This is an archive of the discontinued LLVM Phabricator instance.

Differential D39471

[asan] Fix small X86_64 ShadowOffset for non-default shadow scale
ClosedPublic

Authored by waltl on Oct 31 2017, 1:58 PM.

Details

Reviewers
vitalybuka
eugenis
alekseyshl
Commits
rG8f1545c629bb: [asan] Fix small X86_64 ShadowOffset for non-default shadow scale
rCRT318421: [asan] Fix small X86_64 ShadowOffset for non-default shadow scale
rL318421: [asan] Fix small X86_64 ShadowOffset for non-default shadow scale
Summary

The requirement is that shadow memory must be aligned to page
boundaries (4k in this case). Use a closed form equation that always
satisfies this requirement.

Diff Detail

Event Timeline

waltl created this revision.Oct 31 2017, 1:58 PM
Harbormaster completed remote builds in B11684: Diff 121050.Oct 31 2017, 1:58 PM
Herald added subscribers: hiraditya, kubamracek. · View Herald TranscriptOct 31 2017, 1:58 PM
kosarev added a subscriber: kosarev.Nov 1 2017, 1:38 AM
waltl updated this revision to Diff 122003.Nov 7 2017, 3:43 PM

Miscellaneous cleanups.

waltl added reviewers: vitalybuka, eugenis, alekseyshl.Nov 7 2017, 5:00 PM
waltl added subscribers: kcc, llvm-commits.
waltl updated this revision to Diff 122137.Nov 8 2017, 12:08 PM

Simplify offset computation

Harbormaster completed remote builds in B11970: Diff 122137.Nov 8 2017, 12:08 PM
vitalybuka added inline comments.Nov 15 2017, 2:27 PM
llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
303

@eugenis why do we need 0 here and not just kDefaultShadowScale

537–538

UB of shifting into sign bit?
0xFFFFF000ULL?
Same above.

kcc added inline comments.Nov 15 2017, 2:30 PM
llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
537–538

Please don't use constants in the code.

eugenis added inline comments.Nov 15 2017, 2:31 PM
llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
303

No idea. Looks strange. Check code history?

vitalybuka added inline comments.Nov 15 2017, 3:50 PM
llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
303

it's from the original commit which added entire file. so no explanation

@waltl nothing need to be changed here

537–538

kSmallX86_64ShadowOffset << (Mapping.Scale - kDefaultShadowScale) ?

waltl updated this revision to Diff 123178.Nov 16 2017, 7:30 AM

Address CR comments

waltl marked 3 inline comments as done.Nov 16 2017, 7:34 AM
waltl added inline comments.
llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
537–538

This isn't quite right: we'd still need a mask, and the shift value in theory may be negative. Please take a look at the updated code.

vitalybuka accepted this revision.Nov 16 2017, 8:24 AM
This revision is now accepted and ready to land.Nov 16 2017, 8:24 AM
Closed by commit rL318421: [asan] Fix small X86_64 ShadowOffset for non-default shadow scale (authored by waltl). · Explain WhyNov 16 2017, 9:05 AM
This revision was automatically updated to reflect the committed changes.
waltl marked an inline comment as done.

Revision Contents

PathSize
compiler-rt/
lib/
asan/
3 lines
llvm/
lib/
Transforms/
Instrumentation/
16 lines

