This is an archive of the discontinued LLVM Phabricator instance.

Differential D12704

[ASan] Don't instrument promotable dynamic allocas.
ClosedPublic

Authored by samsonov on Sep 8 2015, 1:48 PM.

Details

Reviewers
ygribov
m.ostapenko
Commits
rG8daaf8b09b32: [ASan] Minor fixes to dynamic allocas handling:
rL251045: [ASan] Minor fixes to dynamic allocas handling:
Summary

We already have a test that checks that promotable dynamic allocas are
ignored, as well as static promotable allocas. Make sure this test will
still pass if/when we enable dynamic alloca instrumentation by default.

Diff Detail

Repository
rL LLVM

Event Timeline

samsonov updated this revision to Diff 34252.Sep 8 2015, 1:48 PM
samsonov retitled this revision from to [ASan] Don't instrument promotable dynamic allocas..
samsonov updated this object.
samsonov added a reviewer: ygribov.
samsonov added a subscriber: llvm-commits.
samsonov updated this revision to Diff 34370.Sep 9 2015, 2:52 PM
  • [ASan] Handle lifetime intrinsics before handling dynamic allocas.
samsonov added a reviewer: m.ostapenko.Sep 9 2015, 2:58 PM
m.ostapenko edited edge metadata.Sep 10 2015, 9:01 AM

Thanks for fixing this! Just one question below.

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1800 ↗(On Diff #34370)

lifetime intrinsics may refer to dynamic allocas, so we need to emit instrumentation before these dynamic allocas would be replaced.

Well, if we instrument dynamic alloca related to some lifetime intrinsic first time and instrument it in handleDynamicAllocaCall() second time, we may end up with redzones would be mixed, right? Anyway, looking to poisonAlloca(...) function:

void FunctionStackPoisoner::poisonAlloca(Value *V, uint64_t Size,
                                         IRBuilder<> &IRB, bool DoPoison) {
  // For now just insert the call to ASan runtime.
  Value *AddrArg = IRB.CreatePointerCast(V, IntptrTy);
  Value *SizeArg = ConstantInt::get(IntptrTy, Size);
  IRB.CreateCall(
      DoPoison ? AsanPoisonStackMemoryFunc : AsanUnpoisonStackMemoryFunc,
      {AddrArg, SizeArg});
}

Size parameter is uint64_t, so it seems we can poison static allocas only.

So, I'm wondering, is that the case?

m.ostapenko accepted this revision.Sep 28 2015, 7:42 AM
m.ostapenko edited edge metadata.

Ah, right, I see that we indeed can mess with dynamic allocas and lifetime intrinsics here (in such cases, when alloca's size is known in compile time, but it's treated as dynamic one for others reasons).

Alexey, could you please land this?

Thanks!

lib/Transforms/Instrumentation/AddressSanitizer.cpp
433 ↗(On Diff #34370)

I wonder if we should remove isArrayAllocation() from this filter.

This revision is now accepted and ready to land.Sep 28 2015, 7:42 AM
m.ostapenko added a comment.Oct 22 2015, 9:53 AM

Alexey, could you commit this please? It would be very nice to try enable dynamic alloca instrumentation in Clang.

samsonov added a comment.Oct 22 2015, 12:37 PM

Looking into this now. Sorry for the delay!

samsonov added inline comments.Oct 22 2015, 12:52 PM
lib/Transforms/Instrumentation/AddressSanitizer.cpp
433 ↗(On Diff #34370)

Let's handle this separately.

1800 ↗(On Diff #34370)

Yes. Alloca will be treated as "dynamic" if it has constant size, but it's not located in the function entry block, for instance.

AsanPoisonStackMemoryFunc is severely undertested (and half-dead), specially in presence of dynamic allocas, so for now I think it's fine to keep "correctness" in the sense of "keep tests we have working". I'm not sure that poisoning left and right redzoes in __asan_alloca_poison() would conflict with poisoning the alloca itself on lifetime intrinsics.

Closed by commit rL251045: [ASan] Minor fixes to dynamic allocas handling: (authored by samsonov). · Explain WhyOct 22 2015, 12:54 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
trunk/
lib/
Transforms/
Instrumentation/
23 lines
test/
Instrumentation/
AddressSanitizer/
1 line

