This is an archive of the discontinued LLVM Phabricator instance.

Differential D10411

[ASan] Initial support for Kernel AddressSanitizer
ClosedPublic

Authored by glider on Jun 12 2015, 5:05 AM.

Details

Reviewers
dvyukov
samsonov
Summary

This patch adds initial support for the -fsanitize=kernel-address flag to Clang.
Right now it's quite restricted: only out-of-line instrumentation is supported, globals are not instrumented, some GCC kasan flags are not supported.
Using this patch I am able to build and boot the KASan tree with LLVMLinux patches from github.com/ramosian-glider/kasan/tree/kasan_llvmlinux.
To disable KASan instrumentation for a certain function attribute((no_sanitize("kernel-address"))) can be used.

Diff Detail

Event Timeline

glider updated this revision to Diff 27571.Jun 12 2015, 5:05 AM
glider retitled this revision from to [ASan] Initial support for Kernel AddressSanitizer.
glider updated this object.
glider edited the test plan for this revision. (Show Details)
glider added reviewers: samsonov, dvyukov.
glider added subscribers: kcc, Unknown Object (MLST), Unknown Object (MLST).
glider updated this revision to Diff 27577.Jun 12 2015, 8:08 AM

Added some tests

samsonov edited edge metadata.Jun 12 2015, 11:04 AM

Cool, happy to see it coming. I would also add tests for:

a) presence of sanitize_address function attribute
b) actual KASan instrumentation with correct shadow offset/scale.
c) missing module ctors/callbacks in KASan mode.
lib/Transforms/Instrumentation/AddressSanitizer.cpp
1362

Wait a second.... Do you do *anything* in AddressSanitizerModule pass in CompileKernel mode? You don't add module constructor, and you don't instrument globals. Maybe, we should just avoid creating this pass in the first place?

1419

Hm... So you don't have __asan_memset() in the kernel. Maybe, we shouldn't instrument mem intrinsics in this case at all, not replace intrinisics with call to plain memset()?

1455

You will access uninitialized memory in AddressSanitizer::runOnFunction (potentially in AddressSanitizer::maybeInsertAsanInitAtFunctionEntry as well, but the latter is relevant only for Mac).

1542–1543
bool UseCalls = CompileKernel || (ClInstrumentationWithCallsThreshold >= 0 && ...);
tools/clang/include/clang/Basic/Sanitizers.def
44

What is the "correct" way to capitalize it? KASAN? KASan?

tools/clang/lib/AST/Decl.cpp
3684–3685

Wow, that's hard to parse. I'd vote for adding a method to SanitizerSet

if (!Context.getLangOpts().Sanitize.hasOneOf(SanitizerKind::Address, SanitizerKind::KernelAddress)
  ...

That would also be useful in several places below.

tools/clang/lib/CodeGen/BackendUtil.cpp
217

See note above - I'm not sure we need a module pass for that.

honggyu.kim added a subscriber: honggyu.kim.Jun 13 2015, 11:12 PM
ygribov added a subscriber: ygribov.Jun 15 2015, 1:18 AM
ygribov added inline comments.
lib/Transforms/Instrumentation/AddressSanitizer.cpp
1362

Or perhaps instrumentation of globals will follow shortly so it's ok to have this pass at hand.

1390

Perhaps use "_noabort" suffix to match gcc?

glider added a comment.Jun 15 2015, 6:49 AM

Addressed Alexey's comments.
Regarding the missing tests, I think it's best to add them at opt level, but I can't do that now because there's no command line switch that enables KASan (this mode only depends on the bool passed to the pass factory). I can add such a switch, but then it can be used to work around the "ASan xor KASan" restriction. WDYT?

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1362

Or perhaps instrumentation of globals will follow shortly so it's ok to have this pass at hand.

Exactly, my intention was to add it soon.

1390

Looks like I've been comparing to the wrong gcc version, 4.9 didn't have the 'noabort' suffixes. Fixed.

1419

mm/kasan/kasan.c redefines memset() et al. making them call __asan_{load,store}N (see https://github.com/ramosian-glider/kasan/blob/kasan_llvmlinux/mm/kasan/kasan.c#L263), so we just replace the intrinsics with calls to memset().

1455

In fact I didn't fully understand this piece before. I've looked std::tie up and it's more clear to me now.
Moved the assignment outside the condition (or shall we NULL-initialize these fields instead?)

1542–1543

Done.

tools/clang/include/clang/Basic/Sanitizers.def
44

It hasn't been established yet, but Dima says we prefer "KASan" (which surprised me). Fixed here and in tools/clang/lib/CodeGen/CodeGenModule.cpp

tools/clang/lib/AST/Decl.cpp
3684–3685

I've added SanitizerSet::hasAsanOrKasan() -- did you mean that?

tools/clang/lib/CodeGen/BackendUtil.cpp
217

Can we keep it provided that we'll have module-level instrumentation soon?

tools/clang/lib/CodeGen/CodeGenFunction.cpp
619

Note I'm using the same attribute for both userspace and kernel instrumentation. I think we don't need to distinguish between them.

glider updated this revision to Diff 27667.Jun 15 2015, 6:53 AM
glider edited edge metadata.

Actually attaching the diff.

samsonov added a comment.Jun 15 2015, 1:34 PM

I think it's fine to add whatever commandline flags are needed for testing - they are not user-visible anyway, and we should have *some* means to test KASan instrumentation without a frontend.

Looks mostly good.

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1455

I would actually prefer a null initialization, as it's weird to create functions that would never be called in KASan mode.

tools/clang/include/clang/Basic/Sanitizers.h
56

Um, no, I mean to add hasOneOf method that would take ArrayRef of sanitizer kinds and return true iff at least one of them is enabled. Then you could call it as...

tools/clang/lib/AST/Decl.cpp
3684–3685
Context.getLangOpts().Sanitize.hasOneOf({SanitizerKind::Address, SanitizerKind::KernelAddress})
tools/clang/lib/CodeGen/BackendUtil.cpp
203–204

Pass false here.

glider updated this revision to Diff 27761.Jun 16 2015, 7:06 AM

Added a couple of tests, addressed Alexey's comments.

glider added a comment.Jun 16 2015, 7:11 AM

I've added the tests for -fsanitize=kernel-address

  • check that it instruments memory accesses
  • check that the sanitize_address attributes are emitted

Regarding the offset/scale, these aren't emitted now, as I've only implemented the out-of-line instrumentation.
Regarding the missing module ctors, these will be added once we've globals instrumentation - not sure we need to test that they're absent now.

I've also added the -enable-kasan flag, but the existing tests do not use it yet.

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1455

Done.

tools/clang/include/clang/Basic/Sanitizers.h
56

This is basically the has() method without the llvm::countPopulation(K) == 1 check.
Why not use a mask instead of an ArrayRef?

tools/clang/lib/CodeGen/BackendUtil.cpp
203–204

Done

dvyukov added inline comments.Jun 16 2015, 7:38 AM
lib/Transforms/Instrumentation/AddressSanitizer.cpp
1391

we also need to make them actually noabort

samsonov added inline comments.Jun 16 2015, 11:07 AM
lib/Transforms/Instrumentation/AddressSanitizer.cpp
120

Um, asan-kernel? Looks like most of the flags in this file start with asan-, it makes sense to keep it.

394

nullptr
You can also consider using brace-or-equal initializer here.

tools/clang/include/clang/Basic/Sanitizers.h
56

Yeah, using the mask is also ok. But let's make the name different, so that has() method would still always accept a single sanitizer.

samsonov added inline comments.Jun 16 2015, 11:09 AM
tools/clang/test/Driver/kasan.c
1 ↗(On Diff #27761)

Please use linux as a target (http://reviews.llvm.org/D10467). You can also merge it into asan.c to keep a single test case (I'm fine either way).

glider updated this revision to Diff 27852.Jun 17 2015, 11:38 AM

Addressed comments by Alexey and Dmitry

lib/Transforms/Instrumentation/AddressSanitizer.cpp
120

Done

394

Added them for the ctor/init functions. What's the policy regarding those in the code?

1391

Removed the noabort suffixes for error reporting functions.
Per patch description, only out-of-line instrumentation is supported anyway.

tools/clang/test/Driver/kasan.c
1 ↗(On Diff #27761)

Done, united the tests.

samsonov added inline comments.Jun 17 2015, 12:27 PM
lib/Transforms/Instrumentation/AddressSanitizer.cpp
1366

Wait, this is dead code, right? CompileKernel is known to be false here, as you've checked it in the outer if.

tools/clang/lib/CodeGen/CGDeclCXX.cpp
270

hasOneOf

tools/clang/lib/CodeGen/SanitizerMetadata.cpp
28

(here and below)
I think you don't do anything with globals in KASan. Or you want to add it in the following changes soon?

tools/clang/test/CodeGen/address-safety-attr-kasan.cpp
4

Please specify triple (or merge this into address-safety-attr.cpp somehow)

10

Function Attrs: nounwind sanitize_address
would match this CHECK-NOASAN line

glider updated this revision to Diff 27928.Jun 18 2015, 5:47 AM

Addressed Alexey's comments

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1366

Removed the dead code for now. This block will be added back once we enable globals instrumentation.

tools/clang/lib/CodeGen/CGDeclCXX.cpp
270

Done

tools/clang/lib/CodeGen/SanitizerMetadata.cpp
28

Yes, I'm about to add globals support soon, it's just not working properly yet.

tools/clang/test/CodeGen/address-safety-attr-kasan.cpp
4

Done.

10

Added a $ after "nounwind"

samsonov accepted this revision.Jun 18 2015, 4:30 PM
samsonov edited edge metadata.

LGTM

tools/clang/lib/AST/Decl.cpp
3684–3685

remove extra parens around hasOneOf call

tools/clang/test/CodeGen/address-safety-attr-kasan.cpp
11

Please check this syntax. I thought that [[]] is used to define FileCheck variables, while {{}} are used for regular expressions.

tools/clang/test/Driver/asan.c
1–9

while you're here, please add linux to original RUN-lines as well.

This revision is now accepted and ready to land.Jun 18 2015, 4:30 PM
ygribov added inline comments.Jun 18 2015, 11:39 PM
lib/Transforms/Instrumentation/AddressSanitizer.cpp
1394

Do you mean to add noabort variants to compiler-rt? That would be nice, especially if you could add -fsanitize-recover to enable those in userspace as well.

glider updated this revision to Diff 28013.Jun 19 2015, 2:46 AM
glider edited edge metadata.

