This is an archive of the discontinued LLVM Phabricator instance.

Differential D120260

[BOLT][NFC] Fix undefined behavior in encodeAnnotationImm
ClosedPublic

Authored by Amir on Feb 21 2022, 9:38 AM.

Details

Reviewers
rafauler
maksfb
yota9
Commits
rG454c149898d3: [BOLT][NFC] Fix undefined behavior in encodeAnnotationImm
Summary

Fix UBSan-reported issue in MCPlusBuilder::encodeAnnotationImm (left shift of a
negative value).

Test Plan:

ninja check-bolt
...
PASS: BOLT-Unit :: Core/./CoreTests/AArch64/MCPlusBuilderTester.Annotation/0 (1 of 140)
PASS: BOLT-Unit :: Core/./CoreTests/X86/MCPlusBuilderTester.Annotation/0 (131 of 134)

Diff Detail

Event Timeline

Amir created this revision.Feb 21 2022, 9:38 AM
Herald added a reviewer: rafauler. · View Herald TranscriptFeb 21 2022, 9:38 AM
Herald added a reviewer: maksfb. · View Herald Transcript
Herald added subscribers: ayermolo, pengfei, kristof.beyls, mgorny. · View Herald Transcript
Amir requested review of this revision.Feb 21 2022, 9:38 AM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 21 2022, 9:38 AM
Herald added subscribers: llvm-commits, yota9. · View Herald Transcript
Harbormaster completed remote builds in B150715: Diff 410328.Feb 21 2022, 9:44 AM
yota9 added inline comments.Feb 21 2022, 9:49 AM
bolt/include/bolt/Core/MCPlusAnnotation.h
22

May I suggest with replacing assert with if condition? I think it is the important thing that we should check with disabled assertions too.

Amir added inline comments.Feb 21 2022, 10:58 AM
bolt/include/bolt/Core/MCPlusAnnotation.h
22

Good point.

Amir updated this revision to Diff 410629.Feb 22 2022, 1:17 PM

Check annotation value in release builds

yota9 added a comment.Feb 22 2022, 1:20 PM

Sorry, why the index assert has gone? It is unlikely to reach this limit, but why not to check it anyway :)

Amir added a comment.Feb 22 2022, 1:23 PM
In D120260#3338530, @yota9 wrote:

Sorry, why the index assert has gone? It is unlikely to reach this limit, but why not to check it anyway :)

It's gone because I changed Index type from unsigned to uint8_t. We're only using 1 byte of data, no need to pass larger type.

yota9 added a comment.Feb 22 2022, 1:26 PM

@Amir Sorry, missed that since the extractAnnotationIndex and the test are still using unsigned values type. Could you please fix that?

Amir added a comment.Feb 22 2022, 1:26 PM

I wanted to test MCPlusBuilder’s private methods (encodeAnnotationImm and friends) that are not directly exposed through public methods. The options were:

  1. add test class as a friend of MCPlusBuilder (less invasive, future unit tests may follow)
  2. move these methods into another file (eg MCPlusAnnotation.h) and include it into MCPlusBuilder.h and test source, the downside is code churn and pollution of the global namespace with these new functions,
  3. test using hackish indirect way (through GnuArgsSize annotation) that doesn’t require any changes to MCPlusBuilder source, does the job but test code would be ugly.

This diff goes with option 2, but I'm open to the feedback.

Harbormaster completed remote builds in B150929: Diff 410629.Feb 22 2022, 1:32 PM
Amir updated this revision to Diff 410636.Feb 22 2022, 1:37 PM

Change extractAnnotationIndex return type from unsigned to uint8_t

Amir marked an inline comment as done.Feb 22 2022, 1:39 PM
Harbormaster completed remote builds in B150933: Diff 410636.Feb 22 2022, 1:43 PM
yota9 accepted this revision.Feb 22 2022, 1:59 PM

LGTM

This revision is now accepted and ready to land.Feb 22 2022, 1:59 PM
Amir updated this revision to Diff 410716.Feb 22 2022, 10:55 PM

Use addEHInfo to test encodeAnnotationImm without exposing it as public method/function

Amir edited the summary of this revision. (Show Details)Feb 22 2022, 10:56 PM
Harbormaster completed remote builds in B150997: Diff 410716.Feb 22 2022, 11:03 PM
Amir updated this revision to Diff 410726.Feb 23 2022, 12:14 AM

Fix shared build

Harbormaster completed remote builds in B151005: Diff 410726.Feb 23 2022, 12:19 AM
Amir updated this revision to Diff 410917.Feb 23 2022, 12:55 PM

Use extractAnnotationValue in the check

maksfb added inline comments.Feb 23 2022, 12:57 PM
bolt/unittests/Core/MCPlusBuilder.cpp
114

Any reason for x86_64-only?

