[llvm] r325711 - [hwasan] Fix inline instrumentation.
Evgeniy Stepanov via llvm-commits
llvm-commits at lists.llvm.org
Wed Feb 21 11:52:23 PST 2018
Author: eugenis
Date: Wed Feb 21 11:52:23 2018
New Revision: 325711
URL: http://llvm.org/viewvc/llvm-project?rev=325711&view=rev
Log:
[hwasan] Fix inline instrumentation.
This patch changes hwasan inline instrumentation:
Fixes address untagging for shadow address calculation (use 0xFF instead of 0x00 for the top byte).
Emits brk instruction instead of hlt for the kernel and user space.
Use 0x900 instead of 0x100 for brk immediate (0x100 - 0x800 are unavailable in the kernel).
Fixes and adds appropriate tests.
Patch by Andrey Konovalov.
Differential Revision: https://reviews.llvm.org/D43135
Modified:
llvm/trunk/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
llvm/trunk/test/Instrumentation/HWAddressSanitizer/atomic.ll
llvm/trunk/test/Instrumentation/HWAddressSanitizer/basic.ll
llvm/trunk/test/Instrumentation/HWAddressSanitizer/kernel-alloca.ll
llvm/trunk/test/Instrumentation/HWAddressSanitizer/kernel.ll
Modified: llvm/trunk/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp?rev=325711&r1=325710&r2=325711&view=diff
==============================================================================
--- llvm/trunk/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp (original)
+++ llvm/trunk/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp Wed Feb 21 11:52:23 2018
@@ -134,6 +134,7 @@ public:
bool isInterestingAlloca(const AllocaInst &AI);
bool tagAlloca(IRBuilder<> &IRB, AllocaInst *AI, Value *Tag);
Value *tagPointer(IRBuilder<> &IRB, Type *Ty, Value *PtrLong, Value *Tag);
+ Value *untagPointer(IRBuilder<> &IRB, Value *PtrLong);
bool instrumentStack(SmallVectorImpl<AllocaInst *> &Allocas,
SmallVectorImpl<Instruction *> &RetVec);
Value *getNextTagWithCall(IRBuilder<> &IRB);
@@ -291,9 +292,7 @@ void HWAddressSanitizer::instrumentMemAc
Instruction *InsertBefore) {
IRBuilder<> IRB(InsertBefore);
Value *PtrTag = IRB.CreateTrunc(IRB.CreateLShr(PtrLong, kPointerTagShift), IRB.getInt8Ty());
- Value *AddrLong =
- IRB.CreateAnd(PtrLong, ConstantInt::get(PtrLong->getType(),
- ~(0xFFULL << kPointerTagShift)));
+ Value *AddrLong = untagPointer(IRB, PtrLong);
Value *ShadowLong = IRB.CreateLShr(AddrLong, kShadowScale);
if (ClMappingOffset)
ShadowLong = IRB.CreateAdd(
@@ -311,8 +310,8 @@ void HWAddressSanitizer::instrumentMemAc
// The signal handler will find the data address in x0.
InlineAsm *Asm = InlineAsm::get(
FunctionType::get(IRB.getVoidTy(), {PtrLong->getType()}, false),
- "hlt #" +
- itostr(0x100 + Recover * 0x20 + IsWrite * 0x10 + AccessSizeIndex),
+ "brk #" +
+ itostr(0x900 + Recover * 0x20 + IsWrite * 0x10 + AccessSizeIndex),
"{x0}",
/*hasSideEffects=*/true);
IRB.CreateCall(Asm, PtrLong);
@@ -461,6 +460,21 @@ Value *HWAddressSanitizer::tagPointer(IR
return IRB.CreateIntToPtr(TaggedPtrLong, Ty);
}
+// Remove tag from an address.
+Value *HWAddressSanitizer::untagPointer(IRBuilder<> &IRB, Value *PtrLong) {
+ Value *UntaggedPtrLong;
+ if (ClEnableKhwasan) {
+ // Kernel addresses have 0xFF in the most significant byte.
+ UntaggedPtrLong = IRB.CreateOr(PtrLong,
+ ConstantInt::get(PtrLong->getType(), 0xFFULL << kPointerTagShift));
+ } else {
+ // Userspace addresses have 0x00.
