[clang] a1255dc - Use-after-return sanitizer binary metadata
Dmitry Vyukov via cfe-commits
cfe-commits at lists.llvm.org
Tue Nov 29 08:37:42 PST 2022
Author: Dmitry Vyukov
Date: 2022-11-29T17:37:36+01:00
New Revision: a1255dc467f7ce57a966efa76bbbb4ee91d9115a
URL: https://github.com/llvm/llvm-project/commit/a1255dc467f7ce57a966efa76bbbb4ee91d9115a
DIFF: https://github.com/llvm/llvm-project/commit/a1255dc467f7ce57a966efa76bbbb4ee91d9115a.diff
LOG: Use-after-return sanitizer binary metadata
Currently per-function metadata consists of:
(start-pc, size, features)
This adds a new UAR feature and if it's set an additional element:
(start-pc, size, features, stack-args-size)
Reviewed By: melver
Differential Revision: https://reviews.llvm.org/D136078
Added:
llvm/lib/CodeGen/SanitizerBinaryMetadata.cpp
llvm/test/Instrumentation/SanitizerBinaryMetadata/common.h
llvm/test/Instrumentation/SanitizerBinaryMetadata/covered.cpp
llvm/test/Instrumentation/SanitizerBinaryMetadata/lit.local.cfg
llvm/test/Instrumentation/SanitizerBinaryMetadata/uar.cpp
Modified:
clang/include/clang/Basic/CodeGenOptions.def
clang/include/clang/Basic/CodeGenOptions.h
clang/include/clang/Driver/Options.td
clang/lib/CodeGen/BackendUtil.cpp
clang/lib/Driver/SanitizerArgs.cpp
llvm/include/llvm/CodeGen/CodeGenPassBuilder.h
llvm/include/llvm/CodeGen/MachinePassRegistry.def
llvm/include/llvm/CodeGen/Passes.h
llvm/include/llvm/InitializePasses.h
llvm/include/llvm/Transforms/Instrumentation.h
llvm/include/llvm/Transforms/Instrumentation/SanitizerBinaryMetadata.h
llvm/lib/CodeGen/CMakeLists.txt
llvm/lib/CodeGen/CodeGen.cpp
llvm/lib/CodeGen/TargetPassConfig.cpp
llvm/lib/Transforms/Instrumentation/SanitizerBinaryMetadata.cpp
Removed:
################################################################################
diff --git a/clang/include/clang/Basic/CodeGenOptions.def b/clang/include/clang/Basic/CodeGenOptions.def
index 43521b76652db..81d5ccd4856d4 100644
--- a/clang/include/clang/Basic/CodeGenOptions.def
+++ b/clang/include/clang/Basic/CodeGenOptions.def
@@ -288,6 +288,8 @@ CODEGENOPT(SanitizeCoverageTraceLoads, 1, 0) ///< Enable tracing of loads.
CODEGENOPT(SanitizeCoverageTraceStores, 1, 0) ///< Enable tracing of stores.
CODEGENOPT(SanitizeBinaryMetadataCovered, 1, 0) ///< Emit PCs for covered functions.
CODEGENOPT(SanitizeBinaryMetadataAtomics, 1, 0) ///< Emit PCs for atomic operations.
+CODEGENOPT(SanitizeBinaryMetadataUAR, 1, 0) ///< Emit PCs for start of functions
+ ///< that are subject for use-after-return checking.
CODEGENOPT(SanitizeStats , 1, 0) ///< Collect statistics for sanitizers.
CODEGENOPT(SimplifyLibCalls , 1, 1) ///< Set when -fbuiltin is enabled.
CODEGENOPT(SoftFloat , 1, 0) ///< -soft-float.
diff --git a/clang/include/clang/Basic/CodeGenOptions.h b/clang/include/clang/Basic/CodeGenOptions.h
index 13794035c9076..a1a20995f211d 100644
--- a/clang/include/clang/Basic/CodeGenOptions.h
+++ b/clang/include/clang/Basic/CodeGenOptions.h
@@ -497,7 +497,8 @@ class CodeGenOptions : public CodeGenOptionsBase {
// Check if any one of SanitizeBinaryMetadata* is enabled.
