r366123 - ARM MTE stack sanitizer.

Evgenii Stepanov via cfe-commits cfe-commits at lists.llvm.org
Tue Jul 16 14:03:05 PDT 2019


I could not reproduce this on Linux nor on Mac.
I wonder if triggering a clean build would help? I don't see a way to
do that though.

On Tue, Jul 16, 2019 at 10:50 AM Evgenii Stepanov
<eugeni.stepanov at gmail.com> wrote:
>
> Hi,
>
> thanks for letting me know! Is this reproducible on Linux? It is
> possible to extract a reproducer from the bot?
>
> On Mon, Jul 15, 2019 at 9:30 PM Amara Emerson <aemerson at apple.com> wrote:
> >
> > Hi Evgeniy,
> >
> > This commit looks like it broke the lldb bot: http://green.lab.llvm.org/green/job/lldb-cmake/31011/
> >
> > Can you take a look?
> >
> > Amara
> >
> > On Jul 15, 2019, at 1:02 PM, Evgeniy Stepanov via cfe-commits <cfe-commits at lists.llvm.org> wrote:
> >
> > Author: eugenis
> > Date: Mon Jul 15 13:02:23 2019
> > New Revision: 366123
> >
> > URL: http://llvm.org/viewvc/llvm-project?rev=366123&view=rev
> > Log:
> > ARM MTE stack sanitizer.
> >
> > Add "memtag" sanitizer that detects and mitigates stack memory issues
> > using armv8.5 Memory Tagging Extension.
> >
> > It is similar in principle to HWASan, which is a software implementation
> > of the same idea, but there are enough differencies to warrant a new
> > sanitizer type IMHO. It is also expected to have very different
> > performance properties.
> >
> > The new sanitizer does not have a runtime library (it may grow one
> > later, along with a "debugging" mode). Similar to SafeStack and
> > StackProtector, the instrumentation pass (in a follow up change) will be
> > inserted in all cases, but will only affect functions marked with the
> > new sanitize_memtag attribute.
> >
> > Reviewers: pcc, hctim, vitalybuka, ostannard
> >
> > Subscribers: srhines, mehdi_amini, javed.absar, kristof.beyls, hiraditya, cryptoad, steven_wu, dexonsmith, cfe-commits, llvm-commits
> >
> > Tags: #clang, #llvm
> >
> > Differential Revision: https://reviews.llvm.org/D64169
> >
> > Added:
> >    cfe/trunk/test/CodeGen/memtag-attr.cpp
> >    cfe/trunk/test/Lexer/has_feature_memtag_sanitizer.cpp
> > Modified:
> >    cfe/trunk/include/clang/Basic/Features.def
> >    cfe/trunk/include/clang/Basic/Sanitizers.def
> >    cfe/trunk/lib/CodeGen/CGDeclCXX.cpp
> >    cfe/trunk/lib/CodeGen/CodeGenFunction.cpp
> >    cfe/trunk/lib/CodeGen/CodeGenModule.cpp
> >    cfe/trunk/lib/CodeGen/SanitizerMetadata.cpp
> >    cfe/trunk/lib/Driver/SanitizerArgs.cpp
> >    cfe/trunk/lib/Driver/ToolChains/Linux.cpp
> >    cfe/trunk/test/Driver/fsanitize.c
> >    cfe/trunk/test/SemaCXX/attr-no-sanitize.cpp
> >
> > Modified: cfe/trunk/include/clang/Basic/Features.def
> > URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Basic/Features.def?rev=366123&r1=366122&r2=366123&view=diff
> > ==============================================================================
> > --- cfe/trunk/include/clang/Basic/Features.def (original)
> > +++ cfe/trunk/include/clang/Basic/Features.def Mon Jul 15 13:02:23 2019
> > @@ -42,6 +42,7 @@ FEATURE(address_sanitizer,
> > FEATURE(hwaddress_sanitizer,
> >         LangOpts.Sanitize.hasOneOf(SanitizerKind::HWAddress |
> >                                    SanitizerKind::KernelHWAddress))
> > +FEATURE(memtag_sanitizer, LangOpts.Sanitize.has(SanitizerKind::MemTag))
> > FEATURE(xray_instrument, LangOpts.XRayInstrument)
> > FEATURE(undefined_behavior_sanitizer,
> >         LangOpts.Sanitize.hasOneOf(SanitizerKind::Undefined))
> >
> > Modified: cfe/trunk/include/clang/Basic/Sanitizers.def
> > URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Basic/Sanitizers.def?rev=366123&r1=366122&r2=366123&view=diff
> > ==============================================================================
> > --- cfe/trunk/include/clang/Basic/Sanitizers.def (original)
> > +++ cfe/trunk/include/clang/Basic/Sanitizers.def Mon Jul 15 13:02:23 2019
> > @@ -55,6 +55,9 @@ SANITIZER("hwaddress", HWAddress)
> > // Kernel Hardware-assisted AddressSanitizer (KHWASan)
> > SANITIZER("kernel-hwaddress", KernelHWAddress)
> >
> > +// A variant of AddressSanitizer using AArch64 MTE extension.