Diff 123178

compiler-rt/lib/asan/asan_mapping.h

Show First 20 LinesShow All 133 Lines▼ Show 20 Lines
#if defined(ASAN_SHADOW_SCALE) #if defined(ASAN_SHADOW_SCALE)
static const u64 kDefaultShadowScale = ASAN_SHADOW_SCALE; static const u64 kDefaultShadowScale = ASAN_SHADOW_SCALE;
#else #else
static const u64 kDefaultShadowScale = 3; static const u64 kDefaultShadowScale = 3;
#endif #endif
static const u64 kDefaultShadowSentinel = ~(uptr)0; static const u64 kDefaultShadowSentinel = ~(uptr)0;
static const u64 kDefaultShadowOffset32 = 1ULL << 29; // 0x20000000 static const u64 kDefaultShadowOffset32 = 1ULL << 29; // 0x20000000
static const u64 kDefaultShadowOffset64 = 1ULL << 44; static const u64 kDefaultShadowOffset64 = 1ULL << 44;
static const u64 kDefaultShort64bitShadowOffset = 0x7FFF8000; // < 2G. static const u64 kDefaultShort64bitShadowOffset =
0x7FFFFFFF & (~0xFFFULL << kDefaultShadowScale); // < 2G.
static const u64 kIosShadowOffset32 = 1ULL << 30; // 0x40000000 static const u64 kIosShadowOffset32 = 1ULL << 30; // 0x40000000
static const u64 kIosShadowOffset64 = 0x120200000; static const u64 kIosShadowOffset64 = 0x120200000;
static const u64 kIosSimShadowOffset32 = 1ULL << 30; static const u64 kIosSimShadowOffset32 = 1ULL << 30;
static const u64 kIosSimShadowOffset64 = kDefaultShadowOffset64; static const u64 kIosSimShadowOffset64 = kDefaultShadowOffset64;
static const u64 kAArch64_ShadowOffset64 = 1ULL << 36; static const u64 kAArch64_ShadowOffset64 = 1ULL << 36;
static const u64 kMIPS32_ShadowOffset32 = 0x0aaa0000; static const u64 kMIPS32_ShadowOffset32 = 0x0aaa0000;
static const u64 kMIPS64_ShadowOffset64 = 1ULL << 37; static const u64 kMIPS64_ShadowOffset64 = 1ULL << 37;
static const u64 kPPC64_ShadowOffset64 = 1ULL << 41; static const u64 kPPC64_ShadowOffset64 = 1ULL << 41;
▲ Show 20 LinesShow All 207 LinesShow Last 20 Lines

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp

Show First 20 LinesShow All 91 Lines▼ Show 20 Lines
static const uint64_t kDefaultShadowScale = 3; static const uint64_t kDefaultShadowScale = 3;
static const uint64_t kDefaultShadowOffset32 = 1ULL << 29; static const uint64_t kDefaultShadowOffset32 = 1ULL << 29;
static const uint64_t kDefaultShadowOffset64 = 1ULL << 44; static const uint64_t kDefaultShadowOffset64 = 1ULL << 44;
static const uint64_t kDynamicShadowSentinel = static const uint64_t kDynamicShadowSentinel =
std::numeric_limits<uint64_t>::max(); std::numeric_limits<uint64_t>::max();
static const uint64_t kIOSShadowOffset32 = 1ULL << 30; static const uint64_t kIOSShadowOffset32 = 1ULL << 30;
static const uint64_t kIOSSimShadowOffset32 = 1ULL << 30; static const uint64_t kIOSSimShadowOffset32 = 1ULL << 30;
static const uint64_t kIOSSimShadowOffset64 = kDefaultShadowOffset64; static const uint64_t kIOSSimShadowOffset64 = kDefaultShadowOffset64;
static const uint64_t kSmallX86_64ShadowOffset = 0x7FFF8000; // < 2G. static const uint64_t kSmallX86_64ShadowOffsetBase = 0x7FFFFFFF; // < 2G.
static const uint64_t kSmallX86_64ShadowOffsetAlignMask = ~0xFFFULL;
static const uint64_t kLinuxKasan_ShadowOffset64 = 0xdffffc0000000000; static const uint64_t kLinuxKasan_ShadowOffset64 = 0xdffffc0000000000;
static const uint64_t kPPC64_ShadowOffset64 = 1ULL << 41; static const uint64_t kPPC64_ShadowOffset64 = 1ULL << 41;
static const uint64_t kSystemZ_ShadowOffset64 = 1ULL << 52; static const uint64_t kSystemZ_ShadowOffset64 = 1ULL << 52;
static const uint64_t kMIPS32_ShadowOffset32 = 0x0aaa0000; static const uint64_t kMIPS32_ShadowOffset32 = 0x0aaa0000;
static const uint64_t kMIPS64_ShadowOffset64 = 1ULL << 37; static const uint64_t kMIPS64_ShadowOffset64 = 1ULL << 37;
static const uint64_t kAArch64_ShadowOffset64 = 1ULL << 36; static const uint64_t kAArch64_ShadowOffset64 = 1ULL << 36;
static const uint64_t kFreeBSD_ShadowOffset32 = 1ULL << 30; static const uint64_t kFreeBSD_ShadowOffset32 = 1ULL << 30;
static const uint64_t kFreeBSD_ShadowOffset64 = 1ULL << 46; static const uint64_t kFreeBSD_ShadowOffset64 = 1ULL << 46;
▲ Show 20 LinesShow All 185 Lines▼ Show 20 Linesstatic cl::opt<bool> ClSkipPromotableAllocas(
cl::init(true)); cl::init(true));
// These flags allow to change the shadow mapping. // These flags allow to change the shadow mapping.
// The shadow mapping looks like // The shadow mapping looks like
// Shadow = (Mem >> scale) + offset // Shadow = (Mem >> scale) + offset
static cl::opt<int> ClMappingScale("asan-mapping-scale", static cl::opt<int> ClMappingScale("asan-mapping-scale",
cl::desc("scale of asan shadow mapping"), cl::desc("scale of asan shadow mapping"),
cl::Hidden, cl::init(0)); cl::Hidden, cl::init(0));
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

