!fixup address first set of comments, thanks!

fhahn · fhahn · commit 2235299c48e1 · 2024-12-10T10:25:16.000Z
diff --git a/llvm/lib/Transforms/Instrumentation/TypeSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/TypeSanitizer.cpp
@@ -64,11 +64,9 @@ static cl::opt<bool>
 
 STATISTIC(NumInstrumentedAccesses, "Number of instrumented accesses");
 
-static Regex AnonNameRegex("^_ZTS.*N[1-9][0-9]*_GLOBAL__N");
-
 namespace {
 
-/// TypeSanitizer: instrument the code in module to find  type-based aliasing
+/// TypeSanitizer: instrument the code in module to find type-based aliasing
 /// violations.
 struct TypeSanitizer {
   TypeSanitizer(Module &M);
@@ -92,11 +90,9 @@ struct TypeSanitizer {
                                   bool SanitizeFunction,
                                   TypeDescriptorsMapTy &TypeDescriptors,
                                   const DataLayout &DL);
-  bool instrumentMemoryAccess(Instruction *I, MemoryLocation &MLoc,
-                              Value *ShadowBase, Value *AppMemMask,
-                              bool SanitizeFunction,
-                              TypeDescriptorsMapTy &TypeDescriptors,
-                              const DataLayout &DL);
+
+  /// Memory-related intrinsics/instructions reset the type of the destination
+  /// memory (including allocas and byval arguments).
   bool instrumentMemInst(Value *I, Value *&ShadowBase, Value *&AppMemMask,
                          const DataLayout &DL);
 
@@ -150,9 +146,8 @@ void TypeSanitizer::initializeCallbacks(Module &M) {
                             OrdTy           // Flags.
       );
 
-  TysanCtorFunction = cast<Function>(
-      M.getOrInsertFunction(kTysanModuleCtorName, Attr, IRB.getVoidTy())
-          .getCallee());
+  TysanCtorFunction =
+      M.getOrInsertFunction(kTysanModuleCtorName, Attr, IRB.getVoidTy());
 }
 
 void TypeSanitizer::instrumentGlobals(Module &M) {
@@ -535,7 +530,6 @@ bool TypeSanitizer::run(Function &F, const TargetLibraryInfo &TLI) {
     if (A.hasByValAttr())
       MemTypeResetInsts.push_back(&A);
 
-
   Module &M = *F.getParent();
   TypeDescriptorsMapTy TypeDescriptors;
   TypeNameMapTy TypeNames;
@@ -552,11 +546,22 @@ bool TypeSanitizer::run(Function &F, const TargetLibraryInfo &TLI) {
 
   const DataLayout &DL = F.getParent()->getDataLayout();
   bool SanitizeFunction = F.hasFnAttribute(Attribute::SanitizeType);
-  Value *ShadowBase = MemoryAccesses.empty() ? nullptr : getShadowBase(F);
-  Value *AppMemMask = MemoryAccesses.empty() ? nullptr : getAppMemMask(F);
-  for (auto &MA : MemoryAccesses)
-    Res |= instrumentMemoryAccess(MA.first, MA.second, ShadowBase, AppMemMask,
-                                  SanitizeFunction, TypeDescriptors, DL);
+  bool NeedsInstrumentation =
+      MemTypeResetInsts.empty() && MemoryAccesses.empty();
+  Value *ShadowBase = NeedsInstrumentation ? nullptr : getShadowBase(F);
+  Value *AppMemMask = NeedsInstrumentation ? nullptr : getAppMemMask(F);
+  for (const auto &[I, MLoc] : MemoryAccesses) {
+    IRBuilder<> IRB(I);
+    assert(MLoc.Size.isPrecise());
+    if (instrumentWithShadowUpdate(
+            IRB, MLoc.AATags.TBAA, const_cast<Value *>(MLoc.Ptr),
+            MLoc.Size.getValue(), I->mayReadFromMemory(), I->mayWriteToMemory(),
+            ShadowBase, AppMemMask, false, SanitizeFunction, TypeDescriptors,
+            DL)) {
+      ++NumInstrumentedAccesses;
+      Res = true;
+    }
+  }
 
   for (auto Inst : MemTypeResetInsts)
     Res |= instrumentMemInst(Inst, ShadowBase, AppMemMask, DL);
@@ -712,26 +717,6 @@ bool TypeSanitizer::instrumentWithShadowUpdate(
   return true;
 }
 
