This is an archive of the discontinued LLVM Phabricator instance.

Differential D136197

[ASAN] Don't inline when -asan-max-inline-poisoning-size=0
ClosedPublic

Authored by rsundahl on Oct 18 2022, 12:45 PM.

Details

Reviewers
dcoughlin
kubamracek
thetruestblue
usama54321
wrotki
yln
kcc
vitalybuka
jyknight
Commits
rG0c35b6165ccc: [ASAN] Don't inline when -asan-max-inline-poisoning-size=0
Summary

When -asan-max-inline-poisoning-size=0, all shadow memory access should be
outlined (through asan calls). This was not occuring when partial poisoning
was required on the right side of a variable's redzone. This diff contains
the changes necessary to implement and utilize asan_set_shadow_01() through
asan_set_shadow_07(). The change is necessary for the full abstraction of
the asan implementation and will enable experimentation with alternate strategies.

Diff Detail

Event Timeline

rsundahl created this revision.Oct 18 2022, 12:45 PM
Herald added a project: Restricted Project. · View Herald TranscriptOct 18 2022, 12:45 PM
Herald added subscribers: Enna1, hiraditya. · View Herald Transcript
rsundahl requested review of this revision.Oct 18 2022, 12:45 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptOct 18 2022, 12:45 PM
Herald added subscribers: llvm-commits, Restricted Project. · View Herald Transcript
rsundahl updated this revision to Diff 468671.Oct 18 2022, 12:56 PM

Remove debugging code.

rsundahl added a reviewer: kcc.Oct 18 2022, 1:10 PM
rsundahl added reviewers: vitalybuka, jyknight.Oct 18 2022, 1:47 PM
vitalybuka added a comment.Oct 18 2022, 1:59 PM

the patch is technically correct
however ___asan_set_shadow_* where introduced to workaround some backed issues to handle huge functions. ___asan_set_shadow_01 can't be repeated, so likely outlining will cost more then inlining

Which arch is your target? On ARM HWASAN is better tool to detect same kind of bugs.

compiler-rt/test/asan/TestCases/set_shadow_test.c
16–22

if we want to optimize, these can't have anything other than 1 as size

38

remove new line

Harbormaster completed remote builds in B192835: Diff 468671.Oct 18 2022, 2:09 PM
rsundahl added inline comments.Oct 20 2022, 8:49 AM
compiler-rt/test/asan/TestCases/set_shadow_test.c
16–22

Good value @vitalybuka. Thank you. I put asserts on the implementation side (compiler-rt/lib/asan/asan_poisoning.cpp) where I expect never to get anything but single byte partial poisoning calls but I will firm that up where the optimizer can see it.

rsundahl updated this revision to Diff 469252.Oct 20 2022, 9:11 AM

(Removed blank line)

rsundahl marked an inline comment as done.Oct 20 2022, 9:12 AM
Harbormaster completed remote builds in B193253: Diff 469252.Oct 20 2022, 9:57 AM
rsundahl added inline comments.Oct 20 2022, 11:16 AM
compiler-rt/test/asan/TestCases/set_shadow_test.c
16–22

Rather than having a mix of one and two parameter functions right now, I'm leaning toward possibly adding both one and two parameter versions of all of the __asan_set_shadow_xx() calls, and using the one parameter calls (implied single byte) when I know I can. Would you be ok with deferring any action on this for now @vitalybuka?

rsundahl updated this revision to Diff 469357.Oct 20 2022, 2:15 PM

Changed -pass=asan-pass to -pass=asan

Harbormaster completed remote builds in B193329: Diff 469357.Oct 20 2022, 3:06 PM
vitalybuka accepted this revision.Oct 20 2022, 3:55 PM
vitalybuka added inline comments.
compiler-rt/test/asan/TestCases/set_shadow_test.c
16–22

Deferring should be fine. There is a tiny risk to be affected by Hyrum's Law, but I guess we will find workaround.

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
2898

assert(AsanSetShadowFunc[Val])?

This revision is now accepted and ready to land.Oct 20 2022, 3:55 PM
vitalybuka added a comment.Oct 20 2022, 3:58 PM

LGTM
Note: For existing code, with default ClMaxInlinePoisoningSize = 64, probability to hit any on new callbacks close to zero.

rsundahl updated this revision to Diff 469404.Oct 20 2022, 4:35 PM

clang-format nits

kubamracek accepted this revision.Oct 21 2022, 8:03 AM
kubamracek added inline comments.
llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
2898

Sounds like a good idea... @rsundahl ?

rsundahl added inline comments.Oct 21 2022, 11:42 AM
llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
2898

It has to stay because it's a fallback if there isn't a function to call. While it's true that for -asan-mapping-scale=3, we have all the possibilities covered, we don't at higher scales. For example, we needed 0x08..0x0F for -asan-mapping-scale=4, 0x08..0x1F for -asan-mapping-scale=5, etc. up to 0x08..0xFF for -asan-mapping-scale=8. (Not sure that any of this works at scales higher than 8 tbh.) Frankly, I think that passing the constant to a generic routine would be as good in practice, reduce the number of one-off functions and work for -asan-mapping-scale up to 8. @vitalybuka and @kubamracek , what do you think? My sense is to make a __asan_set_shadow1(address, value) and kill two birds with one stone.

Harbormaster completed remote builds in B193363: Diff 469404.Oct 21 2022, 11:48 AM
This revision was landed with ongoing or failed builds.Oct 24 2022, 2:27 PM
Closed by commit rG0c35b6165ccc: [ASAN] Don't inline when -asan-max-inline-poisoning-size=0 (authored by rsundahl). · Explain Why
This revision was automatically updated to reflect the committed changes.
rsundahl added a commit: rG0c35b6165ccc: [ASAN] Don't inline when -asan-max-inline-poisoning-size=0.
rsundahl mentioned this in D136645: [ASAN] Remove asserts introduced in https://reviews.llvm.org/D136197.Oct 24 2022, 4:05 PM
rsundahl mentioned this in rGd39486ddd5b4: [ASAN] Remove asserts introduced in https://reviews.llvm.org/D136197.Oct 24 2022, 5:34 PM
rsundahl mentioned this in D137178: [asan] Add missing __asan_set_shadow_0x() calls..Nov 1 2022, 10:58 AM
rsundahl mentioned this in rG37a25b48e1ad: [asan] Add missing __asan_set_shadow_0x() calls..Nov 1 2022, 11:16 AM

Revision Contents

PathSize
compiler-rt/
lib/
asan/
7 lines
14 lines
37 lines
17 lines
tests/
21 lines
test/
asan/
TestCases/
35 lines
llvm/
lib/
Transforms/
Instrumentation/
3 lines
test/
Instrumentation/
AddressSanitizer/
55 lines

Diff 470291

compiler-rt/lib/asan/asan_interface.inc

Show First 20 LinesShow All 102 Lines▼ Show 20 Lines
INTERFACE_FUNCTION(__asan_report_store2_noabort) INTERFACE_FUNCTION(__asan_report_store2_noabort)
INTERFACE_FUNCTION(__asan_report_store4_noabort) INTERFACE_FUNCTION(__asan_report_store4_noabort)
INTERFACE_FUNCTION(__asan_report_store8_noabort) INTERFACE_FUNCTION(__asan_report_store8_noabort)
INTERFACE_FUNCTION(__asan_report_store16_noabort) INTERFACE_FUNCTION(__asan_report_store16_noabort)
INTERFACE_FUNCTION(__asan_report_store_n_noabort) INTERFACE_FUNCTION(__asan_report_store_n_noabort)
INTERFACE_FUNCTION(__asan_set_death_callback) INTERFACE_FUNCTION(__asan_set_death_callback)
INTERFACE_FUNCTION(__asan_set_error_report_callback) INTERFACE_FUNCTION(__asan_set_error_report_callback)
INTERFACE_FUNCTION(__asan_set_shadow_00) INTERFACE_FUNCTION(__asan_set_shadow_00)
INTERFACE_FUNCTION(__asan_set_shadow_01)
INTERFACE_FUNCTION(__asan_set_shadow_02)
INTERFACE_FUNCTION(__asan_set_shadow_03)
INTERFACE_FUNCTION(__asan_set_shadow_04)
INTERFACE_FUNCTION(__asan_set_shadow_05)
INTERFACE_FUNCTION(__asan_set_shadow_06)
INTERFACE_FUNCTION(__asan_set_shadow_07)
INTERFACE_FUNCTION(__asan_set_shadow_f1) INTERFACE_FUNCTION(__asan_set_shadow_f1)
INTERFACE_FUNCTION(__asan_set_shadow_f2) INTERFACE_FUNCTION(__asan_set_shadow_f2)
INTERFACE_FUNCTION(__asan_set_shadow_f3) INTERFACE_FUNCTION(__asan_set_shadow_f3)
INTERFACE_FUNCTION(__asan_set_shadow_f5) INTERFACE_FUNCTION(__asan_set_shadow_f5)
INTERFACE_FUNCTION(__asan_set_shadow_f8) INTERFACE_FUNCTION(__asan_set_shadow_f8)
INTERFACE_FUNCTION(__asan_stack_free_0) INTERFACE_FUNCTION(__asan_stack_free_0)
INTERFACE_FUNCTION(__asan_stack_free_1) INTERFACE_FUNCTION(__asan_stack_free_1)
INTERFACE_FUNCTION(__asan_stack_free_2) INTERFACE_FUNCTION(__asan_stack_free_2)
▲ Show 20 LinesShow All 64 LinesShow Last 20 Lines

