This is an archive of the discontinued LLVM Phabricator instance.

Differential D44699

[HWASan] Port HWASan to Linux x86-64 (LLVM)
ClosedPublic

Authored by alekseyshl on Mar 20 2018, 2:01 PM.

Details

Reviewers
eugenis
Commits
rG83e78414192f: [HWASan] Port HWASan to Linux x86-64 (LLVM)
rL328342: [HWASan] Port HWASan to Linux x86-64 (LLVM)
Summary

Porting HWASan to Linux x86-64, first of the three patches, LLVM part.

The approach is similar to ARM case, trap signal is used to communicate
memory tag check failure. int3 instruction is used to generate a signal,
access parameters are stored in nop [eax + offset] instruction immediately
following the int3 one.

One notable difference is that x86-64 has to untag the pointer before use
due to the lack of feature comparable to ARM's TBI (Top Byte Ignore).

Diff Detail

Repository
rL LLVM

Event Timeline

alekseyshl created this revision.Mar 20 2018, 2:01 PM
Herald added a subscriber: kristof.beyls. · View Herald TranscriptMar 20 2018, 2:01 PM
Harbormaster completed remote builds in B16282: Diff 139192.Mar 20 2018, 2:01 PM
eugenis added inline comments.Mar 21 2018, 4:37 PM
lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
369 ↗(On Diff #139192)

the condition should be not-arm64, not is-x86.

389 ↗(On Diff #139192)

I'd move untagging to a separate function. It does not need to be tied to tag checking. In the future we'll probably want to untag other stuff, like pointers in external function call arguments.

test/Instrumentation/HWAddressSanitizer/X86/basic.ll
1 ↗(On Diff #139192)

That's a lot of copy-paste, and most of it is covered by aarch64 tests.
Lets only test the parts that differ: trap instruction sequence (one or two cases would be enough), and pointer untagging.

alekseyshl updated this revision to Diff 139487.Mar 22 2018, 11:50 AM
alekseyshl marked 2 inline comments as done.
  • Move pointer operand untagging into a separate function.
lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
389 ↗(On Diff #139192)

Not sure what the future API would be for this function, settled for the most efficient for the current use case.

Harbormaster completed remote builds in B16358: Diff 139487.Mar 22 2018, 11:52 AM
eugenis accepted this revision.Mar 22 2018, 1:52 PM
This revision is now accepted and ready to land.Mar 22 2018, 1:52 PM
alekseyshl updated this revision to Diff 139507.EditedMar 22 2018, 2:17 PM
  • Remove shared code checks from X86 specific tests.
Harbormaster completed remote builds in B16365: Diff 139507.Mar 22 2018, 2:17 PM
alekseyshl marked an inline comment as done.Mar 22 2018, 2:17 PM
Closed by commit rL328342: [HWASan] Port HWASan to Linux x86-64 (LLVM) (authored by alekseyshl). · Explain WhyMar 23 2018, 11:00 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
trunk/
lib/
Transforms/
Instrumentation/
71 lines
test/
Instrumentation/
HWAddressSanitizer/
X86/
40 lines
103 lines
34 lines
79 lines

