Download Raw Diff

Details

Reviewers

MaskRay
nickdesaulniers

Commits

rG693a1b7024b8: [gcov] Add nosanitize metadata to memory access instructions inserted by…

Summary

This patch adds nosantize metadata to memory access instructions inserted by gcov emitProfileNotes(), making sanitizers skip these instructions when gcov and sanitizer are used together.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

Enna1 created this revision.May 12 2023, 10:01 AM

Herald added a project: Restricted Project. · View Herald TranscriptMay 12 2023, 10:01 AM

Herald added a subscriber: hiraditya. · View Herald Transcript

Enna1 published this revision for review.May 12 2023, 10:49 AM

Enna1 added reviewers: MaskRay, nickdesaulniers.

Enna1 added a subscriber: MTC.

Herald added a project: Restricted Project. · View Herald TranscriptMay 12 2023, 10:50 AM

Herald added a subscriber: llvm-commits. · View Herald Transcript

Harbormaster completed remote builds in B231636: Diff 521699.May 12 2023, 10:52 AM

Thanks for the patch! Why do we want to skip sanitizing these loads and stores?

Also, gocv is misspelled in the commit description, please fix that up.

llvm/lib/Transforms/Instrumentation/GCOVProfiling.cpp
150–152	This looks the same as `SanitizerMetadata::disableSanitizerForInstruction` and `ModuleSanitizerCoverage::SetNoSanitizeMetadata`. Rather than define a third copy, why not declare it as a new method on Instruction and define it in llvm/lib/IR/Metadata.cpp, then use it in all three places?
926–936	Please use `Instruction *` rather than `auto`. https://llvm.org/docs/CodingStandards.html#use-auto-type-deduction-to-make-code-more-readable

address review comments

Enna1 edited the summary of this revision. (Show Details)May 15 2023, 11:01 PM

Enna1 added a parent revision: D150632: [IR] Adds Instruction::setNoSanitizeMetadata().

Thanks for you review!

Why do we want to skip sanitizing these loads and stores?

When use asan and gcov together, asan will instrument the loads and stores inserted by gcov which increases the code size a lot.
As the loads and stores inserted by gcov are unlikey to have bugs, so I add nosanitize metadata to these loads and stores like we do in SanitizerCoverage.

Also, gocv is misspelled in the commit description, please fix that up.

Thanks for pointing this.

llvm/lib/Transforms/Instrumentation/GCOVProfiling.cpp
150–152	Send https://reviews.llvm.org/D150632 which adds Instruction::setNoSanitizeMetadata() and use it in SanitizerMetadata and SanitizerCoverage as suggested.

Harbormaster completed remote builds in B232200: Diff 522445.May 16 2023, 12:10 AM

In D150460#4344751, @Enna1 wrote:

Why do we want to skip sanitizing these loads and stores?

When use asan and gcov together, asan will instrument the loads and stores inserted by gcov which increases the code size a lot.
As the loads and stores inserted by gcov are unlikey to have bugs, so I add nosanitize metadata to these loads and stores like we do in SanitizerCoverage.

Hmm...that I'm less comfortable with approving. Personally, I feel that coverage and sanitizers don't mix well (perhaps due to such code size increases). If you want low overhead coverage, disable your sanitizers! Perhaps this makes more sense in the context of HWASAN where you might consider enabling a sanitizer always, even in production builds?

I guess I'm worried about __llvm_gcov_ctr becoming some kind of vector for attack.

Though, I guess you wouldn't ship coverage enabled in production.

llvm/test/Transforms/GCOVProfiling/nosanitize.ll
2	Is this run line necessary?
4	please add a comment about the intent of this test; something along the lines of "the intent of this test is to verify that the loads, stores, and atomicrmw adds for gcov are marked nosanitize.

add comment about the intent of the test

Though, I guess you wouldn't ship coverage enabled in production.

Sure.

I guess I'm worried about __llvm_gcov_ctr becoming some kind of vector for attack.

__llvm_gcov_ctr global variable is not instrumented by asan, see https://github.com/llvm/llvm-project/blob/main/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp#L1184

Hmm...that I'm less comfortable with approving.

It's ok, if so, I can abandon this patch :)
Or maybe we can add an option gcov-nosanitize?

llvm/test/Transforms/GCOVProfiling/nosanitize.ll
2	Yes, it is for don't writing a.gcno in CWD. See other GCOVProfiling testcase (e.g. atomic-counter.ll, kcfi.ll)

MaskRay added inline comments.May 16 2023, 8:36 PM

llvm/lib/Transforms/Instrumentation/GCOVProfiling.cpp
925–926	Define `Instruction *Inst` outside before `if`. Call `Inst->setNoSanitizemetadata()` just once after `if`. Add a comment `// Disable sanitizers to decrease size bloat. We don't expect sanitizers to catch interesting issues.`
llvm/test/Transforms/GCOVProfiling/nosanitize.ll
3	`; RUN: rm -rf %t && mkdir %t && cd %t` clean up the directory which may be clobbered.

