search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[ORC] Add std::tuple support to SimplePackedSerialization.
[llvm-project.git] / llvm / lib / Transforms / Instrumentation / ThreadSanitizer.cpp
blob87fdcc9114f44fbeefa2107b931a7017154e5a74
1 //===-- ThreadSanitizer.cpp - race detector -------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file is a part of ThreadSanitizer, a race detector.
10 //
11 // The tool is under development, for the details about previous versions see
12 // http://code.google.com/p/data-race-test
13 //
14 // The instrumentation phase is quite simple:
15 // - Insert calls to run-time library before every memory access.
16 // - Optimizations may apply to avoid instrumenting some of the accesses.
17 // - Insert calls at function entry/exit.
18 // The rest is handled by the run-time library.
19 //===----------------------------------------------------------------------===//
20
21 #include "llvm/Transforms/Instrumentation/ThreadSanitizer.h"
22 #include "llvm/ADT/DenseMap.h"
23 #include "llvm/ADT/Optional.h"
24 #include "llvm/ADT/SmallString.h"
25 #include "llvm/ADT/SmallVector.h"
26 #include "llvm/ADT/Statistic.h"
27 #include "llvm/ADT/StringExtras.h"
28 #include "llvm/Analysis/CaptureTracking.h"
29 #include "llvm/Analysis/TargetLibraryInfo.h"
30 #include "llvm/Analysis/ValueTracking.h"
31 #include "llvm/IR/DataLayout.h"
32 #include "llvm/IR/Function.h"
33 #include "llvm/IR/IRBuilder.h"
34 #include "llvm/IR/Instructions.h"
35 #include "llvm/IR/IntrinsicInst.h"
36 #include "llvm/IR/Intrinsics.h"
37 #include "llvm/IR/LLVMContext.h"
38 #include "llvm/IR/Metadata.h"
39 #include "llvm/IR/Module.h"
40 #include "llvm/IR/Type.h"
41 #include "llvm/InitializePasses.h"
42 #include "llvm/ProfileData/InstrProf.h"
43 #include "llvm/Support/CommandLine.h"
44 #include "llvm/Support/Debug.h"
45 #include "llvm/Support/MathExtras.h"
46 #include "llvm/Support/raw_ostream.h"
47 #include "llvm/Transforms/Instrumentation.h"
48 #include "llvm/Transforms/Utils/BasicBlockUtils.h"
49 #include "llvm/Transforms/Utils/EscapeEnumerator.h"
50 #include "llvm/Transforms/Utils/Local.h"
51 #include "llvm/Transforms/Utils/ModuleUtils.h"
52
53 using namespace llvm;
54
55 #define DEBUG_TYPE "tsan"
56
57 static cl::opt<bool> ClInstrumentMemoryAccesses(
58 "tsan-instrument-memory-accesses", cl::init(true),
59 cl::desc("Instrument memory accesses"), cl::Hidden);
60 static cl::opt<bool>
61 ClInstrumentFuncEntryExit("tsan-instrument-func-entry-exit", cl::init(true),
62 cl::desc("Instrument function entry and exit"),
63 cl::Hidden);
64 static cl::opt<bool> ClHandleCxxExceptions(
65 "tsan-handle-cxx-exceptions", cl::init(true),
66 cl::desc("Handle C++ exceptions (insert cleanup blocks for unwinding)"),
67 cl::Hidden);
68 static cl::opt<bool> ClInstrumentAtomics("tsan-instrument-atomics",
69 cl::init(true),
70 cl::desc("Instrument atomics"),
71 cl::Hidden);
72 static cl::opt<bool> ClInstrumentMemIntrinsics(
73 "tsan-instrument-memintrinsics", cl::init(true),
74 cl::desc("Instrument memintrinsics (memset/memcpy/memmove)"), cl::Hidden);
75 static cl::opt<bool> ClDistinguishVolatile(
76 "tsan-distinguish-volatile", cl::init(false),
77 cl::desc("Emit special instrumentation for accesses to volatiles"),
78 cl::Hidden);
79 static cl::opt<bool> ClInstrumentReadBeforeWrite(
80 "tsan-instrument-read-before-write", cl::init(false),
81 cl::desc("Do not eliminate read instrumentation for read-before-writes"),
82 cl::Hidden);
83 static cl::opt<bool> ClCompoundReadBeforeWrite(
84 "tsan-compound-read-before-write", cl::init(false),
85 cl::desc("Emit special compound instrumentation for reads-before-writes"),
86 cl::Hidden);
87
88 STATISTIC(NumInstrumentedReads, "Number of instrumented reads");
89 STATISTIC(NumInstrumentedWrites, "Number of instrumented writes");
90 STATISTIC(NumOmittedReadsBeforeWrite,
91 "Number of reads ignored due to following writes");
92 STATISTIC(NumAccessesWithBadSize, "Number of accesses with bad size");
93 STATISTIC(NumInstrumentedVtableWrites, "Number of vtable ptr writes");
94 STATISTIC(NumInstrumentedVtableReads, "Number of vtable ptr reads");
95 STATISTIC(NumOmittedReadsFromConstantGlobals,
96 "Number of reads from constant globals");
97 STATISTIC(NumOmittedReadsFromVtable, "Number of vtable reads");
98 STATISTIC(NumOmittedNonCaptured, "Number of accesses ignored due to capturing");
99
100 const char kTsanModuleCtorName[] = "tsan.module_ctor";
101 const char kTsanInitName[] = "__tsan_init";
102
103 namespace {
104
105 /// ThreadSanitizer: instrument the code in module to find races.