bool hasSanitizeBinaryMetadata() const {
- return SanitizeBinaryMetadataCovered || SanitizeBinaryMetadataAtomics;
+ return SanitizeBinaryMetadataCovered || SanitizeBinaryMetadataAtomics ||
+ SanitizeBinaryMetadataUAR;
}
};
diff --git a/clang/include/clang/Driver/Options.td b/clang/include/clang/Driver/Options.td
index 8da5e25bd38d0..1d577ab70788e 100644
--- a/clang/include/clang/Driver/Options.td
+++ b/clang/include/clang/Driver/Options.td
@@ -5575,6 +5575,10 @@ def fexperimental_sanitize_metadata_EQ_atomics
: Flag<["-"], "fexperimental-sanitize-metadata=atomics">,
HelpText<"Emit PCs for atomic operations used by binary analysis sanitizers">,
MarshallingInfoFlag<CodeGenOpts<"SanitizeBinaryMetadataAtomics">>;
+def fexperimental_sanitize_metadata_EQ_uar
+ : Flag<["-"], "fexperimental-sanitize-metadata=uar">,
+ HelpText<"Emit PCs for start of functions that are subject for use-after-return checking.">,
+ MarshallingInfoFlag<CodeGenOpts<"SanitizeBinaryMetadataUAR">>;
def fpatchable_function_entry_offset_EQ
: Joined<["-"], "fpatchable-function-entry-offset=">, MetaVarName<"<M>">,
HelpText<"Generate M NOPs before function entry">,
diff --git a/clang/lib/CodeGen/BackendUtil.cpp b/clang/lib/CodeGen/BackendUtil.cpp
index 2b241967f5e7b..717ec33441232 100644
--- a/clang/lib/CodeGen/BackendUtil.cpp
+++ b/clang/lib/CodeGen/BackendUtil.cpp
@@ -234,6 +234,7 @@ getSanitizerBinaryMetadataOptions(const CodeGenOptions &CGOpts) {
SanitizerBinaryMetadataOptions Opts;
Opts.Covered = CGOpts.SanitizeBinaryMetadataCovered;
Opts.Atomics = CGOpts.SanitizeBinaryMetadataAtomics;
+ Opts.UAR = CGOpts.SanitizeBinaryMetadataUAR;
return Opts;
}
diff --git a/clang/lib/Driver/SanitizerArgs.cpp b/clang/lib/Driver/SanitizerArgs.cpp
index af27dbc92c8e6..96a701366e37b 100644
--- a/clang/lib/Driver/SanitizerArgs.cpp
+++ b/clang/lib/Driver/SanitizerArgs.cpp
@@ -104,6 +104,7 @@ enum CoverageFeature {
enum BinaryMetadataFeature {
BinaryMetadataCovered = 1 << 0,
BinaryMetadataAtomics = 1 << 1,
+ BinaryMetadataUAR = 1 << 2,
};
/// Parse a -fsanitize= or -fno-sanitize= argument's values, diagnosing any
@@ -1133,7 +1134,8 @@ void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
// flags. Does not depend on any other sanitizers.
const std::pair<int, std::string> BinaryMetadataFlags[] = {
std::make_pair(BinaryMetadataCovered, "covered"),
- std::make_pair(BinaryMetadataAtomics, "atomics")};
+ std::make_pair(BinaryMetadataAtomics, "atomics"),
+ std::make_pair(BinaryMetadataUAR, "uar")};
for (const auto &F : BinaryMetadataFlags) {
if (BinaryMetadataFeatures & F.first)
CmdArgs.push_back(
@@ -1399,6 +1401,7 @@ int parseBinaryMetadataFeatures(const Driver &D, const llvm::opt::Arg *A,
int F = llvm::StringSwitch<int>(Value)
.Case("covered", BinaryMetadataCovered)
.Case("atomics", BinaryMetadataAtomics)
+ .Case("uar", BinaryMetadataUAR)
.Case("all", ~0)
.Default(0);
if (F == 0 && DiagnoseErrors)
diff --git a/llvm/include/llvm/CodeGen/CodeGenPassBuilder.h b/llvm/include/llvm/CodeGen/CodeGenPassBuilder.h
index 48aa4b034fee0..fbaa1b229f55a 100644
--- a/llvm/include/llvm/CodeGen/CodeGenPassBuilder.h
+++ b/llvm/include/llvm/CodeGen/CodeGenPassBuilder.h
@@ -926,6 +926,7 @@ Error CodeGenPassBuilder<Derived>::addMachinePasses(
addPass(StackMapLivenessPass());
addPass(LiveDebugValuesPass());
+ addPass(MachineSanitizerBinaryMetadata());
if (TM.Options.EnableMachineOutliner && getOptLevel() != CodeGenOpt::None &&
Opt.EnableMachineOutliner != RunOutliner::NeverOutline) {
diff --git a/llvm/include/llvm/CodeGen/MachinePassRegistry.def b/llvm/include/llvm/CodeGen/MachinePassRegistry.def
index 617214aaca3c1..0e5a8d64d1ee3 100644
--- a/llvm/include/llvm/CodeGen/MachinePassRegistry.def
