Lines Matching full:shadow
16 /// (http://goo.gl/QKbem). We associate a few shadow bits with every
17 /// byte of the application memory, poison the shadow of the malloc-ed
18 /// or alloca-ed memory, load the shadow bits on every memory read,
19 /// propagate the shadow bits through some of the arithmetic
20 /// instruction (including MOV), store the shadow bits on every memory
22 /// associated shadow is poisoned.
32 /// Another difference from Memcheck is that we use 8 shadow bits per
33 /// byte of application memory and use a direct shadow mapping. This
35 /// shadow updates (Memcheck is single-threaded so races are not a
36 /// concern there. Memcheck uses 2 shadow bits per byte with a slow
39 /// The default value of shadow is 0, which means "clean" (not poisoned).
42 /// shadow memory is ready. On error, __msan_warning is called. Since
44 /// specialized thread-local shadow for return values
54 /// They are stored in a second shadow mapping, one 4-byte value for 4 bytes
131 cl::desc("propagate shadow through ICmpEQ and ICmpNE"),
142 // This flag controls whether we check the shadow of the address
149 cl::desc("report accesses through a pointer which has poisoned shadow"),
192 /// \brief Thread-local shadow storage for function parameters.
196 /// \brief Thread-local shadow storage for function return value.
200 /// \brief Thread-local shadow storage for in-register va_arg function
203 /// \brief Thread-local shadow storage for va_arg overflow area
222 /// \brief Address mask used in application-to-shadow address calculation.
225 /// \brief Offset of the origin shadow from the "normal" shadow.
386 /// necessary to propagate argument shadow through VarArg function
416 /// instructions store and load corresponding shadow and origin
417 /// values. Most instructions propagate shadow from arguments to their
419 /// test their argument shadow and print reports (with a runtime call) if it's
433 Instruction *Shadow;
437 : Shadow(S), Origin(O), OrigIns(I) { }
438 ShadowOriginAndInsertPoint() : Shadow(0), Origin(0), OrigIns(0) { }
465 Value *Shadow = getShadow(Val);
466 Value *ShadowPtr = getShadowPtr(Addr, Shadow->getType(), IRB);
469 IRB.CreateAlignedStore(Shadow, ShadowPtr, I.getAlignment());
478 if (ClStoreCleanOrigin || isa<StructType>(Shadow->getType())) {
482 Value *ConvertedShadow = convertToShadowTyNoVec(Shadow, IRB);
485 // TODO(eugenis): handle non-zero constant shadow by inserting an
506 Instruction *Shadow = InstrumentationList[i].Shadow;
509 DEBUG(dbgs() << " SHAD0 : " << *Shadow << "\n");
510 Value *ConvertedShadow = convertToShadowTyNoVec(Shadow, IRB);
540 // blocks, such nodes will not have any shadow value associated with them.
541 // It's easier to remove unreachable blocks than deal with missing shadow.
544 // Iterate all BBs in depth-first order and create shadow instructions
546 // For PHI nodes we create dummy shadow PHIs which will be finalized later.
572 // Insert shadow value checks.
578 /// \brief Compute the shadow type that corresponds to a given Value.
583 /// \brief Compute the shadow type that corresponds to a given Type.
588 // For integer type, shadow is the same as the original type.
616 /// \brief Convert a shadow value to it's flattened variant.
624 /// \brief Compute the shadow address that corresponds to a given application
627 /// Shadow = Addr & ~ShadowMask.
652 /// \brief Compute the shadow address for a given function argument.
654 /// Shadow = ParamTLS+ArgOffset.
673 /// \brief Compute the shadow address for a retval.
686 /// \brief Set SV to be the shadow value for V.
688 assert(!ShadowMap.count(V) && "Values may only have one shadow");
700 /// \brief Create a clean shadow value for a given value.
702 /// Clean shadow (all zeroes) means all bits of the value are defined
711 /// \brief Create a dirty shadow of a given shadow type.
723 /// \brief Create a dirty shadow for a given value.
736 /// \brief Get the shadow value for a given Value.
742 // For instructions the shadow is already stored in the map.
