Commit 17df5ed9 authored by Matthew Dempsky's avatar Matthew Dempsky

cmd/compile: insert instrumentation during SSA building

Insert appropriate race/msan calls before each memory operation during
SSA construction.

This is conceptually simple, but subtle because we need to be careful
that inserted instrumentation calls don't clobber arguments that are
currently being prepared for a user function call.

reorder1 already handles introducing temporary variables for arguments
in some cases. This CL changes it to use them for all arguments when
instrumenting.

Also, we can't SSA struct types with more than one field while
instrumenting. Otherwise, concurrent uses of disjoint fields within an
SSA-able struct can introduce false races.

This is both somewhat better and somewhat worse than the old racewalk
instrumentation pass. We're now able to easily recognize cases like
constructing non-escaping closures on the stack or accessing closure
variables don't need instrumentation calls. On the other hand,
spilling escaping parameters to the heap now results in an
instrumentation call.

Overall, this CL results in a small net reduction in the number of
instrumentation calls, but a small net increase in binary size for
instrumented executables. cmd/go ends up with 5.6% fewer calls, but a
2.4% larger binary.

Fixes #19054.

Change-Id: I70d1dd32ad6340e6fdb691e6d5a01452f58e97f3
Reviewed-on: https://go-review.googlesource.com/102817Reviewed-by: 's avatarCherry Zhang <cherryyz@google.com>
parent 31700b83
......@@ -298,6 +298,12 @@ var (
gcWriteBarrier,
typedmemmove,
typedmemclr,
raceread,
racewrite,
racereadrange,
racewriterange,
msanread,
msanwrite,
Udiv *obj.LSym
// GO386=387
......
This diff is collapsed.
......@@ -74,6 +74,12 @@ func initssaconfig() {
gcWriteBarrier = sysfunc("gcWriteBarrier")
typedmemmove = sysfunc("typedmemmove")
typedmemclr = sysfunc("typedmemclr")
raceread = sysfunc("raceread")
racewrite = sysfunc("racewrite")
racereadrange = sysfunc("racereadrange")
racewriterange = sysfunc("racewriterange")
msanread = sysfunc("msanread")
msanwrite = sysfunc("msanwrite")
Udiv = sysfunc("udiv")
// GO386=387 runtime functions
......@@ -567,7 +573,62 @@ func (s *state) newValueOrSfCall2(op ssa.Op, t *types.Type, arg0, arg1 *ssa.Valu
return s.newValue2(op, t, arg0, arg1)
}
func (s *state) instrument(t *types.Type, addr *ssa.Value, wr bool) {
if !s.curfn.Func.InstrumentBody() {
return
}
w := t.Size()
if w == 0 {
return // can't race on zero-sized things
}
if ssa.IsSanitizerSafeAddr(addr) {
return
}
var fn *obj.LSym
needWidth := false
if flag_msan {
fn = msanread
if wr {
fn = msanwrite
}
needWidth = true
} else if flag_race && t.NumComponents(types.CountBlankFields) > 1 {
// for composite objects we have to write every address
// because a write might happen to any subobject.
// composites with only one element don't have subobjects, though.
fn = racereadrange
if wr {
fn = racewriterange
}
needWidth = true
} else if flag_race {
// for non-composite objects we can write just the start
// address, as any write must write the first byte.
fn = raceread
if wr {
fn = racewrite
}
} else {
panic("unreachable")
}
args := []*ssa.Value{addr}
if needWidth {
args = append(args, s.constInt(types.Types[TUINTPTR], w))
}
s.rtcall(fn, true, nil, args...)
}
func (s *state) load(t *types.Type, src *ssa.Value) *ssa.Value {
s.instrument(t, src, false)
return s.rawLoad(t, src)
}
func (s *state) rawLoad(t *types.Type, src *ssa.Value) *ssa.Value {
return s.newValue2(ssa.OpLoad, t, src, s.mem())
}
......@@ -576,12 +637,15 @@ func (s *state) store(t *types.Type, dst, val *ssa.Value) {
}
func (s *state) zero(t *types.Type, dst *ssa.Value) {
s.instrument(t, dst, true)
store := s.newValue2I(ssa.OpZero, types.TypeMem, t.Size(), dst, s.mem())
store.Aux = t
s.vars[&memVar] = store
}
func (s *state) move(t *types.Type, dst, src *ssa.Value) {
s.instrument(t, src, false)
s.instrument(t, dst, true)
store := s.newValue3I(ssa.OpMove, types.TypeMem, t.Size(), dst, src, s.mem())
store.Aux = t
s.vars[&memVar] = store
......@@ -3431,7 +3495,12 @@ func (s *state) call(n *Node, k callKind) *ssa.Value {
case k == callGo:
call = s.newValue1A(ssa.OpStaticCall, types.TypeMem, Newproc, s.mem())
case closure != nil:
codeptr = s.load(types.Types[TUINTPTR], closure)
// rawLoad because loading the code pointer from a
// closure is always safe, but IsSanitizerSafeAddr
// can't always figure that out currently, and it's
// critical that we not clobber any arguments already
// stored onto the stack.
codeptr = s.rawLoad(types.Types[TUINTPTR], closure)
call = s.newValue3(ssa.OpClosureCall, types.TypeMem, codeptr, closure, s.mem())
case codeptr != nil:
