This is an archive of the discontinued LLVM Phabricator instance.

Differential D38654

Parse DWARF information to reduce false positives.
ClosedPublic

Authored by hctim on Oct 6 2017, 5:16 PM.

Details

Reviewers
pcc
Commits
rG7db6f7a34465: Parse DWARF information to reduce false positives.
rL317050: Parse DWARF information to reduce false positives.
Summary

Help differentiate code and data by parsing DWARF information. This will reduce false positive rates where data is placed in executable sections and is mistakenly parsed as code, resulting in an inflation in the number of indirect CF instructions (and hence an inflation of the number of unprotected).

Also prints the DWARF line data around the region of each indirect CF instruction.

Diff Detail

Event Timeline

hctim created this revision.Oct 6 2017, 5:16 PM
Herald added subscribers: aprantl, mgorny. · View Herald TranscriptOct 6 2017, 5:16 PM
hctim added a parent revision: D38428: Add FileVerifier::isCFIProtected()..Oct 6 2017, 5:16 PM
hctim edited the summary of this revision. (Show Details)
hctim updated this revision to Diff 118116.Oct 6 2017, 5:52 PM

backported a clang-format

hctim added a child revision: D38657: Update cl::opt<uint64_t> instances to cl::opt<unsigned long long>.Oct 6 2017, 5:57 PM
hctim updated this revision to Diff 118426.Oct 10 2017, 10:53 AM

Merged previous changes in the stack.

probinson added a subscriber: probinson.Oct 12 2017, 5:08 PM
probinson added inline comments.
tools/llvm-cfi-verify/FileAnalysis.cpp
325

Does this tool run only on .o files, and not on executables? Because this decides line info is valid if any CU has a non-empty line table. If you are looking at a linked executable, one might have been compiled -g and another not, and this check will still succeed.

331

Type units can have an associated line table, but that's just to provide filespecs for DW_AT_file. There should never be any Rows in a type unit's line table.

hctim updated this revision to Diff 119706.Oct 20 2017, 1:58 PM
hctim marked 2 inline comments as done.
  • Modified tool to ensure that users are aware that all statically linked libraries are required to be compiled with '-g'.
  • Removed type unit check (thanks probison)!
  • Changed opt<uint64_t> to opt<unsigned long long> (known issue with opt<uint64_t>).
  • Lexicographically sorted library names.
tools/llvm-cfi-verify/FileAnalysis.cpp
325

The goal for this tool is to run on both.

Thanks for reminding me :) I've had discussions with people about this exact topic offline, but forgot to update the commits.

The consensus we reached was in order to do elimination-by-dwarf (i.e. having --ignore-dwarf=false), anything that is statically linked into this binary is required to be compiled with -g. I'll update the documentation for this tool soon and add a comment around this section.

331

Thanks for the information, will remove the redundant check.

Harbormaster completed remote builds in B11340: Diff 119706.Oct 20 2017, 2:00 PM
hctim updated this revision to Diff 119937.Oct 23 2017, 2:12 PM

Patched from upstream.

pcc added inline comments.Oct 24 2017, 2:54 PM
tools/llvm-cfi-verify/lib/FileAnalysis.cpp
54 ↗(On Diff #119937)

I don't think you need cl::location or the external declaration of IgnoreDWARF, because this flag is only used in this file.

unittests/tools/llvm-cfi-verify/FileAnalysis.cpp
485 ↗(On Diff #119937)

Am I missing something, or should these new tests include DWARF information?

hctim updated this revision to Diff 120161.Oct 24 2017, 6:06 PM
hctim marked an inline comment as done.
  • Fixed diff to be against the correct changelist (prev in stack instead of master).
  • Removed external declaration of command line flag .
Harbormaster completed remote builds in B11458: Diff 120161.Oct 24 2017, 6:06 PM
pcc edited edge metadata.Oct 26 2017, 1:27 PM

Should this include a test case?