743 Value *Shadow = ShadowMap[V];
744 if (!Shadow) {
745 DEBUG(dbgs() << "No shadow: " << *V << "\n" << *(I->getParent()));
747 assert(Shadow && "No shadow for a value");
749 return Shadow;
758 // For arguments we compute the shadow on demand and store it in the map.
777 // ByVal pointer itself has clean shadow. We copy the actual
778 // argument shadow to the underlying memory.
804 assert(*ShadowPtr && "Could not find shadow for an argument");
807 // For everything else the shadow is zero.
811 /// \brief Get the shadow for i-th argument of the instruction I.
835 /// \brief Remember the place where a shadow check should be inserted.
842 Instruction *Shadow = dyn_cast_or_null<Instruction>(getShadow(Val));
843 if (!Shadow) return;
845 Type *ShadowTy = Shadow->getType();
847 "Can only insert checks for integer and vector shadow types");
851 ShadowOriginAndInsertPoint(Shadow, Origin, OrigIns));
858 /// Loads the corresponding shadow and (optionally) origin.
889 /// Stores the corresponding shadow and (optionally) origin.
966 /// \brief Propagate shadow for bitwise AND.
970 /// corresponding bit in B don't affect the resulting shadow.
1015 /// \brief Default propagation of shadow and/or origin.
1017 /// This class implements the general case of shadow propagation, used in all
1019 /// actually does. It converts all input shadow values to a common type
1032 Value *Shadow;
1039 Shadow(0), Origin(0), IRB(IRB), MSV(MSV) {}
1041 /// \brief Add a pair of shadow and origin values to the mix.
1045 if (!Shadow)
1046 Shadow = OpShadow;
1048 OpShadow = MSV->CreateShadowCast(IRB, OpShadow, Shadow->getType());
1049 Shadow = IRB.CreateOr(Shadow, OpShadow, "_msprop");
1074 /// \brief Set the current combined values as the given instruction's shadow
1078 assert(Shadow);
1079 Shadow = MSV->CreateShadowCast(IRB, Shadow, MSV->getShadowTy(I));
1080 MSV->setShadow(I, Shadow);
1104 "Vector of pointers is not a valid shadow type");
1110 /// \brief Cast between two shadow types, extending or truncating as
1128 /// \brief Propagate shadow for arbitrary operation.
1203 // Split shadow into sign bit and other bits.
1206 // Maximise the undefined shadow bit, minimize other undefined bits.
1220 // Split shadow into sign bit and other bits.
1223 // Minimise the undefined shadow bit, maximise other undefined bits.
1234 /// This function does exact shadow propagation for all relational
1268 /// propagating the highest bit of the shadow. Everything else is delegated
1284 Value* Shadow =
1286 setShadow(&I, Shadow);
1350 /// we will memove the shadow twice: which is bad in case
1364 // Similar to memmove: avoid copying shadow twice.
1423 Value *Shadow = getShadow(&I, 1);
1424 Value *ShadowPtr = getShadowPtr(Addr, Shadow->getType(), IRB);
1428 IRB.CreateAlignedStore(Shadow, ShadowPtr, 1);
1575 // For inline asm, do the usual thing: check argument shadow and mark all
1584 // we may have a false positive: shadow for a non-void RetVal
1619 // Compute the Shadow for arg even if it is ByVal, because
1620 // in that case getShadow() will copy the actual arg shadow to
1625 " Shadow: " << *ArgShadow << "\n");
1655 // Now, get the shadow for the RetVal.
1658 // Untill we have full dynamic coverage, make sure the retval shadow is 0.
1676 "Could not find insertion point for retval shadow load");
1690 // Set the shadow for the RetVal.
1691 Value *Shadow = getShadow(RetVal);
1693 DEBUG(dbgs() << "Return: " << *Shadow << "\n" << *ShadowPtr << "\n");
1694 IRB.CreateAlignedStore(Shadow, ShadowPtr, kShadowTLSAlignment);
1814 // Everything else: stop propagating and check for poisoned shadow.
1858 // For VarArg functions, store the argument shadow in an ABI-specific format
1864 // MSanParamTLS, and extract shadow on va_arg() call in the argument list
1900 /// \brief Compute the shadow address for a given va_arg.
1948 // Copy va_list shadow from the backup copy of the TLS contents.
