This is an archive of the discontinued LLVM Phabricator instance.

Differential D8198

asan: optimization experiments
ClosedPublic

Authored by dvyukov on Mar 10 2015, 6:21 AM.

Details

Reviewers
kcc
Summary

The experiments can be used to evaluate potential optimizations that remove
instrumentation (assess false negatives). Instead of completely removing
some instrumentation, you set Exp to a non-zero value (mask of optimization
experiments that want to remove instrumentation of this instruction).
If Exp is non-zero, this pass will emit special calls into runtime
(e.g. asan_report_exp_load1 instead of asan_report_load1). These calls
make runtime terminate the program in a special way (with a different
exit status). Then you run the new compiler on a buggy corpus, collect
the special terminations (ideally, you don't see them at all -- no false
negatives) and make the decision on the optimization.

The exact reaction to experiments in runtime is not implemented in this patch.
It will be defined and implemented in a subsequent patch.

Diff Detail

Event Timeline

dvyukov updated this revision to Diff 21571.Mar 10 2015, 6:21 AM
dvyukov retitled this revision from to asan: optimization experiments.
dvyukov updated this object.
dvyukov edited the test plan for this revision. (Show Details)
dvyukov added a reviewer: kcc.
dvyukov added a subscriber: Unknown Object (MLST).
kcc edited edge metadata.Mar 10 2015, 11:14 AM

You'll also need a test intest/Instrumentation/AddressSanitizer/

AddressSanitizer.cpp
1077 ↗(On Diff #21571)

The name is misleading. The address is not unusual, but size or alignment is.

lib/asan/asan_report.cc
945

the rt is used with other compilers. I would prefer to have a full comment here

lib/asan/asan_rtl.cc
169

can you avoid so much duplication here?

dvyukov updated this revision to Diff 21689.Mar 11 2015, 5:21 AM
dvyukov edited edge metadata.
dvyukov added a comment.Mar 11 2015, 5:24 AM

PTAL

AddressSanitizer.cpp
1077 ↗(On Diff #21571)

Done

lib/asan/asan_report.cc
945

Extended it to some degree. Will extend more when we decide how to handle experiments in runtime, otherwise I don't know how to extend it.

lib/asan/asan_rtl.cc
169

Done

kcc added inline comments.Mar 11 2015, 3:16 PM
lib/Transforms/Instrumentation/AddressSanitizer.cpp
926

Do I understand correctly that this patch does not set Exp to anything interesting by default,
and that will be added in the following patches?

lib/asan/asan_thread.h
121 ↗(On Diff #21689)

That's gross. Why not just pass an extra parameter??

dvyukov added a comment.Mar 12 2015, 1:44 AM

PTAL

lib/Transforms/Instrumentation/AddressSanitizer.cpp
926

Yes, this patch does not add any active experiments.
No, there won't be following patches with experiments. There is no reason to commit any experiments. You implement an experiment locally, evaluate it and then either commit the optimization or commit nothing.

lib/asan/asan_thread.h
121 ↗(On Diff #21689)

Why is asan_load/store such a huge macro today and not a normal function?
The only reason I see is that the function is performance critical and we don't want to obtain pc/bp/sp and call another function (asan_exp_load/store). I've made the current implementation based on this.
If the function is not performance critical, then we need wipe the entire macro and replace it with a function.

kcc added inline comments.Mar 12 2015, 1:25 PM
lib/Transforms/Instrumentation/AddressSanitizer.cpp
926

Then we misunderstood each other from the beginning.
My idea was to actually commit everything to trunk and let *all* users use it for many months,
and make it clear that if any experimental report fires they should let *us* know.
I doubt you can get good enough coverage with a one-off experiment -- there are not too many bugs lying around in any single code base to have assuring statistics.
This is also why I thought we need to have just one experiment (no experiment IDs and such) so that the code is simpler and there is no additional performance / code size penalty for passing an extra param

lib/asan/asan_thread.h
121 ↗(On Diff #21689)

Yes, we certainly do not want to obtain pc/bp on the main path.
We probably can replace this macro with a force-inline function though. (A bit fragile, but I think we already rely on force inline elsewhere)
Or to be 100% safe put the function body into one macro and define two variants of functions using that body macro.

dvyukov updated this revision to Diff 21945.Mar 13 2015, 11:38 AM

PTAL

lib/Transforms/Instrumentation/AddressSanitizer.cpp
926

As you wish. The actual experiment will be in a separate change then.

But I doubt there are many users who use tip clang _and_ run it on a huge codebase with lots of bugs _and_ who know about experiments _and_ will be willing to report back _and_ will alter their infrastructure to detect experimental crashes. And in the end an experiment will somehow end up in a clang release as well.

Experiment ID is a must, otherwise you will need to ask users to send you a full reproducer (something they won't be able to do), and then you will have to stare at the code trying to figure out what llvm byte code it produced and how asan pass handled it. You won't be able to just compile it, because it uses a custom build system and the bug is not reproducible without a non-trivial input.

lib/asan/asan_thread.h
121 ↗(On Diff #21689)

done

kcc added a comment.Mar 13 2015, 2:40 PM

Experiment ID is a must, otherwise you will need to ask users to send you a full reproducer (something they won't be able to do), and then you will have to stare at the code trying to figure out what llvm byte code it produced and how asan pass handled it. You won't be able to just compile it, because it uses a custom build system and the bug is not reproducible without a non-trivial input.

I don't understand that. If we have just one experiment at any given time -- ID is completely useless.
If we have multiple experiments in flight it may be a bit useful, but we will still need reproducer to be able to perform complete analysis.
The downside of Exp parameter is added complexity, code size and performance loss (probably not huge though)

kcc added a comment.Mar 13 2015, 2:41 PM

Also, if we have, say, 2 or 3 experiments at any given time, we may get away with asan_exp1_* and asan_exp1_* instead of passing parameters

dvyukov added a comment.Mar 14 2015, 7:30 AM
In D8198#140697, @kcc wrote:

Experiment ID is a must, otherwise you will need to ask users to send you a full reproducer (something they won't be able to do), and then you will have to stare at the code trying to figure out what llvm byte code it produced and how asan pass handled it. You won't be able to just compile it, because it uses a custom build system and the bug is not reproducible without a non-trivial input.

I don't understand that. If we have just one experiment at any given time -- ID is completely useless.
If we have multiple experiments in flight it may be a bit useful, but we will still need reproducer to be able to perform complete analysis.
The downside of Exp parameter is added complexity, code size and performance loss (probably not huge though)

Even if you are doing a single change, you still may want several experiments within it: e.g. several levels of aggressiveness and/or application to stack, globals, generic pointers. Doing it in several multi-month consecutive experiments is unbearable.
For example, in the optimization I've slightly changed handling of globals as well. After the experiment I want to get info for stack/globals separately.

kcc accepted this revision.Mar 16 2015, 1:58 PM
kcc edited edge metadata.

LGTM

This revision is now accepted and ready to land.Mar 16 2015, 1:58 PM
dvyukov added a comment.Mar 17 2015, 10:01 AM

Committed in 232501/232502

Eugene.Zelenko closed this revision.Sep 22 2016, 12:04 PM

Revision Contents

PathSize
lib/
Transforms/
Instrumentation/
174 lines
asan/
2 lines
17 lines
2 lines
11 lines
119 lines
test/
Instrumentation/
AddressSanitizer/
113 lines
113 lines
asan/
TestCases/
Linux/
12 lines

