This is an archive of the discontinued LLVM Phabricator instance.

Differential D4203

[RFC] Print exact source locations of global variables in ASan error reports.
AbandonedPublic

Authored by samsonov on Jun 18 2014, 7:14 PM.

Details

Reviewers
kcc
glider
eugenis
Summary

This changes introduces llvm.asan.globals metadata, which can be
used by the frontend to provide additional information about the LLVM
global variables, namely:

  1. source location (file/line/column) of corresponding globals in the user code.

These locations will be available at runtime, and will be printed in the
error report if needed, even if the binary is built without debug info.

  1. whether global is dynamically initialized. This replaces

llvm.asan.dynamically_initialized_globals metadata used to detect init-order bugs.

  1. whether the global is blacklisted. This is a first step to move all blacklist

functionality to the frontend.

Note: This is an ABI-breaking change. All users of ASan runtime library will have
to emit new layout of __asan_global structure (now it has one more field).

If you're OK with this change, I will commit it with extra ASan output tests,
checking that we're actually reporting source locations for global variables,
function-static variables and simple string literals.

Diff Detail

Event Timeline

samsonov updated this revision to Diff 10601.Jun 18 2014, 7:14 PM
samsonov retitled this revision from to [RFC] Print exact source locations of global variables in ASan error reports..
samsonov updated this object.
samsonov edited the test plan for this revision. (Show Details)
samsonov added reviewers: kcc, eugenis.
samsonov added subscribers: Unknown Object (MLST), Unknown Object (MLST).
kcc edited edge metadata.Jun 19 2014, 2:11 AM
kcc added a subscriber: glider.

seems reasonable, now let's see the tests.

+glider, who is looking around the same parts of code currently.

lib/Transforms/Instrumentation/AddressSanitizer.cpp
247

can this be done with a single lookup to SourceLocation and only if DN->getOperand(1) is non-zero?

glider added a comment.Jun 19 2014, 10:21 AM

Didn't look deep, but here's one note.

projects/compiler-rt/lib/asan/asan_interface_internal.h
54

If you store file and line/column location separately you can probably save some memory.

samsonov updated this revision to Diff 10663.Jun 19 2014, 3:29 PM
samsonov edited edge metadata.

Address kcc's comment. Add tests for the new functionality.

samsonov updated this revision to Diff 10664.Jun 19 2014, 3:30 PM

Upload the correct fileset.

lib/Transforms/Instrumentation/AddressSanitizer.cpp
247

Done.

projects/compiler-rt/lib/asan/asan_interface_internal.h
54

Maybe, but 8 byte per global is not a big deal (we spend a bunch of memory for redzones anyway). I'd like to keep source location in a struct. In future we may be able to share it between different sanitizers. E.g. UBSan already has it, and uses the same layout.

kcc added a comment.Jun 20 2014, 12:45 AM

looks good once you bump the version of __asan_init, but please also wait for glider's review.

projects/compiler-rt/lib/asan/asan_interface_internal.h
54

you need to bump the version of __asan_init_vN

glider added a comment.Jun 20 2014, 6:31 AM

AddressSanitizer.cpp LGTM

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1069

nit: spare newline?

projects/compiler-rt/test/asan/TestCases/global-location.cc
12

"struct C", maybe?

18

Do you need the slash before global-location.cc? Isn't it possible that there's no directory prefix (maybe not in the current setup)?

samsonov updated this revision to Diff 10773.Jun 23 2014, 11:24 PM

Bumped __asan_init version to mark ABI change.
Addressed comments by glider.

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1069

Done

projects/compiler-rt/lib/asan/asan_interface_internal.h
54

Done.

projects/compiler-rt/test/asan/TestCases/global-location.cc
12

Done

18

Done.

samsonov added a reviewer: glider.Jun 30 2014, 6:48 PM

Any more comments on this?

samsonov updated this revision to Diff 11027.Jul 2 2014, 9:19 AM

Rebase to trunk.

samsonov added a comment.Jul 2 2014, 10:02 AM

In offline discussion glider confirmed that he's OK with instrumentation pass and is not familiar enough with Clang code. I've tested this change on a large codebase and found no regressions. Existing reports global-buffer-overflow bugs are extended with source location information as expected. I'm going to submit this now.

samsonov abandoned this revision.Jul 2 2014, 1:46 PM

Revision Contents

PathSize
lib/
Transforms/
Instrumentation/
126 lines
projects/
compiler-rt/
lib/
asan/
8 lines
15 lines
35 lines
test/
asan/
TestCases/
38 lines
test/
Instrumentation/
AddressSanitizer/
63 lines
4 lines
8 lines
tools/
clang/
lib/
CodeGen/
2 lines
3 lines
58 lines
test/
CodeGen/
23 lines
13 lines

Diff 11027

lib/Transforms/Instrumentation/AddressSanitizer.cpp

Show All 10 Lines
// Details of the algorithm: // Details of the algorithm:
// http://code.google.com/p/address-sanitizer/wiki/AddressSanitizerAlgorithm // http://code.google.com/p/address-sanitizer/wiki/AddressSanitizerAlgorithm
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "llvm/Transforms/Instrumentation.h" #include "llvm/Transforms/Instrumentation.h"
#include "llvm/ADT/ArrayRef.h" #include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/DenseMap.h" #include "llvm/ADT/DenseMap.h"
#include "llvm/ADT/DenseSet.h"
#include "llvm/ADT/DepthFirstIterator.h" #include "llvm/ADT/DepthFirstIterator.h"
#include "llvm/ADT/SmallSet.h" #include "llvm/ADT/SmallSet.h"
#include "llvm/ADT/SmallString.h" #include "llvm/ADT/SmallString.h"
#include "llvm/ADT/SmallVector.h" #include "llvm/ADT/SmallVector.h"
#include "llvm/ADT/Statistic.h" #include "llvm/ADT/Statistic.h"
#include "llvm/ADT/StringExtras.h" #include "llvm/ADT/StringExtras.h"
#include "llvm/ADT/Triple.h" #include "llvm/ADT/Triple.h"
#include "llvm/IR/CallSite.h" #include "llvm/IR/CallSite.h"
▲ Show 20 LinesShow All 47 Lines▼ Show 20 Lines
static const char *const kAsanReportErrorTemplate = "__asan_report_"; static const char *const kAsanReportErrorTemplate = "__asan_report_";
static const char *const kAsanReportLoadN = "__asan_report_load_n"; static const char *const kAsanReportLoadN = "__asan_report_load_n";
static const char *const kAsanReportStoreN = "__asan_report_store_n"; static const char *const kAsanReportStoreN = "__asan_report_store_n";
static const char *const kAsanRegisterGlobalsName = "__asan_register_globals"; static const char *const kAsanRegisterGlobalsName = "__asan_register_globals";
static const char *const kAsanUnregisterGlobalsName = static const char *const kAsanUnregisterGlobalsName =
"__asan_unregister_globals"; "__asan_unregister_globals";
static const char *const kAsanPoisonGlobalsName = "__asan_before_dynamic_init"; static const char *const kAsanPoisonGlobalsName = "__asan_before_dynamic_init";
static const char *const kAsanUnpoisonGlobalsName = "__asan_after_dynamic_init"; static const char *const kAsanUnpoisonGlobalsName = "__asan_after_dynamic_init";
static const char *const kAsanInitName = "__asan_init_v3"; static const char *const kAsanInitName = "__asan_init_v4";
static const char *const kAsanCovModuleInitName = "__sanitizer_cov_module_init"; static const char *const kAsanCovModuleInitName = "__sanitizer_cov_module_init";
static const char *const kAsanCovName = "__sanitizer_cov"; static const char *const kAsanCovName = "__sanitizer_cov";
static const char *const kAsanPtrCmp = "__sanitizer_ptr_cmp"; static const char *const kAsanPtrCmp = "__sanitizer_ptr_cmp";
static const char *const kAsanPtrSub = "__sanitizer_ptr_sub"; static const char *const kAsanPtrSub = "__sanitizer_ptr_sub";
static const char *const kAsanHandleNoReturnName = "__asan_handle_no_return"; static const char *const kAsanHandleNoReturnName = "__asan_handle_no_return";
static const int kMaxAsanStackMallocSizeClass = 10; static const int kMaxAsanStackMallocSizeClass = 10;
static const char *const kAsanStackMallocNameTemplate = "__asan_stack_malloc_"; static const char *const kAsanStackMallocNameTemplate = "__asan_stack_malloc_";
static const char *const kAsanStackFreeNameTemplate = "__asan_stack_free_"; static const char *const kAsanStackFreeNameTemplate = "__asan_stack_free_";
▲ Show 20 LinesShow All 119 Lines▼ Show 20 Lines
STATISTIC(NumInstrumentedReads, "Number of instrumented reads"); STATISTIC(NumInstrumentedReads, "Number of instrumented reads");
STATISTIC(NumInstrumentedWrites, "Number of instrumented writes"); STATISTIC(NumInstrumentedWrites, "Number of instrumented writes");
STATISTIC(NumOptimizedAccessesToGlobalArray, STATISTIC(NumOptimizedAccessesToGlobalArray,
"Number of optimized accesses to global arrays"); "Number of optimized accesses to global arrays");
STATISTIC(NumOptimizedAccessesToGlobalVar, STATISTIC(NumOptimizedAccessesToGlobalVar,
"Number of optimized accesses to global vars"); "Number of optimized accesses to global vars");
namespace { namespace {
/// A set of dynamically initialized globals extracted from metadata. /// Frontend-provided metadata for global variables.
class SetOfDynamicallyInitializedGlobals { class GlobalsMetadata {
public: public:
void Init(Module& M) { void init(Module& M) {
// Clang generates metadata identifying all dynamically initialized globals. assert(!inited_);
NamedMDNode *DynamicGlobals = inited_ = true;
M.getNamedMetadata("llvm.asan.dynamically_initialized_globals"); NamedMDNode *Globals = M.getNamedMetadata("llvm.asan.globals");
if (!DynamicGlobals) if (!Globals)
return; return;
for (const auto MDN : DynamicGlobals->operands()) { for (auto MDN : Globals->operands()) {
assert(MDN->getNumOperands() == 1); // Format of the metadata node for the global:
Value *VG = MDN->getOperand(0); // {
// The optimizer may optimize away a global entirely, in which case we // global,
// cannot instrument access to it. // source_location,
if (!VG) // i1 is_dynamically_initialized,
// i1 is_blacklisted
// }
assert(MDN->getNumOperands() == 4);
Value *V = MDN->getOperand(0);
// The optimizer may optimize away a global entirely.
if (!V)
continue; continue;
DynInitGlobals.insert(cast<GlobalVariable>(VG)); GlobalVariable *GV = cast<GlobalVariable>(V);
if (Value *Loc = MDN->getOperand(1)) {
GlobalVariable *GVLoc = cast<GlobalVariable>(Loc);
// We may already know the source location for GV, if it was merged
// with another global.
if (SourceLocation.insert(std::make_pair(GV, GVLoc)).second)
addSourceLocationGlobal(GVLoc);
kccUnsubmitted
Not Done
ReplyInline Actions