+++ b/llvm/include/llvm/CodeGen/MachinePassRegistry.def
@@ -202,4 +202,5 @@ DUMMY_MACHINE_FUNCTION_PASS("instruction-select", InstructionSelectPass, ())
DUMMY_MACHINE_FUNCTION_PASS("reset-machine-function", ResetMachineFunctionPass, ())
DUMMY_MACHINE_FUNCTION_PASS("machineverifier", MachineVerifierPass, ())
DUMMY_MACHINE_FUNCTION_PASS("print-machine-cycles", MachineCycleInfoPrinterPass, ())
+DUMMY_MACHINE_FUNCTION_PASS("machine-sanmd", MachineSanitizerBinaryMetadata, ())
#undef DUMMY_MACHINE_FUNCTION_PASS
diff --git a/llvm/include/llvm/CodeGen/Passes.h b/llvm/include/llvm/CodeGen/Passes.h
index 5fcbc8ed9abe1..cdace28c7def7 100644
--- a/llvm/include/llvm/CodeGen/Passes.h
+++ b/llvm/include/llvm/CodeGen/Passes.h
@@ -409,6 +409,10 @@ namespace llvm {
/// the intrinsic for later emission to the StackMap.
extern char &StackMapLivenessID;
+ // MachineSanitizerBinaryMetadata - appends/finalizes sanitizer binary
+ // metadata after llvm SanitizerBinaryMetadata pass.
+ extern char &MachineSanitizerBinaryMetadataID;
+
/// RemoveRedundantDebugValues pass.
extern char &RemoveRedundantDebugValuesID;
diff --git a/llvm/include/llvm/InitializePasses.h b/llvm/include/llvm/InitializePasses.h
index 2e6b497d06930..c123d483caf72 100644
--- a/llvm/include/llvm/InitializePasses.h
+++ b/llvm/include/llvm/InitializePasses.h
@@ -285,6 +285,7 @@ void initializeMachineOutlinerPass(PassRegistry&);
void initializeMachinePipelinerPass(PassRegistry&);
void initializeMachinePostDominatorTreePass(PassRegistry&);
void initializeMachineRegionInfoPassPass(PassRegistry&);
+void initializeMachineSanitizerBinaryMetadataPass(PassRegistry &);
void initializeMachineSchedulerPass(PassRegistry&);
void initializeMachineSinkingPass(PassRegistry&);
void initializeMachineTraceMetricsPass(PassRegistry&);
diff --git a/llvm/include/llvm/Transforms/Instrumentation.h b/llvm/include/llvm/Transforms/Instrumentation.h
index 2497b3d40d0b0..392983a198444 100644
--- a/llvm/include/llvm/Transforms/Instrumentation.h
+++ b/llvm/include/llvm/Transforms/Instrumentation.h
@@ -150,13 +150,6 @@ struct SanitizerCoverageOptions {
SanitizerCoverageOptions() = default;
};
-/// Options for SanitizerBinaryMetadata.
-struct SanitizerBinaryMetadataOptions {
- bool Covered = false;
- bool Atomics = false;
- SanitizerBinaryMetadataOptions() = default;
-};
-
/// Calculate what to divide by to scale counts.
///
/// Given the maximum count, calculate a divisor that will scale all the
diff --git a/llvm/include/llvm/Transforms/Instrumentation/SanitizerBinaryMetadata.h b/llvm/include/llvm/Transforms/Instrumentation/SanitizerBinaryMetadata.h
index a54801309c1d8..67e22d1aa6818 100644
--- a/llvm/include/llvm/Transforms/Instrumentation/SanitizerBinaryMetadata.h
+++ b/llvm/include/llvm/Transforms/Instrumentation/SanitizerBinaryMetadata.h
@@ -19,6 +19,27 @@
namespace llvm {
+struct SanitizerBinaryMetadataOptions {
+ bool Covered = false;
+ bool Atomics = false;
+ bool UAR = false;
+ SanitizerBinaryMetadataOptions() = default;
+};
+
+inline constexpr int kSanitizerBinaryMetadataAtomicsBit = 0;
+inline constexpr int kSanitizerBinaryMetadataUARBit = 1;
+
+inline constexpr uint32_t kSanitizerBinaryMetadataNone = 0;
+inline constexpr uint32_t kSanitizerBinaryMetadataAtomics =
+ 1 << kSanitizerBinaryMetadataAtomicsBit;
+inline constexpr uint32_t kSanitizerBinaryMetadataUAR =
+ 1 << kSanitizerBinaryMetadataUARBit;
+
+inline constexpr char kSanitizerBinaryMetadataCoveredSection[] =
+ "sanmd_covered";
+inline constexpr char kSanitizerBinaryMetadataAtomicsSection[] =
+ "sanmd_atomics";
+
/// Public interface to the SanitizerBinaryMetadata module pass for emitting
/// metadata for binary analysis sanitizers.
