This is an archive of the discontinued LLVM Phabricator instance.

Differential D139661

[Sanitizers][CFG][arm64e] Fix test because -fsanitize-coverage=control-flow does not sign BB entry
ClosedPublic

Authored by thetruestblue on Dec 8 2022, 12:08 PM.

Details

Reviewers
kcc
vitalybuka
MaskRay
usama54321
paquette
yln
rsundahl
Commits
rGc6e83ddb37af: [Sanitizers][CFG][arm64e] Fix test because -fsanitize-coverage=control-flow…
Summary

-fsanitize-coverage=control-flow does not sign entries into basic blocks on arm64e. This test compares a local pointer to a function [signed] with the basic block pointer. Because the entry into the
basic block is unsigned the addresses being compared are signed and unsigned, causing the path never to be taken.
This is a "bandaid" to get this test passing. We strip the signed bits from the pointer to the local functions so that the comparisons pass.
Filed radar: rdar://103042879 to note the behavior.

context: https://github.com/llvm/llvm-project/blob/main/llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp#L1068

// blockaddress can not be used on function's entry block.
if (&BB == &F.getEntryBlock())
  CFs.push_back((Constant *)IRB.CreatePointerCast(&F, IntptrPtrTy));
else
  CFs.push_back((Constant *)IRB.CreatePointerCast(BlockAddress::get(&BB),
                                                  IntptrPtrTy));

BlockAddress::get is responsible for signing the pointer.

Because of:
https://reviews.llvm.org/D133157

rdar://103042879

Diff Detail

Event Timeline

thetruestblue created this revision.Dec 8 2022, 12:08 PM
Herald added a project: Restricted Project. · View Herald TranscriptDec 8 2022, 12:08 PM
Herald added subscribers: Enna1, StephenFan, kristof.beyls. · View Herald Transcript
thetruestblue requested review of this revision.Dec 8 2022, 12:08 PM
Herald added a project: Restricted Project. · View Herald TranscriptDec 8 2022, 12:08 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Harbormaster completed remote builds in B202045: Diff 481395.Dec 8 2022, 12:33 PM
vitalybuka accepted this revision.Dec 8 2022, 1:44 PM
vitalybuka added inline comments.
compiler-rt/test/sanitizer_common/TestCases/sanitizer_coverage_control_flow.cpp
11–13
59–62
This revision is now accepted and ready to land.Dec 8 2022, 1:44 PM
This revision was landed with ongoing or failed builds.Dec 12 2022, 8:33 PM
Closed by commit rGc6e83ddb37af: [Sanitizers][CFG][arm64e] Fix test because -fsanitize-coverage=control-flow… (authored by Blue Gaston <bgaston2@apple.com>). · Explain Why
This revision was automatically updated to reflect the committed changes.
Blue Gaston <bgaston2@apple.com> added a commit: rGc6e83ddb37af: [Sanitizers][CFG][arm64e] Fix test because -fsanitize-coverage=control-flow….

Revision Contents

PathSize
compiler-rt/
test/
sanitizer_common/
TestCases/
9 lines

Diff 482350

compiler-rt/test/sanitizer_common/TestCases/sanitizer_coverage_control_flow.cpp

// Tests -fsanitize-coverage=control-flow. // Tests -fsanitize-coverage=control-flow.
// REQUIRES: has_sancovcc,stable-runtime // REQUIRES: has_sancovcc,stable-runtime
// UNSUPPORTED: i386-darwin, x86_64-darwin // UNSUPPORTED: i386-darwin, x86_64-darwin
// RUN: %clangxx -O0 -std=c++11 -fsanitize-coverage=control-flow %s -o %t // RUN: %clangxx -O0 -std=c++11 -fsanitize-coverage=control-flow %s -o %t
// RUN: %run %t 2>&1 | FileCheck %s // RUN: %run %t 2>&1 | FileCheck %s
#include <cstdint> #include <cstdint>
#include <cstdio> #include <cstdio>
#if __has_feature(ptrauth_calls)
#include <ptrauth.h>
#else
vitalybukaUnsubmitted
Not Done
ReplyInline Actions
#include <cstdio>
#if __has_feature(ptrauth_calls)
#include <ptrauth.h>
+ #else
+ #define ptrauth_strip(__value, __key) (__value)
#endif
uintptr_t *CFS_BEG, *CFS_END;
vitalybuka:
#define ptrauth_strip(__value, __key) (__value)
#endif
uintptr_t *CFS_BEG, *CFS_END; uintptr_t *CFS_BEG, *CFS_END;
extern "C" void __sanitizer_cov_cfs_init(const uintptr_t *cfs_beg, extern "C" void __sanitizer_cov_cfs_init(const uintptr_t *cfs_beg,
const uintptr_t *cfs_end) { const uintptr_t *cfs_end) {
CFS_BEG = (uintptr_t *)cfs_beg; CFS_BEG = (uintptr_t *)cfs_beg;
CFS_END = (uintptr_t *)cfs_end; CFS_END = (uintptr_t *)cfs_end;
} }
Show All 27 Lines while (*pt) {
if (*pt == -1 && currBB != main_ptr) if (*pt == -1 && currBB != main_ptr)
printf("Indirect call matched.\n"); printf("Indirect call matched.\n");
pt++; pt++;
} }
pt++; pt++;
} }
} }
int main() { int main() {
auto main_ptr = &main; auto main_ptr = ptrauth_strip(&main, ptrauth_key_function_pointer);
auto foo_ptr = &foo; auto foo_ptr = ptrauth_strip(&foo, ptrauth_key_function_pointer);
int x = 10; int x = 10;
vitalybukaUnsubmitted
Not Done
ReplyInline Actions
int main() {
- auto main_ptr = &main;
- auto foo_ptr = &foo;
- #if __has_feature(ptrauth_calls)
- main_ptr = ptrauth_strip(&main, ptrauth_key_function_pointer);
- foo_ptr = ptrauth_strip(&foo, ptrauth_key_function_pointer);
- #endif
+ auto main_ptr = ptrauth_strip(&main, ptrauth_key_function_pointer);
+ auto foo_ptr = ptrauth_strip(&foo, ptrauth_key_function_pointer);
int x = 10;
vitalybuka:
if (x > 0) if (x > 0)
foo(x); foo(x);
else else
(*foo_ptr)(x); (*foo_ptr)(x);
check_cfs_section((uintptr_t)(*main_ptr), (uintptr_t)(*foo_ptr)); check_cfs_section((uintptr_t)(*main_ptr), (uintptr_t)(*foo_ptr));
Show All 10 Lines