commit 28f330fd6f9ae14f633d342fdf00defda56566f9
author Evgeniy Stepanov <eugeni.stepanov@gmail.com> Fri May 18 20:19:53 2018 +0000
committer Evgeniy Stepanov <eugeni.stepanov@gmail.com> Fri May 18 20:19:53 2018 +0000
tree 1b31fe45a59fe014d107e46eaf72a87d355d49b8
parent fb50dd34ed5d405de083e37d0c8a1baa2cd76387

[msan] Don't check divisor shadow in fdiv.

Summary:
Floating point division by zero or even undef does not have undefined
behavior and may occur due to optimizations.

Fixes https://bugs.llvm.org/show_bug.cgi?id=37523.

Reviewers: kcc

Subscribers: hiraditya, llvm-commits

Differential Revision: https://reviews.llvm.org/D47085

llvm-svn: 332761

compiler-rt/lib/msan/tests/msan_test.cc

diff --git a/compiler-rt/lib/msan/tests/msan_test.cc b/compiler-rt/lib/msan/tests/msan_test.cc
index 7a582c9..fd3973b 100644
--- a/compiler-rt/lib/msan/tests/msan_test.cc
+++ b/compiler-rt/lib/msan/tests/msan_test.cc
@@ -4044,7 +4044,6 @@
 typedef U2 V4x16 __attribute__((__vector_size__(8)));
 typedef U1 V8x8 __attribute__((__vector_size__(8)));
 
-
 V8x16 shift_sse2_left_scalar(V8x16 x, U4 y) {
   return _mm_slli_epi16(x, y);
 }

compiler-rt/test/msan/vector_div.cc

diff --git a/compiler-rt/test/msan/vector_div.cc b/compiler-rt/test/msan/vector_div.cc
new file mode 100644
index 0000000..4ca2369
--- /dev/null
+++ b/compiler-rt/test/msan/vector_div.cc
@@ -0,0 +1,17 @@
+// Regression test for https://bugs.llvm.org/show_bug.cgi?id=37523
+
+// RUN: %clangxx_msan -O0 %s -o %t && %run %t
+// RUN: %clangxx_msan -O3 %s -o %t && %run %t
+// REQUIRES: x86_64-target-arch
+
+#include <assert.h>
+#include <emmintrin.h>
+
+int main() {
+  volatile int scale = 5;
+  volatile auto zz = _mm_div_ps(_mm_set1_ps(255), _mm_set1_ps(scale));
+  assert(zz[0] == 51);
+  assert(zz[1] == 51);
+  assert(zz[2] == 51);
+  assert(zz[3] == 51);
+}

llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp

diff --git a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
index eb2af4f..5fbb651 100644
--- a/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
+++ b/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp
@@ -1841,7 +1841,7 @@
   void visitSub(BinaryOperator &I) { handleShadowOr(I); }
   void visitXor(BinaryOperator &I) { handleShadowOr(I); }
 
-  void handleDiv(Instruction &I) {
+  void handleIntegerDiv(Instruction &I) {
     IRBuilder<> IRB(&I);
     // Strict on the second argument.
     insertShadowCheck(I.getOperand(1), &I);
@@ -1849,12 +1849,15 @@
     setOrigin(&I, getOrigin(&I, 0));
   }
 
-  void visitUDiv(BinaryOperator &I) { handleDiv(I); }
-  void visitSDiv(BinaryOperator &I) { handleDiv(I); }
-  void visitFDiv(BinaryOperator &I) { handleDiv(I); }
-  void visitURem(BinaryOperator &I) { handleDiv(I); }
-  void visitSRem(BinaryOperator &I) { handleDiv(I); }
-  void visitFRem(BinaryOperator &I) { handleDiv(I); }
+  void visitUDiv(BinaryOperator &I) { handleIntegerDiv(I); }
+  void visitSDiv(BinaryOperator &I) { handleIntegerDiv(I); }
+  void visitURem(BinaryOperator &I) { handleIntegerDiv(I); }
+  void visitSRem(BinaryOperator &I) { handleIntegerDiv(I); }
+
+  // Floating point division is side-effect free. We can not require that the
+  // divisor is fully initialized and must propagate shadow. See PR37523.
+  void visitFDiv(BinaryOperator &I) { handleShadowOr(I); }
+  void visitFRem(BinaryOperator &I) { handleShadowOr(I); }
 
   /// Instrument == and != comparisons.
   ///

llvm/test/Instrumentation/MemorySanitizer/msan_basic.ll

diff --git a/llvm/test/Instrumentation/MemorySanitizer/msan_basic.ll b/llvm/test/Instrumentation/MemorySanitizer/msan_basic.ll
index 0c23ede..1f412ff 100644
--- a/llvm/test/Instrumentation/MemorySanitizer/msan_basic.ll
+++ b/llvm/test/Instrumentation/MemorySanitizer/msan_basic.ll
@@ -417,6 +417,21 @@
 ; CHECK-NOT: icmp
 ; CHECK: ret i32
 
+; Check that fdiv, unlike udiv, simply propagates shadow.
+
+define float @FDiv(float %a, float %b) nounwind uwtable readnone sanitize_memory {
+entry:
+  %c = fdiv float %a, %b
+  ret float %c
+}
+
+; CHECK-LABEL: @FDiv
+; CHECK: %[[SA:.*]] = load i32,{{.*}}@__msan_param_tls
+; CHECK: %[[SB:.*]] = load i32,{{.*}}@__msan_param_tls
+; CHECK: %[[SC:.*]] = or i32 %[[SB]], %[[SA]]
+; CHECK: = fdiv float
+; CHECK: store i32 %[[SC]], i32* {{.*}}@__msan_retval_tls
+; CHECK: ret float
 
 ; Check that we propagate shadow for x<0, x>=0, etc (i.e. sign bit tests)