LLVM 20.0.0git
TypeSanitizer.cpp
Go to the documentation of this file.
1//===----- TypeSanitizer.cpp - type-based-aliasing-violation detector -----===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file is a part of TypeSanitizer, a type-based-aliasing-violation
10// detector.
11//
12//===----------------------------------------------------------------------===//
13
14#include "llvm/Transforms/Instrumentation/TypeSanitizer.h"
15#include "llvm/ADT/SetVector.h"
16#include "llvm/ADT/SmallSet.h"
17#include "llvm/ADT/SmallVector.h"
18#include "llvm/ADT/Statistic.h"
19#include "llvm/ADT/StringExtras.h"
20#include "llvm/Analysis/MemoryLocation.h"
21#include "llvm/Analysis/TargetLibraryInfo.h"
22#include "llvm/IR/DataLayout.h"
23#include "llvm/IR/Function.h"
24#include "llvm/IR/IRBuilder.h"
25#include "llvm/IR/InstIterator.h"
26#include "llvm/IR/Instructions.h"
27#include "llvm/IR/IntrinsicInst.h"
28#include "llvm/IR/Intrinsics.h"
29#include "llvm/IR/LLVMContext.h"
30#include "llvm/IR/MDBuilder.h"
31#include "llvm/IR/Metadata.h"
32#include "llvm/IR/Module.h"
33#include "llvm/IR/Type.h"
34#include "llvm/ProfileData/InstrProf.h"
35#include "llvm/Support/CommandLine.h"
36#include "llvm/Support/Debug.h"
37#include "llvm/Support/MD5.h"
38#include "llvm/Support/MathExtras.h"
39#include "llvm/Support/Regex.h"
40#include "llvm/Support/raw_ostream.h"
41#include "llvm/Transforms/Utils/BasicBlockUtils.h"
42#include "llvm/Transforms/Utils/Local.h"
43#include "llvm/Transforms/Utils/ModuleUtils.h"
44
45#include <cctype>
46
47using namespace llvm;
48
49#define DEBUG_TYPE "tysan"
50
51static const char *const kTysanModuleCtorName = "tysan.module_ctor";
52static const char *const kTysanInitName = "__tysan_init";
53static const char *const kTysanCheckName = "__tysan_check";
54static const char *const kTysanGVNamePrefix = "__tysan_v1_";
55
56static const char *const kTysanShadowMemoryAddress =
57 "__tysan_shadow_memory_address";
58static const char *const kTysanAppMemMask = "__tysan_app_memory_mask";
59
60static cl::opt<bool>
61 ClWritesAlwaysSetType("tysan-writes-always-set-type",
62 cl::desc("Writes always set the type"), cl::Hidden,
63 cl::init(false));
64
65STATISTIC(NumInstrumentedAccesses, "Number of instrumented accesses");
66
67namespace {
68
69/// TypeSanitizer: instrument the code in module to find type-based aliasing
70/// violations.
71struct TypeSanitizer {
72 TypeSanitizer(Module &M);
73 bool run(Function &F, const TargetLibraryInfo &TLI);
74 void instrumentGlobals(Module &M);
75
76private:
77 typedef SmallDenseMap<const MDNode *, GlobalVariable *, 8>
78 TypeDescriptorsMapTy;
79 typedef SmallDenseMap<const MDNode *, std::string, 8> TypeNameMapTy;
80
81 void initializeCallbacks(Module &M);
82
83 Instruction *getShadowBase(Function &F);
84 Instruction *getAppMemMask(Function &F);
85
86 bool instrumentWithShadowUpdate(IRBuilder<> &IRB, const MDNode *TBAAMD,
87 Value *Ptr, uint64_t AccessSize, bool IsRead,
88 bool IsWrite, Value *ShadowBase,
89 Value *AppMemMask, bool ForceSetType,
90 bool SanitizeFunction,
91 TypeDescriptorsMapTy &TypeDescriptors,
92 const DataLayout &DL);
93
94 /// Memory-related intrinsics/instructions reset the type of the destination
95 /// memory (including allocas and byval arguments).
96 bool instrumentMemInst(Value *I, Instruction *ShadowBase,
97 Instruction *AppMemMask, const DataLayout &DL);
98
99 std::string getAnonymousStructIdentifier(const MDNode *MD,
100 TypeNameMapTy &TypeNames);
101 bool generateTypeDescriptor(const MDNode *MD,
102 TypeDescriptorsMapTy &TypeDescriptors,
103 TypeNameMapTy &TypeNames, Module &M);
104 bool generateBaseTypeDescriptor(const MDNode *MD,
105 TypeDescriptorsMapTy &TypeDescriptors,
106 TypeNameMapTy &TypeNames, Module &M);
107
108 const Triple TargetTriple;
109 Regex AnonNameRegex;
110 Type *IntptrTy;
111 uint64_t PtrShift;
112 IntegerType *OrdTy;
113
114 /// Callbacks to run-time library are computed in initializeCallbacks.
115 FunctionCallee TysanCheck;
116 FunctionCallee TysanCtorFunction;
117
118 /// Callback to set types for gloabls.
119 Function *TysanGlobalsSetTypeFunction;
120};
121} // namespace
122
123TypeSanitizer::TypeSanitizer(Module &M)
124 : TargetTriple(Triple(M.getTargetTriple())),
125 AnonNameRegex("^_ZTS.*N[1-9][0-9]*_GLOBAL__N") {
126 const DataLayout &DL = M.getDataLayout();
127 IntptrTy = DL.getIntPtrType(M.getContext());
128 PtrShift = countr_zero(IntptrTy->getPrimitiveSizeInBits() / 8);
129
130 TysanGlobalsSetTypeFunction = M.getFunction("__tysan_set_globals_types");
131 initializeCallbacks(M);
132}
133
134void TypeSanitizer::initializeCallbacks(Module &M) {
135 IRBuilder<> IRB(M.getContext());
136 OrdTy = IRB.getInt32Ty();
137
138 AttributeList Attr;
139 Attr = Attr.addFnAttribute(M.getContext(), Attribute::NoUnwind);
140 // Initialize the callbacks.
