This is an archive of the discontinued LLVM Phabricator instance.

Differential D25026

[asan] Move instrumented null-terminated strings to a special section
ClosedPublic

Authored by kubamracek on Sep 28 2016, 8:11 AM.

Details

Reviewers
kcc
filcab
dvyukov
m.ostapenko
eugenis
zaks.anna
Commits
rGbf6e7848a0e2: [asan] Move instrumented null-terminated strings to a special section, compiler…
rGa28c9e8f09c9: [asan] Move instrumented null-terminated strings to a special section, LLVM part
rCRT285620: [asan] Move instrumented null-terminated strings to a special section, compiler…
rL285620: [asan] Move instrumented null-terminated strings to a special section, compiler…
rL285619: [asan] Move instrumented null-terminated strings to a special section, LLVM part
Summary

On Darwin, simple C null-terminated constant strings normally end up in the __TEXT,__cstring section of the resulting Mach-O binary. When instrumented with ASan, these strings are transformed in a way that they cannot be in __cstring (the linker unifies the content of this section and strips extra NUL bytes, which would break instrumentation), and are put into a generic __const section. This breaks some of the tools that we have: Some tools need to scan all C null-terminated strings in Mach-O binaries, and scanning all the contents of __const has a large performance penalty. This patch instead introduces a special section, __asan_cstring which will now hold the instrumented null-terminated strings.

Diff Detail

Repository
rL LLVM

Event Timeline

kubamracek updated this revision to Diff 72829.Sep 28 2016, 8:11 AM
kubamracek retitled this revision from to [asan] Move instrumented null-terminated strings to a special section.
kubamracek updated this object.
kubamracek added reviewers: dvyukov, kcc, filcab, zaks.anna, eugenis, m.ostapenko.
kubamracek added a project: Restricted Project.
kubamracek added a subscriber: llvm-commits.
m.ostapenko added inline comments.Sep 30 2016, 2:36 AM
lib/Transforms/Instrumentation/AddressSanitizer.cpp
1512 ↗(On Diff #72829)

Oh, too many nested ifs here. Could you use && instead?

zaks.anna edited edge metadata.Sep 30 2016, 10:12 AM

LGTM

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1516 ↗(On Diff #72829)

Should this have SectionKind::getReadOnly()?

zaks.anna accepted this revision.Sep 30 2016, 10:34 AM
zaks.anna edited edge metadata.
zaks.anna added inline comments.
lib/Transforms/Instrumentation/AddressSanitizer.cpp
1516 ↗(On Diff #72829)

Kuba pointed out that this API does not take the Kind. The section will be read-only because it is in the __TEXT segment.

This revision is now accepted and ready to land.Sep 30 2016, 10:34 AM
kcc edited edge metadata.Sep 30 2016, 11:11 AM

Is it possible to also add a runnable test to compiler-rt?
I expect to make some changes here soon: https://github.com/google/sanitizers/issues/260#issuecomment-250062528
And by doing that may break your test and your fix.

kubamracek updated this revision to Diff 74253.Oct 11 2016, 7:35 AM
kubamracek edited edge metadata.

Updating patch. Lowering the number of nested ifs. Adding a testcase for compiler-rt. Updating the odr-lto.cc testcase.

Herald added a subscriber: mehdi_amini. · View Herald TranscriptOct 11 2016, 7:35 AM
kubamracek requested a review of this revision.Oct 11 2016, 7:35 AM
kubamracek edited edge metadata.
kubamracek added a comment.Oct 17 2016, 3:20 PM

ping

filcab added inline comments.Oct 21 2016, 3:25 AM
projects/compiler-rt/test/asan/TestCases/Darwin/odr-lto.cc
6 ↗(On Diff #74253)

What happened here? There's no error any more? Do we still need to use -asan-use-private-alias, etc?

kubamracek added a comment.Oct 21 2016, 9:25 AM

ping

projects/compiler-rt/test/asan/TestCases/Darwin/odr-lto.cc
6 ↗(On Diff #74253)

This tests checks that -asan-use-private-alias fixes a known bug when using LTO+ASan. Eventually, I wanted to turn -asan-use-private-alias on by default to get rid of this annoying bug causing many false positives. This patch fixes accidentally also this bug for a lot of cases (when strings are involved), but I believe there are other (less common) instances of the LTO+ASan bug that aren’t fixed. I would still like to keep the odr-lto.cc testcase, because it tests that -asan-use-private-alias doesn’t regress. If you want me to, I can try to create a new test that would trigger the LTO+ASan bug.

kubamracek updated this revision to Diff 75642.Oct 24 2016, 1:30 PM
kubamracek edited edge metadata.

Updating the ODR testcase. If the global is not a C string (e.g. it contains a NUL byte), it will not be moved to __asan_cstring section, but LTO still likes to merge such globals.

zaks.anna accepted this revision.Oct 28 2016, 6:14 PM
zaks.anna edited edge metadata.

