diff --git a/lib/Transforms/Instrumentation/MemorySanitizer.cpp b/lib/Transforms/Instrumentation/MemorySanitizer.cpp index e890943c6a8..38a3fbb21f8 100644 --- a/lib/Transforms/Instrumentation/MemorySanitizer.cpp +++ b/lib/Transforms/Instrumentation/MemorySanitizer.cpp @@ -1397,13 +1397,61 @@ struct MemorySanitizerVisitor : public InstVisitor { SC.Done(&I); } + // \brief Handle multiplication by constant. + // + // Handle a special case of multiplication by constant that may have one or + // more zeros in the lower bits. This makes corresponding number of lower bits + // of the result zero as well. We model it by shifting the other operand + // shadow left by the required number of bits. Effectively, we transform + // (X * (A * 2**B)) to ((X << B) * A) and instrument (X << B) as (Sx << B). + // We use multiplication by 2**N instead of shift to cover the case of + // multiplication by 0, which may occur in some elements of a vector operand. + void handleMulByConstant(BinaryOperator &I, Constant *ConstArg, + Value *OtherArg) { + Constant *ShadowMul; + Type *Ty = ConstArg->getType(); + if (Ty->isVectorTy()) { + unsigned NumElements = Ty->getVectorNumElements(); + Type *EltTy = Ty->getSequentialElementType(); + SmallVector Elements; + for (unsigned Idx = 0; Idx < NumElements; ++Idx) { + ConstantInt *Elt = + dyn_cast(ConstArg->getAggregateElement(Idx)); + APInt V = Elt->getValue(); + APInt V2 = APInt(V.getBitWidth(), 1) << V.countTrailingZeros(); + Elements.push_back(ConstantInt::get(EltTy, V2)); + } + ShadowMul = ConstantVector::get(Elements); + } else { + ConstantInt *Elt = dyn_cast(ConstArg); + APInt V = Elt->getValue(); + APInt V2 = APInt(V.getBitWidth(), 1) << V.countTrailingZeros(); + ShadowMul = ConstantInt::get(Elt->getType(), V2); + } + + IRBuilder<> IRB(&I); + setShadow(&I, + IRB.CreateMul(getShadow(OtherArg), ShadowMul, "msprop_mul_cst")); + setOrigin(&I, getOrigin(OtherArg)); + } + + void visitMul(BinaryOperator &I) { + Constant *constOp0 = dyn_cast(I.getOperand(0)); + Constant *constOp1 = dyn_cast(I.getOperand(1)); + if (constOp0 && !constOp1) + handleMulByConstant(I, constOp0, I.getOperand(1)); + else if (constOp1 && !constOp0) + handleMulByConstant(I, constOp1, I.getOperand(0)); + else + handleShadowOr(I); + } + void visitFAdd(BinaryOperator &I) { handleShadowOr(I); } void visitFSub(BinaryOperator &I) { handleShadowOr(I); } void visitFMul(BinaryOperator &I) { handleShadowOr(I); } void visitAdd(BinaryOperator &I) { handleShadowOr(I); } void visitSub(BinaryOperator &I) { handleShadowOr(I); } void visitXor(BinaryOperator &I) { handleShadowOr(I); } - void visitMul(BinaryOperator &I) { handleShadowOr(I); } void handleDiv(Instruction &I) { IRBuilder<> IRB(&I); diff --git a/test/Instrumentation/MemorySanitizer/mul_by_constant.ll b/test/Instrumentation/MemorySanitizer/mul_by_constant.ll new file mode 100644 index 00000000000..e068f69ae4b --- /dev/null +++ b/test/Instrumentation/MemorySanitizer/mul_by_constant.ll @@ -0,0 +1,94 @@ +; RUN: opt < %s -msan -msan-check-access-address=0 -S | FileCheck %s + +target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128" +target triple = "x86_64-unknown-linux-gnu" + +; Check instrumentation mul when one of the operands is a constant. + +define i64 @MulConst(i64 %x) sanitize_memory { +entry: + %y = mul i64 %x, 42949672960000 + ret i64 %y +} + +; 42949672960000 = 2**32 * 10000 +; 36 trailing zero bits +; 68719476736 = 2**36 + +; CHECK-LABEL: @MulConst( +; CHECK: [[A:%.*]] = load {{.*}} @__msan_param_tls +; CHECK: [[B:%.*]] = mul i64 [[A]], 68719476736 +; CHECK: store i64 [[B]], i64* {{.*}} @__msan_retval_tls + + +define i64 @MulZero(i64 %x) sanitize_memory { +entry: + %y = mul i64 %x, 0 + ret i64 %y +} + +; CHECK-LABEL: @MulZero( +; CHECK: [[A:%.*]] = load {{.*}} @__msan_param_tls +; CHECK: [[B:%.*]] = mul i64 [[A]], 0{{$}} +; CHECK: store i64 [[B]], i64* {{.*}} @__msan_retval_tls + + +define i64 @MulNeg(i64 %x) sanitize_memory { +entry: + %y = mul i64 %x, -16 + ret i64 %y +} + +; CHECK-LABEL: @MulNeg( +; CHECK: [[A:%.*]] = load {{.*}} @__msan_param_tls +; CHECK: [[B:%.*]] = mul i64 [[A]], 16 +; CHECK: store i64 [[B]], i64* {{.*}} @__msan_retval_tls + + +define i64 @MulNeg2(i64 %x) sanitize_memory { +entry: + %y = mul i64 %x, -48 + ret i64 %y +} + +; CHECK-LABEL: @MulNeg2( +; CHECK: [[A:%.*]] = load {{.*}} @__msan_param_tls +; CHECK: [[B:%.*]] = mul i64 [[A]], 16 +; CHECK: store i64 [[B]], i64* {{.*}} @__msan_retval_tls + + +define i64 @MulOdd(i64 %x) sanitize_memory { +entry: + %y = mul i64 %x, 12345 + ret i64 %y +} + +; CHECK-LABEL: @MulOdd( +; CHECK: [[A:%.*]] = load {{.*}} @__msan_param_tls +; CHECK: [[B:%.*]] = mul i64 [[A]], 1 +; CHECK: store i64 [[B]], i64* {{.*}} @__msan_retval_tls + + +define i64 @MulLarge(i64 %x) sanitize_memory { +entry: + %y = mul i64 %x, -9223372036854775808 + ret i64 %y +} + +; -9223372036854775808 = 0x7000000000000000 + +; CHECK-LABEL: @MulLarge( +; CHECK: [[A:%.*]] = load {{.*}} @__msan_param_tls +; CHECK: [[B:%.*]] = mul i64 [[A]], -9223372036854775808 +; CHECK: store i64 [[B]], i64* {{.*}} @__msan_retval_tls + +define <4 x i32> @MulVectorConst(<4 x i32> %x) sanitize_memory { +entry: + %y = mul <4 x i32> %x, + ret <4 x i32> %y +} + +; CHECK-LABEL: @MulVectorConst( +; CHECK: [[A:%.*]] = load {{.*}} @__msan_param_tls +; CHECK: [[B:%.*]] = mul <4 x i32> [[A]], +; CHECK: store <4 x i32> [[B]], <4 x i32>* {{.*}} @__msan_retval_tls