@eugenis why do we need 0 here and not just kDefaultShadowScale

vitalybuka: @eugenis why do we need 0 here and not just kDefaultShadowScale
eugenisUnsubmitted
Not Done
ReplyInline Actions

No idea. Looks strange. Check code history?

eugenis: No idea. Looks strange. Check code history?
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

it's from the original commit which added entire file. so no explanation

@waltl nothing need to be changed here

vitalybuka: it's from the original commit which added entire file. so no explanation @waltl nothing need…
static cl::opt<unsigned long long> ClMappingOffset( static cl::opt<unsigned long long> ClMappingOffset(
"asan-mapping-offset", "asan-mapping-offset",
cl::desc("offset of asan shadow mapping [EXPERIMENTAL]"), cl::Hidden, cl::desc("offset of asan shadow mapping [EXPERIMENTAL]"), cl::Hidden,
cl::init(0)); cl::init(0));
// Optimization flags. Not user visible, used mostly for testing // Optimization flags. Not user visible, used mostly for testing
// and benchmarking the tool. // and benchmarking the tool.
▲ Show 20 LinesShow All 179 Lines▼ Show 20 Lines bool IsMIPS64 = TargetTriple.getArch() == Triple::mips64 ||
TargetTriple.getArch() == Triple::mips64el; TargetTriple.getArch() == Triple::mips64el;
bool IsArmOrThumb = TargetTriple.isARM() || TargetTriple.isThumb(); bool IsArmOrThumb = TargetTriple.isARM() || TargetTriple.isThumb();
bool IsAArch64 = TargetTriple.getArch() == Triple::aarch64; bool IsAArch64 = TargetTriple.getArch() == Triple::aarch64;
bool IsWindows = TargetTriple.isOSWindows(); bool IsWindows = TargetTriple.isOSWindows();
bool IsFuchsia = TargetTriple.isOSFuchsia(); bool IsFuchsia = TargetTriple.isOSFuchsia();
ShadowMapping Mapping; ShadowMapping Mapping;
Mapping.Scale = kDefaultShadowScale;
if (ClMappingScale.getNumOccurrences() > 0) {
Mapping.Scale = ClMappingScale;
}
if (LongSize == 32) { if (LongSize == 32) {
if (IsAndroid) if (IsAndroid)
Mapping.Offset = kDynamicShadowSentinel; Mapping.Offset = kDynamicShadowSentinel;
else if (IsMIPS32) else if (IsMIPS32)
Mapping.Offset = kMIPS32_ShadowOffset32; Mapping.Offset = kMIPS32_ShadowOffset32;
else if (IsFreeBSD) else if (IsFreeBSD)
Mapping.Offset = kFreeBSD_ShadowOffset32; Mapping.Offset = kFreeBSD_ShadowOffset32;
else if (IsIOS) else if (IsIOS)
Show All 17 Lines if (LongSize == 32) {
else if (IsNetBSD) else if (IsNetBSD)
Mapping.Offset = kNetBSD_ShadowOffset64; Mapping.Offset = kNetBSD_ShadowOffset64;
else if (IsPS4CPU) else if (IsPS4CPU)
Mapping.Offset = kPS4CPU_ShadowOffset64; Mapping.Offset = kPS4CPU_ShadowOffset64;
else if (IsLinux && IsX86_64) { else if (IsLinux && IsX86_64) {
if (IsKasan) if (IsKasan)
Mapping.Offset = kLinuxKasan_ShadowOffset64; Mapping.Offset = kLinuxKasan_ShadowOffset64;
else else
Mapping.Offset = kSmallX86_64ShadowOffset; Mapping.Offset = (kSmallX86_64ShadowOffsetBase &
(kSmallX86_64ShadowOffsetAlignMask << Mapping.Scale));
vitalybukaUnsubmitted
Done
ReplyInline Actions

