Index: lib/Transforms/Instrumentation/HWAddressSanitizer.cpp =================================================================== --- lib/Transforms/Instrumentation/HWAddressSanitizer.cpp +++ lib/Transforms/Instrumentation/HWAddressSanitizer.cpp @@ -123,6 +123,7 @@ bool doInitialization(Module &M) override; void initializeCallbacks(Module &M); + void untagPointerOperand(Instruction *I, Value *Addr); void instrumentMemAccessInline(Value *PtrLong, bool IsWrite, unsigned AccessSizeIndex, Instruction *InsertBefore); @@ -145,6 +146,8 @@ private: LLVMContext *C; + Triple TargetTriple; + Type *IntptrTy; Type *Int8Ty; @@ -181,7 +184,7 @@ DEBUG(dbgs() << "Init " << M.getName() << "\n"); auto &DL = M.getDataLayout(); - Triple TargetTriple(M.getTargetTriple()); + TargetTriple = Triple(M.getTargetTriple()); C = &(M.getContext()); IRBuilder<> IRB(*C); @@ -228,10 +231,10 @@ } Value *HWAddressSanitizer::isInterestingMemoryAccess(Instruction *I, - bool *IsWrite, - uint64_t *TypeSize, - unsigned *Alignment, - Value **MaybeMask) { + bool *IsWrite, + uint64_t *TypeSize, + unsigned *Alignment, + Value **MaybeMask) { // Skip memory accesses inserted by another instrumentation. if (I->getMetadata("nosanitize")) return nullptr; @@ -281,17 +284,42 @@ return PtrOperand; } +static unsigned getPointerOperandIndex(Instruction *I) { + if (LoadInst *LI = dyn_cast(I)) + return LI->getPointerOperandIndex(); + if (StoreInst *SI = dyn_cast(I)) + return SI->getPointerOperandIndex(); + if (AtomicRMWInst *RMW = dyn_cast(I)) + return RMW->getPointerOperandIndex(); + if (AtomicCmpXchgInst *XCHG = dyn_cast(I)) + return XCHG->getPointerOperandIndex(); + report_fatal_error("Unexpected instruction"); + return -1; +} + static size_t TypeSizeToSizeIndex(uint32_t TypeSize) { size_t Res = countTrailingZeros(TypeSize / 8); assert(Res < kNumberOfAccessSizes); return Res; } +void HWAddressSanitizer::untagPointerOperand(Instruction *I, Value *Addr) { + if (TargetTriple.isAArch64()) + return; + + IRBuilder<> IRB(I); + Value *AddrLong = IRB.CreatePointerCast(Addr, IntptrTy); + Value *UntaggedPtr = + IRB.CreateIntToPtr(untagPointer(IRB, AddrLong), Addr->getType()); + I->setOperand(getPointerOperandIndex(I), UntaggedPtr); +} + void HWAddressSanitizer::instrumentMemAccessInline(Value *PtrLong, bool IsWrite, unsigned AccessSizeIndex, Instruction *InsertBefore) { IRBuilder<> IRB(InsertBefore); - Value *PtrTag = IRB.CreateTrunc(IRB.CreateLShr(PtrLong, kPointerTagShift), IRB.getInt8Ty()); + Value *PtrTag = IRB.CreateTrunc(IRB.CreateLShr(PtrLong, kPointerTagShift), + IRB.getInt8Ty()); Value *AddrLong = untagPointer(IRB, PtrLong); Value *ShadowLong = IRB.CreateLShr(AddrLong, kShadowScale); if (ClMappingOffset) @@ -307,13 +335,29 @@ MDBuilder(*C).createBranchWeights(1, 100000)); IRB.SetInsertPoint(CheckTerm); - // The signal handler will find the data address in x0. - InlineAsm *Asm = InlineAsm::get( - FunctionType::get(IRB.getVoidTy(), {PtrLong->getType()}, false), - "brk #" + - itostr(0x900 + Recover * 0x20 + IsWrite * 0x10 + AccessSizeIndex), - "{x0}", - /*hasSideEffects=*/true); + const int64_t AccessInfo = Recover * 0x20 + IsWrite * 0x10 + AccessSizeIndex; + InlineAsm *Asm; + switch (TargetTriple.getArch()) { + case Triple::x86_64: + // The signal handler will find the data address in rdi. + Asm = InlineAsm::get( + FunctionType::get(IRB.getVoidTy(), {PtrLong->getType()}, false), + "int3\nnopl " + itostr(0x40 + AccessInfo) + "(%rax)", + "{rdi}", + /*hasSideEffects=*/true); + break; + case Triple::aarch64: + case Triple::aarch64_be: + // The signal handler will find the data address in x0. + Asm = InlineAsm::get( + FunctionType::get(IRB.getVoidTy(), {PtrLong->getType()}, false), + "brk #" + itostr(0x900 + AccessInfo), + "{x0}", + /*hasSideEffects=*/true); + break; + default: + report_fatal_error("unsupported architecture"); + } IRB.CreateCall(Asm, PtrLong); } @@ -349,6 +393,7 @@ IRB.CreateCall(HwasanMemoryAccessCallbackSized[IsWrite], {AddrLong, ConstantInt::get(IntptrTy, TypeSize / 8)}); } + untagPointerOperand(I, Addr); return true; } Index: test/Instrumentation/HWAddressSanitizer/X86/atomic.ll =================================================================== --- /dev/null +++ test/Instrumentation/HWAddressSanitizer/X86/atomic.ll @@ -0,0 +1,32 @@ +; Test basic address sanitizer instrumentation. +; +; RUN: opt < %s -hwasan -S | FileCheck %s + +target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128" +target triple = "x86_64-unknown-linux-gnu" + +define void @atomicrmw(i64* %ptr) sanitize_hwaddress { +; CHECK-LABEL: @atomicrmw( +; CHECK: %[[P:[^ ]*]] = inttoptr i64 %{{.*}} to i64* +; CHECK: lshr i64 %[[A:[^ ]*]], 56 +; CHECK: call void asm sideeffect "int3\0Anopl 83(%rax)", "{rdi}"(i64 %[[A]]) +; CHECK: atomicrmw add i64* %[[P]], i64 1 seq_cst +; CHECK: ret void + +entry: + %0 = atomicrmw add i64* %ptr, i64 1 seq_cst + ret void +} + +define void @cmpxchg(i64* %ptr, i64 %compare_to, i64 %new_value) sanitize_hwaddress { +; CHECK-LABEL: @cmpxchg( +; CHECK: %[[P:[^ ]*]] = inttoptr i64 %{{.*}} to i64* +; CHECK: lshr i64 %[[A:[^ ]*]], 56 +; CHECK: call void asm sideeffect "int3\0Anopl 83(%rax)", "{rdi}"(i64 %[[A]]) +; CHECK: cmpxchg i64* %[[P]], i64 %compare_to, i64 %new_value seq_cst seq_cst +; CHECK: ret void + +entry: + %0 = cmpxchg i64* %ptr, i64 %compare_to, i64 %new_value seq_cst seq_cst + ret void +} Index: test/Instrumentation/HWAddressSanitizer/X86/basic.ll =================================================================== --- /dev/null +++ test/Instrumentation/HWAddressSanitizer/X86/basic.ll @@ -0,0 +1,362 @@ +; Test basic address sanitizer instrumentation. +; +; RUN: opt < %s -hwasan -hwasan-recover=0 -S | FileCheck %s --check-prefixes=CHECK,ABORT +; RUN: opt < %s -hwasan -hwasan-recover=1 -S | FileCheck %s --check-prefixes=CHECK,RECOVER + +target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128" +target triple = "x86_64-unknown-linux-gnu" + +define i8 @test_load8(i8* %a) sanitize_hwaddress { +; CHECK-LABEL: @test_load8( +; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i8* +; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 +; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 +; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 +; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* +; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] +; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] +; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} + +; ABORT: call void asm sideeffect "int3\0Anopl 64(%rax)", "{rdi}"(i64 %[[A]]) +; ABORT: unreachable +; RECOVER: call void asm sideeffect "int3\0Anopl 