hctim updated this revision to Diff 120501.Oct 26 2017, 3:38 PM
  • Moved DWARF handlers into virtual functions for mocking.
  • Added unit tests for line table based instruction exclusion.
Harbormaster completed remote builds in B11546: Diff 120501.Oct 26 2017, 3:38 PM
hctim updated this revision to Diff 120688.Oct 27 2017, 1:43 PM
  • Removed dependency injection onto DWARF lookups from unit tests.
  • Added lit test suite for integration testing.
  • Added lit tests for checking line table information.
Harbormaster completed remote builds in B11582: Diff 120688.Oct 27 2017, 1:43 PM
hctim updated this revision to Diff 120689.Oct 27 2017, 1:45 PM

Fixed small formatting issue from revert of dependency injection changes.

hctim updated this revision to Diff 120899.Oct 30 2017, 3:07 PM

Removed tests that require clang with plugin/LTO support. Made the tests build from the supplied assembly instead.

Harbormaster completed remote builds in B11636: Diff 120899.Oct 30 2017, 3:07 PM
pcc added inline comments.Oct 31 2017, 10:55 AM
test/tools/llvm-cfi-verify/X86/protected-lineinfo.s
21 ↗(On Diff #120899)

I'd prefer if the output were smaller. Do you get a smaller output if you compile with -gmlt?

hctim updated this revision to Diff 121020.Oct 31 2017, 11:09 AM

Compiled integration tests with -gmlt instead of -g

Harbormaster completed remote builds in B11670: Diff 121020.Oct 31 2017, 11:10 AM
hctim marked an inline comment as done.Oct 31 2017, 11:10 AM
pcc added a comment.Oct 31 2017, 11:31 AM

I'd expect there to be a test which makes sure that a jump with no line info in a file with line info doesn't count as an unprotected jump. Can you add one?

test/tools/llvm-cfi-verify/X86/protected-nolineinfo.s
1 ↗(On Diff #121020)

I don't think you need more than one test for the line table check. I'd drop this one and keep the other one.

hctim updated this revision to Diff 121034.Oct 31 2017, 12:15 PM
hctim marked an inline comment as done.

Added test where a file contains line table information, but an indirect CF instruction is not covered by the LT information.

Harbormaster completed remote builds in B11677: Diff 121034.Oct 31 2017, 12:15 PM
pcc accepted this revision.Oct 31 2017, 3:43 PM

LGTM

This revision is now accepted and ready to land.Oct 31 2017, 3:43 PM
Closed by commit rL317050: Parse DWARF information to reduce false positives. (authored by hctim). · Explain WhyOct 31 2017, 4:20 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
tools/
llvm-cfi-verify/
1 line
11 lines
58 lines
12 lines
2 lines
49 lines
unittests/
1 line

Diff 118116

tools/llvm-cfi-verify/CMakeLists.txt

set(LLVM_LINK_COMPONENTS set(LLVM_LINK_COMPONENTS
AllTargetsAsmPrinters AllTargetsAsmPrinters
AllTargetsAsmParsers AllTargetsAsmParsers
AllTargetsDescs AllTargetsDescs
AllTargetsDisassemblers AllTargetsDisassemblers
AllTargetsInfos AllTargetsInfos
MC MC
Object Object
MCParser MCParser
Object Object
Support Support
DebugInfoDWARF
) )
add_llvm_tool(llvm-cfi-verify add_llvm_tool(llvm-cfi-verify
llvm-cfi-verify.cpp llvm-cfi-verify.cpp
GraphBuilder.cpp GraphBuilder.cpp
FileAnalysis.cpp FileAnalysis.cpp
) )

