Make sure that not interesting allocas are not instrumented.

Summary: We failed to unpoison uninteresting allocas on return as unpoisoning is part of main instrumentation which skips such allocas. Added check -asan-instrument-allocas for dynamic allocas. If instrumentation of dynamic allocas is disabled it will not will not be unpoisoned. PR27453 Reviewers: kcc, eugenis Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D21207 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@272341 91177308-0d34-0410-b5e6-96231b3b80d8
2025-01-21 09:25:07 +00:00 · 2016-06-09 23:31:59 +00:00 · 2016-06-09 23:31:59 +00:00 · e330b7d89a
commit e330b7d89a
parent dcd25f4149
2 changed files with 33 additions and 4 deletions
--- a/lib/Transforms/Instrumentation/AddressSanitizer.cpp
+++ b/lib/Transforms/Instrumentation/AddressSanitizer.cpp
@ -745,7 +745,8 @@ struct FunctionStackPoisoner : public InstVisitor<FunctionStackPoisoner> {
      return;
    // Find alloca instruction that corresponds to llvm.lifetime argument.
    AllocaInst *AI = findAllocaForValue(II.getArgOperand(1));
-    if (!AI) return;
+    if (!AI || !ASan.isInterestingAlloca(*AI))
+      return;
    bool DoPoison = (ID == Intrinsic::lifetime_end);
    AllocaPoisonCall APC = {&II, AI, SizeValue, DoPoison};
    AllocaPoisonCallVec.push_back(APC);
@ -1984,13 +1985,21 @@ void FunctionStackPoisoner::poisonStack() {
  assert(AllocaVec.size() > 0 || DynamicAllocaVec.size() > 0);

  // Insert poison calls for lifetime intrinsics for alloca.
-  bool HavePoisonedAllocas = false;
+  bool HavePoisonedStaticAllocas = false;
  for (const auto &APC : AllocaPoisonCallVec) {
    assert(APC.InsBefore);
    assert(APC.AI);
+    assert(ASan.isInterestingAlloca(*APC.AI));
+    bool IsDynamicAlloca = ASan.isDynamicAlloca(*APC.AI);
+    if (!ClInstrumentAllocas && IsDynamicAlloca)
+      continue;
+
    IRBuilder<> IRB(APC.InsBefore);
    poisonAlloca(APC.AI, APC.Size, IRB, APC.DoPoison);
-    HavePoisonedAllocas |= APC.DoPoison;
+    // Dynamic allocas will be unpoisoned unconditionally below in
+    // unpoisonDynamicAllocas.
+    // Flag that we need unpoison static allocas.
+    HavePoisonedStaticAllocas |= (APC.DoPoison && !IsDynamicAlloca);
  }

  if (ClInstrumentAllocas && DynamicAllocaVec.size() > 0) {
@ -2137,7 +2146,7 @@ void FunctionStackPoisoner::poisonStack() {
  poisonRedZones(L.ShadowBytes, IRB, ShadowBase, true);

  auto UnpoisonStack = [&](IRBuilder<> &IRB) {
-    if (HavePoisonedAllocas) {
+    if (HavePoisonedStaticAllocas) {
      // If we poisoned some allocas in llvm.lifetime analysis,
      // unpoison whole stack frame now.
      poisonAlloca(LocalStackBase, LocalStackSize, IRB, false);
--- a/test/Instrumentation/AddressSanitizer/lifetime.ll
+++ b/test/Instrumentation/AddressSanitizer/lifetime.ll
@ -1,5 +1,6 @@
 ; Test hanlding of llvm.lifetime intrinsics.
 ; RUN: opt < %s -asan -asan-module -asan-use-after-scope -asan-use-after-return=0 -S | FileCheck %s
+; RUN: opt < %s -asan -asan-module -asan-use-after-scope -asan-use-after-return=0 -asan-instrument-allocas=0 -S | FileCheck %s --check-prefix=CHECK-NO-DYNAMIC

 target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
 target triple = "x86_64-unknown-linux-gnu"
@ -47,8 +48,10 @@ define void @lifetime() sanitize_address {
  call void @llvm.lifetime.start(i64 40, i8* %arr.ptr)
  store volatile i8 0, i8* %arr.ptr
  ; CHECK: call void @__asan_unpoison_stack_memory(i64 %{{[^ ]+}}, i64 40)
+  ; CHECK-NO-DYNAMIC-NOT: call void @__asan_unpoison_stack_memory(i64 %{{[^ ]+}}, i64 40)
  call void @llvm.lifetime.end(i64 40, i8* %arr.ptr)
  ; CHECK: call void @__asan_poison_stack_memory(i64 %{{[^ ]+}}, i64 40)
+  ; CHECK-NO-DYNAMIC-NOT: call void @__asan_poison_stack_memory(i64 %{{[^ ]+}}, i64 40)

  ; One more lifetime start/end for the same variable %i.
  call void @llvm.lifetime.start(i64 4, i8* %i.ptr)
@ -87,3 +90,20 @@ bb1:
  ; CHECK: ret void
  ret void
 }
+
+define void @zero_sized(i64 %a) #0 {
+; CHECK-LABEL: define void @zero_sized(i64 %a)
+
+entry:
+  %a.addr = alloca i64, align 8
+  %b = alloca [0 x i8], align 1
+  store i64 %a, i64* %a.addr, align 8
+  %0 = bitcast [0 x i8]* %b to i8*
+  call void @llvm.lifetime.start(i64 0, i8* %0) #2
+  ; CHECK-NOT: call void @__asan_unpoison_stack_memory
+  %1 = bitcast [0 x i8]* %b to i8*
+  call void @llvm.lifetime.end(i64 0, i8* %1) #2
+  ; CHECK-NOT: call void @__asan_poison_stack_memory
+
+  ret void
+}