This is an archive of the discontinued LLVM Phabricator instance.

Differential D43135

hwasan: fix inline instrumentation
ClosedPublic

Authored by andreyknvl on Feb 9 2018, 11:08 AM.

Details

Reviewers
dvyukov
kcc
eugenis
ramana
Commits
rG43271b18031b: [hwasan] Fix inline instrumentation.
rCRT325711: [hwasan] Fix inline instrumentation.
rL325711: [hwasan] Fix inline instrumentation.
Summary

This patch changes hwasan inline instrumentation:

  1. Fixes address untagging for shadow address calculation (use 0xFF instead of 0x00 for the top byte).
  2. Emits brk instruction instead of hlt for the kernel and user space.
  3. Use 0x900 instead of 0x100 for brk immediate (0x100 - 0x800 are unavailable in the kernel).
  4. Fixes and adds appropriate tests.

Diff Detail

Repository
rL LLVM

Event Timeline

andreyknvl created this revision.Feb 9 2018, 11:08 AM
kcc added a comment.Feb 9 2018, 11:15 AM

please add a lit test.

eugenis added a comment.Feb 9 2018, 6:21 PM

LGTM with a test.
Please don't copy all the tests for different hlt# values, just one would be enough to capture the difference in 0x900.

kcc added a reviewer: ramana.Feb 13 2018, 9:48 AM
eugenis added a comment.Feb 14 2018, 1:31 PM

Andrey, do you mind switching userspace to brk as well? You'd need to change the decoding in hwasan_linux.cc as well, but it could be even less work than writing a kernel-only lit test.

andreyknvl updated this revision to Diff 135230.Feb 21 2018, 4:50 AM
andreyknvl edited the summary of this revision. (Show Details)

Switched user space hwasan to brk.
Fixed and added tests.

andreyknvl retitled this revision from hwasan: fix kernel inline instrumentation to hwasan: fix inline instrumentation.Feb 21 2018, 4:52 AM

PTAL

andreyknvl added a comment.Feb 21 2018, 8:25 AM

It seems that hwasan_linux.cc is in a different repo (compiler-rt) and is not picked up by svn diff. Do I need to submit that change as a separate patch?

eugenis added a comment.Feb 21 2018, 9:23 AM

You can pass multiple repositories as arguments to svn diff, or upload a separate revision, or use git monorepo.

lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
314 ↗(On Diff #135230)

Could we use 0x900 in the userspace as well? I assume 0x100 is not available in the kernel for some reason. There are no ABI concerns yet.

andreyknvl updated this revision to Diff 135278.Feb 21 2018, 9:50 AM
andreyknvl edited the summary of this revision. (Show Details)

Use 0x900 instead of 0x100 for brk immediate (0x100 - 0x800 are unavailable in the kernel).

Herald added a subscriber: kubamracek. · View Herald TranscriptFeb 21 2018, 9:50 AM
andreyknvl added a comment.Feb 21 2018, 9:51 AM

Done, PTAL

eugenis added inline comments.Feb 21 2018, 10:01 AM
projects/compiler-rt/lib/hwasan/hwasan_linux.cc
191 ↗(On Diff #135278)

0x9XY

255 ↗(On Diff #135278)

I don't think we have a SIGTRAP handler.

andreyknvl updated this revision to Diff 135292.Feb 21 2018, 10:40 AM

Install SIGTRAP handler.

andreyknvl added a comment.Feb 21 2018, 10:41 AM

PTAL

eugenis added inline comments.Feb 21 2018, 11:06 AM
projects/compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cc
221 ↗(On Diff #135292)

It won't do anything, see GetHandleSignalModeImpl

andreyknvl updated this revision to Diff 135302.Feb 21 2018, 11:20 AM

Try harder to install SIGTRAP handler.

andreyknvl added a comment.Feb 21 2018, 11:21 AM

PTAL

eugenis accepted this revision.Feb 21 2018, 11:25 AM

Looks great, thank you!
I can land it for you.

This revision is now accepted and ready to land.Feb 21 2018, 11:25 AM
andreyknvl added a comment.Feb 21 2018, 11:33 AM

If to land means to commit, then yes, please :)

eugenis added a comment.Feb 21 2018, 11:54 AM

r325711.
I had to fix userspace callbacks - they were still doing hlt with 0x100 instead of brk with 0x900.

Closed by commit rCRT325711: [hwasan] Fix inline instrumentation. (authored by eugenis). · Explain WhyFeb 21 2018, 11:55 AM
Closed by commit rL325711: [hwasan] Fix inline instrumentation. (authored by eugenis). · Explain Why
This revision was automatically updated to reflect the committed changes.
This revision was automatically updated to reflect the committed changes.
Herald added subscribers: Restricted Project, llvm-commits. · View Herald TranscriptFeb 21 2018, 11:55 AM
Herald added a subscriber: delcypher. · View Herald Transcript

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
hwasan/
10 lines
10 lines
sanitizer_common/
2 lines
2 lines
2 lines
1 line
llvm/
trunk/
lib/
Transforms/
Instrumentation/
24 lines
test/
Instrumentation/
HWAddressSanitizer/
4 lines
40 lines
2 lines
39 lines