tools/llvm-cfi-verify/FileAnalysis.h

//===- FileAnalysis.h -------------------------------------------*- C++ -*-===// //===- FileAnalysis.h -------------------------------------------*- C++ -*-===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_CFI_VERIFY_FILE_ANALYSIS_H #ifndef LLVM_CFI_VERIFY_FILE_ANALYSIS_H
#define LLVM_CFI_VERIFY_FILE_ANALYSIS_H #define LLVM_CFI_VERIFY_FILE_ANALYSIS_H
#include "llvm/BinaryFormat/ELF.h" #include "llvm/BinaryFormat/ELF.h"
#include "llvm/DebugInfo/DWARF/DWARFContext.h"
#include "llvm/MC/MCAsmInfo.h" #include "llvm/MC/MCAsmInfo.h"
#include "llvm/MC/MCContext.h" #include "llvm/MC/MCContext.h"
#include "llvm/MC/MCDisassembler/MCDisassembler.h" #include "llvm/MC/MCDisassembler/MCDisassembler.h"
#include "llvm/MC/MCInst.h" #include "llvm/MC/MCInst.h"
#include "llvm/MC/MCInstPrinter.h" #include "llvm/MC/MCInstPrinter.h"
#include "llvm/MC/MCInstrAnalysis.h" #include "llvm/MC/MCInstrAnalysis.h"
#include "llvm/MC/MCInstrDesc.h" #include "llvm/MC/MCInstrDesc.h"
#include "llvm/MC/MCInstrInfo.h" #include "llvm/MC/MCInstrInfo.h"
Show All 15 Lines
#include <functional> #include <functional>
#include <set> #include <set>
#include <string> #include <string>
#include <unordered_map> #include <unordered_map>
namespace llvm { namespace llvm {
namespace cfi_verify { namespace cfi_verify {
extern bool IgnoreDWARF;
// Disassembler and analysis tool for machine code files. Keeps track of non- // Disassembler and analysis tool for machine code files. Keeps track of non-
// sequential control flows, including indirect control flow instructions. // sequential control flows, including indirect control flow instructions.
class FileAnalysis { class FileAnalysis {
public: public:
// A metadata struct for an instruction. // A metadata struct for an instruction.
struct Instr { struct Instr {
uint64_t VMAddress; // Virtual memory address of this instruction. uint64_t VMAddress; // Virtual memory address of this instruction.
MCInst Instruction; // Instruction. MCInst Instruction; // Instruction.
▲ Show 20 LinesShow All 59 Lines▼ Show 20 Linespublic:
std::set<const Instr *> getControlFlowXRefs(const Instr &InstrMeta) const; std::set<const Instr *> getControlFlowXRefs(const Instr &InstrMeta) const;
const std::set<uint64_t> &getIndirectInstructions() const; const std::set<uint64_t> &getIndirectInstructions() const;
const MCRegisterInfo *getRegisterInfo() const; const MCRegisterInfo *getRegisterInfo() const;
const MCInstrInfo *getMCInstrInfo() const; const MCInstrInfo *getMCInstrInfo() const;
const MCInstrAnalysis *getMCInstrAnalysis() const; const MCInstrAnalysis *getMCInstrAnalysis() const;
DWARFContext *getDWARF();
protected: protected:
// Construct a blank object with the provided triple and features. Used in // Construct a blank object with the provided triple and features. Used in
// testing, where a sub class will dependency inject protected methods to // testing, where a sub class will dependency inject protected methods to
// allow analysis of raw binary, without requiring a fully valid ELF file. // allow analysis of raw binary, without requiring a fully valid ELF file.
FileAnalysis(const Triple &ObjectTriple, const SubtargetFeatures &Features); FileAnalysis(const Triple &ObjectTriple, const SubtargetFeatures &Features);
// Add an instruction to this object. // Add an instruction to this object.
void addInstruction(const Instr &Instruction); void addInstruction(const Instr &Instruction);
Show All 26 Linesprivate:
std::unique_ptr<MCSubtargetInfo> SubtargetInfo; std::unique_ptr<MCSubtargetInfo> SubtargetInfo;
std::unique_ptr<const MCInstrInfo> MII; std::unique_ptr<const MCInstrInfo> MII;
MCObjectFileInfo MOFI; MCObjectFileInfo MOFI;
std::unique_ptr<MCContext> Context; std::unique_ptr<MCContext> Context;
std::unique_ptr<const MCDisassembler> Disassembler; std::unique_ptr<const MCDisassembler> Disassembler;
std::unique_ptr<const MCInstrAnalysis> MIA; std::unique_ptr<const MCInstrAnalysis> MIA;
std::unique_ptr<MCInstPrinter> Printer; std::unique_ptr<MCInstPrinter> Printer;
// DWARF debug information.
std::unique_ptr<DWARFContext> DWARF;
// A mapping between the virtual memory address to the instruction metadata // A mapping between the virtual memory address to the instruction metadata
// struct. // struct. TODO(hctim): Reimplement this as a sorted vector to avoid per-
// insertion allocation.
std::map<uint64_t, Instr> Instructions; std::map<uint64_t, Instr> Instructions;
// Contains a mapping between a specific address, and a list of instructions // Contains a mapping between a specific address, and a list of instructions
// that use this address as a branch target (including call instructions). // that use this address as a branch target (including call instructions).
std::unordered_map<uint64_t, std::vector<uint64_t>> StaticBranchTargetings; std::unordered_map<uint64_t, std::vector<uint64_t>> StaticBranchTargetings;
// A list of addresses of indirect control flow instructions. // A list of addresses of indirect control flow instructions.
std::set<uint64_t> IndirectInstructions; std::set<uint64_t> IndirectInstructions;
Show All 14 Lines