call = s.newValue2(ssa.OpInterCall, types.TypeMem, codeptr, s.mem())
......@@ -3643,6 +3712,14 @@ func canSSAType(t *types.Type) bool {
}
return false
case TSTRUCT:
// When instrumenting, don't SSA structs with more
// than one field. Otherwise, an access like "x.f" may
// be compiled into a full load of x, which can
// introduce false dependencies on other "x.g" fields.
if instrumenting && t.NumFields() > 1 {
return false
}
if t.NumFields() > ssa.MaxStruct {
return false
}
......@@ -3795,8 +3872,10 @@ func (s *state) rtcall(fn *obj.LSym, returns bool, results []*types.Type, args .
return res
}
/// do *left = right for type t.
// do *left = right for type t.
func (s *state) storeType(t *types.Type, left, right *ssa.Value, skip skipMask, leftIsStmt bool) {
s.instrument(t, left, true)
if skip == 0 && (!types.Haspointers(t) || ssa.IsStackAddr(left)) {
// Known to not have write barrier. Store the whole type.
s.vars[&memVar] = s.newValue3Apos(ssa.OpStore, types.TypeMem, t, left, right, s.mem(), leftIsStmt)
......
......@@ -532,6 +532,7 @@ const (
funcNilCheckDisabled // disable nil checks when compiling this function
funcInlinabilityChecked // inliner has already determined whether the function is inlinable
funcExportInline // include inline body in export data
funcInstrumentBody // add race/msan instrumentation during SSA construction
)
func (f *Func) Dupok() bool { return f.flags&funcDupok != 0 }
......@@ -543,6 +544,7 @@ func (f *Func) HasDefer() bool { return f.flags&funcHasDefer != 0 }
func (f *Func) NilCheckDisabled() bool { return f.flags&funcNilCheckDisabled != 0 }
func (f *Func) InlinabilityChecked() bool { return f.flags&funcInlinabilityChecked != 0 }
func (f *Func) ExportInline() bool { return f.flags&funcExportInline != 0 }
func (f *Func) InstrumentBody() bool { return f.flags&funcInstrumentBody != 0 }
func (f *Func) SetDupok(b bool) { f.flags.set(funcDupok, b) }
func (f *Func) SetWrapper(b bool) { f.flags.set(funcWrapper, b) }
......@@ -553,6 +555,7 @@ func (f *Func) SetHasDefer(b bool) { f.flags.set(funcHasDefer, b) }
func (f *Func) SetNilCheckDisabled(b bool) { f.flags.set(funcNilCheckDisabled, b) }
func (f *Func) SetInlinabilityChecked(b bool) { f.flags.set(funcInlinabilityChecked, b) }
func (f *Func) SetExportInline(b bool) { f.flags.set(funcExportInline, b) }
func (f *Func) SetInstrumentBody(b bool) { f.flags.set(funcInstrumentBody, b) }
func (f *Func) setWBPos(pos src.XPos) {
if Debug_wb != 0 {
......
......@@ -2288,11 +2288,16 @@ func convas(n *Node, init *Nodes) *Node {
// then it is done first. otherwise must
// make temp variables
func reorder1(all []*Node) []*Node {
// When instrumenting, force all arguments into temporary
// variables to prevent instrumentation calls from clobbering
// arguments already on the stack.
funcCalls := 0
if !instrumenting {
if len(all) == 1 {
return all
}
funcCalls := 0
for _, n := range all {
updateHasCall(n)
if n.HasCall() {
......@@ -2302,12 +2307,14 @@ func reorder1(all []*Node) []*Node {
if funcCalls == 0 {
return all
}
}
var g []*Node // fncalls assigned to tempnames
var f *Node // last fncall assigned to stack
var r []*Node // non fncalls and tempnames assigned to stack
d := 0
for _, n := range all {
if !instrumenting {
if !n.HasCall() {
r = append(r, n)
continue
......@@ -2318,6 +2325,7 @@ func reorder1(all []*Node) []*Node {
f = n
continue
}
}
// make assignment of fncall to tempname
a := temp(n.Right.Type)
......
......@@ -8,6 +8,7 @@ import (
"cmd/compile/internal/types"
"cmd/internal/obj"
"cmd/internal/src"
"strings"
)
// needwb returns whether we need write barrier for store op v.
......@@ -348,6 +349,39 @@ func IsStackAddr(v *Value) bool {
return false
}
// IsSanitizerSafeAddr reports whether v is known to be an address
// that doesn't need instrumentation.
func IsSanitizerSafeAddr(v *Value) bool {
for v.Op == OpOffPtr || v.Op == OpAddPtr || v.Op == OpPtrIndex || v.Op == OpCopy {
v = v.Args[0]
}
switch v.Op {
case OpSP:
// Stack addresses are always safe.
return true
case OpITab, OpStringPtr, OpGetClosurePtr:
// Itabs, string data, and closure fields are
// read-only once initialized.
return true
case OpAddr:
switch v.Args[0].Op {
case OpSP:
return true
case OpSB:
sym := v.Aux.(*obj.LSym)
// TODO(mdempsky): Find a cleaner way to
// detect this. It would be nice if we could
// test sym.Type==objabi.SRODATA, but we don't
// initialize sym.Type until after function
// compilation.
if strings.HasPrefix(sym.Name, `"".statictmp_`) {
return true
}
}
}
return false
}
// isVolatile returns whether v is a pointer to argument region on stack which
// will be clobbered by a function call.
func isVolatile(v *Value) bool {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment