This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
include/llvm/Transforms/
-
llvm/
-
Transforms/
-
Instrumentation.h
-
lib/Transforms/Instrumentation/
-
Transforms/
-
Instrumentation/
23
AddressSanitizer.cpp
-
tools/clang/
-
clang/
-
include/clang/Basic/
-
clang/
-
Basic/
3
Sanitizers.h
2
Sanitizers.def
-
lib/
-
AST/
5
Decl.cpp
-
Basic/
-
Sanitizers.cpp
-
CodeGen/
4
BackendUtil.cpp
2
CGDeclCXX.cpp
1
CodeGenFunction.cpp
-
CodeGenModule.cpp
2
SanitizerMetadata.cpp
-
Driver/
-
SanitizerArgs.cpp
-
Lex/
-
PPMacroExpansion.cpp
-
test/
-
CodeGen/
6
address-safety-attr-kasan.cpp
-
Driver/
2
asan.c
-
fsanitize.c
-
Lexer/
-
has_feature_address_sanitizer.cpp

Differential D10411

[ASan] Initial support for Kernel AddressSanitizer
ClosedPublic

Authored by glider on Jun 12 2015, 5:05 AM.

Download Raw Diff

Details

Reviewers

dvyukov
samsonov

Summary

This patch adds initial support for the -fsanitize=kernel-address flag to Clang.
Right now it's quite restricted: only out-of-line instrumentation is supported, globals are not instrumented, some GCC kasan flags are not supported.
Using this patch I am able to build and boot the KASan tree with LLVMLinux patches from github.com/ramosian-glider/kasan/tree/kasan_llvmlinux.
To disable KASan instrumentation for a certain function attribute((no_sanitize("kernel-address"))) can be used.

Diff Detail

Event Timeline

glider updated this revision to Diff 27571.Jun 12 2015, 5:05 AM

glider retitled this revision from to [ASan] Initial support for Kernel AddressSanitizer.

glider updated this object.

glider edited the test plan for this revision. (Show Details)

glider added reviewers: samsonov, dvyukov.

glider added subscribers: kcc, Unknown Object (MLST), Unknown Object (MLST).

Added some tests

Cool, happy to see it coming. I would also add tests for:

a) presence of sanitize_address function attribute
b) actual KASan instrumentation with correct shadow offset/scale.
c) missing module ctors/callbacks in KASan mode.

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1362	Wait a second.... Do you do anything in AddressSanitizerModule pass in `CompileKernel` mode? You don't add module constructor, and you don't instrument globals. Maybe, we should just avoid creating this pass in the first place?
1412	Hm... So you don't have __asan_memset() in the kernel. Maybe, we shouldn't instrument mem intrinsics in this case at all, not replace intrinisics with call to plain memset()?
1448	You will access uninitialized memory in `AddressSanitizer::runOnFunction` (potentially in `AddressSanitizer::maybeInsertAsanInitAtFunctionEntry` as well, but the latter is relevant only for Mac).
1535–1536	bool UseCalls = CompileKernel \|\| (ClInstrumentationWithCallsThreshold >= 0 && ...);
tools/clang/include/clang/Basic/Sanitizers.def
44	What is the "correct" way to capitalize it? KASAN? KASan?
tools/clang/lib/AST/Decl.cpp
3684–3685	Wow, that's hard to parse. I'd vote for adding a method to `SanitizerSet` if (!Context.getLangOpts().Sanitize.hasOneOf(SanitizerKind::Address, SanitizerKind::KernelAddress) ... That would also be useful in several places below.
tools/clang/lib/CodeGen/BackendUtil.cpp
217	See note above - I'm not sure we need a module pass for that.

honggyu.kim added a subscriber: honggyu.kim.Jun 13 2015, 11:12 PM

ygribov added a subscriber: ygribov.Jun 15 2015, 1:18 AM

ygribov added inline comments.

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1362	Or perhaps instrumentation of globals will follow shortly so it's ok to have this pass at hand.
1383	Perhaps use "_noabort" suffix to match gcc?

Addressed Alexey's comments.
Regarding the missing tests, I think it's best to add them at opt level, but I can't do that now because there's no command line switch that enables KASan (this mode only depends on the bool passed to the pass factory). I can add such a switch, but then it can be used to work around the "ASan xor KASan" restriction. WDYT?

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1362	Or perhaps instrumentation of globals will follow shortly so it's ok to have this pass at hand. Exactly, my intention was to add it soon.
1383	Looks like I've been comparing to the wrong gcc version, 4.9 didn't have the 'noabort' suffixes. Fixed.
1412	mm/kasan/kasan.c redefines memset() et al. making them call __asan_{load,store}N (see https://github.com/ramosian-glider/kasan/blob/kasan_llvmlinux/mm/kasan/kasan.c#L263), so we just replace the intrinsics with calls to memset().
1448	In fact I didn't fully understand this piece before. I've looked std::tie up and it's more clear to me now. Moved the assignment outside the condition (or shall we NULL-initialize these fields instead?)
1535–1536	Done.
tools/clang/include/clang/Basic/Sanitizers.def
44	It hasn't been established yet, but Dima says we prefer "KASan" (which surprised me). Fixed here and in tools/clang/lib/CodeGen/CodeGenModule.cpp
tools/clang/lib/AST/Decl.cpp
3684–3685	I've added SanitizerSet::hasAsanOrKasan() -- did you mean that?
tools/clang/lib/CodeGen/BackendUtil.cpp
217	Can we keep it provided that we'll have module-level instrumentation soon?
tools/clang/lib/CodeGen/CodeGenFunction.cpp
619	Note I'm using the same attribute for both userspace and kernel instrumentation. I think we don't need to distinguish between them.

Actually attaching the diff.

I think it's fine to add whatever commandline flags are needed for testing - they are not user-visible anyway, and we should have *some* means to test KASan instrumentation without a frontend.

Looks mostly good.

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1448	I would actually prefer a null initialization, as it's weird to create functions that would never be called in KASan mode.
tools/clang/include/clang/Basic/Sanitizers.h
56	Um, no, I mean to add `hasOneOf` method that would take ArrayRef of sanitizer kinds and return true iff at least one of them is enabled. Then you could call it as...
tools/clang/lib/AST/Decl.cpp
3684–3685	Context.getLangOpts().Sanitize.hasOneOf({SanitizerKind::Address, SanitizerKind::KernelAddress})
tools/clang/lib/CodeGen/BackendUtil.cpp
203–204	Pass false here.

Added a couple of tests, addressed Alexey's comments.

I've added the tests for -fsanitize=kernel-address

check that it instruments memory accesses
check that the sanitize_address attributes are emitted

Regarding the offset/scale, these aren't emitted now, as I've only implemented the out-of-line instrumentation.
Regarding the missing module ctors, these will be added once we've globals instrumentation - not sure we need to test that they're absent now.

I've also added the -enable-kasan flag, but the existing tests do not use it yet.

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1448	Done.
tools/clang/include/clang/Basic/Sanitizers.h
56	This is basically the `has()` method without the `llvm::countPopulation(K) == 1` check. Why not use a mask instead of an ArrayRef?
tools/clang/lib/CodeGen/BackendUtil.cpp
203–204	Done

dvyukov added inline comments.Jun 16 2015, 7:38 AM

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1384	we also need to make them actually noabort

samsonov added inline comments.Jun 16 2015, 11:07 AM

lib/Transforms/Instrumentation/AddressSanitizer.cpp
120	Um, `asan-kernel`? Looks like most of the flags in this file start with `asan-`, it makes sense to keep it.
394	nullptr You can also consider using brace-or-equal initializer here.
tools/clang/include/clang/Basic/Sanitizers.h
56	Yeah, using the mask is also ok. But let's make the name different, so that `has()` method would still always accept a single sanitizer.

samsonov added inline comments.Jun 16 2015, 11:09 AM

tools/clang/test/Driver/kasan.c
1 ↗	(On Diff #27761)	Please use linux as a target (http://reviews.llvm.org/D10467). You can also merge it into asan.c to keep a single test case (I'm fine either way).

Addressed comments by Alexey and Dmitry

lib/Transforms/Instrumentation/AddressSanitizer.cpp
120	Done
394	Added them for the ctor/init functions. What's the policy regarding those in the code?
1384	Removed the noabort suffixes for error reporting functions. Per patch description, only out-of-line instrumentation is supported anyway.
tools/clang/test/Driver/kasan.c
1 ↗	(On Diff #27761)	Done, united the tests.

samsonov added inline comments.Jun 17 2015, 12:27 PM

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1366	Wait, this is dead code, right? `CompileKernel` is known to be false here, as you've checked it in the outer `if`.
tools/clang/lib/CodeGen/CGDeclCXX.cpp
270–271	`hasOneOf`
tools/clang/lib/CodeGen/SanitizerMetadata.cpp
28–29	(here and below) I think you don't do anything with globals in KASan. Or you want to add it in the following changes soon?
tools/clang/test/CodeGen/address-safety-attr-kasan.cpp
5	Please specify triple (or merge this into `address-safety-attr.cpp` somehow)
11	`Function Attrs: nounwind sanitize_address` would match this CHECK-NOASAN line

Addressed Alexey's comments

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1366	Removed the dead code for now. This block will be added back once we enable globals instrumentation.
tools/clang/lib/CodeGen/CGDeclCXX.cpp
270–271	Done
tools/clang/lib/CodeGen/SanitizerMetadata.cpp
28–29	Yes, I'm about to add globals support soon, it's just not working properly yet.
tools/clang/test/CodeGen/address-safety-attr-kasan.cpp
5	Done.
11	Added a $ after "nounwind"

LGTM

tools/clang/lib/AST/Decl.cpp
3684–3685	remove extra parens around `hasOneOf` call
tools/clang/test/CodeGen/address-safety-attr-kasan.cpp
11	Please check this syntax. I thought that [[]] is used to define FileCheck variables, while {{}} are used for regular expressions.
tools/clang/test/Driver/asan.c
1–9	while you're here, please add linux to original RUN-lines as well.

This revision is now accepted and ready to land.Jun 18 2015, 4:30 PM

ygribov added inline comments.Jun 18 2015, 11:39 PM

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1387	Do you mean to add noabort variants to compiler-rt? That would be nice, especially if you could add -fsanitize-recover to enable those in userspace as well.

Addressed the comments by Alexey and Yury

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1387	No, I meant just emitting _noabort calls under KASan. I've updated the comment to reflect that. -fsanitize-recover is kind of orthogonal to this patch.
tools/clang/lib/AST/Decl.cpp
3684–3685	Indeed.
tools/clang/test/CodeGen/address-safety-attr-kasan.cpp
11	Yeah, that's right.
tools/clang/test/Driver/asan.c
1–9	Done

Now there's a problem with handleNoSanitizeSpecificAttr() - looks like attribute((no_sanitize_address)) can only works with either ASan or KASan.
Looking.

Updated the test to use attribute((no_sanitize("kernel-address"))) as a workaround. We'll still need to decide which of the three attributes:

attribute((no_sanitize_address))
attribute((no_sanitize("address")))
attribute((no_sanitize("kernel-address")))

shall affect KASan instrumentation.

Landed in r240131.

Revision Contents

Path

Size

include/

llvm/

Transforms/

Instrumentation.h

4 lines

lib/

Transforms/

Instrumentation/

AddressSanitizer.cpp

103 lines

tools/

clang/

include/

clang/

Basic/

Sanitizers.h

3 lines

Sanitizers.def

3 lines

lib/

AST/

Decl.cpp

3 lines

Basic/

Sanitizers.cpp

4 lines

CodeGen/

17 lines

3 lines

2 lines

5 lines

SanitizerMetadata.cpp

9 lines

Driver/

SanitizerArgs.cpp

5 lines

Lex/

PPMacroExpansion.cpp

4 lines

test/

CodeGen/

address-safety-attr-kasan.cpp

38 lines

Driver/

asan.c

17 lines

fsanitize.c

12 lines

Lexer/

has_feature_address_sanitizer.cpp

1 line

Diff 28016

include/llvm/Transforms/Instrumentation.h

Show First 20 Lines • Show All 78 Lines • ▼ Show 20 Lines	struct InstrProfOptions {
std::string InstrProfileOutput;		std::string InstrProfileOutput;
};		};

/// Insert frontend instrumentation based profiling.		/// Insert frontend instrumentation based profiling.
ModulePass *createInstrProfilingPass(		ModulePass *createInstrProfilingPass(
const InstrProfOptions &Options = InstrProfOptions());		const InstrProfOptions &Options = InstrProfOptions());

// Insert AddressSanitizer (address sanity checking) instrumentation		// Insert AddressSanitizer (address sanity checking) instrumentation
FunctionPass *createAddressSanitizerFunctionPass();		FunctionPass *createAddressSanitizerFunctionPass(bool CompileKernel = false);
ModulePass *createAddressSanitizerModulePass();		ModulePass *createAddressSanitizerModulePass(bool CompileKernel = false);

// Insert MemorySanitizer instrumentation (detection of uninitialized reads)		// Insert MemorySanitizer instrumentation (detection of uninitialized reads)
FunctionPass *createMemorySanitizerPass(int TrackOrigins = 0);		FunctionPass *createMemorySanitizerPass(int TrackOrigins = 0);

// Insert ThreadSanitizer (race detection) instrumentation		// Insert ThreadSanitizer (race detection) instrumentation
FunctionPass *createThreadSanitizerPass();		FunctionPass *createThreadSanitizerPass();

// Insert DataFlowSanitizer (dynamic data flow analysis) instrumentation		// Insert DataFlowSanitizer (dynamic data flow analysis) instrumentation
▲ Show 20 Lines • Show All 45 Lines • Show Last 20 Lines

lib/Transforms/Instrumentation/AddressSanitizer.cpp

Show First 20 Lines • Show All 61 Lines • ▼ Show 20 Lines

#define DEBUG_TYPE "asan"		#define DEBUG_TYPE "asan"

static const uint64_t kDefaultShadowScale = 3;		static const uint64_t kDefaultShadowScale = 3;
static const uint64_t kDefaultShadowOffset32 = 1ULL << 29;		static const uint64_t kDefaultShadowOffset32 = 1ULL << 29;
static const uint64_t kIOSShadowOffset32 = 1ULL << 30;		static const uint64_t kIOSShadowOffset32 = 1ULL << 30;
static const uint64_t kDefaultShadowOffset64 = 1ULL << 44;		static const uint64_t kDefaultShadowOffset64 = 1ULL << 44;
static const uint64_t kSmallX86_64ShadowOffset = 0x7FFF8000; // < 2G.		static const uint64_t kSmallX86_64ShadowOffset = 0x7FFF8000; // < 2G.
		static const uint64_t kLinuxKasan_ShadowOffset64 = 0xdffffc0000000000;
static const uint64_t kPPC64_ShadowOffset64 = 1ULL << 41;		static const uint64_t kPPC64_ShadowOffset64 = 1ULL << 41;
static const uint64_t kMIPS32_ShadowOffset32 = 0x0aaa0000;		static const uint64_t kMIPS32_ShadowOffset32 = 0x0aaa0000;
static const uint64_t kMIPS64_ShadowOffset64 = 1ULL << 37;		static const uint64_t kMIPS64_ShadowOffset64 = 1ULL << 37;
static const uint64_t kAArch64_ShadowOffset64 = 1ULL << 36;		static const uint64_t kAArch64_ShadowOffset64 = 1ULL << 36;
static const uint64_t kFreeBSD_ShadowOffset32 = 1ULL << 30;		static const uint64_t kFreeBSD_ShadowOffset32 = 1ULL << 30;
static const uint64_t kFreeBSD_ShadowOffset64 = 1ULL << 46;		static const uint64_t kFreeBSD_ShadowOffset64 = 1ULL << 46;
static const uint64_t kWindowsShadowOffset32 = 3ULL << 28;		static const uint64_t kWindowsShadowOffset32 = 3ULL << 28;

Show All 32 Lines
static const char *const kAsanAllocasUnpoison = "__asan_allocas_unpoison";		static const char *const kAsanAllocasUnpoison = "__asan_allocas_unpoison";

// Accesses sizes are powers of two: 1, 2, 4, 8, 16.		// Accesses sizes are powers of two: 1, 2, 4, 8, 16.
static const size_t kNumberOfAccessSizes = 5;		static const size_t kNumberOfAccessSizes = 5;

static const unsigned kAllocaRzSize = 32;		static const unsigned kAllocaRzSize = 32;

// Command-line flags.		// Command-line flags.
		static cl::opt<bool> ClEnableKasan(
		"asan-kernel", cl::desc("Enable KernelAddressSanitizer instrumentation"),
		samsonovUnsubmitted Not Done Reply Inline Actions Um, `asan-kernel`? Looks like most of the flags in this file start with `asan-`, it makes sense to keep it. samsonov: Um, `asan-kernel`? Looks like most of the flags in this file start with `asan-`, it makes sense…
		gliderAuthorUnsubmitted Not Done Reply Inline Actions Done glider: Done
		cl::Hidden, cl::init(false));

// This flag may need to be replaced with -f[no-]asan-reads.		// This flag may need to be replaced with -f[no-]asan-reads.
static cl::opt<bool> ClInstrumentReads("asan-instrument-reads",		static cl::opt<bool> ClInstrumentReads("asan-instrument-reads",
cl::desc("instrument read instructions"),		cl::desc("instrument read instructions"),
cl::Hidden, cl::init(true));		cl::Hidden, cl::init(true));
static cl::opt<bool> ClInstrumentWrites(		static cl::opt<bool> ClInstrumentWrites(
"asan-instrument-writes", cl::desc("instrument write instructions"),		"asan-instrument-writes", cl::desc("instrument write instructions"),
cl::Hidden, cl::init(true));		cl::Hidden, cl::init(true));
▲ Show 20 Lines • Show All 184 Lines • ▼ Show 20 Lines
/// This struct defines the shadow mapping using the rule:		/// This struct defines the shadow mapping using the rule:
/// shadow = (mem >> Scale) ADD-or-OR Offset.		/// shadow = (mem >> Scale) ADD-or-OR Offset.
struct ShadowMapping {		struct ShadowMapping {
int Scale;		int Scale;
uint64_t Offset;		uint64_t Offset;
bool OrShadowOffset;		bool OrShadowOffset;
};		};

static ShadowMapping getShadowMapping(Triple &TargetTriple, int LongSize) {		static ShadowMapping getShadowMapping(Triple &TargetTriple, int LongSize,
		bool IsKasan) {
bool IsAndroid = TargetTriple.getEnvironment() == llvm::Triple::Android;		bool IsAndroid = TargetTriple.getEnvironment() == llvm::Triple::Android;
bool IsIOS = TargetTriple.isiOS();		bool IsIOS = TargetTriple.isiOS();
bool IsFreeBSD = TargetTriple.isOSFreeBSD();		bool IsFreeBSD = TargetTriple.isOSFreeBSD();
bool IsLinux = TargetTriple.isOSLinux();		bool IsLinux = TargetTriple.isOSLinux();
bool IsPPC64 = TargetTriple.getArch() == llvm::Triple::ppc64 \|\|		bool IsPPC64 = TargetTriple.getArch() == llvm::Triple::ppc64 \|\|
TargetTriple.getArch() == llvm::Triple::ppc64le;		TargetTriple.getArch() == llvm::Triple::ppc64le;
bool IsX86_64 = TargetTriple.getArch() == llvm::Triple::x86_64;		bool IsX86_64 = TargetTriple.getArch() == llvm::Triple::x86_64;
bool IsMIPS32 = TargetTriple.getArch() == llvm::Triple::mips \|\|		bool IsMIPS32 = TargetTriple.getArch() == llvm::Triple::mips \|\|
Show All 18 Lines	else if (IsWindows)
Mapping.Offset = kWindowsShadowOffset32;		Mapping.Offset = kWindowsShadowOffset32;
else		else
Mapping.Offset = kDefaultShadowOffset32;		Mapping.Offset = kDefaultShadowOffset32;
} else { // LongSize == 64		} else { // LongSize == 64
if (IsPPC64)		if (IsPPC64)
Mapping.Offset = kPPC64_ShadowOffset64;		Mapping.Offset = kPPC64_ShadowOffset64;
else if (IsFreeBSD)		else if (IsFreeBSD)
Mapping.Offset = kFreeBSD_ShadowOffset64;		Mapping.Offset = kFreeBSD_ShadowOffset64;
else if (IsLinux && IsX86_64)		else if (IsLinux && IsX86_64) {
		if (IsKasan)
		Mapping.Offset = kLinuxKasan_ShadowOffset64;
		else
Mapping.Offset = kSmallX86_64ShadowOffset;		Mapping.Offset = kSmallX86_64ShadowOffset;
else if (IsMIPS64)		} else if (IsMIPS64)
Mapping.Offset = kMIPS64_ShadowOffset64;		Mapping.Offset = kMIPS64_ShadowOffset64;
else if (IsAArch64)		else if (IsAArch64)
Mapping.Offset = kAArch64_ShadowOffset64;		Mapping.Offset = kAArch64_ShadowOffset64;
else		else
Mapping.Offset = kDefaultShadowOffset64;		Mapping.Offset = kDefaultShadowOffset64;
}		}

Mapping.Scale = kDefaultShadowScale;		Mapping.Scale = kDefaultShadowScale;
Show All 12 Lines
static size_t RedzoneSizeForScale(int MappingScale) {		static size_t RedzoneSizeForScale(int MappingScale) {
// Redzone used for stack and globals is at least 32 bytes.		// Redzone used for stack and globals is at least 32 bytes.
// For scales 6 and 7, the redzone has to be 64 and 128 bytes respectively.		// For scales 6 and 7, the redzone has to be 64 and 128 bytes respectively.
return std::max(32U, 1U << MappingScale);		return std::max(32U, 1U << MappingScale);
}		}