> > +SANITIZER("memtag", MemTag)
> > +
> > // MemorySanitizer
> > SANITIZER("memory", Memory)
> >
> >
> > Modified: cfe/trunk/lib/CodeGen/CGDeclCXX.cpp
> > URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGDeclCXX.cpp?rev=366123&r1=366122&r2=366123&view=diff
> > ==============================================================================
> > --- cfe/trunk/lib/CodeGen/CGDeclCXX.cpp (original)
> > +++ cfe/trunk/lib/CodeGen/CGDeclCXX.cpp Mon Jul 15 13:02:23 2019
> > @@ -369,6 +369,10 @@ llvm::Function *CodeGenModule::CreateGlo
> >       !isInSanitizerBlacklist(SanitizerKind::KernelHWAddress, Fn, Loc))
> >     Fn->addFnAttr(llvm::Attribute::SanitizeHWAddress);
> >
> > +  if (getLangOpts().Sanitize.has(SanitizerKind::MemTag) &&
> > +      !isInSanitizerBlacklist(SanitizerKind::MemTag, Fn, Loc))
> > +    Fn->addFnAttr(llvm::Attribute::SanitizeMemTag);
> > +
> >   if (getLangOpts().Sanitize.has(SanitizerKind::Thread) &&
> >       !isInSanitizerBlacklist(SanitizerKind::Thread, Fn, Loc))
> >     Fn->addFnAttr(llvm::Attribute::SanitizeThread);
> >
> > Modified: cfe/trunk/lib/CodeGen/CodeGenFunction.cpp
> > URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CodeGenFunction.cpp?rev=366123&r1=366122&r2=366123&view=diff
> > ==============================================================================
> > --- cfe/trunk/lib/CodeGen/CodeGenFunction.cpp (original)
> > +++ cfe/trunk/lib/CodeGen/CodeGenFunction.cpp Mon Jul 15 13:02:23 2019
> > @@ -696,6 +696,8 @@ void CodeGenFunction::StartFunction(Glob
> >     Fn->addFnAttr(llvm::Attribute::SanitizeAddress);
> >   if (SanOpts.hasOneOf(SanitizerKind::HWAddress | SanitizerKind::KernelHWAddress))
> >     Fn->addFnAttr(llvm::Attribute::SanitizeHWAddress);
> > +  if (SanOpts.has(SanitizerKind::MemTag))
> > +    Fn->addFnAttr(llvm::Attribute::SanitizeMemTag);
> >   if (SanOpts.has(SanitizerKind::Thread))
> >     Fn->addFnAttr(llvm::Attribute::SanitizeThread);
> >   if (SanOpts.hasOneOf(SanitizerKind::Memory | SanitizerKind::KernelMemory))
> >
> > Modified: cfe/trunk/lib/CodeGen/CodeGenModule.cpp
> > URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CodeGenModule.cpp?rev=366123&r1=366122&r2=366123&view=diff
> > ==============================================================================
> > --- cfe/trunk/lib/CodeGen/CodeGenModule.cpp (original)
> > +++ cfe/trunk/lib/CodeGen/CodeGenModule.cpp Mon Jul 15 13:02:23 2019
> > @@ -2239,9 +2239,11 @@ bool CodeGenModule::isInSanitizerBlackli
> >                                            SourceLocation Loc, QualType Ty,
> >                                            StringRef Category) const {
> >   // For now globals can be blacklisted only in ASan and KASan.