Harbormaster completed remote builds in B151128: Diff 410917.Feb 23 2022, 1:02 PM
Amir added inline comments.Feb 23 2022, 1:03 PM
bolt/unittests/Core/MCPlusBuilder.cpp
114

createCall is not defined in AArch64MCPlusBuilder

yota9 added inline comments.Feb 23 2022, 1:10 PM
bolt/unittests/Core/MCPlusBuilder.cpp
114

Sorry, but why not just use BC->MIB->addAnnotation directly?

Amir added inline comments.Feb 23 2022, 1:16 PM
bolt/unittests/Core/MCPlusBuilder.cpp
114

There's no way to put a predefined Value into an encoded annotation immediate using addAnnotation.
addAnnotation allocates a MCSimpleAnnotation<ValueType> using placement new, and passes the pointer to allocated object to
setAnnotationOpValue.

https://github.com/llvm/llvm-project/blob/main/bolt/include/bolt/Core/MCPlusBuilder.h#L1639

yota9 accepted this revision.Feb 23 2022, 1:19 PM
yota9 added inline comments.
bolt/unittests/Core/MCPlusBuilder.cpp
114

Oh yes, I forgot about that, thanks.

maksfb added inline comments.Feb 23 2022, 2:04 PM
bolt/unittests/Core/MCPlusBuilder.cpp
114

createCall is not defined in AArch64MCPlusBuilder

Interesting. But it has `createTailCall(). Can we use that for testing?

Amir updated this revision to Diff 410939.Feb 23 2022, 2:10 PM

Use createTailCall

Amir marked 4 inline comments as done.Feb 23 2022, 2:11 PM
maksfb accepted this revision.Feb 23 2022, 2:12 PM

LGTM. Thanks for the fix.

yota9 added inline comments.Feb 23 2022, 2:13 PM
bolt/unittests/Core/MCPlusBuilder.cpp
113–128

Still under X86 :)

Harbormaster completed remote builds in B151141: Diff 410939.Feb 23 2022, 2:17 PM
Amir added inline comments.Feb 23 2022, 2:19 PM
bolt/unittests/Core/MCPlusBuilder.cpp
113–128

Good catch!

Amir updated this revision to Diff 410941.Feb 23 2022, 2:20 PM

Move out from X86_AVAILABLE

Amir marked an inline comment as done.Feb 23 2022, 2:21 PM
yota9 accepted this revision.Feb 23 2022, 2:21 PM

Thank you @Amir!

Harbormaster completed remote builds in B151143: Diff 410941.Feb 23 2022, 2:26 PM
Amir added a comment.Feb 23 2022, 2:42 PM

Thanks @yota9, @maksfb!

Amir edited the summary of this revision. (Show Details)Feb 23 2022, 3:46 PM
Closed by commit rG454c149898d3: [BOLT][NFC] Fix undefined behavior in encodeAnnotationImm (authored by Amir). · Explain WhyFeb 23 2022, 4:02 PM
This revision was automatically updated to reflect the committed changes.
Amir added a commit: rG454c149898d3: [BOLT][NFC] Fix undefined behavior in encodeAnnotationImm.

Revision Contents

PathSize
bolt/
include/
bolt/
Core/
41 lines
23 lines
unittests/
Core/
2 lines
16 lines

Diff 410636

bolt/include/bolt/Core/MCPlusAnnotation.h

  • This file was added.
//===- bolt/Core/MCPlusAnnotation.h - Interface for MCPlus ------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This file contains the definitions of annotation encoding/decoding functions.
//
//===----------------------------------------------------------------------===//
#ifndef BOLT_CORE_MCPLUSANNOTATION_H
#define BOLT_CORE_MCPLUSANNOTATION_H
#include "llvm/Support/ErrorHandling.h"
#include "llvm/Support/MathExtras.h"
/// We encode Index and Value into a 64-bit immediate operand value.
inline int64_t encodeAnnotationImm(uint8_t Index, int64_t Value) {
if (LLVM_UNLIKELY(Value !=
llvm::SignExtend64<56>(Value & 0xff'ffff'ffff'ffff)))
yota9Unsubmitted
Done
ReplyInline Actions

May I suggest with replacing assert with if condition? I think it is the important thing that we should check with disabled assertions too.

yota9: May I suggest with replacing assert with if condition? I think it is the important thing that…
AmirAuthorUnsubmitted
Done
ReplyInline Actions

Good point.

