This is an archive of the discontinued LLVM Phabricator instance.

Differential D39294

[llvm-dwarfdump] - Teach verifier to report broken DWARF expressions.
ClosedPublic

Authored by grimar on Oct 25 2017, 9:22 AM.

Details

Reviewers
rafael
aprantl
dblaikie
JDevlieghere
Commits
rG144e4c5a3200: [llvm-dwarfdump] - Teach verifier to report broken DWARF expressions.
rL316756: [llvm-dwarfdump] - Teach verifier to report broken DWARF expressions.
Summary

Patch improves next things:

  1. Fixes assert/crash in getOpDesc when giving it a invalid expression op code.
  2. DWARFExpression::print() called DWARFExpression::Operation::getEndOffset() which returned and used uninitialized field EndOffset. Patch fixes that.
  3. Teaches verifier to verify DW_AT_location and error out on broken expressions.

Diff Detail

Event Timeline

grimar created this revision.Oct 25 2017, 9:22 AM
grimar retitled this revision from [llvm-dwarfdump] - Fix issues that might happen when object with broken DWARF expressions is parsed. to [llvm-dwarfdump] - Teach verifier to report broken DWARF expressions..Oct 25 2017, 9:35 AM
aprantl accepted this revision.Oct 25 2017, 1:51 PM

Thanks!

lib/DebugInfo/DWARF/DWARFVerifier.cpp
384

perhaps also add the << ":\n" ?

test/tools/llvm-dwarfdump/X86/verify_broken_exprloc.s
12

where does the . after error come from? it looks out of place. Perhaps <decoding error> would be better?

This revision is now accepted and ready to land.Oct 25 2017, 1:51 PM
JDevlieghere added inline comments.Oct 25 2017, 1:52 PM
lib/DebugInfo/DWARF/DWARFVerifier.cpp
405

Can we use ReportError here too?

JDevlieghere added inline comments.Oct 25 2017, 2:00 PM
lib/DebugInfo/DWARF/DWARFVerifier.cpp
424

I don't think we can avoid the cast, but let's use reinterpret_cast here.

grimar updated this revision to Diff 120382.Oct 26 2017, 3:32 AM
  • Addressed review comments.
  • Minor cosmetic change.
lib/DebugInfo/DWARF/DWARFVerifier.cpp
384

Added \n, can't add :\n because have to handle reporting for DW_AT_stmt_list below.

405

Done.

424

Done.

test/tools/llvm-dwarfdump/X86/verify_broken_exprloc.s
12

. comes from https://github.com/llvm-mirror/llvm/blob/master/lib/DebugInfo/DWARF/DWARFExpression.cpp#L224.

It does not seem this message was ever tested before, so I removed the dot.

<decoding error> looks better for me, but I would not change () to <>
in this patch as it comes from some different place and probably should break a lot of tests,
so looks should be done as separate change (if should).

JDevlieghere accepted this revision.Oct 26 2017, 9:08 AM

Thanks, George! LGTM

aprantl added a comment.Oct 26 2017, 9:09 AM

Thanks!

test/tools/llvm-dwarfdump/X86/verify_broken_exprloc.s
12

This is obviously not super important, but I thought of
DW_AT_location (<decoding error>)
The <> is meant to "escape" the error message and make it look different from an actual value.

grimar added a comment.Oct 27 2017, 1:36 AM

Adrian, Jonas, thank you for review !

test/tools/llvm-dwarfdump/X86/verify_broken_exprloc.s
12

Ah, there is no problems to do that in this patch then I believe,
I'll change to (<decoding error>) before commit.

Closed by commit rL316756: [llvm-dwarfdump] - Teach verifier to report broken DWARF expressions. (authored by grimar). · Explain WhyOct 27 2017, 3:42 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lib/
DebugInfo/
DWARF/
8 lines
47 lines
test/
tools/
llvm-dwarfdump/
X86/
52 lines