106 ///
107 /// Instantiating ThreadSanitizer inserts the tsan runtime library API function
108 /// declarations into the module if they don't exist already. Instantiating
109 /// ensures the __tsan_init function is in the list of global constructors for
110 /// the module.
111 struct ThreadSanitizer {
112 ThreadSanitizer() {
113 // Sanity check options and warn user.
114 if (ClInstrumentReadBeforeWrite && ClCompoundReadBeforeWrite) {
115 errs()
116 << "warning: Option -tsan-compound-read-before-write has no effect "
117 "when -tsan-instrument-read-before-write is set.\n";
118 }
119 }
120
121 bool sanitizeFunction(Function &F, const TargetLibraryInfo &TLI);
122
123 private:
124 // Internal Instruction wrapper that contains more information about the
125 // Instruction from prior analysis.
126 struct InstructionInfo {
127 // Instrumentation emitted for this instruction is for a compounded set of
128 // read and write operations in the same basic block.
129 static constexpr unsigned kCompoundRW = (1U << 0);
130
131 explicit InstructionInfo(Instruction *Inst) : Inst(Inst) {}
132
133 Instruction *Inst;
134 unsigned Flags = 0;
135 };
136
137 void initialize(Module &M);
138 bool instrumentLoadOrStore(const InstructionInfo &II, const DataLayout &DL);
139 bool instrumentAtomic(Instruction *I, const DataLayout &DL);
140 bool instrumentMemIntrinsic(Instruction *I);
141 void chooseInstructionsToInstrument(SmallVectorImpl<Instruction *> &Local,
142 SmallVectorImpl<InstructionInfo> &All,
143 const DataLayout &DL);
144 bool addrPointsToConstantData(Value *Addr);
145 int getMemoryAccessFuncIndex(Type *OrigTy, Value *Addr, const DataLayout &DL);
146 void InsertRuntimeIgnores(Function &F);
147
148 Type *IntptrTy;
149 FunctionCallee TsanFuncEntry;
150 FunctionCallee TsanFuncExit;
151 FunctionCallee TsanIgnoreBegin;
152 FunctionCallee TsanIgnoreEnd;
153 // Accesses sizes are powers of two: 1, 2, 4, 8, 16.
154 static const size_t kNumberOfAccessSizes = 5;
155 FunctionCallee TsanRead[kNumberOfAccessSizes];
156 FunctionCallee TsanWrite[kNumberOfAccessSizes];
157 FunctionCallee TsanUnalignedRead[kNumberOfAccessSizes];
158 FunctionCallee TsanUnalignedWrite[kNumberOfAccessSizes];
159 FunctionCallee TsanVolatileRead[kNumberOfAccessSizes];
160 FunctionCallee TsanVolatileWrite[kNumberOfAccessSizes];
161 FunctionCallee TsanUnalignedVolatileRead[kNumberOfAccessSizes];
162 FunctionCallee TsanUnalignedVolatileWrite[kNumberOfAccessSizes];
163 FunctionCallee TsanCompoundRW[kNumberOfAccessSizes];
164 FunctionCallee TsanUnalignedCompoundRW[kNumberOfAccessSizes];
165 FunctionCallee TsanAtomicLoad[kNumberOfAccessSizes];
166 FunctionCallee TsanAtomicStore[kNumberOfAccessSizes];
167 FunctionCallee TsanAtomicRMW[AtomicRMWInst::LAST_BINOP + 1]
168 [kNumberOfAccessSizes];
169 FunctionCallee TsanAtomicCAS[kNumberOfAccessSizes];
170 FunctionCallee TsanAtomicThreadFence;
171 FunctionCallee TsanAtomicSignalFence;
172 FunctionCallee TsanVptrUpdate;
173 FunctionCallee TsanVptrLoad;
174 FunctionCallee MemmoveFn, MemcpyFn, MemsetFn;
175 };
176
177 struct ThreadSanitizerLegacyPass : FunctionPass {
178 ThreadSanitizerLegacyPass() : FunctionPass(ID) {
179 initializeThreadSanitizerLegacyPassPass(*PassRegistry::getPassRegistry());
180 }
181 StringRef getPassName() const override;
182 void getAnalysisUsage(AnalysisUsage &AU) const override;
183 bool runOnFunction(Function &F) override;
184 bool doInitialization(Module &M) override;
185 static char ID; // Pass identification, replacement for typeid.