Amir: Good point.
llvm::report_fatal_error("annotation value out of range");
Value &= 0xff'ffff'ffff'ffff;
Value |= (int64_t)Index << 56;
return Value;
}
/// Extract annotation index from immediate operand value.
inline uint8_t extractAnnotationIndex(int64_t ImmValue) {
return ImmValue >> 56;
}
/// Extract annotation value from immediate operand value.
inline int64_t extractAnnotationValue(int64_t ImmValue) {
return llvm::SignExtend64<56>(ImmValue & 0xff'ffff'ffff'ffffULL);
}
#endif

bolt/include/bolt/Core/MCPlusBuilder.h

Show All 9 Lines
// means to create/analyze/modify instructions at MCPlus level. // means to create/analyze/modify instructions at MCPlus level.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef BOLT_CORE_MCPLUSBUILDER_H #ifndef BOLT_CORE_MCPLUSBUILDER_H
#define BOLT_CORE_MCPLUSBUILDER_H #define BOLT_CORE_MCPLUSBUILDER_H
#include "bolt/Core/MCPlus.h" #include "bolt/Core/MCPlus.h"
#include "bolt/Core/MCPlusAnnotation.h"
#include "bolt/Core/Relocation.h" #include "bolt/Core/Relocation.h"
#include "llvm/ADT/ArrayRef.h" #include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/BitVector.h" #include "llvm/ADT/BitVector.h"
#include "llvm/ADT/Optional.h" #include "llvm/ADT/Optional.h"
#include "llvm/ADT/StringMap.h" #include "llvm/ADT/StringMap.h"
#include "llvm/MC/MCAsmBackend.h" #include "llvm/MC/MCAsmBackend.h"
#include "llvm/MC/MCExpr.h" #include "llvm/MC/MCExpr.h"
#include "llvm/MC/MCInst.h" #include "llvm/MC/MCInst.h"
▲ Show 20 LinesShow All 42 Lines▼ Show 20 Linesprivate:
}; };
/// A set of annotation allocators /// A set of annotation allocators
std::unordered_map<AllocatorIdTy, AnnotationAllocator> AnnotationAllocators; std::unordered_map<AllocatorIdTy, AnnotationAllocator> AnnotationAllocators;
/// A variable that is used to generate unique ids for annotation allocators /// A variable that is used to generate unique ids for annotation allocators
AllocatorIdTy MaxAllocatorId = 0; AllocatorIdTy MaxAllocatorId = 0;
/// We encode Index and Value into a 64-bit immediate operand value.
static int64_t encodeAnnotationImm(unsigned Index, int64_t Value) {
assert(Index < 256 && "annotation index max value exceeded");
assert((Value == (Value << 8) >> 8) && "annotation value out of range");
Value &= 0xff'ffff'ffff'ffff;
Value |= (int64_t)Index << 56;
return Value;
}
/// Extract annotation index from immediate operand value.
static unsigned extractAnnotationIndex(int64_t ImmValue) {
return ImmValue >> 56;
}
/// Extract annotation value from immediate operand value.
static int64_t extractAnnotationValue(int64_t ImmValue) {
ImmValue &= 0xff'ffff'ffff'ffff;
return (ImmValue << 8) >> 8;
}
MCInst *getAnnotationInst(const MCInst &Inst) const { MCInst *getAnnotationInst(const MCInst &Inst) const {
if (Inst.getNumOperands() == 0) if (Inst.getNumOperands() == 0)
return nullptr; return nullptr;
const MCOperand &LastOp = Inst.getOperand(Inst.getNumOperands() - 1); const MCOperand &LastOp = Inst.getOperand(Inst.getNumOperands() - 1);
if (!LastOp.isInst()) if (!LastOp.isInst())
return nullptr; return nullptr;
▲ Show 20 LinesShow All 1,807 LinesShow Last 20 Lines

bolt/unittests/Core/CMakeLists.txt

set(LLVM_LINK_COMPONENTS set(LLVM_LINK_COMPONENTS
BOLTCore BOLTCore
BOLTRewrite BOLTRewrite
BOLTUtils
DebugInfoDWARF DebugInfoDWARF
Object Object
MC
${LLVM_TARGETS_TO_BUILD} ${LLVM_TARGETS_TO_BUILD}
) )
add_bolt_unittest(CoreTests add_bolt_unittest(CoreTests
MCPlusBuilder.cpp MCPlusBuilder.cpp
) )
if ("AArch64" IN_LIST LLVM_TARGETS_TO_BUILD) if ("AArch64" IN_LIST LLVM_TARGETS_TO_BUILD)
Show All 16 Lines