/// AddressSanitizer: instrument the code in module to find memory bugs.		/// AddressSanitizer: instrument the code in module to find memory bugs.
struct AddressSanitizer : public FunctionPass {		struct AddressSanitizer : public FunctionPass {
AddressSanitizer() : FunctionPass(ID) {		explicit AddressSanitizer(bool CompileKernel = false)
		: FunctionPass(ID), CompileKernel(CompileKernel \|\| ClEnableKasan) {
initializeAddressSanitizerPass(*PassRegistry::getPassRegistry());		initializeAddressSanitizerPass(*PassRegistry::getPassRegistry());
		samsonovUnsubmitted Not Done Reply Inline Actions nullptr You can also consider using brace-or-equal initializer here. samsonov: nullptr You can also consider using brace-or-equal initializer here.
		gliderAuthorUnsubmitted Not Done Reply Inline Actions Added them for the ctor/init functions. What's the policy regarding those in the code? glider: Added them for the ctor/init functions. What's the policy regarding those in the code?
}		}
const char *getPassName() const override {		const char *getPassName() const override {
return "AddressSanitizerFunctionPass";		return "AddressSanitizerFunctionPass";
}		}
void getAnalysisUsage(AnalysisUsage &AU) const override {		void getAnalysisUsage(AnalysisUsage &AU) const override {
AU.addRequired<DominatorTreeWrapperPass>();		AU.addRequired<DominatorTreeWrapperPass>();
AU.addRequired<TargetLibraryInfoWrapperPass>();		AU.addRequired<TargetLibraryInfoWrapperPass>();
}		}
▲ Show 20 Lines • Show All 45 Lines • ▼ Show 20 Lines	private:
bool LooksLikeCodeInBug11395(Instruction *I);		bool LooksLikeCodeInBug11395(Instruction *I);
bool GlobalIsLinkerInitialized(GlobalVariable *G);		bool GlobalIsLinkerInitialized(GlobalVariable *G);
bool isSafeAccess(ObjectSizeOffsetVisitor &ObjSizeVis, Value *Addr,		bool isSafeAccess(ObjectSizeOffsetVisitor &ObjSizeVis, Value *Addr,
uint64_t TypeSize) const;		uint64_t TypeSize) const;

LLVMContext *C;		LLVMContext *C;
Triple TargetTriple;		Triple TargetTriple;
int LongSize;		int LongSize;
		bool CompileKernel;
Type *IntptrTy;		Type *IntptrTy;
ShadowMapping Mapping;		ShadowMapping Mapping;
DominatorTree *DT;		DominatorTree *DT;
Function *AsanCtorFunction;		Function *AsanCtorFunction = nullptr;
Function *AsanInitFunction;		Function *AsanInitFunction = nullptr;
Function *AsanHandleNoReturnFunc;		Function *AsanHandleNoReturnFunc;
Function AsanPtrCmpFunction, AsanPtrSubFunction;		Function AsanPtrCmpFunction, AsanPtrSubFunction;
// This array is indexed by AccessIsWrite, Experiment and log2(AccessSize).		// This array is indexed by AccessIsWrite, Experiment and log2(AccessSize).
Function *AsanErrorCallback[2][2][kNumberOfAccessSizes];		Function *AsanErrorCallback[2][2][kNumberOfAccessSizes];
Function *AsanMemoryAccessCallback[2][2][kNumberOfAccessSizes];		Function *AsanMemoryAccessCallback[2][2][kNumberOfAccessSizes];
// This array is indexed by AccessIsWrite and Experiment.		// This array is indexed by AccessIsWrite and Experiment.
Function *AsanErrorCallbackSized[2][2];		Function *AsanErrorCallbackSized[2][2];
Function *AsanMemoryAccessCallbackSized[2][2];		Function *AsanMemoryAccessCallbackSized[2][2];
Function AsanMemmove, AsanMemcpy, *AsanMemset;		Function AsanMemmove, AsanMemcpy, *AsanMemset;
InlineAsm *EmptyAsm;		InlineAsm *EmptyAsm;
GlobalsMetadata GlobalsMD;		GlobalsMetadata GlobalsMD;
DenseMap<AllocaInst *, bool> ProcessedAllocas;		DenseMap<AllocaInst *, bool> ProcessedAllocas;

friend struct FunctionStackPoisoner;		friend struct FunctionStackPoisoner;
};		};

class AddressSanitizerModule : public ModulePass {		class AddressSanitizerModule : public ModulePass {
public:		public:
AddressSanitizerModule() : ModulePass(ID) {}		explicit AddressSanitizerModule(bool CompileKernel = false)
		: ModulePass(ID), CompileKernel(CompileKernel \|\| ClEnableKasan) {}
bool runOnModule(Module &M) override;		bool runOnModule(Module &M) override;
static char ID; // Pass identification, replacement for typeid		static char ID; // Pass identification, replacement for typeid
const char *getPassName() const override { return "AddressSanitizerModule"; }		const char *getPassName() const override { return "AddressSanitizerModule"; }

private:		private:
void initializeCallbacks(Module &M);		void initializeCallbacks(Module &M);

bool InstrumentGlobals(IRBuilder<> &IRB, Module &M);		bool InstrumentGlobals(IRBuilder<> &IRB, Module &M);
bool ShouldInstrumentGlobal(GlobalVariable *G);		bool ShouldInstrumentGlobal(GlobalVariable *G);
void poisonOneInitializer(Function &GlobalInit, GlobalValue *ModuleName);		void poisonOneInitializer(Function &GlobalInit, GlobalValue *ModuleName);
void createInitializerPoisonCalls(Module &M, GlobalValue *ModuleName);		void createInitializerPoisonCalls(Module &M, GlobalValue *ModuleName);
size_t MinRedzoneSizeForGlobal() const {		size_t MinRedzoneSizeForGlobal() const {
return RedzoneSizeForScale(Mapping.Scale);		return RedzoneSizeForScale(Mapping.Scale);
}		}

GlobalsMetadata GlobalsMD;		GlobalsMetadata GlobalsMD;
		bool CompileKernel;
Type *IntptrTy;		Type *IntptrTy;
LLVMContext *C;		LLVMContext *C;
Triple TargetTriple;		Triple TargetTriple;
ShadowMapping Mapping;		ShadowMapping Mapping;
Function *AsanPoisonGlobals;		Function *AsanPoisonGlobals;
Function *AsanUnpoisonGlobals;		Function *AsanUnpoisonGlobals;
Function *AsanRegisterGlobals;		Function *AsanRegisterGlobals;
Function *AsanUnregisterGlobals;		Function *AsanUnregisterGlobals;
▲ Show 20 Lines • Show All 189 Lines • ▼ Show 20 Lines	INITIALIZE_PASS_BEGIN(
AddressSanitizer, "asan",		AddressSanitizer, "asan",
"AddressSanitizer: detects use-after-free and out-of-bounds bugs.", false,		"AddressSanitizer: detects use-after-free and out-of-bounds bugs.", false,
false)		false)
INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)		INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
INITIALIZE_PASS_END(		INITIALIZE_PASS_END(
AddressSanitizer, "asan",		AddressSanitizer, "asan",
"AddressSanitizer: detects use-after-free and out-of-bounds bugs.", false,		"AddressSanitizer: detects use-after-free and out-of-bounds bugs.", false,
false)		false)
FunctionPass *llvm::createAddressSanitizerFunctionPass() {		FunctionPass *llvm::createAddressSanitizerFunctionPass(bool CompileKernel) {
return new AddressSanitizer();		return new AddressSanitizer(CompileKernel);
}		}

char AddressSanitizerModule::ID = 0;		char AddressSanitizerModule::ID = 0;
INITIALIZE_PASS(		INITIALIZE_PASS(
AddressSanitizerModule, "asan-module",		AddressSanitizerModule, "asan-module",
"AddressSanitizer: detects use-after-free and out-of-bounds bugs."		"AddressSanitizer: detects use-after-free and out-of-bounds bugs."
"ModulePass",		"ModulePass",
false, false)		false, false)
ModulePass *llvm::createAddressSanitizerModulePass() {		ModulePass *llvm::createAddressSanitizerModulePass(bool CompileKernel) {
return new AddressSanitizerModule();		return new AddressSanitizerModule(CompileKernel);
}		}

static size_t TypeSizeToSizeIndex(uint32_t TypeSize) {		static size_t TypeSizeToSizeIndex(uint32_t TypeSize) {
size_t Res = countTrailingZeros(TypeSize / 8);		size_t Res = countTrailingZeros(TypeSize / 8);
assert(Res < kNumberOfAccessSizes);		assert(Res < kNumberOfAccessSizes);
return Res;		return Res;
}		}

▲ Show 20 Lines • Show All 627 Lines • ▼ Show 20 Lines	bool AddressSanitizerModule::InstrumentGlobals(IRBuilder<> &IRB, Module &M) {
return true;		return true;
}		}

bool AddressSanitizerModule::runOnModule(Module &M) {		bool AddressSanitizerModule::runOnModule(Module &M) {
C = &(M.getContext());		C = &(M.getContext());
int LongSize = M.getDataLayout().getPointerSizeInBits();		int LongSize = M.getDataLayout().getPointerSizeInBits();
IntptrTy = Type::getIntNTy(*C, LongSize);		IntptrTy = Type::getIntNTy(*C, LongSize);
TargetTriple = Triple(M.getTargetTriple());		TargetTriple = Triple(M.getTargetTriple());
Mapping = getShadowMapping(TargetTriple, LongSize);		Mapping = getShadowMapping(TargetTriple, LongSize, CompileKernel);
initializeCallbacks(M);		initializeCallbacks(M);

bool Changed = false;		bool Changed = false;
		samsonovUnsubmitted Not Done Reply Inline Actions Wait a second.... Do you do anything in AddressSanitizerModule pass in `CompileKernel` mode? You don't add module constructor, and you don't instrument globals. Maybe, we should just avoid creating this pass in the first place? samsonov: Wait a second.... Do you do anything in AddressSanitizerModule pass in `CompileKernel` mode?
		ygribovUnsubmitted Not Done Reply Inline Actions Or perhaps instrumentation of globals will follow shortly so it's ok to have this pass at hand. ygribov: Or perhaps instrumentation of globals will follow shortly so it's ok to have this pass at hand.
		gliderAuthorUnsubmitted Not Done Reply Inline Actions Or perhaps instrumentation of globals will follow shortly so it's ok to have this pass at hand. Exactly, my intention was to add it soon. glider: > Or perhaps instrumentation of globals will follow shortly so it's ok to have this pass at…

		// TODO(glider): temporarily disabled globals instrumentation for KASan.
		if (ClGlobals && !CompileKernel) {
Function *CtorFunc = M.getFunction(kAsanModuleCtorName);		Function *CtorFunc = M.getFunction(kAsanModuleCtorName);
		samsonovUnsubmitted Not Done Reply Inline Actions Wait, this is dead code, right? `CompileKernel` is known to be false here, as you've checked it in the outer `if`. samsonov: Wait, this is dead code, right? `CompileKernel` is known to be false here, as you've checked it…
		gliderAuthorUnsubmitted Not Done Reply Inline Actions Removed the dead code for now. This block will be added back once we enable globals instrumentation. glider: Removed the dead code for now. This block will be added back once we enable globals…
assert(CtorFunc);		assert(CtorFunc);
IRBuilder<> IRB(CtorFunc->getEntryBlock().getTerminator());		IRBuilder<> IRB(CtorFunc->getEntryBlock().getTerminator());
		Changed \|= InstrumentGlobals(IRB, M);
if (ClGlobals) Changed \|= InstrumentGlobals(IRB, M);		}

