This is an archive of the discontinued LLVM Phabricator instance.

Differential D104076

[clang-cl][sanitizer] Add -fsanitize-address-use-after-return to clang.
ClosedPublic

Authored by kda on Jun 10 2021, 4:49 PM.

Details

Reviewers
vitalybuka
Commits
rGe0b469ffa142: [clang-cl][sanitizer] Add -fsanitize-address-use-after-return to clang.
Summary

Also:

  • add driver test (fsanitize-use-after-return.c)
  • add basic IR test (asan-use-after-return.cpp)
  • (NFC) cleaned up logic for generating table of __asan_stack_malloc depending on flag.

for issue: https://github.com/google/sanitizers/issues/1394

Diff Detail

Event Timeline

kda created this revision.Jun 10 2021, 4:49 PM
Herald added subscribers: ormris, dexonsmith, dang, hiraditya. · View Herald TranscriptJun 10 2021, 4:49 PM
kda requested review of this revision.Jun 10 2021, 4:49 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptJun 10 2021, 4:49 PM
Herald added subscribers: llvm-commits, cfe-commits. · View Herald Transcript
kda updated this revision to Diff 351316.Jun 10 2021, 5:35 PM
  • Change default parameters from Invalid to Never.
kda added a reviewer: vitalybuka.Jun 10 2021, 5:36 PM
Harbormaster completed remote builds in B108722: Diff 351316.Jun 10 2021, 6:39 PM
vitalybuka accepted this revision.Jun 10 2021, 10:43 PM

LGTM with some nits and if you extract FunctionStackPoisoner::initializeCallbacks into a separate patch

clang/test/CodeGen/asan-use-after-return.cpp
4

I guess call{{.*}} can be removed from implicit-check-not?

clang/test/Driver/fsanitize-use-after-return.c
18–21

we also want test like this:

// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address \
// RUN:   -fsanitize-address-use-after-return=never -fsanitize-address-use-after-return=always %s -### 2>&1 | \
// RUN:   FileCheck -check-prefix=CHECK-ALWAYS %s
llvm/include/llvm/Transforms/Instrumentation/AddressSanitizer.h
105

it's already in llvm:: namespace

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
637

-llvm::

654–656

CL should override argument even if it's default:

maybe at line 643:
UseAfterReturn(ClUseAfterReturn.getNumOccurrences() ? ClUseAfterReturn : UseAfterReturn)

768

drop llvm::

2983–2984

it looks like unrelated patch

2983–2984

could you please fix clang-tidy: warnings

2983–2984

now we insert functions also for Never and Invalid?

This revision is now accepted and ready to land.Jun 10 2021, 10:43 PM
kda updated this revision to Diff 351505.Jun 11 2021, 11:06 AM
kda marked 9 inline comments as done.
  • fixed up conflicting command line parameters.
  • only emit asan_stack_malloc calls when needed.
  • trimmed namespace ('llvm').
  • improved tests.
  • Changed default parameters from Never to Runtime.
llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
2983–2984

I was trying to only have one loop, since only one thing changes between the two.

Harbormaster completed remote builds in B108852: Diff 351505.Jun 11 2021, 12:05 PM
This revision was landed with ongoing or failed builds.Jun 11 2021, 12:07 PM
Closed by commit rGe0b469ffa142: [clang-cl][sanitizer] Add -fsanitize-address-use-after-return to clang. (authored by kda). · Explain Why
This revision was automatically updated to reflect the committed changes.
kda added a commit: rGe0b469ffa142: [clang-cl][sanitizer] Add -fsanitize-address-use-after-return to clang..
MaskRay added a subscriber: MaskRay.EditedJun 13 2021, 12:48 PM

Note, clang-cl is an executable for a MSVC compatible compiler driver (ninja clang-cl), so using clang-cl in the subject can cause confusion.

Revision Contents

PathSize
clang/
include/
clang/
Basic/
4 lines
6 lines
Driver/
10 lines
3 lines
lib/
Basic/
24 lines
CodeGen/
14 lines
Driver/
19 lines
test/
CodeGen/
33 lines
Driver/
1 line
30 lines
llvm/
include/
llvm/
Transforms/
Instrumentation/
17 lines
lib/
Transforms/
Instrumentation/
85 lines

Diff 351527

clang/include/clang/Basic/CodeGenOptions.def

Show First 20 LinesShow All 206 Lines▼ Show 20 Lines
CODEGENOPT(RelaxAll , 1, 0) ///< Relax all machine code instructions. CODEGENOPT(RelaxAll , 1, 0) ///< Relax all machine code instructions.
CODEGENOPT(RelaxedAliasing , 1, 0) ///< Set when -fno-strict-aliasing is enabled. CODEGENOPT(RelaxedAliasing , 1, 0) ///< Set when -fno-strict-aliasing is enabled.
CODEGENOPT(StructPathTBAA , 1, 0) ///< Whether or not to use struct-path TBAA. CODEGENOPT(StructPathTBAA , 1, 0) ///< Whether or not to use struct-path TBAA.
CODEGENOPT(NewStructPathTBAA , 1, 0) ///< Whether or not to use enhanced struct-path TBAA. CODEGENOPT(NewStructPathTBAA , 1, 0) ///< Whether or not to use enhanced struct-path TBAA.
CODEGENOPT(SaveTempLabels , 1, 0) ///< Save temporary labels. CODEGENOPT(SaveTempLabels , 1, 0) ///< Save temporary labels.
CODEGENOPT(SanitizeAddressUseAfterScope , 1, 0) ///< Enable use-after-scope detection CODEGENOPT(SanitizeAddressUseAfterScope , 1, 0) ///< Enable use-after-scope detection
///< in AddressSanitizer ///< in AddressSanitizer
ENUM_CODEGENOPT(SanitizeAddressUseAfterReturn,
llvm::AsanDetectStackUseAfterReturnMode, 2,
llvm::AsanDetectStackUseAfterReturnMode::Runtime
) ///< Set detection mode for stack-use-after-return.
CODEGENOPT(SanitizeAddressPoisonCustomArrayCookie, 1, CODEGENOPT(SanitizeAddressPoisonCustomArrayCookie, 1,
0) ///< Enable poisoning operator new[] which is not a replaceable 0) ///< Enable poisoning operator new[] which is not a replaceable
///< global allocation function in AddressSanitizer ///< global allocation function in AddressSanitizer
CODEGENOPT(SanitizeAddressGlobalsDeadStripping, 1, 0) ///< Enable linker dead stripping CODEGENOPT(SanitizeAddressGlobalsDeadStripping, 1, 0) ///< Enable linker dead stripping
///< of globals in AddressSanitizer ///< of globals in AddressSanitizer
CODEGENOPT(SanitizeAddressUseOdrIndicator, 1, 0) ///< Enable ODR indicator globals CODEGENOPT(SanitizeAddressUseOdrIndicator, 1, 0) ///< Enable ODR indicator globals
CODEGENOPT(SanitizeMemoryTrackOrigins, 2, 0) ///< Enable tracking origins in CODEGENOPT(SanitizeMemoryTrackOrigins, 2, 0) ///< Enable tracking origins in
///< MemorySanitizer ///< MemorySanitizer
▲ Show 20 LinesShow All 216 LinesShow Last 20 Lines

clang/include/clang/Basic/Sanitizers.h

Show First 20 LinesShow All 186 Lines▼ Show 20 Lines return SanitizerKind::CFI | SanitizerKind::Integer |
SanitizerKind::ImplicitConversion | SanitizerKind::Nullability | SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
SanitizerKind::Undefined | SanitizerKind::FloatDivideByZero; SanitizerKind::Undefined | SanitizerKind::FloatDivideByZero;
} }
StringRef AsanDtorKindToString(llvm::AsanDtorKind kind); StringRef AsanDtorKindToString(llvm::AsanDtorKind kind);
llvm::AsanDtorKind AsanDtorKindFromString(StringRef kind); llvm::AsanDtorKind AsanDtorKindFromString(StringRef kind);
StringRef AsanDetectStackUseAfterReturnModeToString(
llvm::AsanDetectStackUseAfterReturnMode mode);
llvm::AsanDetectStackUseAfterReturnMode
AsanDetectStackUseAfterReturnModeFromString(StringRef modeStr);
} // namespace clang } // namespace clang
#endif // LLVM_CLANG_BASIC_SANITIZERS_H #endif // LLVM_CLANG_BASIC_SANITIZERS_H

