| #
7002ecb4 |
| 03-Jul-2024 |
Thurston Dang <thurston@google.com> |
[msan] Convert vector shadow to scalar before zext (#96722)
zext does not allow converting vector shadow to scalar, so we must
manually convert it prior to calling zext in materializeOneCheck, for
[msan] Convert vector shadow to scalar before zext (#96722)
zext does not allow converting vector shadow to scalar, so we must
manually convert it prior to calling zext in materializeOneCheck, for
which the 'ConvertedShadow' parameter isn't actually guaranteed to be
scalar (1). Note that it is safe/no-op to call convertShadowToScalar on
a shadow that is already scalar.
In contrast, the storeOrigin function already converts the (potentially
vector) shadow to scalar; we add a comment to note why it is load
bearing.
(1) In materializeInstructionChecks():
"// Disable combining in some cases. TrackOrigins checks each shadow to
pick
// correct origin.
bool Combine = !MS.TrackOrigins;
...
if (!Combine) {
materializeOneCheck(IRB, ConvertedShadow, ShadowData.Origin);
continue;
}"
show more ...
|
| #
c940317d |
| 03-Jul-2024 |
Thurston Dang <thurston@google.com> |
[msan] Add test cases for vector shadow track origins bug (#97611)
These test cases demonstrate a bug in MSan (vector shadow is not always
converted to scalar before zext) that will shortly be fixe
[msan] Add test cases for vector shadow track origins bug (#97611)
These test cases demonstrate a bug in MSan (vector shadow is not always
converted to scalar before zext) that will shortly be fixed in
https://github.com/llvm/llvm-project/pull/96722
The bug is not architecture-specific; we provide both x86 and Arm NEON
test cases.
Since the test cases will crash the compiler (unless it is a release
build), they are marked as UNSUPPORTED.
The buggy codepath is nested inside 'if
(instrumentWithCalls(ConvertedShadow)'. To keep the test cases small, we
set -msan-instrumentation-with-call-threshold=0, though we have observed
this bug in the real world with default settings.
show more ...
|