This is an archive of the discontinued LLVM Phabricator instance.

Differential D53227

[hwasan] add stack frame descriptions.
ClosedPublic

Authored by kcc on Oct 12 2018, 4:37 PM.

Details

Reviewers
morehouse
eugenis
Commits
rGaf95597c3c9e: [hwasan] add stack frame descriptions.
rCRT344985: [hwasan] add stack frame descriptions.
rL344985: [hwasan] add stack frame descriptions.
Summary

At compile-time, create an array of {PC,HumanReadableStackFrameDescription}
for every function that has an instrumented frame, and pass this array
to the run-time at the module-init time.
Similar to how we handle pc-table in SanitizerCoverage.
The run-time is dummy, will add the actual logic in later commits.

Diff Detail

Repository
rL LLVM

Event Timeline

kcc created this revision.Oct 12 2018, 4:37 PM
Herald added subscribers: kubamracek, srhines. · View Herald TranscriptOct 12 2018, 4:37 PM
Harbormaster completed remote builds in B23760: Diff 169518.Oct 12 2018, 4:37 PM
eugenis added inline comments.Oct 12 2018, 5:38 PM
lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
151 ↗(On Diff #169518)

s/_/-

217 ↗(On Diff #169518)

"fd" usually stands for file descriptor
Rename to __hwasan_frames?

319 ↗(On Diff #169518)

This section should be read-only so the (intrusive) linked list idea would not work.

I don't think this slot helps you avoid a module pass. You can create a call to __hwasan_init_fd regardless.

You are inserting multiple calls to __hwasan_init_fd to the ctor function. Just one would be enough.

Ctor function should be comdat'ed itself, but that's orthogonal.

742 ↗(On Diff #169518)

Why would F's name start with "hwasan"? Did you mean "__hwasan"?

kcc updated this revision to Diff 169529.Oct 12 2018, 6:00 PM

addressed review comments

lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
151 ↗(On Diff #169518)

done.

217 ↗(On Diff #169518)

renamed the section to hwasan_frames and the callback to hwasan_init_frames

319 ↗(On Diff #169518)

Ok, won't use the (intrusive) linked list.

You are inserting multiple calls to __hwasan_init_fd to the ctor function.

Nope. This code is in HWAddressSanitizer::doInitialization(Module &M)

Ctor function should be comdat'ed itself, but that's orthogonal.

Yep, will do separately.

742 ↗(On Diff #169518)

No, this one is for the CTOR (HwasanCtorFunction above)

Harbormaster completed remote builds in B23763: Diff 169529.Oct 12 2018, 6:01 PM
morehouse added inline comments.Oct 17 2018, 10:32 AM
lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
318 ↗(On Diff #169529)

Why do we need a frame description for the ctor in order to call it?

kcc added inline comments.Oct 19 2018, 2:14 PM
lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
318 ↗(On Diff #169529)

We don't.
This call is here to ensure that the section is not empty and that we can create __start_SECTION for it.
Otherwise, we will need to refactor the code to make it a ModulePass instead of a FunctionPass (which is unwelcome).
I don't know any other way to handle this in a FunctionPass. :(

eugenis added inline comments.Oct 22 2018, 4:28 PM
lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
742 ↗(On Diff #169518)

Why not compare F with HwasanCtorFunction?

kcc updated this revision to Diff 170533.Oct 22 2018, 5:25 PM

address one more comment

lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
742 ↗(On Diff #169518)

Yep, done.

Harbormaster completed remote builds in B24038: Diff 170533.Oct 22 2018, 5:27 PM
eugenis accepted this revision.Oct 22 2018, 5:36 PM

Please rename the remaining FD's.
LGTM then.