Diff 120268

lib/DebugInfo/DWARF/DWARFExpression.cpp

Show First 20 LinesShow All 98 Lines▼ Show 20 Linesstatic DescVector getDescriptions() {
Descriptions[DW_OP_GNU_addr_index] = Desc(Op::Dwarf4, Op::SizeLEB); Descriptions[DW_OP_GNU_addr_index] = Desc(Op::Dwarf4, Op::SizeLEB);
Descriptions[DW_OP_GNU_const_index] = Desc(Op::Dwarf4, Op::SizeLEB); Descriptions[DW_OP_GNU_const_index] = Desc(Op::Dwarf4, Op::SizeLEB);
return Descriptions; return Descriptions;
} }
static DWARFExpression::Operation::Description getOpDesc(unsigned OpCode) { static DWARFExpression::Operation::Description getOpDesc(unsigned OpCode) {
// FIXME: Make this constexpr once all compilers are smart enough to do it. // FIXME: Make this constexpr once all compilers are smart enough to do it.
static DescVector Descriptions = getDescriptions(); static DescVector Descriptions = getDescriptions();
assert(OpCode < Descriptions.size()); // Handle possible corrupted or unsupported operation.
if (OpCode >= Descriptions.size())
return DWARFExpression::Operation::Description();
return Descriptions[OpCode]; return Descriptions[OpCode];
} }
static uint8_t getRefAddrSize(uint8_t AddrSize, uint16_t Version) { static uint8_t getRefAddrSize(uint8_t AddrSize, uint16_t Version) {
return (Version == 2) ? AddrSize : 4; return (Version == 2) ? AddrSize : 4;
} }
bool DWARFExpression::Operation::extract(DataExtractor Data, uint16_t Version, bool DWARFExpression::Operation::extract(DataExtractor Data, uint16_t Version,
uint8_t AddressSize, uint32_t Offset) { uint8_t AddressSize, uint32_t Offset) {
Opcode = Data.getU8(&Offset); Opcode = Data.getU8(&Offset);
Desc = getOpDesc(Opcode); Desc = getOpDesc(Opcode);
if (Desc.Version == Operation::DwarfNA) if (Desc.Version == Operation::DwarfNA) {
EndOffset = Offset;
return false; return false;
}
for (unsigned Operand = 0; Operand < 2; ++Operand) { for (unsigned Operand = 0; Operand < 2; ++Operand) {
unsigned Size = Desc.Op[Operand]; unsigned Size = Desc.Op[Operand];
unsigned Signed = Size & Operation::SignBit; unsigned Signed = Size & Operation::SignBit;
if (Size == Operation::SizeNA) if (Size == Operation::SizeNA)
break; break;
▲ Show 20 LinesShow All 143 LinesShow Last 20 Lines

lib/DebugInfo/DWARF/DWARFVerifier.cpp

//===- DWARFVerifier.cpp --------------------------------------------------===// //===- DWARFVerifier.cpp --------------------------------------------------===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "SyntaxHighlighting.h" #include "SyntaxHighlighting.h"
#include "llvm/DebugInfo/DWARF/DWARFVerifier.h" #include "llvm/DebugInfo/DWARF/DWARFVerifier.h"
#include "llvm/DebugInfo/DWARF/DWARFCompileUnit.h" #include "llvm/DebugInfo/DWARF/DWARFCompileUnit.h"
#include "llvm/DebugInfo/DWARF/DWARFContext.h" #include "llvm/DebugInfo/DWARF/DWARFContext.h"
#include "llvm/DebugInfo/DWARF/DWARFDebugLine.h" #include "llvm/DebugInfo/DWARF/DWARFDebugLine.h"
#include "llvm/DebugInfo/DWARF/DWARFDie.h" #include "llvm/DebugInfo/DWARF/DWARFDie.h"
#include "llvm/DebugInfo/DWARF/DWARFExpression.h"
#include "llvm/DebugInfo/DWARF/DWARFFormValue.h" #include "llvm/DebugInfo/DWARF/DWARFFormValue.h"
#include "llvm/DebugInfo/DWARF/DWARFSection.h" #include "llvm/DebugInfo/DWARF/DWARFSection.h"
#include "llvm/DebugInfo/DWARF/DWARFAcceleratorTable.h" #include "llvm/DebugInfo/DWARF/DWARFAcceleratorTable.h"
#include "llvm/Support/raw_ostream.h" #include "llvm/Support/raw_ostream.h"
#include <map> #include <map>
#include <set> #include <set>
#include <vector> #include <vector>
▲ Show 20 LinesShow All 348 Lines▼ Show 20 Linesunsigned DWARFVerifier::verifyDieRanges(const DWARFDie &Die,
for (DWARFDie Child : Die) for (DWARFDie Child : Die)
NumErrors += verifyDieRanges(Child, RI); NumErrors += verifyDieRanges(Child, RI);
return NumErrors; return NumErrors;
} }
unsigned DWARFVerifier::verifyDebugInfoAttribute(const DWARFDie &Die, unsigned DWARFVerifier::verifyDebugInfoAttribute(const DWARFDie &Die,
DWARFAttribute &AttrValue) { DWARFAttribute &AttrValue) {
const DWARFObject &DObj = DCtx.getDWARFObj();
unsigned NumErrors = 0; unsigned NumErrors = 0;
auto ReportError = [&](const Twine &TitleMsg) {
++NumErrors;
error() << TitleMsg;
aprantlUnsubmitted
Not Done
ReplyInline Actions