-bool TypeSanitizer::instrumentMemoryAccess(
-    Instruction *I, MemoryLocation &MLoc, Value *ShadowBase, Value *AppMemMask,
-    bool SanitizeFunction, TypeDescriptorsMapTy &TypeDescriptors,
-    const DataLayout &DL) {
-  IRBuilder<> IRB(I);
-  assert(MLoc.Size.isPrecise());
-  if (instrumentWithShadowUpdate(
-          IRB, MLoc.AATags.TBAA, const_cast<Value *>(MLoc.Ptr),
-          MLoc.Size.getValue(), I->mayReadFromMemory(), I->mayWriteToMemory(),
-          ShadowBase, AppMemMask, false, SanitizeFunction, TypeDescriptors,
-          DL)) {
-    ++NumInstrumentedAccesses;
-    return true;
-  }
-
-  return false;
-}
-
-// Memory-related intrinsics/instructions reset the type of the destination
-// memory (including allocas and byval arguments).
 bool TypeSanitizer::instrumentMemInst(Value *V, Value *&ShadowBase,
                                       Value *&AppMemMask,
                                       const DataLayout &DL) {
diff --git a/llvm/test/Instrumentation/TypeSanitizer/alloca-only.ll b/llvm/test/Instrumentation/TypeSanitizer/alloca-only.ll
@@ -0,0 +1,49 @@
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py UTC_ARGS: --check-globals
+; Test basic type sanitizer instrumentation.
+;
+; RUN: opt -passes='tysan-module,tysan' -S %s | FileCheck %s
+
+target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
+
+;.
+; CHECK: @llvm.used = appending global [1 x ptr] [ptr @tysan.module_ctor], section "llvm.metadata"
+; CHECK: @llvm.global_ctors = appending global [1 x { i32, ptr, ptr }] [{ i32, ptr, ptr } { i32 0, ptr @tysan.module_ctor, ptr null }]
+; CHECK: @__tysan_shadow_memory_address = external global i64
+; CHECK: @__tysan_app_memory_mask = external global i64
+;.
+define void @test_alloca_only(ptr %a) sanitize_type {
+; CHECK-LABEL: @test_alloca_only(
+; CHECK-NEXT:  entry:
+; CHECK-NEXT:    [[APP_MEM_MASK:%.*]] = load i64, ptr @__tysan_app_memory_mask, align 8
+; CHECK-NEXT:    [[SHADOW_BASE:%.*]] = load i64, ptr @__tysan_shadow_memory_address, align 8
+; CHECK-NEXT:    [[TMP1:%.*]] = alloca i32, align 4
+; CHECK-NEXT:    [[TMP0:%.*]] = ptrtoint ptr [[TMP1]] to i64
+; CHECK-NEXT:    [[TMP1:%.*]] = and i64 [[TMP0]], [[APP_MEM_MASK]]
+; CHECK-NEXT:    [[TMP2:%.*]] = shl i64 [[TMP1]], 3
+; CHECK-NEXT:    [[TMP3:%.*]] = add i64 [[TMP2]], [[SHADOW_BASE]]
+; CHECK-NEXT:    [[TMP4:%.*]] = inttoptr i64 [[TMP3]] to ptr
+; CHECK-NEXT:    call void @llvm.memset.p0.i64(ptr align 8 [[TMP4]], i8 0, i64 32, i1 false)
+; CHECK-NEXT:    call void @foo(ptr [[TMP1]])
+; CHECK-NEXT:    ret void
+;
+entry:
+  %tmp1 = alloca i32
+  call void @foo(ptr %tmp1)
+  ret void
+}
+
+declare void @foo(ptr)
+
+
+!0 = !{!"Simple C++ TBAA"}
+!1 = !{!"omnipotent char", !0, i64 0}
+!2 = !{!"int", !1, i64 0}
+!3 = !{!2, !2, i64 0}
+!4 = !{!"_ZTS1x", !2, i64 0, !2, i64 4}
+!5 = !{!"_ZTS1v", !2, i64 8, !2, i64 12, !4, i64 16}
+!6 = !{!5, !2, i64 12}
+;.
+; CHECK: attributes #[[ATTR0:[0-9]+]] = { sanitize_type }
+; CHECK: attributes #[[ATTR1:[0-9]+]] = { nounwind }
+; CHECK: attributes #[[ATTR2:[0-9]+]] = { nocallback nofree nounwind willreturn memory(argmem: write) }
+;.
diff --git a/llvm/test/Instrumentation/TypeSanitizer/basic.ll b/llvm/test/Instrumentation/TypeSanitizer/basic.ll
@@ -5,8 +5,6 @@
 
 target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
 
-
-
 ;.
 ; CHECK: @llvm.global_ctors = appending global [1 x { i32, ptr, ptr }] [{ i32, ptr, ptr } { i32 0, ptr @tysan.module_ctor, ptr null }]
 ; CHECK: @__tysan_v1_Simple_20C_2b_2b_20TBAA = linkonce_odr constant { i64, i64, [16 x i8] } { i64 2, i64 0, [16 x i8] c"Simple C++ TBAA\00" }, comdat