This revision is now accepted and ready to land.Oct 22 2018, 5:36 PM
Closed by commit rL344985: [hwasan] add stack frame descriptions. (authored by kcc). · Explain WhyOct 22 2018, 5:52 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: delcypher. · View Herald TranscriptOct 22 2018, 5:52 PM

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
hwasan/
20 lines
3 lines
llvm/
trunk/
lib/
Transforms/
Instrumentation/
76 lines
test/
Instrumentation/
HWAddressSanitizer/
1 line
27 lines
1 line

Diff 170544

compiler-rt/trunk/lib/hwasan/hwasan.cc

Show First 20 LinesShow All 214 Lines▼ Show 20 Linesvoid UpdateMemoryUsage() {
HwasanFormatMemoryUsage(s); HwasanFormatMemoryUsage(s);
internal_strncpy(memory_usage_buffer, s.data(), kMemoryUsageBufferSize - 1); internal_strncpy(memory_usage_buffer, s.data(), kMemoryUsageBufferSize - 1);
memory_usage_buffer[kMemoryUsageBufferSize - 1] = '\0'; memory_usage_buffer[kMemoryUsageBufferSize - 1] = '\0';
} }
#else #else
void UpdateMemoryUsage() {} void UpdateMemoryUsage() {}
#endif #endif
struct FrameDescription {
uptr PC;
const char *Descr;
};
void InitFrameDescriptors(uptr b, uptr e) {
FrameDescription *beg = reinterpret_cast<FrameDescription *>(b);
FrameDescription *end = reinterpret_cast<FrameDescription *>(e);
// Must have at least one entry, which we can use for a linked list.
CHECK_GE(end - beg, 1U);
if (Verbosity()) {
for (FrameDescription *frame_descr = beg; frame_descr < end; frame_descr++)
Printf("Frame: %p %s\n", frame_descr->PC, frame_descr->Descr);
}
}
} // namespace __hwasan } // namespace __hwasan
// Interface. // Interface.
using namespace __hwasan; using namespace __hwasan;
uptr __hwasan_shadow_memory_dynamic_address; // Global interface symbol. uptr __hwasan_shadow_memory_dynamic_address; // Global interface symbol.
void __hwasan_shadow_init() { void __hwasan_shadow_init() {
if (hwasan_shadow_inited) return; if (hwasan_shadow_inited) return;
if (!InitShadow()) { if (!InitShadow()) {
Printf("FATAL: HWAddressSanitizer cannot mmap the shadow memory.\n"); Printf("FATAL: HWAddressSanitizer cannot mmap the shadow memory.\n");
DumpProcessMap(); DumpProcessMap();
Die(); Die();
} }
hwasan_shadow_inited = 1; hwasan_shadow_inited = 1;
} }
void __hwasan_init_frames(uptr beg, uptr end) {
InitFrameDescriptors(beg, end);
}
void __hwasan_init() { void __hwasan_init() {
CHECK(!hwasan_init_is_running); CHECK(!hwasan_init_is_running);
if (hwasan_inited) return; if (hwasan_inited) return;
hwasan_init_is_running = 1; hwasan_init_is_running = 1;
SanitizerToolName = "HWAddressSanitizer"; SanitizerToolName = "HWAddressSanitizer";
InitTlsSize(); InitTlsSize();
▲ Show 20 LinesShow All 274 LinesShow Last 20 Lines

compiler-rt/trunk/lib/hwasan/hwasan_interface_internal.h

Show All 31 Lines
using __sanitizer::uu32; using __sanitizer::uu32;
using __sanitizer::uu16; using __sanitizer::uu16;
using __sanitizer::u64; using __sanitizer::u64;
using __sanitizer::u32; using __sanitizer::u32;
using __sanitizer::u16; using __sanitizer::u16;
using __sanitizer::u8; using __sanitizer::u8;
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __hwasan_init_frames(uptr, uptr);
SANITIZER_INTERFACE_ATTRIBUTE
extern uptr __hwasan_shadow_memory_dynamic_address; extern uptr __hwasan_shadow_memory_dynamic_address;
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __hwasan_loadN(uptr, uptr); void __hwasan_loadN(uptr, uptr);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __hwasan_load1(uptr); void __hwasan_load1(uptr);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __hwasan_load2(uptr); void __hwasan_load2(uptr);
▲ Show 20 LinesShow All 149 LinesShow Last 20 Lines