return Changed;		return Changed;
}		}

void AddressSanitizer::initializeCallbacks(Module &M) {		void AddressSanitizer::initializeCallbacks(Module &M) {
IRBuilder<> IRB(*C);		IRBuilder<> IRB(*C);
// Create __asan_report* callbacks.		// Create __asan_report* callbacks.
// IsWrite, TypeSize and Exp are encoded in the function name.		// IsWrite, TypeSize and Exp are encoded in the function name.
for (int Exp = 0; Exp < 2; Exp++) {		for (int Exp = 0; Exp < 2; Exp++) {
for (size_t AccessIsWrite = 0; AccessIsWrite <= 1; AccessIsWrite++) {		for (size_t AccessIsWrite = 0; AccessIsWrite <= 1; AccessIsWrite++) {
const std::string TypeStr = AccessIsWrite ? "store" : "load";		const std::string TypeStr = AccessIsWrite ? "store" : "load";
const std::string ExpStr = Exp ? "exp_" : "";		const std::string ExpStr = Exp ? "exp_" : "";
		const std::string SuffixStr = CompileKernel ? "N" : "_n";
		ygribovUnsubmitted Not Done Reply Inline Actions Perhaps use "_noabort" suffix to match gcc? ygribov: Perhaps use "_noabort" suffix to match gcc?
		gliderAuthorUnsubmitted Not Done Reply Inline Actions Looks like I've been comparing to the wrong gcc version, 4.9 didn't have the 'noabort' suffixes. Fixed. glider: Looks like I've been comparing to the wrong gcc version, 4.9 didn't have the 'noabort' suffixes.
		const std::string EndingStr = CompileKernel ? "_noabort" : "";
		dvyukovUnsubmitted Not Done Reply Inline Actions we also need to make them actually noabort dvyukov: we also need to make them actually noabort
		gliderAuthorUnsubmitted Not Done Reply Inline Actions Removed the noabort suffixes for error reporting functions. Per patch description, only out-of-line instrumentation is supported anyway. glider: Removed the noabort suffixes for error reporting functions. Per patch description, only out-of…
const Type ExpType = Exp ? Type::getInt32Ty(C) : nullptr;		const Type ExpType = Exp ? Type::getInt32Ty(C) : nullptr;
		// TODO(glider): for KASan builds add _noabort to error reporting
		// functions and make them actually noabort (remove the UnreachableInst).
		ygribovUnsubmitted Not Done Reply Inline Actions Do you mean to add noabort variants to compiler-rt? That would be nice, especially if you could add -fsanitize-recover to enable those in userspace as well. ygribov: Do you mean to add noabort variants to compiler-rt? That would be nice, especially if you could…
		gliderAuthorUnsubmitted Not Done Reply Inline Actions No, I meant just emitting _noabort calls under KASan. I've updated the comment to reflect that. -fsanitize-recover is kind of orthogonal to this patch. glider: No, I meant just emitting _noabort calls under KASan. I've updated the comment to reflect that.
AsanErrorCallbackSized[AccessIsWrite][Exp] =		AsanErrorCallbackSized[AccessIsWrite][Exp] =
checkSanitizerInterfaceFunction(M.getOrInsertFunction(		checkSanitizerInterfaceFunction(M.getOrInsertFunction(
kAsanReportErrorTemplate + ExpStr + TypeStr + "_n",		kAsanReportErrorTemplate + ExpStr + TypeStr + SuffixStr,
IRB.getVoidTy(), IntptrTy, IntptrTy, ExpType, nullptr));		IRB.getVoidTy(), IntptrTy, IntptrTy, ExpType, nullptr));
AsanMemoryAccessCallbackSized[AccessIsWrite][Exp] =		AsanMemoryAccessCallbackSized[AccessIsWrite][Exp] =
checkSanitizerInterfaceFunction(M.getOrInsertFunction(		checkSanitizerInterfaceFunction(M.getOrInsertFunction(
ClMemoryAccessCallbackPrefix + ExpStr + TypeStr + "N",		ClMemoryAccessCallbackPrefix + ExpStr + TypeStr + "N" + EndingStr,
IRB.getVoidTy(), IntptrTy, IntptrTy, ExpType, nullptr));		IRB.getVoidTy(), IntptrTy, IntptrTy, ExpType, nullptr));
for (size_t AccessSizeIndex = 0; AccessSizeIndex < kNumberOfAccessSizes;		for (size_t AccessSizeIndex = 0; AccessSizeIndex < kNumberOfAccessSizes;
AccessSizeIndex++) {		AccessSizeIndex++) {
const std::string Suffix = TypeStr + itostr(1 << AccessSizeIndex);		const std::string Suffix = TypeStr + itostr(1 << AccessSizeIndex);
AsanErrorCallback[AccessIsWrite][Exp][AccessSizeIndex] =		AsanErrorCallback[AccessIsWrite][Exp][AccessSizeIndex] =
checkSanitizerInterfaceFunction(M.getOrInsertFunction(		checkSanitizerInterfaceFunction(M.getOrInsertFunction(
kAsanReportErrorTemplate + ExpStr + Suffix, IRB.getVoidTy(),		kAsanReportErrorTemplate + ExpStr + Suffix,
IntptrTy, ExpType, nullptr));		IRB.getVoidTy(), IntptrTy, ExpType, nullptr));
AsanMemoryAccessCallback[AccessIsWrite][Exp][AccessSizeIndex] =		AsanMemoryAccessCallback[AccessIsWrite][Exp][AccessSizeIndex] =
checkSanitizerInterfaceFunction(M.getOrInsertFunction(		checkSanitizerInterfaceFunction(M.getOrInsertFunction(
ClMemoryAccessCallbackPrefix + ExpStr + Suffix, IRB.getVoidTy(),		ClMemoryAccessCallbackPrefix + ExpStr + Suffix + EndingStr,
IntptrTy, ExpType, nullptr));		IRB.getVoidTy(), IntptrTy, ExpType, nullptr));
}		}
}		}
}		}

		const std::string MemIntrinCallbackPrefix =
		CompileKernel ? std::string("") : ClMemoryAccessCallbackPrefix;
		samsonovUnsubmitted Not Done Reply Inline Actions Hm... So you don't have __asan_memset() in the kernel. Maybe, we shouldn't instrument mem intrinsics in this case at all, not replace intrinisics with call to plain memset()? samsonov: Hm... So you don't have __asan_memset() in the kernel. Maybe, we shouldn't instrument mem…
		gliderAuthorUnsubmitted Not Done Reply Inline Actions mm/kasan/kasan.c redefines memset() et al. making them call __asan_{load,store}N (see https://github.com/ramosian-glider/kasan/blob/kasan_llvmlinux/mm/kasan/kasan.c#L263), so we just replace the intrinsics with calls to memset(). glider: mm/kasan/kasan.c redefines memset() et al. making them call __asan_{load,store}N (see https…
AsanMemmove = checkSanitizerInterfaceFunction(M.getOrInsertFunction(		AsanMemmove = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
ClMemoryAccessCallbackPrefix + "memmove", IRB.getInt8PtrTy(),		MemIntrinCallbackPrefix + "memmove", IRB.getInt8PtrTy(),
IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy, nullptr));		IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy, nullptr));
AsanMemcpy = checkSanitizerInterfaceFunction(M.getOrInsertFunction(		AsanMemcpy = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
ClMemoryAccessCallbackPrefix + "memcpy", IRB.getInt8PtrTy(),		MemIntrinCallbackPrefix + "memcpy", IRB.getInt8PtrTy(),
IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy, nullptr));		IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy, nullptr));
AsanMemset = checkSanitizerInterfaceFunction(M.getOrInsertFunction(		AsanMemset = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
ClMemoryAccessCallbackPrefix + "memset", IRB.getInt8PtrTy(),		MemIntrinCallbackPrefix + "memset", IRB.getInt8PtrTy(),
IRB.getInt8PtrTy(), IRB.getInt32Ty(), IntptrTy, nullptr));		IRB.getInt8PtrTy(), IRB.getInt32Ty(), IntptrTy, nullptr));

AsanHandleNoReturnFunc = checkSanitizerInterfaceFunction(		AsanHandleNoReturnFunc = checkSanitizerInterfaceFunction(
M.getOrInsertFunction(kAsanHandleNoReturnName, IRB.getVoidTy(), nullptr));		M.getOrInsertFunction(kAsanHandleNoReturnName, IRB.getVoidTy(), nullptr));

AsanPtrCmpFunction = checkSanitizerInterfaceFunction(M.getOrInsertFunction(		AsanPtrCmpFunction = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
kAsanPtrCmp, IRB.getVoidTy(), IntptrTy, IntptrTy, nullptr));		kAsanPtrCmp, IRB.getVoidTy(), IntptrTy, IntptrTy, nullptr));
AsanPtrSubFunction = checkSanitizerInterfaceFunction(M.getOrInsertFunction(		AsanPtrSubFunction = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
Show All 10 Lines	bool AddressSanitizer::doInitialization(Module &M) {

GlobalsMD.init(M);		GlobalsMD.init(M);

C = &(M.getContext());		C = &(M.getContext());
LongSize = M.getDataLayout().getPointerSizeInBits();		LongSize = M.getDataLayout().getPointerSizeInBits();
IntptrTy = Type::getIntNTy(*C, LongSize);		IntptrTy = Type::getIntNTy(*C, LongSize);
TargetTriple = Triple(M.getTargetTriple());		TargetTriple = Triple(M.getTargetTriple());

		if (!CompileKernel) {
std::tie(AsanCtorFunction, AsanInitFunction) =		std::tie(AsanCtorFunction, AsanInitFunction) =
		samsonovUnsubmitted Not Done Reply Inline Actions You will access uninitialized memory in `AddressSanitizer::runOnFunction` (potentially in `AddressSanitizer::maybeInsertAsanInitAtFunctionEntry` as well, but the latter is relevant only for Mac). samsonov: You will access uninitialized memory in `AddressSanitizer::runOnFunction` (potentially in…
		gliderAuthorUnsubmitted Not Done Reply Inline Actions In fact I didn't fully understand this piece before. I've looked std::tie up and it's more clear to me now. Moved the assignment outside the condition (or shall we NULL-initialize these fields instead?) glider: In fact I didn't fully understand this piece before. I've looked std::tie up and it's more…
		samsonovUnsubmitted Not Done Reply Inline Actions I would actually prefer a null initialization, as it's weird to create functions that would never be called in KASan mode. samsonov: I would actually prefer a null initialization, as it's weird to create functions that would…
		gliderAuthorUnsubmitted Not Done Reply Inline Actions Done. glider: Done.
createSanitizerCtorAndInitFunctions(M, kAsanModuleCtorName, kAsanInitName,		createSanitizerCtorAndInitFunctions(M, kAsanModuleCtorName, kAsanInitName,
/InitArgTypes=/{},		/InitArgTypes=/{},
/InitArgs=/{});		/InitArgs=/{});