Addressed the comments by Alexey and Yury

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1394

No, I meant just emitting _noabort calls under KASan. I've updated the comment to reflect that.
-fsanitize-recover is kind of orthogonal to this patch.

tools/clang/lib/AST/Decl.cpp
3684–3685

Indeed.

tools/clang/test/CodeGen/address-safety-attr-kasan.cpp
11

Yeah, that's right.

tools/clang/test/Driver/asan.c
1–9

Done

glider added a comment.Jun 19 2015, 4:35 AM

Now there's a problem with handleNoSanitizeSpecificAttr() - looks like attribute((no_sanitize_address)) can only works with either ASan or KASan.
Looking.

glider updated this revision to Diff 28016.Jun 19 2015, 5:12 AM
glider updated this object.

Updated the test to use attribute((no_sanitize("kernel-address"))) as a workaround. We'll still need to decide which of the three attributes:

  • attribute((no_sanitize_address))
  • attribute((no_sanitize("address")))
  • attribute((no_sanitize("kernel-address")))

shall affect KASan instrumentation.

glider closed this revision.Jun 19 2015, 5:49 AM

Landed in r240131.

Revision Contents

PathSize
include/
llvm/
Transforms/
4 lines
lib/
Transforms/
Instrumentation/
110 lines
tools/
clang/
include/
clang/
Basic/
3 lines
3 lines
lib/
AST/
3 lines
Basic/
4 lines
CodeGen/
17 lines
3 lines
2 lines
5 lines
9 lines
Driver/
5 lines
Lex/
4 lines
test/
CodeGen/
20 lines
Driver/
17 lines
12 lines
Lexer/
1 line

Diff 27852

include/llvm/Transforms/Instrumentation.h

Show First 20 LinesShow All 78 Lines▼ Show 20 Linesstruct InstrProfOptions {
std::string InstrProfileOutput; std::string InstrProfileOutput;
}; };
/// Insert frontend instrumentation based profiling. /// Insert frontend instrumentation based profiling.
ModulePass *createInstrProfilingPass( ModulePass *createInstrProfilingPass(
const InstrProfOptions &Options = InstrProfOptions()); const InstrProfOptions &Options = InstrProfOptions());
// Insert AddressSanitizer (address sanity checking) instrumentation // Insert AddressSanitizer (address sanity checking) instrumentation
FunctionPass *createAddressSanitizerFunctionPass(); FunctionPass *createAddressSanitizerFunctionPass(bool CompileKernel = false);
ModulePass *createAddressSanitizerModulePass(); ModulePass *createAddressSanitizerModulePass(bool CompileKernel = false);
// Insert MemorySanitizer instrumentation (detection of uninitialized reads) // Insert MemorySanitizer instrumentation (detection of uninitialized reads)
FunctionPass *createMemorySanitizerPass(int TrackOrigins = 0); FunctionPass *createMemorySanitizerPass(int TrackOrigins = 0);
// Insert ThreadSanitizer (race detection) instrumentation // Insert ThreadSanitizer (race detection) instrumentation
FunctionPass *createThreadSanitizerPass(); FunctionPass *createThreadSanitizerPass();
// Insert DataFlowSanitizer (dynamic data flow analysis) instrumentation // Insert DataFlowSanitizer (dynamic data flow analysis) instrumentation
▲ Show 20 LinesShow All 45 LinesShow Last 20 Lines

lib/Transforms/Instrumentation/AddressSanitizer.cpp

Show First 20 LinesShow All 61 Lines▼ Show 20 Lines
#define DEBUG_TYPE "asan" #define DEBUG_TYPE "asan"
static const uint64_t kDefaultShadowScale = 3; static const uint64_t kDefaultShadowScale = 3;
static const uint64_t kDefaultShadowOffset32 = 1ULL << 29; static const uint64_t kDefaultShadowOffset32 = 1ULL << 29;
static const uint64_t kIOSShadowOffset32 = 1ULL << 30; static const uint64_t kIOSShadowOffset32 = 1ULL << 30;
static const uint64_t kDefaultShadowOffset64 = 1ULL << 44; static const uint64_t kDefaultShadowOffset64 = 1ULL << 44;
static const uint64_t kSmallX86_64ShadowOffset = 0x7FFF8000; // < 2G. static const uint64_t kSmallX86_64ShadowOffset = 0x7FFF8000; // < 2G.
static const uint64_t kLinuxKasan_ShadowOffset64 = 0xdffffc0000000000;
static const uint64_t kPPC64_ShadowOffset64 = 1ULL << 41; static const uint64_t kPPC64_ShadowOffset64 = 1ULL << 41;
static const uint64_t kMIPS32_ShadowOffset32 = 0x0aaa0000; static const uint64_t kMIPS32_ShadowOffset32 = 0x0aaa0000;
static const uint64_t kMIPS64_ShadowOffset64 = 1ULL << 37; static const uint64_t kMIPS64_ShadowOffset64 = 1ULL << 37;
static const uint64_t kAArch64_ShadowOffset64 = 1ULL << 36; static const uint64_t kAArch64_ShadowOffset64 = 1ULL << 36;
static const uint64_t kFreeBSD_ShadowOffset32 = 1ULL << 30; static const uint64_t kFreeBSD_ShadowOffset32 = 1ULL << 30;
static const uint64_t kFreeBSD_ShadowOffset64 = 1ULL << 46; static const uint64_t kFreeBSD_ShadowOffset64 = 1ULL << 46;
static const uint64_t kWindowsShadowOffset32 = 3ULL << 28; static const uint64_t kWindowsShadowOffset32 = 3ULL << 28;
Show All 32 Lines
static const char *const kAsanAllocasUnpoison = "__asan_allocas_unpoison"; static const char *const kAsanAllocasUnpoison = "__asan_allocas_unpoison";
// Accesses sizes are powers of two: 1, 2, 4, 8, 16. // Accesses sizes are powers of two: 1, 2, 4, 8, 16.
static const size_t kNumberOfAccessSizes = 5; static const size_t kNumberOfAccessSizes = 5;
static const unsigned kAllocaRzSize = 32; static const unsigned kAllocaRzSize = 32;
// Command-line flags. // Command-line flags.
static cl::opt<bool> ClEnableKasan(
"asan-kernel", cl::desc("Enable KernelAddressSanitizer instrumentation"),
samsonovUnsubmitted
Not Done
ReplyInline Actions

Um, asan-kernel? Looks like most of the flags in this file start with asan-, it makes sense to keep it.

samsonov: Um, `asan-kernel`? Looks like most of the flags in this file start with `asan-`, it makes sense…
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

glider: Done
cl::Hidden, cl::init(false));
// This flag may need to be replaced with -f[no-]asan-reads. // This flag may need to be replaced with -f[no-]asan-reads.
static cl::opt<bool> ClInstrumentReads("asan-instrument-reads", static cl::opt<bool> ClInstrumentReads("asan-instrument-reads",
cl::desc("instrument read instructions"), cl::desc("instrument read instructions"),
cl::Hidden, cl::init(true)); cl::Hidden, cl::init(true));
static cl::opt<bool> ClInstrumentWrites( static cl::opt<bool> ClInstrumentWrites(
"asan-instrument-writes", cl::desc("instrument write instructions"), "asan-instrument-writes", cl::desc("instrument write instructions"),
cl::Hidden, cl::init(true)); cl::Hidden, cl::init(true));
▲ Show 20 LinesShow All 184 Lines▼ Show 20 Lines
/// This struct defines the shadow mapping using the rule: /// This struct defines the shadow mapping using the rule:
/// shadow = (mem >> Scale) ADD-or-OR Offset. /// shadow = (mem >> Scale) ADD-or-OR Offset.
struct ShadowMapping { struct ShadowMapping {
int Scale; int Scale;
uint64_t Offset; uint64_t Offset;
bool OrShadowOffset; bool OrShadowOffset;
}; };
static ShadowMapping getShadowMapping(Triple &TargetTriple, int LongSize) { static ShadowMapping getShadowMapping(Triple &TargetTriple, int LongSize,
bool IsKasan) {
bool IsAndroid = TargetTriple.getEnvironment() == llvm::Triple::Android; bool IsAndroid = TargetTriple.getEnvironment() == llvm::Triple::Android;
bool IsIOS = TargetTriple.isiOS(); bool IsIOS = TargetTriple.isiOS();
bool IsFreeBSD = TargetTriple.isOSFreeBSD(); bool IsFreeBSD = TargetTriple.isOSFreeBSD();
bool IsLinux = TargetTriple.isOSLinux(); bool IsLinux = TargetTriple.isOSLinux();
bool IsPPC64 = TargetTriple.getArch() == llvm::Triple::ppc64 || bool IsPPC64 = TargetTriple.getArch() == llvm::Triple::ppc64 ||
TargetTriple.getArch() == llvm::Triple::ppc64le; TargetTriple.getArch() == llvm::Triple::ppc64le;
bool IsX86_64 = TargetTriple.getArch() == llvm::Triple::x86_64; bool IsX86_64 = TargetTriple.getArch() == llvm::Triple::x86_64;
bool IsMIPS32 = TargetTriple.getArch() == llvm::Triple::mips || bool IsMIPS32 = TargetTriple.getArch() == llvm::Triple::mips ||
Show All 18 Lines else if (IsWindows)
Mapping.Offset = kWindowsShadowOffset32; Mapping.Offset = kWindowsShadowOffset32;
else else
Mapping.Offset = kDefaultShadowOffset32; Mapping.Offset = kDefaultShadowOffset32;
} else { // LongSize == 64 } else { // LongSize == 64
if (IsPPC64) if (IsPPC64)
Mapping.Offset = kPPC64_ShadowOffset64; Mapping.Offset = kPPC64_ShadowOffset64;
else if (IsFreeBSD) else if (IsFreeBSD)
Mapping.Offset = kFreeBSD_ShadowOffset64; Mapping.Offset = kFreeBSD_ShadowOffset64;
else if (IsLinux && IsX86_64) else if (IsLinux && IsX86_64) {
if (IsKasan)
Mapping.Offset = kLinuxKasan_ShadowOffset64;
else
Mapping.Offset = kSmallX86_64ShadowOffset; Mapping.Offset = kSmallX86_64ShadowOffset;
else if (IsMIPS64) } else if (IsMIPS64)
Mapping.Offset = kMIPS64_ShadowOffset64; Mapping.Offset = kMIPS64_ShadowOffset64;
else if (IsAArch64) else if (IsAArch64)
Mapping.Offset = kAArch64_ShadowOffset64; Mapping.Offset = kAArch64_ShadowOffset64;
else else
Mapping.Offset = kDefaultShadowOffset64; Mapping.Offset = kDefaultShadowOffset64;
} }
Mapping.Scale = kDefaultShadowScale; Mapping.Scale = kDefaultShadowScale;
Show All 12 Lines
static size_t RedzoneSizeForScale(int MappingScale) { static size_t RedzoneSizeForScale(int MappingScale) {
// Redzone used for stack and globals is at least 32 bytes. // Redzone used for stack and globals is at least 32 bytes.
// For scales 6 and 7, the redzone has to be 64 and 128 bytes respectively. // For scales 6 and 7, the redzone has to be 64 and 128 bytes respectively.
return std::max(32U, 1U << MappingScale); return std::max(32U, 1U << MappingScale);
} }
/// AddressSanitizer: instrument the code in module to find memory bugs. /// AddressSanitizer: instrument the code in module to find memory bugs.
struct AddressSanitizer : public FunctionPass { struct AddressSanitizer : public FunctionPass {
AddressSanitizer() : FunctionPass(ID) { explicit AddressSanitizer(bool CompileKernel = false)
: FunctionPass(ID), CompileKernel(CompileKernel || ClEnableKasan) {
initializeAddressSanitizerPass(*PassRegistry::getPassRegistry()); initializeAddressSanitizerPass(*PassRegistry::getPassRegistry());
samsonovUnsubmitted
Not Done
ReplyInline Actions

nullptr
You can also consider using brace-or-equal initializer here.

