This is an archive of the discontinued LLVM Phabricator instance.

Differential D115317

[dfsan] Add a flag to ignore personality routines.
ClosedPublic

Authored by twoh on Dec 7 2021, 9:37 PM.

Details

Reviewers
browneee
gbalats
Commits
rG04e79cf70b42: [dfsan] Add a flag to ignore personality routines.
Summary

This diff adds "dfsan-ignore-personality-routine" flag, which makes
the dfsan pass to not to generate wrappers for the personality functions if the
function is marked uninstrumented.

This flag is to support dfsan with the cases where the exception handling
routines cannot be instrumented (e.g. use the prebuilt version of c++ standard
library). When the personality function cannot be instrumented it is supposed
to be marked "uninstrumented" from the abi list file. While DFSan generates a
wrapper function for uninstrumented functions, it cannot cannot generate a
valid wrapper for vararg functions, and indirect invocation of vararg function
wrapper terminates the execution of dfsan-instrumented programs. This makes
invocation of personality routine to crash the program, because 1) clang adds a
declaration of personality functions as a vararg function with no fixed
argument, and 2) personality routines are always called indirectly.

To address this issue, the flag introduced in this diff makes dfsan to not to
instrument the personality function. This is not the "correct" solution in the
sense that return value label from the personality function will be undefined.
However, in practice, if the exception handling routines are uninstrumented we
wouldn't expect precise label propagation around them, and it would be more
beneficial to make the rest of the program run without termination.

Diff Detail

Event Timeline

twoh created this revision.Dec 7 2021, 9:37 PM
Herald added a subscriber: hiraditya. · View Herald TranscriptDec 7 2021, 9:37 PM
twoh requested review of this revision.Dec 7 2021, 9:37 PM
Herald added a project: Restricted Project. · View Herald TranscriptDec 7 2021, 9:37 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
Harbormaster completed remote builds in B138073: Diff 392642.Dec 7 2021, 10:17 PM
twoh added reviewers: browneee, gbalats.Dec 8 2021, 8:57 AM
browneee added a comment.Dec 8 2021, 1:01 PM

Note, related code: https://github.com/llvm/llvm-project/blob/484a569eea7ba294d84b9a700e6fcc2f97626320/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp#L1785

Can continuing execution after an exception could lead to false positives? I'm unsure how primitives on the stack frames are freed during unwind - will stack shadow memory be zero'd during unwinding?

twoh added a comment.Dec 8 2021, 1:30 PM

@browneee Thanks for the pointer!

Can continuing execution after an exception could lead to false positives? I'm unsure how primitives on the stack frames are freed during unwind - will stack shadow memory be zero'd during unwinding?

I don't think stack shadow memory will be zero'd during unwinding, but I also don't think that it will lead to false positives. I think it's basically same as we only adjust the stack/frame pointers to manage stack, not explicitly zero'ing out the stack. Once we push a new value to stack, the corresponding shadow instruction will overwrite the stack shadow memory as well. Please let me know if I misunderstood something. (I guess HWASAN requires explicit untagging because they want to detect the stack overflow.)

browneee accepted this revision.Dec 8 2021, 2:11 PM
This revision is now accepted and ready to land.Dec 8 2021, 2:11 PM
Closed by commit rG04e79cf70b42: [dfsan] Add a flag to ignore personality routines. (authored by twoh). · Explain WhyDec 8 2021, 2:48 PM
This revision was automatically updated to reflect the committed changes.
twoh added a commit: rG04e79cf70b42: [dfsan] Add a flag to ignore personality routines..
twoh mentioned this in D115477: [dfsan] Add missing test for the new pass manager with -dfsan-ignore-personality-routine.Dec 9 2021, 3:50 PM
twoh mentioned this in rG50f3380290ce: [dfsan] Add missing test for the new pass manager with -dfsan-ignore….Dec 9 2021, 6:53 PM

Revision Contents

PathSize
llvm/
lib/
Transforms/
Instrumentation/
23 lines
test/
Instrumentation/
DataFlowSanitizer/
Inputs/
1 line
39 lines