Diff 38158

llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp

Show First 20 LinesShow All 834 Lines▼ Show 20 Lines if (PreviouslySeenAllocaInfo != ProcessedAllocas.end())
return PreviouslySeenAllocaInfo->getSecond(); return PreviouslySeenAllocaInfo->getSecond();
bool IsInteresting = bool IsInteresting =
(AI.getAllocatedType()->isSized() && (AI.getAllocatedType()->isSized() &&
// alloca() may be called with 0 size, ignore it. // alloca() may be called with 0 size, ignore it.
getAllocaSizeInBytes(&AI) > 0 && getAllocaSizeInBytes(&AI) > 0 &&
// We are only interested in allocas not promotable to registers. // We are only interested in allocas not promotable to registers.
// Promotable allocas are common under -O0. // Promotable allocas are common under -O0.
(!ClSkipPromotableAllocas || !isAllocaPromotable(&AI) || (!ClSkipPromotableAllocas || !isAllocaPromotable(&AI)));
isDynamicAlloca(AI)));
ProcessedAllocas[&AI] = IsInteresting; ProcessedAllocas[&AI] = IsInteresting;
return IsInteresting; return IsInteresting;
} }
/// If I is an interesting memory access, return the PointerOperand /// If I is an interesting memory access, return the PointerOperand
/// and set IsWrite/Alignment. Otherwise return nullptr. /// and set IsWrite/Alignment. Otherwise return nullptr.
Value *AddressSanitizer::isInterestingMemoryAccess(Instruction *I, Value *AddressSanitizer::isInterestingMemoryAccess(Instruction *I,
▲ Show 20 LinesShow All 941 Lines▼ Show 20 Linesvoid FunctionStackPoisoner::createDynamicAllocasInitStorage() {
DynamicAllocaLayout = IRB.CreateAlloca(IntptrTy, nullptr); DynamicAllocaLayout = IRB.CreateAlloca(IntptrTy, nullptr);
IRB.CreateStore(Constant::getNullValue(IntptrTy), DynamicAllocaLayout); IRB.CreateStore(Constant::getNullValue(IntptrTy), DynamicAllocaLayout);
DynamicAllocaLayout->setAlignment(32); DynamicAllocaLayout->setAlignment(32);
} }
void FunctionStackPoisoner::poisonStack() { void FunctionStackPoisoner::poisonStack() {
assert(AllocaVec.size() > 0 || DynamicAllocaVec.size() > 0); assert(AllocaVec.size() > 0 || DynamicAllocaVec.size() > 0);
// Insert poison calls for lifetime intrinsics for alloca.
bool HavePoisonedAllocas = false;
for (const auto &APC : AllocaPoisonCallVec) {
assert(APC.InsBefore);
assert(APC.AI);
IRBuilder<> IRB(APC.InsBefore);
poisonAlloca(APC.AI, APC.Size, IRB, APC.DoPoison);
HavePoisonedAllocas |= APC.DoPoison;
}
if (ClInstrumentAllocas && DynamicAllocaVec.size() > 0) { if (ClInstrumentAllocas && DynamicAllocaVec.size() > 0) {
// Handle dynamic allocas. // Handle dynamic allocas.
createDynamicAllocasInitStorage(); createDynamicAllocasInitStorage();
for (auto &AI : DynamicAllocaVec) handleDynamicAllocaCall(AI); for (auto &AI : DynamicAllocaVec) handleDynamicAllocaCall(AI);
unpoisonDynamicAllocas(); unpoisonDynamicAllocas();
} }
▲ Show 20 LinesShow All 91 Lines▼ Show 20 Linesvoid FunctionStackPoisoner::poisonStack() {
} else { } else {
// void *FakeStack = nullptr; // void *FakeStack = nullptr;
// void *LocalStackBase = alloca(LocalStackSize); // void *LocalStackBase = alloca(LocalStackSize);
FakeStack = ConstantInt::get(IntptrTy, 0); FakeStack = ConstantInt::get(IntptrTy, 0);
LocalStackBase = LocalStackBase =
DoDynamicAlloca ? createAllocaForLayout(IRB, L, true) : StaticAlloca; DoDynamicAlloca ? createAllocaForLayout(IRB, L, true) : StaticAlloca;
} }
// Insert poison calls for lifetime intrinsics for alloca.
bool HavePoisonedAllocas = false;
for (const auto &APC : AllocaPoisonCallVec) {
assert(APC.InsBefore);
assert(APC.AI);
IRBuilder<> IRB(APC.InsBefore);
poisonAlloca(APC.AI, APC.Size, IRB, APC.DoPoison);
HavePoisonedAllocas |= APC.DoPoison;
}
// Replace Alloca instructions with base+offset. // Replace Alloca instructions with base+offset.
for (const auto &Desc : SVD) { for (const auto &Desc : SVD) {
AllocaInst *AI = Desc.AI; AllocaInst *AI = Desc.AI;
Value *NewAllocaPtr = IRB.CreateIntToPtr( Value *NewAllocaPtr = IRB.CreateIntToPtr(
IRB.CreateAdd(LocalStackBase, ConstantInt::get(IntptrTy, Desc.Offset)), IRB.CreateAdd(LocalStackBase, ConstantInt::get(IntptrTy, Desc.Offset)),
AI->getType()); AI->getType());
replaceDbgDeclareForAlloca(AI, NewAllocaPtr, DIB, /*Deref=*/true); replaceDbgDeclareForAlloca(AI, NewAllocaPtr, DIB, /*Deref=*/true);
AI->replaceAllUsesWith(NewAllocaPtr); AI->replaceAllUsesWith(NewAllocaPtr);
▲ Show 20 LinesShow All 212 LinesShow Last 20 Lines

llvm/trunk/test/Instrumentation/AddressSanitizer/debug_info_noninstrumented_alloca.ll

; This test checks that non-instrumented allocas stay in the first basic block. ; This test checks that non-instrumented allocas stay in the first basic block.
; Only first-basic-block allocas are considered stack slots, and moving them ; Only first-basic-block allocas are considered stack slots, and moving them
; breaks debug info. ; breaks debug info.
; RUN: opt < %s -asan -asan-module -S | FileCheck %s ; RUN: opt < %s -asan -asan-module -S | FileCheck %s
; RUN: opt < %s -asan -asan-module -asan-instrument-allocas=1 -S | FileCheck %s
target datalayout = "e-m:o-i64:64-f80:128-n8:16:32:64-S128" target datalayout = "e-m:o-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-apple-macosx10.10.0" target triple = "x86_64-apple-macosx10.10.0"
define i32 @foo() sanitize_address { define i32 @foo() sanitize_address {
entry: entry:
; Won't be instrumented because of asan-skip-promotable-allocas. ; Won't be instrumented because of asan-skip-promotable-allocas.
%non_instrumented1 = alloca i32, align 4 %non_instrumented1 = alloca i32, align 4
Show All 26 Lines