1 ; RUN: opt < %s -msan -msan-check-access-address=0 -S | FileCheck %s
2 ; RUN: opt < %s -msan -msan-check-access-address=0 -msan-track-origins=1 -S | FileCheck -check-prefix=CHECK -check-prefix=CHECK-ORIGINS %s
4 target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
5 target triple = "x86_64-unknown-linux-gnu"
7 ; CHECK: @llvm.global_ctors {{.*}} @msan.module_ctor
9 ; Check the presence and the linkage type of __msan_track_origins and
10 ; other interface symbols.
11 ; CHECK-NOT: @__msan_track_origins
12 ; CHECK-ORIGINS: @__msan_track_origins = weak_odr constant i32 1
13 ; CHECK-NOT: @__msan_keep_going = weak_odr constant i32 0
14 ; CHECK: @__msan_retval_tls = external thread_local(initialexec) global [{{.*}}]
15 ; CHECK: @__msan_retval_origin_tls = external thread_local(initialexec) global i32
16 ; CHECK: @__msan_param_tls = external thread_local(initialexec) global [{{.*}}]
17 ; CHECK: @__msan_param_origin_tls = external thread_local(initialexec) global [{{.*}}]
18 ; CHECK: @__msan_va_arg_tls = external thread_local(initialexec) global [{{.*}}]
19 ; CHECK: @__msan_va_arg_overflow_size_tls = external thread_local(initialexec) global i64
20 ; CHECK: @__msan_origin_tls = external thread_local(initialexec) global i32
23 ; Check instrumentation of stores
25 define void @Store(i32* nocapture %p, i32 %x) nounwind uwtable sanitize_memory {
27 store i32 %x, i32* %p, align 4
32 ; CHECK: load {{.*}} @__msan_param_tls
33 ; CHECK-ORIGINS: load {{.*}} @__msan_param_origin_tls
36 ; CHECK-ORIGINS: br i1
37 ; CHECK-ORIGINS: <label>
38 ; CHECK-ORIGINS: store
39 ; CHECK-ORIGINS: br label
40 ; CHECK-ORIGINS: <label>
45 ; Check instrumentation of aligned stores
46 ; Shadow store has the same alignment as the original store; origin store
47 ; does not specify explicit alignment.
49 define void @AlignedStore(i32* nocapture %p, i32 %x) nounwind uwtable sanitize_memory {
51 store i32 %x, i32* %p, align 32
55 ; CHECK: @AlignedStore
56 ; CHECK: load {{.*}} @__msan_param_tls
57 ; CHECK-ORIGINS: load {{.*}} @__msan_param_origin_tls
58 ; CHECK: store {{.*}} align 32
60 ; CHECK-ORIGINS: br i1
61 ; CHECK-ORIGINS: <label>
62 ; CHECK-ORIGINS: store {{.*}} align 32
63 ; CHECK-ORIGINS: br label
64 ; CHECK-ORIGINS: <label>
65 ; CHECK: store {{.*}} align 32
69 ; load followed by cmp: check that we load the shadow and call __msan_warning.
70 define void @LoadAndCmp(i32* nocapture %a) nounwind uwtable sanitize_memory {
72 %0 = load i32, i32* %a, align 4
73 %tobool = icmp eq i32 %0, 0
74 br i1 %tobool, label %if.end, label %if.then
76 if.then: ; preds = %entry
77 tail call void (...) @foo() nounwind
80 if.end: ; preds = %entry, %if.then
84 declare void @foo(...)
89 ; CHECK: call void @__msan_warning_noreturn()
90 ; CHECK-NEXT: call void asm sideeffect
91 ; CHECK-NEXT: unreachable
94 ; Check that we store the shadow for the retval.
95 define i32 @ReturnInt() nounwind uwtable readnone sanitize_memory {
101 ; CHECK: store i32 0,{{.*}}__msan_retval_tls
104 ; Check that we get the shadow for the retval.