Diff 135308

compiler-rt/trunk/lib/hwasan/hwasan.cc

Show First 20 LinesShow All 78 Lines▼ Show 20 Lines SetCommonFlagsDefaults();
cf.CopyFrom(*common_flags()); cf.CopyFrom(*common_flags());
cf.external_symbolizer_path = GetEnv("HWASAN_SYMBOLIZER_PATH"); cf.external_symbolizer_path = GetEnv("HWASAN_SYMBOLIZER_PATH");
cf.malloc_context_size = 20; cf.malloc_context_size = 20;
cf.handle_ioctl = true; cf.handle_ioctl = true;
// FIXME: test and enable. // FIXME: test and enable.
cf.check_printf = false; cf.check_printf = false;
cf.intercept_tls_get_addr = true; cf.intercept_tls_get_addr = true;
cf.exitcode = 99; cf.exitcode = 99;
cf.handle_sigill = kHandleSignalExclusive; cf.handle_sigtrap = kHandleSignalExclusive;
OverrideCommonFlags(cf); OverrideCommonFlags(cf);
} }
Flags *f = flags(); Flags *f = flags();
f->SetDefaults(); f->SetDefaults();
FlagParser parser; FlagParser parser;
RegisterHwasanFlags(&parser, f); RegisterHwasanFlags(&parser, f);
▲ Show 20 LinesShow All 139 Lines▼ Show 20 Linesvoid __sanitizer_unaligned_store32(uu32 *p, u32 x) {
*p = x; *p = x;
} }
void __sanitizer_unaligned_store64(uu64 *p, u64 x) { void __sanitizer_unaligned_store64(uu64 *p, u64 x) {
*p = x; *p = x;
} }
template<unsigned X> template<unsigned X>
__attribute__((always_inline)) __attribute__((always_inline))
static void SigIll() { static void SigTrap() {
#if defined(__aarch64__) #if defined(__aarch64__)
asm("hlt %0\n\t" ::"n"(X)); asm("brk %0\n\t" ::"n"(X));
#elif defined(__x86_64__) || defined(__i386__) #elif defined(__x86_64__) || defined(__i386__)
asm("ud2\n\t"); asm("ud2\n\t");
#else #else
// FIXME: not always sigill. // FIXME: not always sigill.
__builtin_trap(); __builtin_trap();
#endif #endif
// __builtin_unreachable(); // __builtin_unreachable();
} }
enum class ErrorAction { Abort, Recover }; enum class ErrorAction { Abort, Recover };
enum class AccessType { Load, Store }; enum class AccessType { Load, Store };
template <ErrorAction EA, AccessType AT, unsigned LogSize> template <ErrorAction EA, AccessType AT, unsigned LogSize>
__attribute__((always_inline, nodebug)) static void CheckAddress(uptr p) { __attribute__((always_inline, nodebug)) static void CheckAddress(uptr p) {
tag_t ptr_tag = GetTagFromPointer(p); tag_t ptr_tag = GetTagFromPointer(p);
uptr ptr_raw = p & ~kAddressTagMask; uptr ptr_raw = p & ~kAddressTagMask;
tag_t mem_tag = *(tag_t *)MEM_TO_SHADOW(ptr_raw); tag_t mem_tag = *(tag_t *)MEM_TO_SHADOW(ptr_raw);
if (UNLIKELY(ptr_tag != mem_tag)) { if (UNLIKELY(ptr_tag != mem_tag)) {
SigIll<0x100 + 0x20 * (EA == ErrorAction::Recover) + SigTrap<0x900 + 0x20 * (EA == ErrorAction::Recover) +
0x10 * (AT == AccessType::Store) + LogSize>(); 0x10 * (AT == AccessType::Store) + LogSize>();
if (EA == ErrorAction::Abort) __builtin_unreachable(); if (EA == ErrorAction::Abort) __builtin_unreachable();
} }
} }
template <ErrorAction EA, AccessType AT> template <ErrorAction EA, AccessType AT>
__attribute__((always_inline, nodebug)) static void CheckAddressSized(uptr p, __attribute__((always_inline, nodebug)) static void CheckAddressSized(uptr p,
uptr sz) { uptr sz) {
CHECK_NE(0, sz); CHECK_NE(0, sz);
tag_t ptr_tag = GetTagFromPointer(p); tag_t ptr_tag = GetTagFromPointer(p);
uptr ptr_raw = p & ~kAddressTagMask; uptr ptr_raw = p & ~kAddressTagMask;
tag_t *shadow_first = (tag_t *)MEM_TO_SHADOW(ptr_raw); tag_t *shadow_first = (tag_t *)MEM_TO_SHADOW(ptr_raw);
tag_t *shadow_last = (tag_t *)MEM_TO_SHADOW(ptr_raw + sz - 1); tag_t *shadow_last = (tag_t *)MEM_TO_SHADOW(ptr_raw + sz - 1);
for (tag_t *t = shadow_first; t <= shadow_last; ++t) for (tag_t *t = shadow_first; t <= shadow_last; ++t)
if (UNLIKELY(ptr_tag != *t)) { if (UNLIKELY(ptr_tag != *t)) {
SigIll<0x100 + 0x20 * (EA == ErrorAction::Recover) + SigTrap<0x900 + 0x20 * (EA == ErrorAction::Recover) +
0x10 * (AT == AccessType::Store) + 0xf>(); 0x10 * (AT == AccessType::Store) + 0xf>();
if (EA == ErrorAction::Abort) __builtin_unreachable(); if (EA == ErrorAction::Abort) __builtin_unreachable();
} }
} }
void __hwasan_load(uptr p, uptr sz) { void __hwasan_load(uptr p, uptr sz) {
CheckAddressSized<ErrorAction::Abort, AccessType::Load>(p, sz); CheckAddressSized<ErrorAction::Abort, AccessType::Load>(p, sz);
} }
▲ Show 20 LinesShow All 99 LinesShow Last 20 Lines