186 private:
187 Optional<ThreadSanitizer> TSan;
188 };
189
190 void insertModuleCtor(Module &M) {
191 getOrCreateSanitizerCtorAndInitFunctions(
192 M, kTsanModuleCtorName, kTsanInitName, /*InitArgTypes=*/{},
193 /*InitArgs=*/{},
194 // This callback is invoked when the functions are created the first
195 // time. Hook them into the global ctors list in that case:
196 [&](Function *Ctor, FunctionCallee) { appendToGlobalCtors(M, Ctor, 0); });
197 }
198
199 } // namespace
200
201 PreservedAnalyses ThreadSanitizerPass::run(Function &F,
202 FunctionAnalysisManager &FAM) {
203 ThreadSanitizer TSan;
204 if (TSan.sanitizeFunction(F, FAM.getResult<TargetLibraryAnalysis>(F)))
205 return PreservedAnalyses::none();
206 return PreservedAnalyses::all();
207 }
208
209 PreservedAnalyses ThreadSanitizerPass::run(Module &M,
210 ModuleAnalysisManager &MAM) {
211 insertModuleCtor(M);
212 return PreservedAnalyses::none();
213 }
214
215 char ThreadSanitizerLegacyPass::ID = 0;
216 INITIALIZE_PASS_BEGIN(ThreadSanitizerLegacyPass, "tsan",
217 "ThreadSanitizer: detects data races.", false, false)
218 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass)
219 INITIALIZE_PASS_END(ThreadSanitizerLegacyPass, "tsan",
220 "ThreadSanitizer: detects data races.", false, false)
221
222 StringRef ThreadSanitizerLegacyPass::getPassName() const {
223 return "ThreadSanitizerLegacyPass";
224 }
225
226 void ThreadSanitizerLegacyPass::getAnalysisUsage(AnalysisUsage &AU) const {
227 AU.addRequired<TargetLibraryInfoWrapperPass>();
228 }
229
230 bool ThreadSanitizerLegacyPass::doInitialization(Module &M) {
231 insertModuleCtor(M);
232 TSan.emplace();
233 return true;
234 }
235
236 bool ThreadSanitizerLegacyPass::runOnFunction(Function &F) {
237 auto &TLI = getAnalysis<TargetLibraryInfoWrapperPass>().getTLI(F);
238 TSan->sanitizeFunction(F, TLI);
239 return true;
240 }
241
242 FunctionPass *llvm::createThreadSanitizerLegacyPassPass() {
243 return new ThreadSanitizerLegacyPass();
244 }
245
246 void ThreadSanitizer::initialize(Module &M) {
247 const DataLayout &DL = M.getDataLayout();
248 IntptrTy = DL.getIntPtrType(M.getContext());
249
250 IRBuilder<> IRB(M.getContext());
251 AttributeList Attr;
252 Attr = Attr.addFnAttribute(M.getContext(), Attribute::NoUnwind);
253 // Initialize the callbacks.
254 TsanFuncEntry = M.getOrInsertFunction("__tsan_func_entry", Attr,
255 IRB.getVoidTy(), IRB.getInt8PtrTy());
256 TsanFuncExit =
257 M.getOrInsertFunction("__tsan_func_exit", Attr, IRB.getVoidTy());
258 TsanIgnoreBegin = M.getOrInsertFunction("__tsan_ignore_thread_begin", Attr,
259 IRB.getVoidTy());
260 TsanIgnoreEnd =
261 M.getOrInsertFunction("__tsan_ignore_thread_end", Attr, IRB.getVoidTy());
262 IntegerType *OrdTy = IRB.getInt32Ty();
263 for (size_t i = 0; i < kNumberOfAccessSizes; ++i) {
264 const unsigned ByteSize = 1U << i;
265 const unsigned BitSize = ByteSize * 8;
266 std::string ByteSizeStr = utostr(ByteSize);
267 std::string BitSizeStr = utostr(BitSize);
268 SmallString<32> ReadName("__tsan_read" + ByteSizeStr);
269 TsanRead[i] = M.getOrInsertFunction(ReadName, Attr, IRB.getVoidTy(),
270 IRB.getInt8PtrTy());
271
272 SmallString<32> WriteName("__tsan_write" + ByteSizeStr);
273 TsanWrite[i] = M.getOrInsertFunction(WriteName, Attr, IRB.getVoidTy(),
274 IRB.getInt8PtrTy());
275
276 SmallString<64> UnalignedReadName("__tsan_unaligned_read" + ByteSizeStr);
277 TsanUnalignedRead[i] = M.getOrInsertFunction(
278 UnalignedReadName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy());
279
280 SmallString<64> UnalignedWriteName("__tsan_unaligned_write" + ByteSizeStr);
281 TsanUnalignedWrite[i] = M.getOrInsertFunction(
282 UnalignedWriteName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy());
283
284 SmallString<64> VolatileReadName("__tsan_volatile_read" + ByteSizeStr);
285 TsanVolatileRead[i] = M.getOrInsertFunction(
286 VolatileReadName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy());
287
288 SmallString<64> VolatileWriteName("__tsan_volatile_write" + ByteSizeStr);
289 TsanVolatileWrite[i] = M.getOrInsertFunction(
290 VolatileWriteName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy());
291
292 SmallString<64> UnalignedVolatileReadName("__tsan_unaligned_volatile_read" +
293 ByteSizeStr);
294 TsanUnalignedVolatileRead[i] = M.getOrInsertFunction(
295 UnalignedVolatileReadName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy());
296
297 SmallString<64> UnalignedVolatileWriteName(
298 "__tsan_unaligned_volatile_write" + ByteSizeStr);
299 TsanUnalignedVolatileWrite[i] = M.getOrInsertFunction(
300 UnalignedVolatileWriteName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy());
301
302 SmallString<64> CompoundRWName("__tsan_read_write" + ByteSizeStr);
303 TsanCompoundRW[i] = M.getOrInsertFunction(
304 CompoundRWName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy());
305
306 SmallString<64> UnalignedCompoundRWName("__tsan_unaligned_read_write" +
307 ByteSizeStr);