105 define void @CopyRetVal(i32* nocapture %a) nounwind uwtable sanitize_memory {
107 %call = tail call i32 @ReturnInt() nounwind
108 store i32 %call, i32* %a, align 4
113 ; CHECK: load{{.*}}__msan_retval_tls
119 ; Check that we generate PHIs for shadow.
120 define void @FuncWithPhi(i32* nocapture %a, i32* %b, i32* nocapture %c) nounwind uwtable sanitize_memory {
122 %tobool = icmp eq i32* %b, null
123 br i1 %tobool, label %if.else, label %if.then
125 if.then: ; preds = %entry
126 %0 = load i32, i32* %b, align 4
129 if.else: ; preds = %entry
130 %1 = load i32, i32* %c, align 4
133 if.end: ; preds = %if.else, %if.then
134 %t.0 = phi i32 [ %0, %if.then ], [ %1, %if.else ]
135 store i32 %t.0, i32* %a, align 4
139 ; CHECK: @FuncWithPhi
146 ; Compute shadow for "x << 10"
147 define void @ShlConst(i32* nocapture %x) nounwind uwtable sanitize_memory {
149 %0 = load i32, i32* %x, align 4
151 store i32 %1, i32* %x, align 4
164 ; Compute shadow for "10 << x": it should have 'sext i1'.
165 define void @ShlNonConst(i32* nocapture %x) nounwind uwtable sanitize_memory {
167 %0 = load i32, i32* %x, align 4
169 store i32 %1, i32* %x, align 4
173 ; CHECK: @ShlNonConst
182 define void @SExt(i32* nocapture %a, i16* nocapture %b) nounwind uwtable sanitize_memory {
184 %0 = load i16, i16* %b, align 2
185 %1 = sext i16 %0 to i32
186 store i32 %1, i32* %a, align 4
201 define void @MemSet(i8* nocapture %x) nounwind uwtable sanitize_memory {
203 call void @llvm.memset.p0i8.i64(i8* %x, i8 42, i64 10, i32 1, i1 false)
207 declare void @llvm.memset.p0i8.i64(i8* nocapture, i8, i64, i32, i1) nounwind
210 ; CHECK: call i8* @__msan_memset
215 define void @MemCpy(i8* nocapture %x, i8* nocapture %y) nounwind uwtable sanitize_memory {
217 call void @llvm.memcpy.p0i8.p0i8.i64(i8* %x, i8* %y, i64 10, i32 1, i1 false)
221 declare void @llvm.memcpy.p0i8.p0i8.i64(i8* nocapture, i8* nocapture, i64, i32, i1) nounwind
224 ; CHECK: call i8* @__msan_memcpy
228 ; memmove is lowered to a call
229 define void @MemMove(i8* nocapture %x, i8* nocapture %y) nounwind uwtable sanitize_memory {
231 call void @llvm.memmove.p0i8.p0i8.i64(i8* %x, i8* %y, i64 10, i32 1, i1 false)
235 declare void @llvm.memmove.p0i8.p0i8.i64(i8* nocapture, i8* nocapture, i64, i32, i1) nounwind
238 ; CHECK: call i8* @__msan_memmove
242 ; Check that we propagate shadow for "select"
244 define i32 @Select(i32 %a, i32 %b, i1 %c) nounwind uwtable readnone sanitize_memory {
246 %cond = select i1 %c, i32 %a, i32 %b
255 ; CHECK-DAG: select i1
256 ; CHECK-ORIGINS-DAG: select
257 ; CHECK-ORIGINS-DAG: select
258 ; CHECK-DAG: select i1
259 ; CHECK: store i32{{.*}}@__msan_retval_tls
260 ; CHECK-ORIGINS: store i32{{.*}}@__msan_retval_origin_tls
264 ; Check that we propagate origin for "select" with vector condition.