compiler-rt/lib/asan/asan_interface_internal.h

Show First 20 LinesShow All 84 Lines▼ Show 20 Linesextern "C" {
void __asan_before_dynamic_init(const char *module_name); void __asan_before_dynamic_init(const char *module_name);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __asan_after_dynamic_init(); void __asan_after_dynamic_init();
// Sets bytes of the given range of the shadow memory into specific value. // Sets bytes of the given range of the shadow memory into specific value.
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __asan_set_shadow_00(uptr addr, uptr size); void __asan_set_shadow_00(uptr addr, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __asan_set_shadow_01(uptr addr, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE
void __asan_set_shadow_02(uptr addr, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE
void __asan_set_shadow_03(uptr addr, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE
void __asan_set_shadow_04(uptr addr, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE
void __asan_set_shadow_05(uptr addr, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE
void __asan_set_shadow_06(uptr addr, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE
void __asan_set_shadow_07(uptr addr, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE
void __asan_set_shadow_f1(uptr addr, uptr size); void __asan_set_shadow_f1(uptr addr, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __asan_set_shadow_f2(uptr addr, uptr size); void __asan_set_shadow_f2(uptr addr, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __asan_set_shadow_f3(uptr addr, uptr size); void __asan_set_shadow_f3(uptr addr, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __asan_set_shadow_f5(uptr addr, uptr size); void __asan_set_shadow_f5(uptr addr, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
▲ Show 20 LinesShow All 160 LinesShow Last 20 Lines

compiler-rt/lib/asan/asan_poisoning.cpp

//===-- asan_poisoning.cpp ------------------------------------------------===// //===-- asan_poisoning.cpp ------------------------------------------------===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// This file is a part of AddressSanitizer, an address sanity checker. // This file is a part of AddressSanitizer, an address sanity checker.
// //
// Shadow memory poisoning by ASan RTL and by user application. // Shadow memory poisoning by ASan RTL and by user application.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "asan_poisoning.h" #include "asan_poisoning.h"
#include <assert.h>
#include "asan_report.h" #include "asan_report.h"
#include "asan_stack.h" #include "asan_stack.h"
#include "sanitizer_common/sanitizer_atomic.h" #include "sanitizer_common/sanitizer_atomic.h"
#include "sanitizer_common/sanitizer_flags.h" #include "sanitizer_common/sanitizer_flags.h"
#include "sanitizer_common/sanitizer_interface_internal.h" #include "sanitizer_common/sanitizer_interface_internal.h"
#include "sanitizer_common/sanitizer_libc.h" #include "sanitizer_common/sanitizer_libc.h"
namespace __asan { namespace __asan {
▲ Show 20 LinesShow All 283 Lines▼ Show 20 Lines if (end_value != 0)
*shadow_end = Max(end_value, end_offset); *shadow_end = Max(end_value, end_offset);
} }
} }
void __asan_set_shadow_00(uptr addr, uptr size) { void __asan_set_shadow_00(uptr addr, uptr size) {
REAL(memset)((void *)addr, 0, size); REAL(memset)((void *)addr, 0, size);
} }
void __asan_set_shadow_01(uptr addr, uptr size) {
assert(size == 1);
REAL(memset)((void *)addr, 0x01, size);
}
void __asan_set_shadow_02(uptr addr, uptr size) {
assert(size == 1);
REAL(memset)((void *)addr, 0x02, size);
}
void __asan_set_shadow_03(uptr addr, uptr size) {
assert(size == 1);
REAL(memset)((void *)addr, 0x03, size);
}
void __asan_set_shadow_04(uptr addr, uptr size) {
assert(size == 1);
REAL(memset)((void *)addr, 0x04, size);
}
void __asan_set_shadow_05(uptr addr, uptr size) {
assert(size == 1);
REAL(memset)((void *)addr, 0x05, size);
}
void __asan_set_shadow_06(uptr addr, uptr size) {
assert(size == 1);
REAL(memset)((void *)addr, 0x06, size);
}
void __asan_set_shadow_07(uptr addr, uptr size) {
assert(size == 1);
REAL(memset)((void *)addr, 0x07, size);
}
void __asan_set_shadow_f1(uptr addr, uptr size) { void __asan_set_shadow_f1(uptr addr, uptr size) {
REAL(memset)((void *)addr, 0xf1, size); REAL(memset)((void *)addr, 0xf1, size);
} }
void __asan_set_shadow_f2(uptr addr, uptr size) { void __asan_set_shadow_f2(uptr addr, uptr size) {
REAL(memset)((void *)addr, 0xf2, size); REAL(memset)((void *)addr, 0xf2, size);
} }
▲ Show 20 LinesShow All 129 LinesShow Last 20 Lines

