This is an archive of the discontinued LLVM Phabricator instance.

Add sanitizer metadata attributes to clang IR gen.
ClosedPublic

Authored by hctim on Jun 2 2022, 3:34 PM.

Details

Summary

This patch adds generation of sanitizer metadata attributes (which were
added in D126100) to the clang frontend.

We still currently generate the llvm.asan.globals that's consumed by
the IR pass, but the plan is to eventually migrate off of that onto
purely debuginfo and these IR attributes.

Diff Detail

Event Timeline

hctim created this revision.Jun 2 2022, 3:34 PM
Herald added a project: Restricted Project. · View Herald TranscriptJun 2 2022, 3:34 PM
hctim requested review of this revision.Jun 2 2022, 3:34 PM
Herald added a project: Restricted Project. · View Herald TranscriptJun 2 2022, 3:34 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
kstoimenov added inline comments.Jun 3 2022, 11:08 AM
clang/lib/CodeGen/SanitizerMetadata.cpp
48–50

Would it make sense to create two separate functions something like reportGlobalNew and reportGlobalLegacy to make it more clear which one is which? Then you code will be something like the one below? You can come up with better names for functions, I am sure.

reportGlobal(...) {
  reportGlobalNew(...);
  reportGlobalLegacy(...);
}
hctim marked an inline comment as done.Jun 3 2022, 2:10 PM
hctim added inline comments.
clang/lib/CodeGen/SanitizerMetadata.cpp
48–50

I think there's too much crossover (like calculating IsExcluded and setting of Meta.Sanitizer) to warrant splitting them out; and the follow-up patch is going to immediately delete the legacy code anyway :).

kstoimenov added inline comments.Jun 3 2022, 2:13 PM
clang/lib/CodeGen/SanitizerMetadata.cpp
48–50

In that case, could you please add a FIXME comment indicating which code is supposed to be deleted?

hctim updated this revision to Diff 434145.Jun 3 2022, 2:29 PM
hctim marked 2 inline comments as done.

Add TODO() comments from Kirill's notes.

Herald added a project: Restricted Project. · View Herald TranscriptJun 3 2022, 2:29 PM
kstoimenov accepted this revision.Jun 3 2022, 3:08 PM

Please get approval from vitalybuka@ before submitting.

This revision is now accepted and ready to land.Jun 3 2022, 3:08 PM
vitalybuka requested changes to this revision.Jun 3 2022, 3:21 PM

Can you please rebase this patch onto others two?

This revision now requires changes to proceed.Jun 3 2022, 3:21 PM
hctim updated this revision to Diff 434546.Jun 6 2022, 11:27 AM

Rebased.

I simplified this a little bit, but I guess this is effectively the same.

clang/lib/CodeGen/CodeGenModule.cpp
2767–2781

can this lines be landed separately?

clang/lib/CodeGen/SanitizerMetadata.cpp
98

it's incorrect as is
isInNoSanitizeList is sanitizer specific
we need to add isInNoSanitizeList version which return relevant SanitizerMask

123

Why don't we care about IsExcluded here?

hctim marked 3 inline comments as done.Jun 8 2022, 11:01 AM
hctim added inline comments.
clang/lib/CodeGen/CodeGenModule.cpp
2767–2781

sure

clang/lib/CodeGen/SanitizerMetadata.cpp
98

sure, added the sanitizer-specific parsing as well, including a test (sanitizer-special-case-list-globals.txt)

123

doesn't matter as the global is disabled anyway, and this preserves previous behaviour which the existing tests assert on.

i'll make it conditional in the follow up change, as all the llvm.asan.globals tests need to be deleted. added a note.

hctim updated this revision to Diff 435257.Jun 8 2022, 11:01 AM
hctim marked 3 inline comments as done.

Update.

Update.

Sorry if it want clear that I some changes. You undone my snapshot.

No need to recover my snapshot, I'll just comment here.

clang/lib/CodeGen/SanitizerMetadata.cpp
20

Seems inconsistent with the rest.
it no so frequently use here to justify indirection.

57

it can be in some weird ubsan check ignore list, and this way it will propagate on asan/hwasan
I don't think you can avoid extending isInNoSanitizeList (in a separate patch)

62

the last arg is not sanitizer, just a particulate check of it
like "init" here llvm-project/compiler-rt/lib/asan/asan_ignorelist.txt

66

May be early isAsanHwasanOrMemTag check here is useful to avoid string stuff below for compilation without sanitizers.