Diff 139614

llvm/trunk/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp

Show First 20 LinesShow All 117 Lines▼ Show 20 Lines HWAddressSanitizer(bool Recover = false)
: FunctionPass(ID), Recover(Recover || ClRecover) {} : FunctionPass(ID), Recover(Recover || ClRecover) {}
StringRef getPassName() const override { return "HWAddressSanitizer"; } StringRef getPassName() const override { return "HWAddressSanitizer"; }
bool runOnFunction(Function &F) override; bool runOnFunction(Function &F) override;
bool doInitialization(Module &M) override; bool doInitialization(Module &M) override;
void initializeCallbacks(Module &M); void initializeCallbacks(Module &M);
void untagPointerOperand(Instruction *I, Value *Addr);
void instrumentMemAccessInline(Value *PtrLong, bool IsWrite, void instrumentMemAccessInline(Value *PtrLong, bool IsWrite,
unsigned AccessSizeIndex, unsigned AccessSizeIndex,
Instruction *InsertBefore); Instruction *InsertBefore);
bool instrumentMemAccess(Instruction *I); bool instrumentMemAccess(Instruction *I);
Value *isInterestingMemoryAccess(Instruction *I, bool *IsWrite, Value *isInterestingMemoryAccess(Instruction *I, bool *IsWrite,
uint64_t *TypeSize, unsigned *Alignment, uint64_t *TypeSize, unsigned *Alignment,
Value **MaybeMask); Value **MaybeMask);
bool isInterestingAlloca(const AllocaInst &AI); bool isInterestingAlloca(const AllocaInst &AI);
bool tagAlloca(IRBuilder<> &IRB, AllocaInst *AI, Value *Tag); bool tagAlloca(IRBuilder<> &IRB, AllocaInst *AI, Value *Tag);
Value *tagPointer(IRBuilder<> &IRB, Type *Ty, Value *PtrLong, Value *Tag); Value *tagPointer(IRBuilder<> &IRB, Type *Ty, Value *PtrLong, Value *Tag);
Value *untagPointer(IRBuilder<> &IRB, Value *PtrLong); Value *untagPointer(IRBuilder<> &IRB, Value *PtrLong);
bool instrumentStack(SmallVectorImpl<AllocaInst *> &Allocas, bool instrumentStack(SmallVectorImpl<AllocaInst *> &Allocas,
SmallVectorImpl<Instruction *> &RetVec); SmallVectorImpl<Instruction *> &RetVec);
Value *getNextTagWithCall(IRBuilder<> &IRB); Value *getNextTagWithCall(IRBuilder<> &IRB);
Value *getStackBaseTag(IRBuilder<> &IRB); Value *getStackBaseTag(IRBuilder<> &IRB);
Value *getAllocaTag(IRBuilder<> &IRB, Value *StackTag, AllocaInst *AI, Value *getAllocaTag(IRBuilder<> &IRB, Value *StackTag, AllocaInst *AI,
unsigned AllocaNo); unsigned AllocaNo);
Value *getUARTag(IRBuilder<> &IRB, Value *StackTag); Value *getUARTag(IRBuilder<> &IRB, Value *StackTag);
private: private:
LLVMContext *C; LLVMContext *C;
Triple TargetTriple;
Type *IntptrTy; Type *IntptrTy;
Type *Int8Ty; Type *Int8Ty;
bool Recover; bool Recover;
Function *HwasanCtorFunction; Function *HwasanCtorFunction;
Function *HwasanMemoryAccessCallback[2][kNumberOfAccessSizes]; Function *HwasanMemoryAccessCallback[2][kNumberOfAccessSizes];
Show All 20 Lines
/// \brief Module-level initialization. /// \brief Module-level initialization.
/// ///
/// inserts a call to __hwasan_init to the module's constructor list. /// inserts a call to __hwasan_init to the module's constructor list.
bool HWAddressSanitizer::doInitialization(Module &M) { bool HWAddressSanitizer::doInitialization(Module &M) {
DEBUG(dbgs() << "Init " << M.getName() << "\n"); DEBUG(dbgs() << "Init " << M.getName() << "\n");
auto &DL = M.getDataLayout(); auto &DL = M.getDataLayout();
Triple TargetTriple(M.getTargetTriple()); TargetTriple = Triple(M.getTargetTriple());
C = &(M.getContext()); C = &(M.getContext());
IRBuilder<> IRB(*C); IRBuilder<> IRB(*C);
IntptrTy = IRB.getIntPtrTy(DL); IntptrTy = IRB.getIntPtrTy(DL);
