cl::Hidden, cl::init(-1));
namespace {
+/// A set of dynamically initialized globals extracted from metadata.
+class SetOfDynamicallyInitializedGlobals {
+ public:
+ void Init(Module& M) {
+ // Clang generates metadata identifying all dynamically initialized globals.
+ NamedMDNode *DynamicGlobals =
+ M.getNamedMetadata("llvm.asan.dynamically_initialized_globals");
+ if (!DynamicGlobals)
+ return;
+ for (int i = 0, n = DynamicGlobals->getNumOperands(); i < n; ++i) {
+ MDNode *MDN = DynamicGlobals->getOperand(i);
+ assert(MDN->getNumOperands() == 1);
+ Value *VG = MDN->getOperand(0);
+ // The optimizer may optimize away a global entirely, in which case we
+ // cannot instrument access to it.
+ if (!VG)
+ continue;
+ DynInitGlobals.insert(cast<GlobalVariable>(VG));
+ }
+ }
+ bool Contains(GlobalVariable *G) { return DynInitGlobals.count(G) != 0; }
+ private:
+ SmallSet<GlobalValue*, 32> DynInitGlobals;
+};
+
+
/// AddressSanitizer: instrument the code in module to find memory bugs.
struct AddressSanitizer : public FunctionPass {
AddressSanitizer();
Value *ShadowBase, bool DoPoison);
bool LooksLikeCodeInBug11395(Instruction *I);
void FindDynamicInitializers(Module &M);
- bool HasDynamicInitializer(GlobalVariable *G);
LLVMContext *C;
DataLayout *TD;
// This array is indexed by AccessIsWrite and log2(AccessSize).
Function *AsanErrorCallback[2][kNumberOfAccessSizes];
InlineAsm *EmptyAsm;
- SmallSet<GlobalValue*, 32> DynamicallyInitializedGlobals;
+ SmallSet<GlobalValue*, 32> GlobalsCreatedByAsan;
+ SetOfDynamicallyInitializedGlobals DynamicallyInitializedGlobals;
};
} // namespace
GlobalValue::PrivateLinkage, StrConst, "");
}
-// Split the basic block and insert an if-then code.
-// Before:
-// Head
-// Cmp
-// Tail
-// After:
-// Head
-// if (Cmp)
-// ThenBlock
-// Tail
-//
-// ThenBlock block is created and its terminator is returned.
-// If Unreachable, ThenBlock is terminated with UnreachableInst, otherwise
-// it is terminated with BranchInst to Tail.
-static TerminatorInst *splitBlockAndInsertIfThen(Value *Cmp, bool Unreachable) {
- Instruction *SplitBefore = cast<Instruction>(Cmp)->getNextNode();
- BasicBlock *Head = SplitBefore->getParent();
- BasicBlock *Tail = Head->splitBasicBlock(SplitBefore);
- TerminatorInst *HeadOldTerm = Head->getTerminator();
- LLVMContext &C = Head->getParent()->getParent()->getContext();
- BasicBlock *ThenBlock = BasicBlock::Create(C, "", Head->getParent(), Tail);
- TerminatorInst *CheckTerm;
- if (Unreachable)
- CheckTerm = new UnreachableInst(C, ThenBlock);
- else
- CheckTerm = BranchInst::Create(Tail, ThenBlock);
- BranchInst *HeadNewTerm =
- BranchInst::Create(/*ifTrue*/ThenBlock, /*ifFalse*/Tail, Cmp);
- ReplaceInstWithInst(HeadOldTerm, HeadNewTerm);
- return CheckTerm;
-}
-
Value *AddressSanitizer::memToShadow(Value *Shadow, IRBuilder<> &IRB) {
// Shadow >> scale
Shadow = IRB.CreateLShr(Shadow, MappingScale);
Value *Cmp = IRB.CreateICmpNE(Length,
Constant::getNullValue(Length->getType()));
- InsertBefore = splitBlockAndInsertIfThen(Cmp, false);
+ InsertBefore = SplitBlockAndInsertIfThen(cast<Instruction>(Cmp), false);
}
instrumentMemIntrinsicParam(MI, Dst, Length, InsertBefore, true);
return NULL;
}
-void AddressSanitizer::FindDynamicInitializers(Module& M) {
- // Clang generates metadata identifying all dynamically initialized globals.
- NamedMDNode *DynamicGlobals =
- M.getNamedMetadata("llvm.asan.dynamically_initialized_globals");
- if (!DynamicGlobals)
- return;
- for (int i = 0, n = DynamicGlobals->getNumOperands(); i < n; ++i) {
- MDNode *MDN = DynamicGlobals->getOperand(i);
- assert(MDN->getNumOperands() == 1);
- Value *VG = MDN->getOperand(0);
- // The optimizer may optimize away a global entirely, in which case we
- // cannot instrument access to it.
- if (!VG)
- continue;
-
- GlobalVariable *G = cast<GlobalVariable>(VG);
- DynamicallyInitializedGlobals.insert(G);
- }
-}
-// Returns true if a global variable is initialized dynamically in this TU.
