1 //===- MemProfiler.cpp - memory allocation and access profiler ------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file is a part of MemProfiler. Memory accesses are instrumented
10 // to increment the access count held in a shadow memory location, or
11 // alternatively to call into the runtime. Memory intrinsic calls (memmove,
12 // memcpy, memset) are changed to call the memory profiling runtime version
13 // instead.
14 //
15 //===----------------------------------------------------------------------===//
16
17 #include "llvm/Transforms/Instrumentation/MemProfiler.h"
18 #include "llvm/ADT/SmallVector.h"
19 #include "llvm/ADT/Statistic.h"
20 #include "llvm/ADT/StringRef.h"
21 #include "llvm/ADT/Triple.h"
22 #include "llvm/IR/Constant.h"
23 #include "llvm/IR/DataLayout.h"
24 #include "llvm/IR/Function.h"
25 #include "llvm/IR/GlobalValue.h"
26 #include "llvm/IR/IRBuilder.h"
27 #include "llvm/IR/Instruction.h"
28 #include "llvm/IR/LLVMContext.h"
29 #include "llvm/IR/Module.h"
30 #include "llvm/IR/Type.h"
31 #include "llvm/IR/Value.h"
32 #include "llvm/InitializePasses.h"
33 #include "llvm/Pass.h"
34 #include "llvm/Support/CommandLine.h"
35 #include "llvm/Support/Debug.h"
36 #include "llvm/Transforms/Instrumentation.h"
37 #include "llvm/Transforms/Utils/BasicBlockUtils.h"
38 #include "llvm/Transforms/Utils/ModuleUtils.h"
39
40 using namespace llvm;
41
42 #define DEBUG_TYPE "memprof"
43
44 constexpr int LLVM_MEM_PROFILER_VERSION = 1;
45
46 // Size of memory mapped to a single shadow location.
47 constexpr uint64_t DefaultShadowGranularity = 64;
48
49 // Scale from granularity down to shadow size.
50 constexpr uint64_t DefaultShadowScale = 3;
51
52 constexpr char MemProfModuleCtorName[] = "memprof.module_ctor";
53 constexpr uint64_t MemProfCtorAndDtorPriority = 1;
54 // On Emscripten, the system needs more than one priorities for constructors.
55 constexpr uint64_t MemProfEmscriptenCtorAndDtorPriority = 50;
56 constexpr char MemProfInitName[] = "__memprof_init";
57 constexpr char MemProfVersionCheckNamePrefix[] =
58 "__memprof_version_mismatch_check_v";
59
60 constexpr char MemProfShadowMemoryDynamicAddress[] =
61 "__memprof_shadow_memory_dynamic_address";
62
63 constexpr char MemProfFilenameVar[] = "__memprof_profile_filename";
64
65 // Command-line flags.
66
67 static cl::opt<bool> ClInsertVersionCheck(
68 "memprof-guard-against-version-mismatch",
69 cl::desc("Guard against compiler/runtime version mismatch."), cl::Hidden,
70 cl::init(true));
71
72 // This flag may need to be replaced with -f[no-]memprof-reads.
73 static cl::opt<bool> ClInstrumentReads("memprof-instrument-reads",
74 cl::desc("instrument read instructions"),
75 cl::Hidden, cl::init(true));
76
77 static cl::opt<bool>
78 ClInstrumentWrites("memprof-instrument-writes",
79 cl::desc("instrument write instructions"), cl::Hidden,
80 cl::init(true));
81
82 static cl::opt<bool> ClInstrumentAtomics(
83 "memprof-instrument-atomics",
84 cl::desc("instrument atomic instructions (rmw, cmpxchg)"), cl::Hidden,
85 cl::init(true));
86
87 static cl::opt<bool> ClUseCalls(
88 "memprof-use-callbacks",
89 cl::desc("Use callbacks instead of inline instrumentation sequences."),
90 cl::Hidden, cl::init(false));
91
92 static cl::opt<std::string>
93 ClMemoryAccessCallbackPrefix("memprof-memory-access-callback-prefix",
94 cl::desc("Prefix for memory access callbacks"),
95 cl::Hidden, cl::init("__memprof_"));
96
97 // These flags allow to change the shadow mapping.