compiler-rt/lib/asan/asan_rtl.cpp

Show First 20 LinesShow All 282 Lines▼ Show 20 Lines switch (fake_condition) {
case 32: __asan_unpoison_memory_region(nullptr, 0); break; case 32: __asan_unpoison_memory_region(nullptr, 0); break;
case 34: __asan_before_dynamic_init(nullptr); break; case 34: __asan_before_dynamic_init(nullptr); break;
case 35: __asan_after_dynamic_init(); break; case 35: __asan_after_dynamic_init(); break;
case 36: __asan_poison_stack_memory(0, 0); break; case 36: __asan_poison_stack_memory(0, 0); break;
case 37: __asan_unpoison_stack_memory(0, 0); break; case 37: __asan_unpoison_stack_memory(0, 0); break;
case 38: __asan_region_is_poisoned(0, 0); break; case 38: __asan_region_is_poisoned(0, 0); break;
case 39: __asan_describe_address(0); break; case 39: __asan_describe_address(0); break;
case 40: __asan_set_shadow_00(0, 0); break; case 40: __asan_set_shadow_00(0, 0); break;
case 41: __asan_set_shadow_f1(0, 0); break; case 41: __asan_set_shadow_01(0, 0); break;
case 42: __asan_set_shadow_f2(0, 0); break; case 42: __asan_set_shadow_02(0, 0); break;
case 43: __asan_set_shadow_f3(0, 0); break; case 43: __asan_set_shadow_03(0, 0); break;
case 44: __asan_set_shadow_f5(0, 0); break; case 44: __asan_set_shadow_04(0, 0); break;
case 45: __asan_set_shadow_f8(0, 0); break; case 45: __asan_set_shadow_05(0, 0); break;
case 46: __asan_set_shadow_06(0, 0); break;
case 47: __asan_set_shadow_07(0, 0); break;
case 48: __asan_set_shadow_f1(0, 0); break;
case 49: __asan_set_shadow_f2(0, 0); break;
case 50: __asan_set_shadow_f3(0, 0); break;
case 51: __asan_set_shadow_f5(0, 0); break;
case 52: __asan_set_shadow_f8(0, 0); break;
} }
// clang-format on // clang-format on
} }
static void asan_atexit() { static void asan_atexit() {
Printf("AddressSanitizer exit stats:\n"); Printf("AddressSanitizer exit stats:\n");
__asan_print_accumulated_stats(); __asan_print_accumulated_stats();
// Print AsanMappingProfile. // Print AsanMappingProfile.
▲ Show 20 LinesShow All 311 LinesShow Last 20 Lines