can this be done with a single lookup to SourceLocation and only if DN->getOperand(1) is non-zero?

kcc: can this be done with a single lookup to SourceLocation and only if DN->getOperand(1) is non…
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Done.

samsonov: Done.
}
ConstantInt *IsDynInit = cast<ConstantInt>(MDN->getOperand(2));
if (IsDynInit->isOne())
DynInitGlobals.insert(GV);
ConstantInt *IsBlacklisted = cast<ConstantInt>(MDN->getOperand(3));
if (IsBlacklisted->isOne())
BlacklistedGlobals.insert(GV);
}
}
GlobalVariable *getSourceLocation(GlobalVariable *G) const {
auto Pos = SourceLocation.find(G);
return (Pos != SourceLocation.end()) ? Pos->second : nullptr;
}
/// Check if the global is dynamically initialized.
bool isDynInit(GlobalVariable *G) const {
return DynInitGlobals.count(G);
} }
/// Check if the global was blacklisted.
bool isBlacklisted(GlobalVariable *G) const {
return BlacklistedGlobals.count(G);
}
/// Check if the global was generated to describe source location of another
/// global (we don't want to instrument them).
bool isSourceLocationGlobal(GlobalVariable *G) const {
return LocationGlobals.count(G);
} }
bool Contains(GlobalVariable *G) { return DynInitGlobals.count(G) != 0; }
private: private:
SmallSet<GlobalValue*, 32> DynInitGlobals; bool inited_ = false;
DenseMap<GlobalVariable*, GlobalVariable*> SourceLocation;
DenseSet<GlobalVariable*> DynInitGlobals;
DenseSet<GlobalVariable*> BlacklistedGlobals;
DenseSet<GlobalVariable*> LocationGlobals;
void addSourceLocationGlobal(GlobalVariable *SourceLocGV) {
// Source location global is a struct with layout:
// {
// filename,
// i32 line_number,
// i32 column_number,
// }
LocationGlobals.insert(SourceLocGV);
ConstantStruct *Contents =
cast<ConstantStruct>(SourceLocGV->getInitializer());
GlobalVariable *FilenameGV = cast<GlobalVariable>(Contents->getOperand(0));
LocationGlobals.insert(FilenameGV);
}
}; };
/// This struct defines the shadow mapping using the rule: /// This struct defines the shadow mapping using the rule:
/// shadow = (mem >> Scale) ADD-or-OR Offset. /// shadow = (mem >> Scale) ADD-or-OR Offset.
struct ShadowMapping { struct ShadowMapping {
int Scale; int Scale;
uint64_t Offset; uint64_t Offset;
bool OrShadowOffset; bool OrShadowOffset;
▲ Show 20 LinesShow All 98 Lines▼ Show 20 Lines private:
// This array is indexed by AccessIsWrite and log2(AccessSize). // This array is indexed by AccessIsWrite and log2(AccessSize).
Function *AsanErrorCallback[2][kNumberOfAccessSizes]; Function *AsanErrorCallback[2][kNumberOfAccessSizes];
Function *AsanMemoryAccessCallback[2][kNumberOfAccessSizes]; Function *AsanMemoryAccessCallback[2][kNumberOfAccessSizes];
// This array is indexed by AccessIsWrite. // This array is indexed by AccessIsWrite.
Function *AsanErrorCallbackSized[2], Function *AsanErrorCallbackSized[2],
*AsanMemoryAccessCallbackSized[2]; *AsanMemoryAccessCallbackSized[2];
Function *AsanMemmove, *AsanMemcpy, *AsanMemset; Function *AsanMemmove, *AsanMemcpy, *AsanMemset;
InlineAsm *EmptyAsm; InlineAsm *EmptyAsm;
SetOfDynamicallyInitializedGlobals DynamicallyInitializedGlobals; GlobalsMetadata GlobalsMD;
friend struct FunctionStackPoisoner; friend struct FunctionStackPoisoner;
}; };
class AddressSanitizerModule : public ModulePass { class AddressSanitizerModule : public ModulePass {
public: public:
AddressSanitizerModule(StringRef BlacklistFile = StringRef()) AddressSanitizerModule(StringRef BlacklistFile = StringRef())
: ModulePass(ID), BlacklistFile(BlacklistFile.empty() ? ClBlacklistFile : ModulePass(ID), BlacklistFile(BlacklistFile.empty() ? ClBlacklistFile
Show All 13 Lines private:
void createInitializerPoisonCalls(Module &M, GlobalValue *ModuleName); void createInitializerPoisonCalls(Module &M, GlobalValue *ModuleName);
size_t MinRedzoneSizeForGlobal() const { size_t MinRedzoneSizeForGlobal() const {
return RedzoneSizeForScale(Mapping.Scale); return RedzoneSizeForScale(Mapping.Scale);
} }
SmallString<64> BlacklistFile; SmallString<64> BlacklistFile;
std::unique_ptr<SpecialCaseList> BL; std::unique_ptr<SpecialCaseList> BL;
SetOfDynamicallyInitializedGlobals DynamicallyInitializedGlobals; GlobalsMetadata GlobalsMD;
Type *IntptrTy; Type *IntptrTy;
LLVMContext *C; LLVMContext *C;
const DataLayout *DL; const DataLayout *DL;
ShadowMapping Mapping; ShadowMapping Mapping;
Function *AsanPoisonGlobals; Function *AsanPoisonGlobals;
Function *AsanUnpoisonGlobals; Function *AsanUnpoisonGlobals;
Function *AsanRegisterGlobals; Function *AsanRegisterGlobals;
Function *AsanUnregisterGlobals; Function *AsanUnregisterGlobals;
▲ Show 20 LinesShow All 261 Lines▼ Show 20 Lines if (!isPointerOperand(I->getOperand(0)) ||
return false; return false;
return true; return true;
} }
bool AddressSanitizer::GlobalIsLinkerInitialized(GlobalVariable *G) { bool AddressSanitizer::GlobalIsLinkerInitialized(GlobalVariable *G) {
// If a global variable does not have dynamic initialization we don't // If a global variable does not have dynamic initialization we don't
// have to instrument it. However, if a global does not have initializer // have to instrument it. However, if a global does not have initializer
// at all, we assume it has dynamic initializer (in other TU). // at all, we assume it has dynamic initializer (in other TU).
return G->hasInitializer() && !DynamicallyInitializedGlobals.Contains(G); return G->hasInitializer() && !GlobalsMD.isDynInit(G);