98 // The shadow mapping looks like
99 // Shadow = ((Mem & mask) >> scale) + offset
100
101 static cl::opt<int> ClMappingScale("memprof-mapping-scale",
102 cl::desc("scale of memprof shadow mapping"),
103 cl::Hidden, cl::init(DefaultShadowScale));
104
105 static cl::opt<int>
106 ClMappingGranularity("memprof-mapping-granularity",
107 cl::desc("granularity of memprof shadow mapping"),
108 cl::Hidden, cl::init(DefaultShadowGranularity));
109
110 // Debug flags.
111
112 static cl::opt<int> ClDebug("memprof-debug", cl::desc("debug"), cl::Hidden,
113 cl::init(0));
114
115 static cl::opt<std::string> ClDebugFunc("memprof-debug-func", cl::Hidden,
116 cl::desc("Debug func"));
117
118 static cl::opt<int> ClDebugMin("memprof-debug-min", cl::desc("Debug min inst"),
119 cl::Hidden, cl::init(-1));
120
121 static cl::opt<int> ClDebugMax("memprof-debug-max", cl::desc("Debug max inst"),
122 cl::Hidden, cl::init(-1));
123
124 STATISTIC(NumInstrumentedReads, "Number of instrumented reads");
125 STATISTIC(NumInstrumentedWrites, "Number of instrumented writes");
126
127 namespace {
128
129 /// This struct defines the shadow mapping using the rule:
130 /// shadow = ((mem & mask) >> Scale) ADD DynamicShadowOffset.
131 struct ShadowMapping {
ShadowMapping__anon4d3216030111::ShadowMapping132 ShadowMapping() {
133 Scale = ClMappingScale;
134 Granularity = ClMappingGranularity;
135 Mask = ~(Granularity - 1);
136 }
137
138 int Scale;
139 int Granularity;
140 uint64_t Mask; // Computed as ~(Granularity-1)
141 };
142
getCtorAndDtorPriority(Triple & TargetTriple)143 static uint64_t getCtorAndDtorPriority(Triple &TargetTriple) {
144 return TargetTriple.isOSEmscripten() ? MemProfEmscriptenCtorAndDtorPriority
145 : MemProfCtorAndDtorPriority;
146 }
147
148 struct InterestingMemoryAccess {
149 Value *Addr = nullptr;
150 bool IsWrite;
151 unsigned Alignment;
152 uint64_t TypeSize;
153 Value *MaybeMask = nullptr;
154 };
155
156 /// Instrument the code in module to profile memory accesses.
157 class MemProfiler {
158 public:
MemProfiler(Module & M)159 MemProfiler(Module &M) {
160 C = &(M.getContext());
161 LongSize = M.getDataLayout().getPointerSizeInBits();
162 IntptrTy = Type::getIntNTy(*C, LongSize);
163 }
164
165 /// If it is an interesting memory access, populate information
166 /// about the access and return a InterestingMemoryAccess struct.
167 /// Otherwise return None.
168 Optional<InterestingMemoryAccess>
169 isInterestingMemoryAccess(Instruction *I) const;
170
171 void instrumentMop(Instruction *I, const DataLayout &DL,
172 InterestingMemoryAccess &Access);
173 void instrumentAddress(Instruction *OrigIns, Instruction *InsertBefore,
174 Value *Addr, uint32_t TypeSize, bool IsWrite);
175 void instrumentMaskedLoadOrStore(const DataLayout &DL, Value *Mask,
176 Instruction *I, Value *Addr,
177 unsigned Alignment, uint32_t TypeSize,
178 bool IsWrite);
179 void instrumentMemIntrinsic(MemIntrinsic *MI);
180 Value *memToShadow(Value *Shadow, IRBuilder<> &IRB);
181 bool instrumentFunction(Function &F);
182 bool maybeInsertMemProfInitAtFunctionEntry(Function &F);
183 bool insertDynamicShadowAtFunctionEntry(Function &F);
184
185 private:
186 void initializeCallbacks(Module &M);
187
188 LLVMContext *C;
189 int LongSize;
190 Type *IntptrTy;
191 ShadowMapping Mapping;