141 TysanCheck =
142 M.getOrInsertFunction(kTysanCheckName, Attr, IRB.getVoidTy(),
143 IRB.getPtrTy(), // Pointer to data to be read.
144 OrdTy, // Size of the data in bytes.
145 IRB.getPtrTy(), // Pointer to type descriptor.
146 OrdTy // Flags.
147 );
148
149 TysanCtorFunction =
150 M.getOrInsertFunction(kTysanModuleCtorName, Attr, IRB.getVoidTy());
151}
152
153void TypeSanitizer::instrumentGlobals(Module &M) {
154 TysanGlobalsSetTypeFunction = nullptr;
155
156 NamedMDNode *Globals = M.getNamedMetadata("llvm.tysan.globals");
157 if (!Globals)
158 return;
159
160 TysanGlobalsSetTypeFunction = Function::Create(
161 FunctionType::get(Type::getVoidTy(M.getContext()), false),
162 GlobalValue::InternalLinkage, "__tysan_set_globals_types", &M);
163 BasicBlock *BB =
164 BasicBlock::Create(M.getContext(), "", TysanGlobalsSetTypeFunction);
165 ReturnInst::Create(M.getContext(), BB);
166
167 const DataLayout &DL = M.getDataLayout();
168 Value *ShadowBase = getShadowBase(*TysanGlobalsSetTypeFunction);
169 Value *AppMemMask = getAppMemMask(*TysanGlobalsSetTypeFunction);
170 TypeDescriptorsMapTy TypeDescriptors;
171 TypeNameMapTy TypeNames;
172
173 for (const auto &GMD : Globals->operands()) {
174 auto *GV = mdconst::dyn_extract_or_null<GlobalVariable>(GMD->getOperand(0));
175 if (!GV)
176 continue;
177 const MDNode *TBAAMD = cast<MDNode>(GMD->getOperand(1));
178 if (!generateBaseTypeDescriptor(TBAAMD, TypeDescriptors, TypeNames, M))
179 continue;
180
181 IRBuilder<> IRB(
182 TysanGlobalsSetTypeFunction->getEntryBlock().getTerminator());
183 Type *AccessTy = GV->getValueType();
184 assert(AccessTy->isSized());
185 uint64_t AccessSize = DL.getTypeStoreSize(AccessTy);
186 instrumentWithShadowUpdate(IRB, TBAAMD, GV, AccessSize, false, false,
187 ShadowBase, AppMemMask, true, false,
188 TypeDescriptors, DL);
189 }
190
191 if (TysanGlobalsSetTypeFunction) {
192 IRBuilder<> IRB(cast<Function>(TysanCtorFunction.getCallee())
193 ->getEntryBlock()
194 .getTerminator());
195 IRB.CreateCall(TysanGlobalsSetTypeFunction, {});
196 }
197}
198
199static const char LUT[] = "0123456789abcdef";
200
201static std::string encodeName(StringRef Name) {
202 size_t Length = Name.size();
203 std::string Output = kTysanGVNamePrefix;
204 Output.reserve(Output.size() + 3 * Length);
205 for (size_t i = 0; i < Length; ++i) {
206 const unsigned char c = Name[i];
207 if (isalnum(c)) {
208 Output.push_back(c);
209 continue;
210 }
211
212 if (c == '_') {
213 Output.append("__");
214 continue;
215 }
216
217 Output.push_back('_');
218 Output.push_back(LUT[c >> 4]);
219 Output.push_back(LUT[c & 15]);
220 }
221
222 return Output;
223}
224
225std::string
226TypeSanitizer::getAnonymousStructIdentifier(const MDNode *MD,
227 TypeNameMapTy &TypeNames) {
228 MD5 Hash;
229
230 for (int i = 1, e = MD->getNumOperands(); i < e; i += 2) {
231 const MDNode *MemberNode = dyn_cast<MDNode>(MD->getOperand(i));
232 if (!MemberNode)
233 return "";
234
235 auto TNI = TypeNames.find(MemberNode);
236 std::string MemberName;
237 if (TNI != TypeNames.end()) {
238 MemberName = TNI->second;
239 } else {
240 if (MemberNode->getNumOperands() < 1)
241 return "";
242 MDString *MemberNameNode = dyn_cast<MDString>(MemberNode->getOperand(0));
243 if (!MemberNameNode)
244 return "";
245 MemberName = MemberNameNode->getString().str();
246 if (MemberName.empty())
247 MemberName = getAnonymousStructIdentifier(MemberNode, TypeNames);
248 if (MemberName.empty())
249 return "";
250 TypeNames[MemberNode] = MemberName;
251 }
252
253 Hash.update(MemberName);
254 Hash.update("\0");
255
256 uint64_t Offset =
257 mdconst::extract<ConstantInt>(MD->getOperand(i + 1))->getZExtValue();
258 Hash.update(utostr(Offset));
259 Hash.update("\0");
260 }
261
262 MD5::MD5Result HashResult;
263 Hash.final(HashResult);
264 return "__anonymous_" + std::string(HashResult.digest().str());
265}
266
267bool TypeSanitizer::generateBaseTypeDescriptor(
268 const MDNode *MD, TypeDescriptorsMapTy &TypeDescriptors,
269 TypeNameMapTy &TypeNames, Module &M) {
270 if (MD->getNumOperands() < 1)
271 return false;
272
273 MDString *NameNode = dyn_cast<MDString>(MD->getOperand(0));
274 if (!NameNode)
275 return false;
276
277 std::string Name = NameNode->getString().str();
278 if (Name.empty())
279 Name = getAnonymousStructIdentifier(MD, TypeNames);
280 if (Name.empty())
281 return false;
282 TypeNames[MD] = Name;
283 std::string EncodedName = encodeName(Name);
284
285 GlobalVariable *GV =
286 dyn_cast_or_null<GlobalVariable>(M.getNamedValue(EncodedName));
287 if (GV) {
288 TypeDescriptors[MD] = GV;
289 return true;
290 }
291
292 SmallVector<std::pair<Constant *, uint64_t>> Members;
293 for (int i = 1, e = MD->getNumOperands(); i < e; i += 2) {
294 const MDNode *MemberNode = dyn_cast<MDNode>(MD->getOperand(i));
295 if (!MemberNode)
296 return false;
297
298 Constant *Member;
299 auto TDI = TypeDescriptors.find(MemberNode);
300 if (TDI != TypeDescriptors.end()) {
301 Member = TDI->second;
302 } else {
303 if (!generateBaseTypeDescriptor(MemberNode, TypeDescriptors, TypeNames,
304 M))
305 return false;
306
307 Member = TypeDescriptors[MemberNode];
308 }
309
310 uint64_t Offset =
311 mdconst::extract<ConstantInt>(MD->getOperand(i + 1))->getZExtValue();
312
313 Members.push_back(std::make_pair(Member, Offset));
314 }
315
316 // The descriptor for a scalar is:
317 // [2, member count, [type pointer, offset]..., name]
318
319 LLVMContext &C = MD->getContext();
320 Constant *NameData = ConstantDataArray::getString(C, NameNode->getString());
321 SmallVector<Type *> TDSubTys;
322 SmallVector<Constant *> TDSubData;
323
324 auto PushTDSub = [&](Constant *C) {
325 TDSubTys.push_back(C->getType());
326 TDSubData.push_back(C);
327 };
328
329 PushTDSub(ConstantInt::get(IntptrTy, 2));
330 PushTDSub(ConstantInt::get(IntptrTy, Members.size()));
331
332 // Types that are in an anonymous namespace are local to this module.
333 // FIXME: This should really be marked by the frontend in the metadata
334 // instead of having us guess this from the mangled name. Moreover, the regex
335 // here can pick up (unlikely) names in the non-reserved namespace (because
336 // it needs to search into the type to pick up cases where the type in the
337 // anonymous namespace is a template parameter, etc.).
338 bool ShouldBeComdat = !AnonNameRegex.match(NameNode->getString());
339 for (auto &Member : Members) {
340 PushTDSub(Member.first);
341 PushTDSub(ConstantInt::get(IntptrTy, Member.second));
342 }
343
344 PushTDSub(NameData);
345
346 StructType *TDTy = StructType::get(C, TDSubTys);
347 Constant *TD = ConstantStruct::get(TDTy, TDSubData);
348
349 GlobalVariable *TDGV =
350 new GlobalVariable(TDTy, true,
351 !ShouldBeComdat ? GlobalValue::InternalLinkage
352 : GlobalValue::LinkOnceODRLinkage,
353 TD, EncodedName);
354 M.insertGlobalVariable(TDGV);
355
356 if (ShouldBeComdat) {
357 if (TargetTriple.isOSBinFormatELF()) {
358 Comdat *TDComdat = M.getOrInsertComdat(EncodedName);
359 TDGV->setComdat(TDComdat);
360 }
361 appendToUsed(M, TDGV);
362 }
363
364 TypeDescriptors[MD] = TDGV;
365 return true;
366}
367
368bool TypeSanitizer::generateTypeDescriptor(
369 const MDNode *MD, TypeDescriptorsMapTy &TypeDescriptors,
370 TypeNameMapTy &TypeNames, Module &M) {
371 // Here we need to generate a type descriptor corresponding to this TBAA
372 // metadata node. Under the current scheme there are three kinds of TBAA
373 // metadata nodes: scalar nodes, struct nodes, and struct tag nodes.
374
375 if (MD->getNumOperands() < 3)
376 return false;
377
378 const MDNode *BaseNode = dyn_cast<MDNode>(MD->getOperand(0));
379 if (!BaseNode)
380 return false;
381
382 // This is a struct tag (element-access) node.