} }
void void
AddressSanitizer::instrumentPointerComparisonOrSubtraction(Instruction *I) { AddressSanitizer::instrumentPointerComparisonOrSubtraction(Instruction *I) {
IRBuilder<> IRB(I); IRBuilder<> IRB(I);
Function *F = isa<ICmpInst>(I) ? AsanPtrCmpFunction : AsanPtrSubFunction; Function *F = isa<ICmpInst>(I) ? AsanPtrCmpFunction : AsanPtrSubFunction;
Value *Param[2] = {I->getOperand(0), I->getOperand(1)}; Value *Param[2] = {I->getOperand(0), I->getOperand(1)};
for (int i = 0; i < 2; i++) { for (int i = 0; i < 2; i++) {
▲ Show 20 LinesShow All 190 Lines▼ Show 20 Lines for (Use &OP : CA->operands()) {
} }
} }
} }
bool AddressSanitizerModule::ShouldInstrumentGlobal(GlobalVariable *G) { bool AddressSanitizerModule::ShouldInstrumentGlobal(GlobalVariable *G) {
Type *Ty = cast<PointerType>(G->getType())->getElementType(); Type *Ty = cast<PointerType>(G->getType())->getElementType();
DEBUG(dbgs() << "GLOBAL: " << *G << "\n"); DEBUG(dbgs() << "GLOBAL: " << *G << "\n");
// FIXME: Don't use the blacklist here, all the data should be collected
// by the frontend and passed in globals metadata.
if (BL->isIn(*G)) return false; if (BL->isIn(*G)) return false;
if (GlobalsMD.isBlacklisted(G)) return false;
if (GlobalsMD.isSourceLocationGlobal(G)) return false;
if (!Ty->isSized()) return false; if (!Ty->isSized()) return false;
if (!G->hasInitializer()) return false; if (!G->hasInitializer()) return false;
if (GlobalWasGeneratedByAsan(G)) return false; // Our own global. if (GlobalWasGeneratedByAsan(G)) return false; // Our own global.
// Touch only those globals that will not be defined in other modules. // Touch only those globals that will not be defined in other modules.
// Don't handle ODR type linkages since other modules may be built w/o asan. // Don't handle ODR type linkages since other modules may be built w/o asan.
if (G->getLinkage() != GlobalVariable::ExternalLinkage && if (G->getLinkage() != GlobalVariable::ExternalLinkage &&
G->getLinkage() != GlobalVariable::PrivateLinkage && G->getLinkage() != GlobalVariable::PrivateLinkage &&
G->getLinkage() != GlobalVariable::InternalLinkage) G->getLinkage() != GlobalVariable::InternalLinkage)
▲ Show 20 LinesShow All 84 Lines▼ Show 20 Lines AsanCovModuleInit = checkInterfaceFunction(M.getOrInsertFunction(
IRB.getVoidTy(), IntptrTy, NULL)); IRB.getVoidTy(), IntptrTy, NULL));
AsanCovModuleInit->setLinkage(Function::ExternalLinkage); AsanCovModuleInit->setLinkage(Function::ExternalLinkage);
} }
// This function replaces all global variables with new variables that have // This function replaces all global variables with new variables that have
// trailing redzones. It also creates a function that poisons // trailing redzones. It also creates a function that poisons
// redzones and inserts this function into llvm.global_ctors. // redzones and inserts this function into llvm.global_ctors.
bool AddressSanitizerModule::InstrumentGlobals(IRBuilder<> &IRB, Module &M) { bool AddressSanitizerModule::InstrumentGlobals(IRBuilder<> &IRB, Module &M) {
DynamicallyInitializedGlobals.Init(M); GlobalsMD.init(M);
SmallVector<GlobalVariable *, 16> GlobalsToChange; SmallVector<GlobalVariable *, 16> GlobalsToChange;
for (auto &G : M.globals()) { for (auto &G : M.globals()) {
if (ShouldInstrumentGlobal(&G)) if (ShouldInstrumentGlobal(&G))
GlobalsToChange.push_back(&G); GlobalsToChange.push_back(&G);
} }
size_t n = GlobalsToChange.size(); size_t n = GlobalsToChange.size();
if (n == 0) return false; if (n == 0) return false;
// A global is described by a structure // A global is described by a structure
// size_t beg; // size_t beg;
// size_t size; // size_t size;
// size_t size_with_redzone; // size_t size_with_redzone;
// const char *name; // const char *name;
// const char *module_name; // const char *module_name;
// size_t has_dynamic_init; // size_t has_dynamic_init;
// void *source_location;
// We initialize an array of such structures and pass it to a run-time call. // We initialize an array of such structures and pass it to a run-time call.
StructType *GlobalStructTy = StructType::get(IntptrTy, IntptrTy, StructType *GlobalStructTy =
IntptrTy, IntptrTy, StructType::get(IntptrTy, IntptrTy, IntptrTy, IntptrTy, IntptrTy,
IntptrTy, IntptrTy, NULL); IntptrTy, IntptrTy, NULL);
SmallVector<Constant *, 16> Initializers(n); SmallVector<Constant *, 16> Initializers(n);
bool HasDynamicallyInitializedGlobals = false; bool HasDynamicallyInitializedGlobals = false;
// We shouldn't merge same module names, as this string serves as unique // We shouldn't merge same module names, as this string serves as unique
// module ID in runtime. // module ID in runtime.
GlobalVariable *ModuleName = createPrivateGlobalForString( GlobalVariable *ModuleName = createPrivateGlobalForString(
M, M.getModuleIdentifier(), /*AllowMerging*/false); M, M.getModuleIdentifier(), /*AllowMerging*/false);
for (size_t i = 0; i < n; i++) { for (size_t i = 0; i < n; i++) {
static const uint64_t kMaxGlobalRedzone = 1 << 18; static const uint64_t kMaxGlobalRedzone = 1 << 18;
GlobalVariable *G = GlobalsToChange[i]; GlobalVariable *G = GlobalsToChange[i];
PointerType *PtrTy = cast<PointerType>(G->getType()); PointerType *PtrTy = cast<PointerType>(G->getType());
gliderUnsubmitted
Not Done
ReplyInline Actions

nit: spare newline?