clang/include/clang/Driver/Options.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,581 Lines▼ Show 20 Linesdef fsanitize_address_field_padding : Joined<["-"], "fsanitize-address-field-padding=">,
Group<f_clang_Group>, Group<f_clang_Group>,
HelpText<"Level of field padding for AddressSanitizer">, HelpText<"Level of field padding for AddressSanitizer">,
MarshallingInfoInt<LangOpts<"SanitizeAddressFieldPadding">>; MarshallingInfoInt<LangOpts<"SanitizeAddressFieldPadding">>;
defm sanitize_address_use_after_scope : BoolOption<"f", "sanitize-address-use-after-scope", defm sanitize_address_use_after_scope : BoolOption<"f", "sanitize-address-use-after-scope",
CodeGenOpts<"SanitizeAddressUseAfterScope">, DefaultFalse, CodeGenOpts<"SanitizeAddressUseAfterScope">, DefaultFalse,
PosFlag<SetTrue, [], "Enable">, NegFlag<SetFalse, [CoreOption, NoXarchOption], "Disable">, PosFlag<SetTrue, [], "Enable">, NegFlag<SetFalse, [CoreOption, NoXarchOption], "Disable">,
BothFlags<[], " use-after-scope detection in AddressSanitizer">>, BothFlags<[], " use-after-scope detection in AddressSanitizer">>,
Group<f_clang_Group>; Group<f_clang_Group>;
def sanitize_address_use_after_return_EQ
: Joined<["-"], "fsanitize-address-use-after-return=">,
MetaVarName<"<mode>">,
Flags<[CC1Option]>,
HelpText<"Select the mode of detecting stack use-after-return in AddressSanitizer">,
Group<f_clang_Group>,
Values<"never,runtime,always">,
NormalizedValuesScope<"llvm::AsanDetectStackUseAfterReturnMode">,
NormalizedValues<["Never", "Runtime", "Always"]>,
MarshallingInfoEnum<CodeGenOpts<"SanitizeAddressUseAfterReturn">, "Runtime">;
defm sanitize_address_poison_custom_array_cookie : BoolOption<"f", "sanitize-address-poison-custom-array-cookie", defm sanitize_address_poison_custom_array_cookie : BoolOption<"f", "sanitize-address-poison-custom-array-cookie",
CodeGenOpts<"SanitizeAddressPoisonCustomArrayCookie">, DefaultFalse, CodeGenOpts<"SanitizeAddressPoisonCustomArrayCookie">, DefaultFalse,
PosFlag<SetTrue, [], "Enable">, NegFlag<SetFalse, [], "Disable">, PosFlag<SetTrue, [], "Enable">, NegFlag<SetFalse, [], "Disable">,
BothFlags<[], " poisoning array cookies when using custom operator new[] in AddressSanitizer">>, BothFlags<[], " poisoning array cookies when using custom operator new[] in AddressSanitizer">>,
Group<f_clang_Group>; Group<f_clang_Group>;
def fsanitize_address_globals_dead_stripping : Flag<["-"], "fsanitize-address-globals-dead-stripping">, def fsanitize_address_globals_dead_stripping : Flag<["-"], "fsanitize-address-globals-dead-stripping">,
Group<f_clang_Group>, HelpText<"Enable linker dead stripping of globals in AddressSanitizer">, Group<f_clang_Group>, HelpText<"Enable linker dead stripping of globals in AddressSanitizer">,
MarshallingInfoFlag<CodeGenOpts<"SanitizeAddressGlobalsDeadStripping">, "false">; MarshallingInfoFlag<CodeGenOpts<"SanitizeAddressGlobalsDeadStripping">, "false">;
▲ Show 20 LinesShow All 4,685 LinesShow Last 20 Lines

clang/include/clang/Driver/SanitizerArgs.h

//===--- SanitizerArgs.h - Arguments for sanitizer tools -------*- C++ -*-===// //===--- SanitizerArgs.h - Arguments for sanitizer tools -------*- C++ -*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_DRIVER_SANITIZERARGS_H #ifndef LLVM_CLANG_DRIVER_SANITIZERARGS_H
#define LLVM_CLANG_DRIVER_SANITIZERARGS_H #define LLVM_CLANG_DRIVER_SANITIZERARGS_H
#include "clang/Basic/Sanitizers.h" #include "clang/Basic/Sanitizers.h"
#include "clang/Driver/Types.h" #include "clang/Driver/Types.h"
#include "llvm/Option/Arg.h" #include "llvm/Option/Arg.h"
#include "llvm/Option/ArgList.h" #include "llvm/Option/ArgList.h"
#include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h"
#include <string> #include <string>
#include <vector> #include <vector>
namespace clang { namespace clang {
namespace driver { namespace driver {
class ToolChain; class ToolChain;
Show All 30 Linesclass SanitizerArgs {
bool TsanMemoryAccess = true; bool TsanMemoryAccess = true;
bool TsanFuncEntryExit = true; bool TsanFuncEntryExit = true;
bool TsanAtomics = true; bool TsanAtomics = true;
bool MinimalRuntime = false; bool MinimalRuntime = false;
// True if cross-dso CFI support if provided by the system (i.e. Android). // True if cross-dso CFI support if provided by the system (i.e. Android).
bool ImplicitCfiRuntime = false; bool ImplicitCfiRuntime = false;
bool NeedsMemProfRt = false; bool NeedsMemProfRt = false;
bool HwasanUseAliases = false; bool HwasanUseAliases = false;
llvm::AsanDetectStackUseAfterReturnMode AsanUseAfterReturn =
llvm::AsanDetectStackUseAfterReturnMode::Invalid;
public: public:
/// Parses the sanitizer arguments from an argument list. /// Parses the sanitizer arguments from an argument list.
SanitizerArgs(const ToolChain &TC, const llvm::opt::ArgList &Args); SanitizerArgs(const ToolChain &TC, const llvm::opt::ArgList &Args);
bool needsSharedRt() const { return SharedRuntime; } bool needsSharedRt() const { return SharedRuntime; }
bool needsMemProfRt() const { return NeedsMemProfRt; } bool needsMemProfRt() const { return NeedsMemProfRt; }
Show All 40 Lines

clang/lib/Basic/Sanitizers.cpp

Show First 20 LinesShow All 82 Lines▼ Show 20 Lines
llvm::AsanDtorKind AsanDtorKindFromString(StringRef kindStr) { llvm::AsanDtorKind AsanDtorKindFromString(StringRef kindStr) {
return llvm::StringSwitch<llvm::AsanDtorKind>(kindStr) return llvm::StringSwitch<llvm::AsanDtorKind>(kindStr)
.Case("none", llvm::AsanDtorKind::None) .Case("none", llvm::AsanDtorKind::None)
.Case("global", llvm::AsanDtorKind::Global) .Case("global", llvm::AsanDtorKind::Global)
.Default(llvm::AsanDtorKind::Invalid); .Default(llvm::AsanDtorKind::Invalid);
} }
StringRef AsanDetectStackUseAfterReturnModeToString(
llvm::AsanDetectStackUseAfterReturnMode mode) {
switch (mode) {
case llvm::AsanDetectStackUseAfterReturnMode::Always:
return "always";
case llvm::AsanDetectStackUseAfterReturnMode::Runtime:
return "runtime";
case llvm::AsanDetectStackUseAfterReturnMode::Never:
return "never";
case llvm::AsanDetectStackUseAfterReturnMode::Invalid:
return "invalid";
}
return "invalid";
}
llvm::AsanDetectStackUseAfterReturnMode
AsanDetectStackUseAfterReturnModeFromString(StringRef modeStr) {
return llvm::StringSwitch<llvm::AsanDetectStackUseAfterReturnMode>(modeStr)
.Case("always", llvm::AsanDetectStackUseAfterReturnMode::Always)
.Case("runtime", llvm::AsanDetectStackUseAfterReturnMode::Runtime)
.Case("never", llvm::AsanDetectStackUseAfterReturnMode::Never)
.Default(llvm::AsanDetectStackUseAfterReturnMode::Invalid);
}
} // namespace clang } // namespace clang