Int8Ty = IRB.getInt8Ty(); Int8Ty = IRB.getInt8Ty();
HwasanCtorFunction = nullptr; HwasanCtorFunction = nullptr;
if (!ClEnableKhwasan) { if (!ClEnableKhwasan) {
Show All 30 Linesvoid HWAddressSanitizer::initializeCallbacks(Module &M) {
HwasanTagMemoryFunc = checkSanitizerInterfaceFunction(M.getOrInsertFunction( HwasanTagMemoryFunc = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
"__hwasan_tag_memory", IRB.getVoidTy(), IntptrTy, Int8Ty, IntptrTy)); "__hwasan_tag_memory", IRB.getVoidTy(), IntptrTy, Int8Ty, IntptrTy));
HwasanGenerateTagFunc = checkSanitizerInterfaceFunction( HwasanGenerateTagFunc = checkSanitizerInterfaceFunction(
M.getOrInsertFunction("__hwasan_generate_tag", Int8Ty)); M.getOrInsertFunction("__hwasan_generate_tag", Int8Ty));
} }
Value *HWAddressSanitizer::isInterestingMemoryAccess(Instruction *I, Value *HWAddressSanitizer::isInterestingMemoryAccess(Instruction *I,
bool *IsWrite, bool *IsWrite,
uint64_t *TypeSize, uint64_t *TypeSize,
unsigned *Alignment, unsigned *Alignment,
Value **MaybeMask) { Value **MaybeMask) {
// Skip memory accesses inserted by another instrumentation. // Skip memory accesses inserted by another instrumentation.
if (I->getMetadata("nosanitize")) return nullptr; if (I->getMetadata("nosanitize")) return nullptr;
Value *PtrOperand = nullptr; Value *PtrOperand = nullptr;
const DataLayout &DL = I->getModule()->getDataLayout(); const DataLayout &DL = I->getModule()->getDataLayout();
if (LoadInst *LI = dyn_cast<LoadInst>(I)) { if (LoadInst *LI = dyn_cast<LoadInst>(I)) {
if (!ClInstrumentReads) return nullptr; if (!ClInstrumentReads) return nullptr;
*IsWrite = false; *IsWrite = false;
Show All 33 Lines if (PtrOperand) {
// function and it makes no sense to track them as memory. // function and it makes no sense to track them as memory.
if (PtrOperand->isSwiftError()) if (PtrOperand->isSwiftError())
return nullptr; return nullptr;
} }
return PtrOperand; return PtrOperand;
} }
static unsigned getPointerOperandIndex(Instruction *I) {
if (LoadInst *LI = dyn_cast<LoadInst>(I))
return LI->getPointerOperandIndex();
if (StoreInst *SI = dyn_cast<StoreInst>(I))
return SI->getPointerOperandIndex();
if (AtomicRMWInst *RMW = dyn_cast<AtomicRMWInst>(I))
return RMW->getPointerOperandIndex();
if (AtomicCmpXchgInst *XCHG = dyn_cast<AtomicCmpXchgInst>(I))
return XCHG->getPointerOperandIndex();
report_fatal_error("Unexpected instruction");
return -1;
}
static size_t TypeSizeToSizeIndex(uint32_t TypeSize) { static size_t TypeSizeToSizeIndex(uint32_t TypeSize) {
size_t Res = countTrailingZeros(TypeSize / 8); size_t Res = countTrailingZeros(TypeSize / 8);
assert(Res < kNumberOfAccessSizes); assert(Res < kNumberOfAccessSizes);
return Res; return Res;
} }
void HWAddressSanitizer::untagPointerOperand(Instruction *I, Value *Addr) {
if (TargetTriple.isAArch64())
return;
IRBuilder<> IRB(I);
Value *AddrLong = IRB.CreatePointerCast(Addr, IntptrTy);
Value *UntaggedPtr =
IRB.CreateIntToPtr(untagPointer(IRB, AddrLong), Addr->getType());
I->setOperand(getPointerOperandIndex(I), UntaggedPtr);
}
void HWAddressSanitizer::instrumentMemAccessInline(Value *PtrLong, bool IsWrite, void HWAddressSanitizer::instrumentMemAccessInline(Value *PtrLong, bool IsWrite,
unsigned AccessSizeIndex, unsigned AccessSizeIndex,
Instruction *InsertBefore) { Instruction *InsertBefore) {
IRBuilder<> IRB(InsertBefore); IRBuilder<> IRB(InsertBefore);
Value *PtrTag = IRB.CreateTrunc(IRB.CreateLShr(PtrLong, kPointerTagShift), IRB.getInt8Ty()); Value *PtrTag = IRB.CreateTrunc(IRB.CreateLShr(PtrLong, kPointerTagShift),
