Open
Description
Originally reported on Google Code with ID 7
The following code,
void f(int* p, int x) {
*p = x;
}
with -O2 -mllvm -msan-store-clean-origin=0 -mllvm -msan-track-origins=1 -mllvm -msan-check-access-address=0
is compiled into
_Z1fPii():
0: 48 b8 ff ff ff ff ff mov $0xffffbfffffffffff,%rax
7: bf ff ff
a: 48 21 f8 and %rdi,%rax
d: 48 8b 0d 00 00 00 00 mov 0x0(%rip),%rcx # 14 <_Z1fPii+0x14>
10: R_X86_64_GOTTPOFF __msan_param_origin_tls-0x4
14: 64 8b 49 08 mov %fs:0x8(%rcx),%ecx
18: 48 8b 15 00 00 00 00 mov 0x0(%rip),%rdx # 1f <_Z1fPii+0x1f>
1b: R_X86_64_GOTTPOFF __msan_param_tls-0x4
1f: 64 8b 52 08 mov %fs:0x8(%rdx),%edx
23: 89 10 mov %edx,(%rax)
25: 85 d2 test %edx,%edx
27: 74 13 je 3c <_Z1fPii+0x3c>
29: 48 ba 00 00 00 00 00 mov $0x200000000000,%rdx
30: 20 00 00
33: 48 01 d0 add %rdx,%rax
36: 48 83 e0 fc and $0xfffffffffffffffc,%rax
3a: 89 08 mov %ecx,(%rax)
3c: 89 37 mov %esi,(%rdi)
3e: c3 retq
Looks like the load from origin tls could be moved below the branch at offset 27, but
it's not, because it may be aliasing the store of the shadow value at offset 23.
Does it sound right? Could we use TBAA to tell LLVM that these are different memory
locations?
Reported by [email protected] on 2012-11-19 12:43:34