308 TsanUnalignedCompoundRW[i] = M.getOrInsertFunction(
309 UnalignedCompoundRWName, Attr, IRB.getVoidTy(), IRB.getInt8PtrTy());
310
311 Type *Ty = Type::getIntNTy(M.getContext(), BitSize);
312 Type *PtrTy = Ty->getPointerTo();
313 SmallString<32> AtomicLoadName("__tsan_atomic" + BitSizeStr + "_load");
314 {
315 AttributeList AL = Attr;
316 AL = AL.addParamAttribute(M.getContext(), 1, Attribute::ZExt);
317 TsanAtomicLoad[i] =
318 M.getOrInsertFunction(AtomicLoadName, AL, Ty, PtrTy, OrdTy);
319 }
320
321 SmallString<32> AtomicStoreName("__tsan_atomic" + BitSizeStr + "_store");
322 {
323 AttributeList AL = Attr;
324 AL = AL.addParamAttribute(M.getContext(), 1, Attribute::ZExt);
325 AL = AL.addParamAttribute(M.getContext(), 2, Attribute::ZExt);
326 TsanAtomicStore[i] = M.getOrInsertFunction(
327 AtomicStoreName, AL, IRB.getVoidTy(), PtrTy, Ty, OrdTy);
328 }
329
330 for (unsigned Op = AtomicRMWInst::FIRST_BINOP;
331 Op <= AtomicRMWInst::LAST_BINOP; ++Op) {
332 TsanAtomicRMW[Op][i] = nullptr;
333 const char *NamePart = nullptr;
334 if (Op == AtomicRMWInst::Xchg)
335 NamePart = "_exchange";
336 else if (Op == AtomicRMWInst::Add)
337 NamePart = "_fetch_add";
338 else if (Op == AtomicRMWInst::Sub)
339 NamePart = "_fetch_sub";
340 else if (Op == AtomicRMWInst::And)
341 NamePart = "_fetch_and";
342 else if (Op == AtomicRMWInst::Or)
343 NamePart = "_fetch_or";
344 else if (Op == AtomicRMWInst::Xor)
345 NamePart = "_fetch_xor";
346 else if (Op == AtomicRMWInst::Nand)
347 NamePart = "_fetch_nand";
348 else
349 continue;
350 SmallString<32> RMWName("__tsan_atomic" + itostr(BitSize) + NamePart);
351 {
352 AttributeList AL = Attr;
353 AL = AL.addParamAttribute(M.getContext(), 1, Attribute::ZExt);
354 AL = AL.addParamAttribute(M.getContext(), 2, Attribute::ZExt);
355 TsanAtomicRMW[Op][i] =
356 M.getOrInsertFunction(RMWName, AL, Ty, PtrTy, Ty, OrdTy);
357 }
358 }
359
360 SmallString<32> AtomicCASName("__tsan_atomic" + BitSizeStr +
361 "_compare_exchange_val");
362 {
363 AttributeList AL = Attr;
364 AL = AL.addParamAttribute(M.getContext(), 1, Attribute::ZExt);
365 AL = AL.addParamAttribute(M.getContext(), 2, Attribute::ZExt);
366 AL = AL.addParamAttribute(M.getContext(), 3, Attribute::ZExt);
367 AL = AL.addParamAttribute(M.getContext(), 4, Attribute::ZExt);
368 TsanAtomicCAS[i] = M.getOrInsertFunction(AtomicCASName, AL, Ty, PtrTy, Ty,
369 Ty, OrdTy, OrdTy);
370 }
371 }
372 TsanVptrUpdate =
373 M.getOrInsertFunction("__tsan_vptr_update", Attr, IRB.getVoidTy(),
374 IRB.getInt8PtrTy(), IRB.getInt8PtrTy());
375 TsanVptrLoad = M.getOrInsertFunction("__tsan_vptr_read", Attr,
376 IRB.getVoidTy(), IRB.getInt8PtrTy());
377 {
378 AttributeList AL = Attr;
379 AL = AL.addParamAttribute(M.getContext(), 0, Attribute::ZExt);
380 TsanAtomicThreadFence = M.getOrInsertFunction("__tsan_atomic_thread_fence",
381 AL, IRB.getVoidTy(), OrdTy);
382 }
383 {
384 AttributeList AL = Attr;
385 AL = AL.addParamAttribute(M.getContext(), 0, Attribute::ZExt);
386 TsanAtomicSignalFence = M.getOrInsertFunction("__tsan_atomic_signal_fence",
387 AL, IRB.getVoidTy(), OrdTy);
388 }
389
390 MemmoveFn =
391 M.getOrInsertFunction("memmove", Attr, IRB.getInt8PtrTy(),
392 IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy);
393 MemcpyFn =
394 M.getOrInsertFunction("memcpy", Attr, IRB.getInt8PtrTy(),
395 IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy);
396 MemsetFn =
397 M.getOrInsertFunction("memset", Attr, IRB.getInt8PtrTy(),
398 IRB.getInt8PtrTy(), IRB.getInt32Ty(), IntptrTy);
399 }
400
401 static bool isVtableAccess(Instruction *I) {
402 if (MDNode *Tag = I->getMetadata(LLVMContext::MD_tbaa))
403 return Tag->isTBAAVtableAccess();
404 return false;
405 }
406
407 // Do not instrument known races/"benign races" that come from compiler
408 // instrumentatin. The user has no way of suppressing them.
409 static bool shouldInstrumentReadWriteFromAddress(const Module *M, Value *Addr) {
410 // Peel off GEPs and BitCasts.
411 Addr = Addr->stripInBoundsOffsets();
412
413 if (GlobalVariable *GV = dyn_cast<GlobalVariable>(Addr)) {
414 if (GV->hasSection()) {
415 StringRef SectionName = GV->getSection();
416 // Check if the global is in the PGO counters section.
417 auto OF = Triple(M->getTargetTriple()).getObjectFormat();
418 if (SectionName.endswith(
419 getInstrProfSectionName(IPSK_cnts, OF, /*AddSegmentInfo=*/false)))
420 return false;
421 }
422
423 // Check if the global is private gcov data.
424 if (GV->getName().startswith("__llvm_gcov") ||
425 GV->getName().startswith("__llvm_gcda"))
426 return false;
427 }
428
429 // Do not instrument acesses from different address spaces; we cannot deal
430 // with them.
431 if (Addr) {
432 Type *PtrTy = cast<PointerType>(Addr->getType()->getScalarType());
433 if (PtrTy->getPointerAddressSpace() != 0)
434 return false;
435 }
436
437 return true;
438 }
439
440 bool ThreadSanitizer::addrPointsToConstantData(Value *Addr) {
441 // If this is a GEP, just analyze its pointer operand.
