This is an archive of the discontinued LLVM Phabricator instance.

Differential D126269

[ASan] Skip any instruction inserted by another instrumentation.
ClosedPublic

Authored by Enna1 on May 23 2022, 8:49 PM.

Details

Reviewers
vitalybuka
dvyukov
Commits
rGe52a38c8f1c4: [ASan] Skip any instruction inserted by another instrumentation.
Summary

Currently, we only check !nosanitize metadata for instruction passed to function getInterestingMemoryOperands() or instruction which is a cannot return callable instruction.
This patch add this check to any instruction.

E.g. ASan shouldn't instrument the instruction inserted by UBSan/pointer-overflow.

Diff Detail

Event Timeline

Enna1 created this revision.May 23 2022, 8:49 PM
Herald added a project: Restricted Project. · View Herald TranscriptMay 23 2022, 8:49 PM
Herald added a subscriber: hiraditya. · View Herald Transcript
Harbormaster completed remote builds in B165987: Diff 431578.May 23 2022, 9:35 PM
Enna1 published this revision for review.May 23 2022, 9:49 PM
Enna1 edited the summary of this revision. (Show Details)
Enna1 added reviewers: vitalybuka, dvyukov.
Enna1 added a subscriber: MTC.
Herald added a project: Restricted Project. · View Herald TranscriptMay 23 2022, 9:50 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
Enna1 mentioned this in D126270: [InstCombine] Preserve !nosanitize for newly created instructions..May 23 2022, 9:57 PM
vitalybuka added a comment.May 23 2022, 10:45 PM

We need a test here as well

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
2735–2738

Shouldn't we skip any instruction with nosanitize?

Enna1 updated this revision to Diff 431621.May 24 2022, 2:30 AM

address review comments

Harbormaster completed remote builds in B166012: Diff 431621.May 24 2022, 3:15 AM
Enna1 added parent revisions: D126294: Add !nosanitize to FixedMetadataKinds, D126270: [InstCombine] Preserve !nosanitize for newly created instructions..May 24 2022, 6:32 PM
Enna1 updated this revision to Diff 431888.May 24 2022, 11:24 PM

Update patch

Harbormaster completed remote builds in B166202: Diff 431888.May 24 2022, 11:25 PM
Enna1 updated this revision to Diff 431891.May 24 2022, 11:45 PM
Harbormaster completed remote builds in B166204: Diff 431891.May 24 2022, 11:46 PM
Enna1 removed a parent revision: D126294: Add !nosanitize to FixedMetadataKinds.May 24 2022, 11:47 PM
Enna1 retitled this revision from [ASan] Skip pointer comparison and subtraction inserted by another instrumentation. to [ASan] Skip any instruction inserted by another instrumentation..May 25 2022, 7:19 PM
Enna1 edited the summary of this revision. (Show Details)
Enna1 added a comment.May 25 2022, 7:23 PM

I think we can remove D126270 as parent revision, only add D126294 as parent revision, and land this patch regardless of D126270 ?

Enna1 added a comment.Jun 6 2022, 12:21 AM

Gentle ping

vitalybuka accepted this revision.Jun 6 2022, 11:29 AM
This revision is now accepted and ready to land.Jun 6 2022, 11:29 AM
Enna1 edited parent revisions, added: D126294: Add !nosanitize to FixedMetadataKinds; removed: D126270: [InstCombine] Preserve !nosanitize for newly created instructions..Jun 6 2022, 5:56 PM
Closed by commit rGe52a38c8f1c4: [ASan] Skip any instruction inserted by another instrumentation. (authored by Enna1). · Explain WhyJun 6 2022, 8:17 PM
This revision was automatically updated to reflect the committed changes.
Enna1 added a commit: rGe52a38c8f1c4: [ASan] Skip any instruction inserted by another instrumentation..

Revision Contents

PathSize
llvm/
lib/
Transforms/
Instrumentation/
10 lines
test/
Instrumentation/
AddressSanitizer/
25 lines