//
diff --git a/llvm/lib/CodeGen/CMakeLists.txt b/llvm/lib/CodeGen/CMakeLists.txt
index 2289ea5de82e3..35eb8ba40ba08 100644
--- a/llvm/lib/CodeGen/CMakeLists.txt
+++ b/llvm/lib/CodeGen/CMakeLists.txt
@@ -196,6 +196,7 @@ add_llvm_component_library(LLVMCodeGen
RegisterBankInfo.cpp
SafeStack.cpp
SafeStackLayout.cpp
+ SanitizerBinaryMetadata.cpp
ScheduleDAG.cpp
ScheduleDAGInstrs.cpp
ScheduleDAGPrinter.cpp
diff --git a/llvm/lib/CodeGen/CodeGen.cpp b/llvm/lib/CodeGen/CodeGen.cpp
index 5d30e82f49dba..076d91f95aa42 100644
--- a/llvm/lib/CodeGen/CodeGen.cpp
+++ b/llvm/lib/CodeGen/CodeGen.cpp
@@ -83,6 +83,7 @@ void llvm::initializeCodeGen(PassRegistry &Registry) {
initializeMachineOptimizationRemarkEmitterPassPass(Registry);
initializeMachineOutlinerPass(Registry);
initializeMachinePipelinerPass(Registry);
+ initializeMachineSanitizerBinaryMetadataPass(Registry);
initializeModuloScheduleTestPass(Registry);
initializeMachinePostDominatorTreePass(Registry);
initializeMachineRegionInfoPassPass(Registry);
diff --git a/llvm/lib/CodeGen/SanitizerBinaryMetadata.cpp b/llvm/lib/CodeGen/SanitizerBinaryMetadata.cpp
new file mode 100644
index 0000000000000..57470b4218a2d
--- /dev/null
+++ b/llvm/lib/CodeGen/SanitizerBinaryMetadata.cpp
@@ -0,0 +1,78 @@
+//===- SanitizerBinaryMetadata.cpp
+//----------------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+//
+// This file is a part of SanitizerBinaryMetadata.
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/Transforms/Instrumentation/SanitizerBinaryMetadata.h"
+#include "llvm/CodeGen/MachineFrameInfo.h"
+#include "llvm/CodeGen/MachineFunction.h"
+#include "llvm/CodeGen/MachineFunctionPass.h"
+#include "llvm/CodeGen/Passes.h"
+#include "llvm/IR/IRBuilder.h"
+#include "llvm/IR/MDBuilder.h"
+#include "llvm/InitializePasses.h"
+#include "llvm/Pass.h"
+#include <algorithm>
+
+using namespace llvm;
+
+class MachineSanitizerBinaryMetadata : public MachineFunctionPass {
+public:
+ static char ID;
+
+ MachineSanitizerBinaryMetadata();
+ bool runOnMachineFunction(MachineFunction &F) override;
+};
+
+INITIALIZE_PASS(MachineSanitizerBinaryMetadata, "machine-sanmd",
+ "Machine Sanitizer Binary Metadata", false, false)
+
+char MachineSanitizerBinaryMetadata::ID = 0;
+char &llvm::MachineSanitizerBinaryMetadataID =
+ MachineSanitizerBinaryMetadata::ID;
+
+MachineSanitizerBinaryMetadata::MachineSanitizerBinaryMetadata()
+ : MachineFunctionPass(ID) {
+ initializeMachineSanitizerBinaryMetadataPass(
+ *PassRegistry::getPassRegistry());
+}
+
+bool MachineSanitizerBinaryMetadata::runOnMachineFunction(MachineFunction &MF) {
+ MDNode *MD = MF.getFunction().getMetadata(LLVMContext::MD_pcsections);
+ if (!MD)
+ return false;
+ const auto &Section = *cast<MDString>(MD->getOperand(0));
+ if (!Section.getString().equals(kSanitizerBinaryMetadataCoveredSection))
+ return false;
+ auto &AuxMDs = *cast<MDTuple>(MD->getOperand(1));
+ // Assume it currently only has features.