265 ; Select condition is flattened to i1, which is then used to select one of the
268 define <8 x i16> @SelectVector(<8 x i16> %a, <8 x i16> %b, <8 x i1> %c) nounwind uwtable readnone sanitize_memory {
270 %cond = select <8 x i1> %c, <8 x i16> %a, <8 x i16> %b
274 ; CHECK: @SelectVector
275 ; CHECK: select <8 x i1>
276 ; CHECK-DAG: or <8 x i16>
277 ; CHECK-DAG: xor <8 x i16>
278 ; CHECK: or <8 x i16>
279 ; CHECK-DAG: select <8 x i1>
280 ; CHECK-ORIGINS-DAG: select
281 ; CHECK-ORIGINS-DAG: select
282 ; CHECK-DAG: select <8 x i1>
283 ; CHECK: store <8 x i16>{{.*}}@__msan_retval_tls
284 ; CHECK-ORIGINS: store i32{{.*}}@__msan_retval_origin_tls
285 ; CHECK: ret <8 x i16>
288 ; Check that we propagate origin for "select" with scalar condition and vector
289 ; arguments. Select condition shadow is sign-extended to the vector type and
290 ; mixed into the result shadow.
292 define <8 x i16> @SelectVector2(<8 x i16> %a, <8 x i16> %b, i1 %c) nounwind uwtable readnone sanitize_memory {
294 %cond = select i1 %c, <8 x i16> %a, <8 x i16> %b
298 ; CHECK: @SelectVector2
300 ; CHECK-DAG: or <8 x i16>
301 ; CHECK-DAG: xor <8 x i16>
302 ; CHECK: or <8 x i16>
303 ; CHECK-DAG: select i1
304 ; CHECK-ORIGINS-DAG: select i1
305 ; CHECK-ORIGINS-DAG: select i1
306 ; CHECK-DAG: select i1
307 ; CHECK: ret <8 x i16>
310 define { i64, i64 } @SelectStruct(i1 zeroext %x, { i64, i64 } %a, { i64, i64 } %b) readnone sanitize_memory {
312 %c = select i1 %x, { i64, i64 } %a, { i64, i64 } %b
316 ; CHECK: @SelectStruct
317 ; CHECK: select i1 {{.*}}, { i64, i64 }
318 ; CHECK-NEXT: select i1 {{.*}}, { i64, i64 } { i64 -1, i64 -1 }, { i64, i64 }
319 ; CHECK-ORIGINS: select i1
320 ; CHECK-ORIGINS: select i1
321 ; CHECK-NEXT: select i1 {{.*}}, { i64, i64 }
322 ; CHECK: ret { i64, i64 }
325 define { i64*, double } @SelectStruct2(i1 zeroext %x, { i64*, double } %a, { i64*, double } %b) readnone sanitize_memory {
327 %c = select i1 %x, { i64*, double } %a, { i64*, double } %b
328 ret { i64*, double } %c
331 ; CHECK: @SelectStruct2
332 ; CHECK: select i1 {{.*}}, { i64, i64 }
333 ; CHECK-NEXT: select i1 {{.*}}, { i64, i64 } { i64 -1, i64 -1 }, { i64, i64 }
334 ; CHECK-ORIGINS: select i1
335 ; CHECK-ORIGINS: select i1
336 ; CHECK-NEXT: select i1 {{.*}}, { i64*, double }
337 ; CHECK: ret { i64*, double }
340 define i8* @IntToPtr(i64 %x) nounwind uwtable readnone sanitize_memory {
342 %0 = inttoptr i64 %x to i8*
347 ; CHECK: load i64, i64*{{.*}}__msan_param_tls
348 ; CHECK-ORIGINS-NEXT: load i32, i32*{{.*}}__msan_param_origin_tls
349 ; CHECK-NEXT: inttoptr
350 ; CHECK-NEXT: store i64{{.*}}__msan_retval_tls
354 define i8* @IntToPtr_ZExt(i16 %x) nounwind uwtable readnone sanitize_memory {
356 %0 = inttoptr i16 %x to i8*
360 ; CHECK: @IntToPtr_ZExt
361 ; CHECK: load i16, i16*{{.*}}__msan_param_tls
363 ; CHECK-NEXT: inttoptr
364 ; CHECK-NEXT: store i64{{.*}}__msan_retval_tls
368 ; Check that we insert exactly one check on udiv