compiler-rt/lib/asan/tests/asan_internal_interface_test.cpp

Show All 13 Lines
#include <vector> #include <vector>
TEST(AddressSanitizerInternalInterface, SetShadow) { TEST(AddressSanitizerInternalInterface, SetShadow) {
std::vector<char> buffer(17, 0xff); std::vector<char> buffer(17, 0xff);
__asan_set_shadow_00((uptr)buffer.data(), buffer.size()); __asan_set_shadow_00((uptr)buffer.data(), buffer.size());
EXPECT_EQ(std::vector<char>(buffer.size(), 0x00), buffer); EXPECT_EQ(std::vector<char>(buffer.size(), 0x00), buffer);
__asan_set_shadow_01((uptr)buffer.data(), buffer.size());
EXPECT_EQ(std::vector<char>(buffer.size(), 0x01), buffer);
__asan_set_shadow_02((uptr)buffer.data(), buffer.size());
EXPECT_EQ(std::vector<char>(buffer.size(), 0x02), buffer);
__asan_set_shadow_03((uptr)buffer.data(), buffer.size());
EXPECT_EQ(std::vector<char>(buffer.size(), 0x03), buffer);
__asan_set_shadow_04((uptr)buffer.data(), buffer.size());
EXPECT_EQ(std::vector<char>(buffer.size(), 0x04), buffer);
__asan_set_shadow_05((uptr)buffer.data(), buffer.size());
EXPECT_EQ(std::vector<char>(buffer.size(), 0x05), buffer);
__asan_set_shadow_06((uptr)buffer.data(), buffer.size());
EXPECT_EQ(std::vector<char>(buffer.size(), 0x06), buffer);
__asan_set_shadow_07((uptr)buffer.data(), buffer.size());
EXPECT_EQ(std::vector<char>(buffer.size(), 0x07), buffer);
__asan_set_shadow_f1((uptr)buffer.data(), buffer.size()); __asan_set_shadow_f1((uptr)buffer.data(), buffer.size());
EXPECT_EQ(std::vector<char>(buffer.size(), 0xf1), buffer); EXPECT_EQ(std::vector<char>(buffer.size(), 0xf1), buffer);
__asan_set_shadow_f2((uptr)buffer.data(), buffer.size()); __asan_set_shadow_f2((uptr)buffer.data(), buffer.size());
EXPECT_EQ(std::vector<char>(buffer.size(), 0xf2), buffer); EXPECT_EQ(std::vector<char>(buffer.size(), 0xf2), buffer);
__asan_set_shadow_f3((uptr)buffer.data(), buffer.size()); __asan_set_shadow_f3((uptr)buffer.data(), buffer.size());
EXPECT_EQ(std::vector<char>(buffer.size(), 0xf3), buffer); EXPECT_EQ(std::vector<char>(buffer.size(), 0xf3), buffer);
__asan_set_shadow_f5((uptr)buffer.data(), buffer.size()); __asan_set_shadow_f5((uptr)buffer.data(), buffer.size());
EXPECT_EQ(std::vector<char>(buffer.size(), 0xf5), buffer); EXPECT_EQ(std::vector<char>(buffer.size(), 0xf5), buffer);
__asan_set_shadow_f8((uptr)buffer.data(), buffer.size()); __asan_set_shadow_f8((uptr)buffer.data(), buffer.size());
EXPECT_EQ(std::vector<char>(buffer.size(), 0xf8), buffer); EXPECT_EQ(std::vector<char>(buffer.size(), 0xf8), buffer);
} }

compiler-rt/test/asan/TestCases/set_shadow_test.c

// RUN: %clang_asan -O0 %s -o %t // RUN: %clang_asan -O0 %s -o %t
// RUN: %run %t 0x00 2>&1 | FileCheck %s -check-prefix=X00 // RUN: %run %t 0x00 2>&1 | FileCheck %s -check-prefix=X00
// RUN: not %run %t 0xf1 2>&1 | FileCheck %s -check-prefix=XF1 // RUN: not %run %t 0xf1 2>&1 | FileCheck %s -check-prefix=XF1
// RUN: not %run %t 0xf2 2>&1 | FileCheck %s -check-prefix=XF2 // RUN: not %run %t 0xf2 2>&1 | FileCheck %s -check-prefix=XF2
// RUN: not %run %t 0xf3 2>&1 | FileCheck %s -check-prefix=XF3 // RUN: not %run %t 0xf3 2>&1 | FileCheck %s -check-prefix=XF3
// RUN: not %run %t 0xf5 2>&1 | FileCheck %s -check-prefix=XF5 // RUN: not %run %t 0xf5 2>&1 | FileCheck %s -check-prefix=XF5
// RUN: not %run %t 0xf8 2>&1 | FileCheck %s -check-prefix=XF8 // RUN: not %run %t 0xf8 2>&1 | FileCheck %s -check-prefix=XF8
#include <assert.h> #include <assert.h>
#include <sanitizer/asan_interface.h> #include <sanitizer/asan_interface.h>
#include <stddef.h> #include <stddef.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
void __asan_set_shadow_00(size_t addr, size_t size); void __asan_set_shadow_00(size_t addr, size_t size);
void __asan_set_shadow_01(size_t addr, size_t size);
void __asan_set_shadow_02(size_t addr, size_t size);
void __asan_set_shadow_03(size_t addr, size_t size);
void __asan_set_shadow_04(size_t addr, size_t size);
void __asan_set_shadow_05(size_t addr, size_t size);
void __asan_set_shadow_06(size_t addr, size_t size);
void __asan_set_shadow_07(size_t addr, size_t size);
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

if we want to optimize, these can't have anything other than 1 as size

vitalybuka: if we want to optimize, these can't have anything other than 1 as size
rsundahlAuthorUnsubmitted
Not Done
ReplyInline Actions

