[llvm-dev] [RFC] Using Intel MPX to harden SafeStack
Kostya Serebryany via llvm-dev
llvm-dev at lists.llvm.org
Tue Mar 14 18:51:40 PDT 2017
the correct links is of course
http://dl.acm.org/citation.cfm?id=2991089&CFID=732054959&CFTOKEN=52558062
On Tue, Mar 14, 2017 at 4:30 PM, Kostya Serebryany <kcc at google.com> wrote:
> FTR: https://peerj.com/preprints/2863/ seems to be related/similar to
> this patch
>
> On Fri, Feb 17, 2017 at 5:27 PM, LeMay, Michael <michael.lemay at intel.com>
> wrote:
>
>> On 2/7/2017 20:02, Kostya Serebryany wrote:
>>
>> ...
>>
>> My understanding is that BNDCU is the cheapest possible instruction, just
>> like XOR or ADD,
>> so the overhead should be relatively small.
>> Still my guesstimate would be >= 5% since stores are very numerous.
>> And such overhead will be on top of whatever overhead SafeStack has.
>> Do you have any measurements to share?
>>
>> Here are estimated SPECint_base2006 component runtimes for some relevant
>> test configurations:
>>
>>
>>
>> Runtime in seconds:
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |Benchmark |Unpatched|Unpatched|Patched |MPX |
>>
>> | |Base |SafeStack|SafeStack| |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |400.perlbench |430.82 |443.07 |442.42 |456.34 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |401.bzip2 |711.43 |716.59 |717.35 |750.06 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |403.gcc |333.76 |334.11 |334.95 |336.13 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |429.mcf |371.48 |375.75 |373.50 |377.93 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |445.gobmk |677.80 |686.12 |685.50 |702.87 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |456.hmmer |534.94 |533.68 |534.37 |553.40 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |458.sjeng |633.69 |641.21 |641.81 |655.94 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |462.libquantum|362.82 |367.00 |367.38 |382.14 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |464.h264ref |701.37 |682.13 |683.41 |699.93 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |471.omnetpp |397.04 |407.38 |407.33 |411.36 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |473.astar |611.51 |610.46 |610.19 |624.78 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |483.xalancbmk |291.66 |295.61 |296.42 |298.29 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |SUM |6058.32 |6093.10 |6094.62 |6249.16|
>>
>> +--------------+---------+---------+---------+-------+
>>
>>
>> These runtimes are estimates as benchmark runs for research purposes
>> built with patched/experimental compilers cannot be benchmark compliant.
>> Compilation flags that aren't yet fully documented also can not be
>> compliant.
>>
>>
>> Percentage changes in runtime relative to Unpatched Base:
>>
>> +--------------+---------+---------+-----+
>>
>> |Benchmark |Unpatched|Patched |MPX |
>>
>> | |SafeStack|SafeStack| |
>>
>> +--------------+---------+---------+-----+
>>
>> |400.perlbench |2.84 |2.69 |5.93 |
>>
>> +--------------+---------+---------+-----+
>>
>> |401.bzip2 |0.73 |0.83 |5.43 |
>>
>> +--------------+---------+---------+-----+
>>
>> |403.gcc |0.10 |0.36 |0.71 |
>>
>> +--------------+---------+---------+-----+
>>
>> |429.mcf |1.15 |0.54 |1.74 |
>>
>> +--------------+---------+---------+-----+
>>
>> |445.gobmk |1.23 |1.14 |3.70 |
>>
>> +--------------+---------+---------+-----+
>>
>> |456.hmmer |-0.24 |-0.11 |3.45 |
>>
>> +--------------+---------+---------+-----+
>>
>> |458.sjeng |1.19 |1.28 |3.51 |
>>
>> +--------------+---------+---------+-----+
>>
>> |462.libquantum|1.15 |1.26 |5.32 |
>>
>> +--------------+---------+---------+-----+
>>
>> |464.h264ref |-2.74 |-2.56 |-0.21|
>>
>> +--------------+---------+---------+-----+
>>
>> |471.omnetpp |2.60 |2.59 |3.61 |
>>
>> +--------------+---------+---------+-----+
>>
>> |473.astar |-0.17 |-0.21 |2.17 |
>>
>> +--------------+---------+---------+-----+
>>
>> |483.xalancbmk |1.35 |1.63 |2.27 |
>>
>> +--------------+---------+---------+-----+
>>
>> |SUM |0.57 |0.60 |3.15 |
>>
>> +--------------+---------+---------+-----+
>>
>>
>> These measurements were collected on an Intel NUC6i5SY with an Intel Core
>> i5-6260U CPU and 32G RAM running Clear Linux 13330. Intel Hyper-Threading,
>> Intel Turbo Boost, and the LAN were all disabled. I used SPEC CPU2006 v1.2
>> and started the Clang/LLVM port from the gcc 4.6 Linux x86 example file
>> included in the SPEC CPU 2006 kit.
>>
>>
>> Here is the legend for the various test configurations:
>>
>> - Unpatched Base: Unpatched compiler with SafeStack disabled. This is
>> the reference configuration.
>>
>> - Unpatched SafeStack: Unpatched compiler with SafeStack enabled.