369 ; (2nd arg shadow is checked, 1st arg shadow is propagated)
371 define i32 @Div(i32 %a, i32 %b) nounwind uwtable readnone sanitize_memory {
373 %div = udiv i32 %a, %b
379 ; CHECK: call void @__msan_warning
386 ; Check that we propagate shadow for x<0, x>=0, etc (i.e. sign bit tests)
388 define zeroext i1 @ICmpSLT(i32 %x) nounwind uwtable readnone sanitize_memory {
389 %1 = icmp slt i32 %x, 0
395 ; CHECK-NOT: call void @__msan_warning
397 ; CHECK-NOT: call void @__msan_warning
400 define zeroext i1 @ICmpSGE(i32 %x) nounwind uwtable readnone sanitize_memory {
401 %1 = icmp sge i32 %x, 0
407 ; CHECK-NOT: call void @__msan_warning
409 ; CHECK-NOT: call void @__msan_warning
412 define zeroext i1 @ICmpSGT(i32 %x) nounwind uwtable readnone sanitize_memory {
413 %1 = icmp sgt i32 0, %x
419 ; CHECK-NOT: call void @__msan_warning
421 ; CHECK-NOT: call void @__msan_warning
424 define zeroext i1 @ICmpSLE(i32 %x) nounwind uwtable readnone sanitize_memory {
425 %1 = icmp sle i32 0, %x
431 ; CHECK-NOT: call void @__msan_warning
433 ; CHECK-NOT: call void @__msan_warning
437 ; Check that we propagate shadow for x<0, x>=0, etc (i.e. sign bit tests)
438 ; of the vector arguments.
440 define <2 x i1> @ICmpSLT_vector(<2 x i32*> %x) nounwind uwtable readnone sanitize_memory {
441 %1 = icmp slt <2 x i32*> %x, zeroinitializer
445 ; CHECK: @ICmpSLT_vector
446 ; CHECK: icmp slt <2 x i64>
447 ; CHECK-NOT: call void @__msan_warning
448 ; CHECK: icmp slt <2 x i32*>
449 ; CHECK-NOT: call void @__msan_warning
450 ; CHECK: ret <2 x i1>
453 ; Check that we propagate shadow for unsigned relational comparisons with
456 define zeroext i1 @ICmpUGTConst(i32 %x) nounwind uwtable readnone sanitize_memory {
458 %cmp = icmp ugt i32 %x, 7
462 ; CHECK: @ICmpUGTConst
463 ; CHECK: icmp ugt i32
464 ; CHECK-NOT: call void @__msan_warning
465 ; CHECK: icmp ugt i32
466 ; CHECK-NOT: call void @__msan_warning
467 ; CHECK: icmp ugt i32
468 ; CHECK-NOT: call void @__msan_warning
472 ; Check that loads of shadow have the same aligment as the original loads.
473 ; Check that loads of origin have the aligment of max(4, original alignment).
475 define i32 @ShadowLoadAlignmentLarge() nounwind uwtable sanitize_memory {
476 %y = alloca i32, align 64
477 %1 = load volatile i32, i32* %y, align 64
481 ; CHECK: @ShadowLoadAlignmentLarge
482 ; CHECK: load volatile i32, i32* {{.*}} align 64
483 ; CHECK: load i32, i32* {{.*}} align 64
486 define i32 @ShadowLoadAlignmentSmall() nounwind uwtable sanitize_memory {
487 %y = alloca i32, align 2
488 %1 = load volatile i32, i32* %y, align 2
492 ; CHECK: @ShadowLoadAlignmentSmall
493 ; CHECK: load volatile i32, i32* {{.*}} align 2
494 ; CHECK: load i32, i32* {{.*}} align 2
495 ; CHECK-ORIGINS: load i32, i32* {{.*}} align 4
499 ; Test vector manipulation instructions.
500 ; Check that the same bit manipulation is applied to the shadow values.
501 ; Check that there is a zero test of the shadow of %idx argument, where present.