Good value @vitalybuka. Thank you. I put asserts on the implementation side (compiler-rt/lib/asan/asan_poisoning.cpp) where I expect never to get anything but single byte partial poisoning calls but I will firm that up where the optimizer can see it.

rsundahl: Good value @vitalybuka. Thank you. I put asserts on the implementation side (compiler…
rsundahlAuthorUnsubmitted
Done
ReplyInline Actions

Rather than having a mix of one and two parameter functions right now, I'm leaning toward possibly adding both one and two parameter versions of all of the __asan_set_shadow_xx() calls, and using the one parameter calls (implied single byte) when I know I can. Would you be ok with deferring any action on this for now @vitalybuka?

rsundahl: Rather than having a mix of one and two parameter functions right now, I'm leaning toward…
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

Deferring should be fine. There is a tiny risk to be affected by Hyrum's Law, but I guess we will find workaround.

vitalybuka: Deferring should be fine. There is a tiny risk to be affected by Hyrum's Law, but I guess we…
void __asan_set_shadow_f1(size_t addr, size_t size); void __asan_set_shadow_f1(size_t addr, size_t size);
void __asan_set_shadow_f2(size_t addr, size_t size); void __asan_set_shadow_f2(size_t addr, size_t size);
void __asan_set_shadow_f3(size_t addr, size_t size); void __asan_set_shadow_f3(size_t addr, size_t size);
void __asan_set_shadow_f5(size_t addr, size_t size); void __asan_set_shadow_f5(size_t addr, size_t size);
void __asan_set_shadow_f8(size_t addr, size_t size); void __asan_set_shadow_f8(size_t addr, size_t size);
char* a; char* a;
void f(long arg) { void f(long arg) {
size_t shadow_offset; size_t shadow_offset;
size_t shadow_scale; size_t shadow_scale;
__asan_get_shadow_mapping(&shadow_scale, &shadow_offset); __asan_get_shadow_mapping(&shadow_scale, &shadow_offset);
size_t addr = (((size_t)a) >> shadow_scale) + shadow_offset; size_t addr = (((size_t)a) >> shadow_scale) + shadow_offset;
switch (arg) { switch (arg) {
// X00-NOT: AddressSanitizer // X00-NOT: AddressSanitizer
vitalybukaUnsubmitted
Done
ReplyInline Actions

remove new line

vitalybuka: remove new line
// X00: PASS // X00: PASS
case 0x00: case 0x00:
return __asan_set_shadow_00(addr, 1); return __asan_set_shadow_00(addr, 1);
// X01: AddressSanitizer: stack-buffer-overflow
// X01: [01]
case 0x01:
return __asan_set_shadow_01(addr, 1);
// X02: AddressSanitizer: stack-buffer-overflow
// X02: [02]
case 0x02:
return __asan_set_shadow_02(addr, 1);
// X03: AddressSanitizer: stack-buffer-overflow
// X03: [03]
case 0x03:
return __asan_set_shadow_03(addr, 1);
// X04: AddressSanitizer: stack-buffer-overflow
// X04: [04]
case 0x04:
return __asan_set_shadow_04(addr, 1);
// X05: AddressSanitizer: stack-buffer-overflow
// X05: [05]
case 0x05:
return __asan_set_shadow_05(addr, 1);
// X06: AddressSanitizer: stack-buffer-overflow
// X06: [06]
case 0x06:
return __asan_set_shadow_06(addr, 1);
// X07: AddressSanitizer: stack-buffer-overflow
// X07: [07]
case 0x07:
return __asan_set_shadow_07(addr, 1);
// XF1: AddressSanitizer: stack-buffer-underflow // XF1: AddressSanitizer: stack-buffer-underflow
// XF1: [f1] // XF1: [f1]
case 0xf1: case 0xf1:
return __asan_set_shadow_f1(addr, 1); return __asan_set_shadow_f1(addr, 1);
// XF2: AddressSanitizer: stack-buffer-overflow // XF2: AddressSanitizer: stack-buffer-overflow
// XF2: [f2] // XF2: [f2]
case 0xf2: case 0xf2:
return __asan_set_shadow_f2(addr, 1); return __asan_set_shadow_f2(addr, 1);
Show All 26 Lines