+ UntaggedPtrLong = IRB.CreateAnd(PtrLong,
+ ConstantInt::get(PtrLong->getType(), ~(0xFFULL << kPointerTagShift)));
+ }
+ return UntaggedPtrLong;
+}
+
bool HWAddressSanitizer::instrumentStack(
SmallVectorImpl<AllocaInst *> &Allocas,
SmallVectorImpl<Instruction *> &RetVec) {
Modified: llvm/trunk/test/Instrumentation/HWAddressSanitizer/atomic.ll
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Instrumentation/HWAddressSanitizer/atomic.ll?rev=325711&r1=325710&r2=325711&view=diff
==============================================================================
--- llvm/trunk/test/Instrumentation/HWAddressSanitizer/atomic.ll (original)
+++ llvm/trunk/test/Instrumentation/HWAddressSanitizer/atomic.ll Wed Feb 21 11:52:23 2018
@@ -8,7 +8,7 @@ target triple = "aarch64--linux-android"
define void @atomicrmw(i64* %ptr) sanitize_hwaddress {
; CHECK-LABEL: @atomicrmw(
; CHECK: lshr i64 %[[A:[^ ]*]], 56
-; CHECK: call void asm sideeffect "hlt #275", "{x0}"(i64 %[[A]])
+; CHECK: call void asm sideeffect "brk #2323", "{x0}"(i64 %[[A]])
; CHECK: atomicrmw add i64* %ptr, i64 1 seq_cst
; CHECK: ret void
@@ -20,7 +20,7 @@ entry:
define void @cmpxchg(i64* %ptr, i64 %compare_to, i64 %new_value) sanitize_hwaddress {
; CHECK-LABEL: @cmpxchg(
; CHECK: lshr i64 %[[A:[^ ]*]], 56
-; CHECK: call void asm sideeffect "hlt #275", "{x0}"(i64 %[[A]])
+; CHECK: call void asm sideeffect "brk #2323", "{x0}"(i64 %[[A]])
; CHECK: cmpxchg i64* %ptr, i64 %compare_to, i64 %new_value seq_cst seq_cst
; CHECK: ret void
Modified: llvm/trunk/test/Instrumentation/HWAddressSanitizer/basic.ll
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Instrumentation/HWAddressSanitizer/basic.ll?rev=325711&r1=325710&r2=325711&view=diff
==============================================================================
--- llvm/trunk/test/Instrumentation/HWAddressSanitizer/basic.ll (original)
+++ llvm/trunk/test/Instrumentation/HWAddressSanitizer/basic.ll Wed Feb 21 11:52:23 2018
@@ -18,9 +18,9 @@ define i8 @test_load8(i8* %a) sanitize_h
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
-; ABORT: call void asm sideeffect "hlt #256", "{x0}"(i64 %[[A]])
+; ABORT: call void asm sideeffect "brk #2304", "{x0}"(i64 %[[A]])
; ABORT: unreachable
-; RECOVER: call void asm sideeffect "hlt #288", "{x0}"(i64 %[[A]])
+; RECOVER: call void asm sideeffect "brk #2336", "{x0}"(i64 %[[A]])
; RECOVER: br label
; CHECK: %[[G:[^ ]*]] = load i8, i8* %a, align 4
@@ -43,9 +43,9 @@ define i16 @test_load16(i16* %a) sanitiz
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
-; ABORT: call void asm sideeffect "hlt #257", "{x0}"(i64 %[[A]])
+; ABORT: call void asm sideeffect "brk #2305", "{x0}"(i64 %[[A]])
; ABORT: unreachable
-; RECOVER: call void asm sideeffect "hlt #289", "{x0}"(i64 %[[A]])
+; RECOVER: call void asm sideeffect "brk #2337", "{x0}"(i64 %[[A]])
; RECOVER: br label
; CHECK: %[[G:[^ ]*]] = load i16, i16* %a, align 4
@@ -68,9 +68,9 @@ define i32 @test_load32(i32* %a) sanitiz
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
-; ABORT: call void asm sideeffect "hlt #258", "{x0}"(i64 %[[A]])
+; ABORT: call void asm sideeffect "brk #2306", "{x0}"(i64 %[[A]])
; ABORT: unreachable
-; RECOVER: call void asm sideeffect "hlt #290", "{x0}"(i64 %[[A]])
+; RECOVER: call void asm sideeffect "brk #2338", "{x0}"(i64 %[[A]])
; RECOVER: br label
; CHECK: %[[G:[^ ]*]] = load i32, i32* %a, align 4
@@ -93,9 +93,9 @@ define i64 @test_load64(i64* %a) sanitiz
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
-; ABORT: call void asm sideeffect "hlt #259", "{x0}"(i64 %[[A]])
+; ABORT: call void asm sideeffect "brk #2307", "{x0}"(i64 %[[A]])