tools/llvm-cfi-verify/FileAnalysis.cpp

//===- FileAnalysis.cpp -----------------------------------------*- C++ -*-===// //===- FileAnalysis.cpp -----------------------------------------*- C++ -*-===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "FileAnalysis.h" #include "FileAnalysis.h"
#include "GraphBuilder.h" #include "GraphBuilder.h"
#include "llvm/BinaryFormat/ELF.h" #include "llvm/BinaryFormat/ELF.h"
#include "llvm/DebugInfo/DWARF/DWARFContext.h"
#include "llvm/MC/MCAsmInfo.h" #include "llvm/MC/MCAsmInfo.h"
#include "llvm/MC/MCContext.h" #include "llvm/MC/MCContext.h"
#include "llvm/MC/MCDisassembler/MCDisassembler.h" #include "llvm/MC/MCDisassembler/MCDisassembler.h"
#include "llvm/MC/MCInst.h" #include "llvm/MC/MCInst.h"
#include "llvm/MC/MCInstPrinter.h" #include "llvm/MC/MCInstPrinter.h"
#include "llvm/MC/MCInstrAnalysis.h" #include "llvm/MC/MCInstrAnalysis.h"
#include "llvm/MC/MCInstrDesc.h" #include "llvm/MC/MCInstrDesc.h"
#include "llvm/MC/MCInstrInfo.h" #include "llvm/MC/MCInstrInfo.h"
Show All 15 Lines
#include <functional> #include <functional>
using Instr = llvm::cfi_verify::FileAnalysis::Instr; using Instr = llvm::cfi_verify::FileAnalysis::Instr;
namespace llvm { namespace llvm {
namespace cfi_verify { namespace cfi_verify {
bool IgnoreDWARF;
static cl::opt<bool, true> IgnoreDWARFArg(
"ignore-dwarf",
cl::desc("Ignore all DWARF data (warning: may generate false positives)."),
cl::location(IgnoreDWARF), cl::init(false));
cl::opt<uint64_t> DWARFSearchRange(
"dwarf-search-range",
cl::desc("Address search range used to determine if instruction is valid."),
cl::init(0x10));
Expected<FileAnalysis> FileAnalysis::Create(StringRef Filename) { Expected<FileAnalysis> FileAnalysis::Create(StringRef Filename) {
// Open the filename provided. // Open the filename provided.
Expected<object::OwningBinary<object::Binary>> BinaryOrErr = Expected<object::OwningBinary<object::Binary>> BinaryOrErr =
object::createBinary(Filename); object::createBinary(Filename);
if (!BinaryOrErr) if (!BinaryOrErr)
return BinaryOrErr.takeError(); return BinaryOrErr.takeError();
// Construct the object and allow it to take ownership of the binary. // Construct the object and allow it to take ownership of the binary.
▲ Show 20 LinesShow All 196 Lines▼ Show 20 Lines
} }
const MCInstrInfo *FileAnalysis::getMCInstrInfo() const { return MII.get(); } const MCInstrInfo *FileAnalysis::getMCInstrInfo() const { return MII.get(); }
const MCInstrAnalysis *FileAnalysis::getMCInstrAnalysis() const { const MCInstrAnalysis *FileAnalysis::getMCInstrAnalysis() const {
return MIA.get(); return MIA.get();
} }
DWARFContext *FileAnalysis::getDWARF() {