Diff 21945

lib/Transforms/Instrumentation/AddressSanitizer.cpp

Show First 20 LinesShow All 77 Lines▼ Show 20 Lines
static const size_t kMaxStackMallocSize = 1 << 16; // 64K static const size_t kMaxStackMallocSize = 1 << 16; // 64K
static const uintptr_t kCurrentStackFrameMagic = 0x41B58AB3; static const uintptr_t kCurrentStackFrameMagic = 0x41B58AB3;
static const uintptr_t kRetiredStackFrameMagic = 0x45E0360E; static const uintptr_t kRetiredStackFrameMagic = 0x45E0360E;
static const char *const kAsanModuleCtorName = "asan.module_ctor"; static const char *const kAsanModuleCtorName = "asan.module_ctor";
static const char *const kAsanModuleDtorName = "asan.module_dtor"; static const char *const kAsanModuleDtorName = "asan.module_dtor";
static const uint64_t kAsanCtorAndDtorPriority = 1; static const uint64_t kAsanCtorAndDtorPriority = 1;
static const char *const kAsanReportErrorTemplate = "__asan_report_"; static const char *const kAsanReportErrorTemplate = "__asan_report_";
static const char *const kAsanReportLoadN = "__asan_report_load_n";
static const char *const kAsanReportStoreN = "__asan_report_store_n";
static const char *const kAsanRegisterGlobalsName = "__asan_register_globals"; static const char *const kAsanRegisterGlobalsName = "__asan_register_globals";
static const char *const kAsanUnregisterGlobalsName = static const char *const kAsanUnregisterGlobalsName =
"__asan_unregister_globals"; "__asan_unregister_globals";
static const char *const kAsanPoisonGlobalsName = "__asan_before_dynamic_init"; static const char *const kAsanPoisonGlobalsName = "__asan_before_dynamic_init";
static const char *const kAsanUnpoisonGlobalsName = "__asan_after_dynamic_init"; static const char *const kAsanUnpoisonGlobalsName = "__asan_after_dynamic_init";
static const char *const kAsanInitName = "__asan_init_v5"; static const char *const kAsanInitName = "__asan_init_v5";
static const char *const kAsanPtrCmp = "__sanitizer_ptr_cmp"; static const char *const kAsanPtrCmp = "__sanitizer_ptr_cmp";
static const char *const kAsanPtrSub = "__sanitizer_ptr_sub"; static const char *const kAsanPtrSub = "__sanitizer_ptr_sub";
▲ Show 20 LinesShow All 115 Lines▼ Show 20 Linesstatic cl::opt<bool> ClCheckLifetime(
cl::desc("Use llvm.lifetime intrinsics to insert extra checks"), cl::Hidden, cl::desc("Use llvm.lifetime intrinsics to insert extra checks"), cl::Hidden,
cl::init(false)); cl::init(false));
static cl::opt<bool> ClDynamicAllocaStack( static cl::opt<bool> ClDynamicAllocaStack(
"asan-stack-dynamic-alloca", "asan-stack-dynamic-alloca",
cl::desc("Use dynamic alloca to represent stack variables"), cl::Hidden, cl::desc("Use dynamic alloca to represent stack variables"), cl::Hidden,
cl::init(true)); cl::init(true));
static cl::opt<uint32_t> ClForceExperiment(
"asan-force-experiment",
cl::desc("Force optimization experiment (for testing)"), cl::Hidden,
cl::init(0));
// Debug flags. // Debug flags.
static cl::opt<int> ClDebug("asan-debug", cl::desc("debug"), cl::Hidden, static cl::opt<int> ClDebug("asan-debug", cl::desc("debug"), cl::Hidden,
cl::init(0)); cl::init(0));
static cl::opt<int> ClDebugStack("asan-debug-stack", cl::desc("debug stack"), static cl::opt<int> ClDebugStack("asan-debug-stack", cl::desc("debug stack"),
cl::Hidden, cl::init(0)); cl::Hidden, cl::init(0));
static cl::opt<std::string> ClDebugFunc("asan-debug-func", cl::Hidden, static cl::opt<std::string> ClDebugFunc("asan-debug-func", cl::Hidden,
cl::desc("Debug func")); cl::desc("Debug func"));
static cl::opt<int> ClDebugMin("asan-debug-min", cl::desc("Debug min inst"), static cl::opt<int> ClDebugMin("asan-debug-min", cl::desc("Debug min inst"),
▲ Show 20 LinesShow All 180 Lines▼ Show 20 Linesstruct AddressSanitizer : public FunctionPass {
Value *isInterestingMemoryAccess(Instruction *I, bool *IsWrite, Value *isInterestingMemoryAccess(Instruction *I, bool *IsWrite,
uint64_t *TypeSize, uint64_t *TypeSize,
unsigned *Alignment) const; unsigned *Alignment) const;
void instrumentMop(ObjectSizeOffsetVisitor &ObjSizeVis, Instruction *I, void instrumentMop(ObjectSizeOffsetVisitor &ObjSizeVis, Instruction *I,
bool UseCalls, const DataLayout &DL); bool UseCalls, const DataLayout &DL);
void instrumentPointerComparisonOrSubtraction(Instruction *I); void instrumentPointerComparisonOrSubtraction(Instruction *I);
void instrumentAddress(Instruction *OrigIns, Instruction *InsertBefore, void instrumentAddress(Instruction *OrigIns, Instruction *InsertBefore,
Value *Addr, uint32_t TypeSize, bool IsWrite, Value *Addr, uint32_t TypeSize, bool IsWrite,
Value *SizeArgument, bool UseCalls); Value *SizeArgument, bool UseCalls, uint32_t Exp);
void instrumentUnusualSizeOrAlignment(Instruction *I, Value *Addr,
uint32_t TypeSize, bool IsWrite,
Value *SizeArgument, bool UseCalls,
uint32_t Exp);
Value *createSlowPathCmp(IRBuilder<> &IRB, Value *AddrLong, Value *createSlowPathCmp(IRBuilder<> &IRB, Value *AddrLong,
Value *ShadowValue, uint32_t TypeSize); Value *ShadowValue, uint32_t TypeSize);
Instruction *generateCrashCode(Instruction *InsertBefore, Value *Addr, Instruction *generateCrashCode(Instruction *InsertBefore, Value *Addr,
bool IsWrite, size_t AccessSizeIndex, bool IsWrite, size_t AccessSizeIndex,
Value *SizeArgument); Value *SizeArgument, uint32_t Exp);
void instrumentMemIntrinsic(MemIntrinsic *MI); void instrumentMemIntrinsic(MemIntrinsic *MI);
Value *memToShadow(Value *Shadow, IRBuilder<> &IRB); Value *memToShadow(Value *Shadow, IRBuilder<> &IRB);
bool runOnFunction(Function &F) override; bool runOnFunction(Function &F) override;
bool maybeInsertAsanInitAtFunctionEntry(Function &F); bool maybeInsertAsanInitAtFunctionEntry(Function &F);
bool doInitialization(Module &M) override; bool doInitialization(Module &M) override;
static char ID; // Pass identification, replacement for typeid static char ID; // Pass identification, replacement for typeid
DominatorTree &getDominatorTree() const { return *DT; } DominatorTree &getDominatorTree() const { return *DT; }
Show All 11 Lines private:
int LongSize; int LongSize;
Type *IntptrTy; Type *IntptrTy;
ShadowMapping Mapping; ShadowMapping Mapping;
DominatorTree *DT; DominatorTree *DT;
Function *AsanCtorFunction; Function *AsanCtorFunction;
Function *AsanInitFunction; Function *AsanInitFunction;
Function *AsanHandleNoReturnFunc; Function *AsanHandleNoReturnFunc;
Function *AsanPtrCmpFunction, *AsanPtrSubFunction; Function *AsanPtrCmpFunction, *AsanPtrSubFunction;
// This array is indexed by AccessIsWrite and log2(AccessSize). // This array is indexed by AccessIsWrite, Experiment and log2(AccessSize).
Function *AsanErrorCallback[2][kNumberOfAccessSizes]; Function *AsanErrorCallback[2][2][kNumberOfAccessSizes];
Function *AsanMemoryAccessCallback[2][kNumberOfAccessSizes]; Function *AsanMemoryAccessCallback[2][2][kNumberOfAccessSizes];
// This array is indexed by AccessIsWrite. // This array is indexed by AccessIsWrite and Experiment.
Function *AsanErrorCallbackSized[2], *AsanMemoryAccessCallbackSized[2]; Function *AsanErrorCallbackSized[2][2];
Function *AsanMemoryAccessCallbackSized[2][2];
Function *AsanMemmove, *AsanMemcpy, *AsanMemset; Function *AsanMemmove, *AsanMemcpy, *AsanMemset;
InlineAsm *EmptyAsm; InlineAsm *EmptyAsm;
GlobalsMetadata GlobalsMD; GlobalsMetadata GlobalsMD;
friend struct FunctionStackPoisoner; friend struct FunctionStackPoisoner;
}; };
class AddressSanitizerModule : public ModulePass { class AddressSanitizerModule : public ModulePass {
▲ Show 20 LinesShow All 438 Lines▼ Show 20 Linesvoid AddressSanitizer::instrumentMop(ObjectSizeOffsetVisitor &ObjSizeVis,
Instruction *I, bool UseCalls, Instruction *I, bool UseCalls,
const DataLayout &DL) { const DataLayout &DL) {
bool IsWrite = false; bool IsWrite = false;
unsigned Alignment = 0; unsigned Alignment = 0;
uint64_t TypeSize = 0; uint64_t TypeSize = 0;
Value *Addr = isInterestingMemoryAccess(I, &IsWrite, &TypeSize, &Alignment); Value *Addr = isInterestingMemoryAccess(I, &IsWrite, &TypeSize, &Alignment);
assert(Addr); assert(Addr);
// Optimization experiments.
// The experiments can be used to evaluate potential optimizations that remove
// instrumentation (assess false negatives). Instead of completely removing
// some instrumentation, you set Exp to a non-zero value (mask of optimization
// experiments that want to remove instrumentation of this instruction).
// If Exp is non-zero, this pass will emit special calls into runtime
// (e.g. __asan_report_exp_load1 instead of __asan_report_load1). These calls
// make runtime terminate the program in a special way (with a different
// exit status). Then you run the new compiler on a buggy corpus, collect
// the special terminations (ideally, you don't see them at all -- no false
// negatives) and make the decision on the optimization.
uint32_t Exp = ClForceExperiment;
kccUnsubmitted
Not Done
ReplyInline Actions