Mapping = getShadowMapping(TargetTriple, LongSize);

appendToGlobalCtors(M, AsanCtorFunction, kAsanCtorAndDtorPriority);		appendToGlobalCtors(M, AsanCtorFunction, kAsanCtorAndDtorPriority);
		}
		Mapping = getShadowMapping(TargetTriple, LongSize, CompileKernel);
return true;		return true;
}		}

bool AddressSanitizer::maybeInsertAsanInitAtFunctionEntry(Function &F) {		bool AddressSanitizer::maybeInsertAsanInitAtFunctionEntry(Function &F) {
// For each NSObject descendant having a +load method, this method is invoked		// For each NSObject descendant having a +load method, this method is invoked
// by the ObjC runtime before any of the static constructors is called.		// by the ObjC runtime before any of the static constructors is called.
// Therefore we need to instrument such methods with a call to __asan_init		// Therefore we need to instrument such methods with a call to __asan_init
// at the beginning in order to initialize our runtime before any access to		// at the beginning in order to initialize our runtime before any access to
▲ Show 20 Lines • Show All 64 Lines • ▼ Show 20 Lines	for (auto &Inst : BB) {
}		}
continue;		continue;
}		}
ToInstrument.push_back(&Inst);		ToInstrument.push_back(&Inst);
NumInsnsPerBB++;		NumInsnsPerBB++;
if (NumInsnsPerBB >= ClMaxInsnsToInstrumentPerBB) break;		if (NumInsnsPerBB >= ClMaxInsnsToInstrumentPerBB) break;
}		}
}		}

bool UseCalls = false;		bool UseCalls =
		samsonovUnsubmitted Not Done Reply Inline Actions bool UseCalls = CompileKernel \|\| (ClInstrumentationWithCallsThreshold >= 0 && ...); samsonov: bool UseCalls = CompileKernel \|\| (ClInstrumentationWithCallsThreshold >= 0 && ...);
		gliderAuthorUnsubmitted Not Done Reply Inline Actions Done. glider: Done.
if (ClInstrumentationWithCallsThreshold >= 0 &&		CompileKernel \|\|
ToInstrument.size() > (unsigned)ClInstrumentationWithCallsThreshold)		(ClInstrumentationWithCallsThreshold >= 0 &&
UseCalls = true;		ToInstrument.size() > (unsigned)ClInstrumentationWithCallsThreshold);

const TargetLibraryInfo *TLI =		const TargetLibraryInfo *TLI =
&getAnalysis<TargetLibraryInfoWrapperPass>().getTLI();		&getAnalysis<TargetLibraryInfoWrapperPass>().getTLI();
const DataLayout &DL = F.getParent()->getDataLayout();		const DataLayout &DL = F.getParent()->getDataLayout();
ObjectSizeOffsetVisitor ObjSizeVis(DL, TLI, F.getContext(),		ObjectSizeOffsetVisitor ObjSizeVis(DL, TLI, F.getContext(),
/RoundToAlign=/true);		/RoundToAlign=/true);

// Instrument.		// Instrument.
int NumInstrumented = 0;		int NumInstrumented = 0;
▲ Show 20 Lines • Show All 198 Lines • ▼ Show 20 Lines	void FunctionStackPoisoner::poisonStack() {
}		}
// Minimal header size (left redzone) is 4 pointers,		// Minimal header size (left redzone) is 4 pointers,
// i.e. 32 bytes on 64-bit platforms and 16 bytes in 32-bit platforms.		// i.e. 32 bytes on 64-bit platforms and 16 bytes in 32-bit platforms.
size_t MinHeaderSize = ASan.LongSize / 2;		size_t MinHeaderSize = ASan.LongSize / 2;
ASanStackFrameLayout L;		ASanStackFrameLayout L;
ComputeASanStackFrameLayout(SVD, 1UL << Mapping.Scale, MinHeaderSize, &L);		ComputeASanStackFrameLayout(SVD, 1UL << Mapping.Scale, MinHeaderSize, &L);
DEBUG(dbgs() << L.DescriptionString << " --- " << L.FrameSize << "\n");		DEBUG(dbgs() << L.DescriptionString << " --- " << L.FrameSize << "\n");
uint64_t LocalStackSize = L.FrameSize;		uint64_t LocalStackSize = L.FrameSize;
bool DoStackMalloc =		bool DoStackMalloc = ClUseAfterReturn && !ASan.CompileKernel &&
ClUseAfterReturn && LocalStackSize <= kMaxStackMallocSize;		LocalStackSize <= kMaxStackMallocSize;
// Don't do dynamic alloca in presence of inline asm: too often it makes		// Don't do dynamic alloca in presence of inline asm: too often it makes
// assumptions on which registers are available. Don't do stack malloc in the		// assumptions on which registers are available. Don't do stack malloc in the
// presence of inline asm on 32-bit platforms for the same reason.		// presence of inline asm on 32-bit platforms for the same reason.
bool DoDynamicAlloca = ClDynamicAllocaStack && !HasNonEmptyInlineAsm;		bool DoDynamicAlloca = ClDynamicAllocaStack && !HasNonEmptyInlineAsm;
DoStackMalloc &= !HasNonEmptyInlineAsm \|\| ASan.LongSize != 32;		DoStackMalloc &= !HasNonEmptyInlineAsm \|\| ASan.LongSize != 32;

Value *StaticAlloca =		Value *StaticAlloca =
DoDynamicAlloca ? nullptr : createAllocaForLayout(IRB, L, false);		DoDynamicAlloca ? nullptr : createAllocaForLayout(IRB, L, false);
▲ Show 20 Lines • Show All 276 Lines • Show Last 20 Lines

tools/clang/include/clang/Basic/Sanitizers.h

	Show First 20 Lines • Show All 46 Lines • ▼ Show 20 Lines
	}			}

	struct SanitizerSet {			struct SanitizerSet {
	SanitizerSet();			SanitizerSet();

	/// \brief Check if a certain (single) sanitizer is enabled.			/// \brief Check if a certain (single) sanitizer is enabled.
	bool has(SanitizerMask K) const;			bool has(SanitizerMask K) const;

				/// \brief Check if one or more sanitizers are enabled.
				bool hasOneOf(SanitizerMask K) const;
				samsonovUnsubmitted Not Done Reply Inline Actions Um, no, I mean to add `hasOneOf` method that would take ArrayRef of sanitizer kinds and return true iff at least one of them is enabled. Then you could call it as... samsonov: Um, no, I mean to add `hasOneOf` method that would take ArrayRef of sanitizer kinds and return…
				gliderAuthorUnsubmitted Not Done Reply Inline Actions This is basically the `has()` method without the `llvm::countPopulation(K) == 1` check. Why not use a mask instead of an ArrayRef? glider: This is basically the `has()` method without the `llvm::countPopulation(K) == 1` check. Why not…
				samsonovUnsubmitted Not Done Reply Inline Actions Yeah, using the mask is also ok. But let's make the name different, so that `has()` method would still always accept a single sanitizer. samsonov: Yeah, using the mask is also ok. But let's make the name different, so that `has()` method…

	/// \brief Enable or disable a certain (single) sanitizer.			/// \brief Enable or disable a certain (single) sanitizer.
	void set(SanitizerMask K, bool Value);			void set(SanitizerMask K, bool Value);

	/// \brief Disable all sanitizers.			/// \brief Disable all sanitizers.
	void clear();			void clear();

	/// \brief Returns true if at least one sanitizer is enabled.			/// \brief Returns true if at least one sanitizer is enabled.
	bool empty() const;			bool empty() const;
	Show All 16 Lines

tools/clang/include/clang/Basic/Sanitizers.def

	Show All 35 Lines
	#ifndef SANITIZER_GROUP			#ifndef SANITIZER_GROUP
	#define SANITIZER_GROUP(NAME, ID, ALIAS)			#define SANITIZER_GROUP(NAME, ID, ALIAS)
	#endif			#endif


	// AddressSanitizer			// AddressSanitizer
	SANITIZER("address", Address)			SANITIZER("address", Address)

				// Kernel AddressSanitizer (KASan)
				samsonovUnsubmitted Not Done Reply Inline Actions What is the "correct" way to capitalize it? KASAN? KASan? samsonov: What is the "correct" way to capitalize it? KASAN? KASan?
				gliderAuthorUnsubmitted Not Done Reply Inline Actions It hasn't been established yet, but Dima says we prefer "KASan" (which surprised me). Fixed here and in tools/clang/lib/CodeGen/CodeGenModule.cpp glider: It hasn't been established yet, but Dima says we prefer "KASan" (which surprised me). Fixed…
				SANITIZER("kernel-address", KernelAddress)

	// MemorySanitizer			// MemorySanitizer
	SANITIZER("memory", Memory)			SANITIZER("memory", Memory)

	// ThreadSanitizer			// ThreadSanitizer
	SANITIZER("thread", Thread)			SANITIZER("thread", Thread)

	// LeakSanitizer			// LeakSanitizer
	SANITIZER("leak", Leak)			SANITIZER("leak", Leak)
	▲ Show 20 Lines • Show All 67 Lines • Show Last 20 Lines

tools/clang/lib/AST/Decl.cpp

Show First 20 Lines • Show All 3,675 Lines • ▼ Show 20 Lines	if (Decls.empty())
return;		return;

std::tie(FirstDecl, LastDecl) = BuildDeclChain(Decls,		std::tie(FirstDecl, LastDecl) = BuildDeclChain(Decls,
/FieldsAlreadyLoaded=/false);		/FieldsAlreadyLoaded=/false);
}		}

bool RecordDecl::mayInsertExtraPadding(bool EmitRemark) const {		bool RecordDecl::mayInsertExtraPadding(bool EmitRemark) const {
ASTContext &Context = getASTContext();		ASTContext &Context = getASTContext();
if (!Context.getLangOpts().Sanitize.has(SanitizerKind::Address) \|\|		if (!Context.getLangOpts().Sanitize.hasOneOf(
		SanitizerKind::Address \| SanitizerKind::KernelAddress) \|\|
		samsonovUnsubmitted Not Done Reply Inline Actions Wow, that's hard to parse. I'd vote for adding a method to `SanitizerSet` if (!Context.getLangOpts().Sanitize.hasOneOf(SanitizerKind::Address, SanitizerKind::KernelAddress) ... That would also be useful in several places below. samsonov: Wow, that's hard to parse. I'd vote for adding a method to `SanitizerSet` if (!Context.
		gliderAuthorUnsubmitted Not Done Reply Inline Actions I've added SanitizerSet::hasAsanOrKasan() -- did you mean that? glider: I've added SanitizerSet::hasAsanOrKasan() -- did you mean that?
		samsonovUnsubmitted Not Done Reply Inline Actions Context.getLangOpts().Sanitize.hasOneOf({SanitizerKind::Address, SanitizerKind::KernelAddress}) samsonov: Context.getLangOpts().Sanitize.hasOneOf({SanitizerKind::Address, SanitizerKind…
		samsonovUnsubmitted Not Done Reply Inline Actions remove extra parens around `hasOneOf` call samsonov: remove extra parens around `hasOneOf` call
		gliderAuthorUnsubmitted Not Done Reply Inline Actions Indeed. glider: Indeed.
!Context.getLangOpts().SanitizeAddressFieldPadding)		!Context.getLangOpts().SanitizeAddressFieldPadding)
return false;		return false;
const auto &Blacklist = Context.getSanitizerBlacklist();		const auto &Blacklist = Context.getSanitizerBlacklist();
const CXXRecordDecl *CXXRD = dyn_cast<CXXRecordDecl>(this);		const CXXRecordDecl *CXXRD = dyn_cast<CXXRecordDecl>(this);
// We may be able to relax some of these requirements.		// We may be able to relax some of these requirements.
int ReasonToReject = -1;		int ReasonToReject = -1;
if (!CXXRD \|\| CXXRD->isExternCContext())		if (!CXXRD \|\| CXXRD->isExternCContext())
ReasonToReject = 0; // is not C++.		ReasonToReject = 0; // is not C++.
▲ Show 20 Lines • Show All 401 Lines • Show Last 20 Lines

tools/clang/lib/Basic/Sanitizers.cpp

	Show All 19 Lines

	SanitizerSet::SanitizerSet() : Mask(0) {}			SanitizerSet::SanitizerSet() : Mask(0) {}

	bool SanitizerSet::has(SanitizerMask K) const {			bool SanitizerSet::has(SanitizerMask K) const {
	assert(llvm::countPopulation(K) == 1);			assert(llvm::countPopulation(K) == 1);
	return Mask & K;			return Mask & K;
	}			}