383
384 const MDNode *AccessNode = dyn_cast<MDNode>(MD->getOperand(1));
385 if (!AccessNode)
386 return false;
387
388 Constant *Base;
389 auto TDI = TypeDescriptors.find(BaseNode);
390 if (TDI != TypeDescriptors.end()) {
391 Base = TDI->second;
392 } else {
393 if (!generateBaseTypeDescriptor(BaseNode, TypeDescriptors, TypeNames, M))
394 return false;
395
396 Base = TypeDescriptors[BaseNode];
397 }
398
399 Constant *Access;
400 TDI = TypeDescriptors.find(AccessNode);
401 if (TDI != TypeDescriptors.end()) {
402 Access = TDI->second;
403 } else {
404 if (!generateBaseTypeDescriptor(AccessNode, TypeDescriptors, TypeNames, M))
405 return false;
406
407 Access = TypeDescriptors[AccessNode];
408 }
409
410 uint64_t Offset =
411 mdconst::extract<ConstantInt>(MD->getOperand(2))->getZExtValue();
412 std::string EncodedName =
413 std::string(Base->getName()) + "_o_" + utostr(Offset);
414
415 GlobalVariable *GV =
416 dyn_cast_or_null<GlobalVariable>(M.getNamedValue(EncodedName));
417 if (GV) {
418 TypeDescriptors[MD] = GV;
419 return true;
420 }
421
422 // The descriptor for a scalar is:
423 // [1, base-type pointer, access-type pointer, offset]
424
425 StructType *TDTy =
426 StructType::get(IntptrTy, Base->getType(), Access->getType(), IntptrTy);
427 Constant *TD =
428 ConstantStruct::get(TDTy, ConstantInt::get(IntptrTy, 1), Base, Access,
429 ConstantInt::get(IntptrTy, Offset));
430
431 bool ShouldBeComdat = cast<GlobalVariable>(Base)->getLinkage() ==
432 GlobalValue::LinkOnceODRLinkage;
433
434 GlobalVariable *TDGV =
435 new GlobalVariable(TDTy, true,
436 !ShouldBeComdat ? GlobalValue::InternalLinkage
437 : GlobalValue::LinkOnceODRLinkage,
438 TD, EncodedName);
439 M.insertGlobalVariable(TDGV);
440
441 if (ShouldBeComdat) {
442 if (TargetTriple.isOSBinFormatELF()) {
443 Comdat *TDComdat = M.getOrInsertComdat(EncodedName);
444 TDGV->setComdat(TDComdat);
445 }
446 appendToUsed(M, TDGV);
447 }
448
449 TypeDescriptors[MD] = TDGV;
450 return true;
451}
452
453Instruction *TypeSanitizer::getShadowBase(Function &F) {
454 IRBuilder<> IRB(&F.front().front());
455 Constant *GlobalShadowAddress =
456 F.getParent()->getOrInsertGlobal(kTysanShadowMemoryAddress, IntptrTy);
457 return IRB.CreateLoad(IntptrTy, GlobalShadowAddress, "shadow.base");
458}
459
460Instruction *TypeSanitizer::getAppMemMask(Function &F) {
461 IRBuilder<> IRB(&F.front().front());
462 Value *GlobalAppMemMask =
463 F.getParent()->getOrInsertGlobal(kTysanAppMemMask, IntptrTy);
464 return IRB.CreateLoad(IntptrTy, GlobalAppMemMask, "app.mem.mask");
465}
466
467/// Collect all loads and stores, and for what TBAA nodes we need to generate
468/// type descriptors.
469void collectMemAccessInfo(
470 Function &F, const TargetLibraryInfo &TLI,
471 SmallVectorImpl<std::pair<Instruction *, MemoryLocation>> &MemoryAccesses,
472 SmallSetVector<const MDNode *, 8> &TBAAMetadata,
473 SmallVectorImpl<Value *> &MemTypeResetInsts) {
474 // Traverse all instructions, collect loads/stores/returns, check for calls.
475 for (Instruction &Inst : instructions(F)) {
476 // Skip memory accesses inserted by another instrumentation.
477 if (Inst.getMetadata(LLVMContext::MD_nosanitize))
478 continue;
479
480 if (isa<LoadInst>(Inst) || isa<StoreInst>(Inst) ||
481 isa<AtomicCmpXchgInst>(Inst) || isa<AtomicRMWInst>(Inst)) {
482 MemoryLocation MLoc = MemoryLocation::get(&Inst);
483
484 // Swift errors are special (we can't introduce extra uses on them).
485 if (MLoc.Ptr->isSwiftError())
486 continue;
487
488 // Skip non-address-space-0 pointers; we don't know how to handle them.
489 Type *PtrTy = cast<PointerType>(MLoc.Ptr->getType());
490 if (PtrTy->getPointerAddressSpace() != 0)
491 continue;
492
493 if (MLoc.AATags.TBAA)
494 TBAAMetadata.insert(MLoc.AATags.TBAA);
495 MemoryAccesses.push_back(std::make_pair(&Inst, MLoc));
496 } else if (isa<CallInst>(Inst) || isa<InvokeInst>(Inst)) {
497 if (CallInst *CI = dyn_cast<CallInst>(&Inst))
498 maybeMarkSanitizerLibraryCallNoBuiltin(CI, &TLI);
499
500 if (isa<MemIntrinsic>(Inst)) {
501 MemTypeResetInsts.push_back(&Inst);
502 } else if (auto *II = dyn_cast<IntrinsicInst>(&Inst)) {
503 if (II->getIntrinsicID() == Intrinsic::lifetime_start ||
504 II->getIntrinsicID() == Intrinsic::lifetime_end)
505 MemTypeResetInsts.push_back(&Inst);
506 }
507 } else if (isa<AllocaInst>(Inst)) {
508 MemTypeResetInsts.push_back(&Inst);
509 }
510 }
511}
512
513bool TypeSanitizer::run(Function &F, const TargetLibraryInfo &TLI) {
514 // This is required to prevent instrumenting call to __tysan_init from within
515 // the module constructor.
516 if (&F == TysanCtorFunction.getCallee() || &F == TysanGlobalsSetTypeFunction)
517 return false;
518 initializeCallbacks(*F.getParent());
519
520 // We need to collect all loads and stores, and know for what TBAA nodes we
521 // need to generate type descriptors.
522 SmallVector<std::pair<Instruction *, MemoryLocation>> MemoryAccesses;
523 SmallSetVector<const MDNode *, 8> TBAAMetadata;
524 SmallVector<Value *> MemTypeResetInsts;
525 collectMemAccessInfo(F, TLI, MemoryAccesses, TBAAMetadata, MemTypeResetInsts);
526
527 // byval arguments also need their types reset (they're new stack memory,
528 // just like allocas).
529 for (auto &A : F.args())
530 if (A.hasByValAttr())
531 MemTypeResetInsts.push_back(&A);
532
533 Module &M = *F.getParent();
534 TypeDescriptorsMapTy TypeDescriptors;
535 TypeNameMapTy TypeNames;
536 bool Res = false;
537 for (const MDNode *MD : TBAAMetadata) {
538 if (TypeDescriptors.count(MD))
539 continue;
540
541 if (!generateTypeDescriptor(MD, TypeDescriptors, TypeNames, M))
542 return Res; // Giving up.
