This enables use after free and uninit memory checking for memory
returned by a recycler. SelectionDAG currently relies on the opcode of a
free'd node being ISD::DELETED_NODE, so poke a hole in the asan poison
for SDNode opcodes. This means that we won't find some issues, but only
in SDag.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@300868
91177308-0d34-0410-b5e6-
96231b3b80d8
if (!Entry)
return nullptr;
Bucket[Idx] = Entry->Next;
+ __msan_allocated_memory(Entry, Capacity::get(Idx).getSize());
+ __asan_unpoison_memory_region(Entry, Capacity::get(Idx).getSize());
return reinterpret_cast<T*>(Entry);
}
// Add an entry to the free list at Bucket[Idx].
void push(unsigned Idx, T *Ptr) {
assert(Ptr && "Cannot recycle NULL pointer");
+ __asan_poison_memory_region(Ptr, Capacity::get(Idx).getSize());
+ __asan_unpoison_memory_region(Ptr, sizeof(FreeList));
FreeList *Entry = reinterpret_cast<FreeList*>(Ptr);
if (Idx >= Bucket.size())
Bucket.resize(size_t(Idx) + 1);
FreeNode *pop_val() {
auto *Val = FreeList;
FreeList = FreeList->Next;
+ __msan_allocated_memory(Val, Size);
+ __asan_unpoison_memory_region(Val, Size);
return Val;
}
void push(FreeNode *N) {
+ __asan_poison_memory_region(N, Size);
+ __asan_unpoison_memory_region(N, sizeof(FreeNode));
N->Next = FreeList;
FreeList = N;
}
// If we have operands, deallocate them.
removeOperands(N);
+ NodeAllocator.Deallocate(AllNodes.remove(N));
+
// Set the opcode to DELETED_NODE to help catch bugs when node
// memory is reallocated.
+ // FIXME: There are places in SDag that have grown a dependency on the opcode
+ // value in the released node.
+ __asan_unpoison_memory_region(&N->NodeType, sizeof(N->NodeType));
N->NodeType = ISD::DELETED_NODE;
- NodeAllocator.Deallocate(AllNodes.remove(N));
-
// If any of the SDDbgValue nodes refer to this SDNode, invalidate
// them and forget about that node.
DbgInfo->erase(N);
projects / llvm / commitdiff