samsonov: nullptr You can also consider using brace-or-equal initializer here.
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Added them for the ctor/init functions. What's the policy regarding those in the code?

glider: Added them for the ctor/init functions. What's the policy regarding those in the code?
} }
const char *getPassName() const override { const char *getPassName() const override {
return "AddressSanitizerFunctionPass"; return "AddressSanitizerFunctionPass";
} }
void getAnalysisUsage(AnalysisUsage &AU) const override { void getAnalysisUsage(AnalysisUsage &AU) const override {
AU.addRequired<DominatorTreeWrapperPass>(); AU.addRequired<DominatorTreeWrapperPass>();
AU.addRequired<TargetLibraryInfoWrapperPass>(); AU.addRequired<TargetLibraryInfoWrapperPass>();
} }
▲ Show 20 LinesShow All 45 Lines▼ Show 20 Lines private:
bool LooksLikeCodeInBug11395(Instruction *I); bool LooksLikeCodeInBug11395(Instruction *I);
bool GlobalIsLinkerInitialized(GlobalVariable *G); bool GlobalIsLinkerInitialized(GlobalVariable *G);
bool isSafeAccess(ObjectSizeOffsetVisitor &ObjSizeVis, Value *Addr, bool isSafeAccess(ObjectSizeOffsetVisitor &ObjSizeVis, Value *Addr,
uint64_t TypeSize) const; uint64_t TypeSize) const;
LLVMContext *C; LLVMContext *C;
Triple TargetTriple; Triple TargetTriple;
int LongSize; int LongSize;
bool CompileKernel;
Type *IntptrTy; Type *IntptrTy;
ShadowMapping Mapping; ShadowMapping Mapping;
DominatorTree *DT; DominatorTree *DT;
Function *AsanCtorFunction; Function *AsanCtorFunction = nullptr;
Function *AsanInitFunction; Function *AsanInitFunction = nullptr;
Function *AsanHandleNoReturnFunc; Function *AsanHandleNoReturnFunc;
Function *AsanPtrCmpFunction, *AsanPtrSubFunction; Function *AsanPtrCmpFunction, *AsanPtrSubFunction;
// This array is indexed by AccessIsWrite, Experiment and log2(AccessSize). // This array is indexed by AccessIsWrite, Experiment and log2(AccessSize).
Function *AsanErrorCallback[2][2][kNumberOfAccessSizes]; Function *AsanErrorCallback[2][2][kNumberOfAccessSizes];
Function *AsanMemoryAccessCallback[2][2][kNumberOfAccessSizes]; Function *AsanMemoryAccessCallback[2][2][kNumberOfAccessSizes];
// This array is indexed by AccessIsWrite and Experiment. // This array is indexed by AccessIsWrite and Experiment.
Function *AsanErrorCallbackSized[2][2]; Function *AsanErrorCallbackSized[2][2];
Function *AsanMemoryAccessCallbackSized[2][2]; Function *AsanMemoryAccessCallbackSized[2][2];
Function *AsanMemmove, *AsanMemcpy, *AsanMemset; Function *AsanMemmove, *AsanMemcpy, *AsanMemset;
InlineAsm *EmptyAsm; InlineAsm *EmptyAsm;
GlobalsMetadata GlobalsMD; GlobalsMetadata GlobalsMD;
DenseMap<AllocaInst *, bool> ProcessedAllocas; DenseMap<AllocaInst *, bool> ProcessedAllocas;
friend struct FunctionStackPoisoner; friend struct FunctionStackPoisoner;
}; };
class AddressSanitizerModule : public ModulePass { class AddressSanitizerModule : public ModulePass {
public: public:
AddressSanitizerModule() : ModulePass(ID) {} explicit AddressSanitizerModule(bool CompileKernel = false)
: ModulePass(ID), CompileKernel(CompileKernel || ClEnableKasan) {}
bool runOnModule(Module &M) override; bool runOnModule(Module &M) override;
static char ID; // Pass identification, replacement for typeid static char ID; // Pass identification, replacement for typeid
const char *getPassName() const override { return "AddressSanitizerModule"; } const char *getPassName() const override { return "AddressSanitizerModule"; }
private: private:
void initializeCallbacks(Module &M); void initializeCallbacks(Module &M);
bool InstrumentGlobals(IRBuilder<> &IRB, Module &M); bool InstrumentGlobals(IRBuilder<> &IRB, Module &M);
bool ShouldInstrumentGlobal(GlobalVariable *G); bool ShouldInstrumentGlobal(GlobalVariable *G);
void poisonOneInitializer(Function &GlobalInit, GlobalValue *ModuleName); void poisonOneInitializer(Function &GlobalInit, GlobalValue *ModuleName);
void createInitializerPoisonCalls(Module &M, GlobalValue *ModuleName); void createInitializerPoisonCalls(Module &M, GlobalValue *ModuleName);
size_t MinRedzoneSizeForGlobal() const { size_t MinRedzoneSizeForGlobal() const {
return RedzoneSizeForScale(Mapping.Scale); return RedzoneSizeForScale(Mapping.Scale);
} }
GlobalsMetadata GlobalsMD; GlobalsMetadata GlobalsMD;
bool CompileKernel;
Type *IntptrTy; Type *IntptrTy;
LLVMContext *C; LLVMContext *C;
Triple TargetTriple; Triple TargetTriple;
ShadowMapping Mapping; ShadowMapping Mapping;
Function *AsanPoisonGlobals; Function *AsanPoisonGlobals;
Function *AsanUnpoisonGlobals; Function *AsanUnpoisonGlobals;
Function *AsanRegisterGlobals; Function *AsanRegisterGlobals;
Function *AsanUnregisterGlobals; Function *AsanUnregisterGlobals;
▲ Show 20 LinesShow All 189 Lines▼ Show 20 LinesINITIALIZE_PASS_BEGIN(
AddressSanitizer, "asan", AddressSanitizer, "asan",
"AddressSanitizer: detects use-after-free and out-of-bounds bugs.", false, "AddressSanitizer: detects use-after-free and out-of-bounds bugs.", false,
false) false)
INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass) INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
INITIALIZE_PASS_END( INITIALIZE_PASS_END(
AddressSanitizer, "asan", AddressSanitizer, "asan",
"AddressSanitizer: detects use-after-free and out-of-bounds bugs.", false, "AddressSanitizer: detects use-after-free and out-of-bounds bugs.", false,
false) false)
FunctionPass *llvm::createAddressSanitizerFunctionPass() { FunctionPass *llvm::createAddressSanitizerFunctionPass(bool CompileKernel) {
return new AddressSanitizer(); return new AddressSanitizer(CompileKernel);
} }
char AddressSanitizerModule::ID = 0; char AddressSanitizerModule::ID = 0;
INITIALIZE_PASS( INITIALIZE_PASS(
AddressSanitizerModule, "asan-module", AddressSanitizerModule, "asan-module",
"AddressSanitizer: detects use-after-free and out-of-bounds bugs." "AddressSanitizer: detects use-after-free and out-of-bounds bugs."
"ModulePass", "ModulePass",
false, false) false, false)
ModulePass *llvm::createAddressSanitizerModulePass() { ModulePass *llvm::createAddressSanitizerModulePass(bool CompileKernel) {
return new AddressSanitizerModule(); return new AddressSanitizerModule(CompileKernel);
} }
static size_t TypeSizeToSizeIndex(uint32_t TypeSize) { static size_t TypeSizeToSizeIndex(uint32_t TypeSize) {
size_t Res = countTrailingZeros(TypeSize / 8); size_t Res = countTrailingZeros(TypeSize / 8);
assert(Res < kNumberOfAccessSizes); assert(Res < kNumberOfAccessSizes);
return Res; return Res;
} }
▲ Show 20 LinesShow All 627 Lines▼ Show 20 Linesbool AddressSanitizerModule::InstrumentGlobals(IRBuilder<> &IRB, Module &M) {
return true; return true;
} }
bool AddressSanitizerModule::runOnModule(Module &M) { bool AddressSanitizerModule::runOnModule(Module &M) {
C = &(M.getContext()); C = &(M.getContext());
int LongSize = M.getDataLayout().getPointerSizeInBits(); int LongSize = M.getDataLayout().getPointerSizeInBits();
IntptrTy = Type::getIntNTy(*C, LongSize); IntptrTy = Type::getIntNTy(*C, LongSize);
TargetTriple = Triple(M.getTargetTriple()); TargetTriple = Triple(M.getTargetTriple());
Mapping = getShadowMapping(TargetTriple, LongSize); Mapping = getShadowMapping(TargetTriple, LongSize, CompileKernel);
initializeCallbacks(M); initializeCallbacks(M);
bool Changed = false; bool Changed = false;
samsonovUnsubmitted
Not Done
ReplyInline Actions

Wait a second.... Do you do *anything* in AddressSanitizerModule pass in CompileKernel mode? You don't add module constructor, and you don't instrument globals. Maybe, we should just avoid creating this pass in the first place?

samsonov: Wait a second.... Do you do *anything* in AddressSanitizerModule pass in `CompileKernel` mode?
ygribovUnsubmitted
Not Done
ReplyInline Actions

Or perhaps instrumentation of globals will follow shortly so it's ok to have this pass at hand.

ygribov: Or perhaps instrumentation of globals will follow shortly so it's ok to have this pass at hand.
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Or perhaps instrumentation of globals will follow shortly so it's ok to have this pass at hand.