> > -  const SanitizerMask EnabledAsanMask = LangOpts.Sanitize.Mask &
> > +  const SanitizerMask EnabledAsanMask =
> > +      LangOpts.Sanitize.Mask &
> >       (SanitizerKind::Address | SanitizerKind::KernelAddress |
> > -       SanitizerKind::HWAddress | SanitizerKind::KernelHWAddress);
> > +       SanitizerKind::HWAddress | SanitizerKind::KernelHWAddress |
> > +       SanitizerKind::MemTag);
> >   if (!EnabledAsanMask)
> >     return false;
> >   const auto &SanitizerBL = getContext().getSanitizerBlacklist();
> >
> > Modified: cfe/trunk/lib/CodeGen/SanitizerMetadata.cpp
> > URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/SanitizerMetadata.cpp?rev=366123&r1=366122&r2=366123&view=diff
> > ==============================================================================
> > --- cfe/trunk/lib/CodeGen/SanitizerMetadata.cpp (original)
> > +++ cfe/trunk/lib/CodeGen/SanitizerMetadata.cpp Mon Jul 15 13:02:23 2019
> > @@ -20,14 +20,17 @@ using namespace CodeGen;
> >
> > SanitizerMetadata::SanitizerMetadata(CodeGenModule &CGM) : CGM(CGM) {}
> >
> > +static bool isAsanHwasanOrMemTag(const SanitizerSet& SS) {
> > +  return SS.hasOneOf(SanitizerKind::Address | SanitizerKind::KernelAddress |
> > +                     SanitizerKind::HWAddress | SanitizerKind::KernelHWAddress |
> > +                     SanitizerKind::MemTag);
> > +}
> > +
> > void SanitizerMetadata::reportGlobalToASan(llvm::GlobalVariable *GV,
> >                                            SourceLocation Loc, StringRef Name,
> >                                            QualType Ty, bool IsDynInit,
> >                                            bool IsBlacklisted) {
> > -  if (!CGM.getLangOpts().Sanitize.hasOneOf(SanitizerKind::Address |
> > -                                           SanitizerKind::KernelAddress |
> > -                                           SanitizerKind::HWAddress |
> > -                                           SanitizerKind::KernelHWAddress))
> > +  if (!isAsanHwasanOrMemTag(CGM.getLangOpts().Sanitize))
> >     return;
> >   IsDynInit &= !CGM.isInSanitizerBlacklist(GV, Loc, Ty, "init");
> >   IsBlacklisted |= CGM.isInSanitizerBlacklist(GV, Loc, Ty);
> > @@ -58,10 +61,7 @@ void SanitizerMetadata::reportGlobalToAS
> >
> > void SanitizerMetadata::reportGlobalToASan(llvm::GlobalVariable *GV,
> >                                            const VarDecl &D, bool IsDynInit) {
> > -  if (!CGM.getLangOpts().Sanitize.hasOneOf(SanitizerKind::Address |
> > -                                           SanitizerKind::KernelAddress |
> > -                                           SanitizerKind::HWAddress |
> > -                                           SanitizerKind::KernelHWAddress))
> > +  if (!isAsanHwasanOrMemTag(CGM.getLangOpts().Sanitize))
> >     return;
> >   std::string QualName;
> >   llvm::raw_string_ostream OS(QualName);
> > @@ -78,10 +78,7 @@ void SanitizerMetadata::reportGlobalToAS
> > void SanitizerMetadata::disableSanitizerForGlobal(llvm::GlobalVariable *GV) {
> >   // For now, just make sure the global is not modified by the ASan
> >   // instrumentation.