+ assert(AuxMDs.size() == 1);
+ auto *Features = cast<ConstantAsMetadata>(AuxMDs.getOperand(0))->getValue();
+ if (!Features->getUniqueInteger()[kSanitizerBinaryMetadataUARBit])
+ return false;
+ // Calculate size of stack args for the function.
+ int64_t Size = 0;
+ uint64_t Align = 0;
+ const MachineFrameInfo &MFI = MF.getFrameInfo();
+ for (int i = -1; i >= (int)-MFI.getNumFixedObjects(); --i) {
+ Size = std::max(Size, MFI.getObjectOffset(i) + MFI.getObjectSize(i));
+ Align = std::max(Align, MFI.getObjectAlign(i).value());
+ }
+ Size = (Size + Align - 1) & ~(Align - 1);
+ auto &F = MF.getFunction();
+ IRBuilder<> IRB(F.getContext());
+ MDBuilder MDB(F.getContext());
+ // Keep the features and append size of stack args to the metadata.
+ const auto *NewMD = MDB.createPCSections(
+ {{Section.getString(), {Features, IRB.getInt32(Size)}}});
+ MD->replaceOperandWith(1, NewMD->getOperand(1));
+ return false;
+}
diff --git a/llvm/lib/CodeGen/TargetPassConfig.cpp b/llvm/lib/CodeGen/TargetPassConfig.cpp
index cb109745d291b..13e2ba6ce4ada 100644
--- a/llvm/lib/CodeGen/TargetPassConfig.cpp
+++ b/llvm/lib/CodeGen/TargetPassConfig.cpp
@@ -1269,6 +1269,7 @@ void TargetPassConfig::addMachinePasses() {
addPass(&StackMapLivenessID);
addPass(&LiveDebugValuesID);
+ addPass(&MachineSanitizerBinaryMetadataID);
if (TM->Options.EnableMachineOutliner && getOptLevel() != CodeGenOpt::None &&
EnableMachineOutliner != RunOutliner::NeverOutline) {
diff --git a/llvm/lib/Transforms/Instrumentation/SanitizerBinaryMetadata.cpp b/llvm/lib/Transforms/Instrumentation/SanitizerBinaryMetadata.cpp
index 58c29d8b211e2..29be14c21b8e6 100644
--- a/llvm/lib/Transforms/Instrumentation/SanitizerBinaryMetadata.cpp
+++ b/llvm/lib/Transforms/Instrumentation/SanitizerBinaryMetadata.cpp
@@ -67,14 +67,16 @@ class MetadataInfo {
private:
// Forbid construction elsewhere.
explicit constexpr MetadataInfo(StringRef FunctionPrefix,
- StringRef SectionSuffix, int Feature)
+ StringRef SectionSuffix, uint32_t Feature)
: FunctionPrefix(FunctionPrefix), SectionSuffix(SectionSuffix),
- FeatureMask(Feature != -1 ? (1u << Feature) : 0) {}
+ FeatureMask(Feature) {}
};
const MetadataInfo MetadataInfo::Covered{"__sanitizer_metadata_covered",
- "sanmd_covered", -1};
+ kSanitizerBinaryMetadataCoveredSection,
+ kSanitizerBinaryMetadataNone};
const MetadataInfo MetadataInfo::Atomics{"__sanitizer_metadata_atomics",
- "sanmd_atomics", 0};
+ kSanitizerBinaryMetadataAtomicsSection,
+ kSanitizerBinaryMetadataAtomics};
// The only instances of MetadataInfo are the constants above, so a set of
// them may simply store pointers to them. To deterministically generate code,
@@ -89,11 +91,16 @@ cl::opt<bool> ClEmitCovered("sanitizer-metadata-covered",
cl::opt<bool> ClEmitAtomics("sanitizer-metadata-atomics",
cl::desc("Emit PCs for atomic operations."),
cl::Hidden, cl::init(false));
+cl::opt<bool> ClEmitUAR("sanitizer-metadata-uar",
+ cl::desc("Emit PCs for start of functions that are "
+ "subject for use-after-return checking"),
+ cl::Hidden, cl::init(false));
//===--- Statistics -------------------------------------------------------===//
STATISTIC(NumMetadataCovered, "Metadata attached to covered functions");
STATISTIC(NumMetadataAtomics, "Metadata attached to atomics");
+STATISTIC(NumMetadataUAR, "Metadata attached to UAR functions");
//===----------------------------------------------------------------------===//
@@ -102,6 +109,7 @@ SanitizerBinaryMetadataOptions &&
transformOptionsFromCl(SanitizerBinaryMetadataOptions &&Opts) {
Opts.Covered |= ClEmitCovered;
Opts.Atomics |= ClEmitAtomics;
+ Opts.UAR |= ClEmitUAR;
return std::move(Opts);
}
@@ -142,7 +150,8 @@ class SanitizerBinaryMetadata {
// function with memory operations (atomic or not) requires covered metadata
// to determine if a memory operation is atomic or not in modules compiled
// with SanitizerBinaryMetadata.