IRB.getInt8Ty());
Value *AddrLong = untagPointer(IRB, PtrLong); Value *AddrLong = untagPointer(IRB, PtrLong);
Value *ShadowLong = IRB.CreateLShr(AddrLong, kShadowScale); Value *ShadowLong = IRB.CreateLShr(AddrLong, kShadowScale);
if (ClMappingOffset) if (ClMappingOffset)
ShadowLong = IRB.CreateAdd( ShadowLong = IRB.CreateAdd(
ShadowLong, ConstantInt::get(PtrLong->getType(), ClMappingOffset, ShadowLong, ConstantInt::get(PtrLong->getType(), ClMappingOffset,
/*isSigned=*/false)); /*isSigned=*/false));
Value *MemTag = Value *MemTag =
IRB.CreateLoad(IRB.CreateIntToPtr(ShadowLong, IRB.getInt8PtrTy())); IRB.CreateLoad(IRB.CreateIntToPtr(ShadowLong, IRB.getInt8PtrTy()));
Value *TagMismatch = IRB.CreateICmpNE(PtrTag, MemTag); Value *TagMismatch = IRB.CreateICmpNE(PtrTag, MemTag);
TerminatorInst *CheckTerm = TerminatorInst *CheckTerm =
SplitBlockAndInsertIfThen(TagMismatch, InsertBefore, !Recover, SplitBlockAndInsertIfThen(TagMismatch, InsertBefore, !Recover,
MDBuilder(*C).createBranchWeights(1, 100000)); MDBuilder(*C).createBranchWeights(1, 100000));
IRB.SetInsertPoint(CheckTerm); IRB.SetInsertPoint(CheckTerm);
const int64_t AccessInfo = Recover * 0x20 + IsWrite * 0x10 + AccessSizeIndex;
InlineAsm *Asm;
switch (TargetTriple.getArch()) {
case Triple::x86_64:
// The signal handler will find the data address in rdi.
Asm = InlineAsm::get(
FunctionType::get(IRB.getVoidTy(), {PtrLong->getType()}, false),
"int3\nnopl " + itostr(0x40 + AccessInfo) + "(%rax)",
"{rdi}",
/*hasSideEffects=*/true);
break;
case Triple::aarch64:
case Triple::aarch64_be:
// The signal handler will find the data address in x0. // The signal handler will find the data address in x0.
InlineAsm *Asm = InlineAsm::get( Asm = InlineAsm::get(
FunctionType::get(IRB.getVoidTy(), {PtrLong->getType()}, false), FunctionType::get(IRB.getVoidTy(), {PtrLong->getType()}, false),
"brk #" + "brk #" + itostr(0x900 + AccessInfo),
itostr(0x900 + Recover * 0x20 + IsWrite * 0x10 + AccessSizeIndex),
"{x0}", "{x0}",
/*hasSideEffects=*/true); /*hasSideEffects=*/true);
break;
default:
report_fatal_error("unsupported architecture");
}
IRB.CreateCall(Asm, PtrLong); IRB.CreateCall(Asm, PtrLong);
} }
bool HWAddressSanitizer::instrumentMemAccess(Instruction *I) { bool HWAddressSanitizer::instrumentMemAccess(Instruction *I) {
DEBUG(dbgs() << "Instrumenting: " << *I << "\n"); DEBUG(dbgs() << "Instrumenting: " << *I << "\n");
bool IsWrite = false; bool IsWrite = false;
unsigned Alignment = 0; unsigned Alignment = 0;
uint64_t TypeSize = 0; uint64_t TypeSize = 0;
Show All 19 Lines if (ClInstrumentWithCalls) {
AddrLong); AddrLong);
} else { } else {
instrumentMemAccessInline(AddrLong, IsWrite, AccessSizeIndex, I); instrumentMemAccessInline(AddrLong, IsWrite, AccessSizeIndex, I);
} }
} else { } else {
IRB.CreateCall(HwasanMemoryAccessCallbackSized[IsWrite], IRB.CreateCall(HwasanMemoryAccessCallbackSized[IsWrite],
{AddrLong, ConstantInt::get(IntptrTy, TypeSize / 8)}); {AddrLong, ConstantInt::get(IntptrTy, TypeSize / 8)});
} }
untagPointerOperand(I, Addr);
return true; return true;
} }
static uint64_t getAllocaSizeInBytes(const AllocaInst &AI) { static uint64_t getAllocaSizeInBytes(const AllocaInst &AI) {
uint64_t ArraySize = 1; uint64_t ArraySize = 1;
if (AI.isArrayAllocation()) { if (AI.isArrayAllocation()) {
const ConstantInt *CI = dyn_cast<ConstantInt>(AI.getArraySize()); const ConstantInt *CI = dyn_cast<ConstantInt>(AI.getArraySize());
▲ Show 20 LinesShow All 231 LinesShow Last 20 Lines