-bool AddressSanitizer::HasDynamicInitializer(GlobalVariable *G) {
- return DynamicallyInitializedGlobals.count(G);
-}
-
void AddressSanitizer::instrumentMop(Instruction *I) {
bool IsWrite = false;
Value *Addr = isInterestingMemoryAccess(I, &IsWrite);
// assume it has dynamic initialization, as it may have an initializer
// in a different TU.
if (G->getLinkage() != GlobalVariable::ExternalLinkage &&
- !HasDynamicInitializer(G))
+ !DynamicallyInitializedGlobals.Contains(G))
return;
}
}
TerminatorInst *CrashTerm = 0;
if (ClAlwaysSlowPath || (TypeSize < 8 * Granularity)) {
- TerminatorInst *CheckTerm = splitBlockAndInsertIfThen(Cmp, false);
+ TerminatorInst *CheckTerm =
+ SplitBlockAndInsertIfThen(cast<Instruction>(Cmp), false);
assert(dyn_cast<BranchInst>(CheckTerm)->isUnconditional());
BasicBlock *NextBB = CheckTerm->getSuccessor(0);
IRB.SetInsertPoint(CheckTerm);
BranchInst *NewTerm = BranchInst::Create(CrashBlock, NextBB, Cmp2);
ReplaceInstWithInst(CheckTerm, NewTerm);
} else {
- CrashTerm = splitBlockAndInsertIfThen(Cmp, true);
+ CrashTerm = SplitBlockAndInsertIfThen(cast<Instruction>(Cmp), true);
}
Instruction *Crash =
if (BL->isIn(*G)) return false;
if (!Ty->isSized()) return false;
if (!G->hasInitializer()) return false;
+ if (GlobalsCreatedByAsan.count(G)) return false; // Our own global.
// Touch only those globals that will not be defined in other modules.
// Don't handle ODR type linkages since other modules may be built w/o asan.
if (G->getLinkage() != GlobalVariable::ExternalLinkage &&
IRBuilder<> IRB(CtorInsertBefore);
- if (ClInitializers)
- FindDynamicInitializers(M);
-
// The addresses of the first and last dynamically initialized globals in
// this TU. Used in initialization order checking.
Value *FirstDynamic = 0, *LastDynamic = 0;
(RedzoneSize - (SizeInBytes % RedzoneSize));
Type *RightRedZoneTy = ArrayType::get(IRB.getInt8Ty(), RightRedzoneSize);
// Determine whether this global should be poisoned in initialization.
- bool GlobalHasDynamicInitializer = HasDynamicInitializer(G);
+ bool GlobalHasDynamicInitializer =
+ DynamicallyInitializedGlobals.Contains(G);
// Don't check initialization order if this global is blacklisted.
GlobalHasDynamicInitializer &= !BL->isInInit(*G);
if (!TD)
return false;
BL.reset(new BlackList(ClBlackListFile));
+ DynamicallyInitializedGlobals.Init(M);
C = &(M.getContext());
- LongSize = TD->getPointerSizeInBits(0);
+ LongSize = TD->getPointerSizeInBits();
IntptrTy = Type::getIntNTy(*C, LongSize);
IntptrPtrTy = PointerType::get(IntptrTy, 0);
std::string FunctionName = std::string(kAsanReportErrorTemplate) +
(AccessIsWrite ? "store" : "load") + itostr(1 << AccessSizeIndex);
// If we are merging crash callbacks, they have two parameters.
- AsanErrorCallback[AccessIsWrite][AccessSizeIndex] = cast<Function>(
- M.getOrInsertFunction(FunctionName, IRB.getVoidTy(), IntptrTy, NULL));
+ AsanErrorCallback[AccessIsWrite][AccessSizeIndex] =
+ checkInterfaceFunction(M.getOrInsertFunction(
+ FunctionName, IRB.getVoidTy(), IntptrTy, NULL));
}
}
Value *BasePlus1 = IRB.CreateAdd(LocalStackBase,
ConstantInt::get(IntptrTy, LongSize/8));
BasePlus1 = IRB.CreateIntToPtr(BasePlus1, IntptrPtrTy);
- Value *Description = IRB.CreatePointerCast(
- createPrivateGlobalForString(*F.getParent(), StackDescription.str()),
- IntptrTy);
+ GlobalVariable *StackDescriptionGlobal =
+ createPrivateGlobalForString(*F.getParent(), StackDescription.str());
+ GlobalsCreatedByAsan.insert(StackDescriptionGlobal);
+ Value *Description = IRB.CreatePointerCast(StackDescriptionGlobal, IntptrTy);
IRB.CreateStore(Description, BasePlus1);
// Poison the stack redzones at the entry.
}
}
+ // We are done. Remove the old unused alloca instructions.
+ for (size_t i = 0, n = AllocaVec.size(); i < n; i++)
+ AllocaVec[i]->eraseFromParent();
+
if (ClDebugStack) {
DEBUG(dbgs() << F);
}
projects / oota-llvm.git / blobdiff