perhaps also add the << ":\n" ?

aprantl: perhaps also add the `<< ":\n"` ?
grimarAuthorUnsubmitted
Not Done
ReplyInline Actions

Added \n, can't add :\n because have to handle reporting for DW_AT_stmt_list below.

grimar: Added `\n`, can't add `:\n` because have to handle reporting for `DW_AT_stmt_list` below.
Die.dump(OS, 0, DumpOpts);
OS << "\n";
};
const DWARFObject &DObj = DCtx.getDWARFObj();
const auto Attr = AttrValue.Attr; const auto Attr = AttrValue.Attr;
switch (Attr) { switch (Attr) {
case DW_AT_ranges: case DW_AT_ranges:
// Make sure the offset in the DW_AT_ranges attribute is valid. // Make sure the offset in the DW_AT_ranges attribute is valid.
if (auto SectionOffset = AttrValue.Value.getAsSectionOffset()) { if (auto SectionOffset = AttrValue.Value.getAsSectionOffset()) {
if (*SectionOffset >= DObj.getRangeSection().Data.size()) { if (*SectionOffset >= DObj.getRangeSection().Data.size())
++NumErrors; ReportError("DW_AT_ranges offset is beyond .debug_ranges bounds:\n");
error() << "DW_AT_ranges offset is beyond .debug_ranges "
"bounds:\n";
Die.dump(OS, 0, DumpOpts);
OS << "\n";
}
} else { } else {
++NumErrors; ReportError("DIE has invalid DW_AT_ranges encoding:\n");
error() << "DIE has invalid DW_AT_ranges encoding:\n";
Die.dump(OS, 0, DumpOpts);
OS << "\n";
} }
break; break;
case DW_AT_stmt_list: case DW_AT_stmt_list:
// Make sure the offset in the DW_AT_stmt_list attribute is valid. // Make sure the offset in the DW_AT_stmt_list attribute is valid.
if (auto SectionOffset = AttrValue.Value.getAsSectionOffset()) { if (auto SectionOffset = AttrValue.Value.getAsSectionOffset()) {
if (*SectionOffset >= DObj.getLineSection().Data.size()) { if (*SectionOffset >= DObj.getLineSection().Data.size()) {
++NumErrors; ++NumErrors;
JDevlieghereUnsubmitted
Not Done
ReplyInline Actions

Can we use ReportError here too?

JDevlieghere: Can we use ReportError here too?
grimarAuthorUnsubmitted
Not Done
ReplyInline Actions

Done.

grimar: Done.
error() << "DW_AT_stmt_list offset is beyond .debug_line " error() << "DW_AT_stmt_list offset is beyond .debug_line "
"bounds: " "bounds: "
<< format("0x%08" PRIx64, *SectionOffset) << "\n"; << format("0x%08" PRIx64, *SectionOffset) << "\n";
Die.dump(OS, 0, DumpOpts); Die.dump(OS, 0, DumpOpts);
OS << "\n"; OS << "\n";
} }
} else { } else {
++NumErrors; ReportError("DIE has invalid DW_AT_stmt_list encoding:\n");
error() << "DIE has invalid DW_AT_stmt_list encoding:\n";
Die.dump(OS, 0, DumpOpts);
OS << "\n";
} }
break; break;
case DW_AT_location: {
Optional<ArrayRef<uint8_t>> Expr = AttrValue.Value.getAsBlock();
if (!Expr) {
ReportError("DIE has invalid DW_AT_location encoding:\n");
break;
}
DWARFUnit *U = Die.getDwarfUnit();
DataExtractor Data(StringRef((const char *)Expr->data(), Expr->size()),
JDevlieghereUnsubmitted
Not Done
ReplyInline Actions

I don't think we can avoid the cast, but let's use reinterpret_cast here.