Do I understand correctly that this patch does not set Exp to anything interesting by default,
and that will be added in the following patches?

kcc: Do I understand correctly that this patch does not set Exp to anything interesting by default…
dvyukovAuthorUnsubmitted
Not Done
ReplyInline Actions

Yes, this patch does not add any active experiments.
No, there won't be following patches with experiments. There is no reason to commit any experiments. You implement an experiment locally, evaluate it and then either commit the optimization or commit nothing.

dvyukov: Yes, this patch does not add any active experiments. No, there won't be following patches with…
kccUnsubmitted
Not Done
ReplyInline Actions

Then we misunderstood each other from the beginning.
My idea was to actually commit everything to trunk and let *all* users use it for many months,
and make it clear that if any experimental report fires they should let *us* know.
I doubt you can get good enough coverage with a one-off experiment -- there are not too many bugs lying around in any single code base to have assuring statistics.
This is also why I thought we need to have just one experiment (no experiment IDs and such) so that the code is simpler and there is no additional performance / code size penalty for passing an extra param

kcc: Then we misunderstood each other from the beginning. My idea was to actually commit everything…
dvyukovAuthorUnsubmitted
Not Done
ReplyInline Actions

As you wish. The actual experiment will be in a separate change then.

But I doubt there are many users who use tip clang _and_ run it on a huge codebase with lots of bugs _and_ who know about experiments _and_ will be willing to report back _and_ will alter their infrastructure to detect experimental crashes. And in the end an experiment will somehow end up in a clang release as well.

Experiment ID is a must, otherwise you will need to ask users to send you a full reproducer (something they won't be able to do), and then you will have to stare at the code trying to figure out what llvm byte code it produced and how asan pass handled it. You won't be able to just compile it, because it uses a custom build system and the bug is not reproducible without a non-trivial input.