Diff 434681

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp

Show First 20 LinesShow All 1,324 Lines▼ Show 20 Lines if (SSGI != nullptr && SSGI->stackAccessIsSafe(*Inst) &&
findAllocaForValue(Ptr)) findAllocaForValue(Ptr))
return true; return true;
return false; return false;
} }
void AddressSanitizer::getInterestingMemoryOperands( void AddressSanitizer::getInterestingMemoryOperands(
Instruction *I, SmallVectorImpl<InterestingMemoryOperand> &Interesting) { Instruction *I, SmallVectorImpl<InterestingMemoryOperand> &Interesting) {
// Skip memory accesses inserted by another instrumentation.
if (I->hasMetadata(LLVMContext::MD_nosanitize))
return;
// Do not instrument the load fetching the dynamic shadow address. // Do not instrument the load fetching the dynamic shadow address.
if (LocalDynamicShadow == I) if (LocalDynamicShadow == I)
return; return;
if (LoadInst *LI = dyn_cast<LoadInst>(I)) { if (LoadInst *LI = dyn_cast<LoadInst>(I)) {
if (!ClInstrumentReads || ignoreAccess(I, LI->getPointerOperand())) if (!ClInstrumentReads || ignoreAccess(I, LI->getPointerOperand()))
return; return;
Interesting.emplace_back(I, LI->getPointerOperandIndex(), false, Interesting.emplace_back(I, LI->getPointerOperandIndex(), false,
▲ Show 20 LinesShow All 1,386 Lines▼ Show 20 Linesbool AddressSanitizer::instrumentFunction(Function &F,
SmallVector<Instruction *, 16> PointerComparisonsOrSubtracts; SmallVector<Instruction *, 16> PointerComparisonsOrSubtracts;
// Fill the set of memory operations to instrument. // Fill the set of memory operations to instrument.
for (auto &BB : F) { for (auto &BB : F) {
AllBlocks.push_back(&BB); AllBlocks.push_back(&BB);
TempsToInstrument.clear(); TempsToInstrument.clear();
int NumInsnsPerBB = 0; int NumInsnsPerBB = 0;
for (auto &Inst : BB) { for (auto &Inst : BB) {
if (LooksLikeCodeInBug11395(&Inst)) return false; if (LooksLikeCodeInBug11395(&Inst)) return false;
// Skip instructions inserted by another instrumentation.
if (Inst.hasMetadata(LLVMContext::MD_nosanitize))
continue;
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

Shouldn't we skip any instruction with nosanitize?

vitalybuka: Shouldn't we skip any instruction with nosanitize?
SmallVector<InterestingMemoryOperand, 1> InterestingOperands; SmallVector<InterestingMemoryOperand, 1> InterestingOperands;
getInterestingMemoryOperands(&Inst, InterestingOperands); getInterestingMemoryOperands(&Inst, InterestingOperands);
if (!InterestingOperands.empty()) { if (!InterestingOperands.empty()) {
for (auto &Operand : InterestingOperands) { for (auto &Operand : InterestingOperands) {
if (ClOpt && ClOptSameTemp) { if (ClOpt && ClOptSameTemp) {
Value *Ptr = Operand.getPtr(); Value *Ptr = Operand.getPtr();
// If we have a mask, skip instrumentation if we've already // If we have a mask, skip instrumentation if we've already
Show All 18 Lines for (auto &Inst : BB) {
} else if (MemIntrinsic *MI = dyn_cast<MemIntrinsic>(&Inst)) { } else if (MemIntrinsic *MI = dyn_cast<MemIntrinsic>(&Inst)) {
// ok, take it. // ok, take it.
IntrinToInstrument.push_back(MI); IntrinToInstrument.push_back(MI);
NumInsnsPerBB++; NumInsnsPerBB++;
} else { } else {
if (auto *CB = dyn_cast<CallBase>(&Inst)) { if (auto *CB = dyn_cast<CallBase>(&Inst)) {
// A call inside BB. // A call inside BB.
TempsToInstrument.clear(); TempsToInstrument.clear();
if (CB->doesNotReturn() && if (CB->doesNotReturn())
!CB->hasMetadata(LLVMContext::MD_nosanitize))
NoReturnCalls.push_back(CB); NoReturnCalls.push_back(CB);
} }
if (CallInst *CI = dyn_cast<CallInst>(&Inst)) if (CallInst *CI = dyn_cast<CallInst>(&Inst))
maybeMarkSanitizerLibraryCallNoBuiltin(CI, TLI); maybeMarkSanitizerLibraryCallNoBuiltin(CI, TLI);
} }
if (NumInsnsPerBB >= ClMaxInsnsToInstrumentPerBB) break; if (NumInsnsPerBB >= ClMaxInsnsToInstrumentPerBB) break;
} }
} }
▲ Show 20 LinesShow All 725 LinesShow Last 20 Lines