llvm/trunk/test/Instrumentation/HWAddressSanitizer/X86/atomic.ll

; Test basic address sanitizer instrumentation.
;
; RUN: opt < %s -hwasan -S | FileCheck %s
target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
target triple = "x86_64-unknown-linux-gnu"
define void @atomicrmw(i64* %ptr) sanitize_hwaddress {
; CHECK-LABEL: @atomicrmw(
; CHECK: %[[A:[^ ]*]] = ptrtoint i64* %ptr to i64
; CHECK: call void asm sideeffect "int3\0Anopl 83(%rax)", "{rdi}"(i64 %[[A]])
; CHECK: %[[A:[^ ]*]] = ptrtoint i64* %ptr to i64
; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i64*
; CHECK: atomicrmw add i64* %[[UNTAGGED_PTR]], i64 1 seq_cst
; CHECK: ret void
entry:
%0 = atomicrmw add i64* %ptr, i64 1 seq_cst
ret void
}
define void @cmpxchg(i64* %ptr, i64 %compare_to, i64 %new_value) sanitize_hwaddress {
; CHECK-LABEL: @cmpxchg(
; CHECK: %[[A:[^ ]*]] = ptrtoint i64* %ptr to i64
; CHECK: call void asm sideeffect "int3\0Anopl 83(%rax)", "{rdi}"(i64 %[[A]])
; CHECK: %[[A:[^ ]*]] = ptrtoint i64* %ptr to i64
; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i64*
; CHECK: cmpxchg i64* %[[UNTAGGED_PTR]], i64 %compare_to, i64 %new_value seq_cst seq_cst
; CHECK: ret void
entry:
%0 = cmpxchg i64* %ptr, i64 %compare_to, i64 %new_value seq_cst seq_cst
ret void
}