				bool SanitizerSet::hasOneOf(SanitizerMask K) const {
				return Mask & K;
				}

	void SanitizerSet::set(SanitizerMask K, bool Value) {			void SanitizerSet::set(SanitizerMask K, bool Value) {
	assert(llvm::countPopulation(K) == 1);			assert(llvm::countPopulation(K) == 1);
	Mask = Value ? (Mask \| K) : (Mask & ~K);			Mask = Value ? (Mask \| K) : (Mask & ~K);
	}			}

	void SanitizerSet::clear() {			void SanitizerSet::clear() {
	Mask = 0;			Mask = 0;
	}			}
	Show All 23 Lines

tools/clang/lib/CodeGen/BackendUtil.cpp

Show First 20 Lines • Show All 194 Lines • ▼ Show 20 Lines	static void addSanitizerCoveragePass(const PassManagerBuilder &Builder,
Opts.IndirectCalls = CGOpts.SanitizeCoverageIndirectCalls;		Opts.IndirectCalls = CGOpts.SanitizeCoverageIndirectCalls;
Opts.TraceBB = CGOpts.SanitizeCoverageTraceBB;		Opts.TraceBB = CGOpts.SanitizeCoverageTraceBB;
Opts.TraceCmp = CGOpts.SanitizeCoverageTraceCmp;		Opts.TraceCmp = CGOpts.SanitizeCoverageTraceCmp;
Opts.Use8bitCounters = CGOpts.SanitizeCoverage8bitCounters;		Opts.Use8bitCounters = CGOpts.SanitizeCoverage8bitCounters;
PM.add(createSanitizerCoverageModulePass(Opts));		PM.add(createSanitizerCoverageModulePass(Opts));
}		}

static void addAddressSanitizerPasses(const PassManagerBuilder &Builder,		static void addAddressSanitizerPasses(const PassManagerBuilder &Builder,
legacy::PassManagerBase &PM) {		legacy::PassManagerBase &PM) {
PM.add(createAddressSanitizerFunctionPass());		PM.add(createAddressSanitizerFunctionPass(/CompileKernel/false));
		samsonovUnsubmitted Not Done Reply Inline Actions Pass false here. samsonov: Pass false here.
		gliderAuthorUnsubmitted Not Done Reply Inline Actions Done glider: Done
PM.add(createAddressSanitizerModulePass());		PM.add(createAddressSanitizerModulePass(/CompileKernel/false));
		}

		static void addKernelAddressSanitizerPasses(const PassManagerBuilder &Builder,
		legacy::PassManagerBase &PM) {
		PM.add(createAddressSanitizerFunctionPass(/CompileKernel/true));
		PM.add(createAddressSanitizerModulePass(/CompileKernel/true));
}		}

static void addMemorySanitizerPass(const PassManagerBuilder &Builder,		static void addMemorySanitizerPass(const PassManagerBuilder &Builder,
legacy::PassManagerBase &PM) {		legacy::PassManagerBase &PM) {
const PassManagerBuilderWrapper &BuilderWrapper =		const PassManagerBuilderWrapper &BuilderWrapper =
static_cast<const PassManagerBuilderWrapper&>(Builder);		static_cast<const PassManagerBuilderWrapper&>(Builder);
		samsonovUnsubmitted Not Done Reply Inline Actions See note above - I'm not sure we need a module pass for that. samsonov: See note above - I'm not sure we need a module pass for that.
		gliderAuthorUnsubmitted Not Done Reply Inline Actions Can we keep it provided that we'll have module-level instrumentation soon? glider: Can we keep it provided that we'll have module-level instrumentation soon?
const CodeGenOptions &CGOpts = BuilderWrapper.getCGOpts();		const CodeGenOptions &CGOpts = BuilderWrapper.getCGOpts();
PM.add(createMemorySanitizerPass(CGOpts.SanitizeMemoryTrackOrigins));		PM.add(createMemorySanitizerPass(CGOpts.SanitizeMemoryTrackOrigins));

// MemorySanitizer inserts complex instrumentation that mostly follows		// MemorySanitizer inserts complex instrumentation that mostly follows
// the logic of the original code, but operates on "shadow" values.		// the logic of the original code, but operates on "shadow" values.
// It can benefit from re-running some general purpose optimization passes.		// It can benefit from re-running some general purpose optimization passes.
if (Builder.OptLevel > 0) {		if (Builder.OptLevel > 0) {
PM.add(createEarlyCSEPass());		PM.add(createEarlyCSEPass());
▲ Show 20 Lines • Show All 103 Lines • ▼ Show 20 Lines	void EmitAssemblyHelper::CreatePasses() {

if (LangOpts.Sanitize.has(SanitizerKind::Address)) {		if (LangOpts.Sanitize.has(SanitizerKind::Address)) {
PMBuilder.addExtension(PassManagerBuilder::EP_OptimizerLast,		PMBuilder.addExtension(PassManagerBuilder::EP_OptimizerLast,
addAddressSanitizerPasses);		addAddressSanitizerPasses);
PMBuilder.addExtension(PassManagerBuilder::EP_EnabledOnOptLevel0,		PMBuilder.addExtension(PassManagerBuilder::EP_EnabledOnOptLevel0,
addAddressSanitizerPasses);		addAddressSanitizerPasses);
}		}

		if (LangOpts.Sanitize.has(SanitizerKind::KernelAddress)) {
		PMBuilder.addExtension(PassManagerBuilder::EP_OptimizerLast,
		addKernelAddressSanitizerPasses);
		PMBuilder.addExtension(PassManagerBuilder::EP_EnabledOnOptLevel0,
		addKernelAddressSanitizerPasses);
		}

if (LangOpts.Sanitize.has(SanitizerKind::Memory)) {		if (LangOpts.Sanitize.has(SanitizerKind::Memory)) {
PMBuilder.addExtension(PassManagerBuilder::EP_OptimizerLast,		PMBuilder.addExtension(PassManagerBuilder::EP_OptimizerLast,
addMemorySanitizerPass);		addMemorySanitizerPass);
PMBuilder.addExtension(PassManagerBuilder::EP_EnabledOnOptLevel0,		PMBuilder.addExtension(PassManagerBuilder::EP_EnabledOnOptLevel0,
addMemorySanitizerPass);		addMemorySanitizerPass);
}		}

if (LangOpts.Sanitize.has(SanitizerKind::Thread)) {		if (LangOpts.Sanitize.has(SanitizerKind::Thread)) {
▲ Show 20 Lines • Show All 327 Lines • Show Last 20 Lines

tools/clang/lib/CodeGen/CGDeclCXX.cpp

Show First 20 Lines • Show All 261 Lines • ▼ Show 20 Lines	llvm::Function *CodeGenModule::CreateGlobalInitOrDestructFunction(
SetLLVMFunctionAttributes(nullptr, getTypes().arrangeNullaryFunction(), Fn);		SetLLVMFunctionAttributes(nullptr, getTypes().arrangeNullaryFunction(), Fn);

Fn->setCallingConv(getRuntimeCC());		Fn->setCallingConv(getRuntimeCC());

if (!getLangOpts().Exceptions)		if (!getLangOpts().Exceptions)
Fn->setDoesNotThrow();		Fn->setDoesNotThrow();

if (!isInSanitizerBlacklist(Fn, Loc)) {		if (!isInSanitizerBlacklist(Fn, Loc)) {
if (getLangOpts().Sanitize.has(SanitizerKind::Address))		if (getLangOpts().Sanitize.hasOneOf(SanitizerKind::Address \|
		SanitizerKind::KernelAddress))
		samsonovUnsubmitted Not Done Reply Inline Actions `hasOneOf` samsonov: `hasOneOf`
		gliderAuthorUnsubmitted Not Done Reply Inline Actions Done glider: Done
Fn->addFnAttr(llvm::Attribute::SanitizeAddress);		Fn->addFnAttr(llvm::Attribute::SanitizeAddress);
if (getLangOpts().Sanitize.has(SanitizerKind::Thread))		if (getLangOpts().Sanitize.has(SanitizerKind::Thread))
Fn->addFnAttr(llvm::Attribute::SanitizeThread);		Fn->addFnAttr(llvm::Attribute::SanitizeThread);
if (getLangOpts().Sanitize.has(SanitizerKind::Memory))		if (getLangOpts().Sanitize.has(SanitizerKind::Memory))
Fn->addFnAttr(llvm::Attribute::SanitizeMemory);		Fn->addFnAttr(llvm::Attribute::SanitizeMemory);
if (getLangOpts().Sanitize.has(SanitizerKind::SafeStack))		if (getLangOpts().Sanitize.has(SanitizerKind::SafeStack))
Fn->addFnAttr(llvm::Attribute::SafeStack);		Fn->addFnAttr(llvm::Attribute::SafeStack);
}		}
▲ Show 20 Lines • Show All 320 Lines • Show Last 20 Lines

tools/clang/lib/CodeGen/CodeGenFunction.cpp

Show First 20 Lines • Show All 609 Lines • ▼ Show 20 Lines	void CodeGenFunction::StartFunction(GlobalDecl GD,

if (D) {		if (D) {
// Apply the no_sanitize* attributes to SanOpts.		// Apply the no_sanitize* attributes to SanOpts.
for (auto Attr : D->specific_attrs<NoSanitizeAttr>())		for (auto Attr : D->specific_attrs<NoSanitizeAttr>())
SanOpts.Mask &= ~Attr->getMask();		SanOpts.Mask &= ~Attr->getMask();
}		}

// Apply sanitizer attributes to the function.		// Apply sanitizer attributes to the function.
if (SanOpts.has(SanitizerKind::Address))		if (SanOpts.hasOneOf(SanitizerKind::Address \| SanitizerKind::KernelAddress))
Fn->addFnAttr(llvm::Attribute::SanitizeAddress);		Fn->addFnAttr(llvm::Attribute::SanitizeAddress);
		gliderAuthorUnsubmitted Not Done Reply Inline Actions Note I'm using the same attribute for both userspace and kernel instrumentation. I think we don't need to distinguish between them. glider: Note I'm using the same attribute for both userspace and kernel instrumentation. I think we…
if (SanOpts.has(SanitizerKind::Thread))		if (SanOpts.has(SanitizerKind::Thread))
Fn->addFnAttr(llvm::Attribute::SanitizeThread);		Fn->addFnAttr(llvm::Attribute::SanitizeThread);
if (SanOpts.has(SanitizerKind::Memory))		if (SanOpts.has(SanitizerKind::Memory))
Fn->addFnAttr(llvm::Attribute::SanitizeMemory);		Fn->addFnAttr(llvm::Attribute::SanitizeMemory);
if (SanOpts.has(SanitizerKind::SafeStack))		if (SanOpts.has(SanitizerKind::SafeStack))
Fn->addFnAttr(llvm::Attribute::SafeStack);		Fn->addFnAttr(llvm::Attribute::SafeStack);