Exactly, my intention was to add it soon.

glider: > Or perhaps instrumentation of globals will follow shortly so it's ok to have this pass at…
if (ClGlobals && !CompileKernel) {
Function *CtorFunc = M.getFunction(kAsanModuleCtorName); Function *CtorFunc = M.getFunction(kAsanModuleCtorName);
if (!CtorFunc && CompileKernel) {
samsonovUnsubmitted
Not Done
ReplyInline Actions

Wait, this is dead code, right? CompileKernel is known to be false here, as you've checked it in the outer if.

samsonov: Wait, this is dead code, right? `CompileKernel` is known to be false here, as you've checked it…
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Removed the dead code for now. This block will be added back once we enable globals instrumentation.

glider: Removed the dead code for now. This block will be added back once we enable globals…
CtorFunc = Function::Create(
FunctionType::get(Type::getVoidTy(M.getContext()), false),
GlobalValue::InternalLinkage, kAsanModuleCtorName, &M);
BasicBlock *CtorBB = BasicBlock::Create(M.getContext(), "", CtorFunc);
ReturnInst::Create(M.getContext(), CtorBB);
appendToGlobalCtors(M, CtorFunc, kAsanCtorAndDtorPriority);
}
assert(CtorFunc); assert(CtorFunc);
IRBuilder<> IRB(CtorFunc->getEntryBlock().getTerminator()); IRBuilder<> IRB(CtorFunc->getEntryBlock().getTerminator());
Changed |= InstrumentGlobals(IRB, M);
if (ClGlobals) Changed |= InstrumentGlobals(IRB, M); }
return Changed; return Changed;
} }
void AddressSanitizer::initializeCallbacks(Module &M) { void AddressSanitizer::initializeCallbacks(Module &M) {
IRBuilder<> IRB(*C); IRBuilder<> IRB(*C);
// Create __asan_report* callbacks. // Create __asan_report* callbacks.
// IsWrite, TypeSize and Exp are encoded in the function name. // IsWrite, TypeSize and Exp are encoded in the function name.
for (int Exp = 0; Exp < 2; Exp++) { for (int Exp = 0; Exp < 2; Exp++) {
for (size_t AccessIsWrite = 0; AccessIsWrite <= 1; AccessIsWrite++) { for (size_t AccessIsWrite = 0; AccessIsWrite <= 1; AccessIsWrite++) {
const std::string TypeStr = AccessIsWrite ? "store" : "load"; const std::string TypeStr = AccessIsWrite ? "store" : "load";
const std::string ExpStr = Exp ? "exp_" : ""; const std::string ExpStr = Exp ? "exp_" : "";
const std::string SuffixStr = CompileKernel ? "N" : "_n";
ygribovUnsubmitted
Not Done
ReplyInline Actions

Perhaps use "_noabort" suffix to match gcc?

ygribov: Perhaps use "_noabort" suffix to match gcc?
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Looks like I've been comparing to the wrong gcc version, 4.9 didn't have the 'noabort' suffixes. Fixed.

glider: Looks like I've been comparing to the wrong gcc version, 4.9 didn't have the 'noabort' suffixes.
const std::string EndingStr = CompileKernel ? "_noabort" : "";
dvyukovUnsubmitted
Not Done
ReplyInline Actions

we also need to make them actually noabort

dvyukov: we also need to make them actually noabort
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Removed the noabort suffixes for error reporting functions.
Per patch description, only out-of-line instrumentation is supported anyway.

glider: Removed the noabort suffixes for error reporting functions. Per patch description, only out-of…
const Type *ExpType = Exp ? Type::getInt32Ty(*C) : nullptr; const Type *ExpType = Exp ? Type::getInt32Ty(*C) : nullptr;
// TODO(glider): add _noabort to error reporting functions, make them
// actually noabort.
ygribovUnsubmitted
Not Done
ReplyInline Actions

Do you mean to add noabort variants to compiler-rt? That would be nice, especially if you could add -fsanitize-recover to enable those in userspace as well.

ygribov: Do you mean to add noabort variants to compiler-rt? That would be nice, especially if you could…
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

No, I meant just emitting _noabort calls under KASan. I've updated the comment to reflect that.
-fsanitize-recover is kind of orthogonal to this patch.

glider: No, I meant just emitting _noabort calls under KASan. I've updated the comment to reflect that.
AsanErrorCallbackSized[AccessIsWrite][Exp] = AsanErrorCallbackSized[AccessIsWrite][Exp] =
checkSanitizerInterfaceFunction(M.getOrInsertFunction( checkSanitizerInterfaceFunction(M.getOrInsertFunction(
kAsanReportErrorTemplate + ExpStr + TypeStr + "_n", kAsanReportErrorTemplate + ExpStr + TypeStr + SuffixStr,
IRB.getVoidTy(), IntptrTy, IntptrTy, ExpType, nullptr)); IRB.getVoidTy(), IntptrTy, IntptrTy, ExpType, nullptr));
AsanMemoryAccessCallbackSized[AccessIsWrite][Exp] = AsanMemoryAccessCallbackSized[AccessIsWrite][Exp] =
checkSanitizerInterfaceFunction(M.getOrInsertFunction( checkSanitizerInterfaceFunction(M.getOrInsertFunction(
ClMemoryAccessCallbackPrefix + ExpStr + TypeStr + "N", ClMemoryAccessCallbackPrefix + ExpStr + TypeStr + "N" + EndingStr,
IRB.getVoidTy(), IntptrTy, IntptrTy, ExpType, nullptr)); IRB.getVoidTy(), IntptrTy, IntptrTy, ExpType, nullptr));
for (size_t AccessSizeIndex = 0; AccessSizeIndex < kNumberOfAccessSizes; for (size_t AccessSizeIndex = 0; AccessSizeIndex < kNumberOfAccessSizes;
AccessSizeIndex++) { AccessSizeIndex++) {
const std::string Suffix = TypeStr + itostr(1 << AccessSizeIndex); const std::string Suffix = TypeStr + itostr(1 << AccessSizeIndex);
AsanErrorCallback[AccessIsWrite][Exp][AccessSizeIndex] = AsanErrorCallback[AccessIsWrite][Exp][AccessSizeIndex] =
checkSanitizerInterfaceFunction(M.getOrInsertFunction( checkSanitizerInterfaceFunction(M.getOrInsertFunction(
kAsanReportErrorTemplate + ExpStr + Suffix, IRB.getVoidTy(), kAsanReportErrorTemplate + ExpStr + Suffix,
IntptrTy, ExpType, nullptr)); IRB.getVoidTy(), IntptrTy, ExpType, nullptr));
AsanMemoryAccessCallback[AccessIsWrite][Exp][AccessSizeIndex] = AsanMemoryAccessCallback[AccessIsWrite][Exp][AccessSizeIndex] =
checkSanitizerInterfaceFunction(M.getOrInsertFunction( checkSanitizerInterfaceFunction(M.getOrInsertFunction(
ClMemoryAccessCallbackPrefix + ExpStr + Suffix, IRB.getVoidTy(), ClMemoryAccessCallbackPrefix + ExpStr + Suffix + EndingStr,
IntptrTy, ExpType, nullptr)); IRB.getVoidTy(), IntptrTy, ExpType, nullptr));
} }
} }
} }
const std::string MemIntrinCallbackPrefix =
CompileKernel ? std::string("") : ClMemoryAccessCallbackPrefix;
samsonovUnsubmitted
Not Done
ReplyInline Actions

Hm... So you don't have __asan_memset() in the kernel. Maybe, we shouldn't instrument mem intrinsics in this case at all, not replace intrinisics with call to plain memset()?

samsonov: Hm... So you don't have __asan_memset() in the kernel. Maybe, we shouldn't instrument mem…
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

mm/kasan/kasan.c redefines memset() et al. making them call __asan_{load,store}N (see https://github.com/ramosian-glider/kasan/blob/kasan_llvmlinux/mm/kasan/kasan.c#L263), so we just replace the intrinsics with calls to memset().

glider: mm/kasan/kasan.c redefines memset() et al. making them call __asan_{load,store}N (see https…
AsanMemmove = checkSanitizerInterfaceFunction(M.getOrInsertFunction( AsanMemmove = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
ClMemoryAccessCallbackPrefix + "memmove", IRB.getInt8PtrTy(), MemIntrinCallbackPrefix + "memmove", IRB.getInt8PtrTy(),
IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy, nullptr)); IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy, nullptr));
AsanMemcpy = checkSanitizerInterfaceFunction(M.getOrInsertFunction( AsanMemcpy = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
ClMemoryAccessCallbackPrefix + "memcpy", IRB.getInt8PtrTy(), MemIntrinCallbackPrefix + "memcpy", IRB.getInt8PtrTy(),
IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy, nullptr)); IRB.getInt8PtrTy(), IRB.getInt8PtrTy(), IntptrTy, nullptr));
AsanMemset = checkSanitizerInterfaceFunction(M.getOrInsertFunction( AsanMemset = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
ClMemoryAccessCallbackPrefix + "memset", IRB.getInt8PtrTy(), MemIntrinCallbackPrefix + "memset", IRB.getInt8PtrTy(),
IRB.getInt8PtrTy(), IRB.getInt32Ty(), IntptrTy, nullptr)); IRB.getInt8PtrTy(), IRB.getInt32Ty(), IntptrTy, nullptr));
AsanHandleNoReturnFunc = checkSanitizerInterfaceFunction( AsanHandleNoReturnFunc = checkSanitizerInterfaceFunction(
M.getOrInsertFunction(kAsanHandleNoReturnName, IRB.getVoidTy(), nullptr)); M.getOrInsertFunction(kAsanHandleNoReturnName, IRB.getVoidTy(), nullptr));
AsanPtrCmpFunction = checkSanitizerInterfaceFunction(M.getOrInsertFunction( AsanPtrCmpFunction = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
kAsanPtrCmp, IRB.getVoidTy(), IntptrTy, IntptrTy, nullptr)); kAsanPtrCmp, IRB.getVoidTy(), IntptrTy, IntptrTy, nullptr));
AsanPtrSubFunction = checkSanitizerInterfaceFunction(M.getOrInsertFunction( AsanPtrSubFunction = checkSanitizerInterfaceFunction(M.getOrInsertFunction(
Show All 10 Linesbool AddressSanitizer::doInitialization(Module &M) {
GlobalsMD.init(M); GlobalsMD.init(M);
C = &(M.getContext()); C = &(M.getContext());
LongSize = M.getDataLayout().getPointerSizeInBits(); LongSize = M.getDataLayout().getPointerSizeInBits();
IntptrTy = Type::getIntNTy(*C, LongSize); IntptrTy = Type::getIntNTy(*C, LongSize);
TargetTriple = Triple(M.getTargetTriple()); TargetTriple = Triple(M.getTargetTriple());
if (!CompileKernel) {
std::tie(AsanCtorFunction, AsanInitFunction) = std::tie(AsanCtorFunction, AsanInitFunction) =
samsonovUnsubmitted
Not Done
ReplyInline Actions

You will access uninitialized memory in AddressSanitizer::runOnFunction (potentially in AddressSanitizer::maybeInsertAsanInitAtFunctionEntry as well, but the latter is relevant only for Mac).

samsonov: You will access uninitialized memory in `AddressSanitizer::runOnFunction` (potentially in…
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