llvm/trunk/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp

Show All 38 Lines
#include "llvm/Support/Casting.h" #include "llvm/Support/Casting.h"
#include "llvm/Support/CommandLine.h" #include "llvm/Support/CommandLine.h"
#include "llvm/Support/Debug.h" #include "llvm/Support/Debug.h"
#include "llvm/Support/raw_ostream.h" #include "llvm/Support/raw_ostream.h"
#include "llvm/Transforms/Instrumentation.h" #include "llvm/Transforms/Instrumentation.h"
#include "llvm/Transforms/Utils/BasicBlockUtils.h" #include "llvm/Transforms/Utils/BasicBlockUtils.h"
#include "llvm/Transforms/Utils/ModuleUtils.h" #include "llvm/Transforms/Utils/ModuleUtils.h"
#include "llvm/Transforms/Utils/PromoteMemToReg.h" #include "llvm/Transforms/Utils/PromoteMemToReg.h"
#include <sstream>
using namespace llvm; using namespace llvm;
#define DEBUG_TYPE "hwasan" #define DEBUG_TYPE "hwasan"
static const char *const kHwasanModuleCtorName = "hwasan.module_ctor"; static const char *const kHwasanModuleCtorName = "hwasan.module_ctor";
static const char *const kHwasanInitName = "__hwasan_init"; static const char *const kHwasanInitName = "__hwasan_init";
▲ Show 20 LinesShow All 86 Lines▼ Show 20 Lines cl::desc("Access dynamic shadow through an thread-local pointer on "
"platforms that support this"), "platforms that support this"),
cl::Hidden, cl::init(true)); cl::Hidden, cl::init(true));
static cl::opt<bool> static cl::opt<bool>
ClRecordStackHistory("hwasan-record-stack-history", ClRecordStackHistory("hwasan-record-stack-history",
cl::desc("Record stack frames with tagged allocations " cl::desc("Record stack frames with tagged allocations "
"in a thread-local ring buffer"), "in a thread-local ring buffer"),
cl::Hidden, cl::init(true)); cl::Hidden, cl::init(true));
static cl::opt<bool>
ClCreateFrameDescriptions("hwasan-create-frame-descriptions",
cl::desc("create static frame descriptions"),
cl::Hidden, cl::init(true));
namespace { namespace {
/// An instrumentation pass implementing detection of addressability bugs /// An instrumentation pass implementing detection of addressability bugs
/// using tagged pointers. /// using tagged pointers.
class HWAddressSanitizer : public FunctionPass { class HWAddressSanitizer : public FunctionPass {
public: public:
// Pass identification, replacement for typeid. // Pass identification, replacement for typeid.
static char ID; static char ID;
Show All 36 Lines Value *getAllocaTag(IRBuilder<> &IRB, Value *StackTag, AllocaInst *AI,
unsigned AllocaNo); unsigned AllocaNo);
Value *getUARTag(IRBuilder<> &IRB, Value *StackTag); Value *getUARTag(IRBuilder<> &IRB, Value *StackTag);
Value *getHwasanThreadSlotPtr(IRBuilder<> &IRB, Type *Ty); Value *getHwasanThreadSlotPtr(IRBuilder<> &IRB, Type *Ty);
Value *emitPrologue(IRBuilder<> &IRB, bool WithFrameRecord); Value *emitPrologue(IRBuilder<> &IRB, bool WithFrameRecord);
private: private:
LLVMContext *C; LLVMContext *C;
std::string CurModuleUniqueId;
Triple TargetTriple; Triple TargetTriple;
// Frame description is a way to pass names/sizes of local variables
// to the run-time w/o adding extra executable code in every function.
// We do this by creating a separate section with {PC,Descr} pairs and passing
// the section beg/end to __hwasan_init_frames() at module init time.
std::string createFrameString(ArrayRef<AllocaInst*> Allocas);
void createFrameGlobal(Function &F, const std::string &FrameString);