; ABORT: unreachable
-; RECOVER: call void asm sideeffect "hlt #291", "{x0}"(i64 %[[A]])
+; RECOVER: call void asm sideeffect "brk #2339", "{x0}"(i64 %[[A]])
; RECOVER: br label
; CHECK: %[[G:[^ ]*]] = load i64, i64* %a, align 8
@@ -118,9 +118,9 @@ define i128 @test_load128(i128* %a) sani
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
-; ABORT: call void asm sideeffect "hlt #260", "{x0}"(i64 %[[A]])
+; ABORT: call void asm sideeffect "brk #2308", "{x0}"(i64 %[[A]])
; ABORT: unreachable
-; RECOVER: call void asm sideeffect "hlt #292", "{x0}"(i64 %[[A]])
+; RECOVER: call void asm sideeffect "brk #2340", "{x0}"(i64 %[[A]])
; RECOVER: br label
; CHECK: %[[G:[^ ]*]] = load i128, i128* %a, align 16
@@ -156,9 +156,9 @@ define void @test_store8(i8* %a, i8 %b)
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
-; ABORT: call void asm sideeffect "hlt #272", "{x0}"(i64 %[[A]])
+; ABORT: call void asm sideeffect "brk #2320", "{x0}"(i64 %[[A]])
; ABORT: unreachable
-; RECOVER: call void asm sideeffect "hlt #304", "{x0}"(i64 %[[A]])
+; RECOVER: call void asm sideeffect "brk #2352", "{x0}"(i64 %[[A]])
; RECOVER: br label
; CHECK: store i8 %b, i8* %a, align 4
@@ -181,9 +181,9 @@ define void @test_store16(i16* %a, i16 %
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
-; ABORT: call void asm sideeffect "hlt #273", "{x0}"(i64 %[[A]])
+; ABORT: call void asm sideeffect "brk #2321", "{x0}"(i64 %[[A]])
; ABORT: unreachable
-; RECOVER: call void asm sideeffect "hlt #305", "{x0}"(i64 %[[A]])
+; RECOVER: call void asm sideeffect "brk #2353", "{x0}"(i64 %[[A]])
; RECOVER: br label
; CHECK: store i16 %b, i16* %a, align 4
@@ -206,9 +206,9 @@ define void @test_store32(i32* %a, i32 %
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
-; ABORT: call void asm sideeffect "hlt #274", "{x0}"(i64 %[[A]])
+; ABORT: call void asm sideeffect "brk #2322", "{x0}"(i64 %[[A]])
; ABORT: unreachable
-; RECOVER: call void asm sideeffect "hlt #306", "{x0}"(i64 %[[A]])
+; RECOVER: call void asm sideeffect "brk #2354", "{x0}"(i64 %[[A]])
; RECOVER: br label
; CHECK: store i32 %b, i32* %a, align 4
@@ -231,9 +231,9 @@ define void @test_store64(i64* %a, i64 %
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
-; ABORT: call void asm sideeffect "hlt #275", "{x0}"(i64 %[[A]])
+; ABORT: call void asm sideeffect "brk #2323", "{x0}"(i64 %[[A]])
; ABORT: unreachable
-; RECOVER: call void asm sideeffect "hlt #307", "{x0}"(i64 %[[A]])
+; RECOVER: call void asm sideeffect "brk #2355", "{x0}"(i64 %[[A]])
; RECOVER: br label
; CHECK: store i64 %b, i64* %a, align 8
@@ -256,9 +256,9 @@ define void @test_store128(i128* %a, i12
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
-; ABORT: call void asm sideeffect "hlt #276", "{x0}"(i64 %[[A]])
+; ABORT: call void asm sideeffect "brk #2324", "{x0}"(i64 %[[A]])
; ABORT: unreachable
-; RECOVER: call void asm sideeffect "hlt #308", "{x0}"(i64 %[[A]])
+; RECOVER: call void asm sideeffect "brk #2356", "{x0}"(i64 %[[A]])
; RECOVER: br label
; CHECK: store i128 %b, i128* %a, align 16
Modified: llvm/trunk/test/Instrumentation/HWAddressSanitizer/kernel-alloca.ll
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Instrumentation/HWAddressSanitizer/kernel-alloca.ll?rev=325711&r1=325710&r2=325711&view=diff
==============================================================================
--- llvm/trunk/test/Instrumentation/HWAddressSanitizer/kernel-alloca.ll (original)
+++ llvm/trunk/test/Instrumentation/HWAddressSanitizer/kernel-alloca.ll Wed Feb 21 11:52:23 2018
@@ -1,4 +1,4 @@
-; Test basic address sanitizer instrumentation.