In fact I didn't fully understand this piece before. I've looked std::tie up and it's more clear to me now.
Moved the assignment outside the condition (or shall we NULL-initialize these fields instead?)

glider: In fact I didn't fully understand this piece before. I've looked std::tie up and it's more…
samsonovUnsubmitted
Not Done
ReplyInline Actions

I would actually prefer a null initialization, as it's weird to create functions that would never be called in KASan mode.

samsonov: I would actually prefer a null initialization, as it's weird to create functions that would…
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Done.

glider: Done.
createSanitizerCtorAndInitFunctions(M, kAsanModuleCtorName, kAsanInitName, createSanitizerCtorAndInitFunctions(M, kAsanModuleCtorName, kAsanInitName,
/*InitArgTypes=*/{}, /*InitArgTypes=*/{},
/*InitArgs=*/{}); /*InitArgs=*/{});
Mapping = getShadowMapping(TargetTriple, LongSize);
appendToGlobalCtors(M, AsanCtorFunction, kAsanCtorAndDtorPriority); appendToGlobalCtors(M, AsanCtorFunction, kAsanCtorAndDtorPriority);
}
Mapping = getShadowMapping(TargetTriple, LongSize, CompileKernel);
return true; return true;
} }
bool AddressSanitizer::maybeInsertAsanInitAtFunctionEntry(Function &F) { bool AddressSanitizer::maybeInsertAsanInitAtFunctionEntry(Function &F) {
// For each NSObject descendant having a +load method, this method is invoked // For each NSObject descendant having a +load method, this method is invoked
// by the ObjC runtime before any of the static constructors is called. // by the ObjC runtime before any of the static constructors is called.
// Therefore we need to instrument such methods with a call to __asan_init // Therefore we need to instrument such methods with a call to __asan_init
// at the beginning in order to initialize our runtime before any access to // at the beginning in order to initialize our runtime before any access to
▲ Show 20 LinesShow All 64 Lines▼ Show 20 Lines for (auto &Inst : BB) {
} }
continue; continue;
} }
ToInstrument.push_back(&Inst); ToInstrument.push_back(&Inst);
NumInsnsPerBB++; NumInsnsPerBB++;
if (NumInsnsPerBB >= ClMaxInsnsToInstrumentPerBB) break; if (NumInsnsPerBB >= ClMaxInsnsToInstrumentPerBB) break;
} }
} }
bool UseCalls = false; bool UseCalls =
samsonovUnsubmitted
Not Done
ReplyInline Actions
bool UseCalls = CompileKernel || (ClInstrumentationWithCallsThreshold >= 0 && ...);
samsonov: bool UseCalls = CompileKernel || (ClInstrumentationWithCallsThreshold >= 0 && ...);
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Done.

glider: Done.
if (ClInstrumentationWithCallsThreshold >= 0 && CompileKernel ||
ToInstrument.size() > (unsigned)ClInstrumentationWithCallsThreshold) (ClInstrumentationWithCallsThreshold >= 0 &&
UseCalls = true; ToInstrument.size() > (unsigned)ClInstrumentationWithCallsThreshold);
const TargetLibraryInfo *TLI = const TargetLibraryInfo *TLI =
&getAnalysis<TargetLibraryInfoWrapperPass>().getTLI(); &getAnalysis<TargetLibraryInfoWrapperPass>().getTLI();
const DataLayout &DL = F.getParent()->getDataLayout(); const DataLayout &DL = F.getParent()->getDataLayout();
ObjectSizeOffsetVisitor ObjSizeVis(DL, TLI, F.getContext(), ObjectSizeOffsetVisitor ObjSizeVis(DL, TLI, F.getContext(),
/*RoundToAlign=*/true); /*RoundToAlign=*/true);
// Instrument. // Instrument.
int NumInstrumented = 0; int NumInstrumented = 0;
▲ Show 20 LinesShow All 198 Lines▼ Show 20 Linesvoid FunctionStackPoisoner::poisonStack() {
} }
// Minimal header size (left redzone) is 4 pointers, // Minimal header size (left redzone) is 4 pointers,
// i.e. 32 bytes on 64-bit platforms and 16 bytes in 32-bit platforms. // i.e. 32 bytes on 64-bit platforms and 16 bytes in 32-bit platforms.
size_t MinHeaderSize = ASan.LongSize / 2; size_t MinHeaderSize = ASan.LongSize / 2;
ASanStackFrameLayout L; ASanStackFrameLayout L;
ComputeASanStackFrameLayout(SVD, 1UL << Mapping.Scale, MinHeaderSize, &L); ComputeASanStackFrameLayout(SVD, 1UL << Mapping.Scale, MinHeaderSize, &L);
DEBUG(dbgs() << L.DescriptionString << " --- " << L.FrameSize << "\n"); DEBUG(dbgs() << L.DescriptionString << " --- " << L.FrameSize << "\n");
uint64_t LocalStackSize = L.FrameSize; uint64_t LocalStackSize = L.FrameSize;
bool DoStackMalloc = bool DoStackMalloc = ClUseAfterReturn && !ASan.CompileKernel &&
ClUseAfterReturn && LocalStackSize <= kMaxStackMallocSize; LocalStackSize <= kMaxStackMallocSize;
// Don't do dynamic alloca in presence of inline asm: too often it makes // Don't do dynamic alloca in presence of inline asm: too often it makes
// assumptions on which registers are available. Don't do stack malloc in the // assumptions on which registers are available. Don't do stack malloc in the
// presence of inline asm on 32-bit platforms for the same reason. // presence of inline asm on 32-bit platforms for the same reason.
bool DoDynamicAlloca = ClDynamicAllocaStack && !HasNonEmptyInlineAsm; bool DoDynamicAlloca = ClDynamicAllocaStack && !HasNonEmptyInlineAsm;
DoStackMalloc &= !HasNonEmptyInlineAsm || ASan.LongSize != 32; DoStackMalloc &= !HasNonEmptyInlineAsm || ASan.LongSize != 32;
Value *StaticAlloca = Value *StaticAlloca =
DoDynamicAlloca ? nullptr : createAllocaForLayout(IRB, L, false); DoDynamicAlloca ? nullptr : createAllocaForLayout(IRB, L, false);
▲ Show 20 LinesShow All 276 LinesShow Last 20 Lines

tools/clang/include/clang/Basic/Sanitizers.h

Show First 20 LinesShow All 46 Lines▼ Show 20 Lines
} }
struct SanitizerSet { struct SanitizerSet {
SanitizerSet(); SanitizerSet();
/// \brief Check if a certain (single) sanitizer is enabled. /// \brief Check if a certain (single) sanitizer is enabled.
bool has(SanitizerMask K) const; bool has(SanitizerMask K) const;
/// \brief Check if one or more sanitizers are enabled.
bool hasOneOf(SanitizerMask K) const;
samsonovUnsubmitted
Not Done
ReplyInline Actions

Um, no, I mean to add hasOneOf method that would take ArrayRef of sanitizer kinds and return true iff at least one of them is enabled. Then you could call it as...

samsonov: Um, no, I mean to add `hasOneOf` method that would take ArrayRef of sanitizer kinds and return…
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

This is basically the has() method without the llvm::countPopulation(K) == 1 check.
Why not use a mask instead of an ArrayRef?

glider: This is basically the `has()` method without the `llvm::countPopulation(K) == 1` check. Why not…
samsonovUnsubmitted
Not Done
ReplyInline Actions

Yeah, using the mask is also ok. But let's make the name different, so that has() method would still always accept a single sanitizer.

samsonov: Yeah, using the mask is also ok. But let's make the name different, so that `has()` method…
/// \brief Enable or disable a certain (single) sanitizer. /// \brief Enable or disable a certain (single) sanitizer.
void set(SanitizerMask K, bool Value); void set(SanitizerMask K, bool Value);
/// \brief Disable all sanitizers. /// \brief Disable all sanitizers.
void clear(); void clear();
/// \brief Returns true if at least one sanitizer is enabled. /// \brief Returns true if at least one sanitizer is enabled.
bool empty() const; bool empty() const;
Show All 16 Lines

tools/clang/include/clang/Basic/Sanitizers.def

Show All 35 Lines
#ifndef SANITIZER_GROUP #ifndef SANITIZER_GROUP
#define SANITIZER_GROUP(NAME, ID, ALIAS) #define SANITIZER_GROUP(NAME, ID, ALIAS)
#endif #endif
// AddressSanitizer // AddressSanitizer
SANITIZER("address", Address) SANITIZER("address", Address)
// Kernel AddressSanitizer (KASan)
samsonovUnsubmitted
Not Done
ReplyInline Actions

What is the "correct" way to capitalize it? KASAN? KASan?

samsonov: What is the "correct" way to capitalize it? KASAN? KASan?
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

It hasn't been established yet, but Dima says we prefer "KASan" (which surprised me). Fixed here and in tools/clang/lib/CodeGen/CodeGenModule.cpp

glider: It hasn't been established yet, but Dima says we prefer "KASan" (which surprised me). Fixed…
SANITIZER("kernel-address", KernelAddress)
// MemorySanitizer // MemorySanitizer
SANITIZER("memory", Memory) SANITIZER("memory", Memory)
// ThreadSanitizer // ThreadSanitizer
SANITIZER("thread", Thread) SANITIZER("thread", Thread)
// LeakSanitizer // LeakSanitizer
SANITIZER("leak", Leak) SANITIZER("leak", Leak)
▲ Show 20 LinesShow All 67 LinesShow Last 20 Lines

tools/clang/lib/AST/Decl.cpp

Show First 20 LinesShow All 3,675 Lines▼ Show 20 Lines if (Decls.empty())
return; return;
std::tie(FirstDecl, LastDecl) = BuildDeclChain(Decls, std::tie(FirstDecl, LastDecl) = BuildDeclChain(Decls,
/*FieldsAlreadyLoaded=*/false); /*FieldsAlreadyLoaded=*/false);
} }
bool RecordDecl::mayInsertExtraPadding(bool EmitRemark) const { bool RecordDecl::mayInsertExtraPadding(bool EmitRemark) const {
ASTContext &Context = getASTContext(); ASTContext &Context = getASTContext();
if (!Context.getLangOpts().Sanitize.has(SanitizerKind::Address) || if (!(Context.getLangOpts().Sanitize.hasOneOf(
SanitizerKind::Address | SanitizerKind::KernelAddress)) ||
samsonovUnsubmitted
Not Done
ReplyInline Actions

Wow, that's hard to parse. I'd vote for adding a method to SanitizerSet

if (!Context.getLangOpts().Sanitize.hasOneOf(SanitizerKind::Address, SanitizerKind::KernelAddress)
  ...