llvm/test/Instrumentation/AddressSanitizer/ubsan.ll

; ASan shouldn't instrument code added by UBSan. ; ASan shouldn't instrument code added by UBSan.
; RUN: opt < %s -passes='asan-pipeline' -S | FileCheck %s ; RUN: opt < %s -passes='asan-pipeline' -S | FileCheck %s
; RUN: opt < %s -passes='asan-pipeline' -asan-detect-invalid-pointer-cmp -S \
; RUN: | FileCheck %s --check-prefixes=NOCMP
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64" target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
target triple = "x86_64-unknown-linux-gnu" target triple = "x86_64-unknown-linux-gnu"
%struct.A = type { i32 (...)** } %struct.A = type { i32 (...)** }
declare void @__ubsan_handle_dynamic_type_cache_miss(i8*, i64, i64) uwtable declare void @__ubsan_handle_dynamic_type_cache_miss(i8*, i64, i64) uwtable
declare void @__ubsan_handle_pointer_overflow(i8*, i64, i64) uwtable
@__ubsan_vptr_type_cache = external global [128 x i64] @__ubsan_vptr_type_cache = external global [128 x i64]
@.src = private unnamed_addr constant [19 x i8] c"tmp/ubsan/vptr.cpp\00", align 1 @.src = private unnamed_addr constant [19 x i8] c"tmp/ubsan/vptr.cpp\00", align 1
@0 = private unnamed_addr constant { i16, i16, [4 x i8] } { i16 -1, i16 0, [4 x i8] c"'A'\00" } @0 = private unnamed_addr constant { i16, i16, [4 x i8] } { i16 -1, i16 0, [4 x i8] c"'A'\00" }
@_ZTI1A = external constant i8* @_ZTI1A = external constant i8*
@1 = private unnamed_addr global { { [19 x i8]*, i32, i32 }, { i16, i16, [4 x i8] }*, i8*, i8 } { { [19 x i8]*, i32, i32 } { [19 x i8]* @.src, i32 2, i32 18 }, { i16, i16, [4 x i8] }* @0, i8* bitcast (i8** @_ZTI1A to i8*), i8 4 } @1 = private unnamed_addr global { { [19 x i8]*, i32, i32 }, { i16, i16, [4 x i8] }*, i8*, i8 } { { [19 x i8]*, i32, i32 } { [19 x i8]* @.src, i32 2, i32 18 }, { i16, i16, [4 x i8] }* @0, i8* bitcast (i8** @_ZTI1A to i8*), i8 4 }
@2 = private unnamed_addr global { { [19 x i8]*, i32, i32 } } { { [19 x i8]*, i32, i32 } { [19 x i8]* @.src, i32 24, i32 25 } }
define void @_Z3BarP1A(%struct.A* %a) uwtable sanitize_address { define void @_Z3BarP1A(%struct.A* %a) uwtable sanitize_address {
; CHECK-LABEL: define void @_Z3BarP1A ; CHECK-LABEL: define void @_Z3BarP1A
entry: entry:
%0 = bitcast %struct.A* %a to void (%struct.A*)*** %0 = bitcast %struct.A* %a to void (%struct.A*)***
%vtable = load void (%struct.A*)**, void (%struct.A*)*** %0, align 8 %vtable = load void (%struct.A*)**, void (%struct.A*)*** %0, align 8
; CHECK: __asan_report_load8 ; CHECK: __asan_report_load8
%1 = load void (%struct.A*)*, void (%struct.A*)** %vtable, align 8 %1 = load void (%struct.A*)*, void (%struct.A*)** %vtable, align 8
Show All 21 Lineshandler.dynamic_type_cache_miss: ; preds = %entry
br label %cont, !nosanitize !0 br label %cont, !nosanitize !0
cont: ; preds = %handler.dynamic_type_cache_miss, %entry cont: ; preds = %handler.dynamic_type_cache_miss, %entry
tail call void %1(%struct.A* %a) tail call void %1(%struct.A* %a)
; CHECK: ret void ; CHECK: ret void
ret void ret void
} }
define void @_Z3foov() uwtable sanitize_address {
; NOCMP-LABEL: define void @_Z3foov
entry:
%bar = alloca [10 x i8], align 1
%arrayidx = getelementptr inbounds [10 x i8], [10 x i8]* %bar, i64 0, i64 4
%0 = ptrtoint [10 x i8]* %bar to i64, !nosanitize !0
; NOCMP-NOT: call void @__sanitizer_ptr_cmp
%1 = icmp ult [10 x i8]* %bar, inttoptr (i64 -4 to [10 x i8]*), !nosanitize !0
br i1 %1, label %cont, label %handler.pointer_overflow, !nosanitize !0
handler.pointer_overflow: ; preds = %entry
%2 = add i64 %0, 4, !nosanitize !0
call void @__ubsan_handle_pointer_overflow(i8* bitcast ({ { [19 x i8]*, i32, i32 } }* @2 to i8*), i64 %0, i64 %2), !nosanitize !0
br label %cont, !nosanitize !0
cont: ; preds = %handler.pointer_overflow, %entry
store i8 0, i8* %arrayidx, align 1
; NOCMP: ret void
ret void
}
!0 = !{} !0 = !{}