compiler-rt/trunk/lib/hwasan/hwasan_linux.cc

Show First 20 LinesShow All 182 Lines▼ Show 20 Linesstruct AccessInfo {
uptr size; uptr size;
bool is_store; bool is_store;
bool is_load; bool is_load;
bool recover; bool recover;
}; };
#if defined(__aarch64__) #if defined(__aarch64__)
static AccessInfo GetAccessInfo(siginfo_t *info, ucontext_t *uc) { static AccessInfo GetAccessInfo(siginfo_t *info, ucontext_t *uc) {
// Access type is encoded in HLT immediate as 0x1XY, // Access type is encoded in BRK immediate as 0x9XY,
// where X&1 is 1 for store, 0 for load, // where X&1 is 1 for store, 0 for load,
// and X&2 is 1 if the error is recoverable. // and X&2 is 1 if the error is recoverable.
// Valid values of Y are 0 to 4, which are interpreted as log2(access_size), // Valid values of Y are 0 to 4, which are interpreted as log2(access_size),
// and 0xF, which means that access size is stored in X1 register. // and 0xF, which means that access size is stored in X1 register.
// Access address is always in X0 register. // Access address is always in X0 register.
AccessInfo ai; AccessInfo ai;
uptr pc = (uptr)info->si_addr; uptr pc = (uptr)info->si_addr;
unsigned code = ((*(u32 *)pc) >> 5) & 0xffff; unsigned code = ((*(u32 *)pc) >> 5) & 0xffff;
if ((code & 0xff00) != 0x100) if ((code & 0xff00) != 0x900)
return AccessInfo{0, 0, false, false}; // Not ours. return AccessInfo{0, 0, false, false}; // Not ours.
bool is_store = code & 0x10; bool is_store = code & 0x10;
bool recover = code & 0x20; bool recover = code & 0x20;
unsigned size_log = code & 0xf; unsigned size_log = code & 0xf;
if (size_log > 4 && size_log != 0xf) if (size_log > 4 && size_log != 0xf)
return AccessInfo{0, 0, false, false}; // Not ours. return AccessInfo{0, 0, false, false}; // Not ours.
ai.is_store = is_store; ai.is_store = is_store;
ai.is_load = !is_store; ai.is_load = !is_store;
ai.addr = uc->uc_mcontext.regs[0]; ai.addr = uc->uc_mcontext.regs[0];
if (size_log == 0xf) if (size_log == 0xf)
ai.size = uc->uc_mcontext.regs[1]; ai.size = uc->uc_mcontext.regs[1];
else else
ai.size = 1U << size_log; ai.size = 1U << size_log;
ai.recover = recover; ai.recover = recover;
return ai; return ai;
} }
#else #else
static AccessInfo GetAccessInfo(siginfo_t *info, ucontext_t *uc) { static AccessInfo GetAccessInfo(siginfo_t *info, ucontext_t *uc) {
return AccessInfo{0, 0, false, false}; return AccessInfo{0, 0, false, false};
} }
#endif #endif
static bool HwasanOnSIGILL(int signo, siginfo_t *info, ucontext_t *uc) { static bool HwasanOnSIGTRAP(int signo, siginfo_t *info, ucontext_t *uc) {
SignalContext sig{info, uc}; SignalContext sig{info, uc};
AccessInfo ai = GetAccessInfo(info, uc); AccessInfo ai = GetAccessInfo(info, uc);
if (!ai.is_store && !ai.is_load) if (!ai.is_store && !ai.is_load)
return false; return false;
InternalScopedBuffer<BufferedStackTrace> stack_buffer(1); InternalScopedBuffer<BufferedStackTrace> stack_buffer(1);
BufferedStackTrace *stack = stack_buffer.data(); BufferedStackTrace *stack = stack_buffer.data();
stack->Reset(); stack->Reset();
Show All 13 Lines
static void OnStackUnwind(const SignalContext &sig, const void *, static void OnStackUnwind(const SignalContext &sig, const void *,
BufferedStackTrace *stack) { BufferedStackTrace *stack) {
GetStackTrace(stack, kStackTraceMax, sig.pc, sig.bp, sig.context, GetStackTrace(stack, kStackTraceMax, sig.pc, sig.bp, sig.context,
common_flags()->fast_unwind_on_fatal); common_flags()->fast_unwind_on_fatal);
} }
void HwasanOnDeadlySignal(int signo, void *info, void *context) { void HwasanOnDeadlySignal(int signo, void *info, void *context) {
// Probably a tag mismatch. // Probably a tag mismatch.
if (signo == SIGILL) if (signo == SIGTRAP)
if (HwasanOnSIGILL(signo, (siginfo_t *)info, (ucontext_t*)context)) if (HwasanOnSIGTRAP(signo, (siginfo_t *)info, (ucontext_t*)context))
return; return;
HandleDeadlySignal(info, context, GetTid(), &OnStackUnwind, nullptr); HandleDeadlySignal(info, context, GetTid(), &OnStackUnwind, nullptr);
} }
} // namespace __hwasan } // namespace __hwasan
#endif // SANITIZER_FREEBSD || SANITIZER_LINUX || SANITIZER_NETBSD #endif // SANITIZER_FREEBSD || SANITIZER_LINUX || SANITIZER_NETBSD

compiler-rt/trunk/lib/sanitizer_common/sanitizer_flags.inc

Show First 20 LinesShow All 87 Lines▼ Show 20 Lines
COMMON_FLAG(HandleSignalMode, handle_segv, kHandleSignalYes, COMMON_FLAG(HandleSignalMode, handle_segv, kHandleSignalYes,
COMMON_FLAG_HANDLE_SIGNAL_HELP(SIGSEGV)) COMMON_FLAG_HANDLE_SIGNAL_HELP(SIGSEGV))
COMMON_FLAG(HandleSignalMode, handle_sigbus, kHandleSignalYes, COMMON_FLAG(HandleSignalMode, handle_sigbus, kHandleSignalYes,
COMMON_FLAG_HANDLE_SIGNAL_HELP(SIGBUS)) COMMON_FLAG_HANDLE_SIGNAL_HELP(SIGBUS))
COMMON_FLAG(HandleSignalMode, handle_abort, kHandleSignalNo, COMMON_FLAG(HandleSignalMode, handle_abort, kHandleSignalNo,
COMMON_FLAG_HANDLE_SIGNAL_HELP(SIGABRT)) COMMON_FLAG_HANDLE_SIGNAL_HELP(SIGABRT))
COMMON_FLAG(HandleSignalMode, handle_sigill, kHandleSignalNo, COMMON_FLAG(HandleSignalMode, handle_sigill, kHandleSignalNo,
COMMON_FLAG_HANDLE_SIGNAL_HELP(SIGILL)) COMMON_FLAG_HANDLE_SIGNAL_HELP(SIGILL))
COMMON_FLAG(HandleSignalMode, handle_sigtrap, kHandleSignalNo,
COMMON_FLAG_HANDLE_SIGNAL_HELP(SIGTRAP))
COMMON_FLAG(HandleSignalMode, handle_sigfpe, kHandleSignalYes, COMMON_FLAG(HandleSignalMode, handle_sigfpe, kHandleSignalYes,
COMMON_FLAG_HANDLE_SIGNAL_HELP(SIGFPE)) COMMON_FLAG_HANDLE_SIGNAL_HELP(SIGFPE))
#undef COMMON_FLAG_HANDLE_SIGNAL_HELP #undef COMMON_FLAG_HANDLE_SIGNAL_HELP
COMMON_FLAG(bool, allow_user_segv_handler, true, COMMON_FLAG(bool, allow_user_segv_handler, true,
"Deprecated. True has no effect, use handle_sigbus=1. If false, " "Deprecated. True has no effect, use handle_sigbus=1. If false, "
"handle_*=1 will be upgraded to handle_*=2.") "handle_*=1 will be upgraded to handle_*=2.")
COMMON_FLAG(bool, use_sigaltstack, true, COMMON_FLAG(bool, use_sigaltstack, true,
"If set, uses alternate stack for signal handling.") "If set, uses alternate stack for signal handling.")
▲ Show 20 LinesShow All 137 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_linux.cc