glider: nit: spare newline?
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

samsonov: Done
Type *Ty = PtrTy->getElementType(); Type *Ty = PtrTy->getElementType();
uint64_t SizeInBytes = DL->getTypeAllocSize(Ty); uint64_t SizeInBytes = DL->getTypeAllocSize(Ty);
uint64_t MinRZ = MinRedzoneSizeForGlobal(); uint64_t MinRZ = MinRedzoneSizeForGlobal();
// MinRZ <= RZ <= kMaxGlobalRedzone // MinRZ <= RZ <= kMaxGlobalRedzone
// and trying to make RZ to be ~ 1/4 of SizeInBytes. // and trying to make RZ to be ~ 1/4 of SizeInBytes.
uint64_t RZ = std::max(MinRZ, uint64_t RZ = std::max(MinRZ,
std::min(kMaxGlobalRedzone, std::min(kMaxGlobalRedzone,
(SizeInBytes / MinRZ / 4) * MinRZ)); (SizeInBytes / MinRZ / 4) * MinRZ));
uint64_t RightRedzoneSize = RZ; uint64_t RightRedzoneSize = RZ;
// Round up to MinRZ // Round up to MinRZ
if (SizeInBytes % MinRZ) if (SizeInBytes % MinRZ)
RightRedzoneSize += MinRZ - (SizeInBytes % MinRZ); RightRedzoneSize += MinRZ - (SizeInBytes % MinRZ);
assert(((RightRedzoneSize + SizeInBytes) % MinRZ) == 0); assert(((RightRedzoneSize + SizeInBytes) % MinRZ) == 0);
Type *RightRedZoneTy = ArrayType::get(IRB.getInt8Ty(), RightRedzoneSize); Type *RightRedZoneTy = ArrayType::get(IRB.getInt8Ty(), RightRedzoneSize);
// Determine whether this global should be poisoned in initialization.
bool GlobalHasDynamicInitializer =
DynamicallyInitializedGlobals.Contains(G);
StructType *NewTy = StructType::get(Ty, RightRedZoneTy, NULL); StructType *NewTy = StructType::get(Ty, RightRedZoneTy, NULL);
Constant *NewInitializer = ConstantStruct::get( Constant *NewInitializer = ConstantStruct::get(
NewTy, G->getInitializer(), NewTy, G->getInitializer(),
Constant::getNullValue(RightRedZoneTy), NULL); Constant::getNullValue(RightRedZoneTy), NULL);
GlobalVariable *Name = GlobalVariable *Name =
createPrivateGlobalForString(M, G->getName(), /*AllowMerging*/true); createPrivateGlobalForString(M, G->getName(), /*AllowMerging*/true);
Show All 12 Lines for (size_t i = 0; i < n; i++) {
Indices2[0] = IRB.getInt32(0); Indices2[0] = IRB.getInt32(0);
Indices2[1] = IRB.getInt32(0); Indices2[1] = IRB.getInt32(0);
G->replaceAllUsesWith( G->replaceAllUsesWith(
ConstantExpr::getGetElementPtr(NewGlobal, Indices2, true)); ConstantExpr::getGetElementPtr(NewGlobal, Indices2, true));
NewGlobal->takeName(G); NewGlobal->takeName(G);
G->eraseFromParent(); G->eraseFromParent();
bool GlobalHasDynamicInitializer = GlobalsMD.isDynInit(G);
GlobalVariable *SourceLoc = GlobalsMD.getSourceLocation(G);
Initializers[i] = ConstantStruct::get( Initializers[i] = ConstantStruct::get(
GlobalStructTy, GlobalStructTy, ConstantExpr::getPointerCast(NewGlobal, IntptrTy),
ConstantExpr::getPointerCast(NewGlobal, IntptrTy),
ConstantInt::get(IntptrTy, SizeInBytes), ConstantInt::get(IntptrTy, SizeInBytes),
ConstantInt::get(IntptrTy, SizeInBytes + RightRedzoneSize), ConstantInt::get(IntptrTy, SizeInBytes + RightRedzoneSize),
ConstantExpr::getPointerCast(Name, IntptrTy), ConstantExpr::getPointerCast(Name, IntptrTy),
ConstantExpr::getPointerCast(ModuleName, IntptrTy), ConstantExpr::getPointerCast(ModuleName, IntptrTy),
ConstantInt::get(IntptrTy, GlobalHasDynamicInitializer), ConstantInt::get(IntptrTy, GlobalHasDynamicInitializer),
SourceLoc ? ConstantExpr::getPointerCast(SourceLoc, IntptrTy)
: ConstantInt::get(IntptrTy, 0),
NULL); NULL);
// Populate the first and last globals declared in this TU.
if (ClInitializers && GlobalHasDynamicInitializer) if (ClInitializers && GlobalHasDynamicInitializer)
HasDynamicallyInitializedGlobals = true; HasDynamicallyInitializedGlobals = true;
DEBUG(dbgs() << "NEW GLOBAL: " << *NewGlobal << "\n"); DEBUG(dbgs() << "NEW GLOBAL: " << *NewGlobal << "\n");
} }
ArrayType *ArrayOfGlobalStructTy = ArrayType::get(GlobalStructTy, n); ArrayType *ArrayOfGlobalStructTy = ArrayType::get(GlobalStructTy, n);
GlobalVariable *AllGlobals = new GlobalVariable( GlobalVariable *AllGlobals = new GlobalVariable(
▲ Show 20 LinesShow All 111 Lines▼ Show 20 Lines
// virtual // virtual
bool AddressSanitizer::doInitialization(Module &M) { bool AddressSanitizer::doInitialization(Module &M) {
// Initialize the private fields. No one has accessed them before. // Initialize the private fields. No one has accessed them before.
DataLayoutPass *DLP = getAnalysisIfAvailable<DataLayoutPass>(); DataLayoutPass *DLP = getAnalysisIfAvailable<DataLayoutPass>();
if (!DLP) if (!DLP)
report_fatal_error("data layout missing"); report_fatal_error("data layout missing");
DL = &DLP->getDataLayout(); DL = &DLP->getDataLayout();
DynamicallyInitializedGlobals.Init(M); GlobalsMD.init(M);
C = &(M.getContext()); C = &(M.getContext());
LongSize = DL->getPointerSizeInBits(); LongSize = DL->getPointerSizeInBits();
IntptrTy = Type::getIntNTy(*C, LongSize); IntptrTy = Type::getIntNTy(*C, LongSize);
AsanCtorFunction = Function::Create( AsanCtorFunction = Function::Create(
FunctionType::get(Type::getVoidTy(*C), false), FunctionType::get(Type::getVoidTy(*C), false),
GlobalValue::InternalLinkage, kAsanModuleCtorName, &M); GlobalValue::InternalLinkage, kAsanModuleCtorName, &M);
▲ Show 20 LinesShow All 540 LinesShow Last 20 Lines

projects/compiler-rt/lib/asan/asan_dll_thunk.cc

Show First 20 LinesShow All 197 Lines▼ Show 20 Lines
// want to call it in the __asan_init interceptor. // want to call it in the __asan_init interceptor.
WRAP_W_V(__asan_should_detect_stack_use_after_return) WRAP_W_V(__asan_should_detect_stack_use_after_return)
extern "C" { extern "C" {
int __asan_option_detect_stack_use_after_return; int __asan_option_detect_stack_use_after_return;
// Manually wrap __asan_init as we need to initialize // Manually wrap __asan_init as we need to initialize
// __asan_option_detect_stack_use_after_return afterwards. // __asan_option_detect_stack_use_after_return afterwards.
void __asan_init_v3() { void __asan_init_v4() {
typedef void (*fntype)(); typedef void (*fntype)();
static fntype fn = 0; static fntype fn = 0;
// __asan_init_v3 is expected to be called by only one thread. // __asan_init_v4 is expected to be called by only one thread.
if (fn) return; if (fn) return;
fn = (fntype)getRealProcAddressOrDie("__asan_init_v3"); fn = (fntype)getRealProcAddressOrDie("__asan_init_v4");
fn(); fn();
__asan_option_detect_stack_use_after_return = __asan_option_detect_stack_use_after_return =
(__asan_should_detect_stack_use_after_return() != 0); (__asan_should_detect_stack_use_after_return() != 0);
InterceptHooks(); InterceptHooks();
} }
} }
▲ Show 20 LinesShow All 113 Lines▼ Show 20 Lines
// We want to call __asan_init before C/C++ initializers/constructors are // We want to call __asan_init before C/C++ initializers/constructors are
// executed, otherwise functions like memset might be invoked. // executed, otherwise functions like memset might be invoked.
// For some strange reason, merely linking in asan_preinit.cc doesn't work // For some strange reason, merely linking in asan_preinit.cc doesn't work
// as the callback is never called... Is link.exe doing something too smart? // as the callback is never called... Is link.exe doing something too smart?
// In DLLs, the callbacks are expected to return 0, // In DLLs, the callbacks are expected to return 0,
// otherwise CRT initialization fails. // otherwise CRT initialization fails.
static int call_asan_init() { static int call_asan_init() {
__asan_init_v3(); __asan_init_v4();
return 0; return 0;
} }
#pragma section(".CRT$XIB", long, read) // NOLINT #pragma section(".CRT$XIB", long, read) // NOLINT
__declspec(allocate(".CRT$XIB")) int (*__asan_preinit)() = call_asan_init; __declspec(allocate(".CRT$XIB")) int (*__asan_preinit)() = call_asan_init;
#endif // ASAN_DLL_THUNK #endif // ASAN_DLL_THUNK