return DWARF.get();
}
Error FileAnalysis::initialiseDisassemblyMembers() { Error FileAnalysis::initialiseDisassemblyMembers() {
std::string TripleName = ObjectTriple.getTriple(); std::string TripleName = ObjectTriple.getTriple();
ArchName = ""; ArchName = "";
MCPU = ""; MCPU = "";
std::string ErrorString; std::string ErrorString;
ObjectTarget = ObjectTarget =
Show All 35 Lines if (!Disassembler)
return make_error<StringError>("No disassembler available for target", return make_error<StringError>("No disassembler available for target",
inconvertibleErrorCode()); inconvertibleErrorCode());
MIA.reset(ObjectTarget->createMCInstrAnalysis(MII.get())); MIA.reset(ObjectTarget->createMCInstrAnalysis(MII.get()));
Printer.reset(ObjectTarget->createMCInstPrinter( Printer.reset(ObjectTarget->createMCInstPrinter(
ObjectTriple, AsmInfo->getAssemblerDialect(), *AsmInfo, *MII, ObjectTriple, AsmInfo->getAssemblerDialect(), *AsmInfo, *MII,
*RegisterInfo)); *RegisterInfo));
probinsonUnsubmitted
Done
ReplyInline Actions

Does this tool run only on .o files, and not on executables? Because this decides line info is valid if any CU has a non-empty line table. If you are looking at a linked executable, one might have been compiled -g and another not, and this check will still succeed.

probinson: Does this tool run only on .o files, and not on executables? Because this decides line info is…
hctimAuthorUnsubmitted
Not Done
ReplyInline Actions

The goal for this tool is to run on both.

Thanks for reminding me :) I've had discussions with people about this exact topic offline, but forgot to update the commits.

The consensus we reached was in order to do elimination-by-dwarf (i.e. having --ignore-dwarf=false), anything that is statically linked into this binary is required to be compiled with -g. I'll update the documentation for this tool soon and add a comment around this section.

hctim: The goal for this tool is to run on both. Thanks for reminding me :) I've had discussions with…
return Error::success(); return Error::success();
} }
Error FileAnalysis::parseCodeSections() { Error FileAnalysis::parseCodeSections() {
if (!IgnoreDWARF) {
DWARF.reset(DWARFContext::create(*Object).release());
probinsonUnsubmitted
Done
ReplyInline Actions

Type units can have an associated line table, but that's just to provide filespecs for DW_AT_file. There should never be any Rows in a type unit's line table.

probinson: Type units can have an associated line table, but that's just to provide filespecs for…
hctimAuthorUnsubmitted
Not Done
ReplyInline Actions

Thanks for the information, will remove the redundant check.