dvyukov: As you wish. The actual experiment will be in a separate change then. But I doubt there are…
if (ClOpt && ClOptGlobals) { if (ClOpt && ClOptGlobals) {
// If initialization order checking is disabled, a simple access to a // If initialization order checking is disabled, a simple access to a
// dynamically initialized global is always valid. // dynamically initialized global is always valid.
GlobalVariable *G = dyn_cast<GlobalVariable>(GetUnderlyingObject(Addr, DL)); GlobalVariable *G = dyn_cast<GlobalVariable>(GetUnderlyingObject(Addr, DL));
if (G != NULL && (!ClInitializers || GlobalIsLinkerInitialized(G)) && if (G != NULL && (!ClInitializers || GlobalIsLinkerInitialized(G)) &&
isSafeAccess(ObjSizeVis, Addr, TypeSize)) { isSafeAccess(ObjSizeVis, Addr, TypeSize)) {
NumOptimizedAccessesToGlobalVar++; NumOptimizedAccessesToGlobalVar++;
return; return;
Show All 15 Lines else
NumInstrumentedReads++; NumInstrumentedReads++;
unsigned Granularity = 1 << Mapping.Scale; unsigned Granularity = 1 << Mapping.Scale;
// Instrument a 1-, 2-, 4-, 8-, or 16- byte access with one check // Instrument a 1-, 2-, 4-, 8-, or 16- byte access with one check
// if the data is properly aligned. // if the data is properly aligned.
if ((TypeSize == 8 || TypeSize == 16 || TypeSize == 32 || TypeSize == 64 || if ((TypeSize == 8 || TypeSize == 16 || TypeSize == 32 || TypeSize == 64 ||
TypeSize == 128) && TypeSize == 128) &&
(Alignment >= Granularity || Alignment == 0 || Alignment >= TypeSize / 8)) (Alignment >= Granularity || Alignment == 0 || Alignment >= TypeSize / 8))
return instrumentAddress(I, I, Addr, TypeSize, IsWrite, nullptr, UseCalls); return instrumentAddress(I, I, Addr, TypeSize, IsWrite, nullptr, UseCalls,
// Instrument unusual size or unusual alignment. Exp);
// We can not do it with a single check, so we do 1-byte check for the first instrumentUnusualSizeOrAlignment(I, Addr, TypeSize, IsWrite, nullptr,
// and the last bytes. We call __asan_report_*_n(addr, real_size) to be able UseCalls, Exp);
// to report the actual access size.
IRBuilder<> IRB(I);
Value *Size = ConstantInt::get(IntptrTy, TypeSize / 8);
Value *AddrLong = IRB.CreatePointerCast(Addr, IntptrTy);
if (UseCalls) {
IRB.CreateCall2(AsanMemoryAccessCallbackSized[IsWrite], AddrLong, Size);
} else {
Value *LastByte = IRB.CreateIntToPtr(
IRB.CreateAdd(AddrLong, ConstantInt::get(IntptrTy, TypeSize / 8 - 1)),
Addr->getType());
instrumentAddress(I, I, Addr, 8, IsWrite, Size, false);
instrumentAddress(I, I, LastByte, 8, IsWrite, Size, false);
}
} }
// Validate the result of Module::getOrInsertFunction called for an interface // Validate the result of Module::getOrInsertFunction called for an interface
// function of AddressSanitizer. If the instrumented module defines a function // function of AddressSanitizer. If the instrumented module defines a function
// with the same name, their prototypes must match, otherwise // with the same name, their prototypes must match, otherwise
// getOrInsertFunction returns a bitcast. // getOrInsertFunction returns a bitcast.
static Function *checkInterfaceFunction(Constant *FuncOrBitcast) { static Function *checkInterfaceFunction(Constant *FuncOrBitcast) {
if (isa<Function>(FuncOrBitcast)) return cast<Function>(FuncOrBitcast); if (isa<Function>(FuncOrBitcast)) return cast<Function>(FuncOrBitcast);
FuncOrBitcast->dump(); FuncOrBitcast->dump();
report_fatal_error( report_fatal_error(
"trying to redefine an AddressSanitizer " "trying to redefine an AddressSanitizer "
"interface function"); "interface function");
} }
Instruction *AddressSanitizer::generateCrashCode(Instruction *InsertBefore, Instruction *AddressSanitizer::generateCrashCode(Instruction *InsertBefore,
Value *Addr, bool IsWrite, Value *Addr, bool IsWrite,
size_t AccessSizeIndex, size_t AccessSizeIndex,
Value *SizeArgument) { Value *SizeArgument,
uint32_t Exp) {
IRBuilder<> IRB(InsertBefore); IRBuilder<> IRB(InsertBefore);
CallInst *Call = Value *ExpVal = Exp == 0 ? nullptr : ConstantInt::get(IRB.getInt32Ty(), Exp);
SizeArgument CallInst *Call = nullptr;
? IRB.CreateCall2(AsanErrorCallbackSized[IsWrite], Addr, SizeArgument) if (SizeArgument) {
: IRB.CreateCall(AsanErrorCallback[IsWrite][AccessSizeIndex], Addr); if (Exp == 0)
Call = IRB.CreateCall2(AsanErrorCallbackSized[IsWrite][0], Addr,
SizeArgument);
else
Call = IRB.CreateCall3(AsanErrorCallbackSized[IsWrite][1], Addr,
SizeArgument, ExpVal);
} else {
if (Exp == 0)
Call =
IRB.CreateCall(AsanErrorCallback[IsWrite][0][AccessSizeIndex], Addr);
else
Call = IRB.CreateCall2(AsanErrorCallback[IsWrite][1][AccessSizeIndex],
Addr, ExpVal);
}
// We don't do Call->setDoesNotReturn() because the BB already has // We don't do Call->setDoesNotReturn() because the BB already has
// UnreachableInst at the end. // UnreachableInst at the end.
// This EmptyAsm is required to avoid callback merge. // This EmptyAsm is required to avoid callback merge.
IRB.CreateCall(EmptyAsm); IRB.CreateCall(EmptyAsm);
return Call; return Call;
} }
Show All 13 Lines LastAccessedByte =
IRB.CreateIntCast(LastAccessedByte, ShadowValue->getType(), false); IRB.CreateIntCast(LastAccessedByte, ShadowValue->getType(), false);
// ((uint8_t) ((Addr & (Granularity-1)) + size - 1)) >= ShadowValue // ((uint8_t) ((Addr & (Granularity-1)) + size - 1)) >= ShadowValue
return IRB.CreateICmpSGE(LastAccessedByte, ShadowValue); return IRB.CreateICmpSGE(LastAccessedByte, ShadowValue);
} }
void AddressSanitizer::instrumentAddress(Instruction *OrigIns, void AddressSanitizer::instrumentAddress(Instruction *OrigIns,
Instruction *InsertBefore, Value *Addr, Instruction *InsertBefore, Value *Addr,
uint32_t TypeSize, bool IsWrite, uint32_t TypeSize, bool IsWrite,
Value *SizeArgument, bool UseCalls) { Value *SizeArgument, bool UseCalls,
uint32_t Exp) {
IRBuilder<> IRB(InsertBefore); IRBuilder<> IRB(InsertBefore);
Value *AddrLong = IRB.CreatePointerCast(Addr, IntptrTy); Value *AddrLong = IRB.CreatePointerCast(Addr, IntptrTy);
size_t AccessSizeIndex = TypeSizeToSizeIndex(TypeSize); size_t AccessSizeIndex = TypeSizeToSizeIndex(TypeSize);
if (UseCalls) { if (UseCalls) {
IRB.CreateCall(AsanMemoryAccessCallback[IsWrite][AccessSizeIndex], if (Exp == 0)
IRB.CreateCall(AsanMemoryAccessCallback[IsWrite][0][AccessSizeIndex],
AddrLong); AddrLong);
else
IRB.CreateCall2(AsanMemoryAccessCallback[IsWrite][1][AccessSizeIndex],
AddrLong, ConstantInt::get(IRB.getInt32Ty(), Exp));
return; return;
} }
Type *ShadowTy = Type *ShadowTy =
IntegerType::get(*C, std::max(8U, TypeSize >> Mapping.Scale)); IntegerType::get(*C, std::max(8U, TypeSize >> Mapping.Scale));
Type *ShadowPtrTy = PointerType::get(ShadowTy, 0); Type *ShadowPtrTy = PointerType::get(ShadowTy, 0);
Value *ShadowPtr = memToShadow(AddrLong, IRB); Value *ShadowPtr = memToShadow(AddrLong, IRB);
Value *CmpVal = Constant::getNullValue(ShadowTy); Value *CmpVal = Constant::getNullValue(ShadowTy);
Show All 18 Lines if (ClAlwaysSlowPath || (TypeSize < 8 * Granularity)) {
CrashTerm = new UnreachableInst(*C, CrashBlock); CrashTerm = new UnreachableInst(*C, CrashBlock);
BranchInst *NewTerm = BranchInst::Create(CrashBlock, NextBB, Cmp2); BranchInst *NewTerm = BranchInst::Create(CrashBlock, NextBB, Cmp2);
ReplaceInstWithInst(CheckTerm, NewTerm); ReplaceInstWithInst(CheckTerm, NewTerm);
} else { } else {
CrashTerm = SplitBlockAndInsertIfThen(Cmp, InsertBefore, true); CrashTerm = SplitBlockAndInsertIfThen(Cmp, InsertBefore, true);
} }
Instruction *Crash = generateCrashCode(CrashTerm, AddrLong, IsWrite, Instruction *Crash = generateCrashCode(CrashTerm, AddrLong, IsWrite,
AccessSizeIndex, SizeArgument); AccessSizeIndex, SizeArgument, Exp);
Crash->setDebugLoc(OrigIns->getDebugLoc()); Crash->setDebugLoc(OrigIns->getDebugLoc());
} }
// Instrument unusual size or unusual alignment.
// We can not do it with a single check, so we do 1-byte check for the first
// and the last bytes. We call __asan_report_*_n(addr, real_size) to be able
// to report the actual access size.
void AddressSanitizer::instrumentUnusualSizeOrAlignment(
Instruction *I, Value *Addr, uint32_t TypeSize, bool IsWrite,
Value *SizeArgument, bool UseCalls, uint32_t Exp) {
IRBuilder<> IRB(I);
Value *Size = ConstantInt::get(IntptrTy, TypeSize / 8);
Value *AddrLong = IRB.CreatePointerCast(Addr, IntptrTy);
if (UseCalls) {
if (Exp == 0)
IRB.CreateCall2(AsanMemoryAccessCallbackSized[IsWrite][0], AddrLong,
Size);
else
IRB.CreateCall3(AsanMemoryAccessCallbackSized[IsWrite][1], AddrLong, Size,
ConstantInt::get(IRB.getInt32Ty(), Exp));
} else {
Value *LastByte = IRB.CreateIntToPtr(
IRB.CreateAdd(AddrLong, ConstantInt::get(IntptrTy, TypeSize / 8 - 1)),
Addr->getType());
instrumentAddress(I, I, Addr, 8, IsWrite, Size, false, Exp);
instrumentAddress(I, I, LastByte, 8, IsWrite, Size, false, Exp);
}
}
void AddressSanitizerModule::poisonOneInitializer(Function &GlobalInit, void AddressSanitizerModule::poisonOneInitializer(Function &GlobalInit,
GlobalValue *ModuleName) { GlobalValue *ModuleName) {
// Set up the arguments to our poison/unpoison functions. // Set up the arguments to our poison/unpoison functions.
IRBuilder<> IRB(GlobalInit.begin()->getFirstInsertionPt()); IRBuilder<> IRB(GlobalInit.begin()->getFirstInsertionPt());
// Add a call to poison all external globals before the given function starts. // Add a call to poison all external globals before the given function starts.
Value *ModuleNameAddr = ConstantExpr::getPointerCast(ModuleName, IntptrTy); Value *ModuleNameAddr = ConstantExpr::getPointerCast(ModuleName, IntptrTy);
IRB.CreateCall(AsanPoisonGlobals, ModuleNameAddr); IRB.CreateCall(AsanPoisonGlobals, ModuleNameAddr);
▲ Show 20 LinesShow All 276 Lines▼ Show 20 Linesbool AddressSanitizerModule::runOnModule(Module &M) {
if (ClGlobals) Changed |= InstrumentGlobals(IRB, M); if (ClGlobals) Changed |= InstrumentGlobals(IRB, M);
return Changed; return Changed;
} }
void AddressSanitizer::initializeCallbacks(Module &M) { void AddressSanitizer::initializeCallbacks(Module &M) {
IRBuilder<> IRB(*C); IRBuilder<> IRB(*C);
// Create __asan_report* callbacks. // Create __asan_report* callbacks.
// IsWrite, TypeSize and Exp are encoded in the function name.
for (int Exp = 0; Exp < 2; Exp++) {
for (size_t AccessIsWrite = 0; AccessIsWrite <= 1; AccessIsWrite++) { for (size_t AccessIsWrite = 0; AccessIsWrite <= 1; AccessIsWrite++) {
const std::string TypeStr = AccessIsWrite ? "store" : "load";
const std::string ExpStr = Exp ? "exp_" : "";
const Type *ExpType = Exp ? Type::getInt32Ty(*C) : nullptr;
AsanErrorCallbackSized[AccessIsWrite][Exp] =
checkInterfaceFunction(M.getOrInsertFunction(
kAsanReportErrorTemplate + ExpStr + TypeStr + "_n",
IRB.getVoidTy(), IntptrTy, IntptrTy, ExpType, nullptr));
AsanMemoryAccessCallbackSized[AccessIsWrite][Exp] =
checkInterfaceFunction(M.getOrInsertFunction(
ClMemoryAccessCallbackPrefix + ExpStr + TypeStr + "N",
IRB.getVoidTy(), IntptrTy, IntptrTy, ExpType, nullptr));
for (size_t AccessSizeIndex = 0; AccessSizeIndex < kNumberOfAccessSizes; for (size_t AccessSizeIndex = 0; AccessSizeIndex < kNumberOfAccessSizes;
AccessSizeIndex++) { AccessSizeIndex++) {
// IsWrite and TypeSize are encoded in the function name. const std::string Suffix = TypeStr + itostr(1 << AccessSizeIndex);
std::string Suffix = AsanErrorCallback[AccessIsWrite][Exp][AccessSizeIndex] =
(AccessIsWrite ? "store" : "load") + itostr(1 << AccessSizeIndex); checkInterfaceFunction(M.getOrInsertFunction(
AsanErrorCallback[AccessIsWrite][AccessSizeIndex] = kAsanReportErrorTemplate + ExpStr + Suffix, IRB.getVoidTy(),
checkInterfaceFunction( IntptrTy, ExpType, nullptr));
M.getOrInsertFunction(kAsanReportErrorTemplate + Suffix, AsanMemoryAccessCallback[AccessIsWrite][Exp][AccessSizeIndex] =
IRB.getVoidTy(), IntptrTy, nullptr)); checkInterfaceFunction(M.getOrInsertFunction(
AsanMemoryAccessCallback[AccessIsWrite][AccessSizeIndex] = ClMemoryAccessCallbackPrefix + ExpStr + Suffix, IRB.getVoidTy(),
checkInterfaceFunction( IntptrTy, ExpType, nullptr));
M.getOrInsertFunction(ClMemoryAccessCallbackPrefix + Suffix, }
IRB.getVoidTy(), IntptrTy, nullptr)); }
} }
}
AsanErrorCallbackSized[0] = checkInterfaceFunction(M.getOrInsertFunction(
kAsanReportLoadN, IRB.getVoidTy(), IntptrTy, IntptrTy, nullptr));
AsanErrorCallbackSized[1] = checkInterfaceFunction(M.getOrInsertFunction(
kAsanReportStoreN, IRB.getVoidTy(), IntptrTy, IntptrTy, nullptr));
AsanMemoryAccessCallbackSized[0] = checkInterfaceFunction(
M.getOrInsertFunction(ClMemoryAccessCallbackPrefix + "loadN",
IRB.getVoidTy(), IntptrTy, IntptrTy, nullptr));
AsanMemoryAccessCallbackSized[1] = checkInterfaceFunction(
M.getOrInsertFunction(ClMemoryAccessCallbackPrefix + "storeN",
IRB.getVoidTy(), IntptrTy, IntptrTy, nullptr));
AsanMemmove = checkInterfaceFunction(M.getOrInsertFunction( AsanMemmove = checkInterfaceFunction(M.getOrInsertFunction(
ClMemoryAccessCallbackPrefix + "memmove", IRB.getInt8PtrTy(), ClMemoryAccessCallbackPrefix + "memmove", IRB.getInt8PtrTy(),
IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy, nullptr)); IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy, nullptr));
AsanMemcpy = checkInterfaceFunction(M.getOrInsertFunction( AsanMemcpy = checkInterfaceFunction(M.getOrInsertFunction(
ClMemoryAccessCallbackPrefix + "memcpy", IRB.getInt8PtrTy(), ClMemoryAccessCallbackPrefix + "memcpy", IRB.getInt8PtrTy(),
IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy, nullptr)); IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy, nullptr));
AsanMemset = checkInterfaceFunction(M.getOrInsertFunction( AsanMemset = checkInterfaceFunction(M.getOrInsertFunction(
▲ Show 20 LinesShow All 683 LinesShow Last 20 Lines

