This is an archive of the discontinued LLVM Phabricator instance.

Make sure globals created by UBSan are not instrumented by ASan.
ClosedPublic

Authored by samsonov on Jul 17 2014, 5:21 PM.

Download Raw Diff

Details

Reviewers

Commits

rG6c1241435803: Make sure globals created by UBSan are not instrumented by ASan.
rC213392: Make sure globals created by UBSan are not instrumented by ASan.
rL213392: Make sure globals created by UBSan are not instrumented by ASan.

Summary

This change adds description of globals created by UBSan
instrumentation (UBSan handlers, type descriptors, filenames) to
llvm.asan.globals metadata, effectively "blacklisting" them. This can
dramatically decrease the data section in binaries built with UBSan+ASan,
as UBSan tends to create a lot of handlers, and ASan instrumentation
increases the global size to at least 64 bytes.

Diff Detail

Event Timeline

samsonov updated this revision to Diff 11618.Jul 17 2014, 5:21 PM

samsonov retitled this revision from to Make sure globals created by UBSan are not instrumented by ASan..

samsonov updated this object.

samsonov edited the test plan for this revision. (Show Details)

samsonov added a reviewer: rsmith.

samsonov added subscribers: kcc, byoungyoung, Unknown Object (MLST).

rsmith added inline comments.Jul 17 2014, 5:38 PM

lib/CodeGen/CGExpr.cpp
2179–2180	I'm concerned about this one: these strings may be shared by other parts of the program, where ASan instrumentation is important. How much does instrumenting these strings cost us?

samsonov added inline comments.Jul 17 2014, 5:55 PM

lib/CodeGen/CGExpr.cpp
2179–2180	Yeah, we might get false negatives on out-of-bound access to stuff like FILE. I don't think it's a big deal, though. We already create several global strings in ASan instrumentation (including the string with filename for the global, name for the global etc.) and call setUnnamedAddr(true), allowing to merge them.

OK, if you're not concerned about that then LGTM.

This revision is now accepted and ready to land.Jul 17 2014, 10:11 PM

samsonov closed this revision.Jul 18 2014, 10:58 AM

Revision Contents

Path

Size

lib/

CodeGen/

CGExpr.cpp

23 lines

CodeGenModule.h

6 lines

CodeGenModule.cpp

11 lines

test/

CodeGenCXX/

catch-undef-behavior.cpp

8 lines

Diff 11618

lib/CodeGen/CGExpr.cpp

Show First 20 Lines • Show All 2,121 Lines • ▼ Show 20 Lines	llvm::Constant *Components[] = {
llvm::ConstantDataArray::getString(getLLVMContext(), Buffer)		llvm::ConstantDataArray::getString(getLLVMContext(), Buffer)
};		};
llvm::Constant *Descriptor = llvm::ConstantStruct::getAnon(Components);		llvm::Constant *Descriptor = llvm::ConstantStruct::getAnon(Components);

auto *GV = new llvm::GlobalVariable(		auto *GV = new llvm::GlobalVariable(
CGM.getModule(), Descriptor->getType(),		CGM.getModule(), Descriptor->getType(),
/isConstant=/true, llvm::GlobalVariable::PrivateLinkage, Descriptor);		/isConstant=/true, llvm::GlobalVariable::PrivateLinkage, Descriptor);
GV->setUnnamedAddr(true);		GV->setUnnamedAddr(true);
		CGM.disableSanitizerForGlobal(GV);

// Remember the descriptor for this type.		// Remember the descriptor for this type.
CGM.setTypeDescriptorInMap(T, GV);		CGM.setTypeDescriptorInMap(T, GV);

return GV;		return GV;
}		}

llvm::Value CodeGenFunction::EmitCheckValue(llvm::Value V) {		llvm::Value CodeGenFunction::EmitCheckValue(llvm::Value V) {
Show All 27 Lines
/// \code		/// \code
/// struct SourceLocation {		/// struct SourceLocation {
/// const char *Filename;		/// const char *Filename;
/// int32_t Line, Column;		/// int32_t Line, Column;
/// };		/// };
/// \endcode		/// \endcode
/// For an invalid SourceLocation, the Filename pointer is null.		/// For an invalid SourceLocation, the Filename pointer is null.
llvm::Constant *CodeGenFunction::EmitCheckSourceLocation(SourceLocation Loc) {		llvm::Constant *CodeGenFunction::EmitCheckSourceLocation(SourceLocation Loc) {
		llvm::Constant *Filename;
		int Line, Column;

