Subzero: Replace pointers to allocation functions in stores

src/IceASanInstrumentation.cpp

@@ -365,21 +365,11 @@ void ASanInstrumentation::instrumentLoad(LoweringContext &Context,
                                          InstLoad *Instr) {
   Operand *Src = Instr->getSourceAddress();
   if (auto *Reloc = llvm::dyn_cast<ConstantRelocatable>(Src)) {
-    std::string SrcName = Reloc->getName().toStringOrEmpty();
-    assert(!SrcName.empty());
-    StringMap::const_iterator SrcSub = FuncSubstitutions.find(SrcName);
-    if (SrcSub != FuncSubstitutions.end()) {
-      auto *NewSrc = ConstantRelocatable::create(
-          Ctx, Reloc->getType(),
-          RelocatableTuple(Reloc->getOffset(), RelocOffsetArray(0),
-                           Ctx->getGlobalString(SrcSub->second),
-                           Reloc->getEmitString()));
-      auto *NewLoad = InstLoad::create(Context.getNode()->getCfg(),
-                                       Instr->getDest(), NewSrc);
-      Instr->setDeleted();
-      Context.insert(NewLoad);
-      Instr = NewLoad;
-    }
+    auto *NewLoad = InstLoad::create(Context.getNode()->getCfg(),
+                                     Instr->getDest(), instrumentReloc(Reloc));
+    Instr->setDeleted();
+    Context.insert(NewLoad);
+    Instr = NewLoad;
   }
   Constant *Func =
       Ctx->getConstantExternSym(Ctx->getGlobalString("__asan_check_load"));
@@ -389,12 +379,34 @@ void ASanInstrumentation::instrumentLoad(LoweringContext &Context,
 
 void ASanInstrumentation::instrumentStore(LoweringContext &Context,
                                           InstStore *Instr) {
+  Operand *Data = Instr->getData();
+  if (auto *Reloc = llvm::dyn_cast<ConstantRelocatable>(Data)) {
+    auto *NewStore = InstStore::create(
+        Context.getNode()->getCfg(), instrumentReloc(Reloc), Instr->getAddr());
+    Instr->setDeleted();
+    Context.insert(NewStore);
+    Instr = NewStore;
+  }
   Constant *Func =
       Ctx->getConstantExternSym(Ctx->getGlobalString("__asan_check_store"));
   instrumentAccess(Context, Instr->getAddr(),
                    typeWidthInBytes(Instr->getData()->getType()), Func);
 }
 
+ConstantRelocatable *
+ASanInstrumentation::instrumentReloc(ConstantRelocatable *Reloc) {
+  std::string DataName = Reloc->getName().toString();
+  StringMap::const_iterator DataSub = FuncSubstitutions.find(DataName);
+  if (DataSub != FuncSubstitutions.end()) {
+    return ConstantRelocatable::create(
+        Ctx, Reloc->getType(),
+        RelocatableTuple(Reloc->getOffset(), RelocOffsetArray(0),
+                         Ctx->getGlobalString(DataSub->second),
+                         Reloc->getEmitString()));
+  }
+  return Reloc;
+}
+
 void ASanInstrumentation::instrumentAccess(LoweringContext &Context,
                                            Operand *Op, SizeT Size,
                                            Constant *CheckFunc) {

src/IceASanInstrumentation.h

@@ -45,6 +45,7 @@ public:
 private:
   std::string nextRzName();
   bool isOkGlobalAccess(Operand *Op, SizeT Size);
+  ConstantRelocatable *instrumentReloc(ConstantRelocatable *Reloc);
   bool isInstrumentable(Cfg *Func) override;
   void instrumentFuncStart(LoweringContext &Context) override;
   void instrumentCall(LoweringContext &Context, InstCall *Instr) override;

tests_lit/asan_tests/localreplacement.ll

-; Test that loads of local pointers to allocation functions are instrumented
+; Test that loads of local pointers to allocation functions and stores
+; of pointers to allocation functions are instrumented.
 
 ; REQUIRES: allow_dump
 
@@ -10,16 +11,28 @@ declare external i32 @realloc(i32, i32)
 declare external i32 @calloc(i32, i32)
 declare external void @free(i32)
 
-define internal void @func() {
-  %malloc_addr = bitcast i32 (i32)* @malloc to i32*
-  %realloc_addr = bitcast i32 (i32, i32)* @realloc to i32*
-  %calloc_addr = bitcast i32 (i32, i32)* @calloc to i32*
-  %free_addr = bitcast void (i32)* @free to i32*
+define internal void @func(i32 %store_loc) {
+  %store_dest = inttoptr i32 %store_loc to i32*
 
-  %local_malloc = load i32, i32* %malloc_addr, align 1
-  %local_realloc = load i32, i32* %realloc_addr, align 1
-  %local_calloc = load i32, i32* %calloc_addr, align 1
-  %local_free = load i32, i32* %free_addr, align 1
+  %malloc_ptr = bitcast i32 (i32)* @malloc to i32*
+  %realloc_ptr = bitcast i32 (i32, i32)* @realloc to i32*
+  %calloc_ptr = bitcast i32 (i32, i32)* @calloc to i32*
+  %free_ptr = bitcast void (i32)* @free to i32*
+
+  %malloc_addr = ptrtoint i32 (i32)* @malloc to i32
+  %realloc_addr = ptrtoint i32 (i32, i32)* @realloc to i32
+  %calloc_addr = ptrtoint i32 (i32, i32)* @calloc to i32
+  %free_addr = ptrtoint void (i32)* @free to i32
+
+  store i32 %malloc_addr, i32* %store_dest, align 1
+  store i32 %realloc_addr, i32* %store_dest, align 1
+  store i32 %calloc_addr, i32* %store_dest, align 1
+  store i32 %free_addr, i32* %store_dest, align 1
+
+  %local_malloc = load i32, i32* %malloc_ptr, align 1
+  %local_realloc = load i32, i32* %realloc_ptr, align 1
+  %local_calloc = load i32, i32* %calloc_ptr, align 1
+  %local_free = load i32, i32* %free_ptr, align 1
 
   %local_mallocfunc = inttoptr i32 %local_malloc to i32 (i32)*
   %local_reallocfunc = inttoptr i32 %local_realloc to i32 (i32, i32)*
@@ -32,8 +45,13 @@ define internal void @func() {
 }
 
 ; DUMP-LABEL: ================ Instrumented CFG ================
-; DUMP-NEXT: @func() {
+; DUMP-NEXT: @func(i32 %store_loc) {
 ; DUMP-NEXT: __0:
+; DUMP-NEXT:   call void @__asan_check_store(i32 %store_loc, i32 4)
+; DUMP-NEXT:   store i32 @__asan_malloc, i32* %store_loc, align 1
+; DUMP-NEXT:   store i32 @__asan_realloc, i32* %store_loc, align 1
+; DUMP-NEXT:   store i32 @__asan_calloc, i32* %store_loc, align 1
+; DUMP-NEXT:   store i32 @__asan_free, i32* %store_loc, align 1
 ; DUMP-NEXT:   call void @__asan_check_load(i32 @__asan_malloc, i32 4)
 ; DUMP-NEXT:   %local_malloc = load i32, i32* @__asan_malloc, align 1
 ; DUMP-NEXT:   call void @__asan_check_load(i32 @__asan_realloc, i32 4)