hctim: Thanks for the information, will remove the redundant check.
if (!DWARF)
return make_error<StringError>("Could not create DWARF information.",
inconvertibleErrorCode());
bool LineInfoValid = false;
for (auto &Unit : DWARF->compile_units()) {
const auto &LineTable = DWARF->getLineTableForUnit(Unit.get());
if (LineTable && !LineTable->Rows.empty()) {
LineInfoValid = true;
break;
}
}
if (!LineInfoValid) {
for (auto &Range : DWARF->type_unit_sections()) {
for (auto &Unit : Range) {
const auto &LineTable = DWARF->getLineTableForUnit(Unit.get());
if (LineTable && !LineTable->Rows.empty()) {
LineInfoValid = true;
break;
}
}
}
}
if (!LineInfoValid)
return make_error<StringError>(
"DWARF line information missing. Did you compile with '-g'?",
inconvertibleErrorCode());
}
for (const object::SectionRef &Section : Object->sections()) { for (const object::SectionRef &Section : Object->sections()) {
// Ensure only executable sections get analysed. // Ensure only executable sections get analysed.
if (!(object::ELFSectionRef(Section).getFlags() & ELF::SHF_EXECINSTR)) if (!(object::ELFSectionRef(Section).getFlags() & ELF::SHF_EXECINSTR))
continue; continue;
StringRef SectionContents; StringRef SectionContents;
if (Section.getContents(SectionContents)) if (Section.getContents(SectionContents))
return make_error<StringError>("Failed to retrieve section contents", return make_error<StringError>("Failed to retrieve section contents",
Show All 20 Lines for (uint64_t Byte = 0; Byte < SectionBytes.size();) {
Byte += InstructionSize; Byte += InstructionSize;
uint64_t VMAddress = SectionAddress + Byte - InstructionSize; uint64_t VMAddress = SectionAddress + Byte - InstructionSize;
InstrMeta.Instruction = Instruction; InstrMeta.Instruction = Instruction;
InstrMeta.VMAddress = VMAddress; InstrMeta.VMAddress = VMAddress;
InstrMeta.InstructionSize = InstructionSize; InstrMeta.InstructionSize = InstructionSize;
InstrMeta.Valid = ValidInstruction; InstrMeta.Valid = ValidInstruction;
// Check if this instruction exists in the range of the DWARF metadata.
if (DWARF &&
DWARF->getLineInfoForAddressRange(InstrMeta.VMAddress, DWARFSearchRange)
.empty())
continue;
addInstruction(InstrMeta); addInstruction(InstrMeta);
if (!ValidInstruction) if (!ValidInstruction)
continue; continue;
// Skip additional parsing for instructions that do not affect the control // Skip additional parsing for instructions that do not affect the control
// flow. // flow.
const auto &InstrDesc = MII->get(Instruction.getOpcode()); const auto &InstrDesc = MII->get(Instruction.getOpcode());
Show All 33 Lines

