[llvm-dev] [RFC] ASan: patches to support 32-byte shadow granularity
Kostya Serebryany via llvm-dev
llvm-dev at lists.llvm.org
Tue Oct 31 15:00:27 PDT 2017
+ more asan folks, please CC them to the code reviews.
Also please make sure llvm-commits is CC-ed (cfe-commits for clang changes)
On Tue, Oct 31, 2017 at 2:29 PM, Walter Lee <waltl at google.com> wrote:
> I've prepared a preliminary set of patches that makes ASan work with
> 32-byte shadow granularity, and I would like to get some feedback on
> those patches as well as my general plan.
>
> Some background: I am porting ASan to the Myriad platform. I'm
> looking to break up that port into components that may be
> useful/relevant to other platforms -- the first of those pieces is the
> ability to use a coarser shadow granularity. This is important for us
> because Myriad has a limited amount of physical memory and no virtual
> memory, so it is important to limit the amount of shadow memory
> required.
>
> My end-goal for this part is to be able to configure a build that
> overrides the default shadow granularity, that can cleanly run the
> clang/llvm test suite for 32-byte shadow granularity on i386/x86_64,
> so we can set up buildbot for that configuration.
>
> My basic plan:
> 1. Add build support to override of default shadow scale.
> 2. Fix various issues with 32-byte shadow granularity.
> 3. Propose improvements to 32-byte shadow granularity support.
> 4. Make test suite run cleanly for 32-byte shadow granularity.
> 5. Set up build bot for 32-byte shadow granularity on i386/x86_64.
>
> My initial set of patches adds the build support and makes some
> essential fixes to the compiler and run-time. They are:
>
> https://reviews.llvm.org/D39469 [asan] Add cmake hook to override
> default shadow scale
> https://reviews.llvm.org/D39470 [asan] Fix size/alignment issues with
> non-default shadow scale
> https://reviews.llvm.org/D39471 [asan] Fix small X86_64 ShadowOffset
> for non-default shadow scale
> https://reviews.llvm.org/D39472 [asan] Ensure that the minimum redzone
> is at least SHADOW_GRANULARITY
> https://reviews.llvm.org/D39473 [sanitizers] Increase alignment of low
> level allocator
> https://reviews.llvm.org/D39474 [asan] Avoid assert failure for
> non-default shadow scale
> https://reviews.llvm.org/D39475 [asan] Improve stack error reports for
> large shadow granularity
>
> The following features don't work yet, but can be fixed:
>
> - i386/x86_64 assembly instrumentation.
>
That's fine. It doesn't really work in regular mode either.
>
> - Prelink support. The memory map with MidMem for this configuration
> is more complicated that that expected by compiler_rt. The current
> HighShadow would overlap with MidMem so would need to be adjusted.
> It's not clear to me that whether is an important feature?
>
you may safely ignore this for 32-bit granularity, but please keep it
working in regular mode.
>
> - Intra object overflow. This appears to be an experimental feature,
> and I have not ported the padding insertion for different
> granularity.
>
Yep, ignore it.
>
> Some features will not work as well with the larger shadow
> granularity:
>
> - Stack errors: it seems sensible not to insert 32-byte sentinels
> between every object, but the result is that some stack overflow
> gets reported as unknown or use-after-scope. I have a patch that
> improves on the default behavior, but there remains cases where the
> error reports will not be as good.
>
Hmm. Not sure what's the problem here. It's totally fine to insert 32-byte
redzone around stack objects.
(in 32-byte granularity mode)
>
> - __asan_poison_memory_region is now more limited. A typical case
> that doesn't work is the poisoning of 8-byte or 16-byte that maps to
> the middle of a shadow byte.
>
yep.
>
> For testing, I have a few questions:
>
> - Would it make sense to provide an internal compiler flag to set the
> shadow granularity, so that there we can at least run the
> instrumentation tests for 32-byte granularity in normal builds?
>
I'd prefer a proper flag, like -fsanitize-address-granularity=N (8,16,32)
>
> - Is there a reasonable subset of tests I can port to 32-byte
> granularity to provide reasonable coverage, or should I aim to port
> all tests?
>
Let's see what tests won't work out of the box and decide.
We can mark all failing tests as
UNSUPPORTED: 32-bit-granularity
but ideally we shouldn't have to mark too many of those.
>
> For now, I've tested my changes against check-all (for default shadow
> granularity), and also set up a 32-byte shadow granularity build and
> manually inspected the failures to ensure that they are not
> unexpected.
>
> Thanks,
>
> Walter
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20171031/fdfc6c5b/attachment.html>
More information about the llvm-dev
mailing list