543
544 Res = true;
545 }
546
547 const DataLayout &DL = F.getParent()->getDataLayout();
548 bool SanitizeFunction = F.hasFnAttribute(Attribute::SanitizeType);
549 bool NeedsInstrumentation =
550 MemTypeResetInsts.empty() && MemoryAccesses.empty();
551 Instruction *ShadowBase = NeedsInstrumentation ? nullptr : getShadowBase(F);
552 Instruction *AppMemMask = NeedsInstrumentation ? nullptr : getAppMemMask(F);
553 for (const auto &[I, MLoc] : MemoryAccesses) {
554 IRBuilder<> IRB(I);
555 assert(MLoc.Size.isPrecise());
556 if (instrumentWithShadowUpdate(
557 IRB, MLoc.AATags.TBAA, const_cast<Value *>(MLoc.Ptr),
558 MLoc.Size.getValue(), I->mayReadFromMemory(), I->mayWriteToMemory(),
559 ShadowBase, AppMemMask, false, SanitizeFunction, TypeDescriptors,
560 DL)) {
561 ++NumInstrumentedAccesses;
562 Res = true;
563 }
564 }
565
566 for (auto Inst : MemTypeResetInsts)
567 Res |= instrumentMemInst(Inst, ShadowBase, AppMemMask, DL);
568
569 return Res;
570}
571
572static Value *convertToShadowDataInt(IRBuilder<> &IRB, Value *Ptr,
573 Type *IntptrTy, uint64_t PtrShift,
574 Value *ShadowBase, Value *AppMemMask) {
575 return IRB.CreateAdd(
576 IRB.CreateShl(
577 IRB.CreateAnd(IRB.CreatePtrToInt(Ptr, IntptrTy, "app.ptr.int"),
578 AppMemMask, "app.ptr.masked"),
579 PtrShift, "app.ptr.shifted"),
580 ShadowBase, "shadow.ptr.int");
581}
582
583bool TypeSanitizer::instrumentWithShadowUpdate(
584 IRBuilder<> &IRB, const MDNode *TBAAMD, Value *Ptr, uint64_t AccessSize,
585 bool IsRead, bool IsWrite, Value *ShadowBase, Value *AppMemMask,
586 bool ForceSetType, bool SanitizeFunction,
587 TypeDescriptorsMapTy &TypeDescriptors, const DataLayout &DL) {
588 Constant *TDGV;
589 if (TBAAMD)
590 TDGV = TypeDescriptors[TBAAMD];
591 else
592 TDGV = Constant::getNullValue(IRB.getPtrTy());
593
594 Value *TD = IRB.CreateBitCast(TDGV, IRB.getPtrTy());
595
596 Value *ShadowDataInt = convertToShadowDataInt(IRB, Ptr, IntptrTy, PtrShift,
597 ShadowBase, AppMemMask);
598 Type *Int8PtrPtrTy = PointerType::get(IRB.getPtrTy(), 0);
599 Value *ShadowData =
600 IRB.CreateIntToPtr(ShadowDataInt, Int8PtrPtrTy, "shadow.ptr");
601
602 auto SetType = [&]() {
603 IRB.CreateStore(TD, ShadowData);
604
605 // Now fill the remainder of the shadow memory corresponding to the
606 // remainder of the the bytes of the type with a bad type descriptor.
607 for (uint64_t i = 1; i < AccessSize; ++i) {
608 Value *BadShadowData = IRB.CreateIntToPtr(
609 IRB.CreateAdd(ShadowDataInt,
610 ConstantInt::get(IntptrTy, i << PtrShift),
611 "shadow.byte." + Twine(i) + ".offset"),
612 Int8PtrPtrTy, "shadow.byte." + Twine(i) + ".ptr");
613
614 // This is the TD value, -i, which is used to indicate that the byte is
615 // i bytes after the first byte of the type.
616 Value *BadTD =
617 IRB.CreateIntToPtr(ConstantInt::getSigned(IntptrTy, -i),
618 IRB.getPtrTy(), "bad.descriptor" + Twine(i));
619 IRB.CreateStore(BadTD, BadShadowData);
620 }
621 };
622
623 if (ForceSetType || (ClWritesAlwaysSetType && IsWrite)) {
624 // In the mode where writes always set the type, for a write (which does
625 // not also read), we just set the type.
626 SetType();
627 return true;
628 }
629
630 assert((!ClWritesAlwaysSetType || IsRead) &&
631 "should have handled case above");
632 LLVMContext &C = IRB.getContext();
633 MDNode *UnlikelyBW = MDBuilder(C).createBranchWeights(1, 100000);
634
635 if (!SanitizeFunction) {
636 // If we're not sanitizing this function, then we only care whether we
637 // need to *set* the type.
638 Value *LoadedTD = IRB.CreateLoad(IRB.getPtrTy(), ShadowData, "shadow.desc");
639 Value *NullTDCmp = IRB.CreateIsNull(LoadedTD, "desc.set");
640 Instruction *NullTDTerm = SplitBlockAndInsertIfThen(
641 NullTDCmp, &*IRB.GetInsertPoint(), false, UnlikelyBW);
642 IRB.SetInsertPoint(NullTDTerm);
643 NullTDTerm->getParent()->setName("set.type");
644 SetType();
645 return true;
646 }
647 // We need to check the type here. If the type is unknown, then the read
648 // sets the type. If the type is known, then it is checked. If the type
649 // doesn't match, then we call the runtime (which may yet determine that
650 // the mismatch is okay).
651 //
652 // The checks generated below have the following strucutre.
653 //
654 // ; First we load the descriptor for the load from shadow memory and
655 // ; compare it against the type descriptor for the current access type.
656 // %shadow.desc = load ptr %shadow.data
657 // %bad.desc = icmp ne %shadow.desc, %td
658 // br %bad.desc, %bad.bb, %good.bb
659 //
660 // bad.bb:
661 // %shadow.desc.null = icmp eq %shadow.desc, null
662 // br %shadow.desc.null, %null.td.bb, %good.td.bb
663 //
664 // null.td.bb:
665 // ; The typ is unknown, set it if all bytes in the value are also unknown.
666 // ; To check, we load the shadow data for all bytes of the access. For the
667 // ; pseudo code below, assume an access of size 1.
668 // %shadow.data.int = add %shadow.data.int, 0
669 // %l = load (inttoptr %shadow.data.int)
670 // %is.not.null = icmp ne %l, null
671 // %not.all.unknown = %is.not.null
672 // br %no.all.unknown, before.set.type.bb
673 //
674 // before.set.type.bb:
675 // ; Call runtime to check mismatch.
676 // call void @__tysan_check()
677 // br %set.type.bb
678 //
679 // set.type.bb:
680 // ; Now fill the remainder of the shadow memory corresponding to the
681 // ; remainder of the the bytes of the type with a bad type descriptor.
682 // store %TD, %shadow.data
683 // br %continue.bb
684 //
685 // good.td.bb::
686 // ; We have a non-trivial mismatch. Call the runtime.
687 // call void @__tysan_check()
688 // br %continue.bb
689 //
690 // good.bb:
691 // ; We appear to have the right type. Make sure that all other bytes in
692 // ; the type are still marked as interior bytes. If not, call the runtime.
693 // %shadow.data.int = add %shadow.data.int, 0
694 // %l = load (inttoptr %shadow.data.int)
695 // %not.all.interior = icmp sge %l, 0
696 // br %not.all.interior, label %check.rt.bb, label %continue.bb
697 //
698 // check.rt.bb:
699 // call void @__tysan_check()
700 // br %continue.bb
701
702 Constant *Flags = ConstantInt::get(OrdTy, int(IsRead) | (int(IsWrite) << 1));
703
704 Value *LoadedTD = IRB.CreateLoad(IRB.getPtrTy(), ShadowData, "shadow.desc");
705 Value *BadTDCmp = IRB.CreateICmpNE(LoadedTD, TD, "bad.desc");
706 Instruction *BadTDTerm, *GoodTDTerm;
707 SplitBlockAndInsertIfThenElse(BadTDCmp, &*IRB.GetInsertPoint(), &BadTDTerm,
708 &GoodTDTerm, UnlikelyBW);
709 IRB.SetInsertPoint(BadTDTerm);
710
711 // We now know that the types did not match (we're on the slow path). If
712 // the type is unknown, then set it.