projects/compiler-rt/lib/asan/asan_interface_internal.h

Show All 24 Linesextern "C" {
// Every time the asan ABI changes we also change the version number in this // Every time the asan ABI changes we also change the version number in this
// name. Objects build with incompatible asan ABI version // name. Objects build with incompatible asan ABI version
// will not link with run-time. // will not link with run-time.
// Changes between ABI versions: // Changes between ABI versions:
// v1=>v2: added 'module_name' to __asan_global // v1=>v2: added 'module_name' to __asan_global
// v2=>v3: stack frame description (created by the compiler) // v2=>v3: stack frame description (created by the compiler)
// contains the function PC as the 3-rd field (see // contains the function PC as the 3-rd field (see
// DescribeAddressIfStack). // DescribeAddressIfStack).
SANITIZER_INTERFACE_ATTRIBUTE void __asan_init_v3(); // v3=>v4: added '__asan_global_source_location' to __asan_global.
#define __asan_init __asan_init_v3 SANITIZER_INTERFACE_ATTRIBUTE void __asan_init_v4();
#define __asan_init __asan_init_v4
// This structure is used to describe the source location of a place where
// global was defined.
struct __asan_global_source_location {
const char *filename;
int line_no;
int column_no;
};
// This structure describes an instrumented global variable. // This structure describes an instrumented global variable.
struct __asan_global { struct __asan_global {
uptr beg; // The address of the global. uptr beg; // The address of the global.
uptr size; // The original size of the global. uptr size; // The original size of the global.
uptr size_with_redzone; // The size with the redzone. uptr size_with_redzone; // The size with the redzone.
const char *name; // Name as a C string. const char *name; // Name as a C string.
const char *module_name; // Module name as a C string. This pointer is a const char *module_name; // Module name as a C string. This pointer is a
// unique identifier of a module. // unique identifier of a module.
uptr has_dynamic_init; // Non-zero if the global has dynamic initializer. uptr has_dynamic_init; // Non-zero if the global has dynamic initializer.
__asan_global_source_location *location; // Source location of a global,
gliderUnsubmitted
Not Done
ReplyInline Actions

If you store file and line/column location separately you can probably save some memory.

glider: If you store file and line/column location separately you can probably save some memory.
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Maybe, but 8 byte per global is not a big deal (we spend a bunch of memory for redzones anyway). I'd like to keep source location in a struct. In future we may be able to share it between different sanitizers. E.g. UBSan already has it, and uses the same layout.

samsonov: Maybe, but 8 byte per global is not a big deal (we spend a bunch of memory for redzones anyway).
kccUnsubmitted
Not Done
ReplyInline Actions

you need to bump the version of __asan_init_vN

kcc: you need to bump the version of __asan_init_vN
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Done.

samsonov: Done.
// or NULL if it is unknown.
}; };
// These two functions should be called by the instrumented code. // These two functions should be called by the instrumented code.
// 'globals' is an array of structures describing 'n' globals. // 'globals' is an array of structures describing 'n' globals.
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __asan_register_globals(__asan_global *globals, uptr n); void __asan_register_globals(__asan_global *globals, uptr n);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __asan_unregister_globals(__asan_global *globals, uptr n); void __asan_unregister_globals(__asan_global *globals, uptr n);
▲ Show 20 LinesShow All 97 LinesShow Last 20 Lines

projects/compiler-rt/lib/asan/asan_report.cc

Show First 20 LinesShow All 206 Lines▼ Show 20 Lines for (uptr p = g.beg; p < g.beg + g.size - 1; p++) {
unsigned char c = *(unsigned char*)p; unsigned char c = *(unsigned char*)p;
if (c == '\0' || !IsASCII(c)) return; if (c == '\0' || !IsASCII(c)) return;
} }
if (*(char*)(g.beg + g.size - 1) != '\0') return; if (*(char*)(g.beg + g.size - 1) != '\0') return;
str->append(" '%s' is ascii string '%s'\n", MaybeDemangleGlobalName(g.name), str->append(" '%s' is ascii string '%s'\n", MaybeDemangleGlobalName(g.name),
(char *)g.beg); (char *)g.beg);
} }
static const char *GlobalFilename(const __asan_global &g) {
const char *res = g.module_name;
// Prefer the filename from source location, if is available.
if (g.location)
res = g.location->filename;
CHECK(res);
return res;
}
static void PrintGlobalLocation(InternalScopedString *str,
const __asan_global &g) {
str->append("%s", GlobalFilename(g));
if (!g.location)
return;
if (g.location->line_no)
str->append(":%d", g.location->line_no);
if (g.location->column_no)
str->append(":%d", g.location->column_no);
}
bool DescribeAddressRelativeToGlobal(uptr addr, uptr size, bool DescribeAddressRelativeToGlobal(uptr addr, uptr size,
const __asan_global &g) { const __asan_global &g) {
static const uptr kMinimalDistanceFromAnotherGlobal = 64; static const uptr kMinimalDistanceFromAnotherGlobal = 64;
if (addr <= g.beg - kMinimalDistanceFromAnotherGlobal) return false; if (addr <= g.beg - kMinimalDistanceFromAnotherGlobal) return false;
if (addr >= g.beg + g.size_with_redzone) return false; if (addr >= g.beg + g.size_with_redzone) return false;
InternalScopedString str(4096); InternalScopedString str(4096);
Decorator d; Decorator d;
str.append("%s", d.Location()); str.append("%s", d.Location());
if (addr < g.beg) { if (addr < g.beg) {
str.append("%p is located %zd bytes to the left", (void *)addr, str.append("%p is located %zd bytes to the left", (void *)addr,
g.beg - addr); g.beg - addr);
} else if (addr + size > g.beg + g.size) { } else if (addr + size > g.beg + g.size) {
if (addr < g.beg + g.size) if (addr < g.beg + g.size)
addr = g.beg + g.size; addr = g.beg + g.size;
str.append("%p is located %zd bytes to the right", (void *)addr, str.append("%p is located %zd bytes to the right", (void *)addr,
addr - (g.beg + g.size)); addr - (g.beg + g.size));
} else { } else {
// Can it happen? // Can it happen?
str.append("%p is located %zd bytes inside", (void *)addr, addr - g.beg); str.append("%p is located %zd bytes inside", (void *)addr, addr - g.beg);
} }
str.append(" of global variable '%s' from '%s' (0x%zx) of size %zu\n", str.append(" of global variable '%s' defined in '",
MaybeDemangleGlobalName(g.name), g.module_name, g.beg, g.size); MaybeDemangleGlobalName(g.name));
PrintGlobalLocation(&str, g);
str.append("' (0x%zx) of size %zu\n", g.beg, g.size);
str.append("%s", d.EndLocation()); str.append("%s", d.EndLocation());
PrintGlobalNameIfASCII(&str, g); PrintGlobalNameIfASCII(&str, g);
Printf("%s", str.data()); Printf("%s", str.data());
return true; return true;
} }
bool DescribeAddressIfShadow(uptr addr) { bool DescribeAddressIfShadow(uptr addr) {
if (AddrIsInMem(addr)) if (AddrIsInMem(addr))
▲ Show 20 LinesShow All 492 Lines▼ Show 20 Lines
void ReportODRViolation(const __asan_global *g1, u32 stack_id1, void ReportODRViolation(const __asan_global *g1, u32 stack_id1,
const __asan_global *g2, u32 stack_id2) { const __asan_global *g2, u32 stack_id2) {
ScopedInErrorReport in_report; ScopedInErrorReport in_report;
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
Report("ERROR: AddressSanitizer: odr-violation (%p):\n", g1->beg); Report("ERROR: AddressSanitizer: odr-violation (%p):\n", g1->beg);
Printf("%s", d.EndWarning()); Printf("%s", d.EndWarning());
Printf(" [1] size=%zd %s %s\n", g1->size, g1->name, g1->module_name); InternalScopedString g1_loc(256), g2_loc(256);
Printf(" [2] size=%zd %s %s\n", g2->size, g2->name, g2->module_name); PrintGlobalLocation(&g1_loc, *g1);
PrintGlobalLocation(&g2_loc, *g2);
Printf(" [1] size=%zd %s %s\n", g1->size, g1->name, g1_loc.data());
Printf(" [2] size=%zd %s %s\n", g2->size, g2->name, g2_loc.data());
if (stack_id1 && stack_id2) { if (stack_id1 && stack_id2) {
Printf("These globals were registered at these points:\n"); Printf("These globals were registered at these points:\n");
Printf(" [1]:\n"); Printf(" [1]:\n");
uptr stack_size; uptr stack_size;
const uptr *stack_trace = StackDepotGet(stack_id1, &stack_size); const uptr *stack_trace = StackDepotGet(stack_id1, &stack_size);
StackTrace::PrintStack(stack_trace, stack_size); StackTrace::PrintStack(stack_trace, stack_size);
Printf(" [2]:\n"); Printf(" [2]:\n");
stack_trace = StackDepotGet(stack_id2, &stack_size); stack_trace = StackDepotGet(stack_id2, &stack_size);
StackTrace::PrintStack(stack_trace, stack_size); StackTrace::PrintStack(stack_trace, stack_size);
} }
Report("HINT: if you don't care about these warnings you may set " Report("HINT: if you don't care about these warnings you may set "
"ASAN_OPTIONS=detect_odr_violation=0\n"); "ASAN_OPTIONS=detect_odr_violation=0\n");
ReportErrorSummary("odr-violation", g1->module_name, 0, g1->name); ReportErrorSummary("odr-violation", g1_loc.data(), 0, g1->name);
} }
// ----------------------- CheckForInvalidPointerPair ----------- {{{1 // ----------------------- CheckForInvalidPointerPair ----------- {{{1
static NOINLINE void static NOINLINE void
ReportInvalidPointerPair(uptr pc, uptr bp, uptr sp, uptr a1, uptr a2) { ReportInvalidPointerPair(uptr pc, uptr bp, uptr sp, uptr a1, uptr a2) {
ScopedInErrorReport in_report; ScopedInErrorReport in_report;
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
▲ Show 20 LinesShow All 167 LinesShow Last 20 Lines