clang/lib/CodeGen/BackendUtil.cpp

Show First 20 LinesShow All 59 Lines▼ Show 20 Lines
#include "llvm/Transforms/IPO.h" #include "llvm/Transforms/IPO.h"
#include "llvm/Transforms/IPO/AlwaysInliner.h" #include "llvm/Transforms/IPO/AlwaysInliner.h"
#include "llvm/Transforms/IPO/LowerTypeTests.h" #include "llvm/Transforms/IPO/LowerTypeTests.h"
#include "llvm/Transforms/IPO/PassManagerBuilder.h" #include "llvm/Transforms/IPO/PassManagerBuilder.h"
#include "llvm/Transforms/IPO/ThinLTOBitcodeWriter.h" #include "llvm/Transforms/IPO/ThinLTOBitcodeWriter.h"
#include "llvm/Transforms/InstCombine/InstCombine.h" #include "llvm/Transforms/InstCombine/InstCombine.h"
#include "llvm/Transforms/Instrumentation.h" #include "llvm/Transforms/Instrumentation.h"
#include "llvm/Transforms/Instrumentation/AddressSanitizer.h" #include "llvm/Transforms/Instrumentation/AddressSanitizer.h"
#include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h"
#include "llvm/Transforms/Instrumentation/BoundsChecking.h" #include "llvm/Transforms/Instrumentation/BoundsChecking.h"
#include "llvm/Transforms/Instrumentation/DataFlowSanitizer.h" #include "llvm/Transforms/Instrumentation/DataFlowSanitizer.h"
#include "llvm/Transforms/Instrumentation/GCOVProfiler.h" #include "llvm/Transforms/Instrumentation/GCOVProfiler.h"
#include "llvm/Transforms/Instrumentation/HWAddressSanitizer.h" #include "llvm/Transforms/Instrumentation/HWAddressSanitizer.h"
#include "llvm/Transforms/Instrumentation/InstrProfiling.h" #include "llvm/Transforms/Instrumentation/InstrProfiling.h"
#include "llvm/Transforms/Instrumentation/MemProfiler.h" #include "llvm/Transforms/Instrumentation/MemProfiler.h"
#include "llvm/Transforms/Instrumentation/MemorySanitizer.h" #include "llvm/Transforms/Instrumentation/MemorySanitizer.h"
#include "llvm/Transforms/Instrumentation/SanitizerCoverage.h" #include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
▲ Show 20 LinesShow All 207 Lines▼ Show 20 Lines const PassManagerBuilderWrapper &BuilderWrapper =
static_cast<const PassManagerBuilderWrapper&>(Builder); static_cast<const PassManagerBuilderWrapper&>(Builder);
const Triple &T = BuilderWrapper.getTargetTriple(); const Triple &T = BuilderWrapper.getTargetTriple();
const CodeGenOptions &CGOpts = BuilderWrapper.getCGOpts(); const CodeGenOptions &CGOpts = BuilderWrapper.getCGOpts();
bool Recover = CGOpts.SanitizeRecover.has(SanitizerKind::Address); bool Recover = CGOpts.SanitizeRecover.has(SanitizerKind::Address);
bool UseAfterScope = CGOpts.SanitizeAddressUseAfterScope; bool UseAfterScope = CGOpts.SanitizeAddressUseAfterScope;
bool UseOdrIndicator = CGOpts.SanitizeAddressUseOdrIndicator; bool UseOdrIndicator = CGOpts.SanitizeAddressUseOdrIndicator;
bool UseGlobalsGC = asanUseGlobalsGC(T, CGOpts); bool UseGlobalsGC = asanUseGlobalsGC(T, CGOpts);
llvm::AsanDtorKind DestructorKind = CGOpts.getSanitizeAddressDtor(); llvm::AsanDtorKind DestructorKind = CGOpts.getSanitizeAddressDtor();
llvm::AsanDetectStackUseAfterReturnMode UseAfterReturn =
CGOpts.getSanitizeAddressUseAfterReturn();
PM.add(createAddressSanitizerFunctionPass(/*CompileKernel*/ false, Recover, PM.add(createAddressSanitizerFunctionPass(/*CompileKernel*/ false, Recover,
UseAfterScope)); UseAfterScope, UseAfterReturn));
PM.add(createModuleAddressSanitizerLegacyPassPass( PM.add(createModuleAddressSanitizerLegacyPassPass(
/*CompileKernel*/ false, Recover, UseGlobalsGC, UseOdrIndicator, /*CompileKernel*/ false, Recover, UseGlobalsGC, UseOdrIndicator,
DestructorKind)); DestructorKind));
} }
static void addKernelAddressSanitizerPasses(const PassManagerBuilder &Builder, static void addKernelAddressSanitizerPasses(const PassManagerBuilder &Builder,
legacy::PassManagerBase &PM) { legacy::PassManagerBase &PM) {
PM.add(createAddressSanitizerFunctionPass( PM.add(createAddressSanitizerFunctionPass(
/*CompileKernel*/ true, /*Recover*/ true, /*UseAfterScope*/ false)); /*CompileKernel*/ true, /*Recover*/ true, /*UseAfterScope*/ false,
/*UseAfterReturn*/ llvm::AsanDetectStackUseAfterReturnMode::Never));
PM.add(createModuleAddressSanitizerLegacyPassPass( PM.add(createModuleAddressSanitizerLegacyPassPass(
/*CompileKernel*/ true, /*Recover*/ true, /*UseGlobalsGC*/ true, /*CompileKernel*/ true, /*Recover*/ true, /*UseGlobalsGC*/ true,
/*UseOdrIndicator*/ false)); /*UseOdrIndicator*/ false));
} }
static void addHWAddressSanitizerPasses(const PassManagerBuilder &Builder, static void addHWAddressSanitizerPasses(const PassManagerBuilder &Builder,
legacy::PassManagerBase &PM) { legacy::PassManagerBase &PM) {
const PassManagerBuilderWrapper &BuilderWrapper = const PassManagerBuilderWrapper &BuilderWrapper =
▲ Show 20 LinesShow All 829 Lines▼ Show 20 Lines PB.registerOptimizerLastEPCallback([&](ModulePassManager &MPM,
auto ASanPass = [&](SanitizerMask Mask, bool CompileKernel) { auto ASanPass = [&](SanitizerMask Mask, bool CompileKernel) {
if (LangOpts.Sanitize.has(Mask)) { if (LangOpts.Sanitize.has(Mask)) {
bool Recover = CodeGenOpts.SanitizeRecover.has(Mask); bool Recover = CodeGenOpts.SanitizeRecover.has(Mask);
bool UseAfterScope = CodeGenOpts.SanitizeAddressUseAfterScope; bool UseAfterScope = CodeGenOpts.SanitizeAddressUseAfterScope;
bool ModuleUseAfterScope = asanUseGlobalsGC(TargetTriple, CodeGenOpts); bool ModuleUseAfterScope = asanUseGlobalsGC(TargetTriple, CodeGenOpts);
bool UseOdrIndicator = CodeGenOpts.SanitizeAddressUseOdrIndicator; bool UseOdrIndicator = CodeGenOpts.SanitizeAddressUseOdrIndicator;
llvm::AsanDtorKind DestructorKind = llvm::AsanDtorKind DestructorKind =
CodeGenOpts.getSanitizeAddressDtor(); CodeGenOpts.getSanitizeAddressDtor();
llvm::AsanDetectStackUseAfterReturnMode UseAfterReturn =
CodeGenOpts.getSanitizeAddressUseAfterReturn();
MPM.addPass(RequireAnalysisPass<ASanGlobalsMetadataAnalysis, Module>()); MPM.addPass(RequireAnalysisPass<ASanGlobalsMetadataAnalysis, Module>());
MPM.addPass(ModuleAddressSanitizerPass( MPM.addPass(ModuleAddressSanitizerPass(
CompileKernel, Recover, ModuleUseAfterScope, UseOdrIndicator, CompileKernel, Recover, ModuleUseAfterScope, UseOdrIndicator,
DestructorKind)); DestructorKind));
MPM.addPass(createModuleToFunctionPassAdaptor( MPM.addPass(createModuleToFunctionPassAdaptor(AddressSanitizerPass(
AddressSanitizerPass(CompileKernel, Recover, UseAfterScope))); CompileKernel, Recover, UseAfterScope, UseAfterReturn)));
} }
}; };
ASanPass(SanitizerKind::Address, false); ASanPass(SanitizerKind::Address, false);
ASanPass(SanitizerKind::KernelAddress, true); ASanPass(SanitizerKind::KernelAddress, true);
auto HWASanPass = [&](SanitizerMask Mask, bool CompileKernel) { auto HWASanPass = [&](SanitizerMask Mask, bool CompileKernel) {
if (LangOpts.Sanitize.has(Mask)) { if (LangOpts.Sanitize.has(Mask)) {
bool Recover = CodeGenOpts.SanitizeRecover.has(Mask); bool Recover = CodeGenOpts.SanitizeRecover.has(Mask);
▲ Show 20 LinesShow All 515 LinesShow Last 20 Lines