Show First 20 LinesShow All 1,612 Lines▼ Show 20 Lines
#endif #endif
static HandleSignalMode GetHandleSignalModeImpl(int signum) { static HandleSignalMode GetHandleSignalModeImpl(int signum) {
switch (signum) { switch (signum) {
case SIGABRT: case SIGABRT:
return common_flags()->handle_abort; return common_flags()->handle_abort;
case SIGILL: case SIGILL:
return common_flags()->handle_sigill; return common_flags()->handle_sigill;
case SIGTRAP:
return common_flags()->handle_sigtrap;
case SIGFPE: case SIGFPE:
return common_flags()->handle_sigfpe; return common_flags()->handle_sigfpe;
case SIGSEGV: case SIGSEGV:
return common_flags()->handle_segv; return common_flags()->handle_segv;
case SIGBUS: case SIGBUS:
return common_flags()->handle_sigbus; return common_flags()->handle_sigbus;
} }
return kHandleSignalNo; return kHandleSignalNo;
▲ Show 20 LinesShow All 268 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_mac.cc

Show First 20 LinesShow All 429 Lines▼ Show 20 Lines
void ListOfModules::fallbackInit() { clear(); } void ListOfModules::fallbackInit() { clear(); }
static HandleSignalMode GetHandleSignalModeImpl(int signum) { static HandleSignalMode GetHandleSignalModeImpl(int signum) {
switch (signum) { switch (signum) {
case SIGABRT: case SIGABRT:
return common_flags()->handle_abort; return common_flags()->handle_abort;
case SIGILL: case SIGILL:
return common_flags()->handle_sigill; return common_flags()->handle_sigill;
case SIGTRAP:
return common_flags()->handle_sigtrap;
case SIGFPE: case SIGFPE:
return common_flags()->handle_sigfpe; return common_flags()->handle_sigfpe;
case SIGSEGV: case SIGSEGV:
return common_flags()->handle_segv; return common_flags()->handle_segv;
case SIGBUS: case SIGBUS:
return common_flags()->handle_sigbus; return common_flags()->handle_sigbus;
} }
return kHandleSignalNo; return kHandleSignalNo;
▲ Show 20 LinesShow All 591 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_posix_libcdep.cc

Show First 20 LinesShow All 212 Lines▼ Show 20 Linesvoid InstallDeadlySignalHandlers(SignalHandlerType handler) {
// This will cause SetAlternateSignalStack to be called twice, but the stack // This will cause SetAlternateSignalStack to be called twice, but the stack
// will be actually set only once. // will be actually set only once.
if (common_flags()->use_sigaltstack) SetAlternateSignalStack(); if (common_flags()->use_sigaltstack) SetAlternateSignalStack();
MaybeInstallSigaction(SIGSEGV, handler); MaybeInstallSigaction(SIGSEGV, handler);
MaybeInstallSigaction(SIGBUS, handler); MaybeInstallSigaction(SIGBUS, handler);
MaybeInstallSigaction(SIGABRT, handler); MaybeInstallSigaction(SIGABRT, handler);
MaybeInstallSigaction(SIGFPE, handler); MaybeInstallSigaction(SIGFPE, handler);
MaybeInstallSigaction(SIGILL, handler); MaybeInstallSigaction(SIGILL, handler);
MaybeInstallSigaction(SIGTRAP, handler);
} }
bool SignalContext::IsStackOverflow() const { bool SignalContext::IsStackOverflow() const {
// Access at a reasonable offset above SP, or slightly below it (to account // Access at a reasonable offset above SP, or slightly below it (to account
// for x86_64 or PowerPC redzone, ARM push of multiple registers, etc) is // for x86_64 or PowerPC redzone, ARM push of multiple registers, etc) is
// probably a stack overflow. // probably a stack overflow.
#ifdef __s390__ #ifdef __s390__
// On s390, the fault address in siginfo points to start of the page, not // On s390, the fault address in siginfo points to start of the page, not
▲ Show 20 LinesShow All 292 LinesShow Last 20 Lines

