nikic added a comment.
Okay, I managed to reproduce this using the instructions from
https://github.com/google/sanitizers/wiki/MemorySanitizerBootstrappingClang.
Reduced to these two variants for `-passes=msan`:
target triple = "x86_64-unknown-linux-gnu"
define void @test(i8* %p, i32* byval(i32) %p2) {
%p2.i8 = bitcast i32* %p2 to i8*
call void @llvm.memcpy.p0i8.p0i8.i64(i8* %p, i8* %p2.i8, i64 4, i1 false)
ret void
}
declare void @llvm.memcpy.p0i8.p0i8.i64(i8*, i8*, i64, i1)
target triple = "x86_64-unknown-linux-gnu"
define void @test(ptr %p, ptr byval(i32) %p2) {
call void @llvm.memcpy.p0.p0.i64(i8* %p, i8* %p2, i64 4, i1 false)
ret void
}
declare void @llvm.memcpy.p0.p0.i64(i8*, i8*, i64, i1)
The second one does not initialize the shadow for the byval argument.
With typed pointers, this happens because a bitcast is present, which will
attempt to fetch the shadow
(https://github.com/llvm/llvm-project/blob/e810d558093cff40caaa1aff24d289c76c59916d/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp#L2050).
While a plain memcpy does not attempt to fetch the shadow
(https://github.com/llvm/llvm-project/blob/e810d558093cff40caaa1aff24d289c76c59916d/llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp#L2586).
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D123300/new/
https://reviews.llvm.org/D123300
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
