[llvm-commits] [llvm] r172610 - in /llvm/trunk: lib/Transforms/Instrumentation/AddressSanitizer.cpp test/Instrumentation/AddressSanitizer/different_scale_and_offset.ll
Hal Finkel
hfinkel at anl.gov
Sat Jul 6 10:46:30 PDT 2013
----- Original Message -----
> Author: samsonov
> Date: Wed Jan 16 07:23:28 2013
> New Revision: 172610
>
> URL: http://llvm.org/viewvc/llvm-project?rev=172610&view=rev
> Log:
> ASan: wrap mapping scale and offset in a struct and make it a member
> of ASan passes. Add test for non-default mapping scale and offset.
> No functionality change
>
> Added:
> llvm/trunk/test/Instrumentation/AddressSanitizer/different_scale_and_offset.ll
> Modified:
> llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp
>
> Modified:
> llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp?rev=172610&r1=172609&r2=172610&view=diff
> ==============================================================================
> --- llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp
> (original)
> +++ llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp
> Wed Jan 16 07:23:28 2013
> @@ -53,7 +53,7 @@
> static const uint64_t kDefaultShadowScale = 3;
> static const uint64_t kDefaultShadowOffset32 = 1ULL << 29;
> static const uint64_t kDefaultShadowOffset64 = 1ULL << 44;
> -static const uint64_t kDefaultShadowOffsetAndroid = 0;
> +static const uint64_t kDefaultShadowOffsetPie = 0;
>
> static const size_t kMaxStackMallocSize = 1 << 16; // 64K
> static const uintptr_t kCurrentStackFrameMagic = 0x41B58AB3;
> @@ -186,14 +186,38 @@
> SmallSet<GlobalValue*, 32> DynInitGlobals;
> };
>
> -static int MappingScale() {
> - return ClMappingScale ? ClMappingScale : kDefaultShadowScale;
> +/// This struct defines the shadow mapping using the rule:
> +/// shadow = (mem >> Scale) + Offset.
> +struct ShadowMapping {
> + int Scale;
> + uint64_t Offset;
> +};
> +
> +static ShadowMapping getShadowMapping(const Module &M, int LongSize)
> {
> + llvm::Triple targetTriple(M.getTargetTriple());
> + bool isAndroid = targetTriple.getEnvironment() ==
> llvm::Triple::Android;
> +
> + ShadowMapping Mapping;
> +
> + Mapping.Offset = isAndroid ? kDefaultShadowOffsetPie :
> + (LongSize == 32 ? kDefaultShadowOffset32 :
> kDefaultShadowOffset64);
> + if (ClMappingOffsetLog >= 0) {
> + // Zero offset log is the special case.
> + Mapping.Offset = (ClMappingOffsetLog == 0) ? 0 : 1ULL <<
> ClMappingOffsetLog;
> + }
> +
> + Mapping.Scale = kDefaultShadowScale;
> + if (ClMappingScale) {
> + Mapping.Scale = ClMappingScale;
> + }
> +
> + return Mapping;
> }
>
> -static size_t RedzoneSize() {
> +static size_t RedzoneSizeForScale(int MappingScale) {
> // Redzone used for stack and globals is at least 32 bytes.
> // For scales 6 and 7, the redzone has to be 64 and 128 bytes
> respectively.
> - return std::max(32U, 1U << MappingScale());
> + return std::max(32U, 1U << MappingScale);
> }
This does not seem to work for me when MappingScale is large (meaning in my case, 5, and I'm working on a system with 32-byte-aligned stacks). In this case, unit tests like stack-overflow and stack-oob-frames don't trigger a fault as they should. If I change this to read:
return std::max(32U, 4*(1U << MappingScale));
(where I guessed that 4 would be a good multiplier because 32/8 == 4) then things seem to work as expected.
Does this make sense?
-Hal
>
> /// AddressSanitizer: instrument the code in module to find memory
> bugs.