projects/compiler-rt/test/asan/TestCases/global-location.cc

  • This file was added.
// RUN: %clangxx_asan -O2 %s -o %t
// RUN: not %run %t g 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=GLOB
// RUN: not %run %t c 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=CLASS_STATIC
// RUN: not %run %t f 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=FUNC_STATIC
// RUN: not %run %t l 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=LITERAL
// CHECK: AddressSanitizer: global-buffer-overflow
#include <string.h>
struct C {
static int array[10];
gliderUnsubmitted
Not Done
ReplyInline Actions

"struct C", maybe?

glider: "struct C", maybe?
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

samsonov: Done
};
int global[10];
// GLOB: 0x{{.*}} is located 4 bytes to the right of global variable 'global' defined in '{{.*}}global-location.cc:[[@LINE-1]]:5' {{.*}} of size 40
int C::array[10];
// CLASS_STATIC: 0x{{.*}} is located 4 bytes to the right of global variable 'C::array' defined in '{{.*}}global-location.cc:[[@LINE-1]]:8' {{.*}} of size 40
gliderUnsubmitted
Not Done
ReplyInline Actions

Do you need the slash before global-location.cc? Isn't it possible that there's no directory prefix (maybe not in the current setup)?

glider: Do you need the slash before global-location.cc? Isn't it possible that there's no directory…
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Done.

samsonov: Done.
int main(int argc, char **argv) {
int one = argc - 1;
switch (argv[1][0]) {
case 'g': return global[one * 11];
case 'c': return C::array[one * 11];
case 'f':
static int array[10];
// FUNC_STATIC: 0x{{.*}} is located 4 bytes to the right of global variable 'main::array' defined in '{{.*}}global-location.cc:[[@LINE-1]]:16' {{.*}} of size 40
memset(array, 0, 10);
return array[one * 11];
case 'l':
const char *str = "0123456789";
// LITERAL: 0x{{.*}} is located 0 bytes to the right of global variable {{.*}} defined in '{{.*}}global-location.cc:[[@LINE-1]]:23' {{.*}} of size 11
return str[one * 11];
}
return 0;
}
// CHECK: SUMMARY: AddressSanitizer: global-buffer-overflow

test/Instrumentation/AddressSanitizer/global_metadata.ll

  • This file was added.
; RUN: opt < %s -asan -asan-module -S | FileCheck %s
target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"
; Globals:
@global = global i32 0, align 4
@dyn_init_global = global i32 0, align 4
@blacklisted_global = global i32 0, align 4
@_ZZ4funcvE10static_var = internal global i32 0, align 4
@.str = private unnamed_addr constant [14 x i8] c"Hello, world!\00", align 1
@llvm.global_ctors = appending global [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 65535, void ()* @_GLOBAL__sub_I_asan_globals.cpp, i8* null }]
; Sanitizer location descriptors:
@.str1 = private unnamed_addr constant [22 x i8] c"/tmp/asan-globals.cpp\00", align 1
@.asan_loc_descr = private unnamed_addr constant { [22 x i8]*, i32, i32 } { [22 x i8]* @.str1, i32 5, i32 5 }
@.asan_loc_descr1 = private unnamed_addr constant { [22 x i8]*, i32, i32 } { [22 x i8]* @.str1, i32 7, i32 5 }
@.asan_loc_descr2 = private unnamed_addr constant { [22 x i8]*, i32, i32 } { [22 x i8]* @.str1, i32 12, i32 14 }
@.asan_loc_descr4 = private unnamed_addr constant { [22 x i8]*, i32, i32 } { [22 x i8]* @.str1, i32 14, i32 25 }
; Check that globals were instrumented, but sanitizer location descriptors weren't:
; CHECK: @global = global { i32, [60 x i8] } zeroinitializer, align 32
; CHECK: @.str = internal unnamed_addr constant { [14 x i8], [50 x i8] } { [14 x i8] c"Hello, world!\00", [50 x i8] zeroinitializer }, align 32
; CHECK: @.asan_loc_descr = private unnamed_addr constant { [22 x i8]*, i32, i32 } { [22 x i8]* @.str1, i32 5, i32 5 }
; Check that location decriptors were passed into __asan_register_globals:
; CHECK: i64 ptrtoint ({ [22 x i8]*, i32, i32 }* @.asan_loc_descr to i64)
; Function Attrs: nounwind sanitize_address
define internal void @__cxx_global_var_init() #0 section ".text.startup" {
entry:
%0 = load i32* @global, align 4
store i32 %0, i32* @dyn_init_global, align 4
ret void
}
; Function Attrs: nounwind sanitize_address
define void @_Z4funcv() #1 {
entry:
%literal = alloca i8*, align 8
store i8* getelementptr inbounds ([14 x i8]* @.str, i32 0, i32 0), i8** %literal, align 8
ret void
}
; Function Attrs: nounwind sanitize_address
define internal void @_GLOBAL__sub_I_asan_globals.cpp() #0 section ".text.startup" {
entry:
call void @__cxx_global_var_init()
ret void
}
attributes #0 = { nounwind sanitize_address }
attributes #1 = { nounwind sanitize_address "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-realign-stack" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" }
!llvm.asan.globals = !{!0, !1, !2, !3, !4}
!llvm.ident = !{!5}
!0 = metadata !{i32* @global, { [22 x i8]*, i32, i32 }* @.asan_loc_descr, i1 false, i1 false}
!1 = metadata !{i32* @dyn_init_global, { [22 x i8]*, i32, i32 }* @.asan_loc_descr1, i1 true, i1 false}
!2 = metadata !{i32* @blacklisted_global, null, i1 false, i1 true}
!3 = metadata !{i32* @_ZZ4funcvE10static_var, { [22 x i8]*, i32, i32 }* @.asan_loc_descr2, i1 false, i1 false}
!4 = metadata !{[14 x i8]* @.str, { [22 x i8]*, i32, i32 }* @.asan_loc_descr4, i1 false, i1 false}
!5 = metadata !{metadata !"clang version 3.5.0 (211282)"}

