This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
lldb/tools/debugserver/source/MacOSX/arm64/
-
tools/
-
debugserver/
-
source/
-
MacOSX/
-
arm64/
2/4
DNBArchImplARM64.cpp

Differential D140067

Fix an ASAN bug I introduced in debugserver, accessing off the end of an array intentionally
ClosedPublic

Authored by jasonmolenda on Dec 14 2022, 4:21 PM.

Download Raw Diff

Details

Reviewers

aprantl
JDevlieghere

Commits

rGda4e82753f31: Don't read off end of GPR register array to access fp/sp/lr/pc

Summary

In https://reviews.llvm.org/D136620 I needed to access fp/sp/pc/lr two different ways depending on the compile-time environment -- the headers name these registers differently, and the types are different so one of them needs to be cast. This was tiresome, so instead I indexed off of the array of general purpose registers right before them. ASAN expresses its displeasure with this shortcut.

Before my original patch, this code passed the register context in to the arm_thread_state64_get{sp,fp,lr,pc} and those macros handled this detail.

The ASAN CI bot does not build an in-tree debugserver and test with it, but when I looked into a bot test failure, I hit this first.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

jasonmolenda created this revision.Dec 14 2022, 4:21 PM

Herald added a project: Restricted Project. · View Herald TranscriptDec 14 2022, 4:21 PM

Herald added a subscriber: kristof.beyls. · View Herald Transcript

jasonmolenda requested review of this revision.Dec 14 2022, 4:21 PM

Herald added a subscriber: lldb-commits. · View Herald TranscriptDec 14 2022, 4:21 PM

Harbormaster completed remote builds in B203237: Diff 483025.Dec 14 2022, 4:24 PM

JDevlieghere added inline comments.Dec 14 2022, 5:21 PM

lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp
2026–2037	`reg` is a uint32_t so you could use a switch here: switch(reg) { case gpr_pc: ... }

jasonmolenda added inline comments.Dec 15 2022, 10:31 AM

lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp
2026–2037	I thought about that, but then I'd need a `break;` after each element and it was one extra line. I don't have a real preference, and this was shorter.

aprantl added inline comments.Dec 15 2022, 10:39 AM

lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp
2026–2037	If we are already micro-optimizing, I guess the resulting code would be shorter (and 100% UB-free) if it were uint64_t val = 0; switch(reg) { case gpr_pc: memcpy(&val, m_state.context.gpr.__opaque_pc); break; ... } value->value.uint64 = clear_pac_bits(val);

jasonmolenda added inline comments.Dec 15 2022, 12:41 PM

lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp
2026–2037	I don't have anything against using memcpy instead of the reinterpret_cast, but I don't see it being any clearer (IMO), and it doesn't reduce the code duplication - we still need separate lines for when the members are named __opaque_ and when not. If anyone feels it's clearer to use a switch statement and/or memcpy, I genuinely don't care either way, but I don't see it myself.

I think a switch case is easier to read (and spot things like missing cases) but this is code you own so go with the approach you like best. LGTM.

This revision is now accepted and ready to land.Dec 15 2022, 12:54 PM

Update the patch to use a case statement for fp/sp/lr/pc instead of conditionals; both Adrian and Jonas preferred it.

Harbormaster completed remote builds in B205767: Diff 486385.Jan 4 2023, 1:51 PM

Closed by commit rGda4e82753f31: Don't read off end of GPR register array to access fp/sp/lr/pc (authored by jasonmolenda). · Explain WhyJan 4 2023, 1:51 PM

This revision was automatically updated to reflect the committed changes.

jasonmolenda added a commit: rGda4e82753f31: Don't read off end of GPR register array to access fp/sp/lr/pc.