clang/lib/Driver/SanitizerArgs.cpp

Show All 12 Lines
#include "clang/Driver/Options.h" #include "clang/Driver/Options.h"
#include "clang/Driver/ToolChain.h" #include "clang/Driver/ToolChain.h"
#include "llvm/ADT/StringExtras.h" #include "llvm/ADT/StringExtras.h"
#include "llvm/ADT/StringSwitch.h" #include "llvm/ADT/StringSwitch.h"
#include "llvm/Support/Path.h" #include "llvm/Support/Path.h"
#include "llvm/Support/SpecialCaseList.h" #include "llvm/Support/SpecialCaseList.h"
#include "llvm/Support/TargetParser.h" #include "llvm/Support/TargetParser.h"
#include "llvm/Support/VirtualFileSystem.h" #include "llvm/Support/VirtualFileSystem.h"
#include "llvm/Transforms/Instrumentation/AddressSanitizerOptions.h"
#include <memory> #include <memory>
using namespace clang; using namespace clang;
using namespace clang::driver; using namespace clang::driver;
using namespace llvm::opt; using namespace llvm::opt;
static const SanitizerMask NeedsUbsanRt = static const SanitizerMask NeedsUbsanRt =
SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Undefined | SanitizerKind::Integer |
▲ Show 20 LinesShow All 807 Lines▼ Show 20 Lines if (const auto *Arg =
auto parsedAsanDtorKind = AsanDtorKindFromString(Arg->getValue()); auto parsedAsanDtorKind = AsanDtorKindFromString(Arg->getValue());
if (parsedAsanDtorKind == llvm::AsanDtorKind::Invalid) { if (parsedAsanDtorKind == llvm::AsanDtorKind::Invalid) {
TC.getDriver().Diag(clang::diag::err_drv_unsupported_option_argument) TC.getDriver().Diag(clang::diag::err_drv_unsupported_option_argument)
<< Arg->getOption().getName() << Arg->getValue(); << Arg->getOption().getName() << Arg->getValue();
} }
AsanDtorKind = parsedAsanDtorKind; AsanDtorKind = parsedAsanDtorKind;
} }
if (const auto *Arg = Args.getLastArg(
options::OPT_sanitize_address_use_after_return_EQ)) {
auto parsedAsanUseAfterReturn =
AsanDetectStackUseAfterReturnModeFromString(Arg->getValue());
if (parsedAsanUseAfterReturn ==
llvm::AsanDetectStackUseAfterReturnMode::Invalid) {
TC.getDriver().Diag(clang::diag::err_drv_unsupported_option_argument)
<< Arg->getOption().getName() << Arg->getValue();
}
AsanUseAfterReturn = parsedAsanUseAfterReturn;
}
} else { } else {
AsanUseAfterScope = false; AsanUseAfterScope = false;
// -fsanitize=pointer-compare/pointer-subtract requires -fsanitize=address. // -fsanitize=pointer-compare/pointer-subtract requires -fsanitize=address.
SanitizerMask DetectInvalidPointerPairs = SanitizerMask DetectInvalidPointerPairs =
SanitizerKind::PointerCompare | SanitizerKind::PointerSubtract; SanitizerKind::PointerCompare | SanitizerKind::PointerSubtract;
if (AllAddedKinds & DetectInvalidPointerPairs & ~AllRemove) { if (AllAddedKinds & DetectInvalidPointerPairs & ~AllRemove) {
TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with) TC.getDriver().Diag(clang::diag::err_drv_argument_only_allowed_with)
<< lastArgumentForMask(D, Args, << lastArgumentForMask(D, Args,
▲ Show 20 LinesShow All 255 Lines▼ Show 20 Linesvoid SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
// Only pass the option to the frontend if the user requested, // Only pass the option to the frontend if the user requested,
// otherwise the frontend will just use the codegen default. // otherwise the frontend will just use the codegen default.
if (AsanDtorKind != llvm::AsanDtorKind::Invalid) { if (AsanDtorKind != llvm::AsanDtorKind::Invalid) {
CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-destructor=" + CmdArgs.push_back(Args.MakeArgString("-fsanitize-address-destructor=" +
AsanDtorKindToString(AsanDtorKind))); AsanDtorKindToString(AsanDtorKind)));
} }
if (AsanUseAfterReturn != llvm::AsanDetectStackUseAfterReturnMode::Invalid) {
CmdArgs.push_back(Args.MakeArgString(
"-fsanitize-address-use-after-return=" +
AsanDetectStackUseAfterReturnModeToString(AsanUseAfterReturn)));
}
if (!HwasanAbi.empty()) { if (!HwasanAbi.empty()) {
CmdArgs.push_back("-default-function-attr"); CmdArgs.push_back("-default-function-attr");
CmdArgs.push_back(Args.MakeArgString("hwasan-abi=" + HwasanAbi)); CmdArgs.push_back(Args.MakeArgString("hwasan-abi=" + HwasanAbi));
} }
if (Sanitizers.has(SanitizerKind::HWAddress) && TC.getTriple().isAArch64()) { if (Sanitizers.has(SanitizerKind::HWAddress) && TC.getTriple().isAArch64()) {
CmdArgs.push_back("-target-feature"); CmdArgs.push_back("-target-feature");
CmdArgs.push_back("+tagged-globals"); CmdArgs.push_back("+tagged-globals");
▲ Show 20 LinesShow All 141 LinesShow Last 20 Lines

clang/test/CodeGen/asan-use-after-return.cpp

  • This file was added.
// RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - -triple x86_64-linux %s \
// RUN: | FileCheck %s --check-prefixes=CHECK-RUNTIME \
// RUN: --implicit-check-not="__asan_stack_malloc_always_"
// RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - -triple x86_64-linux %s \
vitalybukaUnsubmitted
Done
ReplyInline Actions

I guess call{{.*}} can be removed from implicit-check-not?