503 define i32 @ExtractElement(<4 x i32> %vec, i32 %idx) sanitize_memory {
504 %x = extractelement <4 x i32> %vec, i32 %idx
508 ; CHECK: @ExtractElement
509 ; CHECK: extractelement
510 ; CHECK: call void @__msan_warning
511 ; CHECK: extractelement
514 define <4 x i32> @InsertElement(<4 x i32> %vec, i32 %idx, i32 %x) sanitize_memory {
515 %vec1 = insertelement <4 x i32> %vec, i32 %x, i32 %idx
519 ; CHECK: @InsertElement
520 ; CHECK: insertelement
521 ; CHECK: call void @__msan_warning
522 ; CHECK: insertelement
523 ; CHECK: ret <4 x i32>
525 define <4 x i32> @ShuffleVector(<4 x i32> %vec, <4 x i32> %vec1) sanitize_memory {
526 %vec2 = shufflevector <4 x i32> %vec, <4 x i32> %vec1,
527 <4 x i32> <i32 0, i32 4, i32 1, i32 5>
531 ; CHECK: @ShuffleVector
532 ; CHECK: shufflevector
533 ; CHECK-NOT: call void @__msan_warning
534 ; CHECK: shufflevector
535 ; CHECK: ret <4 x i32>
538 ; Test bswap intrinsic instrumentation
539 define i32 @BSwap(i32 %x) nounwind uwtable readnone sanitize_memory {
540 %y = tail call i32 @llvm.bswap.i32(i32 %x)
544 declare i32 @llvm.bswap.i32(i32) nounwind readnone
547 ; CHECK-NOT: call void @__msan_warning
548 ; CHECK: @llvm.bswap.i32
549 ; CHECK-NOT: call void @__msan_warning
550 ; CHECK: @llvm.bswap.i32
551 ; CHECK-NOT: call void @__msan_warning
557 define void @StoreIntrinsic(i8* %p, <4 x float> %x) nounwind uwtable sanitize_memory {
558 call void @llvm.x86.sse.storeu.ps(i8* %p, <4 x float> %x)
562 declare void @llvm.x86.sse.storeu.ps(i8*, <4 x float>) nounwind
564 ; CHECK: @StoreIntrinsic
567 ; CHECK: store <4 x i32> {{.*}} align 1
568 ; CHECK: call void @llvm.x86.sse.storeu.ps
574 define <16 x i8> @LoadIntrinsic(i8* %p) nounwind uwtable sanitize_memory {
575 %call = call <16 x i8> @llvm.x86.sse3.ldu.dq(i8* %p)
579 declare <16 x i8> @llvm.x86.sse3.ldu.dq(i8* %p) nounwind
581 ; CHECK: @LoadIntrinsic
582 ; CHECK: load <16 x i8>, <16 x i8>* {{.*}} align 1
583 ; CHECK-ORIGINS: [[ORIGIN:%[01-9a-z]+]] = load i32, i32* {{.*}}
586 ; CHECK: call <16 x i8> @llvm.x86.sse3.ldu.dq
587 ; CHECK: store <16 x i8> {{.*}} @__msan_retval_tls
588 ; CHECK-ORIGINS: store i32 {{.*}}[[ORIGIN]], i32* @__msan_retval_origin_tls
589 ; CHECK: ret <16 x i8>
592 ; Simple NoMem intrinsic
593 ; Check that shadow is OR'ed, and origin is Select'ed
594 ; And no shadow checks!