713 Value *NullTDCmp = IRB.CreateIsNull(LoadedTD);
714 Instruction *NullTDTerm, *MismatchTerm;
715 SplitBlockAndInsertIfThenElse(NullTDCmp, &*IRB.GetInsertPoint(), &NullTDTerm,
716 &MismatchTerm);
717
718 // If the type is unknown, then set the type.
719 IRB.SetInsertPoint(NullTDTerm);
720
721 // We're about to set the type. Make sure that all bytes in the value are
722 // also of unknown type.
723 Value *Size = ConstantInt::get(OrdTy, AccessSize);
724 Value *NotAllUnkTD = IRB.getFalse();
725 for (uint64_t i = 1; i < AccessSize; ++i) {
726 Value *UnkShadowData = IRB.CreateIntToPtr(
727 IRB.CreateAdd(ShadowDataInt, ConstantInt::get(IntptrTy, i << PtrShift)),
728 Int8PtrPtrTy);
729 Value *ILdTD = IRB.CreateLoad(IRB.getPtrTy(), UnkShadowData);
730 NotAllUnkTD = IRB.CreateOr(NotAllUnkTD, IRB.CreateIsNotNull(ILdTD));
731 }
732
733 Instruction *BeforeSetType = &*IRB.GetInsertPoint();
734 Instruction *BadUTDTerm =
735 SplitBlockAndInsertIfThen(NotAllUnkTD, BeforeSetType, false, UnlikelyBW);
736 IRB.SetInsertPoint(BadUTDTerm);
737 IRB.CreateCall(TysanCheck, {IRB.CreateBitCast(Ptr, IRB.getPtrTy()), Size,
738 (Value *)TD, (Value *)Flags});
739
740 IRB.SetInsertPoint(BeforeSetType);
741 SetType();
742
743 // We have a non-trivial mismatch. Call the runtime.
744 IRB.SetInsertPoint(MismatchTerm);
745 IRB.CreateCall(TysanCheck, {IRB.CreateBitCast(Ptr, IRB.getPtrTy()), Size,
746 (Value *)TD, (Value *)Flags});
747
748 // We appear to have the right type. Make sure that all other bytes in
749 // the type are still marked as interior bytes. If not, call the runtime.
750 IRB.SetInsertPoint(GoodTDTerm);
751 Value *NotAllBadTD = IRB.getFalse();
752 for (uint64_t i = 1; i < AccessSize; ++i) {
753 Value *BadShadowData = IRB.CreateIntToPtr(
754 IRB.CreateAdd(ShadowDataInt, ConstantInt::get(IntptrTy, i << PtrShift)),
755 Int8PtrPtrTy);
756 Value *ILdTD = IRB.CreatePtrToInt(
757 IRB.CreateLoad(IRB.getPtrTy(), BadShadowData), IntptrTy);
758 NotAllBadTD = IRB.CreateOr(
759 NotAllBadTD, IRB.CreateICmpSGE(ILdTD, ConstantInt::get(IntptrTy, 0)));
760 }
761
762 Instruction *BadITDTerm = SplitBlockAndInsertIfThen(
763 NotAllBadTD, &*IRB.GetInsertPoint(), false, UnlikelyBW);
764 IRB.SetInsertPoint(BadITDTerm);
765 IRB.CreateCall(TysanCheck, {IRB.CreateBitCast(Ptr, IRB.getPtrTy()), Size,
766 (Value *)TD, (Value *)Flags});
767 return true;
768}
769
770bool TypeSanitizer::instrumentMemInst(Value *V, Instruction *ShadowBase,
771 Instruction *AppMemMask,
772 const DataLayout &DL) {
773 BasicBlock::iterator IP;
774 BasicBlock *BB;
775 Function *F;
776
777 if (auto *I = dyn_cast<Instruction>(V)) {
778 IP = BasicBlock::iterator(I);
779 BB = I->getParent();
780 F = BB->getParent();
781 } else {
782 auto *A = cast<Argument>(V);
783 F = A->getParent();
784 BB = &F->getEntryBlock();
785 IP = BB->getFirstInsertionPt();
786
787 // Find the next insert point after both ShadowBase and AppMemMask.
788 if (IP->comesBefore(ShadowBase))
789 IP = ShadowBase->getNextNode()->getIterator();
790 if (IP->comesBefore(AppMemMask))
791 IP = AppMemMask->getNextNode()->getIterator();
792 }
793
794 Value *Dest, *Size, *Src = nullptr;
795 bool NeedsMemMove = false;
796 IRBuilder<> IRB(BB, IP);
797
798 if (auto *A = dyn_cast<Argument>(V)) {
799 assert(A->hasByValAttr() && "Type reset for non-byval argument?");
800
801 Dest = A;
802 Size =
803 ConstantInt::get(IntptrTy, DL.getTypeAllocSize(A->getParamByValType()));
804 } else {
805 auto *I = cast<Instruction>(V);
806 if (auto *MI = dyn_cast<MemIntrinsic>(I)) {
807 if (MI->getDestAddressSpace() != 0)
808 return false;
809
810 Dest = MI->getDest();
811 Size = MI->getLength();
812
813 if (auto *MTI = dyn_cast<MemTransferInst>(MI)) {
814 if (MTI->getSourceAddressSpace() == 0) {
815 Src = MTI->getSource();
816 NeedsMemMove = isa<MemMoveInst>(MTI);
817 }
818 }
819 } else if (auto *II = dyn_cast<IntrinsicInst>(I)) {
820 if (II->getIntrinsicID() != Intrinsic::lifetime_start &&
821 II->getIntrinsicID() != Intrinsic::lifetime_end)
822 return false;
823
824 Size = II->getArgOperand(0);
825 Dest = II->getArgOperand(1);
826 } else if (auto *AI = dyn_cast<AllocaInst>(I)) {
827 // We need to clear the types for new stack allocations (or else we might
828 // read stale type information from a previous function execution).