lib/asan/asan_interceptors.cc

Show First 20 LinesShow All 59 Lines▼ Show 20 Lines if (!QuickCheckForUnpoisonedRegion(__offset, __size) && \
suppressed = IsInterceptorSuppressed(_ctx->interceptor_name); \ suppressed = IsInterceptorSuppressed(_ctx->interceptor_name); \
if (!suppressed && HaveStackTraceBasedSuppressions()) { \ if (!suppressed && HaveStackTraceBasedSuppressions()) { \
GET_STACK_TRACE_FATAL_HERE; \ GET_STACK_TRACE_FATAL_HERE; \
suppressed = IsStackTraceSuppressed(&stack); \ suppressed = IsStackTraceSuppressed(&stack); \
} \ } \
} \ } \
if (!suppressed) { \ if (!suppressed) { \
GET_CURRENT_PC_BP_SP; \ GET_CURRENT_PC_BP_SP; \
__asan_report_error(pc, bp, sp, __bad, isWrite, __size); \ __asan_report_error(pc, bp, sp, __bad, isWrite, __size, 0); \
} \ } \
} \ } \
} while (0) } while (0)
#define ASAN_READ_RANGE(ctx, offset, size) \ #define ASAN_READ_RANGE(ctx, offset, size) \
ACCESS_MEMORY_RANGE(ctx, offset, size, false) ACCESS_MEMORY_RANGE(ctx, offset, size, false)
#define ASAN_WRITE_RANGE(ctx, offset, size) \ #define ASAN_WRITE_RANGE(ctx, offset, size) \
ACCESS_MEMORY_RANGE(ctx, offset, size, true) ACCESS_MEMORY_RANGE(ctx, offset, size, true)
▲ Show 20 LinesShow All 860 LinesShow Last 20 Lines

lib/asan/asan_interface_internal.h

Show First 20 LinesShow All 122 Lines▼ Show 20 Linesextern "C" {
uptr __asan_get_free_stack(uptr addr, uptr *trace, uptr size, uptr __asan_get_free_stack(uptr addr, uptr *trace, uptr size,
u32 *thread_id); u32 *thread_id);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __asan_get_shadow_mapping(uptr *shadow_scale, uptr *shadow_offset); void __asan_get_shadow_mapping(uptr *shadow_scale, uptr *shadow_offset);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __asan_report_error(uptr pc, uptr bp, uptr sp, void __asan_report_error(uptr pc, uptr bp, uptr sp,
uptr addr, int is_write, uptr access_size); uptr addr, int is_write, uptr access_size, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
int __asan_set_error_exit_code(int exit_code); int __asan_set_error_exit_code(int exit_code);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __asan_set_death_callback(void (*callback)(void)); void __asan_set_death_callback(void (*callback)(void));
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __asan_set_error_report_callback(void (*callback)(const char*)); void __asan_set_error_report_callback(void (*callback)(const char*));
Show All 20 Linesextern "C" {
SANITIZER_INTERFACE_ATTRIBUTE void __asan_store1(uptr p); SANITIZER_INTERFACE_ATTRIBUTE void __asan_store1(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_store2(uptr p); SANITIZER_INTERFACE_ATTRIBUTE void __asan_store2(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_store4(uptr p); SANITIZER_INTERFACE_ATTRIBUTE void __asan_store4(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_store8(uptr p); SANITIZER_INTERFACE_ATTRIBUTE void __asan_store8(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_store16(uptr p); SANITIZER_INTERFACE_ATTRIBUTE void __asan_store16(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_loadN(uptr p, uptr size); SANITIZER_INTERFACE_ATTRIBUTE void __asan_loadN(uptr p, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_storeN(uptr p, uptr size); SANITIZER_INTERFACE_ATTRIBUTE void __asan_storeN(uptr p, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_load1(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_load2(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_load4(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_load8(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_load16(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_store1(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_store2(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_store4(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_store8(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_store16(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_loadN(uptr p, uptr size,
u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_storeN(uptr p, uptr size,
u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void* __asan_memcpy(void *dst, const void *src, uptr size); void* __asan_memcpy(void *dst, const void *src, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void* __asan_memset(void *s, int c, uptr n); void* __asan_memset(void *s, int c, uptr n);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void* __asan_memmove(void* dest, const void* src, uptr n); void* __asan_memmove(void* dest, const void* src, uptr n);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
Show All 10 Lines

lib/asan/asan_poisoning.cc

Show First 20 LinesShow All 212 Lines▼ Show 20 Lines
#define CHECK_SMALL_REGION(p, size, isWrite) \ #define CHECK_SMALL_REGION(p, size, isWrite) \
do { \ do { \
uptr __p = reinterpret_cast<uptr>(p); \ uptr __p = reinterpret_cast<uptr>(p); \
uptr __size = size; \ uptr __size = size; \
if (UNLIKELY(__asan::AddressIsPoisoned(__p) || \ if (UNLIKELY(__asan::AddressIsPoisoned(__p) || \
__asan::AddressIsPoisoned(__p + __size - 1))) { \ __asan::AddressIsPoisoned(__p + __size - 1))) { \
GET_CURRENT_PC_BP_SP; \ GET_CURRENT_PC_BP_SP; \
uptr __bad = __asan_region_is_poisoned(__p, __size); \ uptr __bad = __asan_region_is_poisoned(__p, __size); \
__asan_report_error(pc, bp, sp, __bad, isWrite, __size);\ __asan_report_error(pc, bp, sp, __bad, isWrite, __size, 0);\
} \ } \
} while (false); \ } while (false); \
extern "C" SANITIZER_INTERFACE_ATTRIBUTE extern "C" SANITIZER_INTERFACE_ATTRIBUTE
u16 __sanitizer_unaligned_load16(const uu16 *p) { u16 __sanitizer_unaligned_load16(const uu16 *p) {
CHECK_SMALL_REGION(p, sizeof(*p), false); CHECK_SMALL_REGION(p, sizeof(*p), false);
return *p; return *p;
▲ Show 20 LinesShow All 198 LinesShow Last 20 Lines

lib/asan/asan_report.cc

Show First 20 LinesShow All 933 Lines▼ Show 20 Lines
} }
} // namespace __asan } // namespace __asan
// --------------------------- Interface --------------------- {{{1 // --------------------------- Interface --------------------- {{{1
using namespace __asan; // NOLINT using namespace __asan; // NOLINT
void __asan_report_error(uptr pc, uptr bp, uptr sp, uptr addr, int is_write, void __asan_report_error(uptr pc, uptr bp, uptr sp, uptr addr, int is_write,
uptr access_size) { uptr access_size, u32 exp) {
ENABLE_FRAME_POINTER; ENABLE_FRAME_POINTER;
// Optimization experiments.
kccUnsubmitted
Not Done
ReplyInline Actions

the rt is used with other compilers. I would prefer to have a full comment here

kcc: the rt is used with other compilers. I would prefer to have a full comment here
dvyukovAuthorUnsubmitted
Not Done
ReplyInline Actions

