[llvm-dev] HWASAN Exception handling question

Matthew Malcomson via llvm-dev llvm-dev at lists.llvm.org
Tue Nov 12 06:05:41 PST 2019


When looking into the way that hwasan handles C++ exceptions I found
myself wondering about the need for landing pad cleanups (as documented
in the code

The comment above that code says:
// We only untag frames without a landing pad because landing pads are
// responsible for untagging the stack themselves if they resume.

I think the code as implemented untags all frames as it goes past
whether or not they have a landing pad, and am hoping people can check
or correct my understanding.

It seems that personality routine will eventually return
_URC_CONTINUE_UNWIND if this stack frame is to be unwound past (and
hence the frame will eventually get untagged).  If the frame has landing
pads then that just means the personality routine will be called
multiple times for this frame before returning that value.

I took a look by testing code generated with a clang patched to avoid
adding instrumentation to landing pads and it seems that the personality
wrapper does indeed clear stack frames with a landing pad in the basic

Is there an edge case where the personality wrapper is known to not be
sufficient?  If not would removing that extra instrumentation sound

The test I ran was to generate code with a clang patched with the diff
below, and run it in a debugger.
I'm attaching the annotated gdb session to demonstrate my reasoning.  I
checked that the shadow memory is not untagged in a landing pad and that
after _Unwind_Resume the personality wrapper is run again, eventually
returning _URC_CONTINUE_UNWIND and untagging the shadow memory.

diff --git a/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
index df7606d..ca97d72 100644
--- a/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
+++ b/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
@@ -1110,8 +1110,7 @@ bool HWAddressSanitizer::sanitizeFunction(Function
&F) {

-      if (isa<ReturnInst>(Inst) || isa<ResumeInst>(Inst) ||
-          isa<CleanupReturnInst>(Inst))
+      if (isa<ReturnInst>(Inst) || isa<CleanupReturnInst>(Inst))

         if (auto *DDI = dyn_cast<DbgDeclareInst>(&Inst))
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: gdb-session.vsh
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20191112/a91846c2/attachment-0001.ksh>

More information about the llvm-dev mailing list