442 if (GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(Addr))
443 Addr = GEP->getPointerOperand();
444
445 if (GlobalVariable *GV = dyn_cast<GlobalVariable>(Addr)) {
446 if (GV->isConstant()) {
447 // Reads from constant globals can not race with any writes.
448 NumOmittedReadsFromConstantGlobals++;
449 return true;
450 }
451 } else if (LoadInst *L = dyn_cast<LoadInst>(Addr)) {
452 if (isVtableAccess(L)) {
453 // Reads from a vtable pointer can not race with any writes.
454 NumOmittedReadsFromVtable++;
455 return true;
456 }
457 }
458 return false;
459 }
460
461 // Instrumenting some of the accesses may be proven redundant.
462 // Currently handled:
463 // - read-before-write (within same BB, no calls between)
464 // - not captured variables
465 //
466 // We do not handle some of the patterns that should not survive
467 // after the classic compiler optimizations.
468 // E.g. two reads from the same temp should be eliminated by CSE,
469 // two writes should be eliminated by DSE, etc.
470 //
471 // 'Local' is a vector of insns within the same BB (no calls between).
472 // 'All' is a vector of insns that will be instrumented.
473 void ThreadSanitizer::chooseInstructionsToInstrument(
474 SmallVectorImpl<Instruction *> &Local,
475 SmallVectorImpl<InstructionInfo> &All, const DataLayout &DL) {
476 DenseMap<Value *, size_t> WriteTargets; // Map of addresses to index in All
477 // Iterate from the end.
478 for (Instruction *I : reverse(Local)) {
479 const bool IsWrite = isa<StoreInst>(*I);
480 Value *Addr = IsWrite ? cast<StoreInst>(I)->getPointerOperand()
481 : cast<LoadInst>(I)->getPointerOperand();
482
483 if (!shouldInstrumentReadWriteFromAddress(I->getModule(), Addr))
484 continue;
485
486 if (!IsWrite) {
487 const auto WriteEntry = WriteTargets.find(Addr);
488 if (!ClInstrumentReadBeforeWrite && WriteEntry != WriteTargets.end()) {
489 auto &WI = All[WriteEntry->second];
490 // If we distinguish volatile accesses and if either the read or write
491 // is volatile, do not omit any instrumentation.
492 const bool AnyVolatile =
493 ClDistinguishVolatile && (cast<LoadInst>(I)->isVolatile() ||
494 cast<StoreInst>(WI.Inst)->isVolatile());
495 if (!AnyVolatile) {
496 // We will write to this temp, so no reason to analyze the read.
497 // Mark the write instruction as compound.
498 WI.Flags |= InstructionInfo::kCompoundRW;
499 NumOmittedReadsBeforeWrite++;
500 continue;
501 }
502 }
503
504 if (addrPointsToConstantData(Addr)) {
505 // Addr points to some constant data -- it can not race with any writes.
506 continue;
507 }
508 }
509
510 if (isa<AllocaInst>(getUnderlyingObject(Addr)) &&
511 !PointerMayBeCaptured(Addr, true, true)) {
512 // The variable is addressable but not captured, so it cannot be
513 // referenced from a different thread and participate in a data race
514 // (see llvm/Analysis/CaptureTracking.h for details).
515 NumOmittedNonCaptured++;
516 continue;
517 }
518
519 // Instrument this instruction.
520 All.emplace_back(I);
521 if (IsWrite) {
522 // For read-before-write and compound instrumentation we only need one
523 // write target, and we can override any previous entry if it exists.
524 WriteTargets[Addr] = All.size() - 1;
525 }
526 }
527 Local.clear();
528 }
529
530 static bool isAtomic(Instruction *I) {
531 // TODO: Ask TTI whether synchronization scope is between threads.
532 if (LoadInst *LI = dyn_cast<LoadInst>(I))
533 return LI->isAtomic() && LI->getSyncScopeID() != SyncScope::SingleThread;
534 if (StoreInst *SI = dyn_cast<StoreInst>(I))
535 return SI->isAtomic() && SI->getSyncScopeID() != SyncScope::SingleThread;
536 if (isa<AtomicRMWInst>(I))
537 return true;
538 if (isa<AtomicCmpXchgInst>(I))
539 return true;
540 if (isa<FenceInst>(I))
541 return true;
542 return false;
543 }
544
545 void ThreadSanitizer::InsertRuntimeIgnores(Function &F) {
546 IRBuilder<> IRB(F.getEntryBlock().getFirstNonPHI());
547 IRB.CreateCall(TsanIgnoreBegin);
548 EscapeEnumerator EE(F, "tsan_ignore_cleanup", ClHandleCxxExceptions);
549 while (IRBuilder<> *AtExit = EE.Next()) {
550 AtExit->CreateCall(TsanIgnoreEnd);
551 }
552 }
553
554 bool ThreadSanitizer::sanitizeFunction(Function &F,
555 const TargetLibraryInfo &TLI) {
556 // This is required to prevent instrumenting call to __tsan_init from within
557 // the module constructor.
558 if (F.getName() == kTsanModuleCtorName)
559 return false;
560 // Naked functions can not have prologue/epilogue
561 // (__tsan_func_entry/__tsan_func_exit) generated, so don't instrument them at
562 // all.
