This is an archive of the discontinued LLVM Phabricator instance.

[DFSan] Add callback that allows to track which function tainted data reaches
ClosedPublic

Authored by clg on Dec 7 2022, 8:03 AM.

Diff Detail

Event Timeline

clg created this revision.Dec 7 2022, 8:03 AM
Herald added a project: Restricted Project. · View Herald TranscriptDec 7 2022, 8:03 AM
clg requested review of this revision.Dec 7 2022, 8:03 AM
Herald added a project: Restricted Project. · View Herald TranscriptDec 7 2022, 8:03 AM
Herald added subscribers: llvm-commits, Restricted Project. · View Herald Transcript
browneee added inline comments.Dec 7 2022, 10:35 AM
compiler-rt/test/dfsan/reaches_function.c
5

Can you make this test build and run a second time with origin tracking enabled?
e.g. https://github.com/llvm/llvm-project/blob/91b38c6aaddefabad2a4c959ea3865e356761ed5/compiler-rt/test/dfsan/flush.c#L3

When origin tracking is enabled (use #ifdef), you could also call dfsan_print_origin_id_trace and add filecheck expectations for that output.

21–22

It may be a better approach to:

  • print the file,line,function here
  • pipe the output into filecheck
  • add filecheck expectations to match for the printed lines, put them at each function and use [[@LINE-1]]

The advantages of this would be:

clg updated this revision to Diff 481214.Dec 8 2022, 2:24 AM

addressing comments

clg updated this revision to Diff 481266.Dec 8 2022, 6:51 AM

fix test

clg marked 2 inline comments as done.Dec 8 2022, 9:12 AM
browneee added inline comments.Dec 8 2022, 9:53 AM
compiler-rt/test/dfsan/reaches_function.c
53

To clarify, this is triggered by the tainted value is returned from add?

Should we expect the location to be here-1 because it should be the line number of the containing function, or should the line number be down at 60?

llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp
1061–1065

Should this attempt to use debug information from Instruction &I (the instruction where this occurs), rather than just using the debug loc for the containing function?

clg updated this revision to Diff 481447.Dec 8 2022, 2:25 PM

addressing comments

compiler-rt/test/dfsan/reaches_function.c
53

changed it, see other comment.

llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp
1061–1065

Sure, we might as well give more fine-grained information on where the access took place.

clg marked 2 inline comments as done.Dec 9 2022, 12:04 AM
browneee accepted this revision.Dec 9 2022, 12:36 PM

LGTM.

Test failures look unrelated, but rebasing might make it green again.

Let me know if you'd like me to commit it for you.

This revision is now accepted and ready to land.Dec 9 2022, 12:36 PM
clg added a comment.Dec 9 2022, 3:01 PM

That would be very much appreciated :)

This revision was landed with ongoing or failed builds.Dec 11 2022, 11:10 PM
This revision was automatically updated to reflect the committed changes.