UB of shifting into sign bit?
0xFFFFF000ULL?
Same above.

vitalybuka: UB of shifting into sign bit? 0xFFFFF000ULL? Same above.
kccUnsubmitted
Done
ReplyInline Actions

Please don't use constants in the code.

kcc: Please don't use constants in the code.
vitalybukaUnsubmitted
Done
ReplyInline Actions

kSmallX86_64ShadowOffset << (Mapping.Scale - kDefaultShadowScale) ?

vitalybuka: kSmallX86_64ShadowOffset << (Mapping.Scale - kDefaultShadowScale) ?
waltlAuthorUnsubmitted
Not Done
ReplyInline Actions

This isn't quite right: we'd still need a mask, and the shift value in theory may be negative. Please take a look at the updated code.

waltl: This isn't quite right: we'd still need a mask, and the shift value in theory may be negative.
} else if (IsWindows && IsX86_64) { } else if (IsWindows && IsX86_64) {
Mapping.Offset = kWindowsShadowOffset64; Mapping.Offset = kWindowsShadowOffset64;
} else if (IsMIPS64) } else if (IsMIPS64)
Mapping.Offset = kMIPS64_ShadowOffset64; Mapping.Offset = kMIPS64_ShadowOffset64;
else if (IsIOS) else if (IsIOS)
// If we're targeting iOS and x86, the binary is built for iOS simulator. // If we're targeting iOS and x86, the binary is built for iOS simulator.
// We are using dynamic shadow offset on the 64-bit devices. // We are using dynamic shadow offset on the 64-bit devices.
Mapping.Offset = Mapping.Offset =
IsX86_64 ? kIOSSimShadowOffset64 : kDynamicShadowSentinel; IsX86_64 ? kIOSSimShadowOffset64 : kDynamicShadowSentinel;
else if (IsAArch64) else if (IsAArch64)
Mapping.Offset = kAArch64_ShadowOffset64; Mapping.Offset = kAArch64_ShadowOffset64;
else else
Mapping.Offset = kDefaultShadowOffset64; Mapping.Offset = kDefaultShadowOffset64;
} }
if (ClForceDynamicShadow) { if (ClForceDynamicShadow) {
Mapping.Offset = kDynamicShadowSentinel; Mapping.Offset = kDynamicShadowSentinel;
} }
Mapping.Scale = kDefaultShadowScale;
if (ClMappingScale.getNumOccurrences() > 0) {
Mapping.Scale = ClMappingScale;
}
if (ClMappingOffset.getNumOccurrences() > 0) { if (ClMappingOffset.getNumOccurrences() > 0) {
Mapping.Offset = ClMappingOffset; Mapping.Offset = ClMappingOffset;
} }
// OR-ing shadow offset if more efficient (at least on x86) if the offset // OR-ing shadow offset if more efficient (at least on x86) if the offset
// is a power of two, but on ppc64 we have to use add since the shadow // is a power of two, but on ppc64 we have to use add since the shadow
// offset is not necessary 1/8-th of the address space. On SystemZ, // offset is not necessary 1/8-th of the address space. On SystemZ,
// we could OR the constant in a single instruction, but it's more // we could OR the constant in a single instruction, but it's more
▲ Show 20 LinesShow All 2,595 LinesShow Last 20 Lines