563 if (F.hasFnAttribute(Attribute::Naked))
564 return false;
565 initialize(*F.getParent());
566 SmallVector<InstructionInfo, 8> AllLoadsAndStores;
567 SmallVector<Instruction*, 8> LocalLoadsAndStores;
568 SmallVector<Instruction*, 8> AtomicAccesses;
569 SmallVector<Instruction*, 8> MemIntrinCalls;
570 bool Res = false;
571 bool HasCalls = false;
572 bool SanitizeFunction = F.hasFnAttribute(Attribute::SanitizeThread);
573 const DataLayout &DL = F.getParent()->getDataLayout();
574
575 // Traverse all instructions, collect loads/stores/returns, check for calls.
576 for (auto &BB : F) {
577 for (auto &Inst : BB) {
578 if (isAtomic(&Inst))
579 AtomicAccesses.push_back(&Inst);
580 else if (isa<LoadInst>(Inst) || isa<StoreInst>(Inst))
581 LocalLoadsAndStores.push_back(&Inst);
582 else if (isa<CallInst>(Inst) || isa<InvokeInst>(Inst)) {
583 if (CallInst *CI = dyn_cast<CallInst>(&Inst))
584 maybeMarkSanitizerLibraryCallNoBuiltin(CI, &TLI);
585 if (isa<MemIntrinsic>(Inst))
586 MemIntrinCalls.push_back(&Inst);
587 HasCalls = true;
588 chooseInstructionsToInstrument(LocalLoadsAndStores, AllLoadsAndStores,
589 DL);
590 }
591 }
592 chooseInstructionsToInstrument(LocalLoadsAndStores, AllLoadsAndStores, DL);
593 }
594
595 // We have collected all loads and stores.
596 // FIXME: many of these accesses do not need to be checked for races
597 // (e.g. variables that do not escape, etc).
598
599 // Instrument memory accesses only if we want to report bugs in the function.
600 if (ClInstrumentMemoryAccesses && SanitizeFunction)
601 for (const auto &II : AllLoadsAndStores) {
602 Res |= instrumentLoadOrStore(II, DL);
603 }
604
605 // Instrument atomic memory accesses in any case (they can be used to
606 // implement synchronization).
607 if (ClInstrumentAtomics)
608 for (auto Inst : AtomicAccesses) {
609 Res |= instrumentAtomic(Inst, DL);
610 }
611
612 if (ClInstrumentMemIntrinsics && SanitizeFunction)
613 for (auto Inst : MemIntrinCalls) {
614 Res |= instrumentMemIntrinsic(Inst);
615 }
616
617 if (F.hasFnAttribute("sanitize_thread_no_checking_at_run_time")) {
618 assert(!F.hasFnAttribute(Attribute::SanitizeThread));
619 if (HasCalls)
620 InsertRuntimeIgnores(F);
621 }
622
623 // Instrument function entry/exit points if there were instrumented accesses.
624 if ((Res || HasCalls) && ClInstrumentFuncEntryExit) {
625 IRBuilder<> IRB(F.getEntryBlock().getFirstNonPHI());
626 Value *ReturnAddress = IRB.CreateCall(
627 Intrinsic::getDeclaration(F.getParent(), Intrinsic::returnaddress),
628 IRB.getInt32(0));
629 IRB.CreateCall(TsanFuncEntry, ReturnAddress);
630
631 EscapeEnumerator EE(F, "tsan_cleanup", ClHandleCxxExceptions);
632 while (IRBuilder<> *AtExit = EE.Next()) {
633 AtExit->CreateCall(TsanFuncExit, {});
634 }
635 Res = true;
636 }
637 return Res;
638 }
639
640 bool ThreadSanitizer::instrumentLoadOrStore(const InstructionInfo &II,
641 const DataLayout &DL) {
642 IRBuilder<> IRB(II.Inst);
643 const bool IsWrite = isa<StoreInst>(*II.Inst);
644 Value *Addr = IsWrite ? cast<StoreInst>(II.Inst)->getPointerOperand()
645 : cast<LoadInst>(II.Inst)->getPointerOperand();
646 Type *OrigTy = getLoadStoreType(II.Inst);
647
648 // swifterror memory addresses are mem2reg promoted by instruction selection.
649 // As such they cannot have regular uses like an instrumentation function and
650 // it makes no sense to track them as memory.
651 if (Addr->isSwiftError())
652 return false;
653
654 int Idx = getMemoryAccessFuncIndex(OrigTy, Addr, DL);
655 if (Idx < 0)
656 return false;
657 if (IsWrite && isVtableAccess(II.Inst)) {
658 LLVM_DEBUG(dbgs() << " VPTR : " << *II.Inst << "\n");
659 Value *StoredValue = cast<StoreInst>(II.Inst)->getValueOperand();
660 // StoredValue may be a vector type if we are storing several vptrs at once.
661 // In this case, just take the first element of the vector since this is
662 // enough to find vptr races.
663 if (isa<VectorType>(StoredValue->getType()))
664 StoredValue = IRB.CreateExtractElement(
665 StoredValue, ConstantInt::get(IRB.getInt32Ty(), 0));
666 if (StoredValue->getType()->isIntegerTy())
667 StoredValue = IRB.CreateIntToPtr(StoredValue, IRB.getInt8PtrTy());
668 // Call TsanVptrUpdate.