vitalybuka: I guess call{{.*}} can be removed from implicit-check-not?
// RUN: -fsanitize-address-use-after-return=runtime \
// RUN: | FileCheck %s --check-prefixes=CHECK-RUNTIME \
// RUN: --implicit-check-not="__asan_stack_malloc_always_"
// RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - -triple x86_64-linux %s \
// RUN: -fsanitize-address-use-after-return=always \
// RUN: | FileCheck %s --check-prefixes=CHECK-ALWAYS \
// RUN: --implicit-check-not=__asan_option_detect_stack_use_after_return \
// RUN: --implicit-check-not="__asan_stack_malloc_{{[0-9]}}"
// RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - -triple x86_64-linux %s \
// RUN: -fsanitize-address-use-after-return=never \
// RUN: | FileCheck %s \
// RUN: --implicit-check-not=__asan_option_detect_stack_use_after_return \
// RUN: --implicit-check-not="__asan_stack_malloc_"
// CHECK-RUNTIME: load{{.*}}@__asan_option_detect_stack_use_after_return
// CHECK-RUNTIME: call{{.*}}__asan_stack_malloc_0
// CHECK-ALWAYS: call{{.*}}__asan_stack_malloc_always_0
int *function1() {
int x = 0;
#pragma clang diagnostic ignored "-Wreturn-stack-address"
return &x;
}
int main() {
auto px = function1();
return 0;
}

clang/test/Driver/cl-options.c

Show First 20 LinesShow All 446 Lines▼ Show 20 Lines
// RUN: /EHsc \ // RUN: /EHsc \
// RUN: /F 42 \ // RUN: /F 42 \
// RUN: /FA \ // RUN: /FA \
// RUN: /FAc \ // RUN: /FAc \
// RUN: /Fafilename \ // RUN: /Fafilename \
// RUN: /FAs \ // RUN: /FAs \
// RUN: /FAu \ // RUN: /FAu \
// RUN: /favor:blend \ // RUN: /favor:blend \
// RUN: /fsanitize-address-use-after-return \
// RUN: /fno-sanitize-address-vcasan-lib \ // RUN: /fno-sanitize-address-vcasan-lib \
// RUN: /Fifoo \ // RUN: /Fifoo \
// RUN: /Fmfoo \ // RUN: /Fmfoo \
// RUN: /FpDebug\main.pch \ // RUN: /FpDebug\main.pch \
// RUN: /Frfoo \ // RUN: /Frfoo \
// RUN: /FRfoo \ // RUN: /FRfoo \
// RUN: /FU foo \ // RUN: /FU foo \
// RUN: /Fx \ // RUN: /Fx \
▲ Show 20 LinesShow All 291 LinesShow Last 20 Lines

clang/test/Driver/fsanitize-use-after-return.c

  • This file was added.
// Option should not be passed to the frontend by default.
// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address %s \
// RUN: -### 2>&1 | \
// RUN: FileCheck %s
// CHECK-NOT: -fsanitize-address-use-after-return
// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address \
// RUN: -fsanitize-address-use-after-return=never %s -### 2>&1 | \
// RUN: FileCheck -check-prefix=CHECK-NEVER-ARG %s
// CHECK-NEVER-ARG: "-fsanitize-address-use-after-return=never"
// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address \
// RUN: -fsanitize-address-use-after-return=runtime %s -### 2>&1 | \
// RUN: FileCheck -check-prefix=CHECK-RUNTIME %s
// CHECK-RUNTIME: "-fsanitize-address-use-after-return=runtime"
// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address \
// RUN: -fsanitize-address-use-after-return=always %s -### 2>&1 | \
// RUN: FileCheck -check-prefix=CHECK-ALWAYS-ARG %s
// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address \
vitalybukaUnsubmitted
Done
ReplyInline Actions

we also want test like this:

// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address \
// RUN:   -fsanitize-address-use-after-return=never -fsanitize-address-use-after-return=always %s -### 2>&1 | \
// RUN:   FileCheck -check-prefix=CHECK-ALWAYS %s
vitalybuka: we also want test like this: ``` // RUN: %clang -target x86_64-apple-macosx10.15-gnu…
// RUN: -fsanitize-address-use-after-return=never \
// RUN: -fsanitize-address-use-after-return=always %s -### 2>&1 | \
// RUN: FileCheck -check-prefix=CHECK-ALWAYS-ARG %s
// CHECK-ALWAYS-ARG: "-fsanitize-address-use-after-return=always"
// RUN: %clang -target x86_64-apple-macosx10.15-gnu -fsanitize=address \
// RUN: -fsanitize-address-use-after-return=bad_arg %s -### 2>&1 | \
// RUN: FileCheck -check-prefix=CHECK-INVALID-ARG %s
// CHECK-INVALID-ARG: error: unsupported argument 'bad_arg' to option 'fsanitize-address-use-after-return='

llvm/include/llvm/Transforms/Instrumentation/AddressSanitizer.h

Show First 20 LinesShow All 93 Lines▼ Show 20 Lines
/// check for various memory errors at runtime. /// check for various memory errors at runtime.
/// ///
/// The sanitizer itself is a function pass that works by inserting various /// The sanitizer itself is a function pass that works by inserting various
/// calls to the ASan runtime library functions. The runtime library essentially /// calls to the ASan runtime library functions. The runtime library essentially
/// replaces malloc() and free() with custom implementations that allow regions /// replaces malloc() and free() with custom implementations that allow regions
/// surrounding requested memory to be checked for invalid accesses. /// surrounding requested memory to be checked for invalid accesses.
class AddressSanitizerPass : public PassInfoMixin<AddressSanitizerPass> { class AddressSanitizerPass : public PassInfoMixin<AddressSanitizerPass> {
public: public:
explicit AddressSanitizerPass(bool CompileKernel = false, explicit AddressSanitizerPass(
bool Recover = false, bool CompileKernel = false, bool Recover = false,
bool UseAfterScope = false); bool UseAfterScope = false,
AsanDetectStackUseAfterReturnMode UseAfterReturn =
vitalybukaUnsubmitted
Done
ReplyInline Actions

it's already in llvm:: namespace

vitalybuka: it's already in llvm:: namespace
AsanDetectStackUseAfterReturnMode::Runtime);
PreservedAnalyses run(Function &F, FunctionAnalysisManager &AM); PreservedAnalyses run(Function &F, FunctionAnalysisManager &AM);
static bool isRequired() { return true; } static bool isRequired() { return true; }
private: private:
bool CompileKernel; bool CompileKernel;
bool Recover; bool Recover;
bool UseAfterScope; bool UseAfterScope;
AsanDetectStackUseAfterReturnMode UseAfterReturn;
}; };
/// Public interface to the address sanitizer module pass for instrumenting code /// Public interface to the address sanitizer module pass for instrumenting code
/// to check for various memory errors. /// to check for various memory errors.
/// ///
/// This adds 'asan.module_ctor' to 'llvm.global_ctors'. This pass may also /// This adds 'asan.module_ctor' to 'llvm.global_ctors'. This pass may also
/// run intependently of the function address sanitizer. /// run intependently of the function address sanitizer.
class ModuleAddressSanitizerPass class ModuleAddressSanitizerPass
Show All 10 Linesprivate:
bool CompileKernel; bool CompileKernel;
bool Recover; bool Recover;
bool UseGlobalGC; bool UseGlobalGC;
bool UseOdrIndicator; bool UseOdrIndicator;
AsanDtorKind DestructorKind; AsanDtorKind DestructorKind;
}; };
// Insert AddressSanitizer (address sanity checking) instrumentation // Insert AddressSanitizer (address sanity checking) instrumentation
FunctionPass *createAddressSanitizerFunctionPass(bool CompileKernel = false, FunctionPass *createAddressSanitizerFunctionPass(
bool Recover = false, bool CompileKernel = false, bool Recover = false,
bool UseAfterScope = false); bool UseAfterScope = false,
AsanDetectStackUseAfterReturnMode UseAfterReturn =
AsanDetectStackUseAfterReturnMode::Runtime);
ModulePass *createModuleAddressSanitizerLegacyPassPass( ModulePass *createModuleAddressSanitizerLegacyPassPass(
bool CompileKernel = false, bool Recover = false, bool UseGlobalsGC = true, bool CompileKernel = false, bool Recover = false, bool UseGlobalsGC = true,
bool UseOdrIndicator = true, bool UseOdrIndicator = true,
AsanDtorKind DestructorKind = AsanDtorKind::Global); AsanDtorKind DestructorKind = AsanDtorKind::Global);
} // namespace llvm } // namespace llvm
#endif #endif

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp

Show First 20 LinesShow All 627 Lines▼ Show 20 Lines
}; };
char ASanGlobalsMetadataWrapperPass::ID = 0; char ASanGlobalsMetadataWrapperPass::ID = 0;
/// AddressSanitizer: instrument the code in module to find memory bugs. /// AddressSanitizer: instrument the code in module to find memory bugs.
struct AddressSanitizer { struct AddressSanitizer {
AddressSanitizer(Module &M, const GlobalsMetadata *GlobalsMD, AddressSanitizer(Module &M, const GlobalsMetadata *GlobalsMD,
bool CompileKernel = false, bool Recover = false, bool CompileKernel = false, bool Recover = false,
bool UseAfterScope = false) bool UseAfterScope = false,
AsanDetectStackUseAfterReturnMode UseAfterReturn =
vitalybukaUnsubmitted
Done
ReplyInline Actions