PresumedLoc PLoc = getContext().getSourceManager().getPresumedLoc(Loc);		PresumedLoc PLoc = getContext().getSourceManager().getPresumedLoc(Loc);
		if (PLoc.isValid()) {
		auto FilenameGV = CGM.GetAddrOfConstantCString(PLoc.getFilename(), ".src");
		CGM.disableSanitizerForGlobal(FilenameGV);
		rsmithUnsubmitted Not Done Reply Inline Actions I'm concerned about this one: these strings may be shared by other parts of the program, where ASan instrumentation is important. How much does instrumenting these strings cost us? rsmith: I'm concerned about this one: these strings may be shared by other parts of the program, where…
		samsonovAuthorUnsubmitted Not Done Reply Inline Actions Yeah, we might get false negatives on out-of-bound access to stuff like FILE. I don't think it's a big deal, though. We already create several global strings in ASan instrumentation (including the string with filename for the global, name for the global etc.) and call setUnnamedAddr(true), allowing to merge them. samsonov: Yeah, we might get false negatives on out-of-bound access to stuff like __FILE__. I don't think…
		Filename = FilenameGV;
		Line = PLoc.getLine();
		Column = PLoc.getColumn();
		} else {
		Filename = llvm::Constant::getNullValue(Int8PtrTy);
		Line = Column = 0;
		}

llvm::Constant *Data[] = {		llvm::Constant *Data[] = {Filename, Builder.getInt32(Line),
PLoc.isValid() ? CGM.GetAddrOfConstantCString(PLoc.getFilename(), ".src")		Builder.getInt32(Column)};
: llvm::Constant::getNullValue(Int8PtrTy),
Builder.getInt32(PLoc.isValid() ? PLoc.getLine() : 0),
Builder.getInt32(PLoc.isValid() ? PLoc.getColumn() : 0)
};

return llvm::ConstantStruct::getAnon(Data);		return llvm::ConstantStruct::getAnon(Data);
}		}

void CodeGenFunction::EmitCheck(llvm::Value *Checked, StringRef CheckName,		void CodeGenFunction::EmitCheck(llvm::Value *Checked, StringRef CheckName,
ArrayRef<llvm::Constant *> StaticArgs,		ArrayRef<llvm::Constant *> StaticArgs,
ArrayRef<llvm::Value *> DynamicArgs,		ArrayRef<llvm::Value *> DynamicArgs,
CheckRecoverableKind RecoverKind) {		CheckRecoverableKind RecoverKind) {
Show All 20 Lines	void CodeGenFunction::EmitCheck(llvm::Value *Checked, StringRef CheckName,

EmitBlock(Handler);		EmitBlock(Handler);

llvm::Constant *Info = llvm::ConstantStruct::getAnon(StaticArgs);		llvm::Constant *Info = llvm::ConstantStruct::getAnon(StaticArgs);
auto *InfoPtr =		auto *InfoPtr =
new llvm::GlobalVariable(CGM.getModule(), Info->getType(), false,		new llvm::GlobalVariable(CGM.getModule(), Info->getType(), false,
llvm::GlobalVariable::PrivateLinkage, Info);		llvm::GlobalVariable::PrivateLinkage, Info);
InfoPtr->setUnnamedAddr(true);		InfoPtr->setUnnamedAddr(true);
		CGM.disableSanitizerForGlobal(InfoPtr);

SmallVector<llvm::Value *, 4> Args;		SmallVector<llvm::Value *, 4> Args;
SmallVector<llvm::Type *, 4> ArgTypes;		SmallVector<llvm::Type *, 4> ArgTypes;
Args.reserve(DynamicArgs.size() + 1);		Args.reserve(DynamicArgs.size() + 1);
ArgTypes.reserve(DynamicArgs.size() + 1);		ArgTypes.reserve(DynamicArgs.size() + 1);

// Handler functions take an i8* pointing to the (handler-specific) static		// Handler functions take an i8* pointing to the (handler-specific) static
// information block, followed by a sequence of intptr_t arguments		// information block, followed by a sequence of intptr_t arguments
▲ Show 20 Lines • Show All 1,217 Lines • Show Last 20 Lines

lib/CodeGen/CodeGenModule.h

Show First 20 Lines • Show All 1,012 Lines • ▼ Show 20 Lines	public:

const SanitizerBlacklist &getSanitizerBlacklist() const {		const SanitizerBlacklist &getSanitizerBlacklist() const {
return SanitizerBL;		return SanitizerBL;
}		}

void reportGlobalToASan(llvm::GlobalVariable *GV, const VarDecl &D,		void reportGlobalToASan(llvm::GlobalVariable *GV, const VarDecl &D,
bool IsDynInit = false);		bool IsDynInit = false);
void reportGlobalToASan(llvm::GlobalVariable *GV, SourceLocation Loc,		void reportGlobalToASan(llvm::GlobalVariable *GV, SourceLocation Loc,
StringRef Name, bool IsDynInit = false);		StringRef Name, bool IsDynInit = false,
		bool IsBlacklisted = false);