> @@ -227,6 +251,7 @@
> void createInitializerPoisonCalls(Module &M,
> Value *FirstAddr, Value
> *LastAddr);
> bool maybeInsertAsanInitAtFunctionEntry(Function &F);
> + void emitShadowMapping(Module &M, IRBuilder<> &IRB) const;
> virtual bool doInitialization(Module &M);
> static char ID; // Pass identification, replacement for typeid
>
> @@ -242,9 +267,9 @@
> bool CheckLifetime;
> LLVMContext *C;
> DataLayout *TD;
> - uint64_t MappingOffset;
> int LongSize;
> Type *IntptrTy;
> + ShadowMapping Mapping;
> Function *AsanCtorFunction;
> Function *AsanInitFunction;
> Function *AsanHandleNoReturnFunc;
> @@ -278,6 +303,9 @@
> bool ShouldInstrumentGlobal(GlobalVariable *G);
> void createInitializerPoisonCalls(Module &M, Value *FirstAddr,
> Value *LastAddr);
> + size_t RedzoneSize() const {
> + return RedzoneSizeForScale(Mapping.Scale);
> + }
>
> bool CheckInitOrder;
> SmallString<64> BlacklistFile;
> @@ -286,6 +314,7 @@
> Type *IntptrTy;
> LLVMContext *C;
> DataLayout *TD;
> + ShadowMapping Mapping;
> Function *AsanPoisonGlobals;
> Function *AsanUnpoisonGlobals;
> Function *AsanRegisterGlobals;
> @@ -308,6 +337,7 @@
> LLVMContext *C;
> Type *IntptrTy;
> Type *IntptrPtrTy;
> + ShadowMapping Mapping;
>
> SmallVector<AllocaInst*, 16> AllocaVec;
> SmallVector<Instruction*, 8> RetVec;
> @@ -332,7 +362,8 @@
> FunctionStackPoisoner(Function &F, AddressSanitizer &ASan)
> : F(F), ASan(ASan), DIB(*F.getParent()), C(ASan.C),
> IntptrTy(ASan.IntptrTy),
> IntptrPtrTy(PointerType::get(IntptrTy, 0)),
> - TotalStackSize(0), StackAlignment(1 << MappingScale()) {}
> + Mapping(ASan.Mapping),
> + TotalStackSize(0), StackAlignment(1 << Mapping.Scale) {}
>
> bool runOnFunction() {
> if (!ClStack) return false;
> @@ -411,6 +442,9 @@
> AI.getAllocatedType()->isSized());
> }
>
> + size_t RedzoneSize() const {
> + return RedzoneSizeForScale(Mapping.Scale);
> + }
> uint64_t getAllocaSizeInBytes(AllocaInst *AI) {
> Type *Ty = AI->getAllocatedType();
> uint64_t SizeInBytes = ASan.TD->getTypeAllocSize(Ty);
> @@ -473,12 +507,12 @@
>
> Value *AddressSanitizer::memToShadow(Value *Shadow, IRBuilder<>
> &IRB) {
> // Shadow >> scale
> - Shadow = IRB.CreateLShr(Shadow, MappingScale());
> - if (MappingOffset == 0)
> + Shadow = IRB.CreateLShr(Shadow, Mapping.Scale);
> + if (Mapping.Offset == 0)
> return Shadow;
> // (Shadow >> scale) | offset
> return IRB.CreateOr(Shadow, ConstantInt::get(IntptrTy,
> - MappingOffset));
> + Mapping.Offset));
> }
>
> void AddressSanitizer::instrumentMemIntrinsicParam(
> @@ -614,7 +648,7 @@
> Value *AddressSanitizer::createSlowPathCmp(IRBuilder<> &IRB, Value
> *AddrLong,
> Value *ShadowValue,
> uint32_t TypeSize) {
> - size_t Granularity = 1 << MappingScale();
> + size_t Granularity = 1 << Mapping.Scale;
> // Addr & (Granularity - 1)
> Value *LastAccessedByte = IRB.CreateAnd(
> AddrLong, ConstantInt::get(IntptrTy, Granularity - 1));
> @@ -635,7 +669,7 @@
> Value *AddrLong = IRB.CreatePointerCast(Addr, IntptrTy);
>
> Type *ShadowTy = IntegerType::get(
> - *C, std::max(8U, TypeSize >> MappingScale()));
> + *C, std::max(8U, TypeSize >> Mapping.Scale));
> Type *ShadowPtrTy = PointerType::get(ShadowTy, 0);
> Value *ShadowPtr = memToShadow(AddrLong, IRB);
> Value *CmpVal = Constant::getNullValue(ShadowTy);
> @@ -644,7 +678,7 @@
>
> Value *Cmp = IRB.CreateICmpNE(ShadowValue, CmpVal);
> size_t AccessSizeIndex = TypeSizeToSizeIndex(TypeSize);
> - size_t Granularity = 1 << MappingScale();
> + size_t Granularity = 1 << Mapping.Scale;
> TerminatorInst *CrashTerm = 0;
>
> if (ClAlwaysSlowPath || (TypeSize < 8 * Granularity)) {
> @@ -782,7 +816,9 @@
> BL.reset(new BlackList(BlacklistFile));
> if (BL->isIn(M)) return false;
> C = &(M.getContext());
> - IntptrTy = Type::getIntNTy(*C, TD->getPointerSizeInBits());
> + int LongSize = TD->getPointerSizeInBits();
> + IntptrTy = Type::getIntNTy(*C, LongSize);
> + Mapping = getShadowMapping(M, LongSize);
> initializeCallbacks(M);
> DynamicallyInitializedGlobals.Init(M);
>
> @@ -930,6 +966,28 @@
> /*hasSideEffects=*/true);
> }
>
> +void AddressSanitizer::emitShadowMapping(Module &M, IRBuilder<>
> &IRB) const {
> + // Tell the values of mapping offset and scale to the run-time if
> they are
> + // specified by command-line flags.
