedByte, IRB.getInt8Ty(), false);
|
||||
// ((uint8_t) ((Addr & (Granularity-1)) + size - 1)) >= ShadowValue
|
||||
Value *Cmp2 = IRB.CreateICmpSGE(LastAccessedByte, ShadowValue);
|
||||
Value *Cmp2 = IRB2.CreateICmpSGE(LastAccessedByte, ShadowValue);
|
||||
|
||||
CheckTerm = splitBlockAndInsertIfThen(Cmp2);
|
||||
IRB.SetInsertPoint(CheckTerm);
|
||||
}
|
||||
|
||||
Instruction *Crash = generateCrashCode(IRB, AddrLong, IsWrite, TypeSize);
|
||||
IRBuilder<> IRB1(CheckTerm);
|
||||
Instruction *Crash = generateCrashCode(IRB1, AddrLong, IsWrite, TypeSize);
|
||||
Crash->setDebugLoc(OrigIns->getDebugLoc());
|
||||
ReplaceInstWithInst(CheckTerm, new UnreachableInst(*C));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,6 +16,11 @@ define i32 @test_load(i32* %a) address_safety {
|
|||
; CHECK: icmp ne i8
|
||||
; CHECK: br i1 %{{.*}}, label %{{.*}}, label %{{.*}}
|
||||
;
|
||||
; The actual load comes next because ASan adds the last instrumentation block
|
||||
; to the end of the function.
|
||||
; CHECK: %tmp1 = load i32* %a
|
||||
; CHECK: ret i32 %tmp1
|
||||
;
|
||||
; First instrumentation block refines the shadow test.
|
||||
; CHECK: and i64 %[[LOAD_ADDR]], 7
|
||||
; CHECK: add i64 %{{.*}}, 3
|
||||
|
|
@ -23,13 +28,9 @@ define i32 @test_load(i32* %a) address_safety {
|
|||
; CHECK: icmp sge i8 %{{.*}}, %[[LOAD_SHADOW]]
|
||||
; CHECK: br i1 %{{.*}}, label %{{.*}}, label %{{.*}}
|
||||
;
|
||||
; Second instrumentation block reports the error.
|
||||
; Final instrumentation block reports the error.
|
||||
; CHECK: call void @__asan_report_load4(i64 %[[LOAD_ADDR]]) noreturn
|
||||
; CHECK: unreachable
|
||||
;
|
||||
; Finally the instrumented load.
|
||||
; CHECK: %tmp1 = load i32* %a
|
||||
; CHECK: ret i32 %tmp1
|
||||
|
||||
entry:
|
||||
%tmp1 = load i32* %a
|
||||
|
|
@ -47,6 +48,11 @@ define void @test_store(i32* %a) address_safety {
|
|||
; CHECK: icmp ne i8
|
||||
; CHECK: br i1 %{{.*}}, label %{{.*}}, label %{{.*}}
|
||||
;
|
||||
; The actual store comes next because ASan adds the last instrumentation block
|
||||
; to the end of the function.
|
||||
; CHECK: store i32 42, i32* %a
|
||||
; CHECK: ret void
|
||||
;
|
||||
; First instrumentation block refines the shadow test.
|
||||
; CHECK: and i64 %[[STORE_ADDR]], 7
|
||||
; CHECK: add i64 %{{.*}}, 3
|
||||
|
|
@ -54,13 +60,9 @@ define void @test_store(i32* %a) address_safety {
|
|||
; CHECK: icmp sge i8 %{{.*}}, %[[STORE_SHADOW]]
|
||||
; CHECK: br i1 %{{.*}}, label %{{.*}}, label %{{.*}}
|
||||
;
|
||||
; Second instrumentation block reports the error.
|
||||
; Final instrumentation block reports the error.
|
||||
; CHECK: call void @__asan_report_store4(i64 %[[STORE_ADDR]]) noreturn
|
||||
; CHECK: unreachable
|
||||
;
|
||||
; Finally the instrumented store.
|
||||
; CHECK: store i32 42, i32* %a
|
||||
; CHECK: ret void
|
||||
|
||||
entry:
|
||||
store i32 42, i32* %a
|
||||
|
|
|
|||
Loading…
Reference in New Issue