192
193 // These arrays is indexed by AccessIsWrite
194 FunctionCallee MemProfMemoryAccessCallback[2];
195 FunctionCallee MemProfMemoryAccessCallbackSized[2];
196
197 FunctionCallee MemProfMemmove, MemProfMemcpy, MemProfMemset;
198 Value *DynamicShadowOffset = nullptr;
199 };
200
201 class MemProfilerLegacyPass : public FunctionPass {
202 public:
203 static char ID;
204
MemProfilerLegacyPass()205 explicit MemProfilerLegacyPass() : FunctionPass(ID) {
206 initializeMemProfilerLegacyPassPass(*PassRegistry::getPassRegistry());
207 }
208
getPassName() const209 StringRef getPassName() const override { return "MemProfilerFunctionPass"; }
210
runOnFunction(Function & F)211 bool runOnFunction(Function &F) override {
212 MemProfiler Profiler(*F.getParent());
213 return Profiler.instrumentFunction(F);
214 }
215 };
216
217 class ModuleMemProfiler {
218 public:
ModuleMemProfiler(Module & M)219 ModuleMemProfiler(Module &M) { TargetTriple = Triple(M.getTargetTriple()); }
220
221 bool instrumentModule(Module &);
222
223 private:
224 Triple TargetTriple;
225 ShadowMapping Mapping;
226 Function *MemProfCtorFunction = nullptr;
227 };
228
229 class ModuleMemProfilerLegacyPass : public ModulePass {
230 public:
231 static char ID;
232
ModuleMemProfilerLegacyPass()233 explicit ModuleMemProfilerLegacyPass() : ModulePass(ID) {
234 initializeModuleMemProfilerLegacyPassPass(*PassRegistry::getPassRegistry());
235 }
236
getPassName() const237 StringRef getPassName() const override { return "ModuleMemProfiler"; }
238
getAnalysisUsage(AnalysisUsage & AU) const239 void getAnalysisUsage(AnalysisUsage &AU) const override {}
240
runOnModule(Module & M)241 bool runOnModule(Module &M) override {
242 ModuleMemProfiler MemProfiler(M);
243 return MemProfiler.instrumentModule(M);
244 }
245 };
246
247 } // end anonymous namespace
248
MemProfilerPass()249 MemProfilerPass::MemProfilerPass() {}
250
run(Function & F,AnalysisManager<Function> & AM)251 PreservedAnalyses MemProfilerPass::run(Function &F,
252 AnalysisManager<Function> &AM) {
253 Module &M = *F.getParent();
254 MemProfiler Profiler(M);
255 if (Profiler.instrumentFunction(F))
256 return PreservedAnalyses::none();
257 return PreservedAnalyses::all();
258
259 return PreservedAnalyses::all();
260 }
261
ModuleMemProfilerPass()262 ModuleMemProfilerPass::ModuleMemProfilerPass() {}
263
run(Module & M,AnalysisManager<Module> & AM)264 PreservedAnalyses ModuleMemProfilerPass::run(Module &M,
265 AnalysisManager<Module> &AM) {
266 ModuleMemProfiler Profiler(M);
267 if (Profiler.instrumentModule(M))
268 return PreservedAnalyses::none();
269 return PreservedAnalyses::all();
270 }
271
272 char MemProfilerLegacyPass::ID = 0;
273
274 INITIALIZE_PASS_BEGIN(MemProfilerLegacyPass, "memprof",
275 "MemProfiler: profile memory allocations and accesses.",
276 false, false)
277 INITIALIZE_PASS_END(MemProfilerLegacyPass, "memprof",
278 "MemProfiler: profile memory allocations and accesses.",
279 false, false)
280
createMemProfilerFunctionPass()281 FunctionPass *llvm::createMemProfilerFunctionPass() {
282 return new MemProfilerLegacyPass();
283 }
284
285 char ModuleMemProfilerLegacyPass::ID = 0;
286
287 INITIALIZE_PASS(ModuleMemProfilerLegacyPass, "memprof-module",
288 "MemProfiler: profile memory allocations and accesses."