> > -  if (CGM.getLangOpts().Sanitize.hasOneOf(SanitizerKind::Address |
> > -                                          SanitizerKind::KernelAddress |
> > -                                          SanitizerKind::HWAddress |
> > -                                          SanitizerKind::KernelHWAddress))
> > +  if (isAsanHwasanOrMemTag(CGM.getLangOpts().Sanitize))
> >     reportGlobalToASan(GV, SourceLocation(), "", QualType(), false, true);
> > }
> >
> >
> > Modified: cfe/trunk/lib/Driver/SanitizerArgs.cpp
> > URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Driver/SanitizerArgs.cpp?rev=366123&r1=366122&r2=366123&view=diff
> > ==============================================================================
> > --- cfe/trunk/lib/Driver/SanitizerArgs.cpp (original)
> > +++ cfe/trunk/lib/Driver/SanitizerArgs.cpp Mon Jul 15 13:02:23 2019
> > @@ -40,7 +40,8 @@ static const SanitizerMask NeedsUnwindTa
> > static const SanitizerMask SupportsCoverage =
> >     SanitizerKind::Address | SanitizerKind::HWAddress |
> >     SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress |
> > -    SanitizerKind::Memory | SanitizerKind::KernelMemory | SanitizerKind::Leak |
> > +    SanitizerKind::MemTag | SanitizerKind::Memory |
> > +    SanitizerKind::KernelMemory | SanitizerKind::Leak |
> >     SanitizerKind::Undefined | SanitizerKind::Integer |
> >     SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
> >     SanitizerKind::DataFlow | SanitizerKind::Fuzzer |
> > @@ -122,6 +123,7 @@ static void addDefaultBlacklists(const D
> >     SanitizerMask Mask;
> >   } Blacklists[] = {{"asan_blacklist.txt", SanitizerKind::Address},
> >                     {"hwasan_blacklist.txt", SanitizerKind::HWAddress},
> > +                    {"memtag_blacklist.txt", SanitizerKind::MemTag},
> >                     {"msan_blacklist.txt", SanitizerKind::Memory},
> >                     {"tsan_blacklist.txt", SanitizerKind::Thread},
> >                     {"dfsan_abilist.txt", SanitizerKind::DataFlow},
> > @@ -420,7 +422,11 @@ SanitizerArgs::SanitizerArgs(const ToolC
> >                      SanitizerKind::Address | SanitizerKind::HWAddress |
> >                          SanitizerKind::Leak | SanitizerKind::Thread |
> >                          SanitizerKind::Memory | SanitizerKind::KernelAddress |
> > -                         SanitizerKind::Scudo | SanitizerKind::SafeStack)};
> > +                         SanitizerKind::Scudo | SanitizerKind::SafeStack),
> > +      std::make_pair(SanitizerKind::MemTag,
> > +                     SanitizerKind::Address | SanitizerKind::KernelAddress |
> > +                         SanitizerKind::HWAddress |
> > +                         SanitizerKind::KernelHWAddress)};
> >   // Enable toolchain specific default sanitizers if not explicitly disabled.
> >   SanitizerMask Default = TC.getDefaultSanitizers() & ~AllRemove;
> >
> >
> > Modified: cfe/trunk/lib/Driver/ToolChains/Linux.cpp
> > URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Driver/ToolChains/Linux.cpp?rev=366123&r1=366122&r2=366123&view=diff
> > ==============================================================================
> > --- cfe/trunk/lib/Driver/ToolChains/Linux.cpp (original)
> > +++ cfe/trunk/lib/Driver/ToolChains/Linux.cpp Mon Jul 15 13:02:23 2019
> > @@ -1026,6 +1026,8 @@ SanitizerMask Linux::getSupportedSanitiz
> >     Res |= SanitizerKind::HWAddress;
> >     Res |= SanitizerKind::KernelHWAddress;
> >   }
> > +  if (IsAArch64)
> > +    Res |= SanitizerKind::MemTag;
> >   return Res;
> > }
> >
> >
> > Added: cfe/trunk/test/CodeGen/memtag-attr.cpp
> > URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGen/memtag-attr.cpp?rev=366123&view=auto
> > ==============================================================================
> > --- cfe/trunk/test/CodeGen/memtag-attr.cpp (added)
> > +++ cfe/trunk/test/CodeGen/memtag-attr.cpp Mon Jul 15 13:02:23 2019
> > @@ -0,0 +1,19 @@
> > +// Make sure the sanitize_memtag attribute is emitted when using MemTag sanitizer.
> > +// Make sure __attribute__((no_sanitize("memtag")) disables instrumentation.