		/// Disable sanitizer instrumentation for this global.
		void disableSanitizerForGlobal(llvm::GlobalVariable *GV);

void addDeferredVTable(const CXXRecordDecl *RD) {		void addDeferredVTable(const CXXRecordDecl *RD) {
DeferredVTables.push_back(RD);		DeferredVTables.push_back(RD);
}		}

/// Emit code for a singal global function or var decl. Forward declarations		/// Emit code for a singal global function or var decl. Forward declarations
/// are emitted lazily.		/// are emitted lazily.
void EmitGlobal(GlobalDecl D);		void EmitGlobal(GlobalDecl D);
▲ Show 20 Lines • Show All 133 Lines • Show Last 20 Lines

lib/CodeGen/CodeGenModule.cpp

Show First 20 Lines • Show All 1,956 Lines • ▼ Show 20 Lines	void CodeGenModule::EmitGlobalVarDefinition(const VarDecl *D) {
// Emit global variable debug information.		// Emit global variable debug information.
if (CGDebugInfo *DI = getModuleDebugInfo())		if (CGDebugInfo *DI = getModuleDebugInfo())
if (getCodeGenOpts().getDebugInfo() >= CodeGenOptions::LimitedDebugInfo)		if (getCodeGenOpts().getDebugInfo() >= CodeGenOptions::LimitedDebugInfo)
DI->EmitGlobalVariable(GV, D);		DI->EmitGlobalVariable(GV, D);
}		}

void CodeGenModule::reportGlobalToASan(llvm::GlobalVariable *GV,		void CodeGenModule::reportGlobalToASan(llvm::GlobalVariable *GV,
SourceLocation Loc, StringRef Name,		SourceLocation Loc, StringRef Name,
bool IsDynInit) {		bool IsDynInit, bool IsBlacklisted) {
if (!LangOpts.Sanitize.Address)		if (!LangOpts.Sanitize.Address)
return;		return;
IsDynInit &= !SanitizerBL.isIn(*GV, "init");		IsDynInit &= !SanitizerBL.isIn(*GV, "init");
bool IsBlacklisted = SanitizerBL.isIn(*GV);		IsBlacklisted \|= SanitizerBL.isIn(*GV);

llvm::GlobalVariable *LocDescr = nullptr;		llvm::GlobalVariable *LocDescr = nullptr;
llvm::GlobalVariable *GlobalName = nullptr;		llvm::GlobalVariable *GlobalName = nullptr;
if (!IsBlacklisted) {		if (!IsBlacklisted) {
// Don't generate source location and global name if it is blacklisted -		// Don't generate source location and global name if it is blacklisted -
// it won't be instrumented anyway.		// it won't be instrumented anyway.
PresumedLoc PLoc = Context.getSourceManager().getPresumedLoc(Loc);		PresumedLoc PLoc = Context.getSourceManager().getPresumedLoc(Loc);
if (PLoc.isValid()) {		if (PLoc.isValid()) {
Show All 36 Lines	void CodeGenModule::reportGlobalToASan(llvm::GlobalVariable *GV,
if (!LangOpts.Sanitize.Address)		if (!LangOpts.Sanitize.Address)
return;		return;
std::string QualName;		std::string QualName;
llvm::raw_string_ostream OS(QualName);		llvm::raw_string_ostream OS(QualName);
D.printQualifiedName(OS);		D.printQualifiedName(OS);
reportGlobalToASan(GV, D.getLocation(), OS.str(), IsDynInit);		reportGlobalToASan(GV, D.getLocation(), OS.str(), IsDynInit);
}		}

		void CodeGenModule::disableSanitizerForGlobal(llvm::GlobalVariable *GV) {
		// For now, just make sure the global is not modified by the ASan
		// instrumentation.
		if (LangOpts.Sanitize.Address)
		reportGlobalToASan(GV, SourceLocation(), "", false, true);
		}

static bool isVarDeclStrongDefinition(const VarDecl *D, bool NoCommon) {		static bool isVarDeclStrongDefinition(const VarDecl *D, bool NoCommon) {
// Don't give variables common linkage if -fno-common was specified unless it		// Don't give variables common linkage if -fno-common was specified unless it
// was overridden by a NoCommon attribute.		// was overridden by a NoCommon attribute.
if ((NoCommon \|\| D->hasAttr<NoCommonAttr>()) && !D->hasAttr<CommonAttr>())		if ((NoCommon \|\| D->hasAttr<NoCommonAttr>()) && !D->hasAttr<CommonAttr>())
return true;		return true;

