From 2b97eb2f5ca81452f6275be602ca914bfb5fb1e5 Mon Sep 17 00:00:00 2001 From: Matt Morehouse Date: Wed, 9 Aug 2017 17:59:43 +0000 Subject: [PATCH] [asan] Fix instruction emission ordering with dynamic shadow. Summary: Instrumentation to copy byval arguments is now correctly inserted after the dynamic shadow base is loaded. Reviewers: vitalybuka, eugenis Reviewed By: vitalybuka Subscribers: hiraditya, llvm-commits Differential Revision: https://reviews.llvm.org/D36533 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@310503 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Transforms/Instrumentation/AddressSanitizer.cpp | 11 ++++++++--- .../AddressSanitizer/stack-poisoning-byval-args.ll | 4 +--- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/lib/Transforms/Instrumentation/AddressSanitizer.cpp b/lib/Transforms/Instrumentation/AddressSanitizer.cpp index f8d255273b2..058b8fa33df 100644 --- a/lib/Transforms/Instrumentation/AddressSanitizer.cpp +++ b/lib/Transforms/Instrumentation/AddressSanitizer.cpp @@ -756,7 +756,7 @@ struct FunctionStackPoisoner : public InstVisitor { bool runOnFunction() { if (!ClStack) return false; - if (ClRedzoneByvalArgs && Mapping.Offset != kDynamicShadowSentinel) + if (ClRedzoneByvalArgs) copyArgsPassedByValToAllocas(); // Collect alloca, ret, lifetime instructions etc. @@ -2546,8 +2546,13 @@ static int StackMallocSizeClass(uint64_t LocalStackSize) { } void FunctionStackPoisoner::copyArgsPassedByValToAllocas() { - BasicBlock &FirstBB = *F.begin(); - IRBuilder<> IRB(&FirstBB, FirstBB.getFirstInsertionPt()); + Instruction *CopyInsertPoint = &F.front().front(); + if (CopyInsertPoint == ASan.LocalDynamicShadow) { + // Insert after the dynamic shadow location is determined + CopyInsertPoint = CopyInsertPoint->getNextNode(); + assert(CopyInsertPoint); + } + IRBuilder<> IRB(CopyInsertPoint); const DataLayout &DL = F.getParent()->getDataLayout(); for (Argument &Arg : F.args()) { if (Arg.hasByValAttr()) { diff --git a/test/Instrumentation/AddressSanitizer/stack-poisoning-byval-args.ll b/test/Instrumentation/AddressSanitizer/stack-poisoning-byval-args.ll index 8531cb96324..8150ac19a9d 100644 --- a/test/Instrumentation/AddressSanitizer/stack-poisoning-byval-args.ll +++ b/test/Instrumentation/AddressSanitizer/stack-poisoning-byval-args.ll @@ -1,6 +1,6 @@ ; This check verifies that arguments passed by value get redzones. ; RUN: opt < %s -asan -asan-realign-stack=32 -S | FileCheck %s -; RUN: opt < %s -asan -asan-realign-stack=32 -asan-force-dynamic-shadow -S | FileCheck %s --check-prefixes=CHECK-FDS +; RUN: opt < %s -asan -asan-realign-stack=32 -asan-force-dynamic-shadow -S | FileCheck %s target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" @@ -10,8 +10,6 @@ target triple = "x86_64-unknown-linux-gnu" declare i32 @bar(%struct.A*) -; CHECK-FDS-NOT: {{\.byval}} - ; Test behavior for named argument with explicit alignment. The memcpy and ; alloca alignments should match the explicit alignment of 64. define void @foo(%struct.A* byval align 64 %a) sanitize_address { -- 2.50.1