tools/llvm-cfi-verify/GraphBuilder.cpp

Show First 20 LinesShow All 297 Lines▼ Show 20 Lines if (!ParentDesc.mayAffectControlFlow(ParentMeta.Instruction,
ParentMeta.Instruction, ParentMeta.VMAddress, ParentMeta.Instruction, ParentMeta.VMAddress,
ParentMeta.InstructionSize, BranchTarget)) { ParentMeta.InstructionSize, BranchTarget)) {
errs() << "Failed to evaluate branch target for instruction at address " errs() << "Failed to evaluate branch target for instruction at address "
<< format_hex(ParentMeta.VMAddress, 2) << ".\n"; << format_hex(ParentMeta.VMAddress, 2) << ".\n";
OrphanedNodes->push_back(createParentNode(ParentMeta, ChildNode)); OrphanedNodes->push_back(createParentNode(ParentMeta, ChildNode));
continue; continue;
} }
// Call instructions are not valid in the upwards traversal.
if (ParentDesc.isCall()) {
OrphanedNodes->push_back(createParentNode(ParentMeta, ChildNode));
continue;
}
// Allow unconditional branches to be part of the upwards traversal. // Allow unconditional branches to be part of the upwards traversal.
// Ensures that the unconditional branch is actually an XRef to the child. // Ensures that the unconditional branch is actually an XRef to the child.
if (ParentDesc.isUnconditionalBranch()) { if (ParentDesc.isUnconditionalBranch()) {
if (BranchTarget == ChildMeta.VMAddress) { if (BranchTarget == ChildMeta.VMAddress) {
// Ensure the unconditional branch can't fall back on itself. Check // Ensure the unconditional branch can't fall back on itself. Check
// the current tree. // the current tree.
bool IsUniqueInTree = true; bool IsUniqueInTree = true;
for (const auto &InstructionAddressInTree : for (const auto &InstructionAddressInTree :
Show All 25 Lines if (!ParentDesc.mayAffectControlFlow(ParentMeta.Instruction,
OrphanedNodes->push_back(createParentNode(ParentMeta, ChildNode)); OrphanedNodes->push_back(createParentNode(ParentMeta, ChildNode));
continue; continue;
} }
} }
// Ensure that any unknown CFs are caught. // Ensure that any unknown CFs are caught.
if (!ParentDesc.isConditionalBranch()) { if (!ParentDesc.isConditionalBranch()) {
errs() << "Unknown control flow encountered when building graph at " errs() << "Unknown control flow encountered when building graph at "
<< format_hex(ChildMeta.VMAddress, 2) << "\n."; << format_hex(ParentMeta.VMAddress, 2) << ".\n";
OrphanedNodes->push_back(createParentNode(ParentMeta, ChildNode)); const auto& ParentNode = createParentNode(ParentMeta, ChildNode);
OrphanedNodes->push_back(ParentNode);
ParentNode->printControlFlowNode(1, errs());
continue; continue;
} }
// Only direct conditional branches should be present at this point. Setup // Only direct conditional branches should be present at this point. Setup
// a conditional branch node and build flows to the ud2. // a conditional branch node and build flows to the ud2.
ConditionalBranchNode *BranchNode = new ConditionalBranchNode(); ConditionalBranchNode *BranchNode = new ConditionalBranchNode();
BranchNode->InstructionAddress = ParentMeta.VMAddress; BranchNode->InstructionAddress = ParentMeta.VMAddress;
BranchNode->Target = nullptr; BranchNode->Target = nullptr;
Show All 20 Lines

tools/llvm-cfi-verify/LLVMBuild.txt

Show All 13 Lines
; http://llvm.org/docs/LLVMBuild.html ; http://llvm.org/docs/LLVMBuild.html
; ;
;===------------------------------------------------------------------------===; ;===------------------------------------------------------------------------===;
[component_0] [component_0]
type = Tool type = Tool
name = llvm-cfi-verify name = llvm-cfi-verify
parent = Tools parent = Tools
required_libraries = MC MCDisassembler MCParser Support all-targets required_libraries = MC MCDisassembler MCParser Support all-targets DebugInfoDWARF

