From: Evgeniy Stepanov <eugeni.stepanov@gmail.com>
Date: Fri, 28 Nov 2014 11:17:58 +0000 (+0000)
Subject: [msan] Fix origin propagation for select of floats.
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a0b689923446176db3da4ce0d54f066700e142ef;p=platform%2Fupstream%2Fllvm.git

[msan] Fix origin propagation for select of floats.

MSan does not assign origin for instrumentation temps (i.e. the ones that do
not come from the application code), but "select" instrumentation erroneously
tried to use one of those.

https://code.google.com/p/memory-sanitizer/issues/detail?id=78

llvm-svn: 222918
---

diff --git a/compiler-rt/test/msan/select_float_origin.cc b/compiler-rt/test/msan/select_float_origin.cc
new file mode 100644
index 0000000..ca8f3a8
--- /dev/null
+++ b/compiler-rt/test/msan/select_float_origin.cc
@@ -0,0 +1,24 @@
+// Regression test for origin propagation in "select i1, float, float".
+// https://code.google.com/p/memory-sanitizer/issues/detail?id=78
+
+// RUN: %clangxx_msan -O2 -fsanitize-memory-track-origins %s -o %t && not %run %t >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+
+// RUN: %clangxx_msan -O2 -fsanitize-memory-track-origins=2 %s -o %t && not %run %t >%t.out 2>&1
+// RUN: FileCheck %s < %t.out
+
+#include <stdio.h>
+#include <sanitizer/msan_interface.h>
+
+int main() {
+  volatile bool b = true;
+  float x, y;
+  __msan_allocated_memory(&x, sizeof(x));
+  __msan_allocated_memory(&y, sizeof(y));
+  float z = b ? x : y;
+  if (z > 0) printf(".\n");
+  // CHECK: Uninitialized value was created by a heap allocation
+  // CHECK: {{#0 0x.* in .*__msan_allocated_memory}}
+  // CHECK: {{#1 0x.* in main .*select_float_origin.cc:}}[[@LINE-6]]
+  return 0;
+}
diff --git a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
index fecf5be..15a67d7 100644
--- a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
+++ b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
@@ -2452,9 +2452,10 @@ struct MemorySanitizerVisitor : public InstVisitor<MemorySanitizerVisitor> {
       }
       // a = select b, c, d
       // Oa = Sb ? Ob : (b ? Oc : Od)
-      setOrigin(&I, IRB.CreateSelect(
-                        Sb, getOrigin(I.getCondition()),
-                        IRB.CreateSelect(B, getOrigin(C), getOrigin(D))));
+      setOrigin(
+          &I, IRB.CreateSelect(Sb, getOrigin(I.getCondition()),
+                               IRB.CreateSelect(B, getOrigin(I.getTrueValue()),
+                                                getOrigin(I.getFalseValue()))));
     }
   }
 
diff --git a/llvm/test/Instrumentation/MemorySanitizer/missing_origin.ll b/llvm/test/Instrumentation/MemorySanitizer/missing_origin.ll
index 673e853..f7385b9 100644
--- a/llvm/test/Instrumentation/MemorySanitizer/missing_origin.ll
+++ b/llvm/test/Instrumentation/MemorySanitizer/missing_origin.ll
@@ -17,3 +17,17 @@ entry:
 ; CHECK: [[A:%.*]] = load i32* {{.*}}@__msan_param_origin_tls,
 ; CHECK: store i32 [[A]], i32* @__msan_retval_origin_tls
 ; CHECK: ret <4 x i32>
+
+
+; Regression test for origin propagation in "select i1, float, float".
+; https://code.google.com/p/memory-sanitizer/issues/detail?id=78
+
+define float @SelectFloat(i1 %b, float %x, float %y) nounwind uwtable sanitize_memory {
+entry:
+  %z = select i1 %b, float %x, float %y
+  ret float %z
+}
+
+; CHECK-LABEL: @SelectFloat(
+; CHECK-NOT: select {{.*}} i32 0, i32 0
+; CHECK: ret float