829
830 IRB.SetInsertPoint(&*std::next(BasicBlock::iterator(I)));
831 IRB.SetInstDebugLocation(I);
832
833 Size = IRB.CreateMul(
834 IRB.CreateZExtOrTrunc(AI->getArraySize(), IntptrTy),
835 ConstantInt::get(IntptrTy,
836 DL.getTypeAllocSize(AI->getAllocatedType())));
837 Dest = I;
838 } else {
839 return false;
840 }
841 }
842
843 if (!ShadowBase)
844 ShadowBase = getShadowBase(*F);
845 if (!AppMemMask)
846 AppMemMask = getAppMemMask(*F);
847
848 Value *ShadowDataInt = IRB.CreateAdd(
849 IRB.CreateShl(
850 IRB.CreateAnd(IRB.CreatePtrToInt(Dest, IntptrTy), AppMemMask),
851 PtrShift),
852 ShadowBase);
853 Value *ShadowData = IRB.CreateIntToPtr(ShadowDataInt, IRB.getPtrTy());
854
855 if (!Src) {
856 IRB.CreateMemSet(ShadowData, IRB.getInt8(0), IRB.CreateShl(Size, PtrShift),
857 Align(1ull << PtrShift));
858 return true;
859 }
860
861 Value *SrcShadowDataInt = IRB.CreateAdd(
862 IRB.CreateShl(
863 IRB.CreateAnd(IRB.CreatePtrToInt(Src, IntptrTy), AppMemMask),
864 PtrShift),
865 ShadowBase);
866 Value *SrcShadowData = IRB.CreateIntToPtr(SrcShadowDataInt, IRB.getPtrTy());
867
868 if (NeedsMemMove) {
869 IRB.CreateMemMove(ShadowData, Align(1ull << PtrShift), SrcShadowData,
870 Align(1ull << PtrShift), IRB.CreateShl(Size, PtrShift));
871 } else {
872 IRB.CreateMemCpy(ShadowData, Align(1ull << PtrShift), SrcShadowData,
873 Align(1ull << PtrShift), IRB.CreateShl(Size, PtrShift));
874 }
875
876 return true;
877}
878
879PreservedAnalyses TypeSanitizerPass::run(Function &F,
880 FunctionAnalysisManager &FAM) {
881 TypeSanitizer TySan(*F.getParent());
882 TySan.run(F, FAM.getResult<TargetLibraryAnalysis>(F));
883 return PreservedAnalyses::none();
884}
885
886PreservedAnalyses ModuleTypeSanitizerPass::run(Module &M,
887 ModuleAnalysisManager &AM) {
888 Function *TysanCtorFunction;
889 std::tie(TysanCtorFunction, std::ignore) =
890 createSanitizerCtorAndInitFunctions(M, kTysanModuleCtorName,
891 kTysanInitName, /*InitArgTypes=*/{},
892 /*InitArgs=*/{});
893
894 TypeSanitizer TySan(M);
895 TySan.instrumentGlobals(M);
896 appendToGlobalCtors(M, TysanCtorFunction, 0);
897 return PreservedAnalyses::none();
898}
DL
MachineBasicBlock MachineBasicBlock::iterator DebugLoc DL
Definition: ARMSLSHardening.cpp:73
instructions
Expand Atomic instructions
Definition: AtomicExpandPass.cpp:172
A
static GCRegistry::Add< ErlangGC > A("erlang", "erlang-compatible garbage collector")
Access
DXIL Resource Access
Definition: DXILResourceAccess.cpp:188
Name
std::string Name
Definition: ELFObjHandler.cpp:77
Size
uint64_t Size
Definition: ELFObjHandler.cpp:81
MI
IRTranslator LLVM IR MI
Definition: IRTranslator.cpp:112
Module.h
Module.h This file contains the declarations for the Module class.
F
#define F(x, y, z)
Definition: MD5.cpp:55
I
#define I(x, y, z)
Definition: MD5.cpp:58
MemoryLocation.h
This file provides utility analysis objects describing memory locations.
Metadata.h
This file contains the declarations for metadata subclasses.
II
uint64_t IntrinsicInst * II
Definition: NVVMIntrRange.cpp:51
FAM
FunctionAnalysisManager FAM
Definition: PassBuilderBindings.cpp:61
assert
assert(ImpDefSCC.getReg()==AMDGPU::SCC &&ImpDefSCC.isDef())
SetVector.h
This file implements a set that has insertion order iteration characteristics.
SmallSet.h
This file defines the SmallSet class.
SmallVector.h
This file defines the SmallVector class.
Statistic.h
This file defines the 'Statistic' class, which is designed to be an easy way to expose various metric...
STATISTIC
#define STATISTIC(VARNAME, DESC)
Definition: Statistic.h:166
StringExtras.h
This file contains some functions that are useful when dealing with strings.
kTysanInitName
static const char *const kTysanInitName
Definition: TypeSanitizer.cpp:52
convertToShadowDataInt
static Value * convertToShadowDataInt(IRBuilder<> &IRB, Value *Ptr, Type *IntptrTy, uint64_t PtrShift, Value *ShadowBase, Value *AppMemMask)
Definition: TypeSanitizer.cpp:572
kTysanShadowMemoryAddress
static const char *const kTysanShadowMemoryAddress
Definition: TypeSanitizer.cpp:56
LUT
static const char LUT[]
Definition: TypeSanitizer.cpp:199
kTysanGVNamePrefix
static const char *const kTysanGVNamePrefix
Definition: TypeSanitizer.cpp:54
kTysanModuleCtorName
static const char *const kTysanModuleCtorName
Definition: TypeSanitizer.cpp:51
kTysanAppMemMask
static const char *const kTysanAppMemMask
Definition: TypeSanitizer.cpp:58
collectMemAccessInfo
void collectMemAccessInfo(Function &F, const TargetLibraryInfo &TLI, SmallVectorImpl< std::pair< Instruction *, MemoryLocation > > &MemoryAccesses, SmallSetVector< const MDNode *, 8 > &TBAAMetadata, SmallVectorImpl< Value * > &MemTypeResetInsts)
Collect all loads and stores, and for what TBAA nodes we need to generate type descriptors.
Definition: TypeSanitizer.cpp:469
ClWritesAlwaysSetType
static cl::opt< bool > ClWritesAlwaysSetType("tysan-writes-always-set-type", cl::desc("Writes always set the type"), cl::Hidden, cl::init(false))
kTysanCheckName
static const char *const kTysanCheckName
Definition: TypeSanitizer.cpp:53
encodeName
static std::string encodeName(StringRef Name)
Definition: TypeSanitizer.cpp:201
llvm::AnalysisManager
A container for analyses that lazily runs them and caches their results.
Definition: PassManager.h:253
llvm::AnalysisManager::getResult
PassT::Result & getResult(IRUnitT &IR, ExtraArgTs... ExtraArgs)
Get the result of an analysis pass for a given IR unit.
Definition: PassManager.h:410
llvm::AttributeList::addFnAttribute
AttributeList addFnAttribute(LLVMContext &C, Attribute::AttrKind Kind) const
Add a function attribute to the list.
Definition: Attributes.h:573
llvm::BasicBlock
LLVM Basic Block Representation.
Definition: BasicBlock.h:61
llvm::BasicBlock::getFirstInsertionPt
const_iterator getFirstInsertionPt() const
Returns an iterator to the first instruction in this block that is suitable for inserting a non-PHI i...
Definition: BasicBlock.cpp:416
llvm::BasicBlock::Create
static BasicBlock * Create(LLVMContext &Context, const Twine &Name="", Function *Parent=nullptr, BasicBlock *InsertBefore=nullptr)
Creates a new BasicBlock.
Definition: BasicBlock.h:212
llvm::BasicBlock::getParent
const Function * getParent() const
Return the enclosing method, or null if none.
Definition: BasicBlock.h:219
llvm::BasicBlock::iterator
InstListType::iterator iterator
Instruction iterators...
Definition: BasicBlock.h:177
llvm::CallInst
This class represents a function call, abstracting a target machine's calling convention.
Definition: Instructions.h:1474
llvm::ConstantDataArray::getString
static Constant * getString(LLVMContext &Context, StringRef Initializer, bool AddNull=true)
This method constructs a CDS and initializes it with a text string.
Definition: Constants.cpp:2990
llvm::ConstantInt::getSigned
static ConstantInt * getSigned(IntegerType *Ty, int64_t V)
Return a ConstantInt with the specified value for the specified type.
Definition: Constants.h:126
llvm::ConstantStruct::get
static Constant * get(StructType *T, ArrayRef< Constant * > V)
Definition: Constants.cpp:1378
llvm::Constant
This is an important base class in LLVM.
Definition: Constant.h:42
llvm::Constant::getNullValue
static Constant * getNullValue(Type *Ty)
Constructor to create a '0' constant of arbitrary type.
Definition: Constants.cpp:373
llvm::DataLayout
A parsed version of the target data layout string in and methods for querying it.
Definition: DataLayout.h:63
llvm::FunctionCallee
A handy container for a FunctionType+Callee-pointer pair, which can be passed around as a single enti...
Definition: DerivedTypes.h:170
llvm::Function::Create
static Function * Create(FunctionType *Ty, LinkageTypes Linkage, unsigned AddrSpace, const Twine &N="", Module *M=nullptr)
Definition: Function.h:173
llvm::GlobalObject::setComdat
void setComdat(Comdat *C)
Definition: Globals.cpp:212
llvm::GlobalValue::InternalLinkage
@ InternalLinkage
Rename collisions when linking (static functions).