71–72

I don't insist but one it's cleaner with lambda and return
if you prefer your way please revert lambda in a separate patch

100–102

undo this line move

122

don't use {} for one liners

126

this if probably should go before the loop

132

moving QualName calculation is unnecessary, please move it back before NoSanitizeMask

vitalybuka added inline comments.Jun 8 2022, 1:44 PM
clang/lib/CodeGen/SanitizerMetadata.cpp
57

you you can introduce:

bool CodeGenModule::isInNoSanitizeList(SanitizerMask Kind, llvm::GlobalVariable *GV,
                                       SourceLocation Loc) const {

similar to

bool CodeGenModule::isInNoSanitizeList(SanitizerMask Kind, llvm::Function *Fn,
                                       SourceLocation Loc) const {
ormris removed a subscriber: ormris.Jun 8 2022, 3:05 PM
hctim marked 10 inline comments as done.Jun 9 2022, 1:49 PM
hctim added inline comments.
clang/lib/CodeGen/CodeGenModule.cpp
2767–2781

(now we do touch a little bit here regardless)

clang/lib/CodeGen/SanitizerMetadata.cpp
57

done, but bearing in mind if you have some global src: exclude in an -fsanitize-ignorelist that's designed to ignore some file for UBSan, and then you compile with -fsanitize=address,undefined and use that -fsanitize-ignorelist, then those GVs would also be ignored in ASan. The right way to go about that is to have the creator of the ignorelist make sure that the src: rule is in a [undefined] block. Added the expected use case to sanitizer-special-case-list-globals.txt.

i think it's small enough a change + relevant enough to this CL to not fork it out to a different patch and then have to do the cleanup twice.

66

sure, also hoisted the other check up

71–72

reverted it back, lambda here seems very fancy for a simple farmer like me, but i can't deny that it's pretty.

hctim updated this revision to Diff 435667.Jun 9 2022, 1:49 PM
hctim marked 3 inline comments as done.

update

hctim updated this revision to Diff 435669.Jun 9 2022, 1:51 PM

Remove two unnecessary braces.

hctim updated this revision to Diff 435671.Jun 9 2022, 1:52 PM

And some small diff-reducing touch ups

vitalybuka added inline comments.Jun 10 2022, 5:56 PM
clang/lib/CodeGen/SanitizerMetadata.cpp
35

Prefer return value to output parameters:

SanitizerMask expandKernelSanitizerMasks(SanitizerMask Mask) {
  if (Mask & (SanitizerKind::Address | SanitizerKind::KernelAddress))
    Mask |= SanitizerKind::Address | SanitizerKind::KernelAddress;
  return Mask;
}
102–103

you don't need both here after expansion

you can either remove expandKernelSanitizerMasks(&NoSanitizeAttrMask);
or SanitizerKind::KernelAddress from here

106

same

111

Meta.IsDynInit -> IsDynInit
they must be equal, and this legacy code better not use new Meta.

vitalybuka accepted this revision.Jun 10 2022, 5:56 PM
This revision is now accepted and ready to land.Jun 10 2022, 5:56 PM
hctim updated this revision to Diff 436484.Jun 13 2022, 11:17 AM
hctim marked 4 inline comments as done.

Final review touch-ups.

clang/lib/CodeGen/SanitizerMetadata.cpp
111

sure. in practice, Meta.IsDynInit is exactly equal to IsDynInit, but moved it back for now.

hctim updated this revision to Diff 436485.Jun 13 2022, 11:18 AM

Remove one unnecessary set of brackets before submit.

This revision was landed with ongoing or failed builds.Jun 13 2022, 11:19 AM
This revision was automatically updated to reflect the committed changes.
thakis added a subscriber: thakis.Jun 13 2022, 11:57 AM

Looks like this breaks tests on win: http://45.33.8.238/win/60022/step_7.txt

Please take a look and revert for now if takes a while to fix.

Thanks for the heads up. Reverted, and now re-landing. Unfortunately I don't have a Windows machine so I've made my best guesses about fixing (mostly seems to just symbol name mangling / global attributes that change on the windows target). I'll keep an eye on that specific bot but please let me know if I need to continue to whack-a-mole.

The reland broke fewer tests, but it still broke tests: http://45.33.8.238/win/60026/step_7.txt

If you update the patch on here, the presubmit bot should also run windows tests, so you don't have to break main to find out if the patch works.

Ping – windows bots are still red.

Thanks for the successful whack-a-moling :)