[llvm-commits] [llvm] r172610 - in /llvm/trunk: lib/Transforms/Instrumentation/AddressSanitizer.cpp test/Instrumentation/AddressSanitizer/different_scale_and_offset.ll
Alexey Samsonov
samsonov at google.com
Tue Jul 16 03:40:08 PDT 2013
Hi Hal!
See Kostya's reply for r171107.
On Sat, Jul 6, 2013 at 9:46 PM, Hal Finkel <hfinkel at anl.gov> wrote:
> ----- Original Message -----
> > Author: samsonov
> > Date: Wed Jan 16 07:23:28 2013
> > New Revision: 172610
> >
> > URL: http://llvm.org/viewvc/llvm-project?rev=172610&view=rev
> > Log:
> > ASan: wrap mapping scale and offset in a struct and make it a member
> > of ASan passes. Add test for non-default mapping scale and offset.
> > No functionality change
> >
> > Added:
> >
> llvm/trunk/test/Instrumentation/AddressSanitizer/different_scale_and_offset.ll
> > Modified:
> > llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp
> >
> > Modified:
> > llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp
> > URL:
> >
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp?rev=172610&r1=172609&r2=172610&view=diff
> >
> ==============================================================================
> > --- llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp
> > (original)
> > +++ llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp
> > Wed Jan 16 07:23:28 2013
> > @@ -53,7 +53,7 @@
> > static const uint64_t kDefaultShadowScale = 3;
> > static const uint64_t kDefaultShadowOffset32 = 1ULL << 29;
> > static const uint64_t kDefaultShadowOffset64 = 1ULL << 44;
> > -static const uint64_t kDefaultShadowOffsetAndroid = 0;
> > +static const uint64_t kDefaultShadowOffsetPie = 0;
> >
> > static const size_t kMaxStackMallocSize = 1 << 16; // 64K
> > static const uintptr_t kCurrentStackFrameMagic = 0x41B58AB3;
> > @@ -186,14 +186,38 @@
> > SmallSet<GlobalValue*, 32> DynInitGlobals;
> > };
> >
> > -static int MappingScale() {
> > - return ClMappingScale ? ClMappingScale : kDefaultShadowScale;
> > +/// This struct defines the shadow mapping using the rule:
> > +/// shadow = (mem >> Scale) + Offset.
> > +struct ShadowMapping {
> > + int Scale;
> > + uint64_t Offset;
> > +};
> > +
> > +static ShadowMapping getShadowMapping(const Module &M, int LongSize)
> > {
> > + llvm::Triple targetTriple(M.getTargetTriple());
> > + bool isAndroid = targetTriple.getEnvironment() ==
> > llvm::Triple::Android;
> > +
> > + ShadowMapping Mapping;
> > +
> > + Mapping.Offset = isAndroid ? kDefaultShadowOffsetPie :
> > + (LongSize == 32 ? kDefaultShadowOffset32 :
> > kDefaultShadowOffset64);
> > + if (ClMappingOffsetLog >= 0) {
> > + // Zero offset log is the special case.
> > + Mapping.Offset = (ClMappingOffsetLog == 0) ? 0 : 1ULL <<
> > ClMappingOffsetLog;
> > + }
> > +
> > + Mapping.Scale = kDefaultShadowScale;
> > + if (ClMappingScale) {
> > + Mapping.Scale = ClMappingScale;
> > + }
> > +
> > + return Mapping;
> > }
> >
> > -static size_t RedzoneSize() {
> > +static size_t RedzoneSizeForScale(int MappingScale) {
> > // Redzone used for stack and globals is at least 32 bytes.
> > // For scales 6 and 7, the redzone has to be 64 and 128 bytes
> > respectively.
> > - return std::max(32U, 1U << MappingScale());
> > + return std::max(32U, 1U << MappingScale);
> > }
>
> This does not seem to work for me when MappingScale is large (meaning in
> my case, 5, and I'm working on a system with 32-byte-aligned stacks). In
> this case, unit tests like stack-overflow and stack-oob-frames don't
> trigger a fault as they should. If I change this to read:
> return std::max(32U, 4*(1U << MappingScale));
> (where I guessed that 4 would be a good multiplier because 32/8 == 4) then
> things seem to work as expected.
>
> Does this make sense?
>
> -Hal
>
> >
> > /// AddressSanitizer: instrument the code in module to find memory
> > bugs.