- bool runOn(Instruction &I, MetadataInfoSet &MIS, MDBuilder &MDB);
+ bool runOn(Instruction &I, MetadataInfoSet &MIS, MDBuilder &MDB,
+ uint32_t &FeatureMask);
// Get start/end section marker pointer.
GlobalVariable *getSectionMarker(const Twine &MarkerName, Type *Ty);
@@ -232,36 +241,58 @@ void SanitizerBinaryMetadata::runOn(Function &F, MetadataInfoSet &MIS) {
// The metadata features enabled for this function, stored along covered
// metadata (if enabled).
- uint32_t PerInstrFeatureMask = getEnabledPerInstructionFeature();
+ uint32_t FeatureMask = getEnabledPerInstructionFeature();
// Don't emit unnecessary covered metadata for all functions to save space.
bool RequiresCovered = false;
- if (PerInstrFeatureMask) {
+ // We can only understand if we need to set UAR feature after looking
+ // at the instructions. So we need to check instructions even if FeatureMask
+ // is empty.
+ if (FeatureMask || Options.UAR) {
for (BasicBlock &BB : F)
for (Instruction &I : BB)
- RequiresCovered |= runOn(I, MIS, MDB);
+ RequiresCovered |= runOn(I, MIS, MDB, FeatureMask);
}
+ if (F.isVarArg())
+ FeatureMask &= ~kSanitizerBinaryMetadataUAR;
+ if (FeatureMask & kSanitizerBinaryMetadataUAR)
+ NumMetadataUAR++;
+
// Covered metadata is always emitted if explicitly requested, otherwise only
// if some other metadata requires it to unambiguously interpret it for
// modules compiled with SanitizerBinaryMetadata.
- if (Options.Covered || RequiresCovered) {
+ if (Options.Covered || (FeatureMask && RequiresCovered)) {
NumMetadataCovered++;
const auto *MI = &MetadataInfo::Covered;
MIS.insert(MI);
const StringRef Section = getSectionName(MI->SectionSuffix);
// The feature mask will be placed after the size (32 bit) of the function,
// so in total one covered entry will use `sizeof(void*) + 4 + 4`.
- Constant *CFM = IRB.getInt32(PerInstrFeatureMask);
+ Constant *CFM = IRB.getInt32(FeatureMask);
F.setMetadata(LLVMContext::MD_pcsections,
MDB.createPCSections({{Section, {CFM}}}));
}
}
bool SanitizerBinaryMetadata::runOn(Instruction &I, MetadataInfoSet &MIS,
- MDBuilder &MDB) {
+ MDBuilder &MDB, uint32_t &FeatureMask) {
SmallVector<const MetadataInfo *, 1> InstMetadata;
bool RequiresCovered = false;
+ if (Options.UAR) {
+ for (unsigned i = 0; i < I.getNumOperands(); ++i) {
+ const Value *V = I.getOperand(i);
+ // TODO(dvyukov): check if V is an address of alloca/function arg.
+ // See isSafeAndProfitableToSinkLoad for addr-taken allocas
+ // and DeadArgumentEliminationPass::removeDeadStuffFromFunction
+ // for iteration over function args.
+ if (V) {
+ RequiresCovered = true;
+ FeatureMask |= kSanitizerBinaryMetadataUAR;
+ }
+ }
+ }
+
if (Options.Atomics && I.mayReadOrWriteMemory()) {
auto SSID = getAtomicSyncScopeID(&I);
if (SSID.has_value() && SSID.value() != SyncScope::SingleThread) {
diff --git a/llvm/test/Instrumentation/SanitizerBinaryMetadata/common.h b/llvm/test/Instrumentation/SanitizerBinaryMetadata/common.h
new file mode 100644
index 0000000000000..71e7f2bcf0259
--- /dev/null
+++ b/llvm/test/Instrumentation/SanitizerBinaryMetadata/common.h
@@ -0,0 +1,72 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <assert.h>
+
+int main() {
+ printf("main\n");
+}
+
+typedef unsigned long uptr;
+
+#define FN(X) if (pc == reinterpret_cast<uptr>(X)) return #X
+
+const char* symbolize(uptr pc) {
+ FUNCTIONS;
+ return nullptr;
+}
+
+template<typename T>
+T consume(const char*& pos, const char* end) {
+ T v = *reinterpret_cast<const T*>(pos);
+ pos += sizeof(T);
+ assert(pos <= end);
+ return v;
+}
+
+uint32_t meta_version;
+const char* meta_start;
+const char* meta_end;
+
+extern "C" {
+void __sanitizer_metadata_covered_add(uint32_t version, const char* start, const char* end) {
+ printf("metadata add version %u\n", version);
+ for (const char* pos = start; pos < end;) {
+ const uptr base = reinterpret_cast<uptr>(pos);
+ const long offset = (version & (1 << 16)) ?