Diff 392941

llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp

Show First 20 LinesShow All 226 Lines▼ Show 20 Lines
// * 0: do not track origins. // * 0: do not track origins.
// * 1: track origins at memory store operations. // * 1: track origins at memory store operations.
// * 2: track origins at memory load and store operations. // * 2: track origins at memory load and store operations.
// TODO: track callsites. // TODO: track callsites.
static cl::opt<int> ClTrackOrigins("dfsan-track-origins", static cl::opt<int> ClTrackOrigins("dfsan-track-origins",
cl::desc("Track origins of labels"), cl::desc("Track origins of labels"),
cl::Hidden, cl::init(0)); cl::Hidden, cl::init(0));
static cl::opt<bool> ClIgnorePersonalityRoutine(
"dfsan-ignore-personality-routine",
cl::desc("If a personality routine is marked uninstrumented from the ABI "
"list, do not create a wrapper for it."),
cl::Hidden, cl::init(false));
static StringRef getGlobalTypeString(const GlobalValue &G) { static StringRef getGlobalTypeString(const GlobalValue &G) {
// Types of GlobalVariables are always pointer types. // Types of GlobalVariables are always pointer types.
Type *GType = G.getValueType(); Type *GType = G.getValueType();
// For now we support excluding struct types only. // For now we support excluding struct types only.
if (StructType *SGType = dyn_cast<StructType>(GType)) { if (StructType *SGType = dyn_cast<StructType>(GType)) {
if (!SGType->isLiteral()) if (!SGType->isLiteral())
return SGType->getName(); return SGType->getName();
} }
▲ Show 20 LinesShow All 1,109 Lines▼ Show 20 Linesbool DataFlowSanitizer::runImpl(Module &M) {
injectMetadataGlobals(M); injectMetadataGlobals(M);
initializeCallbackFunctions(M); initializeCallbackFunctions(M);
initializeRuntimeFunctions(M); initializeRuntimeFunctions(M);
std::vector<Function *> FnsToInstrument; std::vector<Function *> FnsToInstrument;
SmallPtrSet<Function *, 2> FnsWithNativeABI; SmallPtrSet<Function *, 2> FnsWithNativeABI;
SmallPtrSet<Function *, 2> FnsWithForceZeroLabel; SmallPtrSet<Function *, 2> FnsWithForceZeroLabel;
SmallPtrSet<Constant *, 1> PersonalityFns;
for (Function &F : M) for (Function &F : M)
if (!F.isIntrinsic() && !DFSanRuntimeFunctions.contains(&F)) if (!F.isIntrinsic() && !DFSanRuntimeFunctions.contains(&F)) {
FnsToInstrument.push_back(&F); FnsToInstrument.push_back(&F);
if (F.hasPersonalityFn())
PersonalityFns.insert(F.getPersonalityFn()->stripPointerCasts());
}
if (ClIgnorePersonalityRoutine) {
for (auto *C : PersonalityFns) {
assert(isa<Function>(C) && "Personality routine is not a function!");
Function *F = cast<Function>(C);
if (!isInstrumented(F))
FnsToInstrument.erase(
std::remove(FnsToInstrument.begin(), FnsToInstrument.end(), F),
FnsToInstrument.end());
}
}
// Give function aliases prefixes when necessary, and build wrappers where the // Give function aliases prefixes when necessary, and build wrappers where the
// instrumentedness is inconsistent. // instrumentedness is inconsistent.
for (GlobalAlias &GA : llvm::make_early_inc_range(M.aliases())) { for (GlobalAlias &GA : llvm::make_early_inc_range(M.aliases())) {
// Don't stop on weak. We assume people aren't playing games with the // Don't stop on weak. We assume people aren't playing games with the
// instrumentedness of overridden weak aliases. // instrumentedness of overridden weak aliases.
auto *F = dyn_cast<Function>(GA.getAliaseeObject()); auto *F = dyn_cast<Function>(GA.getAliaseeObject());
if (!F) if (!F)
▲ Show 20 LinesShow All 1,674 LinesShow Last 20 Lines

llvm/test/Instrumentation/DataFlowSanitizer/Inputs/personality-routine-abilist.txt

  • This file was added.
fun:__gxx_personality_v0=uninstrumented

llvm/test/Instrumentation/DataFlowSanitizer/ignore_persnality_routine.ll

  • This file was added.
; RUN: opt < %s -dfsan -S --dfsan-abilist=%S/Inputs/personality-routine-abilist.txt | FileCheck %s
; RUN: opt < %s -dfsan -S --dfsan-abilist=%S/Inputs/personality-routine-abilist.txt -dfsan-ignore-personality-routine | FileCheck %s --check-prefix=CHECK-IGNORE
; RUN: opt < %s -passes=dfsan -S --dfsan-abilist=%S/Inputs/personality-routine-abilist.txt | FileCheck %s
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"
declare i32 @__gxx_personality_v0(...)
declare i8* @__cxa_begin_catch(i8*)
declare void @__cxa_end_catch()
declare void @g(...)
; CHECK-LABEL: @h.dfsan
; CHECK-SAME: personality {{.*}}@"dfsw$__gxx_personality_v0"{{.*}}
; CHECK-IGNORE-LABEL: @h.dfsan
; CHECK-IGNORE-SAME: personality {{.*}}__gxx_personality_v0{{.*}}
define i32 @h() personality i8* bitcast (i32 (...)* @__gxx_personality_v0 to i8*) {
invoke void (...) @g(i32 42)
to label %try.cont unwind label %lpad
lpad:
%1 = landingpad { i8*, i32 }
catch i8* null
%2 = extractvalue { i8*, i32 } %1, 0
%3 = tail call i8* @__cxa_begin_catch(i8* %2)
tail call void @__cxa_end_catch()
br label %try.cont
try.cont:
ret i32 0
}
; CHECK: @"dfsw$__gxx_personality_v0"
; CHECK: call void @__dfsan_vararg_wrapper
; CHECK-IGNORE-NOT: @"dfsw$__gxx_personality_v0"
; CHECK-IGNORE-NOT: call void @__dfsan_vararg_wrapper