llvm/trunk/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp

Show First 20 LinesShow All 128 Lines▼ Show 20 Linespublic:
bool instrumentMemAccess(Instruction *I); bool instrumentMemAccess(Instruction *I);
Value *isInterestingMemoryAccess(Instruction *I, bool *IsWrite, Value *isInterestingMemoryAccess(Instruction *I, bool *IsWrite,
uint64_t *TypeSize, unsigned *Alignment, uint64_t *TypeSize, unsigned *Alignment,
Value **MaybeMask); Value **MaybeMask);
bool isInterestingAlloca(const AllocaInst &AI); bool isInterestingAlloca(const AllocaInst &AI);
bool tagAlloca(IRBuilder<> &IRB, AllocaInst *AI, Value *Tag); bool tagAlloca(IRBuilder<> &IRB, AllocaInst *AI, Value *Tag);
Value *tagPointer(IRBuilder<> &IRB, Type *Ty, Value *PtrLong, Value *Tag); Value *tagPointer(IRBuilder<> &IRB, Type *Ty, Value *PtrLong, Value *Tag);
Value *untagPointer(IRBuilder<> &IRB, Value *PtrLong);
bool instrumentStack(SmallVectorImpl<AllocaInst *> &Allocas, bool instrumentStack(SmallVectorImpl<AllocaInst *> &Allocas,
SmallVectorImpl<Instruction *> &RetVec); SmallVectorImpl<Instruction *> &RetVec);
Value *getNextTagWithCall(IRBuilder<> &IRB); Value *getNextTagWithCall(IRBuilder<> &IRB);
Value *getStackBaseTag(IRBuilder<> &IRB); Value *getStackBaseTag(IRBuilder<> &IRB);
Value *getAllocaTag(IRBuilder<> &IRB, Value *StackTag, AllocaInst *AI, Value *getAllocaTag(IRBuilder<> &IRB, Value *StackTag, AllocaInst *AI,
unsigned AllocaNo); unsigned AllocaNo);
Value *getUARTag(IRBuilder<> &IRB, Value *StackTag); Value *getUARTag(IRBuilder<> &IRB, Value *StackTag);
▲ Show 20 LinesShow All 141 Lines▼ Show 20 Linesstatic size_t TypeSizeToSizeIndex(uint32_t TypeSize) {
return Res; return Res;
} }
void HWAddressSanitizer::instrumentMemAccessInline(Value *PtrLong, bool IsWrite, void HWAddressSanitizer::instrumentMemAccessInline(Value *PtrLong, bool IsWrite,
unsigned AccessSizeIndex, unsigned AccessSizeIndex,
Instruction *InsertBefore) { Instruction *InsertBefore) {
IRBuilder<> IRB(InsertBefore); IRBuilder<> IRB(InsertBefore);
Value *PtrTag = IRB.CreateTrunc(IRB.CreateLShr(PtrLong, kPointerTagShift), IRB.getInt8Ty()); Value *PtrTag = IRB.CreateTrunc(IRB.CreateLShr(PtrLong, kPointerTagShift), IRB.getInt8Ty());
Value *AddrLong = Value *AddrLong = untagPointer(IRB, PtrLong);
IRB.CreateAnd(PtrLong, ConstantInt::get(PtrLong->getType(),
~(0xFFULL << kPointerTagShift)));
Value *ShadowLong = IRB.CreateLShr(AddrLong, kShadowScale); Value *ShadowLong = IRB.CreateLShr(AddrLong, kShadowScale);
if (ClMappingOffset) if (ClMappingOffset)
ShadowLong = IRB.CreateAdd( ShadowLong = IRB.CreateAdd(
ShadowLong, ConstantInt::get(PtrLong->getType(), ClMappingOffset, ShadowLong, ConstantInt::get(PtrLong->getType(), ClMappingOffset,
/*isSigned=*/false)); /*isSigned=*/false));
Value *MemTag = Value *MemTag =
IRB.CreateLoad(IRB.CreateIntToPtr(ShadowLong, IRB.getInt8PtrTy())); IRB.CreateLoad(IRB.CreateIntToPtr(ShadowLong, IRB.getInt8PtrTy()));
Value *TagMismatch = IRB.CreateICmpNE(PtrTag, MemTag); Value *TagMismatch = IRB.CreateICmpNE(PtrTag, MemTag);
TerminatorInst *CheckTerm = TerminatorInst *CheckTerm =
SplitBlockAndInsertIfThen(TagMismatch, InsertBefore, !Recover, SplitBlockAndInsertIfThen(TagMismatch, InsertBefore, !Recover,
MDBuilder(*C).createBranchWeights(1, 100000)); MDBuilder(*C).createBranchWeights(1, 100000));
IRB.SetInsertPoint(CheckTerm); IRB.SetInsertPoint(CheckTerm);
// The signal handler will find the data address in x0. // The signal handler will find the data address in x0.
InlineAsm *Asm = InlineAsm::get( InlineAsm *Asm = InlineAsm::get(
FunctionType::get(IRB.getVoidTy(), {PtrLong->getType()}, false), FunctionType::get(IRB.getVoidTy(), {PtrLong->getType()}, false),
"hlt #" + "brk #" +
itostr(0x100 + Recover * 0x20 + IsWrite * 0x10 + AccessSizeIndex), itostr(0x900 + Recover * 0x20 + IsWrite * 0x10 + AccessSizeIndex),
"{x0}", "{x0}",
/*hasSideEffects=*/true); /*hasSideEffects=*/true);
IRB.CreateCall(Asm, PtrLong); IRB.CreateCall(Asm, PtrLong);
} }
bool HWAddressSanitizer::instrumentMemAccess(Instruction *I) { bool HWAddressSanitizer::instrumentMemAccess(Instruction *I) {
DEBUG(dbgs() << "Instrumenting: " << *I << "\n"); DEBUG(dbgs() << "Instrumenting: " << *I << "\n");
bool IsWrite = false; bool IsWrite = false;
▲ Show 20 LinesShow All 132 Lines▼ Show 20 LinesValue *HWAddressSanitizer::tagPointer(IRBuilder<> &IRB, Type *Ty, Value *PtrLong,
} else { } else {
// Userspace can simply do OR (tag << 56); // Userspace can simply do OR (tag << 56);
Value *ShiftedTag = IRB.CreateShl(Tag, kPointerTagShift); Value *ShiftedTag = IRB.CreateShl(Tag, kPointerTagShift);
TaggedPtrLong = IRB.CreateOr(PtrLong, ShiftedTag); TaggedPtrLong = IRB.CreateOr(PtrLong, ShiftedTag);
} }
return IRB.CreateIntToPtr(TaggedPtrLong, Ty); return IRB.CreateIntToPtr(TaggedPtrLong, Ty);
} }
// Remove tag from an address.
Value *HWAddressSanitizer::untagPointer(IRBuilder<> &IRB, Value *PtrLong) {
Value *UntaggedPtrLong;
if (ClEnableKhwasan) {
// Kernel addresses have 0xFF in the most significant byte.
UntaggedPtrLong = IRB.CreateOr(PtrLong,
ConstantInt::get(PtrLong->getType(), 0xFFULL << kPointerTagShift));
} else {
// Userspace addresses have 0x00.
UntaggedPtrLong = IRB.CreateAnd(PtrLong,
ConstantInt::get(PtrLong->getType(), ~(0xFFULL << kPointerTagShift)));
}
return UntaggedPtrLong;
}
bool HWAddressSanitizer::instrumentStack( bool HWAddressSanitizer::instrumentStack(
SmallVectorImpl<AllocaInst *> &Allocas, SmallVectorImpl<AllocaInst *> &Allocas,
SmallVectorImpl<Instruction *> &RetVec) { SmallVectorImpl<Instruction *> &RetVec) {
Function *F = Allocas[0]->getParent()->getParent(); Function *F = Allocas[0]->getParent()->getParent();
Instruction *InsertPt = &*F->getEntryBlock().begin(); Instruction *InsertPt = &*F->getEntryBlock().begin();
IRBuilder<> IRB(InsertPt); IRBuilder<> IRB(InsertPt);
Value *StackTag = getStackBaseTag(IRB); Value *StackTag = getStackBaseTag(IRB);
▲ Show 20 LinesShow All 105 LinesShow Last 20 Lines