Extended it to some degree. Will extend more when we decide how to handle experiments in runtime, otherwise I don't know how to extend it.

dvyukov: Extended it to some degree. Will extend more when we decide how to handle experiments in…
// The experiments can be used to evaluate potential optimizations that remove
// instrumentation (assess false negatives). Instead of completely removing
// some instrumentation, compiler can emit special calls into runtime
// (e.g. __asan_report_exp_load1 instead of __asan_report_load1) and pass
// mask of experiments (exp).
// The reaction to a non-zero value of exp is to be defined.
(void)exp;
// Determine the error type. // Determine the error type.
const char *bug_descr = "unknown-crash"; const char *bug_descr = "unknown-crash";
if (AddrIsInMem(addr)) { if (AddrIsInMem(addr)) {
u8 *shadow_addr = (u8*)MemToShadow(addr); u8 *shadow_addr = (u8*)MemToShadow(addr);
// If we are accessing 16 bytes, look at the second shadow byte. // If we are accessing 16 bytes, look at the second shadow byte.
if (*shadow_addr == 0 && access_size > SHADOW_GRANULARITY) if (*shadow_addr == 0 && access_size > SHADOW_GRANULARITY)
shadow_addr++; shadow_addr++;
// If we are in the partial right redzone, look at the next shadow byte. // If we are in the partial right redzone, look at the next shadow byte.
▲ Show 20 LinesShow All 141 LinesShow Last 20 Lines

lib/asan/asan_rtl.cc

Show First 20 LinesShow All 106 Lines▼ Show 20 Lines
// --------------- LowLevelAllocateCallbac ---------- {{{1 // --------------- LowLevelAllocateCallbac ---------- {{{1
static void OnLowLevelAllocate(uptr ptr, uptr size) { static void OnLowLevelAllocate(uptr ptr, uptr size) {
PoisonShadow(ptr, size, kAsanInternalHeapMagic); PoisonShadow(ptr, size, kAsanInternalHeapMagic);
} }
// -------------------------- Run-time entry ------------------- {{{1 // -------------------------- Run-time entry ------------------- {{{1
// exported functions // exported functions
#define ASAN_REPORT_ERROR(type, is_write, size) \ #define ASAN_REPORT_ERROR(type, is_write, size) \
extern "C" NOINLINE INTERFACE_ATTRIBUTE \ extern "C" NOINLINE INTERFACE_ATTRIBUTE \
void __asan_report_ ## type ## size(uptr addr); \
void __asan_report_ ## type ## size(uptr addr) { \ void __asan_report_ ## type ## size(uptr addr) { \
GET_CALLER_PC_BP_SP; \ GET_CALLER_PC_BP_SP; \
__asan_report_error(pc, bp, sp, addr, is_write, size); \ __asan_report_error(pc, bp, sp, addr, is_write, size, 0); \
} \
extern "C" NOINLINE INTERFACE_ATTRIBUTE \
void __asan_report_exp_ ## type ## size(uptr addr, u32 exp) { \
GET_CALLER_PC_BP_SP; \
__asan_report_error(pc, bp, sp, addr, is_write, size, exp); \
} }
ASAN_REPORT_ERROR(load, false, 1) ASAN_REPORT_ERROR(load, false, 1)
ASAN_REPORT_ERROR(load, false, 2) ASAN_REPORT_ERROR(load, false, 2)
ASAN_REPORT_ERROR(load, false, 4) ASAN_REPORT_ERROR(load, false, 4)
ASAN_REPORT_ERROR(load, false, 8) ASAN_REPORT_ERROR(load, false, 8)
ASAN_REPORT_ERROR(load, false, 16) ASAN_REPORT_ERROR(load, false, 16)
ASAN_REPORT_ERROR(store, true, 1) ASAN_REPORT_ERROR(store, true, 1)
ASAN_REPORT_ERROR(store, true, 2) ASAN_REPORT_ERROR(store, true, 2)
ASAN_REPORT_ERROR(store, true, 4) ASAN_REPORT_ERROR(store, true, 4)
ASAN_REPORT_ERROR(store, true, 8) ASAN_REPORT_ERROR(store, true, 8)
ASAN_REPORT_ERROR(store, true, 16) ASAN_REPORT_ERROR(store, true, 16)
#define ASAN_REPORT_ERROR_N(type, is_write) \ #define ASAN_REPORT_ERROR_N(type, is_write) \
extern "C" NOINLINE INTERFACE_ATTRIBUTE \ extern "C" NOINLINE INTERFACE_ATTRIBUTE \
void __asan_report_ ## type ## _n(uptr addr, uptr size); \
void __asan_report_ ## type ## _n(uptr addr, uptr size) { \ void __asan_report_ ## type ## _n(uptr addr, uptr size) { \
GET_CALLER_PC_BP_SP; \ GET_CALLER_PC_BP_SP; \
__asan_report_error(pc, bp, sp, addr, is_write, size); \ __asan_report_error(pc, bp, sp, addr, is_write, size, 0); \
} \
extern "C" NOINLINE INTERFACE_ATTRIBUTE \
void __asan_report_exp_ ## type ## _n(uptr addr, uptr size, u32 exp) { \
GET_CALLER_PC_BP_SP; \
__asan_report_error(pc, bp, sp, addr, is_write, size, exp); \
} }
ASAN_REPORT_ERROR_N(load, false) ASAN_REPORT_ERROR_N(load, false)
ASAN_REPORT_ERROR_N(store, true) ASAN_REPORT_ERROR_N(store, true)
#define ASAN_MEMORY_ACCESS_CALLBACK(type, is_write, size) \ #define ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, exp_arg) \
extern "C" NOINLINE INTERFACE_ATTRIBUTE void __asan_##type##size(uptr addr); \
void __asan_##type##size(uptr addr) { \
uptr sp = MEM_TO_SHADOW(addr); \ uptr sp = MEM_TO_SHADOW(addr); \
uptr s = size <= SHADOW_GRANULARITY ? *reinterpret_cast<u8 *>(sp) \ uptr s = size <= SHADOW_GRANULARITY ? *reinterpret_cast<u8 *>(sp) \
: *reinterpret_cast<u16 *>(sp); \ : *reinterpret_cast<u16 *>(sp); \
if (UNLIKELY(s)) { \ if (UNLIKELY(s)) { \
if (UNLIKELY(size >= SHADOW_GRANULARITY || \ if (UNLIKELY(size >= SHADOW_GRANULARITY || \
((s8)((addr & (SHADOW_GRANULARITY - 1)) + size - 1)) >= \ ((s8)((addr & (SHADOW_GRANULARITY - 1)) + size - 1)) >= \
(s8)s)) { \ (s8)s)) { \
if (__asan_test_only_reported_buggy_pointer) { \ if (__asan_test_only_reported_buggy_pointer) { \
*__asan_test_only_reported_buggy_pointer = addr; \ *__asan_test_only_reported_buggy_pointer = addr; \
} else { \ } else { \
GET_CALLER_PC_BP_SP; \ GET_CALLER_PC_BP_SP; \
__asan_report_error(pc, bp, sp, addr, is_write, size); \ __asan_report_error(pc, bp, sp, addr, is_write, size, exp_arg); \
} \ } \
} \ } \
}
#define ASAN_MEMORY_ACCESS_CALLBACK(type, is_write, size) \
kccUnsubmitted
Not Done
ReplyInline Actions

can you avoid so much duplication here?