>>
>> - Patched SafeStack: Patched compiler with SafeStack enabled. However,
>> MPX-based hardening is not enabled in this configuration. This
>> configuration is intended to show the effect of the Compiler-RT patches on
>> programs that do not enable MPX-based hardening.
>>
>> - MPX: Patched compiler with MPX-hardened SafeStack enabled.
>>
>>
>>
>> The unpatched compiler was built from the following SVN IDs:
>>
>> - LLVM: 292171 from January 16, 2017
>>
>> - Clang: 292141 from January 16, 2017
>>
>> - Compiler-RT: 291346 from January 7, 2017
>>
>>
>>
>> The patched compiler was built with the current posted versions of my
>> patches applied on top of the SVN IDs listed above.
>>
>>
>>
>> The following compiler settings in the SPEC CPU2006 cfg files were used
>> for each configuration:
>>
>>
>>
>> COPTIMIZE:
>>
>> - Unpatched Base: -std=gnu89 -O2 -fno-strict-aliasing -march=skylake
>> -mtune=skylake
>>
>> - Unpatched/Patched SafeStack: -std=gnu89 -O2 -fno-strict-aliasing
>> -march=skylake -mtune=skylake -fsanitize=safe-stack
>>
>> - MPX: -std=gnu89 -O2 -fno-strict-aliasing -march=skylake
>> -mtune=skylake -mseparate-stack-seg -fsanitize=safe-stack
>>
>>
>>
>> CXXOPTIMIZE:
>>
>> - Unpatched Base: -O2 -fno-strict-aliasing -march=skylake -mtune=skylake
>>
>> - Unpatched/Patched SafeStack: -O2 -fno-strict-aliasing -march=skylake
>> -mtune=skylake -fsanitize=safe-stack
>>
>> - MPX: -O2 -fno-strict-aliasing -march=skylake -mtune=skylake
>> -mseparate-stack-seg -fsanitize=safe-stack
>>
>>
>> The FOPTIMIZE settings are irrelevant, since none of the SPECint tests
>> use Fortran.
>>
>>
>> Here are measurements of the absolute sizes of the .text sections for the
>> programs as well as percentage changes in those sizes:
>>
>>
>>
>> .text section size in bytes:
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |Benchmark |Unpatched|Unpatched|Patched |MPX |
>>
>> | |Base |SafeStack|SafeStack| |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |400.perlbench |884769 |1003041 |1003233 |1131769|
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |401.bzip2 |79393 |175297 |175489 |235577 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |403.gcc |2420209 |2545041 |2545233 |2727913|
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |429.mcf |10977 |105345 |105537 |155705 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |445.gobmk |633953 |743585 |743777 |823993 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |456.hmmer |258593 |358033 |358225 |432249 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |458.sjeng |96593 |192929 |193121 |251545 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |462.libquantum|32441 |127065 |127257 |177545 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |464.h264ref |539713 |638705 |638897 |736729 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |471.omnetpp |403521 |527345 |527537 |597801 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |473.astar |31169 |126225 |126417 |178105 |
>>
>> +--------------+---------+---------+---------+-------+
>>
>> |483.xalancbmk |2358241 |2725921 |2726113 |2936841|
>>
>> +--------------+---------+---------+---------+-------+
>>
>>
>>
>> Percentage changes in .text section size relative to Unpatched Base:
>>
>>
>> +--------------+---------+---------+-------+
>>
>> |Benchmark |Unpatched|Patched |MPX |
>>
>> | |SafeStack|SafeStack| |
>>
>> +--------------+---------+---------+-------+
>>
>> |400.perlbench |13.37 |13.39 |27.92 |
>>
>> +--------------+---------+---------+-------+
>>
>> |401.bzip2 |120.80 |121.04 |196.72 |
>>
>> +--------------+---------+---------+-------+
>>
>> |403.gcc |5.16 |5.17 |12.71 |
>>
>> +--------------+---------+---------+-------+
>>
>> |429.mcf |859.69 |861.44 |1318.47|
>>
>> +--------------+---------+---------+-------+
>>
>> |445.gobmk |17.29 |17.32 |29.98 |
>>
>> +--------------+---------+---------+-------+
>>
>> |456.hmmer |38.45 |38.53 |67.15 |
>>
>> +--------------+---------+---------+-------+
>>
>> |458.sjeng |99.73 |99.93 |160.42 |
>>
>> +--------------+---------+---------+-------+
>>
>> |462.libquantum|291.68 |292.27 |447.29 |
>>
>> +--------------+---------+---------+-------+
>>
>> |464.h264ref |18.34 |18.38 |36.50 |
>>
>> +--------------+---------+---------+-------+
>>
>> |471.omnetpp |30.69 |30.73 |48.15 |
>>
>> +--------------+---------+---------+-------+
>>
>> |473.astar |304.97 |305.59 |471.42 |
>>
>> +--------------+---------+---------+-------+
>>
>> |483.xalancbmk |15.59 |15.60 |24.54 |
>>
>> +--------------+---------+---------+-------+
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20170314/93f97c45/attachment.html>
More information about the llvm-dev
mailing list