JDevlieghere: I don't think we can avoid the cast, but let's use reinterpret_cast here.
grimarAuthorUnsubmitted
Not Done
ReplyInline Actions

Done.

grimar: Done.
DCtx.isLittleEndian(), 0);
DWARFExpression Expression(Data, U->getVersion(), U->getAddressByteSize());
bool Error = llvm::any_of(Expression, [](DWARFExpression::Operation &Op) {
return Op.isError();
});
if (Error)
ReportError("DIE contains invalid DWARF expression:\n");
break;
}
default: default:
break; break;
} }
return NumErrors; return NumErrors;
} }
unsigned DWARFVerifier::verifyDebugInfoForm(const DWARFDie &Die, unsigned DWARFVerifier::verifyDebugInfoForm(const DWARFDie &Die,
▲ Show 20 LinesShow All 367 LinesShow Last 20 Lines

test/tools/llvm-dwarfdump/X86/verify_broken_exprloc.s

# RUN: llvm-mc %s -filetype obj -triple i686-pc-linux -o %t
## Check we don't crash when parsing invalid expression opcode.
# RUN: llvm-dwarfdump %t | FileCheck %s
# CHECK: DW_TAG_GNU_call_site_parameter
# CHECK-NEXT: DW_AT_location (decoding error.)
## Check verifier reports an error.
# RUN: not llvm-dwarfdump -verify %t 2>&1 | FileCheck %s --check-prefix=VERIFY
# VERIFY: DIE contains invalid DWARF expression:
# VERIFY: DW_TAG_GNU_call_site_parameter
# VERIFY-NEXT: DW_AT_location (decoding error.)
aprantlUnsubmitted
Not Done
ReplyInline Actions

where does the . after error come from? it looks out of place. Perhaps <decoding error> would be better?

aprantl: where does the `.` after error come from? it looks out of place. Perhaps `<decoding error>`…
grimarAuthorUnsubmitted
Not Done
ReplyInline Actions

. comes from https://github.com/llvm-mirror/llvm/blob/master/lib/DebugInfo/DWARF/DWARFExpression.cpp#L224.

It does not seem this message was ever tested before, so I removed the dot.

<decoding error> looks better for me, but I would not change () to <>
in this patch as it comes from some different place and probably should break a lot of tests,
so looks should be done as separate change (if should).

grimar: `.` comes from https://github.com/llvm-mirror/llvm/blob/master/lib/DebugInfo/DWARF/DWARFExpress…
aprantlUnsubmitted
Not Done
ReplyInline Actions

This is obviously not super important, but I thought of
DW_AT_location (<decoding error>)
The <> is meant to "escape" the error message and make it look different from an actual value.

aprantl: This is obviously not super important, but I thought of `DW_AT_location (<decoding error>)`…
grimarAuthorUnsubmitted
Not Done
ReplyInline Actions

Ah, there is no problems to do that in this patch then I believe,
I'll change to (<decoding error>) before commit.

grimar: Ah, there is no problems to do that in this patch then I believe, I'll change to `(<decoding…
.section .debug_info,"",@progbits
.long 0x12
.value 0x4
.long 0
.byte 0x4
.uleb128 0x1 # DW_TAG_compile_unit [1]
.long 0
.byte 0x0
.uleb128 0x2 # DW_TAG_GNU_call_site_parameter [2]
.uleb128 0x1 # Expression size.
.byte 0xff # Broken expression.
.byte 0 # End mark.
.byte 0 # End mark.
.section .debug_abbrev,"",@progbits
.uleb128 0x1 # ID [1]
.uleb128 0x11 # DW_TAG_compile_unit, DW_CHILDREN_yes
.byte 0x1
.uleb128 0x25 # DW_AT_producer, DW_FORM_strp
.uleb128 0xe
.uleb128 0x13 # DW_AT_language, DW_FORM_data1
.uleb128 0xb
.byte 0
.byte 0
.uleb128 0x2 # ID [2]
.uleb128 0x410a # DW_TAG_GNU_call_site_parameter, DW_CHILDREN_no
.byte 0
.uleb128 0x2 # DW_AT_location, DW_FORM_exprloc
.uleb128 0x18
.byte 0
.byte 0
.byte 0
.section .debug_str,"MS",@progbits,1
.string "test"