596 define <8 x i16> @Paddsw128(<8 x i16> %a, <8 x i16> %b) nounwind uwtable sanitize_memory {
597 %call = call <8 x i16> @llvm.x86.sse2.padds.w(<8 x i16> %a, <8 x i16> %b)
601 declare <8 x i16> @llvm.x86.sse2.padds.w(<8 x i16> %a, <8 x i16> %b) nounwind
604 ; CHECK-NEXT: load <8 x i16>, <8 x i16>* {{.*}} @__msan_param_tls
605 ; CHECK-ORIGINS: load i32, i32* {{.*}} @__msan_param_origin_tls
606 ; CHECK-NEXT: load <8 x i16>, <8 x i16>* {{.*}} @__msan_param_tls
607 ; CHECK-ORIGINS: load i32, i32* {{.*}} @__msan_param_origin_tls
608 ; CHECK-NEXT: = or <8 x i16>
609 ; CHECK-ORIGINS: = bitcast <8 x i16> {{.*}} to i128
610 ; CHECK-ORIGINS-NEXT: = icmp ne i128 {{.*}}, 0
611 ; CHECK-ORIGINS-NEXT: = select i1 {{.*}}, i32 {{.*}}, i32
612 ; CHECK-NEXT: call <8 x i16> @llvm.x86.sse2.padds.w
613 ; CHECK-NEXT: store <8 x i16> {{.*}} @__msan_retval_tls
614 ; CHECK-ORIGINS: store i32 {{.*}} @__msan_retval_origin_tls
615 ; CHECK-NEXT: ret <8 x i16>
618 ; Test handling of vectors of pointers.
619 ; Check that shadow of such vector is a vector of integers.
621 define <8 x i8*> @VectorOfPointers(<8 x i8*>* %p) nounwind uwtable sanitize_memory {
622 %x = load <8 x i8*>, <8 x i8*>* %p
626 ; CHECK: @VectorOfPointers
627 ; CHECK: load <8 x i8*>, <8 x i8*>*
628 ; CHECK: load <8 x i64>, <8 x i64>*
629 ; CHECK: store <8 x i64> {{.*}} @__msan_retval_tls
630 ; CHECK: ret <8 x i8*>
632 ; Test handling of va_copy.
634 declare void @llvm.va_copy(i8*, i8*) nounwind
636 define void @VACopy(i8* %p1, i8* %p2) nounwind uwtable sanitize_memory {
637 call void @llvm.va_copy(i8* %p1, i8* %p2) nounwind
642 ; CHECK: call void @llvm.memset.p0i8.i64({{.*}}, i8 0, i64 24, i32 8, i1 false)
646 ; Test that va_start instrumentation does not use va_arg_tls*.
647 ; It should work with a local stack copy instead.
649 %struct.__va_list_tag = type { i32, i32, i8*, i8* }
650 declare void @llvm.va_start(i8*) nounwind
652 ; Function Attrs: nounwind uwtable
653 define void @VAStart(i32 %x, ...) sanitize_memory {
655 %x.addr = alloca i32, align 4
656 %va = alloca [1 x %struct.__va_list_tag], align 16
657 store i32 %x, i32* %x.addr, align 4
658 %arraydecay = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %va, i32 0, i32 0
659 %arraydecay1 = bitcast %struct.__va_list_tag* %arraydecay to i8*
660 call void @llvm.va_start(i8* %arraydecay1)
665 ; CHECK: call void @llvm.va_start
666 ; CHECK-NOT: @__msan_va_arg_tls
667 ; CHECK-NOT: @__msan_va_arg_overflow_size_tls
671 ; Test handling of volatile stores.
672 ; Check that MemorySanitizer does not add a check of the value being stored.
674 define void @VolatileStore(i32* nocapture %p, i32 %x) nounwind uwtable sanitize_memory {
676 store volatile i32 %x, i32* %p, align 4
680 ; CHECK: @VolatileStore
681 ; CHECK-NOT: @__msan_warning
685 ; Test that checks are omitted and returned value is always initialized if
686 ; sanitize_memory attribute is missing.
