[asan] Disabling speculative loads under asan. Patch by Mike Aizatsky

author Kostya Serebryany <kcc@google.com>

Wed, 14 Oct 2015 00:21:05 +0000 (00:21 +0000)

committer Kostya Serebryany <kcc@google.com>

Wed, 14 Oct 2015 00:21:05 +0000 (00:21 +0000)
author Kostya Serebryany <kcc@google.com>
Wed, 14 Oct 2015 00:21:05 +0000 (00:21 +0000)
committer Kostya Serebryany <kcc@google.com>
Wed, 14 Oct 2015 00:21:05 +0000 (00:21 +0000)
diff --git a/lib/Analysis/ValueTracking.cpp b/lib/Analysis/ValueTracking.cpp

index 2a93e0d64d622078260bdf27b4d225abffd6e2a2..5caffee8fe73ba7729737c1c4e2c3b485adebb15 100644 (file)
--- a/lib/Analysis/ValueTracking.cpp
+++ b/lib/Analysis/ValueTracking.cpp
@@ -3187,7 +3187,11 @@ bool llvm::isSafeToSpeculativelyExecute(const Value *V,
      const LoadInst *LI = cast<LoadInst>(Inst);
      if (!LI->isUnordered() ||
          // Speculative load may create a race that did not exist in the source.
      const LoadInst *LI = cast<LoadInst>(Inst);
      if (!LI->isUnordered() ||
          // Speculative load may create a race that did not exist in the source.
-        LI->getParent()->getParent()->hasFnAttribute(Attribute::SanitizeThread))
+        LI->getParent()->getParent()->hasFnAttribute(
+            Attribute::SanitizeThread) ||
+        // Speculative load may load data from dirty regions.
+        LI->getParent()->getParent()->hasFnAttribute(
+            Attribute::SanitizeAddress))
        return false;
      const DataLayout &DL = LI->getModule()->getDataLayout();
      return isDereferenceableAndAlignedPointer(
        return false;
      const DataLayout &DL = LI->getModule()->getDataLayout();
      return isDereferenceableAndAlignedPointer(
diff --git a/test/Transforms/SimplifyCFG/no_speculative_loads_with_asan.ll b/test/Transforms/SimplifyCFG/no_speculative_loads_with_asan.ll

new file mode 100644 (file)

index 0000000..063bde8
--- /dev/null
+++ b/test/Transforms/SimplifyCFG/no_speculative_loads_with_asan.ll
@@ -0,0 +1,40 @@
+; RUN: opt -simplifycfg -S %s | FileCheck %s
+; Make sure we don't speculate loads under AddressSanitizer.
+@g = global i32 0, align 4
+
+define i32 @TestNoAsan(i32 %cond) nounwind readonly uwtable {
+entry:
+  %tobool = icmp eq i32 %cond, 0
+  br i1 %tobool, label %return, label %if.then
+
+if.then:                                          ; preds = %entry
+  %0 = load i32, i32* @g, align 4
+  br label %return
+
+return:                                           ; preds = %entry, %if.then
+  %retval = phi i32 [ %0, %if.then ], [ 0, %entry ]
+  ret i32 %retval
+; CHECK-LABEL: @TestNoAsan
+; CHECK: %[[LOAD:[^ ]*]] = load
+; CHECK: select{{.*}}[[LOAD]]
+; CHECK: ret i32
+}
+
+define i32 @TestAsan(i32 %cond) nounwind readonly uwtable sanitize_address {
+entry:
+  %tobool = icmp eq i32 %cond, 0
+  br i1 %tobool, label %return, label %if.then
+
+if.then:                                          ; preds = %entry
+  %0 = load i32, i32* @g, align 4
+  br label %return
+
+return:                                           ; preds = %entry, %if.then
+  %retval = phi i32 [ %0, %if.then ], [ 0, %entry ]
+  ret i32 %retval
+; CHECK-LABEL: @TestAsan
+; CHECK: br i1
+; CHECK: load i32, i32* @g
+; CHECK: br label
+; CHECK: ret i32
+}
author	Kostya Serebryany <kcc@google.com>
	Wed, 14 Oct 2015 00:21:05 +0000 (00:21 +0000)
committer	Kostya Serebryany <kcc@google.com>
	Wed, 14 Oct 2015 00:21:05 +0000 (00:21 +0000)
lib/Analysis/ValueTracking.cpp		patch \| blob \| history
test/Transforms/SimplifyCFG/no_speculative_loads_with_asan.ll	[new file with mode: 0644]	patch \| blob