-llvm::

vitalybuka: -llvm::
AsanDetectStackUseAfterReturnMode::Runtime)
: CompileKernel(ClEnableKasan.getNumOccurrences() > 0 ? ClEnableKasan : CompileKernel(ClEnableKasan.getNumOccurrences() > 0 ? ClEnableKasan
: CompileKernel), : CompileKernel),
Recover(ClRecover.getNumOccurrences() > 0 ? ClRecover : Recover), Recover(ClRecover.getNumOccurrences() > 0 ? ClRecover : Recover),
UseAfterScope(UseAfterScope || ClUseAfterScope), GlobalsMD(*GlobalsMD) { UseAfterScope(UseAfterScope || ClUseAfterScope),
UseAfterReturn(ClUseAfterReturn.getNumOccurrences() ? ClUseAfterReturn
: UseAfterReturn),
GlobalsMD(*GlobalsMD) {
C = &(M.getContext()); C = &(M.getContext());
LongSize = M.getDataLayout().getPointerSizeInBits(); LongSize = M.getDataLayout().getPointerSizeInBits();
IntptrTy = Type::getIntNTy(*C, LongSize); IntptrTy = Type::getIntNTy(*C, LongSize);
TargetTriple = Triple(M.getTargetTriple()); TargetTriple = Triple(M.getTargetTriple());
Mapping = getShadowMapping(TargetTriple, LongSize, this->CompileKernel); Mapping = getShadowMapping(TargetTriple, LongSize, this->CompileKernel);
assert(this->UseAfterReturn != AsanDetectStackUseAfterReturnMode::Invalid);
} }
uint64_t getAllocaSizeInBytes(const AllocaInst &AI) const { uint64_t getAllocaSizeInBytes(const AllocaInst &AI) const {
vitalybukaUnsubmitted
Done
ReplyInline Actions

CL should override argument even if it's default:

maybe at line 643:
UseAfterReturn(ClUseAfterReturn.getNumOccurrences() ? ClUseAfterReturn : UseAfterReturn)

vitalybuka: CL should override argument even if it's default: maybe at line 643: UseAfterReturn…
uint64_t ArraySize = 1; uint64_t ArraySize = 1;
if (AI.isArrayAllocation()) { if (AI.isArrayAllocation()) {
const ConstantInt *CI = dyn_cast<ConstantInt>(AI.getArraySize()); const ConstantInt *CI = dyn_cast<ConstantInt>(AI.getArraySize());
assert(CI && "non-constant array size"); assert(CI && "non-constant array size");
ArraySize = CI->getZExtValue(); ArraySize = CI->getZExtValue();
} }
Type *Ty = AI.getAllocatedType(); Type *Ty = AI.getAllocatedType();
uint64_t SizeInBytes = uint64_t SizeInBytes =
▲ Show 20 LinesShow All 64 Lines▼ Show 20 Linesprivate:
}; };
LLVMContext *C; LLVMContext *C;
Triple TargetTriple; Triple TargetTriple;
int LongSize; int LongSize;
bool CompileKernel; bool CompileKernel;
bool Recover; bool Recover;
bool UseAfterScope; bool UseAfterScope;
AsanDetectStackUseAfterReturnMode UseAfterReturn;
Type *IntptrTy; Type *IntptrTy;
ShadowMapping Mapping; ShadowMapping Mapping;
FunctionCallee AsanHandleNoReturnFunc; FunctionCallee AsanHandleNoReturnFunc;
FunctionCallee AsanPtrCmpFunction, AsanPtrSubFunction; FunctionCallee AsanPtrCmpFunction, AsanPtrSubFunction;
Constant *AsanShadowGlobal; Constant *AsanShadowGlobal;
// These arrays is indexed by AccessIsWrite, Experiment and log2(AccessSize). // These arrays is indexed by AccessIsWrite, Experiment and log2(AccessSize).
FunctionCallee AsanErrorCallback[2][2][kNumberOfAccessSizes]; FunctionCallee AsanErrorCallback[2][2][kNumberOfAccessSizes];
Show All 11 Linesprivate:
FunctionCallee AMDGPUAddressShared; FunctionCallee AMDGPUAddressShared;
FunctionCallee AMDGPUAddressPrivate; FunctionCallee AMDGPUAddressPrivate;
}; };
class AddressSanitizerLegacyPass : public FunctionPass { class AddressSanitizerLegacyPass : public FunctionPass {
public: public:
static char ID; static char ID;
explicit AddressSanitizerLegacyPass(bool CompileKernel = false, explicit AddressSanitizerLegacyPass(
bool Recover = false, bool CompileKernel = false, bool Recover = false,
bool UseAfterScope = false) bool UseAfterScope = false,
AsanDetectStackUseAfterReturnMode UseAfterReturn =
vitalybukaUnsubmitted
Done
ReplyInline Actions

drop llvm::