In D150460#4348564, @Enna1 wrote:

Though, I guess you wouldn't ship coverage enabled in production.

Sure.

I guess I'm worried about __llvm_gcov_ctr becoming some kind of vector for attack.

__llvm_gcov_ctr global variable is not instrumented by asan, see https://github.com/llvm/llvm-project/blob/main/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp#L1184

Hmm...that I'm less comfortable with approving.

It's ok, if so, I can abandon this patch :)
Or maybe we can add an option gcov-nosanitize?

I think this patch is fine. __llvm_gcov_ctr is an internal variable and accessing doesn't use indirection, so no risk of hijection.
I don't recommend mixing gcov and sanitizers (e.g. --coverage -fsanitize=hwaddress), but if a user does this, disabling instrumentation for __llvm_gcov_ctr provides some size benefit.

Harbormaster completed remote builds in B232493: Diff 522887.May 16 2023, 9:48 PM

nickdesaulniers added inline comments.May 17 2023, 9:45 AM

llvm/lib/Transforms/Instrumentation/GCOVProfiling.cpp
925–926	It's either 1 or 2 instructions that need the metadata set. The comment SGTM though that this is intentional/deliberate and not a bug.

address review comments

Enna1 marked an inline comment as done.May 18 2023, 4:58 AM

Enna1 added inline comments.

llvm/lib/Transforms/Instrumentation/GCOVProfiling.cpp
925–926	Define `Instruction *Inst` outside before `if`. Call `Inst->setNoSanitizemetadata()` just once after `if`. There are 2 instructions in `else` block, so I think can not call `Inst->setNoSanitizemetadata()` just once after `if`.

Harbormaster completed remote builds in B232837: Diff 523342.May 18 2023, 6:50 AM

MaskRay added inline comments.May 18 2023, 1:53 PM

llvm/lib/Transforms/Instrumentation/GCOVProfiling.cpp
925–926	My idea is the factor out one instruction to apply `Inst->setNoSanitizemetadata()`. The else branch has one more instruction.

nickdesaulniers accepted this revision.May 18 2023, 1:55 PM

This revision is now accepted and ready to land.May 18 2023, 1:55 PM

Update from MaskRay's comments.

Harbormaster completed remote builds in B233146: Diff 523728.May 19 2023, 5:28 AM

This revision was landed with ongoing or failed builds.May 24 2023, 7:15 PM

Closed by commit rG693a1b7024b8: [gcov] Add nosanitize metadata to memory access instructions inserted by… (authored by Enna1). · Explain Why

This revision was automatically updated to reflect the committed changes.

Enna1 added a commit: rG693a1b7024b8: [gcov] Add nosanitize metadata to memory access instructions inserted by….

Diff 525403

llvm/lib/Transforms/Instrumentation/GCOVProfiling.cpp

Show First 20 Lines • Show All 141 Lines • ▼ Show 20 Lines	private:
insertCounterWriteout(ArrayRef<std::pair<GlobalVariable , MDNode >>);		insertCounterWriteout(ArrayRef<std::pair<GlobalVariable , MDNode >>);
Function insertReset(ArrayRef<std::pair<GlobalVariable , MDNode *>>);		Function insertReset(ArrayRef<std::pair<GlobalVariable , MDNode *>>);

bool AddFlushBeforeForkAndExec();		bool AddFlushBeforeForkAndExec();

enum class GCovFileType { GCNO, GCDA };		enum class GCovFileType { GCNO, GCDA };
std::string mangleName(const DICompileUnit *CU, GCovFileType FileType);		std::string mangleName(const DICompileUnit *CU, GCovFileType FileType);

GCOVOptions Options;		GCOVOptions Options;
support::endianness Endian;		support::endianness Endian;
raw_ostream *os;		raw_ostream *os;
		nickdesaulniersUnsubmitted Done Reply Inline Actions This looks the same as `SanitizerMetadata::disableSanitizerForInstruction` and `ModuleSanitizerCoverage::SetNoSanitizeMetadata`. Rather than define a third copy, why not declare it as a new method on Instruction and define it in llvm/lib/IR/Metadata.cpp, then use it in all three places? nickdesaulniers: This looks the same as `SanitizerMetadata::disableSanitizerForInstruction` and…
		Enna1AuthorUnsubmitted Done Reply Inline Actions Send https://reviews.llvm.org/D150632 which adds Instruction::setNoSanitizeMetadata() and use it in SanitizerMetadata and SanitizerCoverage as suggested. Enna1: Send https://reviews.llvm.org/D150632 which adds Instruction::setNoSanitizeMetadata() and use…

