[llvm-dev] "compiler-rt" - DataFlowSanitizer

Thu Apr 18 07:00:58 PDT 2019

I'm new to llvm passes. I wonder if I can use the pass to dynamically analyze a program.
Let me explain what I want to do in the following example .

//"Result" is an object that doesn't have a fixed length like int and float.

//The program is as follows.
Result retrieve_data_fun (){
 //the function retrieves some sensitive data from  files/DB

 return result_info;
}

void main(){
...
Result var1, var2, var3l
var1 = retrieve_data_fun();
...
Result var2 = retrieve_data_fun();

printf (var1);
var3 = var2+'xxx';
print (var3);

}

My goal is to track all the returned data from "retrieve_data_fun" and monitor actions on them.
So, whenever the data is used (e.g., printed) , I want to detect that; maybe by printing a statement or anything.
Could you please help me to do that ?

Thanks,
Daren

________________________________
From: llvm-dev <llvm-dev-bounces at lists.llvm.org> on behalf of Sam Kerner via llvm-dev <llvm-dev at lists.llvm.org>
Sent: Wednesday, April 17, 2019 5:56 PM
To: llvm-dev at lists.llvm.org
Subject: Re: [llvm-dev] "compiler-rt" - DataFlowSanitizer

On Tue, Apr 16, 2019 at 3:44 PM dareen khalid via llvm-dev
<llvm-dev at lists.llvm.org> wrote:
>
> Hi all,
>
> I have some questions about "DataFlowSanitizer" from "compiler-rt".
> I want to know how I can test the "DataFlowSanitizer"?

This document is a good reference for DataFlowSanitizer:
  https://clang.llvm.org/docs/DataFlowSanitizer.html

> Can I configure it to label only some values,

The section named "Example" in the document above shows a simple
program that sets and tests for labels.

dfsan_create_label() creates a label.

dfsan_set_label() applies a label to the memory holding a variable.

> i.e, the return values from specific functions?

To label the return value of a function, add a call to
dfsan_set_label() on the return value of the function:

  // Outside the function:
  dfsan_label return_label = dfsan_create_label("return_label", 0);

  // An example function:
  int MyFunction(int a, int b) {
    ...
    int result = ...;

    // Set a label on the returned value:
    dfsan_set_label(return_label, &result, sizeof(result));

    return result;
  }

> Also, how can I print these labels?

To discover the label on a variable, you can test for it and print the result:

  int var = ...;

  // Does 'var' have label 'return_label'?
  dfsan_label var_label = dfsan_get_label(var);
  if (dfsan_has_label(var_label, return_label)) {
    printf("'var' has the label ''return_label");
  }

To see the state of all labels at the time the program exits set, set
the shell variable DFSAN_OPTIONS to "dump_labels_at_exit=<file path>".
For example, suppose the example program in the document is in a file
named "dfsan.c".  Here are the commands I ran to see the state of all
labels when it exits:

  # Compile dfsan.c into a binary named "dfsan":
  $ clang -g -fsanitize=dataflow dfsan.c -o dfsan

  # Run it.  There is no output because all assertions pass:
  $ ./dfsan

  # Run it again with shell variable DFSAN_OPTIONS set to export label
state to standard out on exit:
  $ env DFSAN_OPTIONS=dump_labels_at_exit=/dev/stdout ./dfsan
  ==21994==INFO: DataFlowSanitizer: dumping labels to /dev/stdout
  1 0 0 i
  2 0 0 j
  3 0 0 k
  4 1 2
  5 3 4

If you tell us more about what you are trying to accomplish with
DataFlowSanitizer, we may be able to give more specific advice.

>
> Thanks,
> Dareen
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
_______________________________________________
LLVM Developers mailing list
llvm-dev at lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20190418/c9ab068f/attachment.html>