> > @@ -227,6 +251,7 @@
> > void createInitializerPoisonCalls(Module &M,
> > Value *FirstAddr, Value
> > *LastAddr);
> > bool maybeInsertAsanInitAtFunctionEntry(Function &F);
> > + void emitShadowMapping(Module &M, IRBuilder<> &IRB) const;
> > virtual bool doInitialization(Module &M);
> > static char ID; // Pass identification, replacement for typeid
> >
> > @@ -242,9 +267,9 @@
> > bool CheckLifetime;
> > LLVMContext *C;
> > DataLayout *TD;
> > - uint64_t MappingOffset;
> > int LongSize;
> > Type *IntptrTy;
> > + ShadowMapping Mapping;
> > Function *AsanCtorFunction;
> > Function *AsanInitFunction;
> > Function *AsanHandleNoReturnFunc;
> > @@ -278,6 +303,9 @@
> > bool ShouldInstrumentGlobal(GlobalVariable *G);
> > void createInitializerPoisonCalls(Module &M, Value *FirstAddr,
> > Value *LastAddr);
> > + size_t RedzoneSize() const {
> > + return RedzoneSizeForScale(Mapping.Scale);
> > + }
> >
> > bool CheckInitOrder;
> > SmallString<64> BlacklistFile;
> > @@ -286,6 +314,7 @@
> > Type *IntptrTy;
> > LLVMContext *C;
> > DataLayout *TD;
> > + ShadowMapping Mapping;
> > Function *AsanPoisonGlobals;
> > Function *AsanUnpoisonGlobals;
> > Function *AsanRegisterGlobals;
> > @@ -308,6 +337,7 @@
> > LLVMContext *C;
> > Type *IntptrTy;
> > Type *IntptrPtrTy;
> > + ShadowMapping Mapping;
> >
> > SmallVector<AllocaInst*, 16> AllocaVec;
> > SmallVector<Instruction*, 8> RetVec;
> > @@ -332,7 +362,8 @@
> > FunctionStackPoisoner(Function &F, AddressSanitizer &ASan)
> > : F(F), ASan(ASan), DIB(*F.getParent()), C(ASan.C),
> > IntptrTy(ASan.IntptrTy),
> > IntptrPtrTy(PointerType::get(IntptrTy, 0)),
> > - TotalStackSize(0), StackAlignment(1 << MappingScale()) {}
> > + Mapping(ASan.Mapping),
> > + TotalStackSize(0), StackAlignment(1 << Mapping.Scale) {}
> >
> > bool runOnFunction() {
> > if (!ClStack) return false;
> > @@ -411,6 +442,9 @@
> > AI.getAllocatedType()->isSized());
> > }
> >
> > + size_t RedzoneSize() const {
> > + return RedzoneSizeForScale(Mapping.Scale);
> > + }
> > uint64_t getAllocaSizeInBytes(AllocaInst *AI) {
> > Type *Ty = AI->getAllocatedType();
> > uint64_t SizeInBytes = ASan.TD->getTypeAllocSize(Ty);
> > @@ -473,12 +507,12 @@
> >
> > Value *AddressSanitizer::memToShadow(Value *Shadow, IRBuilder<>
> > &IRB) {
> > // Shadow >> scale
> > - Shadow = IRB.CreateLShr(Shadow, MappingScale());
> > - if (MappingOffset == 0)
> > + Shadow = IRB.CreateLShr(Shadow, Mapping.Scale);
> > + if (Mapping.Offset == 0)
> > return Shadow;
> > // (Shadow >> scale) | offset
> > return IRB.CreateOr(Shadow, ConstantInt::get(IntptrTy,
> > - MappingOffset));
> > + Mapping.Offset));
> > }
> >
> > void AddressSanitizer::instrumentMemIntrinsicParam(
> > @@ -614,7 +648,7 @@
> > Value *AddressSanitizer::createSlowPathCmp(IRBuilder<> &IRB, Value
> > *AddrLong,
> > Value *ShadowValue,
> > uint32_t TypeSize) {
> > - size_t Granularity = 1 << MappingScale();
> > + size_t Granularity = 1 << Mapping.Scale;
> > // Addr & (Granularity - 1)
> > Value *LastAccessedByte = IRB.CreateAnd(
> > AddrLong, ConstantInt::get(IntptrTy, Granularity - 1));
> > @@ -635,7 +669,7 @@
> > Value *AddrLong = IRB.CreatePointerCast(Addr, IntptrTy);
> >
> > Type *ShadowTy = IntegerType::get(
> > - *C, std::max(8U, TypeSize >> MappingScale()));
> > + *C, std::max(8U, TypeSize >> Mapping.Scale));
> > Type *ShadowPtrTy = PointerType::get(ShadowTy, 0);
> > Value *ShadowPtr = memToShadow(AddrLong, IRB);
> > Value *CmpVal = Constant::getNullValue(ShadowTy);
> > @@ -644,7 +678,7 @@
> >
> > Value *Cmp = IRB.CreateICmpNE(ShadowValue, CmpVal);
> > size_t AccessSizeIndex = TypeSizeToSizeIndex(TypeSize);
> > - size_t Granularity = 1 << MappingScale();
> > + size_t Granularity = 1 << Mapping.Scale;
> > TerminatorInst *CrashTerm = 0;
> >
> > if (ClAlwaysSlowPath || (TypeSize < 8 * Granularity)) {
> > @@ -782,7 +816,9 @@
> > BL.reset(new BlackList(BlacklistFile));
> > if (BL->isIn(M)) return false;
> > C = &(M.getContext());
> > - IntptrTy = Type::getIntNTy(*C, TD->getPointerSizeInBits());
> > + int LongSize = TD->getPointerSizeInBits();
> > + IntptrTy = Type::getIntNTy(*C, LongSize);
> > + Mapping = getShadowMapping(M, LongSize);
> > initializeCallbacks(M);
> > DynamicallyInitializedGlobals.Init(M);
> >
> > @@ -930,6 +966,28 @@
> > /*hasSideEffects=*/true);
> > }
> >
> > +void AddressSanitizer::emitShadowMapping(Module &M, IRBuilder<>
> > &IRB) const {
> > + // Tell the values of mapping offset and scale to the run-time if
> > they are
> > + // specified by command-line flags.