289 "ModulePass",
290 false, false)
291
createModuleMemProfilerLegacyPassPass()292 ModulePass *llvm::createModuleMemProfilerLegacyPassPass() {
293 return new ModuleMemProfilerLegacyPass();
294 }
295
memToShadow(Value * Shadow,IRBuilder<> & IRB)296 Value *MemProfiler::memToShadow(Value *Shadow, IRBuilder<> &IRB) {
297 // (Shadow & mask) >> scale
298 Shadow = IRB.CreateAnd(Shadow, Mapping.Mask);
299 Shadow = IRB.CreateLShr(Shadow, Mapping.Scale);
300 // (Shadow >> scale) | offset
301 assert(DynamicShadowOffset);
302 return IRB.CreateAdd(Shadow, DynamicShadowOffset);
303 }
304
305 // Instrument memset/memmove/memcpy
instrumentMemIntrinsic(MemIntrinsic * MI)306 void MemProfiler::instrumentMemIntrinsic(MemIntrinsic *MI) {
307 IRBuilder<> IRB(MI);
308 if (isa<MemTransferInst>(MI)) {
309 IRB.CreateCall(
310 isa<MemMoveInst>(MI) ? MemProfMemmove : MemProfMemcpy,
311 {IRB.CreatePointerCast(MI->getOperand(0), IRB.getInt8PtrTy()),
312 IRB.CreatePointerCast(MI->getOperand(1), IRB.getInt8PtrTy()),
313 IRB.CreateIntCast(MI->getOperand(2), IntptrTy, false)});
314 } else if (isa<MemSetInst>(MI)) {
315 IRB.CreateCall(
316 MemProfMemset,
317 {IRB.CreatePointerCast(MI->getOperand(0), IRB.getInt8PtrTy()),
318 IRB.CreateIntCast(MI->getOperand(1), IRB.getInt32Ty(), false),
319 IRB.CreateIntCast(MI->getOperand(2), IntptrTy, false)});
320 }
321 MI->eraseFromParent();
322 }
323
324 Optional<InterestingMemoryAccess>
isInterestingMemoryAccess(Instruction * I) const325 MemProfiler::isInterestingMemoryAccess(Instruction *I) const {
326 // Do not instrument the load fetching the dynamic shadow address.
327 if (DynamicShadowOffset == I)
328 return None;
329
330 InterestingMemoryAccess Access;
331
332 const DataLayout &DL = I->getModule()->getDataLayout();
333 if (LoadInst *LI = dyn_cast<LoadInst>(I)) {
334 if (!ClInstrumentReads)
335 return None;
336 Access.IsWrite = false;
337 Access.TypeSize = DL.getTypeStoreSizeInBits(LI->getType());
338 Access.Alignment = LI->getAlignment();
339 Access.Addr = LI->getPointerOperand();
340 } else if (StoreInst *SI = dyn_cast<StoreInst>(I)) {
341 if (!ClInstrumentWrites)
342 return None;
343 Access.IsWrite = true;
344 Access.TypeSize =
345 DL.getTypeStoreSizeInBits(SI->getValueOperand()->getType());
346 Access.Alignment = SI->getAlignment();
347 Access.Addr = SI->getPointerOperand();
348 } else if (AtomicRMWInst *RMW = dyn_cast<AtomicRMWInst>(I)) {
349 if (!ClInstrumentAtomics)
350 return None;
351 Access.IsWrite = true;
352 Access.TypeSize =
353 DL.getTypeStoreSizeInBits(RMW->getValOperand()->getType());
354 Access.Alignment = 0;
355 Access.Addr = RMW->getPointerOperand();
356 } else if (AtomicCmpXchgInst *XCHG = dyn_cast<AtomicCmpXchgInst>(I)) {
357 if (!ClInstrumentAtomics)
358 return None;
359 Access.IsWrite = true;
360 Access.TypeSize =
361 DL.getTypeStoreSizeInBits(XCHG->getCompareOperand()->getType());
362 Access.Alignment = 0;
363 Access.Addr = XCHG->getPointerOperand();
364 } else if (auto *CI = dyn_cast<CallInst>(I)) {
365 auto *F = CI->getCalledFunction();
366 if (F && (F->getIntrinsicID() == Intrinsic::masked_load ||
367 F->getIntrinsicID() == Intrinsic::masked_store)) {
368 unsigned OpOffset = 0;
369 if (F->getIntrinsicID() == Intrinsic::masked_store) {
370 if (!ClInstrumentWrites)
371 return None;
372 // Masked store has an initial operand for the value.