Definition: GlobalValue.h:59
llvm::GlobalValue::LinkOnceODRLinkage
@ LinkOnceODRLinkage
Same, but only replaced by something equivalent.
Definition: GlobalValue.h:55
llvm::IRBuilderBase::CreateZExtOrTrunc
Value * CreateZExtOrTrunc(Value *V, Type *DestTy, const Twine &Name="")
Create a ZExt or Trunc from the integer value V to DestTy.
Definition: IRBuilder.h:2066
llvm::IRBuilderBase::CreateICmpSGE
Value * CreateICmpSGE(Value *LHS, Value *RHS, const Twine &Name="")
Definition: IRBuilder.h:2301
llvm::IRBuilderBase::CreateMemSet
CallInst * CreateMemSet(Value *Ptr, Value *Val, uint64_t Size, MaybeAlign Align, bool isVolatile=false, MDNode *TBAATag=nullptr, MDNode *ScopeTag=nullptr, MDNode *NoAliasTag=nullptr)
Create and insert a memset to the specified pointer and the specified value.
Definition: IRBuilder.h:592
llvm::IRBuilderBase::GetInsertPoint
BasicBlock::iterator GetInsertPoint() const
Definition: IRBuilder.h:172
llvm::IRBuilderBase::CreateIntToPtr
Value * CreateIntToPtr(Value *V, Type *DestTy, const Twine &Name="")
Definition: IRBuilder.h:2150
llvm::IRBuilderBase::getInt8
ConstantInt * getInt8(uint8_t C)
Get a constant 8-bit value.
Definition: IRBuilder.h:473
llvm::IRBuilderBase::CreateICmpNE
Value * CreateICmpNE(Value *LHS, Value *RHS, const Twine &Name="")
Definition: IRBuilder.h:2277
llvm::IRBuilderBase::CreateBitCast
Value * CreateBitCast(Value *V, Type *DestTy, const Twine &Name="")
Definition: IRBuilder.h:2155
llvm::IRBuilderBase::CreateLoad
LoadInst * CreateLoad(Type *Ty, Value *Ptr, const char *Name)
Provided to resolve 'CreateLoad(Ty, Ptr, "...")' correctly, instead of converting the string to 'bool...
Definition: IRBuilder.h:1813
llvm::IRBuilderBase::CreateShl
Value * CreateShl(Value *LHS, Value *RHS, const Twine &Name="", bool HasNUW=false, bool HasNSW=false)
Definition: IRBuilder.h:1439
llvm::IRBuilderBase::getContext
LLVMContext & getContext() const
Definition: IRBuilder.h:173
llvm::IRBuilderBase::CreateAnd
Value * CreateAnd(Value *LHS, Value *RHS, const Twine &Name="")
Definition: IRBuilder.h:1498
llvm::IRBuilderBase::CreateStore
StoreInst * CreateStore(Value *Val, Value *Ptr, bool isVolatile=false)
Definition: IRBuilder.h:1826
llvm::IRBuilderBase::CreateAdd
Value * CreateAdd(Value *LHS, Value *RHS, const Twine &Name="", bool HasNUW=false, bool HasNSW=false)
Definition: IRBuilder.h:1350
llvm::IRBuilderBase::CreatePtrToInt
Value * CreatePtrToInt(Value *V, Type *DestTy, const Twine &Name="")
Definition: IRBuilder.h:2145
llvm::IRBuilderBase::getFalse
ConstantInt * getFalse()
Get the constant value for i1 false.
Definition: IRBuilder.h:468
llvm::IRBuilderBase::CreateIsNotNull
Value * CreateIsNotNull(Value *Arg, const Twine &Name="")
Return a boolean value testing if Arg != 0.
Definition: IRBuilder.h:2580
llvm::IRBuilderBase::CreateCall
CallInst * CreateCall(FunctionType *FTy, Value *Callee, ArrayRef< Value * > Args={}, const Twine &Name="", MDNode *FPMathTag=nullptr)
Definition: IRBuilder.h:2444
llvm::IRBuilderBase::CreateOr
Value * CreateOr(Value *LHS, Value *RHS, const Twine &Name="")
Definition: IRBuilder.h:1520
llvm::IRBuilderBase::getPtrTy
PointerType * getPtrTy(unsigned AddrSpace=0)
Fetch the type representing a pointer.
Definition: IRBuilder.h:566
llvm::IRBuilderBase::CreateIsNull
Value * CreateIsNull(Value *Arg, const Twine &Name="")
Return a boolean value testing if Arg == 0.
Definition: IRBuilder.h:2575
llvm::IRBuilderBase::SetInsertPoint
void SetInsertPoint(BasicBlock *TheBB)
This specifies that created instructions should be appended to the end of the specified block.
Definition: IRBuilder.h:177
llvm::IRBuilderBase::SetInstDebugLocation
void SetInstDebugLocation(Instruction *I) const
If this builder has a current debug location, set it on the specified instruction.
Definition: IRBuilder.cpp:71
llvm::IRBuilderBase::CreateMemCpy
CallInst * CreateMemCpy(Value *Dst, MaybeAlign DstAlign, Value *Src, MaybeAlign SrcAlign, uint64_t Size, bool isVolatile=false, MDNode *TBAATag=nullptr, MDNode *TBAAStructTag=nullptr, MDNode *ScopeTag=nullptr, MDNode *NoAliasTag=nullptr)
Create and insert a memcpy between the specified pointers.
Definition: IRBuilder.h:655
llvm::IRBuilderBase::CreateMemMove
CallInst * CreateMemMove(Value *Dst, MaybeAlign DstAlign, Value *Src, MaybeAlign SrcAlign, uint64_t Size, bool isVolatile=false, MDNode *TBAATag=nullptr, MDNode *ScopeTag=nullptr, MDNode *NoAliasTag=nullptr)
Definition: IRBuilder.h:707
llvm::IRBuilderBase::CreateMul
Value * CreateMul(Value *LHS, Value *RHS, const Twine &Name="", bool HasNUW=false, bool HasNSW=false)
Definition: IRBuilder.h:1384
llvm::IRBuilder
This provides a uniform API for creating instructions and inserting them into a basic block: either a...
Definition: IRBuilder.h:2697
llvm::IntegerType
Class to represent integer types.
Definition: DerivedTypes.h:42
llvm::LLVMContext
This is an important class for using LLVM in a threaded context.
Definition: LLVMContext.h:67
llvm::MD5
Definition: MD5.h:41
llvm::MD5::update
void update(ArrayRef< uint8_t > Data)
Updates the hash for the byte stream provided.
Definition: MD5.cpp:189
llvm::MD5::final
void final(MD5Result &Result)
Finishes off the hash and puts the result in result.
Definition: MD5.cpp:234
llvm::MDBuilder::createBranchWeights
MDNode * createBranchWeights(uint32_t TrueWeight, uint32_t FalseWeight, bool IsExpected=false)
Return metadata containing two branch weights.
Definition: MDBuilder.cpp:37
llvm::MDNode
Metadata node.
Definition: Metadata.h:1069
llvm::MDNode::getOperand
const MDOperand & getOperand(unsigned I) const
Definition: Metadata.h:1430
llvm::MDNode::getNumOperands
unsigned getNumOperands() const
Return number of MDNode operands.
Definition: Metadata.h:1436
llvm::MDNode::getContext
LLVMContext & getContext() const
Definition: Metadata.h:1233
llvm::MDString
A single uniqued string.
Definition: Metadata.h:720
llvm::MDString::getString
StringRef getString() const
Definition: Metadata.cpp:616
llvm::MemoryLocation
Representation for a specific memory location.
Definition: MemoryLocation.h:227
llvm::MemoryLocation::get
static MemoryLocation get(const LoadInst *LI)
Return a location with information about the memory reference by the given instruction.
