[PATCH] D43643: [RFC] Sceptre a Spectre variant 1 detector

Thu Feb 22 12:42:44 PST 2018

rob.lougher created this revision.
rob.lougher added a reviewer: llvm-commits.
Herald added subscribers: eraman, mgorny, mehdi_amini.

Sceptre is an LLVM Utility pass to check a program at the IR level for Spectre variant 1 (bounds check bypass) vulnerabilities. The pass currently must be enabled with -mllvm -enable-sceptre.  When it finds a vulnerability it outputs a diagnostic of the form:

warning: spectre.c:10:10: in function array1_load: found vulnerable load
note: inlined into function foo at: spectre.c:19:24
note: bounds check with index "index" is at: spectre.c:6:16: in function is_valid_idx
note: inlined into function foo at: spectre.c:18:6

As it runs after inlining it must be ran at –https://reviews.llvm.org/owners/package/1/ or above (recommendation is to run it at –https://reviews.llvm.org/owners/package/2/).

Note, as the pass is still under development I'm putting this up merely as an RFC (an email will be sent to llvm-dev linking to this).  The pass has proved useful internally and I wanted to share it as soon as possible with the community.

Thanks,
Rob.

-

Robert Lougher
Sony Interactive Entertainment

Repository:
  rL LLVM

https://reviews.llvm.org/D43643

Files:
  include/llvm/Analysis/Passes.h
  include/llvm/IR/DiagnosticInfo.h
  include/llvm/InitializePasses.h
  include/llvm/LinkAllPasses.h
  lib/Analysis/Analysis.cpp
  lib/Analysis/CMakeLists.txt
  lib/Analysis/Sceptre.cpp
  lib/IR/DiagnosticInfo.cpp
  lib/Transforms/IPO/PassManagerBuilder.cpp
  test/Analysis/Sceptre/basic.ll
  test/Analysis/Sceptre/escapes.ll
  test/Analysis/Sceptre/inline.ll
  test/Analysis/Sceptre/struct.ll

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D43643.135500.patch
Type: text/x-patch
Size: 69374 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180222/f4352e1b/attachment-0001.bin>