That would also be useful in several places below.

samsonov: Wow, that's hard to parse. I'd vote for adding a method to `SanitizerSet` if (!Context.
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

I've added SanitizerSet::hasAsanOrKasan() -- did you mean that?

glider: I've added SanitizerSet::hasAsanOrKasan() -- did you mean that?
samsonovUnsubmitted
Not Done
ReplyInline Actions
Context.getLangOpts().Sanitize.hasOneOf({SanitizerKind::Address, SanitizerKind::KernelAddress})
samsonov: Context.getLangOpts().Sanitize.hasOneOf({SanitizerKind::Address, SanitizerKind…
samsonovUnsubmitted
Not Done
ReplyInline Actions

remove extra parens around hasOneOf call

samsonov: remove extra parens around `hasOneOf` call
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Indeed.

glider: Indeed.
!Context.getLangOpts().SanitizeAddressFieldPadding) !Context.getLangOpts().SanitizeAddressFieldPadding)
return false; return false;
const auto &Blacklist = Context.getSanitizerBlacklist(); const auto &Blacklist = Context.getSanitizerBlacklist();
const CXXRecordDecl *CXXRD = dyn_cast<CXXRecordDecl>(this); const CXXRecordDecl *CXXRD = dyn_cast<CXXRecordDecl>(this);
// We may be able to relax some of these requirements. // We may be able to relax some of these requirements.
int ReasonToReject = -1; int ReasonToReject = -1;
if (!CXXRD || CXXRD->isExternCContext()) if (!CXXRD || CXXRD->isExternCContext())
ReasonToReject = 0; // is not C++. ReasonToReject = 0; // is not C++.
▲ Show 20 LinesShow All 401 LinesShow Last 20 Lines

tools/clang/lib/Basic/Sanitizers.cpp

Show All 19 Lines
SanitizerSet::SanitizerSet() : Mask(0) {} SanitizerSet::SanitizerSet() : Mask(0) {}
bool SanitizerSet::has(SanitizerMask K) const { bool SanitizerSet::has(SanitizerMask K) const {
assert(llvm::countPopulation(K) == 1); assert(llvm::countPopulation(K) == 1);
return Mask & K; return Mask & K;
} }
bool SanitizerSet::hasOneOf(SanitizerMask K) const {
return Mask & K;
}
void SanitizerSet::set(SanitizerMask K, bool Value) { void SanitizerSet::set(SanitizerMask K, bool Value) {
assert(llvm::countPopulation(K) == 1); assert(llvm::countPopulation(K) == 1);
Mask = Value ? (Mask | K) : (Mask & ~K); Mask = Value ? (Mask | K) : (Mask & ~K);
} }
void SanitizerSet::clear() { void SanitizerSet::clear() {
Mask = 0; Mask = 0;
} }
Show All 23 Lines

tools/clang/lib/CodeGen/BackendUtil.cpp

Show First 20 LinesShow All 194 Lines▼ Show 20 Linesstatic void addSanitizerCoveragePass(const PassManagerBuilder &Builder,
Opts.IndirectCalls = CGOpts.SanitizeCoverageIndirectCalls; Opts.IndirectCalls = CGOpts.SanitizeCoverageIndirectCalls;
Opts.TraceBB = CGOpts.SanitizeCoverageTraceBB; Opts.TraceBB = CGOpts.SanitizeCoverageTraceBB;
Opts.TraceCmp = CGOpts.SanitizeCoverageTraceCmp; Opts.TraceCmp = CGOpts.SanitizeCoverageTraceCmp;
Opts.Use8bitCounters = CGOpts.SanitizeCoverage8bitCounters; Opts.Use8bitCounters = CGOpts.SanitizeCoverage8bitCounters;
PM.add(createSanitizerCoverageModulePass(Opts)); PM.add(createSanitizerCoverageModulePass(Opts));
} }
static void addAddressSanitizerPasses(const PassManagerBuilder &Builder, static void addAddressSanitizerPasses(const PassManagerBuilder &Builder,
legacy::PassManagerBase &PM) { legacy::PassManagerBase &PM) {
PM.add(createAddressSanitizerFunctionPass()); PM.add(createAddressSanitizerFunctionPass(/*CompileKernel*/false));
samsonovUnsubmitted
Not Done
ReplyInline Actions

Pass false here.

samsonov: Pass false here.
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

glider: Done
PM.add(createAddressSanitizerModulePass()); PM.add(createAddressSanitizerModulePass(/*CompileKernel*/false));
}
static void addKernelAddressSanitizerPasses(const PassManagerBuilder &Builder,
legacy::PassManagerBase &PM) {
PM.add(createAddressSanitizerFunctionPass(/*CompileKernel*/true));
PM.add(createAddressSanitizerModulePass(/*CompileKernel*/true));
} }
static void addMemorySanitizerPass(const PassManagerBuilder &Builder, static void addMemorySanitizerPass(const PassManagerBuilder &Builder,
legacy::PassManagerBase &PM) { legacy::PassManagerBase &PM) {
const PassManagerBuilderWrapper &BuilderWrapper = const PassManagerBuilderWrapper &BuilderWrapper =
static_cast<const PassManagerBuilderWrapper&>(Builder); static_cast<const PassManagerBuilderWrapper&>(Builder);
samsonovUnsubmitted
Not Done
ReplyInline Actions

See note above - I'm not sure we need a module pass for that.

samsonov: See note above - I'm not sure we need a module pass for that.
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Can we keep it provided that we'll have module-level instrumentation soon?

glider: Can we keep it provided that we'll have module-level instrumentation soon?
const CodeGenOptions &CGOpts = BuilderWrapper.getCGOpts(); const CodeGenOptions &CGOpts = BuilderWrapper.getCGOpts();
PM.add(createMemorySanitizerPass(CGOpts.SanitizeMemoryTrackOrigins)); PM.add(createMemorySanitizerPass(CGOpts.SanitizeMemoryTrackOrigins));
// MemorySanitizer inserts complex instrumentation that mostly follows // MemorySanitizer inserts complex instrumentation that mostly follows
// the logic of the original code, but operates on "shadow" values. // the logic of the original code, but operates on "shadow" values.
// It can benefit from re-running some general purpose optimization passes. // It can benefit from re-running some general purpose optimization passes.
if (Builder.OptLevel > 0) { if (Builder.OptLevel > 0) {
PM.add(createEarlyCSEPass()); PM.add(createEarlyCSEPass());
▲ Show 20 LinesShow All 103 Lines▼ Show 20 Linesvoid EmitAssemblyHelper::CreatePasses() {
if (LangOpts.Sanitize.has(SanitizerKind::Address)) { if (LangOpts.Sanitize.has(SanitizerKind::Address)) {
PMBuilder.addExtension(PassManagerBuilder::EP_OptimizerLast, PMBuilder.addExtension(PassManagerBuilder::EP_OptimizerLast,
addAddressSanitizerPasses); addAddressSanitizerPasses);
PMBuilder.addExtension(PassManagerBuilder::EP_EnabledOnOptLevel0, PMBuilder.addExtension(PassManagerBuilder::EP_EnabledOnOptLevel0,
addAddressSanitizerPasses); addAddressSanitizerPasses);
} }
if (LangOpts.Sanitize.has(SanitizerKind::KernelAddress)) {
PMBuilder.addExtension(PassManagerBuilder::EP_OptimizerLast,
addKernelAddressSanitizerPasses);
PMBuilder.addExtension(PassManagerBuilder::EP_EnabledOnOptLevel0,
addKernelAddressSanitizerPasses);
}
if (LangOpts.Sanitize.has(SanitizerKind::Memory)) { if (LangOpts.Sanitize.has(SanitizerKind::Memory)) {
PMBuilder.addExtension(PassManagerBuilder::EP_OptimizerLast, PMBuilder.addExtension(PassManagerBuilder::EP_OptimizerLast,
addMemorySanitizerPass); addMemorySanitizerPass);
PMBuilder.addExtension(PassManagerBuilder::EP_EnabledOnOptLevel0, PMBuilder.addExtension(PassManagerBuilder::EP_EnabledOnOptLevel0,
addMemorySanitizerPass); addMemorySanitizerPass);
} }
if (LangOpts.Sanitize.has(SanitizerKind::Thread)) { if (LangOpts.Sanitize.has(SanitizerKind::Thread)) {
▲ Show 20 LinesShow All 327 LinesShow Last 20 Lines

tools/clang/lib/CodeGen/CGDeclCXX.cpp

Show First 20 LinesShow All 261 Lines▼ Show 20 Linesllvm::Function *CodeGenModule::CreateGlobalInitOrDestructFunction(
SetLLVMFunctionAttributes(nullptr, getTypes().arrangeNullaryFunction(), Fn); SetLLVMFunctionAttributes(nullptr, getTypes().arrangeNullaryFunction(), Fn);
Fn->setCallingConv(getRuntimeCC()); Fn->setCallingConv(getRuntimeCC());
if (!getLangOpts().Exceptions) if (!getLangOpts().Exceptions)
Fn->setDoesNotThrow(); Fn->setDoesNotThrow();
if (!isInSanitizerBlacklist(Fn, Loc)) { if (!isInSanitizerBlacklist(Fn, Loc)) {
if (getLangOpts().Sanitize.has(SanitizerKind::Address)) if (getLangOpts().Sanitize.has(SanitizerKind::Address) ||
samsonovUnsubmitted
Not Done
ReplyInline Actions

hasOneOf

samsonov: `hasOneOf`
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

glider: Done
getLangOpts().Sanitize.has(SanitizerKind::KernelAddress))
Fn->addFnAttr(llvm::Attribute::SanitizeAddress); Fn->addFnAttr(llvm::Attribute::SanitizeAddress);
if (getLangOpts().Sanitize.has(SanitizerKind::Thread)) if (getLangOpts().Sanitize.has(SanitizerKind::Thread))
Fn->addFnAttr(llvm::Attribute::SanitizeThread); Fn->addFnAttr(llvm::Attribute::SanitizeThread);
if (getLangOpts().Sanitize.has(SanitizerKind::Memory)) if (getLangOpts().Sanitize.has(SanitizerKind::Memory))
Fn->addFnAttr(llvm::Attribute::SanitizeMemory); Fn->addFnAttr(llvm::Attribute::SanitizeMemory);
if (getLangOpts().Sanitize.has(SanitizerKind::SafeStack)) if (getLangOpts().Sanitize.has(SanitizerKind::SafeStack))
Fn->addFnAttr(llvm::Attribute::SafeStack); Fn->addFnAttr(llvm::Attribute::SafeStack);
} }
▲ Show 20 LinesShow All 320 LinesShow Last 20 Lines

tools/clang/lib/CodeGen/CodeGenFunction.cpp

Show First 20 LinesShow All 609 Lines▼ Show 20 Linesvoid CodeGenFunction::StartFunction(GlobalDecl GD,
if (D) { if (D) {
// Apply the no_sanitize* attributes to SanOpts. // Apply the no_sanitize* attributes to SanOpts.
for (auto Attr : D->specific_attrs<NoSanitizeAttr>()) for (auto Attr : D->specific_attrs<NoSanitizeAttr>())
SanOpts.Mask &= ~Attr->getMask(); SanOpts.Mask &= ~Attr->getMask();
} }
// Apply sanitizer attributes to the function. // Apply sanitizer attributes to the function.
if (SanOpts.has(SanitizerKind::Address)) if (SanOpts.hasOneOf(SanitizerKind::Address | SanitizerKind::KernelAddress))
Fn->addFnAttr(llvm::Attribute::SanitizeAddress); Fn->addFnAttr(llvm::Attribute::SanitizeAddress);
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Note I'm using the same attribute for both userspace and kernel instrumentation. I think we don't need to distinguish between them.