669 IRB.CreateCall(TsanVptrUpdate,
670 {IRB.CreatePointerCast(Addr, IRB.getInt8PtrTy()),
671 IRB.CreatePointerCast(StoredValue, IRB.getInt8PtrTy())});
672 NumInstrumentedVtableWrites++;
673 return true;
674 }
675 if (!IsWrite && isVtableAccess(II.Inst)) {
676 IRB.CreateCall(TsanVptrLoad,
677 IRB.CreatePointerCast(Addr, IRB.getInt8PtrTy()));
678 NumInstrumentedVtableReads++;
679 return true;
680 }
681
682 const unsigned Alignment = IsWrite ? cast<StoreInst>(II.Inst)->getAlignment()
683 : cast<LoadInst>(II.Inst)->getAlignment();
684 const bool IsCompoundRW =
685 ClCompoundReadBeforeWrite && (II.Flags & InstructionInfo::kCompoundRW);
686 const bool IsVolatile = ClDistinguishVolatile &&
687 (IsWrite ? cast<StoreInst>(II.Inst)->isVolatile()
688 : cast<LoadInst>(II.Inst)->isVolatile());
689 assert((!IsVolatile || !IsCompoundRW) && "Compound volatile invalid!");
690
691 const uint32_t TypeSize = DL.getTypeStoreSizeInBits(OrigTy);
692 FunctionCallee OnAccessFunc = nullptr;
693 if (Alignment == 0 || Alignment >= 8 || (Alignment % (TypeSize / 8)) == 0) {
694 if (IsCompoundRW)
695 OnAccessFunc = TsanCompoundRW[Idx];
696 else if (IsVolatile)
697 OnAccessFunc = IsWrite ? TsanVolatileWrite[Idx] : TsanVolatileRead[Idx];
698 else
699 OnAccessFunc = IsWrite ? TsanWrite[Idx] : TsanRead[Idx];
700 } else {
701 if (IsCompoundRW)
702 OnAccessFunc = TsanUnalignedCompoundRW[Idx];
703 else if (IsVolatile)
704 OnAccessFunc = IsWrite ? TsanUnalignedVolatileWrite[Idx]
705 : TsanUnalignedVolatileRead[Idx];
706 else
707 OnAccessFunc = IsWrite ? TsanUnalignedWrite[Idx] : TsanUnalignedRead[Idx];
708 }
709 IRB.CreateCall(OnAccessFunc, IRB.CreatePointerCast(Addr, IRB.getInt8PtrTy()));
710 if (IsCompoundRW || IsWrite)
711 NumInstrumentedWrites++;
712 if (IsCompoundRW || !IsWrite)
713 NumInstrumentedReads++;
714 return true;
715 }
716
717 static ConstantInt *createOrdering(IRBuilder<> *IRB, AtomicOrdering ord) {
718 uint32_t v = 0;
719 switch (ord) {
720 case AtomicOrdering::NotAtomic:
721 llvm_unreachable("unexpected atomic ordering!");
722 case AtomicOrdering::Unordered: LLVM_FALLTHROUGH;
723 case AtomicOrdering::Monotonic: v = 0; break;
724 // Not specified yet:
725 // case AtomicOrdering::Consume: v = 1; break;
726 case AtomicOrdering::Acquire: v = 2; break;
727 case AtomicOrdering::Release: v = 3; break;
728 case AtomicOrdering::AcquireRelease: v = 4; break;
729 case AtomicOrdering::SequentiallyConsistent: v = 5; break;
730 }
731 return IRB->getInt32(v);
732 }
733
734 // If a memset intrinsic gets inlined by the code gen, we will miss races on it.
735 // So, we either need to ensure the intrinsic is not inlined, or instrument it.
736 // We do not instrument memset/memmove/memcpy intrinsics (too complicated),
737 // instead we simply replace them with regular function calls, which are then
738 // intercepted by the run-time.
739 // Since tsan is running after everyone else, the calls should not be
740 // replaced back with intrinsics. If that becomes wrong at some point,
741 // we will need to call e.g. __tsan_memset to avoid the intrinsics.
742 bool ThreadSanitizer::instrumentMemIntrinsic(Instruction *I) {
743 IRBuilder<> IRB(I);
744 if (MemSetInst *M = dyn_cast<MemSetInst>(I)) {
745 IRB.CreateCall(
746 MemsetFn,
747 {IRB.CreatePointerCast(M->getArgOperand(0), IRB.getInt8PtrTy()),
748 IRB.CreateIntCast(M->getArgOperand(1), IRB.getInt32Ty(), false),
749 IRB.CreateIntCast(M->getArgOperand(2), IntptrTy, false)});
750 I->eraseFromParent();
751 } else if (MemTransferInst *M = dyn_cast<MemTransferInst>(I)) {
752 IRB.CreateCall(
753 isa<MemCpyInst>(M) ? MemcpyFn : MemmoveFn,
754 {IRB.CreatePointerCast(M->getArgOperand(0), IRB.getInt8PtrTy()),
755 IRB.CreatePointerCast(M->getArgOperand(1), IRB.getInt8PtrTy()),
756 IRB.CreateIntCast(M->getArgOperand(2), IntptrTy, false)});
757 I->eraseFromParent();
758 }
759 return false;
760 }
761
762 // Both llvm and ThreadSanitizer atomic operations are based on C++11/C1x
763 // standards. For background see C++11 standard. A slightly older, publicly
764 // available draft of the standard (not entirely up-to-date, but close enough
765 // for casual browsing) is available here:
766 // http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2011/n3242.pdf
767 // The following page contains more background information:
768 // http://www.hpl.hp.com/personal/Hans_Boehm/c++mm/
769
770 bool ThreadSanitizer::instrumentAtomic(Instruction *I, const DataLayout &DL) {