kcc: can you avoid so much duplication here?
dvyukovAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

dvyukov: Done
extern "C" NOINLINE INTERFACE_ATTRIBUTE \
void __asan_##type##size(uptr addr) { \
ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, 0) \
} \ } \
extern "C" NOINLINE INTERFACE_ATTRIBUTE \
void __asan_exp_##type##size(uptr addr, u32 exp) { \
ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, exp) \
} }
ASAN_MEMORY_ACCESS_CALLBACK(load, false, 1) ASAN_MEMORY_ACCESS_CALLBACK(load, false, 1)
ASAN_MEMORY_ACCESS_CALLBACK(load, false, 2) ASAN_MEMORY_ACCESS_CALLBACK(load, false, 2)
ASAN_MEMORY_ACCESS_CALLBACK(load, false, 4) ASAN_MEMORY_ACCESS_CALLBACK(load, false, 4)
ASAN_MEMORY_ACCESS_CALLBACK(load, false, 8) ASAN_MEMORY_ACCESS_CALLBACK(load, false, 8)
ASAN_MEMORY_ACCESS_CALLBACK(load, false, 16) ASAN_MEMORY_ACCESS_CALLBACK(load, false, 16)
ASAN_MEMORY_ACCESS_CALLBACK(store, true, 1) ASAN_MEMORY_ACCESS_CALLBACK(store, true, 1)
ASAN_MEMORY_ACCESS_CALLBACK(store, true, 2) ASAN_MEMORY_ACCESS_CALLBACK(store, true, 2)
ASAN_MEMORY_ACCESS_CALLBACK(store, true, 4) ASAN_MEMORY_ACCESS_CALLBACK(store, true, 4)
ASAN_MEMORY_ACCESS_CALLBACK(store, true, 8) ASAN_MEMORY_ACCESS_CALLBACK(store, true, 8)
ASAN_MEMORY_ACCESS_CALLBACK(store, true, 16) ASAN_MEMORY_ACCESS_CALLBACK(store, true, 16)
extern "C" extern "C"
NOINLINE INTERFACE_ATTRIBUTE void __asan_loadN(uptr addr, uptr size) { NOINLINE INTERFACE_ATTRIBUTE
void __asan_loadN(uptr addr, uptr size) {
if (__asan_region_is_poisoned(addr, size)) {
GET_CALLER_PC_BP_SP;
__asan_report_error(pc, bp, sp, addr, false, size, 0);
}
}
extern "C"
NOINLINE INTERFACE_ATTRIBUTE
void __asan_exp_loadN(uptr addr, uptr size, u32 exp) {
if (__asan_region_is_poisoned(addr, size)) {
GET_CALLER_PC_BP_SP;
__asan_report_error(pc, bp, sp, addr, false, size, exp);
}
}
extern "C"
NOINLINE INTERFACE_ATTRIBUTE
void __asan_storeN(uptr addr, uptr size) {
if (__asan_region_is_poisoned(addr, size)) { if (__asan_region_is_poisoned(addr, size)) {
GET_CALLER_PC_BP_SP; GET_CALLER_PC_BP_SP;
__asan_report_error(pc, bp, sp, addr, false, size); __asan_report_error(pc, bp, sp, addr, true, size, 0);
} }
} }
extern "C" extern "C"
NOINLINE INTERFACE_ATTRIBUTE void __asan_storeN(uptr addr, uptr size) { NOINLINE INTERFACE_ATTRIBUTE
void __asan_exp_storeN(uptr addr, uptr size, u32 exp) {
if (__asan_region_is_poisoned(addr, size)) { if (__asan_region_is_poisoned(addr, size)) {
GET_CALLER_PC_BP_SP; GET_CALLER_PC_BP_SP;
__asan_report_error(pc, bp, sp, addr, true, size); __asan_report_error(pc, bp, sp, addr, true, size, exp);
} }
} }
// Force the linker to keep the symbols for various ASan interface functions. // Force the linker to keep the symbols for various ASan interface functions.
// We want to keep those in the executable in order to let the instrumented // We want to keep those in the executable in order to let the instrumented
// dynamic libraries access the symbol even if it is not used by the executable // dynamic libraries access the symbol even if it is not used by the executable
// itself. This should help if the build system is removing dead code at link // itself. This should help if the build system is removing dead code at link
// time. // time.
static NOINLINE void force_interface_symbols() { static NOINLINE void force_interface_symbols() {
volatile int fake_condition = 0; // prevent dead condition elimination. volatile int fake_condition = 0; // prevent dead condition elimination.
// __asan_report_* functions are noreturn, so we need a switch to prevent // __asan_report_* functions are noreturn, so we need a switch to prevent
// the compiler from removing any of them. // the compiler from removing any of them.
switch (fake_condition) { switch (fake_condition) {
case 1: __asan_report_load1(0); break; case 1: __asan_report_load1(0); break;
case 2: __asan_report_load2(0); break; case 2: __asan_report_load2(0); break;
case 3: __asan_report_load4(0); break; case 3: __asan_report_load4(0); break;
case 4: __asan_report_load8(0); break; case 4: __asan_report_load8(0); break;
case 5: __asan_report_load16(0); break; case 5: __asan_report_load16(0); break;
case 6: __asan_report_store1(0); break; case 6: __asan_report_load_n(0, 0); break;
case 7: __asan_report_store2(0); break; case 7: __asan_report_store1(0); break;
case 8: __asan_report_store4(0); break; case 8: __asan_report_store2(0); break;
case 9: __asan_report_store8(0); break; case 9: __asan_report_store4(0); break;
case 10: __asan_report_store16(0); break; case 10: __asan_report_store8(0); break;
case 12: __asan_register_globals(0, 0); break; case 11: __asan_report_store16(0); break;
case 13: __asan_unregister_globals(0, 0); break; case 12: __asan_report_store_n(0, 0); break;
case 14: __asan_set_death_callback(0); break; case 13: __asan_report_exp_load1(0, 0); break;
case 15: __asan_set_error_report_callback(0); break; case 14: __asan_report_exp_load2(0, 0); break;
case 16: __asan_handle_no_return(); break; case 15: __asan_report_exp_load4(0, 0); break;
case 17: __asan_address_is_poisoned(0); break; case 16: __asan_report_exp_load8(0, 0); break;
case 25: __asan_poison_memory_region(0, 0); break; case 17: __asan_report_exp_load16(0, 0); break;
case 26: __asan_unpoison_memory_region(0, 0); break; case 18: __asan_report_exp_load_n(0, 0, 0); break;
case 27: __asan_set_error_exit_code(0); break; case 19: __asan_report_exp_store1(0, 0); break;
case 30: __asan_before_dynamic_init(0); break; case 20: __asan_report_exp_store2(0, 0); break;
case 31: __asan_after_dynamic_init(); break; case 21: __asan_report_exp_store4(0, 0); break;
case 32: __asan_poison_stack_memory(0, 0); break; case 22: __asan_report_exp_store8(0, 0); break;
case 33: __asan_unpoison_stack_memory(0, 0); break; case 23: __asan_report_exp_store16(0, 0); break;
case 34: __asan_region_is_poisoned(0, 0); break; case 24: __asan_report_exp_store_n(0, 0, 0); break;
case 35: __asan_describe_address(0); break; case 25: __asan_register_globals(0, 0); break;
case 26: __asan_unregister_globals(0, 0); break;
case 27: __asan_set_death_callback(0); break;
case 28: __asan_set_error_report_callback(0); break;
case 29: __asan_handle_no_return(); break;
case 30: __asan_address_is_poisoned(0); break;
case 31: __asan_poison_memory_region(0, 0); break;
case 32: __asan_unpoison_memory_region(0, 0); break;
case 33: __asan_set_error_exit_code(0); break;
case 34: __asan_before_dynamic_init(0); break;
case 35: __asan_after_dynamic_init(); break;
case 36: __asan_poison_stack_memory(0, 0); break;
case 37: __asan_unpoison_stack_memory(0, 0); break;
case 38: __asan_region_is_poisoned(0, 0); break;
case 39: __asan_describe_address(0); break;
} }
} }
static void asan_atexit() { static void asan_atexit() {
Printf("AddressSanitizer exit stats:\n"); Printf("AddressSanitizer exit stats:\n");
__asan_print_accumulated_stats(); __asan_print_accumulated_stats();
// Print AsanMappingProfile. // Print AsanMappingProfile.
for (uptr i = 0; i < kAsanMappingProfileSize; i++) { for (uptr i = 0; i < kAsanMappingProfileSize; i++) {
▲ Show 20 LinesShow All 290 LinesShow Last 20 Lines