// Checksum, produced by hash of EdgeDestinations		// Checksum, produced by hash of EdgeDestinations
SmallVector<uint32_t, 4> FileChecksums;		SmallVector<uint32_t, 4> FileChecksums;

Module *M = nullptr;		Module *M = nullptr;
std::function<const TargetLibraryInfo &(Function &F)> GetTLI;		std::function<const TargetLibraryInfo &(Function &F)> GetTLI;
LLVMContext *Ctx = nullptr;		LLVMContext *Ctx = nullptr;
SmallVector<std::unique_ptr<GCOVFunction>, 16> Funcs;		SmallVector<std::unique_ptr<GCOVFunction>, 16> Funcs;
▲ Show 20 Lines • Show All 753 Lines • ▼ Show 20 Lines	for (auto &F : M->functions()) {
Constant::getNullValue(CounterTy), "__llvm_gcov_ctr");		Constant::getNullValue(CounterTy), "__llvm_gcov_ctr");
CountersBySP.emplace_back(Counters, SP);		CountersBySP.emplace_back(Counters, SP);

for (size_t I : llvm::seq<size_t>(0, Measured)) {		for (size_t I : llvm::seq<size_t>(0, Measured)) {
const Edge &E = *MST.AllEdges[I];		const Edge &E = *MST.AllEdges[I];
IRBuilder<> Builder(E.Place, E.Place->getFirstInsertionPt());		IRBuilder<> Builder(E.Place, E.Place->getFirstInsertionPt());
Value *V = Builder.CreateConstInBoundsGEP2_64(		Value *V = Builder.CreateConstInBoundsGEP2_64(
Counters->getValueType(), Counters, 0, I);		Counters->getValueType(), Counters, 0, I);
		// Disable sanitizers to decrease size bloat. We don't expect
		// sanitizers to catch interesting issues.
		Instruction *Inst;
if (Options.Atomic) {		if (Options.Atomic) {
Builder.CreateAtomicRMW(AtomicRMWInst::Add, V, Builder.getInt64(1),		Inst = Builder.CreateAtomicRMW(AtomicRMWInst::Add, V,
		MaskRayUnsubmitted Not Done Reply Inline Actions Define `Instruction Inst` outside before `if`. Call `Inst->setNoSanitizemetadata()` just once after `if`. Add a comment `// Disable sanitizers to decrease size bloat. We don't expect sanitizers to catch interesting issues.` MaskRay:* Define `Instruction *Inst` outside before `if`. Call `Inst->setNoSanitizemetadata()` just once…
		nickdesaulniersUnsubmitted Not Done Reply Inline Actions It's either 1 or 2 instructions that need the metadata set. The comment SGTM though that this is intentional/deliberate and not a bug. nickdesaulniers: It's either 1 or 2 instructions that need the metadata set. The comment SGTM though that this…
		Enna1AuthorUnsubmitted Done Reply Inline Actions Define `Instruction Inst` outside before `if`. Call `Inst->setNoSanitizemetadata()` just once after `if`. There are 2 instructions in `else` block, so I think can not call `Inst->setNoSanitizemetadata()` just once after `if`. Enna1:* > Define `Instruction *Inst` outside before `if`. Call `Inst->setNoSanitizemetadata()` just…
		MaskRayUnsubmitted Not Done Reply Inline Actions My idea is the factor out one instruction to apply `Inst->setNoSanitizemetadata()`. The else branch has one more instruction. MaskRay: My idea is the factor out one instruction to apply `Inst->setNoSanitizemetadata()`. The else…
MaybeAlign(), AtomicOrdering::Monotonic);		Builder.getInt64(1), MaybeAlign(),
		AtomicOrdering::Monotonic);
} else {		} else {
Value *Count =		LoadInst *OldCount =
Builder.CreateLoad(Builder.getInt64Ty(), V, "gcov_ctr");		Builder.CreateLoad(Builder.getInt64Ty(), V, "gcov_ctr");
Count = Builder.CreateAdd(Count, Builder.getInt64(1));		OldCount->setNoSanitizeMetadata();
Builder.CreateStore(Count, V);		Value *NewCount = Builder.CreateAdd(OldCount, Builder.getInt64(1));
		Inst = Builder.CreateStore(NewCount, V);
}		}
		Inst->setNoSanitizeMetadata();
		nickdesaulniersUnsubmitted Done Reply Inline Actions Please use `Instruction ` rather than `auto`. https://llvm.org/docs/CodingStandards.html#use-auto-type-deduction-to-make-code-more-readable nickdesaulniers:* Please use `Instruction *` rather than `auto`. https://llvm.org/docs/CodingStandards.html#use…
}		}
}		}
}		}

char Tmp[4];		char Tmp[4];
JamCRC JC;		JamCRC JC;
JC.update(EdgeDestinations);		JC.update(EdgeDestinations);
uint32_t Stamp = JC.getCRC();		uint32_t Stamp = JC.getCRC();
▲ Show 20 Lines • Show All 407 Lines • Show Last 20 Lines

llvm/test/Transforms/GCOVProfiling/nosanitize.ll

This file was added.