> > + if (ClMappingOffsetLog >= 0) {
> > + GlobalValue *asan_mapping_offset =
> > + new GlobalVariable(M, IntptrTy, true,
> > GlobalValue::LinkOnceODRLinkage,
> > + ConstantInt::get(IntptrTy, Mapping.Offset),
> > + kAsanMappingOffsetName);
> > + // Read the global, otherwise it may be optimized away.
> > + IRB.CreateLoad(asan_mapping_offset, true);
> > + }
> > +
> > + if (ClMappingScale) {
> > + GlobalValue *asan_mapping_scale =
> > + new GlobalVariable(M, IntptrTy, true,
> > GlobalValue::LinkOnceODRLinkage,
> > + ConstantInt::get(IntptrTy,
> > Mapping.Scale),
> > + kAsanMappingScaleName);
> > + // Read the global, otherwise it may be optimized away.
> > + IRB.CreateLoad(asan_mapping_scale, true);
> > + }
> > +}
> > +
> > // virtual
> > bool AddressSanitizer::doInitialization(Module &M) {
> > // Initialize the private fields. No one has accessed them before.
> > @@ -955,41 +1013,10 @@
> > AsanInitFunction->setLinkage(Function::ExternalLinkage);
> > IRB.CreateCall(AsanInitFunction);
> >
> > - llvm::Triple targetTriple(M.getTargetTriple());
> > - bool isAndroid = targetTriple.getEnvironment() ==
> > llvm::Triple::Android;
> > -
> > - MappingOffset = isAndroid ? kDefaultShadowOffsetAndroid :
> > - (LongSize == 32 ? kDefaultShadowOffset32 :
> > kDefaultShadowOffset64);
> > - if (ClMappingOffsetLog >= 0) {
> > - if (ClMappingOffsetLog == 0) {
> > - // special case
> > - MappingOffset = 0;
> > - } else {
> > - MappingOffset = 1ULL << ClMappingOffsetLog;
> > - }
> > - }
> > -
> > -
> > - if (ClMappingOffsetLog >= 0) {
> > - // Tell the run-time the current values of mapping offset and
> > scale.
> > - GlobalValue *asan_mapping_offset =
> > - new GlobalVariable(M, IntptrTy, true,
> > GlobalValue::LinkOnceODRLinkage,
> > - ConstantInt::get(IntptrTy, MappingOffset),
> > - kAsanMappingOffsetName);
> > - // Read the global, otherwise it may be optimized away.
> > - IRB.CreateLoad(asan_mapping_offset, true);
> > - }
> > - if (ClMappingScale) {
> > - GlobalValue *asan_mapping_scale =
> > - new GlobalVariable(M, IntptrTy, true,
> > GlobalValue::LinkOnceODRLinkage,
> > - ConstantInt::get(IntptrTy,
> > MappingScale()),
> > - kAsanMappingScaleName);
> > - // Read the global, otherwise it may be optimized away.