// Get the section name for frame descriptions. Currently ELF-only.
const char *getFrameSection() { return "__hwasan_frames"; }
const char *getFrameSectionBeg() { return "__start___hwasan_frames"; }
const char *getFrameSectionEnd() { return "__stop___hwasan_frames"; }
GlobalVariable *createFrameSectionBound(Module &M, Type *Ty,
const char *Name) {
auto GV = new GlobalVariable(M, Ty, false, GlobalVariable::ExternalLinkage,
nullptr, Name);
GV->setVisibility(GlobalValue::HiddenVisibility);
return GV;
}
/// This struct defines the shadow mapping using the rule: /// This struct defines the shadow mapping using the rule:
/// shadow = (mem >> Scale) + Offset. /// shadow = (mem >> Scale) + Offset.
/// If InGlobal is true, then /// If InGlobal is true, then
/// extern char __hwasan_shadow[]; /// extern char __hwasan_shadow[];
/// shadow = (mem >> Scale) + &__hwasan_shadow /// shadow = (mem >> Scale) + &__hwasan_shadow
/// If InTls is true, then /// If InTls is true, then
/// extern char *__hwasan_tls; /// extern char *__hwasan_tls;
/// shadow = (mem >> Scale) + align_up(__hwasan_shadow, kShadowBaseAlignment) /// shadow = (mem>>Scale) + align_up(__hwasan_shadow, kShadowBaseAlignment)
struct ShadowMapping { struct ShadowMapping {
int Scale; int Scale;
uint64_t Offset; uint64_t Offset;
bool InGlobal; bool InGlobal;
bool InTls; bool InTls;
void init(Triple &TargetTriple); void init(Triple &TargetTriple);
unsigned getAllocaAlignment() const { return 1U << Scale; } unsigned getAllocaAlignment() const { return 1U << Scale; }
▲ Show 20 LinesShow All 47 Lines▼ Show 20 Linesbool HWAddressSanitizer::doInitialization(Module &M) {
LLVM_DEBUG(dbgs() << "Init " << M.getName() << "\n"); LLVM_DEBUG(dbgs() << "Init " << M.getName() << "\n");
auto &DL = M.getDataLayout(); auto &DL = M.getDataLayout();
TargetTriple = Triple(M.getTargetTriple()); TargetTriple = Triple(M.getTargetTriple());
Mapping.init(TargetTriple); Mapping.init(TargetTriple);
C = &(M.getContext()); C = &(M.getContext());
CurModuleUniqueId = getUniqueModuleId(&M);
IRBuilder<> IRB(*C); IRBuilder<> IRB(*C);
IntptrTy = IRB.getIntPtrTy(DL); IntptrTy = IRB.getIntPtrTy(DL);
Int8PtrTy = IRB.getInt8PtrTy(); Int8PtrTy = IRB.getInt8PtrTy();
Int8Ty = IRB.getInt8Ty(); Int8Ty = IRB.getInt8Ty();
HwasanCtorFunction = nullptr; HwasanCtorFunction = nullptr;
if (!CompileKernel) { if (!CompileKernel) {
std::tie(HwasanCtorFunction, std::ignore) = std::tie(HwasanCtorFunction, std::ignore) =
createSanitizerCtorAndInitFunctions(M, kHwasanModuleCtorName, createSanitizerCtorAndInitFunctions(M, kHwasanModuleCtorName,
kHwasanInitName, kHwasanInitName,
/*InitArgTypes=*/{}, /*InitArgTypes=*/{},
/*InitArgs=*/{}); /*InitArgs=*/{});
appendToGlobalCtors(M, HwasanCtorFunction, 0); appendToGlobalCtors(M, HwasanCtorFunction, 0);
} }
// Create a call to __hwasan_init_frames.
if (HwasanCtorFunction) {
// Create a dummy frame description for the CTOR function.
// W/o it we would have to create the call to __hwasan_init_frames after
// all functions are instrumented (i.e. need to have a ModulePass).
createFrameGlobal(*HwasanCtorFunction, "");
IRBuilder<> IRBCtor(HwasanCtorFunction->getEntryBlock().getTerminator());
IRBCtor.CreateCall(
declareSanitizerInitFunction(M, "__hwasan_init_frames",
{Int8PtrTy, Int8PtrTy}),
{createFrameSectionBound(M, Int8Ty, getFrameSectionBeg()),
createFrameSectionBound(M, Int8Ty, getFrameSectionEnd())});