				;; Ensure that the loads, stores, and atomicrmw adds for gcov have nosanitize metadata.
				; RUN: rm -rf %t && mkdir %t && cd %t
				nickdesaulniersUnsubmitted Done Reply Inline Actions Is this run line necessary? nickdesaulniers: Is this run line necessary?
				Enna1AuthorUnsubmitted Done Reply Inline Actions Yes, it is for don't writing a.gcno in CWD. See other GCOVProfiling testcase (e.g. atomic-counter.ll, kcfi.ll) Enna1: Yes, it is for don't writing a.gcno in CWD. See other GCOVProfiling testcase (e.g. atomic…
				; RUN: opt < %s -S -passes=insert-gcov-profiling \| FileCheck %s
				MaskRayUnsubmitted Done Reply Inline Actions `; RUN: rm -rf %t && mkdir %t && cd %t` clean up the directory which may be clobbered. MaskRay: `; RUN: rm -rf %t && mkdir %t && cd %t` clean up the directory which may be clobbered.
				; RUN: opt < %s -S -passes=insert-gcov-profiling -gcov-atomic-counter \| FileCheck %s --check-prefixes=CHECK-ATOMIC-COUNTER
				nickdesaulniersUnsubmitted Done Reply Inline Actions please add a comment about the intent of this test; something along the lines of "the intent of this test is to verify that the loads, stores, and atomicrmw adds for gcov are marked nosanitize. nickdesaulniers: please add a comment about the intent of this test; something along the lines of "the intent of…

				; CHECK-LABEL: void @empty()
				; CHECK-NEXT: entry:
				; CHECK-NEXT: %gcov_ctr = load i64, ptr @__llvm_gcov_ctr, align 4, !dbg [[DBG:![0-9]+]], !nosanitize [[NOSANITIZE:![0-9]+]]
				; CHECK-NEXT: %0 = add i64 %gcov_ctr, 1, !dbg [[DBG]]
				; CHECK-NEXT: store i64 %0, ptr @__llvm_gcov_ctr, align 4, !dbg [[DBG]], !nosanitize [[NOSANITIZE]]
				; CHECK-NEXT: ret void, !dbg [[DBG]]

				; CHECK-ATOMIC-COUNTER-LABEL: void @empty()
				; CHECK-ATOMIC-COUNTER-NEXT: entry:
				; CHECK-ATOMIC-COUNTER-NEXT: %0 = atomicrmw add ptr @__llvm_gcov_ctr, i64 1 monotonic, align 8, !dbg [[DBG:![0-9]+]], !nosanitize [[NOSANITIZE:![0-9]+]]
				; CHECK-ATOMIC-COUNTER-NEXT: ret void, !dbg [[DBG]]

				define dso_local void @empty() !dbg !5 {
				entry:
				ret void, !dbg !8
				}

				!llvm.dbg.cu = !{!0}
				!llvm.module.flags = !{!3, !4}

				!0 = distinct !DICompileUnit(language: DW_LANG_C99, file: !1, emissionKind: FullDebug, enums: !2)
				!1 = !DIFile(filename: "a.c", directory: "")
				!2 = !{}
				!3 = !{i32 7, !"Dwarf Version", i32 5}
				!4 = !{i32 2, !"Debug Info Version", i32 3}
				!5 = distinct !DISubprogram(name: "empty", scope: !1, file: !1, line: 1, type: !6, scopeLine: 1, flags: DIFlagAllCallsDescribed, spFlags: DISPFlagDefinition \| DISPFlagOptimized, unit: !0, retainedNodes: !2)
				!6 = !DISubroutineType(types: !7)
				!7 = !{null}
				!8 = !DILocation(line: 2, column: 1, scope: !5)

This is an archive of the discontinued LLVM Phabricator instance.

[gcov] Add nosanitize metadata to memory access instructions inserted by emitProfileNotes()
ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 525403

llvm/lib/Transforms/Instrumentation/GCOVProfiling.cpp

llvm/test/Transforms/GCOVProfiling/nosanitize.ll

This is an archive of the discontinued LLVM Phabricator instance.

[gcov] Add nosanitize metadata to memory access instructions inserted by emitProfileNotes()ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 525403

llvm/lib/Transforms/Instrumentation/GCOVProfiling.cpp

llvm/test/Transforms/GCOVProfiling/nosanitize.ll

[gcov] Add nosanitize metadata to memory access instructions inserted by emitProfileNotes()
ClosedPublic