llvm/trunk/test/Instrumentation/HWAddressSanitizer/atomic.ll

; Test basic address sanitizer instrumentation. ; Test basic address sanitizer instrumentation.
; ;
; RUN: opt < %s -hwasan -S | FileCheck %s ; RUN: opt < %s -hwasan -S | FileCheck %s
target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128" target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
target triple = "aarch64--linux-android" target triple = "aarch64--linux-android"
define void @atomicrmw(i64* %ptr) sanitize_hwaddress { define void @atomicrmw(i64* %ptr) sanitize_hwaddress {
; CHECK-LABEL: @atomicrmw( ; CHECK-LABEL: @atomicrmw(
; CHECK: lshr i64 %[[A:[^ ]*]], 56 ; CHECK: lshr i64 %[[A:[^ ]*]], 56
; CHECK: call void asm sideeffect "hlt #275", "{x0}"(i64 %[[A]]) ; CHECK: call void asm sideeffect "brk #2323", "{x0}"(i64 %[[A]])
; CHECK: atomicrmw add i64* %ptr, i64 1 seq_cst ; CHECK: atomicrmw add i64* %ptr, i64 1 seq_cst
; CHECK: ret void ; CHECK: ret void
entry: entry:
%0 = atomicrmw add i64* %ptr, i64 1 seq_cst %0 = atomicrmw add i64* %ptr, i64 1 seq_cst
ret void ret void
} }
define void @cmpxchg(i64* %ptr, i64 %compare_to, i64 %new_value) sanitize_hwaddress { define void @cmpxchg(i64* %ptr, i64 %compare_to, i64 %new_value) sanitize_hwaddress {
; CHECK-LABEL: @cmpxchg( ; CHECK-LABEL: @cmpxchg(
; CHECK: lshr i64 %[[A:[^ ]*]], 56 ; CHECK: lshr i64 %[[A:[^ ]*]], 56
; CHECK: call void asm sideeffect "hlt #275", "{x0}"(i64 %[[A]]) ; CHECK: call void asm sideeffect "brk #2323", "{x0}"(i64 %[[A]])
; CHECK: cmpxchg i64* %ptr, i64 %compare_to, i64 %new_value seq_cst seq_cst ; CHECK: cmpxchg i64* %ptr, i64 %compare_to, i64 %new_value seq_cst seq_cst
; CHECK: ret void ; CHECK: ret void
entry: entry:
%0 = cmpxchg i64* %ptr, i64 %compare_to, i64 %new_value seq_cst seq_cst %0 = cmpxchg i64* %ptr, i64 %compare_to, i64 %new_value seq_cst seq_cst
ret void ret void
} }