96(%rax)", "{rdi}"(i64 %[[A]]) +; RECOVER: br label + +; CHECK: %[[G:[^ ]*]] = load i8, i8* %[[UNTAGGED_PTR]], align 4 +; CHECK: ret i8 %[[G]] + +entry: + %b = load i8, i8* %a, align 4 + ret i8 %b +} + +define i16 @test_load16(i16* %a) sanitize_hwaddress { +; CHECK-LABEL: @test_load16( +; CHECK: %[[A:[^ ]*]] = ptrtoint i16* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i16* +; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 +; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 +; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 +; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* +; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] +; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] +; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} + +; ABORT: call void asm sideeffect "int3\0Anopl 65(%rax)", "{rdi}"(i64 %[[A]]) +; ABORT: unreachable +; RECOVER: call void asm sideeffect "int3\0Anopl 97(%rax)", "{rdi}"(i64 %[[A]]) +; RECOVER: br label + +; CHECK: %[[G:[^ ]*]] = load i16, i16* %[[UNTAGGED_PTR]], align 4 +; CHECK: ret i16 %[[G]] + +entry: + %b = load i16, i16* %a, align 4 + ret i16 %b +} + +define i32 @test_load32(i32* %a) sanitize_hwaddress { +; CHECK-LABEL: @test_load32( +; CHECK: %[[A:[^ ]*]] = ptrtoint i32* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i32* +; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 +; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 +; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 +; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* +; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] +; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] +; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} + +; ABORT: call void asm sideeffect "int3\0Anopl 66(%rax)", "{rdi}"(i64 %[[A]]) +; ABORT: unreachable +; RECOVER: call void asm sideeffect "int3\0Anopl 98(%rax)", "{rdi}"(i64 %[[A]]) +; RECOVER: br label + +; CHECK: %[[G:[^ ]*]] = load i32, i32* %[[UNTAGGED_PTR]], align 4 +; CHECK: ret i32 %[[G]] + +entry: + %b = load i32, i32* %a, align 4 + ret i32 %b +} + +define i64 @test_load64(i64* %a) sanitize_hwaddress { +; CHECK-LABEL: @test_load64( +; CHECK: %[[A:[^ ]*]] = ptrtoint i64* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i64* +; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 +; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 +; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 +; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* +; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] +; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] +; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} + +; ABORT: call void asm sideeffect "int3\0Anopl 67(%rax)", "{rdi}"(i64 %[[A]]) +; ABORT: unreachable +; RECOVER: call void asm sideeffect "int3\0Anopl 99(%rax)", "{rdi}"(i64 %[[A]]) +; RECOVER: br label + +; CHECK: %[[G:[^ ]*]] = load i64, i64* %[[UNTAGGED_PTR]], align 8 +; CHECK: ret i64 %[[G]] + +entry: + %b = load i64, i64* %a, align 8 + ret i64 %b +} + +define i128 @test_load128(i128* %a) sanitize_hwaddress { +; CHECK-LABEL: @test_load128( +; CHECK: %[[A:[^ ]*]] = ptrtoint i128* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i128* +; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 +; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 +; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 +; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* +; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] +; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] +; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} + +; ABORT: call void asm sideeffect "int3\0Anopl 68(%rax)", "{rdi}"(i64 %[[A]]) +; ABORT: unreachable +; RECOVER: call void asm sideeffect "int3\0Anopl 100(%rax)", "{rdi}"(i64 %[[A]]) +; RECOVER: br label + +; CHECK: %[[G:[^ ]*]] = load i128, i128* %[[UNTAGGED_PTR]], align 16 +; CHECK: ret i128 %[[G]] + +entry: + %b = load i128, i128* %a, align 16 + ret i128 %b +} + +define i40 @test_load40(i40* %a) sanitize_hwaddress { +; CHECK-LABEL: @test_load40( +; CHECK: %[[A:[^ ]*]] = ptrtoint i40* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i40* +; ABORT: call void @__hwasan_loadN(i64 %[[A]], i64 5) +; RECOVER: call void @__hwasan_loadN_noabort(i64 %[[A]], i64 5) +; CHECK: %[[B:[^ ]*]] = load i40, i40* %[[UNTAGGED_PTR]] +; CHECK: ret i40 %[[B]] + +entry: + %b = load i40, i40* %a, align 4 + ret i40 %b +} + +define void @test_store8(i8* %a, i8 %b) sanitize_hwaddress { +; CHECK-LABEL: @test_store8( +; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i8* +; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 +; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 +; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 +; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* +; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] +; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] +; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} + +; ABORT: call void asm sideeffect "int3\0Anopl 80(%rax)", "{rdi}"(i64 %[[A]]) +; ABORT: unreachable +; RECOVER: call void asm sideeffect "int3\0Anopl 112(%rax)", "{rdi}"(i64 %[[A]]) +; RECOVER: br label + +; CHECK: store i8 %b, i8* %[[UNTAGGED_PTR]], align 4 +; CHECK: ret void + +entry: + store i8 %b, i8* %a, align 4 + ret void +} + +define void @test_store16(i16* %a, i16 %b) sanitize_hwaddress { +; CHECK-LABEL: @test_store16( +; CHECK: %[[A:[^ ]*]] = ptrtoint i16* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i16* +; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 +; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 +; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 +; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* +; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] +; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] +; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} + +; ABORT: call void asm sideeffect "int3\0Anopl 81(%rax)", "{rdi}"(i64 %[[A]]) +; ABORT: unreachable +; RECOVER: call void asm sideeffect "int3\0Anopl 113(%rax)", "{rdi}"(i64 %[[A]]) +; RECOVER: br label + +; CHECK: store i16 %b, i16* %[[UNTAGGED_PTR]], align 4 +; CHECK: ret void + +entry: + store i16 %b, i16* %a, align 4 + ret void +} + +define void @test_store32(i32* %a, i32 %b) sanitize_hwaddress { +; CHECK-LABEL: @test_store32( +; CHECK: %[[A:[^ ]*]] = ptrtoint i32* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i32* +; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 +; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 +; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 +; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* +; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] +; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] +; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} + +; ABORT: call void asm sideeffect "int3\0Anopl 82(%rax)", "{rdi}"(i64 %[[A]]) +; ABORT: unreachable +; RECOVER: call void asm sideeffect "int3\0Anopl 114(%rax)", "{rdi}"(i64 %[[A]]) +; RECOVER: br label + +; CHECK: store i32 %b, i32* %[[UNTAGGED_PTR]], align 4 +; CHECK: ret void + +entry: + store i32 %b, i32* %a, align 4 + ret void +} + +define void @test_store64(i64* %a, i64 %b) sanitize_hwaddress { +; CHECK-LABEL: @test_store64( +; CHECK: %[[A:[^ ]*]] = ptrtoint i64* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i64* +; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 +; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 +; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 +; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* +; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] +; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] +; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} + +; ABORT: call void asm sideeffect "int3\0Anopl 83(%rax)", "{rdi}"(i64 %[[A]]) +; ABORT: unreachable +; RECOVER: call void asm sideeffect "int3\0Anopl 115(%rax)", "{rdi}"(i64 %[[A]]) +; RECOVER: br label + +; CHECK: store i64 %b, i64* %[[UNTAGGED_PTR]], align 8 +; CHECK: ret void + +entry: + store i64 %b, i64* %a, align 8 + ret void +} + +define void @test_store128(i128* %a, i128 %b) sanitize_hwaddress { +; CHECK-LABEL: @test_store128( +; CHECK: %[[A:[^ ]*]] = ptrtoint i128* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i128* +; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 +; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 +; CHECK: %[[C:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 +; CHECK: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* +; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] +; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] +; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} + +; ABORT: call void asm sideeffect "int3\0Anopl 84(%rax)", "{rdi}"(i64 %[[A]]) +; ABORT: unreachable +; RECOVER: call void asm sideeffect "int3\0Anopl 116(%rax)", "{rdi}"(i64 %[[A]]) +; RECOVER: br label + +; CHECK: store i128 %b, i128* %[[UNTAGGED_PTR]], align 16 +; CHECK: ret void + +entry: + store i128 %b, i128* %a, align 16 + ret void +} + +define void @test_store40(i40* %a, i40 %b) sanitize_hwaddress { +; CHECK-LABEL: @test_store40( +; CHECK: %[[A:[^ ]*]] = ptrtoint i40* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i40* +; ABORT: call void @__hwasan_storeN(i64 %[[A]], i64 5) +; RECOVER: call void @__hwasan_storeN_noabort(i64 %[[A]], i64 5) +; CHECK: store i40 %b, i40* %[[UNTAGGED_PTR]] +; CHECK: ret void + +entry: + store i40 %b, i40* %a, align 4 + ret void +} + +define void @test_store_unaligned(i64* %a, i64 %b) sanitize_hwaddress { +; CHECK-LABEL: @test_store_unaligned( +; CHECK: %[[A:[^ ]*]] = ptrtoint i64* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i64* +; ABORT: call void @__hwasan_storeN(i64 %[[A]], i64 8) +; RECOVER: call void @__hwasan_storeN_noabort(i64 %[[A]], i64 8) +; CHECK: store i64 %b, i64* %[[UNTAGGED_PTR]], align 4 +; CHECK: ret void + +entry: + store i64 %b, i64* %a, align 4 + ret void +} + +define i8 @test_load_noattr(i8* %a) { +; CHECK-LABEL: @test_load_noattr( +; CHECK-NEXT: entry: +; CHECK-NEXT: %[[B:[^ ]*]] = load i8, i8* %a +; CHECK-NEXT: ret i8 %[[B]] + +entry: + %b = load i8, i8* %a, align 4 + ret i8 %b +} + +define i8 @test_load_notmyattr(i8* %a) sanitize_address { +; CHECK-LABEL: @test_load_notmyattr( +; CHECK-NEXT: entry: +; CHECK-NEXT: %[[B:[^ ]*]] = load i8, i8* %a +; CHECK-NEXT: ret i8 %[[B]] + +entry: + %b = load i8, i8* %a, align 4 + ret i8 %b +} + +define i8 @test_load_addrspace(i8 addrspace(256)* %a) sanitize_hwaddress { +; CHECK-LABEL: @test_load_addrspace( +; CHECK-NEXT: entry: +; CHECK-NEXT: %[[B:[^ ]*]] = load i8, i8 addrspace(256)* %a +; CHECK-NEXT: ret i8 %[[B]] + +entry: + %b = load i8, i8 addrspace(256)* %a, align 4 + ret i8 %b +} + +; CHECK: declare void @__hwasan_init() + +; CHECK: define internal void @hwasan.module_ctor() { +; CHECK-NEXT: call void @__hwasan_init() +; CHECK-NEXT: ret void +; CHECK-NEXT: } Index: test/Instrumentation/HWAddressSanitizer/X86/kernel.ll =================================================================== --- /dev/null +++ test/Instrumentation/HWAddressSanitizer/X86/kernel.ll @@ -0,0 +1,44 @@ +; Test kernel hwasan instrumentation. +; +; RUN: opt < %s -hwasan -hwasan-kernel=1 -S | FileCheck %s --allow-empty --check-prefixes=INIT +; RUN: opt < %s -hwasan -hwasan-kernel=1 -S | FileCheck %s --check-prefixes=CHECK,NOOFFSET +; RUN: opt < %s -hwasan -hwasan-kernel=1 -hwasan-mapping-offset=12345678 -S | FileCheck %s --check-prefixes=CHECK,OFFSET +; RUN: opt < %s -hwasan -hwasan-kernel=1 -hwasan-recover=0 -S | FileCheck %s --check-prefixes=CHECK,NOOFFSET,ABORT +; RUN: opt < %s -hwasan -hwasan-kernel=1 -hwasan-recover=1 -S | FileCheck %s --check-prefixes=CHECK,NOOFFSET,RECOVER + +target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128" +target triple = "x86_64-unknown-linux-gnu" + +define i8 @test_load(i8* %a) sanitize_hwaddress { +; CHECK-LABEL: @test_load( +; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = or i64 %[[A]], -72057594037927936 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i8* +; CHECK: %[[B:[^ ]*]] = lshr i64 %[[A]], 56 +; CHECK: %[[PTRTAG:[^ ]*]] = trunc i64 %[[B]] to i8 +; CHECK: %[[C:[^ ]*]] = or i64 %[[A]], -72057594037927936 +; CHECK: %[[D:[^ ]*]] = lshr i64 %[[C]], 4 + +; NOOFFSET: %[[E:[^ ]*]] = inttoptr i64 %[[D]] to i8* + +; OFFSET: %[[D1:[^ ]*]] = add i64 %[[D]], 12345678 +; OFFSET: %[[E:[^ ]*]] = inttoptr i64 %[[D1]] to i8* + +; CHECK: %[[MEMTAG:[^ ]*]] = load i8, i8* %[[E]] +; CHECK: %[[F:[^ ]*]] = icmp ne i8 %[[PTRTAG]], %[[MEMTAG]] +; CHECK: br i1 %[[F]], label {{.*}}, label {{.*}}, !prof {{.*}} + +; ABORT: call void asm sideeffect "int3\0Anopl 64(%rax)", "{rdi}"(i64 %[[A]]) +; ABORT: unreachable +; RECOVER: call void asm sideeffect "int3\0Anopl 96(%rax)", "{rdi}"(i64 %[[A]]) +; RECOVER: br label + +; CHECK: %[[G:[^ ]*]] = load i8, i8* %[[UNTAGGED_PTR]], align 4 +; CHECK: ret i8 %[[G]] + +entry: + %b = load i8, i8* %a, align 4 + ret i8 %b +} + +; INIT-NOT: call void @__hwasan_init Index: test/Instrumentation/HWAddressSanitizer/X86/with-calls.ll =================================================================== --- /dev/null +++ test/Instrumentation/HWAddressSanitizer/X86/with-calls.ll @@ -0,0 +1,227 @@ +; Test basic address sanitizer instrumentation. +; +; RUN: opt < %s -hwasan -hwasan-instrument-with-calls -S | FileCheck %s --check-prefixes=CHECK,ABORT +; RUN: opt < %s -hwasan -hwasan-instrument-with-calls -hwasan-recover=1 -S | FileCheck %s --check-prefixes=CHECK,RECOVER + +target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128" +target triple = "x86_64-unknown-linux-gnu" + +define i8 @test_load8(i8* %a) sanitize_hwaddress { +; CHECK-LABEL: @test_load8( +; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i8* +; ABORT: call void @__hwasan_load1(i64 %[[A]]) +; RECOVER: call void @__hwasan_load1_noabort(i64 %[[A]]) +; CHECK: %[[B:[^ ]*]] = load i8, i8* %[[UNTAGGED_PTR]] +; CHECK: ret i8 %[[B]] + +entry: + %b = load i8, i8* %a, align 4 + ret i8 %b +} + +define i16 @test_load16(i16* %a) sanitize_hwaddress { +; CHECK-LABEL: @test_load16( +; CHECK: %[[A:[^ ]*]] = ptrtoint i16* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i16* +; ABORT: call void @__hwasan_load2(i64 %[[A]]) +; RECOVER: call void @__hwasan_load2_noabort(i64 %[[A]]) +; CHECK: %[[B:[^ ]*]] = load i16, i16* %[[UNTAGGED_PTR]] +; CHECK: ret i16 %[[B]] + +entry: + %b = load i16, i16* %a, align 4 + ret i16 %b +} + +define i32 @test_load32(i32* %a) sanitize_hwaddress { +; CHECK-LABEL: @test_load32( +; CHECK: %[[A:[^ ]*]] = ptrtoint i32* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i32* +; ABORT: call void @__hwasan_load4(i64 %[[A]]) +; RECOVER: call void @__hwasan_load4_noabort(i64 %[[A]]) +; CHECK: %[[B:[^ ]*]] = load i32, i32* %[[UNTAGGED_PTR]] +; CHECK: ret i32 %[[B]] + +entry: + %b = load i32, i32* %a, align 4 + ret i32 %b +} + +define i64 @test_load64(i64* %a) sanitize_hwaddress { +; CHECK-LABEL: @test_load64( +; CHECK: %[[A:[^ ]*]] = ptrtoint i64* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i64* +; ABORT: call void @__hwasan_load8(i64 %[[A]]) +; RECOVER: call void @__hwasan_load8_noabort(i64 %[[A]]) +; CHECK: %[[B:[^ ]*]] = load i64, i64* %[[UNTAGGED_PTR]] +; CHECK: ret i64 %[[B]] + +entry: + %b = load i64, i64* %a, align 8 + ret i64 %b +} + +define i128 @test_load128(i128* %a) sanitize_hwaddress { +; CHECK-LABEL: @test_load128( +; CHECK: %[[A:[^ ]*]] = ptrtoint i128* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i128* +; ABORT: call void @__hwasan_load16(i64 %[[A]]) +; RECOVER: call void @__hwasan_load16_noabort(i64 %[[A]]) +; CHECK: %[[B:[^ ]*]] = load i128, i128* %[[UNTAGGED_PTR]] +; CHECK: ret i128 %[[B]] + +entry: + %b = load i128, i128* %a, align 16 + ret i128 %b +} + +define i40 @test_load40(i40* %a) sanitize_hwaddress { +; CHECK-LABEL: @test_load40( +; CHECK: %[[A:[^ ]*]] = ptrtoint i40* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i40* +; ABORT: call void @__hwasan_loadN(i64 %[[A]], i64 5) +; RECOVER: call void @__hwasan_loadN_noabort(i64 %[[A]], i64 5) +; CHECK: %[[B:[^ ]*]] = load i40, i40* %[[UNTAGGED_PTR]] +; CHECK: ret i40 %[[B]] + +entry: + %b = load i40, i40* %a, align 4 + ret i40 %b +} + +define void @test_store8(i8* %a, i8 %b) sanitize_hwaddress { +; CHECK-LABEL: @test_store8( +; CHECK: %[[A:[^ ]*]] = ptrtoint i8* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i8* +; ABORT: call void @__hwasan_store1(i64 %[[A]]) +; RECOVER: call void @__hwasan_store1_noabort(i64 %[[A]]) +; CHECK: store i8 %b, i8* %[[UNTAGGED_PTR]] +; CHECK: ret void + +entry: + store i8 %b, i8* %a, align 4 + ret void +} + +define void @test_store16(i16* %a, i16 %b) sanitize_hwaddress { +; CHECK-LABEL: @test_store16( +; CHECK: %[[A:[^ ]*]] = ptrtoint i16* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i16* +; ABORT: call void @__hwasan_store2(i64 %[[A]]) +; RECOVER: call void @__hwasan_store2_noabort(i64 %[[A]]) +; CHECK: store i16 %b, i16* %[[UNTAGGED_PTR]] +; CHECK: ret void + +entry: + store i16 %b, i16* %a, align 4 + ret void +} + +define void @test_store32(i32* %a, i32 %b) sanitize_hwaddress { +; CHECK-LABEL: @test_store32( +; CHECK: %[[A:[^ ]*]] = ptrtoint i32* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i32* +; ABORT: call void @__hwasan_store4(i64 %[[A]]) +; RECOVER: call void @__hwasan_store4_noabort(i64 %[[A]]) +; CHECK: store i32 %b, i32* %[[UNTAGGED_PTR]] +; CHECK: ret void + +entry: + store i32 %b, i32* %a, align 4 + ret void +} + +define void @test_store64(i64* %a, i64 %b) sanitize_hwaddress { +; CHECK-LABEL: @test_store64( +; CHECK: %[[A:[^ ]*]] = ptrtoint i64* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i64* +; ABORT: call void @__hwasan_store8(i64 %[[A]]) +; RECOVER: call void @__hwasan_store8_noabort(i64 %[[A]]) +; CHECK: store i64 %b, i64* %[[UNTAGGED_PTR]] +; CHECK: ret void + +entry: + store i64 %b, i64* %a, align 8 + ret void +} + +define void @test_store128(i128* %a, i128 %b) sanitize_hwaddress { +; CHECK-LABEL: @test_store128( +; CHECK: %[[A:[^ ]*]] = ptrtoint i128* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i128* +; ABORT: call void @__hwasan_store16(i64 %[[A]]) +; RECOVER: call void @__hwasan_store16_noabort(i64 %[[A]]) +; CHECK: store i128 %b, i128* %[[UNTAGGED_PTR]] +; CHECK: ret void + +entry: + store i128 %b, i128* %a, align 16 + ret void +} + +define void @test_store40(i40* %a, i40 %b) sanitize_hwaddress { +; CHECK-LABEL: @test_store40( +; CHECK: %[[A:[^ ]*]] = ptrtoint i40* %a to i64 +; CHECK: %[[UNTAGGED:[^ ]*]] = and i64 %[[A]], 72057594037927935 +; CHECK: %[[UNTAGGED_PTR:[^ ]*]] = inttoptr i64 %[[UNTAGGED]] to i40* +; ABORT: call void @__hwasan_storeN(i64 %[[A]], i64 5) +; RECOVER: call void @__hwasan_storeN_noabort(i64 %[[A]], i64 5) +; CHECK: store i40 %b, i40* %[[UNTAGGED_PTR]] +; CHECK: ret void + +entry: + store i40 %b, i40* %a, align 4 + ret void +} + +define i8 @test_load_noattr(i8* %a) { +; CHECK-LABEL: @test_load_noattr( +; CHECK-NEXT: entry: +; CHECK-NEXT: %[[B:[^ ]*]] = load i8, i8* %a +; CHECK-NEXT: ret i8 %[[B]] + +entry: + %b = load i8, i8* %a, align 4 + ret i8 %b +} + +define i8 @test_load_notmyattr(i8* %a) sanitize_address { +; CHECK-LABEL: @test_load_notmyattr( +; CHECK-NEXT: entry: +; CHECK-NEXT: %[[B:[^ ]*]] = load i8, i8* %a +; CHECK-NEXT: ret i8 %[[B]] + +entry: + %b = load i8, i8* %a, align 4 + ret i8 %b +} + +define i8 @test_load_addrspace(i8 addrspace(256)* %a) sanitize_hwaddress { +; CHECK-LABEL: @test_load_addrspace( +; CHECK-NEXT: entry: +; CHECK-NEXT: %[[B:[^ ]*]] = load i8, i8 addrspace(256)* %a +; CHECK-NEXT: ret i8 %[[B]] + +entry: + %b = load i8, i8 addrspace(256)* %a, align 4 + ret i8 %b +} + +; CHECK: declare void @__hwasan_init() + +; CHECK: define internal void @hwasan.module_ctor() { +; CHECK-NEXT: call void @__hwasan_init() +; CHECK-NEXT: ret void +; CHECK-NEXT: }