vitalybuka: drop llvm::
AsanDetectStackUseAfterReturnMode::Runtime)
: FunctionPass(ID), CompileKernel(CompileKernel), Recover(Recover), : FunctionPass(ID), CompileKernel(CompileKernel), Recover(Recover),
UseAfterScope(UseAfterScope) { UseAfterScope(UseAfterScope), UseAfterReturn(UseAfterReturn) {
initializeAddressSanitizerLegacyPassPass(*PassRegistry::getPassRegistry()); initializeAddressSanitizerLegacyPassPass(*PassRegistry::getPassRegistry());
} }
StringRef getPassName() const override { StringRef getPassName() const override {
return "AddressSanitizerFunctionPass"; return "AddressSanitizerFunctionPass";
} }
void getAnalysisUsage(AnalysisUsage &AU) const override { void getAnalysisUsage(AnalysisUsage &AU) const override {
AU.addRequired<ASanGlobalsMetadataWrapperPass>(); AU.addRequired<ASanGlobalsMetadataWrapperPass>();
AU.addRequired<TargetLibraryInfoWrapperPass>(); AU.addRequired<TargetLibraryInfoWrapperPass>();
} }
bool runOnFunction(Function &F) override { bool runOnFunction(Function &F) override {
GlobalsMetadata &GlobalsMD = GlobalsMetadata &GlobalsMD =
getAnalysis<ASanGlobalsMetadataWrapperPass>().getGlobalsMD(); getAnalysis<ASanGlobalsMetadataWrapperPass>().getGlobalsMD();
const TargetLibraryInfo *TLI = const TargetLibraryInfo *TLI =
&getAnalysis<TargetLibraryInfoWrapperPass>().getTLI(F); &getAnalysis<TargetLibraryInfoWrapperPass>().getTLI(F);
AddressSanitizer ASan(*F.getParent(), &GlobalsMD, CompileKernel, Recover, AddressSanitizer ASan(*F.getParent(), &GlobalsMD, CompileKernel, Recover,
UseAfterScope); UseAfterScope, UseAfterReturn);
return ASan.instrumentFunction(F, TLI); return ASan.instrumentFunction(F, TLI);
} }
private: private:
bool CompileKernel; bool CompileKernel;
bool Recover; bool Recover;
bool UseAfterScope; bool UseAfterScope;
AsanDetectStackUseAfterReturnMode UseAfterReturn;
}; };
class ModuleAddressSanitizer { class ModuleAddressSanitizer {
public: public:
ModuleAddressSanitizer(Module &M, const GlobalsMetadata *GlobalsMD, ModuleAddressSanitizer(Module &M, const GlobalsMetadata *GlobalsMD,
bool CompileKernel = false, bool Recover = false, bool CompileKernel = false, bool Recover = false,
bool UseGlobalsGC = true, bool UseOdrIndicator = false, bool UseGlobalsGC = true, bool UseOdrIndicator = false,
AsanDtorKind DestructorKind = AsanDtorKind::Global) AsanDtorKind DestructorKind = AsanDtorKind::Global)
▲ Show 20 LinesShow All 426 Lines▼ Show 20 Lines
AnalysisKey ASanGlobalsMetadataAnalysis::Key; AnalysisKey ASanGlobalsMetadataAnalysis::Key;
GlobalsMetadata ASanGlobalsMetadataAnalysis::run(Module &M, GlobalsMetadata ASanGlobalsMetadataAnalysis::run(Module &M,
ModuleAnalysisManager &AM) { ModuleAnalysisManager &AM) {
return GlobalsMetadata(M); return GlobalsMetadata(M);
} }
AddressSanitizerPass::AddressSanitizerPass(bool CompileKernel, bool Recover, AddressSanitizerPass::AddressSanitizerPass(
bool UseAfterScope) bool CompileKernel, bool Recover, bool UseAfterScope,
AsanDetectStackUseAfterReturnMode UseAfterReturn)
: CompileKernel(CompileKernel), Recover(Recover), : CompileKernel(CompileKernel), Recover(Recover),
UseAfterScope(UseAfterScope) {} UseAfterScope(UseAfterScope), UseAfterReturn(UseAfterReturn) {}
PreservedAnalyses AddressSanitizerPass::run(Function &F, PreservedAnalyses AddressSanitizerPass::run(Function &F,
AnalysisManager<Function> &AM) { AnalysisManager<Function> &AM) {
auto &MAMProxy = AM.getResult<ModuleAnalysisManagerFunctionProxy>(F); auto &MAMProxy = AM.getResult<ModuleAnalysisManagerFunctionProxy>(F);
Module &M = *F.getParent(); Module &M = *F.getParent();
if (auto *R = MAMProxy.getCachedResult<ASanGlobalsMetadataAnalysis>(M)) { if (auto *R = MAMProxy.getCachedResult<ASanGlobalsMetadataAnalysis>(M)) {
const TargetLibraryInfo *TLI = &AM.getResult<TargetLibraryAnalysis>(F); const TargetLibraryInfo *TLI = &AM.getResult<TargetLibraryAnalysis>(F);
AddressSanitizer Sanitizer(M, R, CompileKernel, Recover, UseAfterScope); AddressSanitizer Sanitizer(M, R, CompileKernel, Recover, UseAfterScope,
UseAfterReturn);
if (Sanitizer.instrumentFunction(F, TLI)) if (Sanitizer.instrumentFunction(F, TLI))
return PreservedAnalyses::none(); return PreservedAnalyses::none();
return PreservedAnalyses::all(); return PreservedAnalyses::all();
} }
report_fatal_error( report_fatal_error(
"The ASanGlobalsMetadataAnalysis is required to run before " "The ASanGlobalsMetadataAnalysis is required to run before "
"AddressSanitizer can run"); "AddressSanitizer can run");
Show All 30 LinesINITIALIZE_PASS_BEGIN(
false) false)
INITIALIZE_PASS_DEPENDENCY(ASanGlobalsMetadataWrapperPass) INITIALIZE_PASS_DEPENDENCY(ASanGlobalsMetadataWrapperPass)
INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass) INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass)
INITIALIZE_PASS_END( INITIALIZE_PASS_END(
AddressSanitizerLegacyPass, "asan", AddressSanitizerLegacyPass, "asan",
"AddressSanitizer: detects use-after-free and out-of-bounds bugs.", false, "AddressSanitizer: detects use-after-free and out-of-bounds bugs.", false,
false) false)
FunctionPass *llvm::createAddressSanitizerFunctionPass(bool CompileKernel, FunctionPass *llvm::createAddressSanitizerFunctionPass(
bool Recover, bool CompileKernel, bool Recover, bool UseAfterScope,
bool UseAfterScope) { AsanDetectStackUseAfterReturnMode UseAfterReturn) {
assert(!CompileKernel || Recover); assert(!CompileKernel || Recover);
return new AddressSanitizerLegacyPass(CompileKernel, Recover, UseAfterScope); return new AddressSanitizerLegacyPass(CompileKernel, Recover, UseAfterScope,
UseAfterReturn);
} }
char ModuleAddressSanitizerLegacyPass::ID = 0; char ModuleAddressSanitizerLegacyPass::ID = 0;
INITIALIZE_PASS( INITIALIZE_PASS(
ModuleAddressSanitizerLegacyPass, "asan-module", ModuleAddressSanitizerLegacyPass, "asan-module",
"AddressSanitizer: detects use-after-free and out-of-bounds bugs." "AddressSanitizer: detects use-after-free and out-of-bounds bugs."
"ModulePass", "ModulePass",
▲ Show 20 LinesShow All 1,647 Lines▼ Show 20 Linesbool AddressSanitizer::LooksLikeCodeInBug11395(Instruction *I) {
if (!CI || !CI->isInlineAsm()) return false; if (!CI || !CI->isInlineAsm()) return false;
if (CI->getNumArgOperands() <= 5) return false; if (CI->getNumArgOperands() <= 5) return false;
// We have inline assembly with quite a few arguments. // We have inline assembly with quite a few arguments.
return true; return true;
} }
void FunctionStackPoisoner::initializeCallbacks(Module &M) { void FunctionStackPoisoner::initializeCallbacks(Module &M) {
IRBuilder<> IRB(*C); IRBuilder<> IRB(*C);
switch (ClUseAfterReturn) { if (ASan.UseAfterReturn == AsanDetectStackUseAfterReturnMode::Always ||
case AsanDetectStackUseAfterReturnMode::Always: ASan.UseAfterReturn == AsanDetectStackUseAfterReturnMode::Runtime) {
for (int i = 0; i <= kMaxAsanStackMallocSizeClass; i++) { const char *MallocNameTemplate =
std::string Suffix = itostr(i); ASan.UseAfterReturn == AsanDetectStackUseAfterReturnMode::Always
AsanStackMallocFunc[i] = M.getOrInsertFunction( ? kAsanStackMallocAlwaysNameTemplate
kAsanStackMallocAlwaysNameTemplate + Suffix, IntptrTy, IntptrTy); : kAsanStackMallocNameTemplate;
AsanStackFreeFunc[i] = for (int Index = 0; Index <= kMaxAsanStackMallocSizeClass; Index++) {
std::string Suffix = itostr(Index);
AsanStackMallocFunc[Index] = M.getOrInsertFunction(
MallocNameTemplate + Suffix, IntptrTy, IntptrTy);
AsanStackFreeFunc[Index] =
M.getOrInsertFunction(kAsanStackFreeNameTemplate + Suffix, M.getOrInsertFunction(kAsanStackFreeNameTemplate + Suffix,
IRB.getVoidTy(), IntptrTy, IntptrTy); IRB.getVoidTy(), IntptrTy, IntptrTy);
} }
break;
case AsanDetectStackUseAfterReturnMode::Runtime:
for (int i = 0; i <= kMaxAsanStackMallocSizeClass; i++) {
std::string Suffix = itostr(i);
AsanStackMallocFunc[i] = M.getOrInsertFunction(
kAsanStackMallocNameTemplate + Suffix, IntptrTy, IntptrTy);
AsanStackFreeFunc[i] =
M.getOrInsertFunction(kAsanStackFreeNameTemplate + Suffix,
IRB.getVoidTy(), IntptrTy, IntptrTy);
}
break;
case AsanDetectStackUseAfterReturnMode::Never:
// Do Nothing
break;
case AsanDetectStackUseAfterReturnMode::Invalid:
// Do Nothing
break;
} }
vitalybukaUnsubmitted
Done
ReplyInline Actions

it looks like unrelated patch

vitalybuka: it looks like unrelated patch
kdaAuthorUnsubmitted
Done
ReplyInline Actions

I was trying to only have one loop, since only one thing changes between the two.

kda: I was trying to only have one loop, since only one thing changes between the two.
vitalybukaUnsubmitted
Done
ReplyInline Actions

could you please fix clang-tidy: warnings

vitalybuka: could you please fix clang-tidy: warnings
vitalybukaUnsubmitted
Done
ReplyInline Actions

now we insert functions also for Never and Invalid?