}
if (!TargetTriple.isAndroid()) if (!TargetTriple.isAndroid())
appendToCompilerUsed( appendToCompilerUsed(
M, ThreadPtrGlobal = new GlobalVariable( M, ThreadPtrGlobal = new GlobalVariable(
M, IntptrTy, false, GlobalVariable::ExternalLinkage, nullptr, M, IntptrTy, false, GlobalVariable::ExternalLinkage, nullptr,
"__hwasan_tls", nullptr, GlobalVariable::InitialExecTLSModel)); "__hwasan_tls", nullptr, GlobalVariable::InitialExecTLSModel));
return true; return true;
} }
▲ Show 20 LinesShow All 375 Lines▼ Show 20 LinesValue *HWAddressSanitizer::getHwasanThreadSlotPtr(IRBuilder<> &IRB, Type *Ty) {
} }
if (ThreadPtrGlobal) if (ThreadPtrGlobal)
return ThreadPtrGlobal; return ThreadPtrGlobal;
return nullptr; return nullptr;
} }
// Creates a string with a description of the stack frame (set of Allocas).
// The string is intended to be human readable.
// The current form is: Size1 Name1; Size2 Name2; ...
std::string
HWAddressSanitizer::createFrameString(ArrayRef<AllocaInst *> Allocas) {
std::ostringstream Descr;
for (auto AI : Allocas)
Descr << getAllocaSizeInBytes(*AI) << " " << AI->getName().str() << "; ";
return Descr.str();
}
// Creates a global in the frame section which consists of two pointers:
// the function PC and the frame string constant.
void HWAddressSanitizer::createFrameGlobal(Function &F,
const std::string &FrameString) {
Module &M = *F.getParent();
auto DescrGV = createPrivateGlobalForString(M, FrameString, true);
auto PtrPairTy = StructType::get(F.getType(), DescrGV->getType());
auto GV = new GlobalVariable(
M, PtrPairTy, /*isConstantGlobal*/ true, GlobalVariable::PrivateLinkage,
ConstantStruct::get(PtrPairTy, (Constant *)&F, (Constant *)DescrGV),
"__hwasan");
GV->setSection(getFrameSection());
appendToCompilerUsed(M, GV);
// Put GV into the F's Comadat so that if F is deleted GV can be deleted too.
if (&F != HwasanCtorFunction)
if (auto Comdat = GetOrCreateFunctionComdat(F, CurModuleUniqueId))
GV->setComdat(Comdat);
}
Value *HWAddressSanitizer::emitPrologue(IRBuilder<> &IRB, Value *HWAddressSanitizer::emitPrologue(IRBuilder<> &IRB,
bool WithFrameRecord) { bool WithFrameRecord) {
if (!Mapping.InTls) if (!Mapping.InTls)
return getDynamicShadowNonTls(IRB); return getDynamicShadowNonTls(IRB);
Value *SlotPtr = getHwasanThreadSlotPtr(IRB, IntptrTy); Value *SlotPtr = getHwasanThreadSlotPtr(IRB, IntptrTy);
assert(SlotPtr); assert(SlotPtr);
▲ Show 20 LinesShow All 146 Lines▼ Show 20 Lines for (auto &Inst : BB) {
if (Addr || isa<MemIntrinsic>(Inst)) if (Addr || isa<MemIntrinsic>(Inst))
ToInstrument.push_back(&Inst); ToInstrument.push_back(&Inst);
} }
} }
if (AllocasToInstrument.empty() && ToInstrument.empty()) if (AllocasToInstrument.empty() && ToInstrument.empty())
return false; return false;
if (ClCreateFrameDescriptions && !AllocasToInstrument.empty())
createFrameGlobal(F, createFrameString(AllocasToInstrument));
initializeCallbacks(*F.getParent()); initializeCallbacks(*F.getParent());
assert(!LocalDynamicShadow); assert(!LocalDynamicShadow);
Instruction *InsertPt = &*F.getEntryBlock().begin(); Instruction *InsertPt = &*F.getEntryBlock().begin();
IRBuilder<> EntryIRB(InsertPt); IRBuilder<> EntryIRB(InsertPt);
LocalDynamicShadow = emitPrologue(EntryIRB, LocalDynamicShadow = emitPrologue(EntryIRB,
/*WithFrameRecord*/ ClRecordStackHistory && /*WithFrameRecord*/ ClRecordStackHistory &&
▲ Show 20 LinesShow All 41 LinesShow Last 20 Lines