373 OpOffset = 1;
374 Access.IsWrite = true;
375 } else {
376 if (!ClInstrumentReads)
377 return None;
378 Access.IsWrite = false;
379 }
380
381 auto *BasePtr = CI->getOperand(0 + OpOffset);
382 auto *Ty = cast<PointerType>(BasePtr->getType())->getElementType();
383 Access.TypeSize = DL.getTypeStoreSizeInBits(Ty);
384 if (auto *AlignmentConstant =
385 dyn_cast<ConstantInt>(CI->getOperand(1 + OpOffset)))
386 Access.Alignment = (unsigned)AlignmentConstant->getZExtValue();
387 else
388 Access.Alignment = 1; // No alignment guarantees. We probably got Undef
389 Access.MaybeMask = CI->getOperand(2 + OpOffset);
390 Access.Addr = BasePtr;
391 }
392 }
393
394 if (!Access.Addr)
395 return None;
396
397 // Do not instrument acesses from different address spaces; we cannot deal
398 // with them.
399 Type *PtrTy = cast<PointerType>(Access.Addr->getType()->getScalarType());
400 if (PtrTy->getPointerAddressSpace() != 0)
401 return None;
402
403 // Ignore swifterror addresses.
404 // swifterror memory addresses are mem2reg promoted by instruction
405 // selection. As such they cannot have regular uses like an instrumentation
406 // function and it makes no sense to track them as memory.
407 if (Access.Addr->isSwiftError())
408 return None;
409
410 return Access;
411 }
412
instrumentMaskedLoadOrStore(const DataLayout & DL,Value * Mask,Instruction * I,Value * Addr,unsigned Alignment,uint32_t TypeSize,bool IsWrite)413 void MemProfiler::instrumentMaskedLoadOrStore(const DataLayout &DL, Value *Mask,
414 Instruction *I, Value *Addr,
415 unsigned Alignment,
416 uint32_t TypeSize, bool IsWrite) {
417 auto *VTy = cast<FixedVectorType>(
418 cast<PointerType>(Addr->getType())->getElementType());
419 uint64_t ElemTypeSize = DL.getTypeStoreSizeInBits(VTy->getScalarType());
420 unsigned Num = VTy->getNumElements();
421 auto *Zero = ConstantInt::get(IntptrTy, 0);
422 for (unsigned Idx = 0; Idx < Num; ++Idx) {
423 Value *InstrumentedAddress = nullptr;
424 Instruction *InsertBefore = I;
425 if (auto *Vector = dyn_cast<ConstantVector>(Mask)) {
426 // dyn_cast as we might get UndefValue
427 if (auto *Masked = dyn_cast<ConstantInt>(Vector->getOperand(Idx))) {
428 if (Masked->isZero())
429 // Mask is constant false, so no instrumentation needed.
430 continue;
431 // If we have a true or undef value, fall through to instrumentAddress.
432 // with InsertBefore == I
433 }
434 } else {
435 IRBuilder<> IRB(I);
436 Value *MaskElem = IRB.CreateExtractElement(Mask, Idx);
437 Instruction *ThenTerm = SplitBlockAndInsertIfThen(MaskElem, I, false);
438 InsertBefore = ThenTerm;
439 }
440
441 IRBuilder<> IRB(InsertBefore);
442 InstrumentedAddress =
443 IRB.CreateGEP(VTy, Addr, {Zero, ConstantInt::get(IntptrTy, Idx)});
444 instrumentAddress(I, InsertBefore, InstrumentedAddress, ElemTypeSize,
445 IsWrite);
446 }
447 }
448
instrumentMop(Instruction * I,const DataLayout & DL,InterestingMemoryAccess & Access)449 void MemProfiler::instrumentMop(Instruction *I, const DataLayout &DL,
450 InterestingMemoryAccess &Access) {
451 if (Access.IsWrite)
452 NumInstrumentedWrites++;
453 else
454 NumInstrumentedReads++;
455
456 if (Access.MaybeMask) {
457 instrumentMaskedLoadOrStore(DL, Access.MaybeMask, I, Access.Addr,
458 Access.Alignment, Access.TypeSize,
459 Access.IsWrite);
460 } else {
461 // Since the access counts will be accumulated across the entire allocation,
462 // we only update the shadow access count for the first location and thus
463 // don't need to worry about alignment and type size.