llvm/trunk/test/Instrumentation/HWAddressSanitizer/basic.ll

Show All 12 Lines
; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 ; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8
; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 ; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 ; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4
; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* ; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8*
; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] ; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]]
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] ; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} ; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
; ABORT: call void asm sideeffect "hlt #256", "{x0}"(i64 %[[A]]) ; ABORT: call void asm sideeffect "brk #2304", "{x0}"(i64 %[[A]])
; ABORT: unreachable ; ABORT: unreachable
; RECOVER: call void asm sideeffect "hlt #288", "{x0}"(i64 %[[A]]) ; RECOVER: call void asm sideeffect "brk #2336", "{x0}"(i64 %[[A]])
; RECOVER: br label ; RECOVER: br label
; CHECK: %[[G:[^ ]*]] = load i8, i8* %a, align 4 ; CHECK: %[[G:[^ ]*]] = load i8, i8* %a, align 4
; CHECK: ret i8 %[[G]] ; CHECK: ret i8 %[[G]]
entry: entry:
%b = load i8, i8* %a, align 4 %b = load i8, i8* %a, align 4
ret i8 %b ret i8 %b
} }
define i16 @test_load16(i16* %a) sanitize_hwaddress { define i16 @test_load16(i16* %a) sanitize_hwaddress {
; CHECK-LABEL: @test_load16( ; CHECK-LABEL: @test_load16(
; CHECK: %[[A:[^ ]*]] = ptrtoint i16* %a to i64 ; CHECK: %[[A:[^ ]*]] = ptrtoint i16* %a to i64
; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 ; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56
; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 ; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8
; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 ; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 ; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4
; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* ; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8*
; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] ; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]]
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] ; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} ; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
; ABORT: call void asm sideeffect "hlt #257", "{x0}"(i64 %[[A]]) ; ABORT: call void asm sideeffect "brk #2305", "{x0}"(i64 %[[A]])
; ABORT: unreachable ; ABORT: unreachable
; RECOVER: call void asm sideeffect "hlt #289", "{x0}"(i64 %[[A]]) ; RECOVER: call void asm sideeffect "brk #2337", "{x0}"(i64 %[[A]])
; RECOVER: br label ; RECOVER: br label
; CHECK: %[[G:[^ ]*]] = load i16, i16* %a, align 4 ; CHECK: %[[G:[^ ]*]] = load i16, i16* %a, align 4
; CHECK: ret i16 %[[G]] ; CHECK: ret i16 %[[G]]
entry: entry:
%b = load i16, i16* %a, align 4 %b = load i16, i16* %a, align 4
ret i16 %b ret i16 %b
} }
define i32 @test_load32(i32* %a) sanitize_hwaddress { define i32 @test_load32(i32* %a) sanitize_hwaddress {
; CHECK-LABEL: @test_load32( ; CHECK-LABEL: @test_load32(
; CHECK: %[[A:[^ ]*]] = ptrtoint i32* %a to i64 ; CHECK: %[[A:[^ ]*]] = ptrtoint i32* %a to i64
; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 ; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56
; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 ; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8
; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 ; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 ; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4
; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* ; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8*
; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] ; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]]
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] ; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} ; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
; ABORT: call void asm sideeffect "hlt #258", "{x0}"(i64 %[[A]]) ; ABORT: call void asm sideeffect "brk #2306", "{x0}"(i64 %[[A]])
; ABORT: unreachable ; ABORT: unreachable
; RECOVER: call void asm sideeffect "hlt #290", "{x0}"(i64 %[[A]]) ; RECOVER: call void asm sideeffect "brk #2338", "{x0}"(i64 %[[A]])
; RECOVER: br label ; RECOVER: br label
; CHECK: %[[G:[^ ]*]] = load i32, i32* %a, align 4 ; CHECK: %[[G:[^ ]*]] = load i32, i32* %a, align 4
; CHECK: ret i32 %[[G]] ; CHECK: ret i32 %[[G]]
entry: entry:
%b = load i32, i32* %a, align 4 %b = load i32, i32* %a, align 4
ret i32 %b ret i32 %b
} }
define i64 @test_load64(i64* %a) sanitize_hwaddress { define i64 @test_load64(i64* %a) sanitize_hwaddress {
; CHECK-LABEL: @test_load64( ; CHECK-LABEL: @test_load64(
; CHECK: %[[A:[^ ]*]] = ptrtoint i64* %a to i64 ; CHECK: %[[A:[^ ]*]] = ptrtoint i64* %a to i64
; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 ; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56
; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 ; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8
; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 ; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 ; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4
; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* ; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8*
; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] ; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]]
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] ; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} ; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
; ABORT: call void asm sideeffect "hlt #259", "{x0}"(i64 %[[A]]) ; ABORT: call void asm sideeffect "brk #2307", "{x0}"(i64 %[[A]])
; ABORT: unreachable ; ABORT: unreachable
; RECOVER: call void asm sideeffect "hlt #291", "{x0}"(i64 %[[A]]) ; RECOVER: call void asm sideeffect "brk #2339", "{x0}"(i64 %[[A]])
; RECOVER: br label ; RECOVER: br label
; CHECK: %[[G:[^ ]*]] = load i64, i64* %a, align 8 ; CHECK: %[[G:[^ ]*]] = load i64, i64* %a, align 8
; CHECK: ret i64 %[[G]] ; CHECK: ret i64 %[[G]]
entry: entry:
%b = load i64, i64* %a, align 8 %b = load i64, i64* %a, align 8
ret i64 %b ret i64 %b
} }
define i128 @test_load128(i128* %a) sanitize_hwaddress { define i128 @test_load128(i128* %a) sanitize_hwaddress {
; CHECK-LABEL: @test_load128( ; CHECK-LABEL: @test_load128(
; CHECK: %[[A:[^ ]*]] = ptrtoint i128* %a to i64 ; CHECK: %[[A:[^ ]*]] = ptrtoint i128* %a to i64
; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 ; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56
; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 ; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8
; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 ; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 ; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4
; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* ; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8*
; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] ; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]]
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] ; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} ; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
; ABORT: call void asm sideeffect "hlt #260", "{x0}"(i64 %[[A]]) ; ABORT: call void asm sideeffect "brk #2308", "{x0}"(i64 %[[A]])
; ABORT: unreachable ; ABORT: unreachable
; RECOVER: call void asm sideeffect "hlt #292", "{x0}"(i64 %[[A]]) ; RECOVER: call void asm sideeffect "brk #2340", "{x0}"(i64 %[[A]])
; RECOVER: br label ; RECOVER: br label
; CHECK: %[[G:[^ ]*]] = load i128, i128* %a, align 16 ; CHECK: %[[G:[^ ]*]] = load i128, i128* %a, align 16
; CHECK: ret i128 %[[G]] ; CHECK: ret i128 %[[G]]
entry: entry:
%b = load i128, i128* %a, align 16 %b = load i128, i128* %a, align 16
ret i128 %b ret i128 %b
Show All 19 Lines
; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 ; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8
; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 ; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 ; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4
; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* ; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8*
; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] ; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]]
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] ; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} ; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
; ABORT: call void asm sideeffect "hlt #272", "{x0}"(i64 %[[A]]) ; ABORT: call void asm sideeffect "brk #2320", "{x0}"(i64 %[[A]])
; ABORT: unreachable ; ABORT: unreachable
; RECOVER: call void asm sideeffect "hlt #304", "{x0}"(i64 %[[A]]) ; RECOVER: call void asm sideeffect "brk #2352", "{x0}"(i64 %[[A]])
; RECOVER: br label ; RECOVER: br label
; CHECK: store i8 %b, i8* %a, align 4 ; CHECK: store i8 %b, i8* %a, align 4
; CHECK: ret void ; CHECK: ret void
entry: entry:
store i8 %b, i8* %a, align 4 store i8 %b, i8* %a, align 4
ret void ret void
} }
define void @test_store16(i16* %a, i16 %b) sanitize_hwaddress { define void @test_store16(i16* %a, i16 %b) sanitize_hwaddress {
; CHECK-LABEL: @test_store16( ; CHECK-LABEL: @test_store16(
; CHECK: %[[A:[^ ]*]] = ptrtoint i16* %a to i64 ; CHECK: %[[A:[^ ]*]] = ptrtoint i16* %a to i64
; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 ; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56
; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 ; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8
; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 ; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 ; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4
; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* ; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8*
; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] ; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]]
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] ; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} ; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
; ABORT: call void asm sideeffect "hlt #273", "{x0}"(i64 %[[A]]) ; ABORT: call void asm sideeffect "brk #2321", "{x0}"(i64 %[[A]])
; ABORT: unreachable ; ABORT: unreachable
; RECOVER: call void asm sideeffect "hlt #305", "{x0}"(i64 %[[A]]) ; RECOVER: call void asm sideeffect "brk #2353", "{x0}"(i64 %[[A]])
; RECOVER: br label ; RECOVER: br label
; CHECK: store i16 %b, i16* %a, align 4 ; CHECK: store i16 %b, i16* %a, align 4
; CHECK: ret void ; CHECK: ret void
entry: entry:
store i16 %b, i16* %a, align 4 store i16 %b, i16* %a, align 4
ret void ret void
} }
define void @test_store32(i32* %a, i32 %b) sanitize_hwaddress { define void @test_store32(i32* %a, i32 %b) sanitize_hwaddress {
; CHECK-LABEL: @test_store32( ; CHECK-LABEL: @test_store32(
; CHECK: %[[A:[^ ]*]] = ptrtoint i32* %a to i64 ; CHECK: %[[A:[^ ]*]] = ptrtoint i32* %a to i64
; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 ; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56
; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 ; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8
; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 ; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 ; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4
; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* ; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8*
; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] ; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]]
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] ; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} ; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
; ABORT: call void asm sideeffect "hlt #274", "{x0}"(i64 %[[A]]) ; ABORT: call void asm sideeffect "brk #2322", "{x0}"(i64 %[[A]])
; ABORT: unreachable ; ABORT: unreachable
; RECOVER: call void asm sideeffect "hlt #306", "{x0}"(i64 %[[A]]) ; RECOVER: call void asm sideeffect "brk #2354", "{x0}"(i64 %[[A]])
; RECOVER: br label ; RECOVER: br label
; CHECK: store i32 %b, i32* %a, align 4 ; CHECK: store i32 %b, i32* %a, align 4
; CHECK: ret void ; CHECK: ret void
entry: entry:
store i32 %b, i32* %a, align 4 store i32 %b, i32* %a, align 4
ret void ret void
} }
define void @test_store64(i64* %a, i64 %b) sanitize_hwaddress { define void @test_store64(i64* %a, i64 %b) sanitize_hwaddress {
; CHECK-LABEL: @test_store64( ; CHECK-LABEL: @test_store64(
; CHECK: %[[A:[^ ]*]] = ptrtoint i64* %a to i64 ; CHECK: %[[A:[^ ]*]] = ptrtoint i64* %a to i64
; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 ; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56
; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 ; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8
; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 ; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 ; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4
; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* ; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8*
; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] ; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]]
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] ; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} ; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
; ABORT: call void asm sideeffect "hlt #275", "{x0}"(i64 %[[A]]) ; ABORT: call void asm sideeffect "brk #2323", "{x0}"(i64 %[[A]])
; ABORT: unreachable ; ABORT: unreachable
; RECOVER: call void asm sideeffect "hlt #307", "{x0}"(i64 %[[A]]) ; RECOVER: call void asm sideeffect "brk #2355", "{x0}"(i64 %[[A]])
; RECOVER: br label ; RECOVER: br label
; CHECK: store i64 %b, i64* %a, align 8 ; CHECK: store i64 %b, i64* %a, align 8
; CHECK: ret void ; CHECK: ret void
entry: entry:
store i64 %b, i64* %a, align 8 store i64 %b, i64* %a, align 8
ret void ret void
} }
define void @test_store128(i128* %a, i128 %b) sanitize_hwaddress { define void @test_store128(i128* %a, i128 %b) sanitize_hwaddress {
; CHECK-LABEL: @test_store128( ; CHECK-LABEL: @test_store128(
; CHECK: %[[A:[^ ]*]] = ptrtoint i128* %a to i64 ; CHECK: %[[A:[^ ]*]] = ptrtoint i128* %a to i64
; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 ; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56
; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 ; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8
; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 ; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935
; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 ; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4
; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* ; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8*
; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] ; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]]
; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] ; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} ; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
; ABORT: call void asm sideeffect "hlt #276", "{x0}"(i64 %[[A]]) ; ABORT: call void asm sideeffect "brk #2324", "{x0}"(i64 %[[A]])
; ABORT: unreachable ; ABORT: unreachable
; RECOVER: call void asm sideeffect "hlt #308", "{x0}"(i64 %[[A]]) ; RECOVER: call void asm sideeffect "brk #2356", "{x0}"(i64 %[[A]])
; RECOVER: br label ; RECOVER: br label
; CHECK: store i128 %b, i128* %a, align 16 ; CHECK: store i128 %b, i128* %a, align 16
; CHECK: ret void ; CHECK: ret void
entry: entry:
store i128 %b, i128* %a, align 16 store i128 %b, i128* %a, align 16
ret void ret void
▲ Show 20 LinesShow All 67 LinesShow Last 20 Lines