+ consume<long>(pos, end) : consume<int>(pos, end);
+ const uint32_t size = consume<uint32_t>(pos, end);
+ const uint32_t features = consume<uint32_t>(pos, end);
+ uint32_t stack_args = 0;
+ if (features & (1 << 1))
+ stack_args = consume<uint32_t>(pos, end);
+ if (const char* name = symbolize(base + offset))
+ printf("%s: features=%x stack_args=%u\n", name, features, stack_args);
+ }
+ meta_version = version;
+ meta_start = start;
+ meta_end = end;
+}
+
+void __sanitizer_metadata_covered_del(uint32_t version, const char* start, const char* end) {
+ assert(version == meta_version);
+ assert(start == meta_start);
+ assert(end == meta_end);
+}
+
+const char* atomics_start;
+const char* atomics_end;
+
+void __sanitizer_metadata_atomics_add(uint32_t version, const char* start, const char* end) {
+ assert(version == meta_version);
+ assert(start);
+ assert(end >= end);
+ atomics_start = start;
+ atomics_end = end;
+}
+
+void __sanitizer_metadata_atomics_del(uint32_t version, const char* start, const char* end) {
+ assert(version == meta_version);
+ assert(atomics_start == start);
+ assert(atomics_end == end);
+}
+}
diff --git a/llvm/test/Instrumentation/SanitizerBinaryMetadata/covered.cpp b/llvm/test/Instrumentation/SanitizerBinaryMetadata/covered.cpp
new file mode 100644
index 0000000000000..70337e0a7ee0b
--- /dev/null
+++ b/llvm/test/Instrumentation/SanitizerBinaryMetadata/covered.cpp
@@ -0,0 +1,79 @@
+// REQUIRES: native && target-x86_64
+// RUN: clang++ %s -o %t && %t | FileCheck %s
+// RUN: clang++ %s -o %t -fexperimental-sanitize-metadata=covered && %t | FileCheck -check-prefix=CHECK-C %s
+// RUN: clang++ %s -o %t -fexperimental-sanitize-metadata=atomics && %t | FileCheck -check-prefix=CHECK-A %s
+// RUN: clang++ %s -o %t -fexperimental-sanitize-metadata=uar && %t | FileCheck -check-prefix=CHECK-U %s
+// RUN: clang++ %s -o %t -fexperimental-sanitize-metadata=covered,atomics && %t | FileCheck -check-prefix=CHECK-CA %s
+// RUN: clang++ %s -o %t -fexperimental-sanitize-metadata=covered,uar && %t | FileCheck -check-prefix=CHECK-CU %s
+// RUN: clang++ %s -o %t -fexperimental-sanitize-metadata=atomics,uar && %t | FileCheck -check-prefix=CHECK-AU %s
+// RUN: clang++ %s -o %t -fexperimental-sanitize-metadata=covered,atomics,uar && %t | FileCheck -check-prefix=CHECK-CAU %s
+
+// CHECK-NOT: metadata add
+// CHECK: main
+// CHECK-NOT: metadata del
+
+// CHECK-C: empty: features=0
+// CHECK-A-NOT: empty:
+// CHECK-U-NOT: empty:
+// CHECK-CA: empty: features=1
+// CHECK-CU: empty: features=0
+// CHECK-AU-NOT: empty:
+// CHECK-CAU: empty: features=1
+void empty() {
+}
+
+// CHECK-C: normal: features=0
+// CHECK-A: normal: features=1
+// CHECK-U: normal: features=2
+// CHECK-CA: normal: features=1
+// CHECK-CU: normal: features=2
+// CHECK-AU: normal: features=3
+// CHECK-CAU:normal: features=3
+void normal() {
+ volatile int x;
+ x = 0;
+}
+
+// CHECK-C: with_atomic: features=0
+// CHECK-A: with_atomic: features=1
+// CHECK-U: with_atomic: features=2
+// CHECK-CA: with_atomic: features=1
+// CHECK-CU: with_atomic: features=2
+// CHECK-AU: with_atomic: features=3
