From a0b689923446176db3da4ce0d54f066700e142ef Mon Sep 17 00:00:00 2001 From: Evgeniy Stepanov Date: Fri, 28 Nov 2014 11:17:58 +0000 Subject: [PATCH] [msan] Fix origin propagation for select of floats. MSan does not assign origin for instrumentation temps (i.e. the ones that do not come from the application code), but "select" instrumentation erroneously tried to use one of those. https://code.google.com/p/memory-sanitizer/issues/detail?id=78 llvm-svn: 222918 --- compiler-rt/test/msan/select_float_origin.cc | 24 ++++++++++++++++++++++ .../Transforms/Instrumentation/MemorySanitizer.cpp | 7 ++++--- .../MemorySanitizer/missing_origin.ll | 14 +++++++++++++ 3 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 compiler-rt/test/msan/select_float_origin.cc diff --git a/compiler-rt/test/msan/select_float_origin.cc b/compiler-rt/test/msan/select_float_origin.cc new file mode 100644 index 0000000..ca8f3a8 --- /dev/null +++ b/compiler-rt/test/msan/select_float_origin.cc @@ -0,0 +1,24 @@ +// Regression test for origin propagation in "select i1, float, float". +// https://code.google.com/p/memory-sanitizer/issues/detail?id=78 + +// RUN: %clangxx_msan -O2 -fsanitize-memory-track-origins %s -o %t && not %run %t >%t.out 2>&1 +// RUN: FileCheck %s < %t.out + +// RUN: %clangxx_msan -O2 -fsanitize-memory-track-origins=2 %s -o %t && not %run %t >%t.out 2>&1 +// RUN: FileCheck %s < %t.out + +#include +#include + +int main() { + volatile bool b = true; + float x, y; + __msan_allocated_memory(&x, sizeof(x)); + __msan_allocated_memory(&y, sizeof(y)); + float z = b ? x : y; + if (z > 0) printf(".\n"); + // CHECK: Uninitialized value was created by a heap allocation + // CHECK: {{#0 0x.* in .*__msan_allocated_memory}} + // CHECK: {{#1 0x.* in main .*select_float_origin.cc:}}[[@LINE-6]] + return 0; +} diff --git a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp index fecf5be..15a67d7 100644 --- a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp +++ b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp @@ -2452,9 +2452,10 @@ struct MemorySanitizerVisitor : public InstVisitor { } // a = select b, c, d // Oa = Sb ? Ob : (b ? Oc : Od) - setOrigin(&I, IRB.CreateSelect( - Sb, getOrigin(I.getCondition()), - IRB.CreateSelect(B, getOrigin(C), getOrigin(D)))); + setOrigin( + &I, IRB.CreateSelect(Sb, getOrigin(I.getCondition()), + IRB.CreateSelect(B, getOrigin(I.getTrueValue()), + getOrigin(I.getFalseValue())))); } } diff --git a/llvm/test/Instrumentation/MemorySanitizer/missing_origin.ll b/llvm/test/Instrumentation/MemorySanitizer/missing_origin.ll index 673e853..f7385b9 100644 --- a/llvm/test/Instrumentation/MemorySanitizer/missing_origin.ll +++ b/llvm/test/Instrumentation/MemorySanitizer/missing_origin.ll @@ -17,3 +17,17 @@ entry: ; CHECK: [[A:%.*]] = load i32* {{.*}}@__msan_param_origin_tls, ; CHECK: store i32 [[A]], i32* @__msan_retval_origin_tls ; CHECK: ret <4 x i32> + + +; Regression test for origin propagation in "select i1, float, float". +; https://code.google.com/p/memory-sanitizer/issues/detail?id=78 + +define float @SelectFloat(i1 %b, float %x, float %y) nounwind uwtable sanitize_memory { +entry: + %z = select i1 %b, float %x, float %y + ret float %z +} + +; CHECK-LABEL: @SelectFloat( +; CHECK-NOT: select {{.*}} i32 0, i32 0 +; CHECK: ret float -- 2.7.4