glider: Note I'm using the same attribute for both userspace and kernel instrumentation. I think we…
if (SanOpts.has(SanitizerKind::Thread)) if (SanOpts.has(SanitizerKind::Thread))
Fn->addFnAttr(llvm::Attribute::SanitizeThread); Fn->addFnAttr(llvm::Attribute::SanitizeThread);
if (SanOpts.has(SanitizerKind::Memory)) if (SanOpts.has(SanitizerKind::Memory))
Fn->addFnAttr(llvm::Attribute::SanitizeMemory); Fn->addFnAttr(llvm::Attribute::SanitizeMemory);
if (SanOpts.has(SanitizerKind::SafeStack)) if (SanOpts.has(SanitizerKind::SafeStack))
Fn->addFnAttr(llvm::Attribute::SafeStack); Fn->addFnAttr(llvm::Attribute::SafeStack);
// Pass inline keyword to optimizer if it appears explicitly on any // Pass inline keyword to optimizer if it appears explicitly on any
▲ Show 20 LinesShow All 1,147 LinesShow Last 20 Lines

tools/clang/lib/CodeGen/CodeGenModule.cpp

Show First 20 LinesShow All 1,212 Lines▼ Show 20 Lines if (const auto *MainFile = SM.getFileEntryForID(SM.getMainFileID())) {
return SanitizerBL.isBlacklistedFile(MainFile->getName()); return SanitizerBL.isBlacklistedFile(MainFile->getName());
} }
return false; return false;
} }
bool CodeGenModule::isInSanitizerBlacklist(llvm::GlobalVariable *GV, bool CodeGenModule::isInSanitizerBlacklist(llvm::GlobalVariable *GV,
SourceLocation Loc, QualType Ty, SourceLocation Loc, QualType Ty,
StringRef Category) const { StringRef Category) const {
// For now globals can be blacklisted only in ASan. // For now globals can be blacklisted only in ASan and KASan.
if (!LangOpts.Sanitize.has(SanitizerKind::Address)) if (!LangOpts.Sanitize.hasOneOf(
SanitizerKind::Address | SanitizerKind::KernelAddress))
return false; return false;
const auto &SanitizerBL = getContext().getSanitizerBlacklist(); const auto &SanitizerBL = getContext().getSanitizerBlacklist();
if (SanitizerBL.isBlacklistedGlobal(GV->getName(), Category)) if (SanitizerBL.isBlacklistedGlobal(GV->getName(), Category))
return true; return true;
if (SanitizerBL.isBlacklistedLocation(Loc, Category)) if (SanitizerBL.isBlacklistedLocation(Loc, Category))
return true; return true;
// Check global type. // Check global type.
if (!Ty.isNull()) { if (!Ty.isNull()) {
▲ Show 20 LinesShow All 2,431 LinesShow Last 20 Lines

tools/clang/lib/CodeGen/SanitizerMetadata.cpp

Show All 19 Lines
using namespace CodeGen; using namespace CodeGen;
SanitizerMetadata::SanitizerMetadata(CodeGenModule &CGM) : CGM(CGM) {} SanitizerMetadata::SanitizerMetadata(CodeGenModule &CGM) : CGM(CGM) {}
void SanitizerMetadata::reportGlobalToASan(llvm::GlobalVariable *GV, void SanitizerMetadata::reportGlobalToASan(llvm::GlobalVariable *GV,
SourceLocation Loc, StringRef Name, SourceLocation Loc, StringRef Name,
QualType Ty, bool IsDynInit, QualType Ty, bool IsDynInit,
bool IsBlacklisted) { bool IsBlacklisted) {
if (!CGM.getLangOpts().Sanitize.has(SanitizerKind::Address)) if (!CGM.getLangOpts().Sanitize.hasOneOf(SanitizerKind::Address |
samsonovUnsubmitted
Not Done
ReplyInline Actions

(here and below)
I think you don't do anything with globals in KASan. Or you want to add it in the following changes soon?

samsonov: (here and below) I think you don't do anything with globals in KASan. Or you want to add it in…
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Yes, I'm about to add globals support soon, it's just not working properly yet.

glider: Yes, I'm about to add globals support soon, it's just not working properly yet.
SanitizerKind::KernelAddress))
return; return;
IsDynInit &= !CGM.isInSanitizerBlacklist(GV, Loc, Ty, "init"); IsDynInit &= !CGM.isInSanitizerBlacklist(GV, Loc, Ty, "init");
IsBlacklisted |= CGM.isInSanitizerBlacklist(GV, Loc, Ty); IsBlacklisted |= CGM.isInSanitizerBlacklist(GV, Loc, Ty);
llvm::Metadata *LocDescr = nullptr; llvm::Metadata *LocDescr = nullptr;
llvm::Metadata *GlobalName = nullptr; llvm::Metadata *GlobalName = nullptr;
llvm::LLVMContext &VMContext = CGM.getLLVMContext(); llvm::LLVMContext &VMContext = CGM.getLLVMContext();
if (!IsBlacklisted) { if (!IsBlacklisted) {
Show All 14 Linesvoid SanitizerMetadata::reportGlobalToASan(llvm::GlobalVariable *GV,
llvm::MDNode *ThisGlobal = llvm::MDNode::get(VMContext, GlobalMetadata); llvm::MDNode *ThisGlobal = llvm::MDNode::get(VMContext, GlobalMetadata);
llvm::NamedMDNode *AsanGlobals = llvm::NamedMDNode *AsanGlobals =
CGM.getModule().getOrInsertNamedMetadata("llvm.asan.globals"); CGM.getModule().getOrInsertNamedMetadata("llvm.asan.globals");
AsanGlobals->addOperand(ThisGlobal); AsanGlobals->addOperand(ThisGlobal);
} }
void SanitizerMetadata::reportGlobalToASan(llvm::GlobalVariable *GV, void SanitizerMetadata::reportGlobalToASan(llvm::GlobalVariable *GV,
const VarDecl &D, bool IsDynInit) { const VarDecl &D, bool IsDynInit) {
if (!CGM.getLangOpts().Sanitize.has(SanitizerKind::Address)) if (!CGM.getLangOpts().Sanitize.hasOneOf(SanitizerKind::Address |
SanitizerKind::KernelAddress))
return; return;
std::string QualName; std::string QualName;
llvm::raw_string_ostream OS(QualName); llvm::raw_string_ostream OS(QualName);
D.printQualifiedName(OS); D.printQualifiedName(OS);
reportGlobalToASan(GV, D.getLocation(), OS.str(), D.getType(), IsDynInit); reportGlobalToASan(GV, D.getLocation(), OS.str(), D.getType(), IsDynInit);
} }
void SanitizerMetadata::disableSanitizerForGlobal(llvm::GlobalVariable *GV) { void SanitizerMetadata::disableSanitizerForGlobal(llvm::GlobalVariable *GV) {
// For now, just make sure the global is not modified by the ASan // For now, just make sure the global is not modified by the ASan
// instrumentation. // instrumentation.
if (CGM.getLangOpts().Sanitize.has(SanitizerKind::Address)) if (CGM.getLangOpts().Sanitize.hasOneOf(SanitizerKind::Address |
SanitizerKind::KernelAddress))
reportGlobalToASan(GV, SourceLocation(), "", QualType(), false, true); reportGlobalToASan(GV, SourceLocation(), "", QualType(), false, true);
} }
void SanitizerMetadata::disableSanitizerForInstruction(llvm::Instruction *I) { void SanitizerMetadata::disableSanitizerForInstruction(llvm::Instruction *I) {
I->setMetadata(CGM.getModule().getMDKindID("nosanitize"), I->setMetadata(CGM.getModule().getMDKindID("nosanitize"),
llvm::MDNode::get(CGM.getLLVMContext(), None)); llvm::MDNode::get(CGM.getLLVMContext(), None));
} }
Show All 14 Lines

tools/clang/lib/Driver/SanitizerArgs.cpp

Show First 20 LinesShow All 243 Lines▼ Show 20 Lines D.Diag(clang::diag::err_drv_argument_not_allowed_with)
<< "-fsanitize-undefined-trap-on-error"; << "-fsanitize-undefined-trap-on-error";
Kinds &= ~NotAllowedWithTrap; Kinds &= ~NotAllowedWithTrap;
} }
// Warn about incompatible groups of sanitizers. // Warn about incompatible groups of sanitizers.
std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = { std::pair<SanitizerMask, SanitizerMask> IncompatibleGroups[] = {
std::make_pair(Address, Thread), std::make_pair(Address, Memory), std::make_pair(Address, Thread), std::make_pair(Address, Memory),
std::make_pair(Thread, Memory), std::make_pair(Leak, Thread), std::make_pair(Thread, Memory), std::make_pair(Leak, Thread),
std::make_pair(Leak, Memory)}; std::make_pair(Leak, Memory), std::make_pair(KernelAddress, Address),
std::make_pair(KernelAddress, Leak),
std::make_pair(KernelAddress, Thread),
std::make_pair(KernelAddress, Memory)};
for (auto G : IncompatibleGroups) { for (auto G : IncompatibleGroups) {
SanitizerMask Group = G.first; SanitizerMask Group = G.first;
if (Kinds & Group) { if (Kinds & Group) {
if (SanitizerMask Incompatible = Kinds & G.second) { if (SanitizerMask Incompatible = Kinds & G.second) {
D.Diag(clang::diag::err_drv_argument_not_allowed_with) D.Diag(clang::diag::err_drv_argument_not_allowed_with)
<< lastArgumentForMask(D, Args, Group) << lastArgumentForMask(D, Args, Group)
<< lastArgumentForMask(D, Args, Incompatible); << lastArgumentForMask(D, Args, Incompatible);
Kinds &= ~Incompatible; Kinds &= ~Incompatible;
▲ Show 20 LinesShow All 353 LinesShow Last 20 Lines