bolt/unittests/Core/MCPlusBuilder.cpp

#ifdef AARCH64_AVAILABLE #ifdef AARCH64_AVAILABLE
#include "AArch64Subtarget.h" #include "AArch64Subtarget.h"
#endif // AARCH64_AVAILABLE #endif // AARCH64_AVAILABLE
#ifdef X86_AVAILABLE #ifdef X86_AVAILABLE
#include "X86Subtarget.h" #include "X86Subtarget.h"
#endif // X86_AVAILABLE #endif // X86_AVAILABLE
#include "bolt/Core/MCPlusAnnotation.h"
#include "bolt/Rewrite/RewriteInstance.h" #include "bolt/Rewrite/RewriteInstance.h"
#include "llvm/BinaryFormat/ELF.h" #include "llvm/BinaryFormat/ELF.h"
#include "llvm/DebugInfo/DWARF/DWARFContext.h" #include "llvm/DebugInfo/DWARF/DWARFContext.h"
#include "llvm/Object/ELFObjectFile.h" #include "llvm/Object/ELFObjectFile.h"
#include "llvm/Support/TargetSelect.h" #include "llvm/Support/TargetSelect.h"
#include "gtest/gtest.h" #include "gtest/gtest.h"
using namespace llvm; using namespace llvm;
▲ Show 20 LinesShow All 87 Lines▼ Show 20 Lines
} }
TEST_P(MCPlusBuilderTester, AliasSmallerAX) { TEST_P(MCPlusBuilderTester, AliasSmallerAX) {
uint64_t AliasesAX[] = {X86::AX, X86::AL, X86::AH}; uint64_t AliasesAX[] = {X86::AX, X86::AL, X86::AH};
size_t AliasesAXCount = sizeof(AliasesAX) / sizeof(*AliasesAX); size_t AliasesAXCount = sizeof(AliasesAX) / sizeof(*AliasesAX);
testRegAliases(Triple::x86_64, X86::AX, AliasesAX, AliasesAXCount, true); testRegAliases(Triple::x86_64, X86::AX, AliasesAX, AliasesAXCount, true);
} }
#endif // X86_AVAILABLE #endif // X86_AVAILABLE
maksfbUnsubmitted
Done
ReplyInline Actions

Any reason for x86_64-only?

maksfb: Any reason for x86_64-only?
AmirAuthorUnsubmitted
Done
ReplyInline Actions

createCall is not defined in AArch64MCPlusBuilder

Amir: `createCall` is not defined in AArch64MCPlusBuilder
yota9Unsubmitted
Done
ReplyInline Actions

Sorry, but why not just use BC->MIB->addAnnotation directly?

yota9: Sorry, but why not just use BC->MIB->addAnnotation directly?
AmirAuthorUnsubmitted
Done
ReplyInline Actions

There's no way to put a predefined Value into an encoded annotation immediate using addAnnotation.
addAnnotation allocates a MCSimpleAnnotation<ValueType> using placement new, and passes the pointer to allocated object to
setAnnotationOpValue.

https://github.com/llvm/llvm-project/blob/main/bolt/include/bolt/Core/MCPlusBuilder.h#L1639

Amir: There's no way to put a predefined Value into an encoded annotation immediate using…
yota9Unsubmitted
Done
ReplyInline Actions

Oh yes, I forgot about that, thanks.

yota9: Oh yes, I forgot about that, thanks.
maksfbUnsubmitted
Done
ReplyInline Actions

createCall is not defined in AArch64MCPlusBuilder

Interesting. But it has `createTailCall(). Can we use that for testing?

maksfb: > createCall is not defined in AArch64MCPlusBuilder Interesting. But it has `createTailCall().
TEST_P(MCPlusBuilderTester, Annotation) {
// Round-trip encoding-decoding check for negative values
int64_t Value = INT32_MIN;
uint8_t Index = 123;
int64_t EncodedAnnotation = encodeAnnotationImm(Index, Value);
int64_t DecodedValue = extractAnnotationValue(EncodedAnnotation);
uint8_t DecodedIndex = extractAnnotationIndex(EncodedAnnotation);
ASSERT_EQ(Value, DecodedValue);
ASSERT_EQ(Index, DecodedIndex);
// Large int64 should trigger an out of range assertion
Value = 0x1FF'FFFF'FFFF'FFFFULL;
ASSERT_DEATH(encodeAnnotationImm(0, Value), "annotation value out of range");
}
yota9Unsubmitted
Done
ReplyInline Actions

Still under X86 :)

yota9: Still under X86 :)
AmirAuthorUnsubmitted
Done
ReplyInline Actions

Good catch!

Amir: Good catch!