464 instrumentAddress(I, I, Access.Addr, Access.TypeSize, Access.IsWrite);
465 }
466 }
467
instrumentAddress(Instruction * OrigIns,Instruction * InsertBefore,Value * Addr,uint32_t TypeSize,bool IsWrite)468 void MemProfiler::instrumentAddress(Instruction *OrigIns,
469 Instruction *InsertBefore, Value *Addr,
470 uint32_t TypeSize, bool IsWrite) {
471 IRBuilder<> IRB(InsertBefore);
472 Value *AddrLong = IRB.CreatePointerCast(Addr, IntptrTy);
473
474 if (ClUseCalls) {
475 IRB.CreateCall(MemProfMemoryAccessCallback[IsWrite], AddrLong);
476 return;
477 }
478
479 // Create an inline sequence to compute shadow location, and increment the
480 // value by one.
481 Type *ShadowTy = Type::getInt64Ty(*C);
482 Type *ShadowPtrTy = PointerType::get(ShadowTy, 0);
483 Value *ShadowPtr = memToShadow(AddrLong, IRB);
484 Value *ShadowAddr = IRB.CreateIntToPtr(ShadowPtr, ShadowPtrTy);
485 Value *ShadowValue = IRB.CreateLoad(ShadowTy, ShadowAddr);
486 Value *Inc = ConstantInt::get(Type::getInt64Ty(*C), 1);
487 ShadowValue = IRB.CreateAdd(ShadowValue, Inc);
488 IRB.CreateStore(ShadowValue, ShadowAddr);
489 }
490
491 // Create the variable for the profile file name.
createProfileFileNameVar(Module & M)492 void createProfileFileNameVar(Module &M) {
493 const MDString *MemProfFilename =
494 dyn_cast_or_null<MDString>(M.getModuleFlag("MemProfProfileFilename"));
495 if (!MemProfFilename)
496 return;
497 assert(!MemProfFilename->getString().empty() &&
498 "Unexpected MemProfProfileFilename metadata with empty string");
499 Constant *ProfileNameConst = ConstantDataArray::getString(
500 M.getContext(), MemProfFilename->getString(), true);
501 GlobalVariable *ProfileNameVar = new GlobalVariable(
502 M, ProfileNameConst->getType(), /*isConstant=*/true,
503 GlobalValue::WeakAnyLinkage, ProfileNameConst, MemProfFilenameVar);
504 Triple TT(M.getTargetTriple());
505 if (TT.supportsCOMDAT()) {
506 ProfileNameVar->setLinkage(GlobalValue::ExternalLinkage);
507 ProfileNameVar->setComdat(M.getOrInsertComdat(MemProfFilenameVar));
508 }
509 }
510
instrumentModule(Module & M)511 bool ModuleMemProfiler::instrumentModule(Module &M) {
512 // Create a module constructor.
513 std::string MemProfVersion = std::to_string(LLVM_MEM_PROFILER_VERSION);
514 std::string VersionCheckName =
515 ClInsertVersionCheck ? (MemProfVersionCheckNamePrefix + MemProfVersion)
516 : "";
517 std::tie(MemProfCtorFunction, std::ignore) =
518 createSanitizerCtorAndInitFunctions(M, MemProfModuleCtorName,
519 MemProfInitName, /*InitArgTypes=*/{},
520 /*InitArgs=*/{}, VersionCheckName);
521
522 const uint64_t Priority = getCtorAndDtorPriority(TargetTriple);
523 appendToGlobalCtors(M, MemProfCtorFunction, Priority);
524
525 createProfileFileNameVar(M);
526
527 return true;
528 }
529
initializeCallbacks(Module & M)530 void MemProfiler::initializeCallbacks(Module &M) {
531 IRBuilder<> IRB(*C);
532
533 for (size_t AccessIsWrite = 0; AccessIsWrite <= 1; AccessIsWrite++) {
534 const std::string TypeStr = AccessIsWrite ? "store" : "load";
535
536 SmallVector<Type *, 3> Args2 = {IntptrTy, IntptrTy};
537 SmallVector<Type *, 2> Args1{1, IntptrTy};
538 MemProfMemoryAccessCallbackSized[AccessIsWrite] =
539 M.getOrInsertFunction(ClMemoryAccessCallbackPrefix + TypeStr + "N",
540 FunctionType::get(IRB.getVoidTy(), Args2, false));
541
542 MemProfMemoryAccessCallback[AccessIsWrite] =
543 M.getOrInsertFunction(ClMemoryAccessCallbackPrefix + TypeStr,
544 FunctionType::get(IRB.getVoidTy(), Args1, false));
545 }
546 MemProfMemmove = M.getOrInsertFunction(
547 ClMemoryAccessCallbackPrefix + "memmove", IRB.getInt8PtrTy(),
548 IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy);
549 MemProfMemcpy = M.getOrInsertFunction(ClMemoryAccessCallbackPrefix + "memcpy",
550 IRB.getInt8PtrTy(), IRB.getInt8PtrTy(),
551 IRB.getInt8PtrTy(), IntptrTy);
552 MemProfMemset = M.getOrInsertFunction(ClMemoryAccessCallbackPrefix + "memset",
553 IRB.getInt8PtrTy(), IRB.getInt8PtrTy(),
554 IRB.getInt32Ty(), IntptrTy);
555 }
556
maybeInsertMemProfInitAtFunctionEntry(Function & F)557 bool MemProfiler::maybeInsertMemProfInitAtFunctionEntry(Function &F) {
558 // For each NSObject descendant having a +load method, this method is invoked
559 // by the ObjC runtime before any of the static constructors is called.