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp

Show First 20 LinesShow All 2,803 Lines▼ Show 20 Linesvoid FunctionStackPoisoner::initializeCallbacks(Module &M) {
} }
if (ASan.UseAfterScope) { if (ASan.UseAfterScope) {
AsanPoisonStackMemoryFunc = M.getOrInsertFunction( AsanPoisonStackMemoryFunc = M.getOrInsertFunction(
kAsanPoisonStackMemoryName, IRB.getVoidTy(), IntptrTy, IntptrTy); kAsanPoisonStackMemoryName, IRB.getVoidTy(), IntptrTy, IntptrTy);
AsanUnpoisonStackMemoryFunc = M.getOrInsertFunction( AsanUnpoisonStackMemoryFunc = M.getOrInsertFunction(
kAsanUnpoisonStackMemoryName, IRB.getVoidTy(), IntptrTy, IntptrTy); kAsanUnpoisonStackMemoryName, IRB.getVoidTy(), IntptrTy, IntptrTy);
} }
for (size_t Val : {0x00, 0xf1, 0xf2, 0xf3, 0xf5, 0xf8}) { for (size_t Val : {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0xf1, 0xf2,
0xf3, 0xf5, 0xf8}) {
std::ostringstream Name; std::ostringstream Name;
Name << kAsanSetShadowPrefix; Name << kAsanSetShadowPrefix;
Name << std::setw(2) << std::setfill('0') << std::hex << Val; Name << std::setw(2) << std::setfill('0') << std::hex << Val;
AsanSetShadowFunc[Val] = AsanSetShadowFunc[Val] =
M.getOrInsertFunction(Name.str(), IRB.getVoidTy(), IntptrTy, IntptrTy); M.getOrInsertFunction(Name.str(), IRB.getVoidTy(), IntptrTy, IntptrTy);
} }
AsanAllocaPoisonFunc = M.getOrInsertFunction( AsanAllocaPoisonFunc = M.getOrInsertFunction(
▲ Show 20 LinesShow All 68 Lines▼ Show 20 Linesvoid FunctionStackPoisoner::copyToShadow(ArrayRef<uint8_t> ShadowMask,
assert(ShadowMask.size() == ShadowBytes.size()); assert(ShadowMask.size() == ShadowBytes.size());
size_t Done = Begin; size_t Done = Begin;
for (size_t i = Begin, j = Begin + 1; i < End; i = j++) { for (size_t i = Begin, j = Begin + 1; i < End; i = j++) {
if (!ShadowMask[i]) { if (!ShadowMask[i]) {
assert(!ShadowBytes[i]); assert(!ShadowBytes[i]);
continue; continue;
} }
uint8_t Val = ShadowBytes[i]; uint8_t Val = ShadowBytes[i];
if (!AsanSetShadowFunc[Val]) if (!AsanSetShadowFunc[Val])
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

assert(AsanSetShadowFunc[Val])?

vitalybuka: assert(AsanSetShadowFunc[Val])?
kubamracekUnsubmitted
Not Done
ReplyInline Actions

Sounds like a good idea... @rsundahl ?

kubamracek: Sounds like a good idea... @rsundahl ?
rsundahlAuthorUnsubmitted
Done
ReplyInline Actions

It has to stay because it's a fallback if there isn't a function to call. While it's true that for -asan-mapping-scale=3, we have all the possibilities covered, we don't at higher scales. For example, we needed 0x08..0x0F for -asan-mapping-scale=4, 0x08..0x1F for -asan-mapping-scale=5, etc. up to 0x08..0xFF for -asan-mapping-scale=8. (Not sure that any of this works at scales higher than 8 tbh.) Frankly, I think that passing the constant to a generic routine would be as good in practice, reduce the number of one-off functions and work for -asan-mapping-scale up to 8. @vitalybuka and @kubamracek , what do you think? My sense is to make a __asan_set_shadow1(address, value) and kill two birds with one stone.

rsundahl: It has to stay because it's a fallback if there isn't a function to call. While it's true that…
continue; continue;
// Skip same values. // Skip same values.
for (; j < End && ShadowMask[j] && Val == ShadowBytes[j]; ++j) { for (; j < End && ShadowMask[j] && Val == ShadowBytes[j]; ++j) {
} }
if (j - i >= ClMaxInlinePoisoningSize) { if (j - i >= ClMaxInlinePoisoningSize) {
copyToShadowInline(ShadowMask, ShadowBytes, Done, i, IRB, ShadowBase); copyToShadowInline(ShadowMask, ShadowBytes, Done, i, IRB, ShadowBase);
▲ Show 20 LinesShow All 550 LinesShow Last 20 Lines