llvm/trunk/test/Instrumentation/HWAddressSanitizer/kernel-alloca.ll

; Test basic address sanitizer instrumentation. ; Test kernel hwasan instrumentation for alloca.
; ;
; RUN: opt < %s -hwasan -hwasan-kernel=1 -S | FileCheck %s ; RUN: opt < %s -hwasan -hwasan-kernel=1 -S | FileCheck %s
target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128" target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
target triple = "aarch64--linux-android" target triple = "aarch64--linux-android"
declare void @use32(i32*) declare void @use32(i32*)
Show All 20 Lines

llvm/trunk/test/Instrumentation/HWAddressSanitizer/kernel.ll

; Test kernel hwasan instrumentation. ; Test kernel hwasan instrumentation.
; ;
; RUN: opt < %s -hwasan -hwasan-kernel=1 -S | FileCheck %s --allow-empty --check-prefixes=KERNEL ; RUN: opt < %s -hwasan -hwasan-kernel=1 -S | FileCheck %s --allow-empty --check-prefixes=INIT
; RUN: opt < %s -hwasan -hwasan-mapping-offset=12345678 -S | FileCheck %s --check-prefixes=OFFSET ; RUN: opt < %s -hwasan -hwasan-kernel=1 -S | FileCheck %s --check-prefixes=CHECK,NOOFFSET
; RUN: opt < %s -hwasan -hwasan-kernel=1 -hwasan-mapping-offset=12345678 -S | FileCheck %s --check-prefixes=CHECK,OFFSET
; RUN: opt < %s -hwasan -hwasan-kernel=1 -hwasan-recover=0 -S | FileCheck %s --check-prefixes=CHECK,NOOFFSET,ABORT
; RUN: opt < %s -hwasan -hwasan-kernel=1 -hwasan-recover=1 -S | FileCheck %s --check-prefixes=CHECK,NOOFFSET,RECOVER
target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128" target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
target triple = "aarch64--linux-android" target triple = "aarch64--linux-android"
define i8 @test_load(i8* %a) sanitize_hwaddress { define i8 @test_load(i8* %a) sanitize_hwaddress {
; OFFSET-LABEL: @test_load( ; CHECK-LABEL: @test_load(
; OFFSET: %[[A:[^ ]*]] = ptrtoint i8* %a to i64 ; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64
; OFFSET: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 ; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56
; OFFSET: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 ; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8
; OFFSET: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 ; CHECK: %[[C:[^ ]*]] = or i64 %[[A]], -72057594037927936
; OFFSET: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 ; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4
; NOOFFSET: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8*
; OFFSET: %[[D1:[^ ]*]] = add i64 %[[D]], 12345678 ; OFFSET: %[[D1:[^ ]*]] = add i64 %[[D]], 12345678
; OFFSET: %[[E:[^ ]*]] = inttoptr i64 %[[D1]] to i8* ; OFFSET: %[[E:[^ ]*]] = inttoptr i64 %[[D1]] to i8*
; OFFSET: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]]
; OFFSET: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] ; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]]
; OFFSET: br i1 %[[F]], ; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]]
; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}}
; ABORT: call void asm sideeffect "brk #2304", "{x0}"(i64 %[[A]])
; ABORT: unreachable
; RECOVER: call void asm sideeffect "brk #2336", "{x0}"(i64 %[[A]])
; RECOVER: br label
; CHECK: %[[G:[^ ]*]] = load i8, i8* %a, align 4
; CHECK: ret i8 %[[G]]
entry: entry:
%b = load i8, i8* %a, align 4 %b = load i8, i8* %a, align 4
ret i8 %b ret i8 %b
} }
; KERNEL-NOT: call void @__hwasan_init ; INIT-NOT: call void @__hwasan_init