Revision Contents

Path

Size

lldb/

tools/

debugserver/

source/

MacOSX/

arm64/

DNBArchImplARM64.cpp

37 lines

Diff 486389

lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp

Show First 20 Lines • Show All 2,016 Lines • ▼ Show 20 Lines	if (GetRegisterState(set, false) != KERN_SUCCESS)
return false;		return false;

const DNBRegisterInfo *regInfo = m_thread->GetRegisterInfo(set, reg);		const DNBRegisterInfo *regInfo = m_thread->GetRegisterInfo(set, reg);
if (regInfo) {		if (regInfo) {
value->info = *regInfo;		value->info = *regInfo;
switch (set) {		switch (set) {
case e_regSetGPR:		case e_regSetGPR:
if (reg <= gpr_pc) {		if (reg <= gpr_pc) {
if (reg == gpr_pc \|\| reg == gpr_lr \|\| reg == gpr_sp \|\| reg == gpr_fp)		switch (reg) {
value->value.uint64 = clear_pac_bits(m_state.context.gpr.__x[reg]);		#if __has_feature(ptrauth_calls) && defined(__LP64__)
else		case gpr_pc:
		value->value.uint64 = clear_pac_bits(
		reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_pc));
		break;
		case gpr_lr:
		value->value.uint64 = clear_pac_bits(
		reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_lr));
		break;
		case gpr_sp:
		value->value.uint64 = clear_pac_bits(
		reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_sp));
		JDevlieghereUnsubmitted Not Done Reply Inline Actions `reg` is a uint32_t so you could use a switch here: switch(reg) { case gpr_pc: ... } JDevlieghere: `reg` is a uint32_t so you could use a switch here: ``` switch(reg) { case gpr_pc: ...
		jasonmolendaAuthorUnsubmitted Done Reply Inline Actions I thought about that, but then I'd need a `break;` after each element and it was one extra line. I don't have a real preference, and this was shorter. jasonmolenda: I thought about that, but then I'd need a `break;` after each element and it was one extra line.
		aprantlUnsubmitted Not Done Reply Inline Actions If we are already micro-optimizing, I guess the resulting code would be shorter (and 100% UB-free) if it were uint64_t val = 0; switch(reg) { case gpr_pc: memcpy(&val, m_state.context.gpr.__opaque_pc); break; ... } value->value.uint64 = clear_pac_bits(val); aprantl: If we are already micro-optimizing, I guess the resulting code would be shorter (and 100% UB…
		jasonmolendaAuthorUnsubmitted Done Reply Inline Actions I don't have anything against using memcpy instead of the reinterpret_cast, but I don't see it being any clearer (IMO), and it doesn't reduce the code duplication - we still need separate lines for when the members are named __opaque_ and when not. If anyone feels it's clearer to use a switch statement and/or memcpy, I genuinely don't care either way, but I don't see it myself. jasonmolenda: I don't have anything against using memcpy instead of the reinterpret_cast, but I don't see it…
		break;
		case gpr_fp:
		value->value.uint64 = clear_pac_bits(
		reinterpret_cast<uint64_t>(m_state.context.gpr.__opaque_fp));
		break;
		#else
		case gpr_pc:
		value->value.uint64 = clear_pac_bits(m_state.context.gpr.__pc);
		break;
		case gpr_lr:
		value->value.uint64 = clear_pac_bits(m_state.context.gpr.__lr);
		break;
		case gpr_sp:
		value->value.uint64 = clear_pac_bits(m_state.context.gpr.__sp);
		break;
		case gpr_fp:
		value->value.uint64 = clear_pac_bits(m_state.context.gpr.__fp);
		break;
		#endif
		default:
value->value.uint64 = m_state.context.gpr.__x[reg];		value->value.uint64 = m_state.context.gpr.__x[reg];
		}
return true;		return true;
} else if (reg == gpr_cpsr) {		} else if (reg == gpr_cpsr) {
value->value.uint32 = m_state.context.gpr.__cpsr;		value->value.uint32 = m_state.context.gpr.__cpsr;
return true;		return true;
}		}
break;		break;

case e_regSetVFP:		case e_regSetVFP:
▲ Show 20 Lines • Show All 345 Lines • Show Last 20 Lines