771 IRBuilder<> IRB(I);
772 if (LoadInst *LI = dyn_cast<LoadInst>(I)) {
773 Value *Addr = LI->getPointerOperand();
774 Type *OrigTy = LI->getType();
775 int Idx = getMemoryAccessFuncIndex(OrigTy, Addr, DL);
776 if (Idx < 0)
777 return false;
778 const unsigned ByteSize = 1U << Idx;
779 const unsigned BitSize = ByteSize * 8;
780 Type *Ty = Type::getIntNTy(IRB.getContext(), BitSize);
781 Type *PtrTy = Ty->getPointerTo();
782 Value *Args[] = {IRB.CreatePointerCast(Addr, PtrTy),
783 createOrdering(&IRB, LI->getOrdering())};
784 Value *C = IRB.CreateCall(TsanAtomicLoad[Idx], Args);
785 Value *Cast = IRB.CreateBitOrPointerCast(C, OrigTy);
786 I->replaceAllUsesWith(Cast);
787 } else if (StoreInst *SI = dyn_cast<StoreInst>(I)) {
788 Value *Addr = SI->getPointerOperand();
789 int Idx =
790 getMemoryAccessFuncIndex(SI->getValueOperand()->getType(), Addr, DL);
791 if (Idx < 0)
792 return false;
793 const unsigned ByteSize = 1U << Idx;
794 const unsigned BitSize = ByteSize * 8;
795 Type *Ty = Type::getIntNTy(IRB.getContext(), BitSize);
796 Type *PtrTy = Ty->getPointerTo();
797 Value *Args[] = {IRB.CreatePointerCast(Addr, PtrTy),
798 IRB.CreateBitOrPointerCast(SI->getValueOperand(), Ty),
799 createOrdering(&IRB, SI->getOrdering())};
800 CallInst *C = CallInst::Create(TsanAtomicStore[Idx], Args);
801 ReplaceInstWithInst(I, C);
802 } else if (AtomicRMWInst *RMWI = dyn_cast<AtomicRMWInst>(I)) {
803 Value *Addr = RMWI->getPointerOperand();
804 int Idx =
805 getMemoryAccessFuncIndex(RMWI->getValOperand()->getType(), Addr, DL);
806 if (Idx < 0)
807 return false;
808 FunctionCallee F = TsanAtomicRMW[RMWI->getOperation()][Idx];
809 if (!F)
810 return false;
811 const unsigned ByteSize = 1U << Idx;
812 const unsigned BitSize = ByteSize * 8;
813 Type *Ty = Type::getIntNTy(IRB.getContext(), BitSize);
814 Type *PtrTy = Ty->getPointerTo();
815 Value *Args[] = {IRB.CreatePointerCast(Addr, PtrTy),
816 IRB.CreateIntCast(RMWI->getValOperand(), Ty, false),
817 createOrdering(&IRB, RMWI->getOrdering())};
818 CallInst *C = CallInst::Create(F, Args);
819 ReplaceInstWithInst(I, C);
820 } else if (AtomicCmpXchgInst *CASI = dyn_cast<AtomicCmpXchgInst>(I)) {
821 Value *Addr = CASI->getPointerOperand();
822 Type *OrigOldValTy = CASI->getNewValOperand()->getType();
823 int Idx = getMemoryAccessFuncIndex(OrigOldValTy, Addr, DL);
824 if (Idx < 0)
825 return false;
826 const unsigned ByteSize = 1U << Idx;
827 const unsigned BitSize = ByteSize * 8;
828 Type *Ty = Type::getIntNTy(IRB.getContext(), BitSize);
829 Type *PtrTy = Ty->getPointerTo();
830 Value *CmpOperand =
831 IRB.CreateBitOrPointerCast(CASI->getCompareOperand(), Ty);
832 Value *NewOperand =
833 IRB.CreateBitOrPointerCast(CASI->getNewValOperand(), Ty);
834 Value *Args[] = {IRB.CreatePointerCast(Addr, PtrTy),
835 CmpOperand,
836 NewOperand,
837 createOrdering(&IRB, CASI->getSuccessOrdering()),
838 createOrdering(&IRB, CASI->getFailureOrdering())};
839 CallInst *C = IRB.CreateCall(TsanAtomicCAS[Idx], Args);
840 Value *Success = IRB.CreateICmpEQ(C, CmpOperand);
841 Value *OldVal = C;
842 if (Ty != OrigOldValTy) {
843 // The value is a pointer, so we need to cast the return value.
844 OldVal = IRB.CreateIntToPtr(C, OrigOldValTy);
845 }
846
847 Value *Res =
848 IRB.CreateInsertValue(UndefValue::get(CASI->getType()), OldVal, 0);
849 Res = IRB.CreateInsertValue(Res, Success, 1);
850
851 I->replaceAllUsesWith(Res);
852 I->eraseFromParent();
853 } else if (FenceInst *FI = dyn_cast<FenceInst>(I)) {
854 Value *Args[] = {createOrdering(&IRB, FI->getOrdering())};
855 FunctionCallee F = FI->getSyncScopeID() == SyncScope::SingleThread
856 ? TsanAtomicSignalFence
857 : TsanAtomicThreadFence;
858 CallInst *C = CallInst::Create(F, Args);
859 ReplaceInstWithInst(I, C);
860 }
861 return true;
862 }
863
864 int ThreadSanitizer::getMemoryAccessFuncIndex(Type *OrigTy, Value *Addr,
865 const DataLayout &DL) {
866 assert(OrigTy->isSized());
867 assert(
868 cast<PointerType>(Addr->getType())->isOpaqueOrPointeeTypeMatches(OrigTy));
869 uint32_t TypeSize = DL.getTypeStoreSizeInBits(OrigTy);
870 if (TypeSize != 8 && TypeSize != 16 &&
871 TypeSize != 32 && TypeSize != 64 && TypeSize != 128) {
872 NumAccessesWithBadSize++;
873 // Ignore all unusual sizes.
874 return -1;
875 }
876 size_t Idx = countTrailingZeros(TypeSize / 8);
877 assert(Idx < kNumberOfAccessSizes);
878 return Idx;
879 }
LLVM monorepo