Looks good. I do not think there are any outstanding issues here. Please, commit.

This revision is now accepted and ready to land.Oct 28 2016, 6:14 PM
Closed by commit rL285619: [asan] Move instrumented null-terminated strings to a special section, LLVM part (authored by kuba.brecka). · Explain WhyOct 31 2016, 12:01 PM
This revision was automatically updated to reflect the committed changes.
kubamracek added a comment.Oct 31 2016, 12:34 PM

Landed in LLVM r285619, compiler-rt r285620.

Revision Contents

PathSize
llvm/
trunk/
lib/
Transforms/
Instrumentation/
8 lines
test/
Instrumentation/
AddressSanitizer/
21 lines

Diff 76454

llvm/trunk/lib/Transforms/Instrumentation/AddressSanitizer.cpp

Show First 20 LinesShow All 1,529 Lines▼ Show 20 Lines for (size_t i = 0; i < n; i++) {
if (G->isConstant() && Linkage == GlobalValue::PrivateLinkage) if (G->isConstant() && Linkage == GlobalValue::PrivateLinkage)
Linkage = GlobalValue::InternalLinkage; Linkage = GlobalValue::InternalLinkage;
GlobalVariable *NewGlobal = GlobalVariable *NewGlobal =
new GlobalVariable(M, NewTy, G->isConstant(), Linkage, NewInitializer, new GlobalVariable(M, NewTy, G->isConstant(), Linkage, NewInitializer,
"", G, G->getThreadLocalMode()); "", G, G->getThreadLocalMode());
NewGlobal->copyAttributesFrom(G); NewGlobal->copyAttributesFrom(G);
NewGlobal->setAlignment(MinRZ); NewGlobal->setAlignment(MinRZ);
// Move null-terminated C strings to "__asan_cstring" section on Darwin.
if (TargetTriple.isOSBinFormatMachO() && !G->hasSection() &&
G->isConstant()) {
auto Seq = dyn_cast<ConstantDataSequential>(G->getInitializer());
if (Seq && Seq->isCString())
NewGlobal->setSection("__TEXT,__asan_cstring,regular");
}
// Transfer the debug info. The payload starts at offset zero so we can // Transfer the debug info. The payload starts at offset zero so we can
// copy the debug info over as is. // copy the debug info over as is.
SmallVector<DIGlobalVariable *, 1> GVs; SmallVector<DIGlobalVariable *, 1> GVs;
G->getDebugInfo(GVs); G->getDebugInfo(GVs);
for (auto *GV : GVs) for (auto *GV : GVs)
NewGlobal->addDebugInfo(GV); NewGlobal->addDebugInfo(GV);
Value *Indices2[2]; Value *Indices2[2];
▲ Show 20 LinesShow All 1,039 LinesShow Last 20 Lines

llvm/trunk/test/Instrumentation/AddressSanitizer/global_cstring_darwin.ll

; This test checks that instrumented global C (null terminated) strings are put into a special section on Darwin.
; RUN: opt < %s -asan -asan-module -S | FileCheck %s
target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-apple-macosx10.10.0"
; Should be put into __asan_cstring section:
@.str.1 = private unnamed_addr constant [13 x i8] c"Hello world.\00", align 1
@.str.2 = private unnamed_addr constant [4 x i8] c"%s\0A\00", align 1
; CHECK: @.str.1 = internal unnamed_addr constant { [13 x i8], [51 x i8] } { [13 x i8] c"Hello world.\00", [51 x i8] zeroinitializer }, section "__TEXT,__asan_cstring,regular", align 32
; CHECK: @.str.2 = internal unnamed_addr constant { [4 x i8], [60 x i8] } { [4 x i8] c"%s\0A\00", [60 x i8] zeroinitializer }, section "__TEXT,__asan_cstring,regular", align 32
; Shouldn't be put into special section:
@.str.3 = private unnamed_addr constant [4 x i8] c"\00\01\02\03", align 1
@.str.4 = private unnamed_addr global [7 x i8] c"Hello.\00", align 1
@.str.5 = private unnamed_addr constant [8 x i8] c"Hello.\00\00", align 1
; CHECK: @.str.3 = internal unnamed_addr constant { [4 x i8], [60 x i8] } { [4 x i8] c"\00\01\02\03", [60 x i8] zeroinitializer }, align 32
; CHECK: @.str.4 = private unnamed_addr global { [7 x i8], [57 x i8] } { [7 x i8] c"Hello.\00", [57 x i8] zeroinitializer }, align 32
; CHECK: @.str.5 = internal unnamed_addr constant { [8 x i8], [56 x i8] } { [8 x i8] c"Hello.\00\00", [56 x i8] zeroinitializer }, align 32