Definition: MemoryLocation.cpp:35
llvm::MemoryLocation::AATags
AAMDNodes AATags
The metadata nodes which describes the aliasing of the location (each member is null if that kind of ...
Definition: MemoryLocation.h:248
llvm::MemoryLocation::Ptr
const Value * Ptr
The address of the start of the location.
Definition: MemoryLocation.h:235
llvm::Module
A Module instance is used to store all the information related to an LLVM module.
Definition: Module.h:65
llvm::NamedMDNode
A tuple of MDNodes.
Definition: Metadata.h:1731
llvm::NamedMDNode::operands
iterator_range< op_iterator > operands()
Definition: Metadata.h:1827
llvm::PreservedAnalyses
A set of analyses that are preserved following a run of a transformation pass.
Definition: Analysis.h:111
llvm::PreservedAnalyses::none
static PreservedAnalyses none()
Convenience factory function for the empty preserved set.
Definition: Analysis.h:114
llvm::ReturnInst::Create
static ReturnInst * Create(LLVMContext &C, Value *retVal=nullptr, InsertPosition InsertBefore=nullptr)
Definition: Instructions.h:2960
llvm::SetVector::insert
bool insert(const value_type &X)
Insert a new element into the SetVector.
Definition: SetVector.h:162
llvm::SmallSetVector
A SetVector that performs no allocations if smaller than a certain size.
Definition: SetVector.h:370
llvm::SmallString::str
StringRef str() const
Explicit conversion to StringRef.
Definition: SmallString.h:254
llvm::SmallVectorBase::empty
bool empty() const
Definition: SmallVector.h:81
llvm::SmallVectorBase::size
size_t size() const
Definition: SmallVector.h:78
llvm::SmallVectorImpl
This class consists of common code factored out of the SmallVector class to reduce code duplication b...
Definition: SmallVector.h:573
llvm::SmallVectorTemplateBase::push_back
void push_back(const T &Elt)
Definition: SmallVector.h:413
llvm::SmallVector
This is a 'vector' (really, a variable-sized array), optimized for the case when the array is small.
Definition: SmallVector.h:1196
llvm::StringRef
StringRef - Represent a constant reference to a string, i.e.
Definition: StringRef.h:51
llvm::StringRef::str
std::string str() const
str - Get the contents as an std::string.
Definition: StringRef.h:229
llvm::StructType
Class to represent struct types.
Definition: DerivedTypes.h:218
llvm::StructType::get
static StructType * get(LLVMContext &Context, ArrayRef< Type * > Elements, bool isPacked=false)
This static method is the primary way to create a literal StructType.
Definition: Type.cpp:406
llvm::TargetLibraryAnalysis
Analysis pass providing the TargetLibraryInfo.
Definition: TargetLibraryInfo.h:614
llvm::TargetLibraryInfo
Provides information about what library functions are available for the current target.
Definition: TargetLibraryInfo.h:280
llvm::Triple
Triple - Helper class for working with autoconf configuration names.
Definition: Triple.h:44
llvm::Twine
Twine - A lightweight data structure for efficiently representing the concatenation of temporary valu...
Definition: Twine.h:81
llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition: Type.h:45
llvm::Type::getPointerAddressSpace
unsigned getPointerAddressSpace() const
Get the address space of this pointer or pointer vector type.
llvm::Type::getVoidTy
static Type * getVoidTy(LLVMContext &C)
llvm::Type::isSized
bool isSized(SmallPtrSetImpl< Type * > *Visited=nullptr) const
Return true if it makes sense to take the size of this type.
Definition: Type.h:310
llvm::Value
LLVM Value Representation.
Definition: Value.h:74
llvm::Value::getType
Type * getType() const
All values are typed, get the type of this value.
Definition: Value.h:255
llvm::Value::isSwiftError
bool isSwiftError() const
Return true if this value is a swifterror value.
Definition: Value.cpp:1096
llvm::ilist_detail::node_parent_access::getParent
const ParentTy * getParent() const
Definition: ilist_node.h:32
llvm::ilist_node_impl::getIterator
self_iterator getIterator()
Definition: ilist_node.h:132
llvm::ilist_node_with_parent::getNextNode
NodeTy * getNextNode()
Get the next node, or nullptr for the list tail.
Definition: ilist_node.h:353
uint64_t
llvm::CallingConv::C
@ C
The default llvm calling convention, compatible with C.
Definition: CallingConv.h:34
llvm::cl::init
initializer< Ty > init(const Ty &Val)
Definition: CommandLine.h:443
llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition: AddressRanges.h:18
llvm::Offset
@ Offset
Definition: DWP.cpp:480
llvm::Length
@ Length
Definition: DWP.cpp:480
llvm::countr_zero
int countr_zero(T Val)
Count number of 0's from the least significant bit to the most stopping at the first 1.
Definition: bit.h:215
llvm::createSanitizerCtorAndInitFunctions
std::pair< Function *, FunctionCallee > createSanitizerCtorAndInitFunctions(Module &M, StringRef CtorName, StringRef InitName, ArrayRef< Type * > InitArgTypes, ArrayRef< Value * > InitArgs, StringRef VersionCheckName=StringRef(), bool Weak=false)
Creates sanitizer constructor function, and calls sanitizer's init function from it.
Definition: ModuleUtils.cpp:251
llvm::SplitBlockAndInsertIfThenElse
void SplitBlockAndInsertIfThenElse(Value *Cond, BasicBlock::iterator SplitBefore, Instruction **ThenTerm, Instruction **ElseTerm, MDNode *BranchWeights=nullptr, DomTreeUpdater *DTU=nullptr, LoopInfo *LI=nullptr)
SplitBlockAndInsertIfThenElse is similar to SplitBlockAndInsertIfThen, but also creates the ElseBlock...
Definition: BasicBlockUtils.cpp:1635
llvm::appendToGlobalCtors
void appendToGlobalCtors(Module &M, Function *F, int Priority, Constant *Data=nullptr)
Append F to the list of global ctors of module M with the given Priority.
Definition: ModuleUtils.cpp:74
llvm::SplitBlockAndInsertIfThen
Instruction * SplitBlockAndInsertIfThen(Value *Cond, BasicBlock::iterator SplitBefore, bool Unreachable, MDNode *BranchWeights=nullptr, DomTreeUpdater *DTU=nullptr, LoopInfo *LI=nullptr, BasicBlock *ThenBlock=nullptr)
Split the containing block at the specified instruction - everything before SplitBefore stays in the ...
Definition: BasicBlockUtils.cpp:1609
llvm::maybeMarkSanitizerLibraryCallNoBuiltin
void maybeMarkSanitizerLibraryCallNoBuiltin(CallInst *CI, const TargetLibraryInfo *TLI)
Given a CallInst, check if it calls a string function known to CodeGen, and mark it with NoBuiltin if...
Definition: Local.cpp:4197
llvm::appendToUsed
void appendToUsed(Module &M, ArrayRef< GlobalValue * > Values)
Adds global values to the llvm.used list.
Definition: ModuleUtils.cpp:158
raw_ostream.h
llvm::AAMDNodes::TBAA
MDNode * TBAA
The tag for type-based alias analysis.
Definition: Metadata.h:777
llvm::Align
This struct is a compact representation of a valid (non-zero power of two) alignment.
Definition: Alignment.h:39
llvm::MD5::MD5Result::digest
SmallString< 32 > digest() const
Definition: MD5.cpp:281
llvm::ModuleTypeSanitizerPass::run
PreservedAnalyses run(Module &M, ModuleAnalysisManager &AM)
Definition: TypeSanitizer.cpp:886
llvm::TypeSanitizerPass::run
PreservedAnalyses run(Function &F, FunctionAnalysisManager &FAM)
Definition: TypeSanitizer.cpp:879
Generated on Fri Dec 20 2024 07:19:49 for LLVM by doxygen 1.9.6