test/Instrumentation/AddressSanitizer/instrument_global.ll

Show First 20 LinesShow All 62 Lines▼ Show 20 Linesentry:
%0 = load i32* getelementptr inbounds ([10 x i32]* @GlobEx, i64 0, i64 2), align 8 %0 = load i32* getelementptr inbounds ([10 x i32]* @GlobEx, i64 0, i64 2), align 8
ret i32 %0 ret i32 %0
; CHECK-LABEL: define i32 @AccessGlobEx_0_2 ; CHECK-LABEL: define i32 @AccessGlobEx_0_2
; CHECK: __asan_report ; CHECK: __asan_report
; CHECK: ret i32 ; CHECK: ret i32
} }
!llvm.asan.dynamically_initialized_globals = !{!0} !llvm.asan.globals = !{!0}
!0 = metadata !{[10 x i32]* @GlobDy} !0 = metadata !{[10 x i32]* @GlobDy, null, i1 true, i1 false}
; CHECK-LABEL: define internal void @asan.module_ctor ; CHECK-LABEL: define internal void @asan.module_ctor
; CHECK-NOT: ret ; CHECK-NOT: ret
; CHECK: call void @__asan_register_globals ; CHECK: call void @__asan_register_globals
; CHECK: ret ; CHECK: ret
; CHECK-LABEL: define internal void @asan.module_dtor ; CHECK-LABEL: define internal void @asan.module_dtor
; CHECK-NOT: ret ; CHECK-NOT: ret
; CHECK: call void @__asan_unregister_globals ; CHECK: call void @__asan_unregister_globals
; CHECK: ret ; CHECK: ret

test/Instrumentation/AddressSanitizer/instrument_initializer_metadata.ll

; RUN: opt < %s -asan -asan-module -S | FileCheck %s ; RUN: opt < %s -asan -asan-module -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
@xxx = internal global i32 0, align 4 ; With dynamic initializer. @xxx = internal global i32 0, align 4 ; With dynamic initializer.
@XXX = global i32 0, align 4 ; With dynamic initializer. @XXX = global i32 0, align 4 ; With dynamic initializer.
@yyy = internal global i32 0, align 4 ; W/o dynamic initializer. @yyy = internal global i32 0, align 4 ; W/o dynamic initializer.
@YYY = global i32 0, align 4 ; W/o dynamic initializer. @YYY = global i32 0, align 4 ; W/o dynamic initializer.
; Clang will emit the following metadata identifying @xxx as dynamically ; Clang will emit the following metadata identifying @xxx as dynamically
; initialized. ; initialized.
!0 = metadata !{i32* @xxx} !0 = metadata !{i32* @xxx, null, i1 true, i1 false}
!1 = metadata !{i32* @XXX} !1 = metadata !{i32* @XXX, null, i1 true, i1 false}
!llvm.asan.dynamically_initialized_globals = !{!0, !1} !2 = metadata !{i32* @yyy, null, i1 false, i1 false}
!3 = metadata !{i32* @YYY, null, i1 false, i1 false}
!llvm.asan.globals = !{!0, !1, !2, !3}
define i32 @initializer() uwtable { define i32 @initializer() uwtable {
entry: entry:
ret i32 42 ret i32 42
} }
define internal void @__cxx_global_var_init() section ".text.startup" { define internal void @__cxx_global_var_init() section ".text.startup" {
entry: entry:
▲ Show 20 LinesShow All 59 LinesShow Last 20 Lines

tools/clang/lib/CodeGen/CGDecl.cpp

Show First 20 LinesShow All 339 Lines▼ Show 20 Linesvoid CodeGenFunction::EmitStaticVarDecl(const VarDecl &D,
// //
// FIXME: It is really dangerous to store this in the map; if anyone // FIXME: It is really dangerous to store this in the map; if anyone
// RAUW's the GV uses of this constant will be invalid. // RAUW's the GV uses of this constant will be invalid.
llvm::Constant *castedAddr = llvm::Constant *castedAddr =
llvm::ConstantExpr::getPointerBitCastOrAddrSpaceCast(var, expectedType); llvm::ConstantExpr::getPointerBitCastOrAddrSpaceCast(var, expectedType);
DMEntry = castedAddr; DMEntry = castedAddr;
CGM.setStaticLocalDeclAddress(&D, castedAddr); CGM.setStaticLocalDeclAddress(&D, castedAddr);
CGM.reportGlobalToASan(var, D.getLocation());
// Emit global variable debug descriptor for static vars. // Emit global variable debug descriptor for static vars.
CGDebugInfo *DI = getDebugInfo(); CGDebugInfo *DI = getDebugInfo();
if (DI && if (DI &&
CGM.getCodeGenOpts().getDebugInfo() >= CodeGenOptions::LimitedDebugInfo) { CGM.getCodeGenOpts().getDebugInfo() >= CodeGenOptions::LimitedDebugInfo) {
DI->setLocation(D.getLocation()); DI->setLocation(D.getLocation());
DI->EmitGlobalVariable(var, &D); DI->EmitGlobalVariable(var, &D);
} }
} }
▲ Show 20 LinesShow All 1,394 LinesShow Last 20 Lines

tools/clang/lib/CodeGen/CodeGenModule.h

Show First 20 LinesShow All 1,019 Lines▼ Show 20 Linespublic:
void AddGlobalAnnotations(const ValueDecl *D, llvm::GlobalValue *GV); void AddGlobalAnnotations(const ValueDecl *D, llvm::GlobalValue *GV);
const llvm::SpecialCaseList &getSanitizerBlacklist() const { const llvm::SpecialCaseList &getSanitizerBlacklist() const {
return *SanitizerBlacklist; return *SanitizerBlacklist;
} }
const SanitizerOptions &getSanOpts() const { return SanOpts; } const SanitizerOptions &getSanOpts() const { return SanOpts; }
void reportGlobalToASan(llvm::GlobalVariable *GV, SourceLocation Loc,
bool IsDynInit = false);
void addDeferredVTable(const CXXRecordDecl *RD) { void addDeferredVTable(const CXXRecordDecl *RD) {
DeferredVTables.push_back(RD); DeferredVTables.push_back(RD);
} }
/// Emit code for a singal global function or var decl. Forward declarations /// Emit code for a singal global function or var decl. Forward declarations
/// are emitted lazily. /// are emitted lazily.
void EmitGlobal(GlobalDecl D); void EmitGlobal(GlobalDecl D);
▲ Show 20 LinesShow All 129 LinesShow Last 20 Lines