llvm/test/Instrumentation/AddressSanitizer/calls-only.ll

  • This file was added.
; RUN: opt < %s -passes=asan -asan-max-inline-poisoning-size=0 -asan-stack-dynamic-alloca=0 -S | FileCheck --check-prefix=OUTLINE %s
; RUN: opt < %s -passes=asan -asan-max-inline-poisoning-size=999 -asan-stack-dynamic-alloca=0 -S | FileCheck --check-prefix=INLINE %s
target datalayout = "e-m:o-i64:64-i128:128-n32:64-S128"
target triple = "arm64-apple-macosx13.0.0"
; Function Attrs: noinline nounwind optnone sanitize_address ssp uwtable(sync)
define void @foo() #0 {
entry:
%array01 = alloca [1 x i8], align 1
%array02 = alloca [2 x i8], align 1
%array03 = alloca [3 x i8], align 1
%array04 = alloca [4 x i8], align 1
%array05 = alloca [5 x i8], align 1
%array06 = alloca [6 x i8], align 1
%array07 = alloca [7 x i8], align 1
; OUTLINE: call void @__asan_set_shadow_f1(i64 %33, i64 4)
; OUTLINE: call void @__asan_set_shadow_01(i64 %34, i64 1)
; OUTLINE: call void @__asan_set_shadow_f2(i64 %35, i64 1)
; OUTLINE: call void @__asan_set_shadow_02(i64 %36, i64 1)
; OUTLINE: call void @__asan_set_shadow_f2(i64 %37, i64 1)
; OUTLINE: call void @__asan_set_shadow_03(i64 %38, i64 1)
; OUTLINE: call void @__asan_set_shadow_f2(i64 %39, i64 1)
; OUTLINE: call void @__asan_set_shadow_04(i64 %40, i64 1)
; OUTLINE: call void @__asan_set_shadow_f2(i64 %41, i64 1)
; OUTLINE: call void @__asan_set_shadow_05(i64 %42, i64 1)
; OUTLINE: call void @__asan_set_shadow_f2(i64 %43, i64 3)
; OUTLINE: call void @__asan_set_shadow_06(i64 %44, i64 1)
; OUTLINE: call void @__asan_set_shadow_f2(i64 %45, i64 3)
; OUTLINE: call void @__asan_set_shadow_07(i64 %46, i64 1)
; OUTLINE: call void @__asan_set_shadow_f3(i64 %47, i64 3)
; OUTLINE: call void @__asan_set_shadow_f5(i64 %134, i64 32)
; OUTLINE: call void @__asan_set_shadow_00(i64 %140, i64 24)
; INLINE: store i64 -1007977276409515535, ptr %34, align 1
; INLINE: store i64 -940423264817843709, ptr %36, align 1
; INLINE: store i64 -868083087686045178, ptr %38, align 1
%arrayidx = getelementptr inbounds [1 x i8], ptr %array01, i64 0, i64 1
store i8 1, ptr %arrayidx, align 1
%arrayidx1 = getelementptr inbounds [2 x i8], ptr %array02, i64 0, i64 2
store i8 2, ptr %arrayidx1, align 1
%arrayidx2 = getelementptr inbounds [3 x i8], ptr %array03, i64 0, i64 3
store i8 3, ptr %arrayidx2, align 1
%arrayidx3 = getelementptr inbounds [4 x i8], ptr %array04, i64 0, i64 4
store i8 4, ptr %arrayidx3, align 1
%arrayidx4 = getelementptr inbounds [5 x i8], ptr %array05, i64 0, i64 5
store i8 5, ptr %arrayidx4, align 1
%arrayidx5 = getelementptr inbounds [6 x i8], ptr %array06, i64 0, i64 6
store i8 6, ptr %arrayidx5, align 1
%arrayidx6 = getelementptr inbounds [7 x i8], ptr %array07, i64 0, i64 7
store i8 7, ptr %arrayidx6, align 1
; CHECK-NOT: store i64 -723401728380766731, ptr %126, align 1
ret void
}
attributes #0 = { noinline nounwind optnone sanitize_address ssp uwtable(sync) "frame-pointer"="non-leaf" "min-legal-vector-width"="0" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="apple-m1" "target-features"="+aes,+crc,+crypto,+dotprod,+fp-armv8,+fp16fml,+fullfp16,+lse,+neon,+ras,+rcpc,+rdm,+sha2,+sha3,+sm4,+v8.1a,+v8.2a,+v8.3a,+v8.4a,+v8.5a,+v8a,+zcm,+zcz" }