llvm/trunk/test/Instrumentation/HWAddressSanitizer/X86/basic.ll

; Test basic address sanitizer instrumentation.
; Generic code is covered by ../basic.ll, only the x86_64 specific code is
; tested here.
;
; RUN: opt < %s -hwasan -hwasan-recover=0 -S | FileCheck %s --check-prefixes=CHECK,ABORT
; RUN: opt < %s -hwasan -hwasan-recover=1 -S | FileCheck %s --check-prefixes=CHECK,RECOVER
target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
target triple = "x86_64-unknown-linux-gnu"
define i8 @test_load8(i8* %a) sanitize_hwaddress {
; CHECK-LABEL: @test_load8(
; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64
; ABORT: call void asm sideeffect "int3\0Anopl 64(%rax)", "{rdi}"(i64 %[[A]])
; ABORT: unreachable
; RECOVER: call void asm sideeffect "int3\0Anopl 96(%rax)", "{rdi}"(i64 %[[A]])
; RECOVER: br label
; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64
; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i8*
; CHECK: %[[G:[^ ]*]] = load i8, i8* %[[UNTAGGED_PTR]], align 4
; CHECK: ret i8 %[[G]]
entry:
%b = load i8, i8* %a, align 4
ret i8 %b
}
define i40 @test_load40(i40* %a) sanitize_hwaddress {
; CHECK-LABEL: @test_load40(
; CHECK: %[[A:[^ ]*]] = ptrtoint i40* %a to i64
; ABORT: call void @__hwasan_loadN(i64 %[[A]], i64 5)
; RECOVER: call void @__hwasan_loadN_noabort(i64 %[[A]], i64 5)
; CHECK: %[[A:[^ ]*]] = ptrtoint i40* %a to i64
; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i40*
; CHECK: %[[B:[^ ]*]] = load i40, i40* %[[UNTAGGED_PTR]]
; CHECK: ret i40 %[[B]]
entry:
%b = load i40, i40* %a, align 4
ret i40 %b
}
define void @test_store8(i8* %a, i8 %b) sanitize_hwaddress {
; CHECK-LABEL: @test_store8(
; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64
; ABORT: call void asm sideeffect "int3\0Anopl 80(%rax)", "{rdi}"(i64 %[[A]])
; ABORT: unreachable
; RECOVER: call void asm sideeffect "int3\0Anopl 112(%rax)", "{rdi}"(i64 %[[A]])
; RECOVER: br label
; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64
; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i8*
; CHECK: store i8 %b, i8* %[[UNTAGGED_PTR]], align 4
; CHECK: ret void
entry:
store i8 %b, i8* %a, align 4
ret void
}
define void @test_store40(i40* %a, i40 %b) sanitize_hwaddress {
; CHECK-LABEL: @test_store40(
; CHECK: %[[A:[^ ]*]] = ptrtoint i40* %a to i64
; ABORT: call void @__hwasan_storeN(i64 %[[A]], i64 5)
; RECOVER: call void @__hwasan_storeN_noabort(i64 %[[A]], i64 5)
; CHECK: %[[A:[^ ]*]] = ptrtoint i40* %a to i64
; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i40*
; CHECK: store i40 %b, i40* %[[UNTAGGED_PTR]]
; CHECK: ret void
entry:
store i40 %b, i40* %a, align 4
ret void
}
define void @test_store_unaligned(i64* %a, i64 %b) sanitize_hwaddress {
; CHECK-LABEL: @test_store_unaligned(
; CHECK: %[[A:[^ ]*]] = ptrtoint i64* %a to i64
; ABORT: call void @__hwasan_storeN(i64 %[[A]], i64 8)
; RECOVER: call void @__hwasan_storeN_noabort(i64 %[[A]], i64 8)
; CHECK: %[[A:[^ ]*]] = ptrtoint i64* %a to i64
; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i64*
; CHECK: store i64 %b, i64* %[[UNTAGGED_PTR]], align 4
; CHECK: ret void
entry:
store i64 %b, i64* %a, align 4
ret void
}