> + if (ClMappingOffsetLog >= 0) {
> + GlobalValue *asan_mapping_offset =
> + new GlobalVariable(M, IntptrTy, true,
> GlobalValue::LinkOnceODRLinkage,
> + ConstantInt::get(IntptrTy, Mapping.Offset),
> + kAsanMappingOffsetName);
> + // Read the global, otherwise it may be optimized away.
> + IRB.CreateLoad(asan_mapping_offset, true);
> + }
> +
> + if (ClMappingScale) {
> + GlobalValue *asan_mapping_scale =
> + new GlobalVariable(M, IntptrTy, true,
> GlobalValue::LinkOnceODRLinkage,
> + ConstantInt::get(IntptrTy,
> Mapping.Scale),
> + kAsanMappingScaleName);
> + // Read the global, otherwise it may be optimized away.
> + IRB.CreateLoad(asan_mapping_scale, true);
> + }
> +}
> +
> // virtual
> bool AddressSanitizer::doInitialization(Module &M) {
> // Initialize the private fields. No one has accessed them before.
> @@ -955,41 +1013,10 @@
> AsanInitFunction->setLinkage(Function::ExternalLinkage);
> IRB.CreateCall(AsanInitFunction);
>
> - llvm::Triple targetTriple(M.getTargetTriple());
> - bool isAndroid = targetTriple.getEnvironment() ==
> llvm::Triple::Android;
> -
> - MappingOffset = isAndroid ? kDefaultShadowOffsetAndroid :
> - (LongSize == 32 ? kDefaultShadowOffset32 :
> kDefaultShadowOffset64);
> - if (ClMappingOffsetLog >= 0) {
> - if (ClMappingOffsetLog == 0) {
> - // special case
> - MappingOffset = 0;
> - } else {
> - MappingOffset = 1ULL << ClMappingOffsetLog;
> - }
> - }
> -
> -
> - if (ClMappingOffsetLog >= 0) {
> - // Tell the run-time the current values of mapping offset and
> scale.
> - GlobalValue *asan_mapping_offset =
> - new GlobalVariable(M, IntptrTy, true,
> GlobalValue::LinkOnceODRLinkage,
> - ConstantInt::get(IntptrTy, MappingOffset),
> - kAsanMappingOffsetName);
> - // Read the global, otherwise it may be optimized away.
> - IRB.CreateLoad(asan_mapping_offset, true);
> - }
> - if (ClMappingScale) {
> - GlobalValue *asan_mapping_scale =
> - new GlobalVariable(M, IntptrTy, true,
> GlobalValue::LinkOnceODRLinkage,
> - ConstantInt::get(IntptrTy,
> MappingScale()),
> - kAsanMappingScaleName);
> - // Read the global, otherwise it may be optimized away.