688 define i32 @NoSanitizeMemory(i32 %x) uwtable {
690 %tobool = icmp eq i32 %x, 0
691 br i1 %tobool, label %if.end, label %if.then
693 if.then: ; preds = %entry
694 tail call void @bar()
697 if.end: ; preds = %entry, %if.then
703 ; CHECK: @NoSanitizeMemory
704 ; CHECK-NOT: @__msan_warning
705 ; CHECK: store i32 0, {{.*}} @__msan_retval_tls
706 ; CHECK-NOT: @__msan_warning
710 ; Test that stack allocations are unpoisoned in functions missing
711 ; sanitize_memory attribute
713 define i32 @NoSanitizeMemoryAlloca() {
715 %p = alloca i32, align 4
716 %x = call i32 @NoSanitizeMemoryAllocaHelper(i32* %p)
720 declare i32 @NoSanitizeMemoryAllocaHelper(i32* %p)
722 ; CHECK: @NoSanitizeMemoryAlloca
723 ; CHECK: call void @llvm.memset.p0i8.i64(i8* {{.*}}, i8 0, i64 4, i32 4, i1 false)
724 ; CHECK: call i32 @NoSanitizeMemoryAllocaHelper(i32*
728 ; Test that undef is unpoisoned in functions missing
729 ; sanitize_memory attribute
731 define i32 @NoSanitizeMemoryUndef() {
733 %x = call i32 @NoSanitizeMemoryUndefHelper(i32 undef)
737 declare i32 @NoSanitizeMemoryUndefHelper(i32 %x)
739 ; CHECK: @NoSanitizeMemoryAlloca
740 ; CHECK: store i32 0, i32* {{.*}} @__msan_param_tls
741 ; CHECK: call i32 @NoSanitizeMemoryUndefHelper(i32 undef)
745 ; Test PHINode instrumentation in blacklisted functions
747 define i32 @NoSanitizeMemoryPHI(i32 %x) {
749 %tobool = icmp ne i32 %x, 0
750 br i1 %tobool, label %cond.true, label %cond.false
752 cond.true: ; preds = %entry
755 cond.false: ; preds = %entry
758 cond.end: ; preds = %cond.false, %cond.true
759 %cond = phi i32 [ undef, %cond.true ], [ undef, %cond.false ]
763 ; CHECK: [[A:%.*]] = phi i32 [ undef, %cond.true ], [ undef, %cond.false ]
764 ; CHECK: store i32 0, i32* bitcast {{.*}} @__msan_retval_tls
765 ; CHECK: ret i32 [[A]]
768 ; Test that there are no __msan_param_origin_tls stores when
769 ; argument shadow is a compile-time zero constant (which is always the case
770 ; in functions missing sanitize_memory attribute).
772 define i32 @NoSanitizeMemoryParamTLS(i32* nocapture readonly %x) {
774 %0 = load i32, i32* %x, align 4
775 %call = tail call i32 @NoSanitizeMemoryParamTLSHelper(i32 %0)
779 declare i32 @NoSanitizeMemoryParamTLSHelper(i32 %x)
781 ; CHECK-LABEL: define i32 @NoSanitizeMemoryParamTLS(
782 ; CHECK-NOT: __msan_param_origin_tls
786 ; Test argument shadow alignment
788 define <2 x i64> @ArgumentShadowAlignment(i64 %a, <2 x i64> %b) sanitize_memory {
793 ; CHECK: @ArgumentShadowAlignment
794 ; CHECK: load <2 x i64>, <2 x i64>* {{.*}} @__msan_param_tls {{.*}}, align 8
795 ; CHECK: store <2 x i64> {{.*}} @__msan_retval_tls {{.*}}, align 8
796 ; CHECK: ret <2 x i64>
799 ; Test origin propagation for insertvalue
801 define { i64, i32 } @make_pair_64_32(i64 %x, i32 %y) sanitize_memory {
803 %a = insertvalue { i64, i32 } undef, i64 %x, 0
804 %b = insertvalue { i64, i32 } %a, i32 %y, 1
808 ; CHECK-ORIGINS: @make_pair_64_32
809 ; First element shadow
810 ; CHECK-ORIGINS: insertvalue { i64, i32 } { i64 -1, i32 -1 }, i64 {{.*}}, 0
811 ; First element origin
812 ; CHECK-ORIGINS: icmp ne i64
813 ; CHECK-ORIGINS: select i1
814 ; First element app value
815 ; CHECK-ORIGINS: insertvalue { i64, i32 } undef, i64 {{.*}}, 0
816 ; Second element shadow
817 ; CHECK-ORIGINS: insertvalue { i64, i32 } {{.*}}, i32 {{.*}}, 1
818 ; Second element origin
819 ; CHECK-ORIGINS: icmp ne i32
820 ; CHECK-ORIGINS: select i1
821 ; Second element app value
822 ; CHECK-ORIGINS: insertvalue { i64, i32 } {{.*}}, i32 {{.*}}, 1
823 ; CHECK-ORIGINS: ret { i64, i32 }
826 ; Test shadow propagation for aggregates passed through ellipsis.