// C11 6.9.2/2:		// C11 6.9.2/2:
// A declaration of an identifier for an object that has file scope without		// A declaration of an identifier for an object that has file scope without
▲ Show 20 Lines • Show All 1,387 Lines • Show Last 20 Lines

test/CodeGenCXX/catch-undef-behavior.cpp

// RUN: %clang_cc1 -std=c++11 -fsanitize=signed-integer-overflow,integer-divide-by-zero,float-divide-by-zero,shift,unreachable,return,vla-bound,alignment,null,vptr,object-size,float-cast-overflow,bool,enum,array-bounds,function -emit-llvm %s -o - -triple x86_64-linux-gnu \| FileCheck %s		// RUN: %clang_cc1 -std=c++11 -fsanitize=signed-integer-overflow,integer-divide-by-zero,float-divide-by-zero,shift,unreachable,return,vla-bound,alignment,null,vptr,object-size,float-cast-overflow,bool,enum,array-bounds,function -emit-llvm %s -o - -triple x86_64-linux-gnu \| FileCheck %s
		// RUN: %clang_cc1 -std=c++11 -fsanitize=vptr,address -emit-llvm %s -o - -triple x86_64-linux-gnu \| FileCheck %s --check-prefix=CHECK-ASAN

struct S {		struct S {
double d;		double d;
int a, b;		int a, b;
virtual int f();		virtual int f();
};		};

		// Check that type descriptor global is not modified by ASan.
		// CHECK-ASAN: [[TYPE_DESCR:@[0-9]+]] = private unnamed_addr constant { i16, i16, [4 x i8] } { i16 -1, i16 0, [4 x i8] c"'S'\00" }

		// Check that type mismatch handler is not modified by ASan.
		// CHECK-ASAN: private unnamed_addr global { { [{{.}} x i8], i32, i32 }, { i16, i16, [4 x i8] }, i8, i8 } { {{.}}, { i16, i16, [4 x i8] } [[TYPE_DESCR]], {{.*}} }

struct T : S {};		struct T : S {};

// CHECK-LABEL: @_Z17reference_binding		// CHECK-LABEL: @_Z17reference_binding
void reference_binding(int p, S q) {		void reference_binding(int p, S q) {
// C++ core issue 453: If an lvalue to which a reference is directly bound		// C++ core issue 453: If an lvalue to which a reference is directly bound
// designates neither an existing object or function of an appropriate type,		// designates neither an existing object or function of an appropriate type,
// nor a region of storage of suitable size and alignment to contain an object		// nor a region of storage of suitable size and alignment to contain an object
// of the reference's type, the behavior is undefined.		// of the reference's type, the behavior is undefined.
Show All 9 Lines	void reference_binding(int p, S q) {
int &r = *p;		int &r = *p;

// A reference is not required to refer to an object within its lifetime.		// A reference is not required to refer to an object within its lifetime.
// CHECK-NOT: __ubsan_handle_dynamic_type_cache_miss		// CHECK-NOT: __ubsan_handle_dynamic_type_cache_miss
S &r2 = *q;		S &r2 = *q;
}		}

// CHECK-LABEL: @_Z13member_access		// CHECK-LABEL: @_Z13member_access
		// CHECK-ASAN-LABEL: @_Z13member_access
void member_access(S *p) {		void member_access(S *p) {
// (1a) Check 'p' is appropriately sized and aligned for member access.		// (1a) Check 'p' is appropriately sized and aligned for member access.

// CHECK: icmp ne {{.*}}, null		// CHECK: icmp ne {{.*}}, null

// CHECK: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64		// CHECK: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64
// CHECK-NEXT: icmp uge i64 %[[SIZE]], 24		// CHECK-NEXT: icmp uge i64 %[[SIZE]], 24

▲ Show 20 Lines • Show All 435 Lines • Show Last 20 Lines