> - IRB.CreateLoad(asan_mapping_scale, true);
> - }
> + Mapping = getShadowMapping(M, LongSize);
> + emitShadowMapping(M, IRB);
>
> appendToGlobalCtors(M, AsanCtorFunction,
> kAsanCtorAndCtorPriority);
> -
> return true;
> }
>
> @@ -1147,7 +1174,7 @@
> void FunctionStackPoisoner::poisonRedZones(
> const ArrayRef<AllocaInst*> &AllocaVec, IRBuilder<> IRB, Value
> *ShadowBase,
> bool DoPoison) {
> - size_t ShadowRZSize = RedzoneSize() >> MappingScale();
> + size_t ShadowRZSize = RedzoneSize() >> Mapping.Scale;
> assert(ShadowRZSize >= 1 && ShadowRZSize <= 4);
> Type *RZTy = Type::getIntNTy(*C, ShadowRZSize * 8);
> Type *RZPtrTy = PointerType::get(RZTy, 0);
> @@ -1178,13 +1205,13 @@
> // Poison the partial redzone at right
> Ptr = IRB.CreateAdd(
> ShadowBase, ConstantInt::get(IntptrTy,
> - (Pos >> MappingScale()) -
> ShadowRZSize));
> + (Pos >> Mapping.Scale) -
> ShadowRZSize));
> size_t AddressableBytes = RedzoneSize() - (AlignedSize -
> SizeInBytes);
> uint32_t Poison = 0;
> if (DoPoison) {
> PoisonShadowPartialRightRedzone((uint8_t*)&Poison,
> AddressableBytes,
> RedzoneSize(),
> - 1ULL << MappingScale(),
> + 1ULL << Mapping.Scale,
> kAsanStackPartialRedzoneMagic);
> }
> Value *PartialPoison = ConstantInt::get(RZTy, Poison);
> @@ -1193,7 +1220,7 @@
>
> // Poison the full redzone at right.
> Ptr = IRB.CreateAdd(ShadowBase,
> - ConstantInt::get(IntptrTy, Pos >>
> MappingScale()));
> + ConstantInt::get(IntptrTy, Pos >>
> Mapping.Scale));
> bool LastAlloca = (i == AllocaVec.size() - 1);
> Value *Poison = LastAlloca ? PoisonRight : PoisonMid;
> IRB.CreateStore(Poison, IRB.CreateIntToPtr(Ptr, RZPtrTy));
>
> Added:
> llvm/trunk/test/Instrumentation/AddressSanitizer/different_scale_and_offset.ll
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Instrumentation/AddressSanitizer/different_scale_and_offset.ll?rev=172610&view=auto
> ==============================================================================
> ---
> llvm/trunk/test/Instrumentation/AddressSanitizer/different_scale_and_offset.ll
> (added)
> +++
> llvm/trunk/test/Instrumentation/AddressSanitizer/different_scale_and_offset.ll
> Wed Jan 16 07:23:28 2013
> @@ -0,0 +1,41 @@
> +; Test non-default shadow mapping scale and offset.
> +;
> +; RUN: opt < %s -asan -asan-mapping-scale=2
> -asan-mapping-offset-log=0 -S | FileCheck %s
> +
> +target datalayout =
> "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
> +target triple = "x86_64-unknown-linux-gnu"
> +
> +; Test that ASan tells scale and offset to runtime.
> +; CHECK: @__asan_mapping_offset = linkonce_odr constant i64 0
> +; CHECK: @__asan_mapping_scale = linkonce_odr constant i64 2
> +
> +define i32 @test_load(i32* %a) address_safety {
> +; CHECK: @test_load
> +; CHECK-NOT: load
> +; CHECK: %[[LOAD_ADDR:[^ ]*]] = ptrtoint i32* %a to i64
> +; CHECK: lshr i64 %[[LOAD_ADDR]], 2
> +
> +; No need in shift for zero offset.
> +; CHECK-NOT: or i64
> +
> +; CHECK: %[[LOAD_SHADOW_PTR:[^ ]*]] = inttoptr
> +; CHECK: %[[LOAD_SHADOW:[^ ]*]] = load i8* %[[LOAD_SHADOW_PTR]]
> +; CHECK: icmp ne i8
> +; CHECK: br i1 %{{.*}}, label %{{.*}}, label %{{.*}}
> +
> +; No need in slow path for i32 and mapping scale equal to 2.
> +; CHECK-NOT: and i64 %[[LOAD_ADDR]]
> +;
> +; The crash block reports the error.
> +; CHECK: call void @__asan_report_load4(i64 %[[LOAD_ADDR]])
> +; CHECK: unreachable
> +;
> +; The actual load.
> +; CHECK: %tmp1 = load i32* %a
> +; CHECK: ret i32 %tmp1
> +
> +entry:
> + %tmp1 = load i32* %a
> + ret i32 %tmp1
> +}
> +
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>
--
Hal Finkel
Assistant Computational Scientist
Leadership Computing Facility
Argonne National Laboratory
More information about the llvm-commits
mailing list