828 %struct.StructByVal = type { i32, i32, i32, i32 }
830 declare void @VAArgStructFn(i32 %guard, ...)
832 define void @VAArgStruct(%struct.StructByVal* nocapture %s) sanitize_memory {
834 %agg.tmp2 = alloca %struct.StructByVal, align 8
835 %0 = bitcast %struct.StructByVal* %s to i8*
836 %agg.tmp.sroa.0.0..sroa_cast = bitcast %struct.StructByVal* %s to i64*
837 %agg.tmp.sroa.0.0.copyload = load i64, i64* %agg.tmp.sroa.0.0..sroa_cast, align 4
838 %agg.tmp.sroa.2.0..sroa_idx = getelementptr inbounds %struct.StructByVal, %struct.StructByVal* %s, i64 0, i32 2
839 %agg.tmp.sroa.2.0..sroa_cast = bitcast i32* %agg.tmp.sroa.2.0..sroa_idx to i64*
840 %agg.tmp.sroa.2.0.copyload = load i64, i64* %agg.tmp.sroa.2.0..sroa_cast, align 4
841 %1 = bitcast %struct.StructByVal* %agg.tmp2 to i8*
842 call void @llvm.memcpy.p0i8.p0i8.i64(i8* %1, i8* %0, i64 16, i32 4, i1 false)
843 call void (i32, ...) @VAArgStructFn(i32 undef, i64 %agg.tmp.sroa.0.0.copyload, i64 %agg.tmp.sroa.2.0.copyload, i64 %agg.tmp.sroa.0.0.copyload, i64 %agg.tmp.sroa.2.0.copyload, %struct.StructByVal* byval align 8 %agg.tmp2)
847 ; "undef" and the first 2 structs go to general purpose registers;
848 ; the third struct goes to the overflow area byval
850 ; CHECK: @VAArgStruct
852 ; CHECK: store i32 -1, i32* {{.*}}@__msan_va_arg_tls {{.*}}, align 8
853 ; first struct through general purpose registers
854 ; CHECK: store i64 {{.*}}, i64* {{.*}}@__msan_va_arg_tls{{.*}}, i64 8){{.*}}, align 8
855 ; CHECK: store i64 {{.*}}, i64* {{.*}}@__msan_va_arg_tls{{.*}}, i64 16){{.*}}, align 8
856 ; second struct through general purpose registers
857 ; CHECK: store i64 {{.*}}, i64* {{.*}}@__msan_va_arg_tls{{.*}}, i64 24){{.*}}, align 8
858 ; CHECK: store i64 {{.*}}, i64* {{.*}}@__msan_va_arg_tls{{.*}}, i64 32){{.*}}, align 8
859 ; third struct through the overflow area byval
860 ; CHECK: ptrtoint %struct.StructByVal* {{.*}} to i64
861 ; CHECK: bitcast { i32, i32, i32, i32 }* {{.*}}@__msan_va_arg_tls {{.*}}, i64 176
862 ; CHECK: call void @llvm.memcpy.p0i8.p0i8.i64
863 ; CHECK: store i64 16, i64* @__msan_va_arg_overflow_size_tls
864 ; CHECK: call void (i32, ...) @VAArgStructFn
867 declare i32 @InnerTailCall(i32 %a)
869 define void @MismatchedReturnTypeTailCall(i32 %a) sanitize_memory {
870 %b = tail call i32 @InnerTailCall(i32 %a)
874 ; We used to strip off the 'tail' modifier, but now that we unpoison return slot
875 ; shadow before the call, we don't need to anymore.
877 ; CHECK-LABEL: define void @MismatchedReturnTypeTailCall
878 ; CHECK: tail call i32 @InnerTailCall
881 ; CHECK: define internal void @msan.module_ctor
882 ; CHECK: call void @__msan_init()