tools/clang/lib/CodeGen/CodeGenModule.cpp

Show First 20 LinesShow All 1,952 Lines▼ Show 20 Lines if (Linkage == llvm::GlobalVariable::CommonLinkage)
GV->setConstant(false); GV->setConstant(false);
setNonAliasAttributes(D, GV); setNonAliasAttributes(D, GV);
// Emit the initializer function if necessary. // Emit the initializer function if necessary.
if (NeedsGlobalCtor || NeedsGlobalDtor) if (NeedsGlobalCtor || NeedsGlobalDtor)
EmitCXXGlobalVarDeclInitFunc(D, GV, NeedsGlobalCtor); EmitCXXGlobalVarDeclInitFunc(D, GV, NeedsGlobalCtor);
// If we are compiling with ASan, add metadata indicating dynamically reportGlobalToASan(GV, D->getLocation(), NeedsGlobalCtor);
// initialized (and not blacklisted) globals.
if (SanOpts.Address && NeedsGlobalCtor &&
!SanitizerBlacklist->isIn(*GV, "init")) {
llvm::NamedMDNode *DynamicInitializers = TheModule.getOrInsertNamedMetadata(
"llvm.asan.dynamically_initialized_globals");
llvm::Value *GlobalToAdd[] = { GV };
llvm::MDNode *ThisGlobal = llvm::MDNode::get(VMContext, GlobalToAdd);
DynamicInitializers->addOperand(ThisGlobal);
}
// Emit global variable debug information. // Emit global variable debug information.
if (CGDebugInfo *DI = getModuleDebugInfo()) if (CGDebugInfo *DI = getModuleDebugInfo())
if (getCodeGenOpts().getDebugInfo() >= CodeGenOptions::LimitedDebugInfo) if (getCodeGenOpts().getDebugInfo() >= CodeGenOptions::LimitedDebugInfo)
DI->EmitGlobalVariable(GV, D); DI->EmitGlobalVariable(GV, D);
} }
void CodeGenModule::reportGlobalToASan(llvm::GlobalVariable *GV,
SourceLocation Loc, bool IsDynInit) {
if (!SanOpts.Address)
return;
IsDynInit &= !SanitizerBlacklist->isIn(*GV, "init");
bool IsBlacklisted = SanitizerBlacklist->isIn(*GV);
llvm::LLVMContext &LLVMCtx = TheModule.getContext();
llvm::GlobalVariable *LocDescr = nullptr;
if (!IsBlacklisted) {
// Don't generate source location if a global is blacklisted - it won't
// be instrumented anyway.
PresumedLoc PLoc = Context.getSourceManager().getPresumedLoc(Loc);
if (PLoc.isValid()) {
llvm::Constant *LocData[] = {
GetAddrOfConstantCString(PLoc.getFilename()),
llvm::ConstantInt::get(llvm::Type::getInt32Ty(LLVMCtx), PLoc.getLine()),
llvm::ConstantInt::get(llvm::Type::getInt32Ty(LLVMCtx),
PLoc.getColumn()),
};
auto LocStruct = llvm::ConstantStruct::getAnon(LocData);
LocDescr = new llvm::GlobalVariable(TheModule, LocStruct->getType(), true,
llvm::GlobalValue::PrivateLinkage,
LocStruct, ".asan_loc_descr");
LocDescr->setUnnamedAddr(true);
// Add LocDescr to llvm.compiler.used, so that it won't be removed by
// the optimizer before the ASan instrumentation pass.
addCompilerUsedGlobal(LocDescr);
}
}
llvm::Value *GlobalMetadata[] = {
GV,
LocDescr,
llvm::ConstantInt::get(llvm::Type::getInt1Ty(LLVMCtx), IsDynInit),
llvm::ConstantInt::get(llvm::Type::getInt1Ty(LLVMCtx), IsBlacklisted)
};
llvm::MDNode *ThisGlobal = llvm::MDNode::get(VMContext, GlobalMetadata);
llvm::NamedMDNode *AsanGlobals =
TheModule.getOrInsertNamedMetadata("llvm.asan.globals");
AsanGlobals->addOperand(ThisGlobal);
}
static bool isVarDeclStrongDefinition(const VarDecl *D, bool NoCommon) { static bool isVarDeclStrongDefinition(const VarDecl *D, bool NoCommon) {
// Don't give variables common linkage if -fno-common was specified unless it // Don't give variables common linkage if -fno-common was specified unless it
// was overridden by a NoCommon attribute. // was overridden by a NoCommon attribute.
if ((NoCommon || D->hasAttr<NoCommonAttr>()) && !D->hasAttr<CommonAttr>()) if ((NoCommon || D->hasAttr<NoCommonAttr>()) && !D->hasAttr<CommonAttr>())
return true; return true;
// C11 6.9.2/2: // C11 6.9.2/2:
// A declaration of an identifier for an object that has file scope without // A declaration of an identifier for an object that has file scope without
▲ Show 20 LinesShow All 788 Lines▼ Show 20 Lines if (!LangOpts.WritableStrings && !SanOpts.Address &&
LT = llvm::GlobalValue::PrivateLinkage; LT = llvm::GlobalValue::PrivateLinkage;
GlobalVariableName = ".str"; GlobalVariableName = ".str";
} }
llvm::Constant *C = GetConstantArrayFromStringLiteral(S); llvm::Constant *C = GetConstantArrayFromStringLiteral(S);
auto GV = GenerateStringLiteral(C, LT, *this, GlobalVariableName, Alignment); auto GV = GenerateStringLiteral(C, LT, *this, GlobalVariableName, Alignment);
if (Entry) if (Entry)
Entry->setValue(GV); Entry->setValue(GV);
reportGlobalToASan(GV, S->getStrTokenLoc(0));
return GV; return GV;
} }
/// GetAddrOfConstantStringFromObjCEncode - Return a pointer to a constant /// GetAddrOfConstantStringFromObjCEncode - Return a pointer to a constant
/// array for the given ObjCEncodeExpr node. /// array for the given ObjCEncodeExpr node.
llvm::Constant * llvm::Constant *
CodeGenModule::GetAddrOfConstantStringFromObjCEncode(const ObjCEncodeExpr *E) { CodeGenModule::GetAddrOfConstantStringFromObjCEncode(const ObjCEncodeExpr *E) {
std::string Str; std::string Str;
▲ Show 20 LinesShow All 562 LinesShow Last 20 Lines

tools/clang/test/CodeGen/asan-globals.cpp

  • This file was added.
// RUN: echo "global:*blacklisted_global*" > %t.blacklist
// RUN: %clang_cc1 -fsanitize=address -fsanitize-blacklist=%t.blacklist -emit-llvm -o - %s | FileCheck %s
// REQUIRES: shell
int global;
// CHECK: [[GLOBAL_LOC:@.asan_loc_descr[0-9]*]] = private unnamed_addr constant {{.*}} i32 [[@LINE-1]], i32 5
int dyn_init_global = global;
// CHECK: [[DYN_INIT_LOC:@.asan_loc_descr[0-9]*]] = {{.*}} i32 [[@LINE-1]], i32 5
int blacklisted_global;
void func() {
static int static_var = 0;
// CHECK: [[STATIC_LOC:@.asan_loc_descr[0-9]*]] = {{.*}} i32 [[@LINE-1]], i32 14
const char *literal = "Hello, world!";
// CHECK: [[LITERAL_LOC:@.asan_loc_descr[0-9]*]] = {{.*}} i32 [[@LINE-1]], i32 25
}
// CHECK: !llvm.asan.globals = !{![[GLOBAL:[0-9]+]], ![[DYN_INIT_GLOBAL:[0-9]+]], ![[BLACKLISTED_GLOBAL:[0-9]+]], ![[STATIC_VAR:[0-9]+]], ![[LITERAL:[0-9]+]]}
// CHECK: ![[GLOBAL]] = metadata !{{{.*}} [[GLOBAL_LOC]], i1 false, i1 false}
// CHECK: ![[DYN_INIT_GLOBAL]] = metadata !{{{.*}} [[DYN_INIT_LOC]], i1 true, i1 false}
// CHECK: ![[BLACKLISTED_GLOBAL]] = metadata !{{{.*}}, null, i1 false, i1 true}
// CHECK: ![[STATIC_VAR]] = metadata !{{{.*}} [[STATIC_LOC]], i1 false, i1 false}
// CHECK: ![[LITERAL]] = metadata !{{{.*}} [[LITERAL_LOC]], i1 false, i1 false}

tools/clang/test/CodeGen/sanitize-init-order.cpp

Show All 21 Linesstruct PODWithCtorAndDtor {
PODWithCtorAndDtor() { } PODWithCtorAndDtor() { }
~PODWithCtorAndDtor() { } ~PODWithCtorAndDtor() { }
int x; int x;
}; };
PODWithCtorAndDtor s3; PODWithCtorAndDtor s3;
// Check that ASan init-order checking ignores structs with trivial default // Check that ASan init-order checking ignores structs with trivial default
// constructor. // constructor.
// CHECK: !llvm.asan.dynamically_initialized_globals = !{[[GLOB:![0-9]+]]} // CHECK: !llvm.asan.globals = !{![[GLOB_1:[0-9]+]], ![[GLOB_2:[0-9]+]], ![[GLOB_3:[0-9]]]}
// CHECK: [[GLOB]] = metadata !{%struct.PODWithCtorAndDtor // CHECK: ![[GLOB_1]] = metadata !{%struct.PODStruct* {{.*}}, i1 false, i1 false}
// CHECK: ![[GLOB_2]] = metadata !{%struct.PODWithDtor* {{.*}}, i1 false, i1 false}
// BLACKLIST-NOT: llvm.asan.dynamically_initialized_globals // CHECK: ![[GLOB_3]] = metadata !{%struct.PODWithCtorAndDtor* {{.*}}, i1 true, i1 false}
// BLACKLIST: !llvm.asan.globals = !{![[GLOB_1:[0-9]+]], ![[GLOB_2:[0-9]+]], ![[GLOB_3:[0-9]]]}
// BLACKLIST: ![[GLOB_1]] = metadata !{%struct.PODStruct* {{.*}}, i1 false, i1 false}
// BLACKLIST: ![[GLOB_2]] = metadata !{%struct.PODWithDtor* {{.*}}, i1 false, i1 false}
// BLACKLIST: ![[GLOB_3]] = metadata !{%struct.PODWithCtorAndDtor* {{.*}}, i1 false, i1 false}