// Pass inline keyword to optimizer if it appears explicitly on any		// Pass inline keyword to optimizer if it appears explicitly on any
▲ Show 20 Lines • Show All 1,147 Lines • Show Last 20 Lines

tools/clang/lib/CodeGen/CodeGenModule.cpp

Show First 20 Lines • Show All 1,212 Lines • ▼ Show 20 Lines	if (const auto *MainFile = SM.getFileEntryForID(SM.getMainFileID())) {
return SanitizerBL.isBlacklistedFile(MainFile->getName());		return SanitizerBL.isBlacklistedFile(MainFile->getName());
}		}
return false;		return false;
}		}

bool CodeGenModule::isInSanitizerBlacklist(llvm::GlobalVariable *GV,		bool CodeGenModule::isInSanitizerBlacklist(llvm::GlobalVariable *GV,
SourceLocation Loc, QualType Ty,		SourceLocation Loc, QualType Ty,
StringRef Category) const {		StringRef Category) const {
// For now globals can be blacklisted only in ASan.		// For now globals can be blacklisted only in ASan and KASan.
if (!LangOpts.Sanitize.has(SanitizerKind::Address))		if (!LangOpts.Sanitize.hasOneOf(
		SanitizerKind::Address \| SanitizerKind::KernelAddress))
return false;		return false;
const auto &SanitizerBL = getContext().getSanitizerBlacklist();		const auto &SanitizerBL = getContext().getSanitizerBlacklist();
if (SanitizerBL.isBlacklistedGlobal(GV->getName(), Category))		if (SanitizerBL.isBlacklistedGlobal(GV->getName(), Category))
return true;		return true;
if (SanitizerBL.isBlacklistedLocation(Loc, Category))		if (SanitizerBL.isBlacklistedLocation(Loc, Category))
return true;		return true;
// Check global type.		// Check global type.
if (!Ty.isNull()) {		if (!Ty.isNull()) {
▲ Show 20 Lines • Show All 2,431 Lines • Show Last 20 Lines

tools/clang/lib/CodeGen/SanitizerMetadata.cpp

Show All 19 Lines
using namespace CodeGen;		using namespace CodeGen;

SanitizerMetadata::SanitizerMetadata(CodeGenModule &CGM) : CGM(CGM) {}		SanitizerMetadata::SanitizerMetadata(CodeGenModule &CGM) : CGM(CGM) {}

void SanitizerMetadata::reportGlobalToASan(llvm::GlobalVariable *GV,		void SanitizerMetadata::reportGlobalToASan(llvm::GlobalVariable *GV,
SourceLocation Loc, StringRef Name,		SourceLocation Loc, StringRef Name,
QualType Ty, bool IsDynInit,		QualType Ty, bool IsDynInit,
bool IsBlacklisted) {		bool IsBlacklisted) {
if (!CGM.getLangOpts().Sanitize.has(SanitizerKind::Address))		if (!CGM.getLangOpts().Sanitize.hasOneOf(SanitizerKind::Address \|
		SanitizerKind::KernelAddress))
		samsonovUnsubmitted Not Done Reply Inline Actions (here and below) I think you don't do anything with globals in KASan. Or you want to add it in the following changes soon? samsonov: (here and below) I think you don't do anything with globals in KASan. Or you want to add it in…
		gliderAuthorUnsubmitted Not Done Reply Inline Actions Yes, I'm about to add globals support soon, it's just not working properly yet. glider: Yes, I'm about to add globals support soon, it's just not working properly yet.
return;		return;
IsDynInit &= !CGM.isInSanitizerBlacklist(GV, Loc, Ty, "init");		IsDynInit &= !CGM.isInSanitizerBlacklist(GV, Loc, Ty, "init");
IsBlacklisted \|= CGM.isInSanitizerBlacklist(GV, Loc, Ty);		IsBlacklisted \|= CGM.isInSanitizerBlacklist(GV, Loc, Ty);

llvm::Metadata *LocDescr = nullptr;		llvm::Metadata *LocDescr = nullptr;
llvm::Metadata *GlobalName = nullptr;		llvm::Metadata *GlobalName = nullptr;
llvm::LLVMContext &VMContext = CGM.getLLVMContext();		llvm::LLVMContext &VMContext = CGM.getLLVMContext();
if (!IsBlacklisted) {		if (!IsBlacklisted) {
Show All 14 Lines	void SanitizerMetadata::reportGlobalToASan(llvm::GlobalVariable *GV,
llvm::MDNode *ThisGlobal = llvm::MDNode::get(VMContext, GlobalMetadata);		llvm::MDNode *ThisGlobal = llvm::MDNode::get(VMContext, GlobalMetadata);
llvm::NamedMDNode *AsanGlobals =		llvm::NamedMDNode *AsanGlobals =
CGM.getModule().getOrInsertNamedMetadata("llvm.asan.globals");		CGM.getModule().getOrInsertNamedMetadata("llvm.asan.globals");
AsanGlobals->addOperand(ThisGlobal);		AsanGlobals->addOperand(ThisGlobal);
}		}

void SanitizerMetadata::reportGlobalToASan(llvm::GlobalVariable *GV,		void SanitizerMetadata::reportGlobalToASan(llvm::GlobalVariable *GV,
const VarDecl &D, bool IsDynInit) {		const VarDecl &D, bool IsDynInit) {
if (!CGM.getLangOpts().Sanitize.has(SanitizerKind::Address))		if (!CGM.getLangOpts().Sanitize.hasOneOf(SanitizerKind::Address \|
		SanitizerKind::KernelAddress))
return;		return;
std::string QualName;		std::string QualName;
llvm::raw_string_ostream OS(QualName);		llvm::raw_string_ostream OS(QualName);
D.printQualifiedName(OS);		D.printQualifiedName(OS);
reportGlobalToASan(GV, D.getLocation(), OS.str(), D.getType(), IsDynInit);		reportGlobalToASan(GV, D.getLocation(), OS.str(), D.getType(), IsDynInit);
}		}

void SanitizerMetadata::disableSanitizerForGlobal(llvm::GlobalVariable *GV) {		void SanitizerMetadata::disableSanitizerForGlobal(llvm::GlobalVariable *GV) {
// For now, just make sure the global is not modified by the ASan		// For now, just make sure the global is not modified by the ASan
// instrumentation.		// instrumentation.
if (CGM.getLangOpts().Sanitize.has(SanitizerKind::Address))		if (CGM.getLangOpts().Sanitize.hasOneOf(SanitizerKind::Address \|
		SanitizerKind::KernelAddress))
reportGlobalToASan(GV, SourceLocation(), "", QualType(), false, true);		reportGlobalToASan(GV, SourceLocation(), "", QualType(), false, true);
}		}

void SanitizerMetadata::disableSanitizerForInstruction(llvm::Instruction *I) {		void SanitizerMetadata::disableSanitizerForInstruction(llvm::Instruction *I) {
I->setMetadata(CGM.getModule().getMDKindID("nosanitize"),		I->setMetadata(CGM.getModule().getMDKindID("nosanitize"),
llvm::MDNode::get(CGM.getLLVMContext(), None));		llvm::MDNode::get(CGM.getLLVMContext(), None));
}		}

Show All 14 Lines

tools/clang/lib/Driver/SanitizerArgs.cpp

Show First 20 Lines • Show All 243 Lines • ▼ Show 20 Lines	D.Diag(clang::diag::err_drv_argument_not_allowed_with)
<< "-fsanitize-undefined-trap-on-error";		<< "-fsanitize-undefined-trap-on-error";
Kinds &= ~NotAllowedWithTrap;		Kinds &= ~NotAllowedWithTrap;
}		}

// Warn about incompatible groups of sanitizers.		// Warn about incompatible groups of sanitizers.
std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = {		std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = {
std::make_pair(Address, Thread), std::make_pair(Address, Memory),		std::make_pair(Address, Thread), std::make_pair(Address, Memory),
std::make_pair(Thread, Memory), std::make_pair(Leak, Thread),		std::make_pair(Thread, Memory), std::make_pair(Leak, Thread),
std::make_pair(Leak, Memory)};		std::make_pair(Leak, Memory), std::make_pair(KernelAddress, Address),
		std::make_pair(KernelAddress, Leak),
		std::make_pair(KernelAddress, Thread),
		std::make_pair(KernelAddress, Memory)};
for (auto G : IncompatibleGroups) {		for (auto G : IncompatibleGroups) {
SanitizerMask Group = G.first;		SanitizerMask Group = G.first;
if (Kinds & Group) {		if (Kinds & Group) {
if (SanitizerMask Incompatible = Kinds & G.second) {		if (SanitizerMask Incompatible = Kinds & G.second) {
D.Diag(clang::diag::err_drv_argument_not_allowed_with)		D.Diag(clang::diag::err_drv_argument_not_allowed_with)
<< lastArgumentForMask(D, Args, Group)		<< lastArgumentForMask(D, Args, Group)
<< lastArgumentForMask(D, Args, Incompatible);		<< lastArgumentForMask(D, Args, Incompatible);
Kinds &= ~Incompatible;		Kinds &= ~Incompatible;
▲ Show 20 Lines • Show All 353 Lines • Show Last 20 Lines

tools/clang/lib/Lex/PPMacroExpansion.cpp

Show First 20 Lines • Show All 1,043 Lines • ▼ Show 20 Lines	static bool HasFeature(const Preprocessor &PP, const IdentifierInfo *II) {
const LangOptions &LangOpts = PP.getLangOpts();		const LangOptions &LangOpts = PP.getLangOpts();
StringRef Feature = II->getName();		StringRef Feature = II->getName();

// Normalize the feature name, __foo__ becomes foo.		// Normalize the feature name, __foo__ becomes foo.
if (Feature.startswith("__") && Feature.endswith("__") && Feature.size() >= 4)		if (Feature.startswith("__") && Feature.endswith("__") && Feature.size() >= 4)
Feature = Feature.substr(2, Feature.size() - 4);		Feature = Feature.substr(2, Feature.size() - 4);

return llvm::StringSwitch<bool>(Feature)		return llvm::StringSwitch<bool>(Feature)
.Case("address_sanitizer", LangOpts.Sanitize.has(SanitizerKind::Address))		.Case("address_sanitizer",
		LangOpts.Sanitize.hasOneOf(SanitizerKind::Address \|
		SanitizerKind::KernelAddress))
.Case("attribute_analyzer_noreturn", true)		.Case("attribute_analyzer_noreturn", true)
.Case("attribute_availability", true)		.Case("attribute_availability", true)
.Case("attribute_availability_with_message", true)		.Case("attribute_availability_with_message", true)
.Case("attribute_availability_app_extension", true)		.Case("attribute_availability_app_extension", true)
.Case("attribute_cf_returns_not_retained", true)		.Case("attribute_cf_returns_not_retained", true)
.Case("attribute_cf_returns_retained", true)		.Case("attribute_cf_returns_retained", true)
.Case("attribute_deprecated_with_message", true)		.Case("attribute_deprecated_with_message", true)
.Case("attribute_ext_vector_type", true)		.Case("attribute_ext_vector_type", true)
▲ Show 20 Lines • Show All 715 Lines • Show Last 20 Lines

tools/clang/test/CodeGen/address-safety-attr-kasan.cpp

				// Make sure the sanitize_address attribute is emitted when using both ASan and KASan.
				// Also document that __attribute__((no_sanitize_address)) doesn't disable KASan instrumentation.