> > - IRB.CreateLoad(asan_mapping_scale, true);
> > - }
> > + Mapping = getShadowMapping(M, LongSize);
> > + emitShadowMapping(M, IRB);
> >
> > appendToGlobalCtors(M, AsanCtorFunction,
> > kAsanCtorAndCtorPriority);
> > -
> > return true;
> > }
> >
> > @@ -1147,7 +1174,7 @@
> > void FunctionStackPoisoner::poisonRedZones(
> > const ArrayRef<AllocaInst*> &AllocaVec, IRBuilder<> IRB, Value
> > *ShadowBase,
> > bool DoPoison) {
> > - size_t ShadowRZSize = RedzoneSize() >> MappingScale();
> > + size_t ShadowRZSize = RedzoneSize() >> Mapping.Scale;
> > assert(ShadowRZSize >= 1 && ShadowRZSize <= 4);
> > Type *RZTy = Type::getIntNTy(*C, ShadowRZSize * 8);
> > Type *RZPtrTy = PointerType::get(RZTy, 0);
> > @@ -1178,13 +1205,13 @@
> > // Poison the partial redzone at right
> > Ptr = IRB.CreateAdd(
> > ShadowBase, ConstantInt::get(IntptrTy,
> > - (Pos >> MappingScale()) -
> > ShadowRZSize));
> > + (Pos >> Mapping.Scale) -
> > ShadowRZSize));
> > size_t AddressableBytes = RedzoneSize() - (AlignedSize -
> > SizeInBytes);
> > uint32_t Poison = 0;
> > if (DoPoison) {
> > PoisonShadowPartialRightRedzone((uint8_t*)&Poison,
> > AddressableBytes,
> > RedzoneSize(),
> > - 1ULL << MappingScale(),
> > + 1ULL << Mapping.Scale,
> > kAsanStackPartialRedzoneMagic);
> > }
> > Value *PartialPoison = ConstantInt::get(RZTy, Poison);
> > @@ -1193,7 +1220,7 @@
> >
> > // Poison the full redzone at right.
> > Ptr = IRB.CreateAdd(ShadowBase,
> > - ConstantInt::get(IntptrTy, Pos >>
> > MappingScale()));
> > + ConstantInt::get(IntptrTy, Pos >>
> > Mapping.Scale));
> > bool LastAlloca = (i == AllocaVec.size() - 1);
> > Value *Poison = LastAlloca ? PoisonRight : PoisonMid;
> > IRB.CreateStore(Poison, IRB.CreateIntToPtr(Ptr, RZPtrTy));
> >
> > Added:
> >
> llvm/trunk/test/Instrumentation/AddressSanitizer/different_scale_and_offset.ll
> > URL:
> >
> http://llvm.org/viewvc/llvm-project/llvm/trunk/test/Instrumentation/AddressSanitizer/different_scale_and_offset.ll?rev=172610&view=auto
> >
> ==============================================================================
> > ---
> >
> llvm/trunk/test/Instrumentation/AddressSanitizer/different_scale_and_offset.ll
> > (added)
> > +++
> >
> llvm/trunk/test/Instrumentation/AddressSanitizer/different_scale_and_offset.ll
> > Wed Jan 16 07:23:28 2013
> > @@ -0,0 +1,41 @@
> > +; Test non-default shadow mapping scale and offset.
> > +;
> > +; RUN: opt < %s -asan -asan-mapping-scale=2
> > -asan-mapping-offset-log=0 -S | FileCheck %s
> > +
> > +target datalayout =
> >
> "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
> > +target triple = "x86_64-unknown-linux-gnu"
> > +
> > +; Test that ASan tells scale and offset to runtime.
> > +; CHECK: @__asan_mapping_offset = linkonce_odr constant i64 0
> > +; CHECK: @__asan_mapping_scale = linkonce_odr constant i64 2
> > +
> > +define i32 @test_load(i32* %a) address_safety {
> > +; CHECK: @test_load
> > +; CHECK-NOT: load
> > +; CHECK: %[[LOAD_ADDR:[^ ]*]] = ptrtoint i32* %a to i64
> > +; CHECK: lshr i64 %[[LOAD_ADDR]], 2
> > +
> > +; No need in shift for zero offset.
> > +; CHECK-NOT: or i64
> > +
> > +; CHECK: %[[LOAD_SHADOW_PTR:[^ ]*]] = inttoptr
> > +; CHECK: %[[LOAD_SHADOW:[^ ]*]] = load i8* %[[LOAD_SHADOW_PTR]]
> > +; CHECK: icmp ne i8
> > +; CHECK: br i1 %{{.*}}, label %{{.*}}, label %{{.*}}
> > +
> > +; No need in slow path for i32 and mapping scale equal to 2.
> > +; CHECK-NOT: and i64 %[[LOAD_ADDR]]
> > +;
> > +; The crash block reports the error.
> > +; CHECK: call void @__asan_report_load4(i64 %[[LOAD_ADDR]])
> > +; CHECK: unreachable
> > +;
> > +; The actual load.
> > +; CHECK: %tmp1 = load i32* %a
> > +; CHECK: ret i32 %tmp1
> > +
> > +entry:
> > + %tmp1 = load i32* %a
> > + ret i32 %tmp1
> > +}
> > +
> >
> >
> > _______________________________________________
> > llvm-commits mailing list
> > llvm-commits at cs.uiuc.edu
> > http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
> >
>
> --
> Hal Finkel
> Assistant Computational Scientist
> Leadership Computing Facility
> Argonne National Laboratory
>
--
Alexey Samsonov, MSK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20130716/f6a00b78/attachment.html>
More information about the llvm-commits
mailing list