tools/clang/lib/Lex/PPMacroExpansion.cpp

Show First 20 LinesShow All 1,043 Lines▼ Show 20 Linesstatic bool HasFeature(const Preprocessor &PP, const IdentifierInfo *II) {
const LangOptions &LangOpts = PP.getLangOpts(); const LangOptions &LangOpts = PP.getLangOpts();
StringRef Feature = II->getName(); StringRef Feature = II->getName();
// Normalize the feature name, __foo__ becomes foo. // Normalize the feature name, __foo__ becomes foo.
if (Feature.startswith("__") && Feature.endswith("__") && Feature.size() >= 4) if (Feature.startswith("__") && Feature.endswith("__") && Feature.size() >= 4)
Feature = Feature.substr(2, Feature.size() - 4); Feature = Feature.substr(2, Feature.size() - 4);
return llvm::StringSwitch<bool>(Feature) return llvm::StringSwitch<bool>(Feature)
.Case("address_sanitizer", LangOpts.Sanitize.has(SanitizerKind::Address)) .Case("address_sanitizer",
LangOpts.Sanitize.hasOneOf(SanitizerKind::Address |
SanitizerKind::KernelAddress))
.Case("attribute_analyzer_noreturn", true) .Case("attribute_analyzer_noreturn", true)
.Case("attribute_availability", true) .Case("attribute_availability", true)
.Case("attribute_availability_with_message", true) .Case("attribute_availability_with_message", true)
.Case("attribute_availability_app_extension", true) .Case("attribute_availability_app_extension", true)
.Case("attribute_cf_returns_not_retained", true) .Case("attribute_cf_returns_not_retained", true)
.Case("attribute_cf_returns_retained", true) .Case("attribute_cf_returns_retained", true)
.Case("attribute_deprecated_with_message", true) .Case("attribute_deprecated_with_message", true)
.Case("attribute_ext_vector_type", true) .Case("attribute_ext_vector_type", true)
▲ Show 20 LinesShow All 715 LinesShow Last 20 Lines

tools/clang/test/CodeGen/address-safety-attr-kasan.cpp

// Make sure the sanitize_address attribute is emitted when using both ASan and KASan.
/// RUN: %clang_cc1 -emit-llvm -o - %s | FileCheck -check-prefix=CHECK-NOASAN %s
/// RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - %s | FileCheck -check-prefix=CHECK-ASAN %s
samsonovUnsubmitted
Not Done
ReplyInline Actions

Please specify triple (or merge this into address-safety-attr.cpp somehow)

samsonov: Please specify triple (or merge this into `address-safety-attr.cpp` somehow)
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Done.

glider: Done.
/// RUN: %clang_cc1 -fsanitize=kernel-address -emit-llvm -o - %s | FileCheck -check-prefix=CHECK-KASAN %s
int HasSanitizeAddress() {
return 1;
}
// CHECK-NOASAN: Function Attrs: nounwind
samsonovUnsubmitted
Not Done
ReplyInline Actions

Function Attrs: nounwind sanitize_address
would match this CHECK-NOASAN line

samsonov: `Function Attrs: nounwind sanitize_address` would match this CHECK-NOASAN line
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Added a $ after "nounwind"

glider: Added a $ after "nounwind"
// CHECK-ASAN: Function Attrs: nounwind sanitize_address
samsonovUnsubmitted
Not Done
ReplyInline Actions

Please check this syntax. I thought that [[]] is used to define FileCheck variables, while {{}} are used for regular expressions.

samsonov: Please check this syntax. I thought that [[]] is used to define FileCheck variables, while {{}}…
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Yeah, that's right.

glider: Yeah, that's right.
// CHECK-KASAN: Function Attrs: nounwind sanitize_address
__attribute__((no_sanitize_address))
int NoSanitizeAddress() {
return 0;
}
// CHECK-NOASAN: Function Attrs: nounwind
// CHECK-ASAN: Function Attrs: nounwind
// CHECK-KASAN: Function Attrs: nounwind

tools/clang/test/Driver/asan.c

// RUN: %clang -target i386-unknown-unknown -fsanitize=address %s -S -emit-llvm -o - | FileCheck %s // RUN: %clang -target i386-unknown-unknown -fsanitize=address %s -S -emit-llvm -o - | FileCheck %s --check-prefix=CHECK-ASAN
// RUN: %clang -O1 -target i386-unknown-unknown -fsanitize=address %s -S -emit-llvm -o - | FileCheck %s // RUN: %clang -O1 -target i386-unknown-unknown -fsanitize=address %s -S -emit-llvm -o - | FileCheck %s --check-prefix=CHECK-ASAN
// RUN: %clang -O2 -target i386-unknown-unknown -fsanitize=address %s -S -emit-llvm -o - | FileCheck %s // RUN: %clang -O2 -target i386-unknown-unknown -fsanitize=address %s -S -emit-llvm -o - | FileCheck %s --check-prefix=CHECK-ASAN
// RUN: %clang -O3 -target i386-unknown-unknown -fsanitize=address %s -S -emit-llvm -o - | FileCheck %s // RUN: %clang -O3 -target i386-unknown-unknown -fsanitize=address %s -S -emit-llvm -o - | FileCheck %s --check-prefix=CHECK-ASAN
// Verify that -fsanitize=address invokes asan instrumentation. // RUN: %clang -target i386-unknown-linux -fsanitize=kernel-address %s -S -emit-llvm -o - | FileCheck %s --check-prefix=CHECK-KASAN
// RUN: %clang -O1 -target i386-unknown-linux -fsanitize=kernel-address %s -S -emit-llvm -o - | FileCheck %s --check-prefix=CHECK-KASAN
// RUN: %clang -O2 -target i386-unknown-linux -fsanitize=kernel-address %s -S -emit-llvm -o - | FileCheck %s --check-prefix=CHECK-KASAN
// RUN: %clang -O3 -target i386-unknown-linux -fsanitize=kernel-address %s -S -emit-llvm -o - | FileCheck %s --check-prefix=CHECK-KASAN
// Verify that -fsanitize={address,kernel-address} invoke ASan and KASan instrumentation.
samsonovUnsubmitted
Not Done
ReplyInline Actions

while you're here, please add linux to original RUN-lines as well.

samsonov: while you're here, please add linux to original RUN-lines as well.
gliderAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

glider: Done
int foo(int *a) { return *a; } int foo(int *a) { return *a; }
// CHECK: __asan_init // CHECK-ASAN: __asan_init
// CHECK-KASAN: __asan_load4_noabort

tools/clang/test/Driver/fsanitize.c

Show First 20 LinesShow All 51 Lines▼ Show 20 Lines
// CHECK-SANM-SANT: '-fsanitize=thread' not allowed with '-fsanitize=memory' // CHECK-SANM-SANT: '-fsanitize=thread' not allowed with '-fsanitize=memory'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=leak,thread -pie -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANL-SANT // RUN: %clang -target x86_64-linux-gnu -fsanitize=leak,thread -pie -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANL-SANT
// CHECK-SANL-SANT: '-fsanitize=leak' not allowed with '-fsanitize=thread' // CHECK-SANL-SANT: '-fsanitize=leak' not allowed with '-fsanitize=thread'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=leak,memory -pie -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANL-SANM // RUN: %clang -target x86_64-linux-gnu -fsanitize=leak,memory -pie -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANL-SANM
// CHECK-SANL-SANM: '-fsanitize=leak' not allowed with '-fsanitize=memory' // CHECK-SANL-SANM: '-fsanitize=leak' not allowed with '-fsanitize=memory'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=kernel-address,thread -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANKA-SANT
// CHECK-SANKA-SANT: '-fsanitize=kernel-address' not allowed with '-fsanitize=thread'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=kernel-address,memory -pie -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANKA-SANM
// CHECK-SANKA-SANM: '-fsanitize=kernel-address' not allowed with '-fsanitize=memory'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=kernel-address,address -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANKA-SANA
// CHECK-SANKA-SANA: '-fsanitize=kernel-address' not allowed with '-fsanitize=address'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=kernel-address,leak -pie -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANKA-SANL
// CHECK-SANKA-SANL: '-fsanitize=kernel-address' not allowed with '-fsanitize=leak'
// RUN: %clang -target x86_64-linux-gnu -fsanitize-memory-track-origins -pie %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ONLY-TRACK-ORIGINS // RUN: %clang -target x86_64-linux-gnu -fsanitize-memory-track-origins -pie %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ONLY-TRACK-ORIGINS
// CHECK-ONLY-TRACK-ORIGINS: warning: argument unused during compilation: '-fsanitize-memory-track-origins' // CHECK-ONLY-TRACK-ORIGINS: warning: argument unused during compilation: '-fsanitize-memory-track-origins'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=memory -fno-sanitize=memory -fsanitize-memory-track-origins -pie %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-TRACK-ORIGINS-DISABLED-MSAN // RUN: %clang -target x86_64-linux-gnu -fsanitize=memory -fno-sanitize=memory -fsanitize-memory-track-origins -pie %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-TRACK-ORIGINS-DISABLED-MSAN
// CHECK-TRACK-ORIGINS-DISABLED-MSAN-NOT: warning: argument unused // CHECK-TRACK-ORIGINS-DISABLED-MSAN-NOT: warning: argument unused
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-EXTRA-TRACK-ORIGINS // RUN: %clang -target x86_64-linux-gnu -fsanitize=address %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-EXTRA-TRACK-ORIGINS
// CHECK-NO-EXTRA-TRACK-ORIGINS-NOT: "-fsanitize-memory-track-origins" // CHECK-NO-EXTRA-TRACK-ORIGINS-NOT: "-fsanitize-memory-track-origins"
▲ Show 20 LinesShow All 163 LinesShow Last 20 Lines

tools/clang/test/Lexer/has_feature_address_sanitizer.cpp

// RUN: %clang_cc1 -E -fsanitize=address %s -o - | FileCheck --check-prefix=CHECK-ASAN %s // RUN: %clang_cc1 -E -fsanitize=address %s -o - | FileCheck --check-prefix=CHECK-ASAN %s
// RUN: %clang_cc1 -E -fsanitize=kernel-address %s -o - | FileCheck --check-prefix=CHECK-ASAN %s
// RUN: %clang_cc1 -E %s -o - | FileCheck --check-prefix=CHECK-NO-ASAN %s // RUN: %clang_cc1 -E %s -o - | FileCheck --check-prefix=CHECK-NO-ASAN %s
#if __has_feature(address_sanitizer) #if __has_feature(address_sanitizer)
int AddressSanitizerEnabled(); int AddressSanitizerEnabled();
#else #else
int AddressSanitizerDisabled(); int AddressSanitizerDisabled();
#endif #endif
// CHECK-ASAN: AddressSanitizerEnabled // CHECK-ASAN: AddressSanitizerEnabled
// CHECK-NO-ASAN: AddressSanitizerDisabled // CHECK-NO-ASAN: AddressSanitizerDisabled