vitalybuka: now we insert functions also for Never and Invalid?
if (ASan.UseAfterScope) { if (ASan.UseAfterScope) {
AsanPoisonStackMemoryFunc = M.getOrInsertFunction( AsanPoisonStackMemoryFunc = M.getOrInsertFunction(
kAsanPoisonStackMemoryName, IRB.getVoidTy(), IntptrTy, IntptrTy); kAsanPoisonStackMemoryName, IRB.getVoidTy(), IntptrTy, IntptrTy);
AsanUnpoisonStackMemoryFunc = M.getOrInsertFunction( AsanUnpoisonStackMemoryFunc = M.getOrInsertFunction(
kAsanUnpoisonStackMemoryName, IRB.getVoidTy(), IntptrTy, IntptrTy); kAsanUnpoisonStackMemoryName, IRB.getVoidTy(), IntptrTy, IntptrTy);
} }
for (size_t Val : {0x00, 0xf1, 0xf2, 0xf3, 0xf5, 0xf8}) { for (size_t Val : {0x00, 0xf1, 0xf2, 0xf3, 0xf5, 0xf8}) {
▲ Show 20 LinesShow All 334 Lines▼ Show 20 Lines if (const DILocation *FnLoc = EntryDebugLocation.get()) {
} }
} }
} }
auto DescriptionString = ComputeASanStackFrameDescription(SVD); auto DescriptionString = ComputeASanStackFrameDescription(SVD);
LLVM_DEBUG(dbgs() << DescriptionString << " --- " << L.FrameSize << "\n"); LLVM_DEBUG(dbgs() << DescriptionString << " --- " << L.FrameSize << "\n");
uint64_t LocalStackSize = L.FrameSize; uint64_t LocalStackSize = L.FrameSize;
bool DoStackMalloc = bool DoStackMalloc =
ClUseAfterReturn != AsanDetectStackUseAfterReturnMode::Never && ASan.UseAfterReturn != AsanDetectStackUseAfterReturnMode::Never &&
!ASan.CompileKernel && LocalStackSize <= kMaxStackMallocSize; !ASan.CompileKernel && LocalStackSize <= kMaxStackMallocSize;
bool DoDynamicAlloca = ClDynamicAllocaStack; bool DoDynamicAlloca = ClDynamicAllocaStack;
// Don't do dynamic alloca or stack malloc if: // Don't do dynamic alloca or stack malloc if:
// 1) There is inline asm: too often it makes assumptions on which registers // 1) There is inline asm: too often it makes assumptions on which registers
// are available. // are available.
// 2) There is a returns_twice call (typically setjmp), which is // 2) There is a returns_twice call (typically setjmp), which is
// optimization-hostile, and doesn't play well with introduced indirect // optimization-hostile, and doesn't play well with introduced indirect
// register-relative calculation of local variable addresses. // register-relative calculation of local variable addresses.
DoDynamicAlloca &= !HasInlineAsm && !HasReturnsTwiceCall; DoDynamicAlloca &= !HasInlineAsm && !HasReturnsTwiceCall;
DoStackMalloc &= !HasInlineAsm && !HasReturnsTwiceCall; DoStackMalloc &= !HasInlineAsm && !HasReturnsTwiceCall;
Value *StaticAlloca = Value *StaticAlloca =
DoDynamicAlloca ? nullptr : createAllocaForLayout(IRB, L, false); DoDynamicAlloca ? nullptr : createAllocaForLayout(IRB, L, false);
Value *FakeStack; Value *FakeStack;
Value *LocalStackBase; Value *LocalStackBase;
Value *LocalStackBaseAlloca; Value *LocalStackBaseAlloca;
uint8_t DIExprFlags = DIExpression::ApplyOffset; uint8_t DIExprFlags = DIExpression::ApplyOffset;
if (DoStackMalloc) { if (DoStackMalloc) {
LocalStackBaseAlloca = LocalStackBaseAlloca =
IRB.CreateAlloca(IntptrTy, nullptr, "asan_local_stack_base"); IRB.CreateAlloca(IntptrTy, nullptr, "asan_local_stack_base");
if (ClUseAfterReturn == AsanDetectStackUseAfterReturnMode::Runtime) { if (ASan.UseAfterReturn == AsanDetectStackUseAfterReturnMode::Runtime) {
// void *FakeStack = __asan_option_detect_stack_use_after_return // void *FakeStack = __asan_option_detect_stack_use_after_return
// ? __asan_stack_malloc_N(LocalStackSize) // ? __asan_stack_malloc_N(LocalStackSize)
// : nullptr; // : nullptr;
// void *LocalStackBase = (FakeStack) ? FakeStack : // void *LocalStackBase = (FakeStack) ? FakeStack :
// alloca(LocalStackSize); // alloca(LocalStackSize);
Constant *OptionDetectUseAfterReturn = F.getParent()->getOrInsertGlobal( Constant *OptionDetectUseAfterReturn = F.getParent()->getOrInsertGlobal(
kAsanOptionDetectUseAfterReturn, IRB.getInt32Ty()); kAsanOptionDetectUseAfterReturn, IRB.getInt32Ty());
Value *UseAfterReturnIsEnabled = IRB.CreateICmpNE( Value *UseAfterReturnIsEnabled = IRB.CreateICmpNE(
IRB.CreateLoad(IRB.getInt32Ty(), OptionDetectUseAfterReturn), IRB.CreateLoad(IRB.getInt32Ty(), OptionDetectUseAfterReturn),
Constant::getNullValue(IRB.getInt32Ty())); Constant::getNullValue(IRB.getInt32Ty()));
Instruction *Term = Instruction *Term =
SplitBlockAndInsertIfThen(UseAfterReturnIsEnabled, InsBefore, false); SplitBlockAndInsertIfThen(UseAfterReturnIsEnabled, InsBefore, false);
IRBuilder<> IRBIf(Term); IRBuilder<> IRBIf(Term);
StackMallocIdx = StackMallocSizeClass(LocalStackSize); StackMallocIdx = StackMallocSizeClass(LocalStackSize);
assert(StackMallocIdx <= kMaxAsanStackMallocSizeClass); assert(StackMallocIdx <= kMaxAsanStackMallocSizeClass);
Value *FakeStackValue = Value *FakeStackValue =
IRBIf.CreateCall(AsanStackMallocFunc[StackMallocIdx], IRBIf.CreateCall(AsanStackMallocFunc[StackMallocIdx],
ConstantInt::get(IntptrTy, LocalStackSize)); ConstantInt::get(IntptrTy, LocalStackSize));
IRB.SetInsertPoint(InsBefore); IRB.SetInsertPoint(InsBefore);
FakeStack = createPHI(IRB, UseAfterReturnIsEnabled, FakeStackValue, Term, FakeStack = createPHI(IRB, UseAfterReturnIsEnabled, FakeStackValue, Term,
ConstantInt::get(IntptrTy, 0)); ConstantInt::get(IntptrTy, 0));
} else { } else {
// assert(ClUseAfterReturn == AsanDetectStackUseAfterReturnMode:Always) // assert(ASan.UseAfterReturn == AsanDetectStackUseAfterReturnMode:Always)
// void *FakeStack = __asan_stack_malloc_N(LocalStackSize); // void *FakeStack = __asan_stack_malloc_N(LocalStackSize);
// void *LocalStackBase = (FakeStack) ? FakeStack : // void *LocalStackBase = (FakeStack) ? FakeStack :
// alloca(LocalStackSize); // alloca(LocalStackSize);
StackMallocIdx = StackMallocSizeClass(LocalStackSize); StackMallocIdx = StackMallocSizeClass(LocalStackSize);
FakeStack = IRB.CreateCall(AsanStackMallocFunc[StackMallocIdx], FakeStack = IRB.CreateCall(AsanStackMallocFunc[StackMallocIdx],
ConstantInt::get(IntptrTy, LocalStackSize)); ConstantInt::get(IntptrTy, LocalStackSize));
} }
Value *NoFakeStack = Value *NoFakeStack =
▲ Show 20 LinesShow All 243 LinesShow Last 20 Lines