+// CHECK-CAU: with_atomic: features=3
+int with_atomic(int* p) {
+ return __atomic_load_n(p, __ATOMIC_RELAXED);
+}
+
+// CHECK-C: ellipsis: features=0
+// CHECK-A: ellipsis: features=1
+// CHECK-U-NOT: ellipsis:
+// CHECK-CA: ellipsis: features=1
+// CHECK-CU: ellipsis: features=0
+// CHECK-AU: ellipsis: features=1
+// CHECK-CAU: ellipsis: features=1
+void ellipsis(int* p, ...) {
+ volatile int x;
+ x = 0;
+}
+
+// CHECK-C: ellipsis_with_atomic: features=0
+// CHECK-A: ellipsis_with_atomic: features=1
+// CHECK-U-NOT: ellipsis_with_atomic:
+// CHECK-CA: ellipsis_with_atomic: features=1
+// CHECK-CU: ellipsis_with_atomic: features=0
+// CHECK-AU: ellipsis_with_atomic: features=1
+// CHECK-CAU: ellipsis_with_atomic: features=1
+int ellipsis_with_atomic(int* p, ...) {
+ return __atomic_load_n(p, __ATOMIC_RELAXED);
+}
+
+#define FUNCTIONS \
+ FN(empty); \
+ FN(normal); \
+ FN(with_atomic); \
+ FN(ellipsis); \
+ FN(ellipsis_with_atomic); \
+/**/
+
+#include "common.h"
diff --git a/llvm/test/Instrumentation/SanitizerBinaryMetadata/lit.local.cfg b/llvm/test/Instrumentation/SanitizerBinaryMetadata/lit.local.cfg
new file mode 100644
index 0000000000000..0ce1134ac1d47
--- /dev/null
+++ b/llvm/test/Instrumentation/SanitizerBinaryMetadata/lit.local.cfg
@@ -0,0 +1 @@
+config.suffixes = ['.ll', '.cpp']
diff --git a/llvm/test/Instrumentation/SanitizerBinaryMetadata/uar.cpp b/llvm/test/Instrumentation/SanitizerBinaryMetadata/uar.cpp
new file mode 100644
index 0000000000000..bb7c3542277e2
--- /dev/null
+++ b/llvm/test/Instrumentation/SanitizerBinaryMetadata/uar.cpp
@@ -0,0 +1,59 @@
+// We run the compiled binary + sizes of stack arguments depend on the arch.
+// REQUIRES: native && target-x86_64
+// RUN: clang++ %s -o %t -fexperimental-sanitize-metadata=covered,uar && %t | tee /dev/stderr | FileCheck %s
+
+// CHECK: metadata add version 1
+
+// CHECK: empty: features=0 stack_args=0
+void empty() {
+}
+
+// CHECK: ellipsis: features=0 stack_args=0
+void ellipsis(const char* fmt, ...) {
+ volatile int x;
+ x = 1;
+}
+
+// CHECK: non_empty_function: features=2 stack_args=0
+void non_empty_function() {
+ // Completely empty functions don't get uar metadata.
+ volatile int x;
+ x = 1;
+}
+
+// CHECK: no_stack_args: features=2 stack_args=0
+void no_stack_args(long a0, long a1, long a2, long a3, long a4, long a5) {
+ volatile int x;
+ x = 1;
+}
+
+// CHECK: stack_args: features=2 stack_args=16
+void stack_args(long a0, long a1, long a2, long a3, long a4, long a5, long a6) {
+ volatile int x;
+ x = 1;
+}
+
+// CHECK: more_stack_args: features=2 stack_args=32
+void more_stack_args(long a0, long a1, long a2, long a3, long a4, long a5, long a6, long a7, long a8) {
+ volatile int x;
+ x = 1;
+}
+
+// CHECK: struct_stack_args: features=2 stack_args=144
+struct large { char x[131]; };
+void struct_stack_args(large a) {
+ volatile int x;
+ x = 1;
+}
+
+#define FUNCTIONS \
+ FN(empty); \
+ FN(ellipsis); \
+ FN(non_empty_function); \
+ FN(no_stack_args); \
+ FN(stack_args); \
+ FN(more_stack_args); \
+ FN(struct_stack_args); \
+/**/
+
+#include "common.h"
More information about the cfe-commits
mailing list