+; Test kernel hwasan instrumentation for alloca.
;
; RUN: opt < %s -hwasan -hwasan-kernel=1 -S | FileCheck %s
Modified: llvm/trunk/test/Instrumentation/HWAddressSanitizer/kernel.ll
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Instrumentation/HWAddressSanitizer/kernel.ll?rev=325711&r1=325710&r2=325711&view=diff
==============================================================================
--- llvm/trunk/test/Instrumentation/HWAddressSanitizer/kernel.ll (original)
+++ llvm/trunk/test/Instrumentation/HWAddressSanitizer/kernel.ll Wed Feb 21 11:52:23 2018
@@ -1,27 +1,42 @@
; Test kernel hwasan instrumentation.
;
-; RUN: opt < %s -hwasan -hwasan-kernel=1 -S | FileCheck %s --allow-empty --check-prefixes=KERNEL
-; RUN: opt < %s -hwasan -hwasan-mapping-offset=12345678 -S | FileCheck %s --check-prefixes=OFFSET
+; RUN: opt < %s -hwasan -hwasan-kernel=1 -S | FileCheck %s --allow-empty --check-prefixes=INIT
+; RUN: opt < %s -hwasan -hwasan-kernel=1 -S | FileCheck %s --check-prefixes=CHECK,NOOFFSET
+; RUN: opt < %s -hwasan -hwasan-kernel=1 -hwasan-mapping-offset=12345678 -S | FileCheck %s --check-prefixes=CHECK,OFFSET
+; RUN: opt < %s -hwasan -hwasan-kernel=1 -hwasan-recover=0 -S | FileCheck %s --check-prefixes=CHECK,NOOFFSET,ABORT
+; RUN: opt < %s -hwasan -hwasan-kernel=1 -hwasan-recover=1 -S | FileCheck %s --check-prefixes=CHECK,NOOFFSET,RECOVER
target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
target triple = "aarch64--linux-android"
define i8 @test_load(i8* %a) sanitize_hwaddress {
-; OFFSET-LABEL: @test_load(
-; OFFSET: %[[A:[^ ]*]] = ptrtoint i8* %a to i64
-; OFFSET: %[[B:[^ ]*]] = lshr i64 %[[A]], 56
-; OFFSET: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8
-; OFFSET: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935
-; OFFSET: %[[D:[^ ]*]] = lshr i64 %[[C]], 4
+; CHECK-LABEL: @test_load(
+; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64
+; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56
+; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8
+; CHECK: %[[C:[^ ]*]] = or i64 %[[A]], -72057594037927936
+; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4
+
+; NOOFFSET: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8*
+
; OFFSET: %[[D1:[^ ]*]] = add i64 %[[D]], 12345678
; OFFSET: %[[E:[^ ]*]] = inttoptr i64 %[[D1]] to i8*
-; OFFSET: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]]
-; OFFSET: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
-; OFFSET: br i1 %[[F]],
+
+; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]]
+; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
+; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
+
+; ABORT: call void asm sideeffect "brk #2304", "{x0}"(i64 %[[A]])
+; ABORT: unreachable
+; RECOVER: call void asm sideeffect "brk #2336", "{x0}"(i64 %[[A]])
+; RECOVER: br label
+
+; CHECK: %[[G:[^ ]*]] = load i8, i8* %a, align 4
+; CHECK: ret i8 %[[G]]
entry:
%b = load i8, i8* %a, align 4
ret i8 %b
}
-; KERNEL-NOT: call void @__hwasan_init
+; INIT-NOT: call void @__hwasan_init
More information about the llvm-commits
mailing list