> > +
> > +// RUN: %clang_cc1 -triple aarch64-unknown-linux -disable-O0-optnone \
> > +// RUN:   -emit-llvm -o - %s | FileCheck -check-prefix=CHECK-NO %s
> > +
> > +// RUN: %clang_cc1 -triple aarch64-unknown-linux -fsanitize=memtag \
> > +// RUN:   -disable-O0-optnone -emit-llvm -o - %s | \
> > +// RUN:   FileCheck -check-prefix=CHECK-MEMTAG %s
> > +
> > +int HasSanitizeMemTag() { return 1; }
> > +// CHECK-NO: {{Function Attrs: noinline nounwind$}}
> > +// CHECK-MEMTAG: Function Attrs: noinline nounwind sanitize_memtag
> > +
> > +__attribute__((no_sanitize("memtag"))) int NoSanitizeQuoteAddress() {
> > +  return 0;
> > +}
> > +// CHECK-NO: {{Function Attrs: noinline nounwind$}}
> > +// CHECK-MEMTAG: {{Function Attrs: noinline nounwind$}}
> >
> > Modified: cfe/trunk/test/Driver/fsanitize.c
> > URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Driver/fsanitize.c?rev=366123&r1=366122&r2=366123&view=diff
> > ==============================================================================
> > --- cfe/trunk/test/Driver/fsanitize.c (original)
> > +++ cfe/trunk/test/Driver/fsanitize.c Mon Jul 15 13:02:23 2019
> > @@ -181,6 +181,16 @@
> > // RUN: %clang -target x86_64-linux-gnu -fsanitize=hwaddress,address -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANHA-SANA
> > // CHECK-SANHA-SANA: '-fsanitize=hwaddress' not allowed with '-fsanitize=address'
> >
> > +// RUN: %clang -target aarch64-linux-android -fsanitize=memtag,address -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANMT-SANA
> > +// CHECK-SANMT-SANA: '-fsanitize=memtag' not allowed with '-fsanitize=address'
> > +
> > +// RUN: %clang -target aarch64-linux-android -fsanitize=memtag,hwaddress -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANMT-SANHA
> > +// CHECK-SANMT-SANHA: '-fsanitize=memtag' not allowed with '-fsanitize=hwaddress'
> > +
> > +// RUN: %clang -target i386-linux-android -fsanitize=memtag -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANMT-BAD-ARCH
> > +// RUN: %clang -target x86_64-linux-android -fsanitize=memtag -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANMT-BAD-ARCH
> > +// CHECK-SANMT-BAD-ARCH: unsupported option '-fsanitize=memtag' for target
> > +
> > // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-address-use-after-scope %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-USE-AFTER-SCOPE
> > // RUN: %clang_cl --target=x86_64-windows -fsanitize=address -fsanitize-address-use-after-scope -### -- %s 2>&1 | FileCheck %s --check-prefix=CHECK-USE-AFTER-SCOPE
> > // CHECK-USE-AFTER-SCOPE: -cc1{{.*}}-fsanitize-address-use-after-scope
> >
> > Added: cfe/trunk/test/Lexer/has_feature_memtag_sanitizer.cpp
> > URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Lexer/has_feature_memtag_sanitizer.cpp?rev=366123&view=auto
> > ==============================================================================
> > --- cfe/trunk/test/Lexer/has_feature_memtag_sanitizer.cpp (added)
> > +++ cfe/trunk/test/Lexer/has_feature_memtag_sanitizer.cpp Mon Jul 15 13:02:23 2019
> > @@ -0,0 +1,11 @@
> > +// RUN: %clang_cc1 -E -fsanitize=memtag %s -o - | FileCheck --check-prefix=CHECK-MEMTAG %s
> > +// RUN: %clang_cc1 -E  %s -o - | FileCheck --check-prefix=CHECK-NO-MEMTAG %s
> > +
> > +#if __has_feature(memtag_sanitizer)
> > +int MemTagSanitizerEnabled();
> > +#else
> > +int MemTagSanitizerDisabled();
> > +#endif
> > +
> > +// CHECK-MEMTAG: MemTagSanitizerEnabled
> > +// CHECK-NO-MEMTAG: MemTagSanitizerDisabled
> >
> > Modified: cfe/trunk/test/SemaCXX/attr-no-sanitize.cpp
> > URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/SemaCXX/attr-no-sanitize.cpp?rev=366123&r1=366122&r2=366123&view=diff
> > ==============================================================================
> > --- cfe/trunk/test/SemaCXX/attr-no-sanitize.cpp (original)
> > +++ cfe/trunk/test/SemaCXX/attr-no-sanitize.cpp Mon Jul 15 13:02:23 2019
> > @@ -30,3 +30,8 @@ int f5() __attribute__((no_sanitize("add
> > // DUMP: NoSanitizeAttr {{.*}} unknown
> > // PRINT: int f6() __attribute__((no_sanitize("unknown")))
> > int f6() __attribute__((no_sanitize("unknown"))); // expected-warning{{unknown sanitizer 'unknown' ignored}}
> > +
> > +// DUMP-LABEL: FunctionDecl {{.*}} f7
> > +// DUMP: NoSanitizeAttr {{.*}} memtag
> > +// PRINT: int f7() {{\[\[}}clang::no_sanitize("memtag")]]
> > +[[clang::no_sanitize("memtag")]] int f7();
> >
> >
> > _______________________________________________
> > cfe-commits mailing list
> > cfe-commits at lists.llvm.org
> > https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
> >
> >


More information about the cfe-commits mailing list