tools/llvm-cfi-verify/llvm-cfi-verify.cpp

Show All 16 Lines
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "FileAnalysis.h" #include "FileAnalysis.h"
#include "llvm/BinaryFormat/ELF.h" #include "llvm/BinaryFormat/ELF.h"
#include "llvm/Support/CommandLine.h" #include "llvm/Support/CommandLine.h"
#include "llvm/Support/Error.h" #include "llvm/Support/Error.h"
#include "llvm/Support/FormatVariadic.h"
#include <cstdlib> #include <cstdlib>
using namespace llvm; using namespace llvm;
using namespace llvm::object; using namespace llvm::object;
using namespace llvm::cfi_verify; using namespace llvm::cfi_verify;
cl::opt<std::string> InputFilename(cl::Positional, cl::desc("<input file>"), cl::opt<std::string> InputFilename(cl::Positional, cl::desc("<input file>"),
cl::Required); cl::Required);
ExitOnError ExitOnErr; ExitOnError ExitOnErr;
void printIndirectCFInstructions(const FileAnalysis &Verifier) { void printIndirectCFInstructions(FileAnalysis &Analysis) {
for (uint64_t Address : Verifier.getIndirectInstructions()) { uint64_t ProtectedCount = 0;
const auto &InstrMeta = Verifier.getInstructionOrDie(Address); uint64_t UnprotectedCount = 0;
DWARFContext *DWARF = Analysis.getDWARF();
for (uint64_t Address : Analysis.getIndirectInstructions()) {
const auto &InstrMeta = Analysis.getInstructionOrDie(Address);
if (Analysis.isCFIProtected(Address)) {
outs() << "P ";
ProtectedCount++;
} else {
outs() << "U ";
UnprotectedCount++;
}
outs() << format_hex(Address, 2) << " |" outs() << format_hex(Address, 2) << " | "
<< Verifier.getMCInstrInfo()->getName( << Analysis.getMCInstrInfo()->getName(
InstrMeta.Instruction.getOpcode()) InstrMeta.Instruction.getOpcode())
<< " "; << " ";
InstrMeta.Instruction.print(outs());
outs() << "\n"; outs() << "\n";
outs() << " Protected? " << Verifier.isCFIProtected(Address) << "\n";
if (DWARF) {
for (const auto &LineKV :
DWARF->getLineInfoForAddressRange(Address, 0x10)) {
outs() << " " << format_hex(LineKV.first, 2) << " = "
<< LineKV.second.FileName << ":" << LineKV.second.Line << ":"
<< LineKV.second.Column << " ("
<< LineKV.second.FunctionName << ")\n";
} }
} }
}
if (ProtectedCount || UnprotectedCount)
outs() << formatv(
"Unprotected: {0} ({1:P}), Protected: {2} ({3:P})\n", UnprotectedCount,
(((double)UnprotectedCount) / (UnprotectedCount + ProtectedCount)),
ProtectedCount,
(((double)ProtectedCount) / (UnprotectedCount + ProtectedCount)));
else
outs() << "No indirect CF instructions found.\n";
}
int main(int argc, char **argv) { int main(int argc, char **argv) {
cl::ParseCommandLineOptions(argc, argv); cl::ParseCommandLineOptions(argc, argv);
InitializeAllTargetInfos(); InitializeAllTargetInfos();
InitializeAllTargetMCs(); InitializeAllTargetMCs();
InitializeAllAsmParsers(); InitializeAllAsmParsers();
InitializeAllDisassemblers(); InitializeAllDisassemblers();
FileAnalysis Verifier = ExitOnErr(FileAnalysis::Create(InputFilename)); FileAnalysis Analysis = ExitOnErr(FileAnalysis::Create(InputFilename));
printIndirectCFInstructions(Verifier); printIndirectCFInstructions(Analysis);
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }

tools/llvm-cfi-verify/unittests/CMakeLists.txt

set(LLVM_LINK_COMPONENTS set(LLVM_LINK_COMPONENTS
AllTargetsAsmPrinters AllTargetsAsmPrinters
AllTargetsAsmParsers AllTargetsAsmParsers
AllTargetsDescs AllTargetsDescs
AllTargetsDisassemblers AllTargetsDisassemblers
AllTargetsInfos AllTargetsInfos
MC MC
Object Object
MCParser MCParser
Object Object
Support Support
DebugInfoDWARF
) )
add_llvm_unittest(CFIVerifyTests add_llvm_unittest(CFIVerifyTests
FileAnalysis.cpp FileAnalysis.cpp
GraphBuilder.cpp GraphBuilder.cpp
../GraphBuilder.cpp ../GraphBuilder.cpp
../FileAnalysis.cpp) ../FileAnalysis.cpp)