560 // Therefore we need to instrument such methods with a call to __memprof_init
561 // at the beginning in order to initialize our runtime before any access to
562 // the shadow memory.
563 // We cannot just ignore these methods, because they may call other
564 // instrumented functions.
565 if (F.getName().find(" load]") != std::string::npos) {
566 FunctionCallee MemProfInitFunction =
567 declareSanitizerInitFunction(*F.getParent(), MemProfInitName, {});
568 IRBuilder<> IRB(&F.front(), F.front().begin());
569 IRB.CreateCall(MemProfInitFunction, {});
570 return true;
571 }
572 return false;
573 }
574
insertDynamicShadowAtFunctionEntry(Function & F)575 bool MemProfiler::insertDynamicShadowAtFunctionEntry(Function &F) {
576 IRBuilder<> IRB(&F.front().front());
577 Value *GlobalDynamicAddress = F.getParent()->getOrInsertGlobal(
578 MemProfShadowMemoryDynamicAddress, IntptrTy);
579 if (F.getParent()->getPICLevel() == PICLevel::NotPIC)
580 dyn_cast<GlobalVariable>(GlobalDynamicAddress)->setDSOLocal(true);
581 DynamicShadowOffset = IRB.CreateLoad(IntptrTy, GlobalDynamicAddress);
582 return true;
583 }
584
instrumentFunction(Function & F)585 bool MemProfiler::instrumentFunction(Function &F) {
586 if (F.getLinkage() == GlobalValue::AvailableExternallyLinkage)
587 return false;
588 if (ClDebugFunc == F.getName())
589 return false;
590 if (F.getName().startswith("__memprof_"))
591 return false;
592
593 bool FunctionModified = false;
594
595 // If needed, insert __memprof_init.
596 // This function needs to be called even if the function body is not
597 // instrumented.
598 if (maybeInsertMemProfInitAtFunctionEntry(F))
599 FunctionModified = true;
600
601 LLVM_DEBUG(dbgs() << "MEMPROF instrumenting:\n" << F << "\n");
602
603 initializeCallbacks(*F.getParent());
604
605 FunctionModified |= insertDynamicShadowAtFunctionEntry(F);
606
607 SmallVector<Instruction *, 16> ToInstrument;
608
609 // Fill the set of memory operations to instrument.
610 for (auto &BB : F) {
611 for (auto &Inst : BB) {
612 if (isInterestingMemoryAccess(&Inst) || isa<MemIntrinsic>(Inst))
613 ToInstrument.push_back(&Inst);
614 }
615 }
616
617 int NumInstrumented = 0;
618 for (auto *Inst : ToInstrument) {
619 if (ClDebugMin < 0 || ClDebugMax < 0 ||
620 (NumInstrumented >= ClDebugMin && NumInstrumented <= ClDebugMax)) {
621 Optional<InterestingMemoryAccess> Access =
622 isInterestingMemoryAccess(Inst);
623 if (Access)
624 instrumentMop(Inst, F.getParent()->getDataLayout(), *Access);
625 else
626 instrumentMemIntrinsic(cast<MemIntrinsic>(Inst));
627 }
628 NumInstrumented++;
629 }
630
631 if (NumInstrumented > 0)
632 FunctionModified = true;
633
634 LLVM_DEBUG(dbgs() << "MEMPROF done instrumenting: " << FunctionModified << " "
635 << F << "\n");
636
637 return FunctionModified;
638 }
639