				/// RUN: %clang_cc1 -triple i386-unknown-linux -emit-llvm -o - %s \| FileCheck -check-prefix=CHECK-NOASAN %s
				/// RUN: %clang_cc1 -triple i386-unknown-linux -fsanitize=address -emit-llvm -o - %s \| FileCheck -check-prefix=CHECK-ASAN %s
				samsonovUnsubmitted Not Done Reply Inline Actions Please specify triple (or merge this into `address-safety-attr.cpp` somehow) samsonov: Please specify triple (or merge this into `address-safety-attr.cpp` somehow)
				gliderAuthorUnsubmitted Not Done Reply Inline Actions Done. glider: Done.
				/// RUN: %clang_cc1 -triple i386-unknown-linux -fsanitize=kernel-address -emit-llvm -o - %s \| FileCheck -check-prefix=CHECK-KASAN %s

				int HasSanitizeAddress() {
				return 1;
				}
				// CHECK-NOASAN: {{Function Attrs: nounwind$}}
				samsonovUnsubmitted Not Done Reply Inline Actions `Function Attrs: nounwind sanitize_address` would match this CHECK-NOASAN line samsonov: `Function Attrs: nounwind sanitize_address` would match this CHECK-NOASAN line
				gliderAuthorUnsubmitted Not Done Reply Inline Actions Added a $ after "nounwind" glider: Added a $ after "nounwind"
				samsonovUnsubmitted Not Done Reply Inline Actions Please check this syntax. I thought that [[]] is used to define FileCheck variables, while {{}} are used for regular expressions. samsonov: Please check this syntax. I thought that [[]] is used to define FileCheck variables, while {{}}…
				gliderAuthorUnsubmitted Not Done Reply Inline Actions Yeah, that's right. glider: Yeah, that's right.
				// CHECK-ASAN: Function Attrs: nounwind sanitize_address
				// CHECK-KASAN: Function Attrs: nounwind sanitize_address

				__attribute__((no_sanitize("address")))
				int NoSanitizeQuoteAddress() {
				return 0;
				}
				// CHECK-NOASAN: {{Function Attrs: nounwind$}}
				// CHECK-ASAN: {{Function Attrs: nounwind$}}
				// CHECK-KASAN: {{Function Attrs: nounwind sanitize_address$}}

				__attribute__((no_sanitize_address))
				int NoSanitizeAddress() {
				return 0;
				}
				// CHECK-NOASAN: {{Function Attrs: nounwind$}}
				// CHECK-ASAN: {{Function Attrs: nounwind$}}
				// CHECK-KASAN: {{Function Attrs: nounwind sanitize_address$}}

				__attribute__((no_sanitize("kernel-address")))
				int NoSanitizeKernelAddress() {
				return 0;
				}

				// CHECK-NOASAN: {{Function Attrs: nounwind$}}
				// CHECK-ASAN: {{Function Attrs: nounwind sanitize_address$}}
				// CHECK-KASAN: {{Function Attrs: nounwind$}}

tools/clang/test/Driver/asan.c

	// RUN: %clang -target i386-unknown-unknown -fsanitize=address %s -S -emit-llvm -o - \| FileCheck %s			// RUN: %clang -target i386-unknown-linux -fsanitize=address %s -S -emit-llvm -o - \| FileCheck %s --check-prefix=CHECK-ASAN
	// RUN: %clang -O1 -target i386-unknown-unknown -fsanitize=address %s -S -emit-llvm -o - \| FileCheck %s			// RUN: %clang -O1 -target i386-unknown-linux -fsanitize=address %s -S -emit-llvm -o - \| FileCheck %s --check-prefix=CHECK-ASAN
	// RUN: %clang -O2 -target i386-unknown-unknown -fsanitize=address %s -S -emit-llvm -o - \| FileCheck %s			// RUN: %clang -O2 -target i386-unknown-linux -fsanitize=address %s -S -emit-llvm -o - \| FileCheck %s --check-prefix=CHECK-ASAN
	// RUN: %clang -O3 -target i386-unknown-unknown -fsanitize=address %s -S -emit-llvm -o - \| FileCheck %s			// RUN: %clang -O3 -target i386-unknown-linux -fsanitize=address %s -S -emit-llvm -o - \| FileCheck %s --check-prefix=CHECK-ASAN
	// Verify that -fsanitize=address invokes asan instrumentation.			// RUN: %clang -target i386-unknown-linux -fsanitize=kernel-address %s -S -emit-llvm -o - \| FileCheck %s --check-prefix=CHECK-KASAN
				// RUN: %clang -O1 -target i386-unknown-linux -fsanitize=kernel-address %s -S -emit-llvm -o - \| FileCheck %s --check-prefix=CHECK-KASAN
				// RUN: %clang -O2 -target i386-unknown-linux -fsanitize=kernel-address %s -S -emit-llvm -o - \| FileCheck %s --check-prefix=CHECK-KASAN
				// RUN: %clang -O3 -target i386-unknown-linux -fsanitize=kernel-address %s -S -emit-llvm -o - \| FileCheck %s --check-prefix=CHECK-KASAN
				// Verify that -fsanitize={address,kernel-address} invoke ASan and KASan instrumentation.
				samsonovUnsubmitted Not Done Reply Inline Actions while you're here, please add linux to original RUN-lines as well. samsonov: while you're here, please add linux to original RUN-lines as well.
				gliderAuthorUnsubmitted Not Done Reply Inline Actions Done glider: Done

	int foo(int a) { return a; }			int foo(int a) { return a; }
	// CHECK: __asan_init			// CHECK-ASAN: __asan_init
				// CHECK-KASAN: __asan_load4_noabort

tools/clang/test/Driver/fsanitize.c

	Show First 20 Lines • Show All 51 Lines • ▼ Show 20 Lines
	// CHECK-SANM-SANT: '-fsanitize=thread' not allowed with '-fsanitize=memory'			// CHECK-SANM-SANT: '-fsanitize=thread' not allowed with '-fsanitize=memory'

	// RUN: %clang -target x86_64-linux-gnu -fsanitize=leak,thread -pie -fno-rtti %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-SANL-SANT			// RUN: %clang -target x86_64-linux-gnu -fsanitize=leak,thread -pie -fno-rtti %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-SANL-SANT
	// CHECK-SANL-SANT: '-fsanitize=leak' not allowed with '-fsanitize=thread'			// CHECK-SANL-SANT: '-fsanitize=leak' not allowed with '-fsanitize=thread'

	// RUN: %clang -target x86_64-linux-gnu -fsanitize=leak,memory -pie -fno-rtti %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-SANL-SANM			// RUN: %clang -target x86_64-linux-gnu -fsanitize=leak,memory -pie -fno-rtti %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-SANL-SANM
	// CHECK-SANL-SANM: '-fsanitize=leak' not allowed with '-fsanitize=memory'			// CHECK-SANL-SANM: '-fsanitize=leak' not allowed with '-fsanitize=memory'

				// RUN: %clang -target x86_64-linux-gnu -fsanitize=kernel-address,thread -fno-rtti %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-SANKA-SANT
				// CHECK-SANKA-SANT: '-fsanitize=kernel-address' not allowed with '-fsanitize=thread'

				// RUN: %clang -target x86_64-linux-gnu -fsanitize=kernel-address,memory -pie -fno-rtti %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-SANKA-SANM
				// CHECK-SANKA-SANM: '-fsanitize=kernel-address' not allowed with '-fsanitize=memory'

				// RUN: %clang -target x86_64-linux-gnu -fsanitize=kernel-address,address -fno-rtti %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-SANKA-SANA
				// CHECK-SANKA-SANA: '-fsanitize=kernel-address' not allowed with '-fsanitize=address'

				// RUN: %clang -target x86_64-linux-gnu -fsanitize=kernel-address,leak -pie -fno-rtti %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-SANKA-SANL
				// CHECK-SANKA-SANL: '-fsanitize=kernel-address' not allowed with '-fsanitize=leak'

	// RUN: %clang -target x86_64-linux-gnu -fsanitize-memory-track-origins -pie %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-ONLY-TRACK-ORIGINS			// RUN: %clang -target x86_64-linux-gnu -fsanitize-memory-track-origins -pie %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-ONLY-TRACK-ORIGINS
	// CHECK-ONLY-TRACK-ORIGINS: warning: argument unused during compilation: '-fsanitize-memory-track-origins'			// CHECK-ONLY-TRACK-ORIGINS: warning: argument unused during compilation: '-fsanitize-memory-track-origins'

	// RUN: %clang -target x86_64-linux-gnu -fsanitize=memory -fno-sanitize=memory -fsanitize-memory-track-origins -pie %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-TRACK-ORIGINS-DISABLED-MSAN			// RUN: %clang -target x86_64-linux-gnu -fsanitize=memory -fno-sanitize=memory -fsanitize-memory-track-origins -pie %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-TRACK-ORIGINS-DISABLED-MSAN
	// CHECK-TRACK-ORIGINS-DISABLED-MSAN-NOT: warning: argument unused			// CHECK-TRACK-ORIGINS-DISABLED-MSAN-NOT: warning: argument unused

	// RUN: %clang -target x86_64-linux-gnu -fsanitize=address %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-NO-EXTRA-TRACK-ORIGINS			// RUN: %clang -target x86_64-linux-gnu -fsanitize=address %s -### 2>&1 \| FileCheck %s --check-prefix=CHECK-NO-EXTRA-TRACK-ORIGINS
	// CHECK-NO-EXTRA-TRACK-ORIGINS-NOT: "-fsanitize-memory-track-origins"			// CHECK-NO-EXTRA-TRACK-ORIGINS-NOT: "-fsanitize-memory-track-origins"
	▲ Show 20 Lines • Show All 163 Lines • Show Last 20 Lines

tools/clang/test/Lexer/has_feature_address_sanitizer.cpp

	// RUN: %clang_cc1 -E -fsanitize=address %s -o - \| FileCheck --check-prefix=CHECK-ASAN %s			// RUN: %clang_cc1 -E -fsanitize=address %s -o - \| FileCheck --check-prefix=CHECK-ASAN %s
				// RUN: %clang_cc1 -E -fsanitize=kernel-address %s -o - \| FileCheck --check-prefix=CHECK-ASAN %s
	// RUN: %clang_cc1 -E %s -o - \| FileCheck --check-prefix=CHECK-NO-ASAN %s			// RUN: %clang_cc1 -E %s -o - \| FileCheck --check-prefix=CHECK-NO-ASAN %s

	#if __has_feature(address_sanitizer)			#if __has_feature(address_sanitizer)
	int AddressSanitizerEnabled();			int AddressSanitizerEnabled();
	#else			#else
	int AddressSanitizerDisabled();			int AddressSanitizerDisabled();
	#endif			#endif

	// CHECK-ASAN: AddressSanitizerEnabled			// CHECK-ASAN: AddressSanitizerEnabled
	// CHECK-NO-ASAN: AddressSanitizerDisabled			// CHECK-NO-ASAN: AddressSanitizerDisabled

This is an archive of the discontinued LLVM Phabricator instance.

[ASan] Initial support for Kernel AddressSanitizerClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 28016

include/llvm/Transforms/Instrumentation.h

lib/Transforms/Instrumentation/AddressSanitizer.cpp

tools/clang/include/clang/Basic/Sanitizers.h

tools/clang/include/clang/Basic/Sanitizers.def

tools/clang/lib/AST/Decl.cpp

tools/clang/lib/Basic/Sanitizers.cpp

tools/clang/lib/CodeGen/BackendUtil.cpp

tools/clang/lib/CodeGen/CGDeclCXX.cpp

tools/clang/lib/CodeGen/CodeGenFunction.cpp

tools/clang/lib/CodeGen/CodeGenModule.cpp

tools/clang/lib/CodeGen/SanitizerMetadata.cpp

tools/clang/lib/Driver/SanitizerArgs.cpp

tools/clang/lib/Lex/PPMacroExpansion.cpp

tools/clang/test/CodeGen/address-safety-attr-kasan.cpp

tools/clang/test/Driver/asan.c

tools/clang/test/Driver/fsanitize.c

tools/clang/test/Lexer/has_feature_address_sanitizer.cpp

[ASan] Initial support for Kernel AddressSanitizer
ClosedPublic