llvm/trunk/test/Instrumentation/HWAddressSanitizer/basic.ll

Show First 20 LinesShow All 348 Lines▼ Show 20 Linesentry:
%b = load i8, i8 addrspace(256)* %a, align 4 %b = load i8, i8 addrspace(256)* %a, align 4
ret i8 %b ret i8 %b
} }
; CHECK: declare void @__hwasan_init() ; CHECK: declare void @__hwasan_init()
; CHECK: define internal void @hwasan.module_ctor() { ; CHECK: define internal void @hwasan.module_ctor() {
; CHECK-NEXT: call void @__hwasan_init() ; CHECK-NEXT: call void @__hwasan_init()
; CHECK-NEXT: call void @__hwasan_init_frames(
; CHECK-NEXT: ret void ; CHECK-NEXT: ret void
; CHECK-NEXT: } ; CHECK-NEXT: }

llvm/trunk/test/Instrumentation/HWAddressSanitizer/frame-descriptor.ll

; Test frame descriptors
;
; RUN: opt < %s -hwasan -S | FileCheck %s
target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
target triple = "aarch64--linux-android"
declare void @use32(i32*, i64*)
define void @test_alloca() sanitize_hwaddress {
entry:
%XYZ = alloca i32, align 4
%ABC = alloca i64, align 4
call void @use32(i32* nonnull %XYZ, i64 *nonnull %ABC)
ret void
}
; CHECK: @[[STR:[0-9]*]] = private unnamed_addr constant [15 x i8] c"4 XYZ; 8 ABC; \00", align 1
; CHECK: private constant { void ()*, [15 x i8]* } { void ()* @test_alloca, [15 x i8]* @[[STR]] }, section "__hwasan_frames", comdat($test_alloca)
; CHECK-LABEL: @test_alloca(
; CHECK: ret void
; CHECK-LABEL: @hwasan.module_ctor
; CHECK: call void @__hwasan_init_frames(i8* @__start___hwasan_frames, i8* @__stop___hwasan_frames)
; CHECK: ret void

llvm/trunk/test/Instrumentation/HWAddressSanitizer/with-calls.ll

Show First 20 LinesShow All 193 Lines▼ Show 20 Linesentry:
%b = load i8, i8 addrspace(256)* %a, align 4 %b = load i8, i8 addrspace(256)* %a, align 4
ret i8 %b ret i8 %b
} }
; CHECK: declare void @__hwasan_init() ; CHECK: declare void @__hwasan_init()
; CHECK: define internal void @hwasan.module_ctor() { ; CHECK: define internal void @hwasan.module_ctor() {
; CHECK-NEXT: call void @__hwasan_init() ; CHECK-NEXT: call void @__hwasan_init()
; CHECK-NEXT: call void @__hwasan_init_frames(
; CHECK-NEXT: ret void ; CHECK-NEXT: ret void
; CHECK-NEXT: } ; CHECK-NEXT: }