llvm/trunk/test/Instrumentation/HWAddressSanitizer/X86/kernel.ll

; Test kernel hwasan instrumentation.
; Generic code is covered by ../kernel.ll, only the x86_64 specific code is
; tested here.
;
; RUN: opt < %s -hwasan -hwasan-kernel=1 -S | FileCheck %s --allow-empty --check-prefixes=INIT
; RUN: opt < %s -hwasan -hwasan-kernel=1 -S | FileCheck %s
; RUN: opt < %s -hwasan -hwasan-kernel=1 -hwasan-mapping-offset=12345678 -S | FileCheck %s
; RUN: opt < %s -hwasan -hwasan-kernel=1 -hwasan-recover=0 -S | FileCheck %s --check-prefixes=CHECK,ABORT
; RUN: opt < %s -hwasan -hwasan-kernel=1 -hwasan-recover=1 -S | FileCheck %s --check-prefixes=CHECK,RECOVER
target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
target triple = "x86_64-unknown-linux-gnu"
define i8 @test_load(i8* %a) sanitize_hwaddress {
; CHECK-LABEL: @test_load(
; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64
; ABORT: call void asm sideeffect "int3\0Anopl 64(%rax)", "{rdi}"(i64 %[[A]])
; ABORT: unreachable
; RECOVER: call void asm sideeffect "int3\0Anopl 96(%rax)", "{rdi}"(i64 %[[A]])
; RECOVER: br label
; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64
; CHECK: %[[UNTAGGED:[^ ]*]] = or i64 %[[A]], -72057594037927936
; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i8*
; CHECK: %[[G:[^ ]*]] = load i8, i8* %[[UNTAGGED_PTR]], align 4
; CHECK: ret i8 %[[G]]
entry:
%b = load i8, i8* %a, align 4
ret i8 %b
}
; INIT-NOT: call void @__hwasan_init

llvm/trunk/test/Instrumentation/HWAddressSanitizer/X86/with-calls.ll

; Test basic address sanitizer instrumentation.
;
; RUN: opt < %s -hwasan -hwasan-instrument-with-calls -S | FileCheck %s --check-prefixes=CHECK,ABORT
; RUN: opt < %s -hwasan -hwasan-instrument-with-calls -hwasan-recover=1 -S | FileCheck %s --check-prefixes=CHECK,RECOVER
target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
target triple = "x86_64-unknown-linux-gnu"
define i8 @test_load8(i8* %a) sanitize_hwaddress {
; CHECK-LABEL: @test_load8(
; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64
; ABORT: call void @__hwasan_load1(i64 %[[A]])
; RECOVER: call void @__hwasan_load1_noabort(i64 %[[A]])
; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64
; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i8*
; CHECK: %[[B:[^ ]*]] = load i8, i8* %[[UNTAGGED_PTR]]
; CHECK: ret i8 %[[B]]
entry:
%b = load i8, i8* %a, align 4
ret i8 %b
}
define i40 @test_load40(i40* %a) sanitize_hwaddress {
; CHECK-LABEL: @test_load40(
; CHECK: %[[A:[^ ]*]] = ptrtoint i40* %a to i64
; ABORT: call void @__hwasan_loadN(i64 %[[A]], i64 5)
; RECOVER: call void @__hwasan_loadN_noabort(i64 %[[A]], i64 5)
; CHECK: %[[A:[^ ]*]] = ptrtoint i40* %a to i64
; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i40*
; CHECK: %[[B:[^ ]*]] = load i40, i40* %[[UNTAGGED_PTR]]
; CHECK: ret i40 %[[B]]
entry:
%b = load i40, i40* %a, align 4
ret i40 %b
}
define void @test_store8(i8* %a, i8 %b) sanitize_hwaddress {
; CHECK-LABEL: @test_store8(
; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64
; ABORT: call void @__hwasan_store1(i64 %[[A]])
; RECOVER: call void @__hwasan_store1_noabort(i64 %[[A]])
; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64
; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i8*
; CHECK: store i8 %b, i8* %[[UNTAGGED_PTR]]
; CHECK: ret void
entry:
store i8 %b, i8* %a, align 4
ret void
}
define void @test_store40(i40* %a, i40 %b) sanitize_hwaddress {
; CHECK-LABEL: @test_store40(
; CHECK: %[[A:[^ ]*]] = ptrtoint i40* %a to i64
; ABORT: call void @__hwasan_storeN(i64 %[[A]], i64 5)
; RECOVER: call void @__hwasan_storeN_noabort(i64 %[[A]], i64 5)
; CHECK: %[[A:[^ ]*]] = ptrtoint i40* %a to i64
; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i40*
; CHECK: store i40 %b, i40* %[[UNTAGGED_PTR]]
; CHECK: ret void
entry:
store i40 %b, i40* %a, align 4
ret void
}