test/Instrumentation/AddressSanitizer/experiment-call.ll

; Test optimization experiments.
; -asan-force-experiment flag turns all memory accesses into experiments.
; RUN: opt < %s -asan -asan-module -asan-force-experiment=42 -asan-instrumentation-with-call-threshold=0 -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu"
define void @load1(i8* %p) sanitize_address {
entry:
%t = load i8, i8* %p, align 1
ret void
; CHECK-LABEL: define void @load1
; CHECK: __asan_exp_load1{{.*}} i32 42
; CHECK: ret void
}
define void @load2(i16* %p) sanitize_address {
entry:
%t = load i16, i16* %p, align 2
ret void
; CHECK-LABEL: define void @load2
; CHECK: __asan_exp_load2{{.*}} i32 42
; CHECK: ret void
}
define void @load4(i32* %p) sanitize_address {
entry:
%t = load i32, i32* %p, align 4
ret void
; CHECK-LABEL: define void @load4
; CHECK: __asan_exp_load4{{.*}} i32 42
; CHECK: ret void
}
define void @load8(i64* %p) sanitize_address {
entry:
%t = load i64, i64* %p, align 8
ret void
; CHECK-LABEL: define void @load8
; CHECK: __asan_exp_load8{{.*}} i32 42
; CHECK: ret void
}
define void @load16(i128* %p) sanitize_address {
entry:
%t = load i128, i128* %p, align 16
ret void
; CHECK-LABEL: define void @load16
; CHECK: __asan_exp_load16{{.*}} i32 42
; CHECK: ret void
}
define void @loadN(i48* %p) sanitize_address {
entry:
%t = load i48, i48* %p, align 1
ret void
; CHECK-LABEL: define void @loadN
; CHECK: __asan_exp_loadN{{.*}} i32 42
; CHECK: ret void
}
define void @store1(i8* %p) sanitize_address {
entry:
store i8 1, i8* %p, align 1
ret void
; CHECK-LABEL: define void @store1
; CHECK: __asan_exp_store1{{.*}} i32 42
; CHECK: ret void
}
define void @store2(i16* %p) sanitize_address {
entry:
store i16 1, i16* %p, align 2
ret void
; CHECK-LABEL: define void @store2
; CHECK: __asan_exp_store2{{.*}} i32 42
; CHECK: ret void
}
define void @store4(i32* %p) sanitize_address {
entry:
store i32 1, i32* %p, align 4
ret void
; CHECK-LABEL: define void @store4
; CHECK: __asan_exp_store4{{.*}} i32 42
; CHECK: ret void
}
define void @store8(i64* %p) sanitize_address {
entry:
store i64 1, i64* %p, align 8
ret void
; CHECK-LABEL: define void @store8
; CHECK: __asan_exp_store8{{.*}} i32 42
; CHECK: ret void
}
define void @store16(i128* %p) sanitize_address {
entry:
store i128 1, i128* %p, align 16
ret void
; CHECK-LABEL: define void @store16
; CHECK: __asan_exp_store16{{.*}} i32 42
; CHECK: ret void
}
define void @storeN(i48* %p) sanitize_address {
entry:
store i48 1, i48* %p, align 1
ret void
; CHECK-LABEL: define void @storeN
; CHECK: __asan_exp_storeN{{.*}} i32 42
; CHECK: ret void
}

test/Instrumentation/AddressSanitizer/experiment.ll

; Test optimization experiments.
; -asan-force-experiment flag turns all memory accesses into experiments.
; RUN: opt < %s -asan -asan-module -asan-force-experiment=42 -S | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu"
define void @load1(i8* %p) sanitize_address {
entry:
%t = load i8, i8* %p, align 1
ret void
; CHECK-LABEL: define void @load1
; CHECK: __asan_report_exp_load1{{.*}} i32 42
; CHECK: ret void
}
define void @load2(i16* %p) sanitize_address {
entry:
%t = load i16, i16* %p, align 2
ret void
; CHECK-LABEL: define void @load2
; CHECK: __asan_report_exp_load2{{.*}} i32 42
; CHECK: ret void
}
define void @load4(i32* %p) sanitize_address {
entry:
%t = load i32, i32* %p, align 4
ret void
; CHECK-LABEL: define void @load4
; CHECK: __asan_report_exp_load4{{.*}} i32 42
; CHECK: ret void
}
define void @load8(i64* %p) sanitize_address {
entry:
%t = load i64, i64* %p, align 8
ret void
; CHECK-LABEL: define void @load8
; CHECK: __asan_report_exp_load8{{.*}} i32 42
; CHECK: ret void
}
define void @load16(i128* %p) sanitize_address {
entry:
%t = load i128, i128* %p, align 16
ret void
; CHECK-LABEL: define void @load16
; CHECK: __asan_report_exp_load16{{.*}} i32 42
; CHECK: ret void
}
define void @loadN(i48* %p) sanitize_address {
entry:
%t = load i48, i48* %p, align 1
ret void
; CHECK-LABEL: define void @loadN
; CHECK: __asan_report_exp_load_n{{.*}} i32 42
; CHECK: ret void
}
define void @store1(i8* %p) sanitize_address {
entry:
store i8 1, i8* %p, align 1
ret void
; CHECK-LABEL: define void @store1
; CHECK: __asan_report_exp_store1{{.*}} i32 42
; CHECK: ret void
}
define void @store2(i16* %p) sanitize_address {
entry:
store i16 1, i16* %p, align 2
ret void
; CHECK-LABEL: define void @store2
; CHECK: __asan_report_exp_store2{{.*}} i32 42
; CHECK: ret void
}
define void @store4(i32* %p) sanitize_address {
entry:
store i32 1, i32* %p, align 4
ret void
; CHECK-LABEL: define void @store4
; CHECK: __asan_report_exp_store4{{.*}} i32 42
; CHECK: ret void
}
define void @store8(i64* %p) sanitize_address {
entry:
store i64 1, i64* %p, align 8
ret void
; CHECK-LABEL: define void @store8
; CHECK: __asan_report_exp_store8{{.*}} i32 42
; CHECK: ret void
}
define void @store16(i128* %p) sanitize_address {
entry:
store i128 1, i128* %p, align 16
ret void
; CHECK-LABEL: define void @store16
; CHECK: __asan_report_exp_store16{{.*}} i32 42
; CHECK: ret void
}
define void @storeN(i48* %p) sanitize_address {
entry:
store i48 1, i48* %p, align 1
ret void
; CHECK-LABEL: define void @storeN
; CHECK: __asan_report_exp_store_n{{.*}} i32 42
; CHECK: ret void
}

test/asan/TestCases/Linux/interface_symbols_linux.c

Show All 18 Lines
// RUN: echo __asan_report_load16 >> %t.interface // RUN: echo __asan_report_load16 >> %t.interface
// RUN: echo __asan_report_store1 >> %t.interface // RUN: echo __asan_report_store1 >> %t.interface
// RUN: echo __asan_report_store2 >> %t.interface // RUN: echo __asan_report_store2 >> %t.interface
// RUN: echo __asan_report_store4 >> %t.interface // RUN: echo __asan_report_store4 >> %t.interface
// RUN: echo __asan_report_store8 >> %t.interface // RUN: echo __asan_report_store8 >> %t.interface
// RUN: echo __asan_report_store16 >> %t.interface // RUN: echo __asan_report_store16 >> %t.interface
// RUN: echo __asan_report_load_n >> %t.interface // RUN: echo __asan_report_load_n >> %t.interface
// RUN: echo __asan_report_store_n >> %t.interface // RUN: echo __asan_report_store_n >> %t.interface
// RUN: echo __asan_report_exp_load1 >> %t.interface
// RUN: echo __asan_report_exp_load2 >> %t.interface
// RUN: echo __asan_report_exp_load4 >> %t.interface
// RUN: echo __asan_report_exp_load8 >> %t.interface
// RUN: echo __asan_report_exp_load16 >> %t.interface
// RUN: echo __asan_report_exp_store1 >> %t.interface
// RUN: echo __asan_report_exp_store2 >> %t.interface
// RUN: echo __asan_report_exp_store4 >> %t.interface
// RUN: echo __asan_report_exp_store8 >> %t.interface
// RUN: echo __asan_report_exp_store16 >> %t.interface
// RUN: echo __asan_report_exp_load_n >> %t.interface
// RUN: echo __asan_report_exp_store_n >> %t.interface
// RUN: echo __asan_get_current_fake_stack >> %t.interface // RUN: echo __asan_get_current_fake_stack >> %t.interface
// RUN: echo __asan_addr_is_in_fake_stack >> %t.interface // RUN: echo __asan_addr_is_in_fake_stack >> %t.interface
// RUN: cat %t.interface | sort -u | diff %t.symbols - // RUN: cat %t.interface | sort -u | diff %t.symbols -
// FIXME: nm -D on powerpc somewhy shows ASan interface symbols residing // FIXME: nm -D on powerpc somewhy shows ASan interface symbols residing
// in "initialized data section". // in "initialized data section".
// REQUIRES: x86_64-supported-target,i386-supported-target,asan-static-runtime // REQUIRES: x86_64-supported-target,i386-supported-target,asan-static-runtime
int main() { return 0; } int main() { return 0; }