This is an archive of the discontinued LLVM Phabricator instance.

Differential D63300

AArch64: Prefer FP-relative debug locations in HWASANified functions.
ClosedPublic

Authored by pcc on Jun 13 2019, 3:03 PM.

Details

Reviewers
eugenis
t.p.northover
Commits
rG4608868d2f4c: AArch64: Prefer FP-relative debug locations in HWASANified functions.
rL364117: AArch64: Prefer FP-relative debug locations in HWASANified functions.
Summary

To help produce better diagnostics for stack use-after-return, we'd like
to be able to determine the addresses of each HWASANified function's local
variables given a small amount of information recorded on entry to the
function. Currently we require all HWASANified functions to use frame pointers
and record (PC, FP) on function entry. This works better than recording SP
because FP cannot change during the function, unlike SP which can change
e.g. due to dynamic alloca.

However, most variables currently end up using SP-relative locations in their
debug info. This prevents us from recomputing the address of most variables
because the distance between SP and FP isn't recorded in the debug info. To
address this, make the AArch64 backend prefer FP-relative debug locations
when producing debug info for HWASANified functions.

Diff Detail

Repository
rL LLVM

Event Timeline

pcc created this revision.Jun 13 2019, 3:03 PM
Herald added a project: Restricted Project. · View Herald TranscriptJun 13 2019, 3:03 PM
Herald added subscribers: hiraditya, kristof.beyls, javed.absar, aprantl. · View Herald Transcript
Harbormaster completed remote builds in B33365: Diff 204636.Jun 13 2019, 3:04 PM
pcc added a comment.Jun 13 2019, 3:04 PM

Oops, forgot to add a test. I'll do that in a bit.

pcc updated this revision to Diff 204640.Jun 13 2019, 3:24 PM
  • Add test
Harbormaster completed remote builds in B33367: Diff 204640.Jun 13 2019, 3:24 PM
eugenis added a comment.Jun 14 2019, 10:58 AM

What if we do it the other way around - store SP instead of FP? SP is unusable for locals when there are dynamic allocas; FP is unusable when there is dynamic stack realignment; not sure which case is more common, but both should be rare enough. This could help with the code size at least a little.

pcc added a comment.Jun 14 2019, 11:20 AM

Don't we need frame pointers for fast stack traces anyway?

eugenis added a comment.Jun 14 2019, 2:00 PM
In D63300#1543961, @eugenis wrote:

What if we do it the other way around - store SP instead of FP? SP is unusable for locals when there are dynamic allocas; FP is unusable when there is dynamic stack realignment; not sure which case is more common, but both should be rare enough. This could help with the code size at least a little.

Right, good point.

llvm/lib/Target/AArch64/AArch64FrameLowering.cpp
1538 ↗(On Diff #204640)

should this be called ForDebugInfo, or something like that? It's not about signed immediate IMHO, it's about debug info having effectively infinite offset range.

pcc marked an inline comment as done.Jun 14 2019, 4:45 PM
pcc added inline comments.
llvm/lib/Target/AArch64/AArch64FrameLowering.cpp
1538 ↗(On Diff #204640)

I thought about giving it a name like that, but it seems like the restriction is specific to the operand on certain load and store instructions referred to as <simm>, or a 9-bit signed immediate. If we were producing an immediate for a different instruction, we would want this to be false.

That said, maybe it should be called something like ForLdSt, then.

pcc added a child revision: D63469: hwasan: Teach the runtime to identify the local variable being accessed in UAR reports..Jun 17 2019, 8:36 PM
eugenis accepted this revision.Jun 21 2019, 2:53 PM

LGTM
I still think my suggestion for the name is best, but don't care about it too much.

This revision is now accepted and ready to land.Jun 21 2019, 2:53 PM
Closed by commit rL364117: AArch64: Prefer FP-relative debug locations in HWASANified functions. (authored by pcc). · Explain WhyJun 21 2019, 5:08 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
trunk/
lib/
Target/
AArch64/
4 lines
19 lines
6 lines
test/
CodeGen/
AArch64/
41 lines

Diff 206102

llvm/trunk/lib/Target/AArch64/AArch64FrameLowering.h

Show All 34 Linespublic:
void emitPrologue(MachineFunction &MF, MachineBasicBlock &MBB) const override; void emitPrologue(MachineFunction &MF, MachineBasicBlock &MBB) const override;
void emitEpilogue(MachineFunction &MF, MachineBasicBlock &MBB) const override; void emitEpilogue(MachineFunction &MF, MachineBasicBlock &MBB) const override;
bool canUseAsPrologue(const MachineBasicBlock &MBB) const override; bool canUseAsPrologue(const MachineBasicBlock &MBB) const override;
int getFrameIndexReference(const MachineFunction &MF, int FI, int getFrameIndexReference(const MachineFunction &MF, int FI,
unsigned &FrameReg) const override; unsigned &FrameReg) const override;
int resolveFrameIndexReference(const MachineFunction &MF, int FI, int resolveFrameIndexReference(const MachineFunction &MF, int FI,
unsigned &FrameReg, unsigned &FrameReg, bool PreferFP,
bool PreferFP = false) const; bool ForSimm) const;
bool spillCalleeSavedRegisters(MachineBasicBlock &MBB, bool spillCalleeSavedRegisters(MachineBasicBlock &MBB,
MachineBasicBlock::iterator MI, MachineBasicBlock::iterator MI,
const std::vector<CalleeSavedInfo> &CSI, const std::vector<CalleeSavedInfo> &CSI,
const TargetRegisterInfo *TRI) const override; const TargetRegisterInfo *TRI) const override;
bool restoreCalleeSavedRegisters(MachineBasicBlock &MBB, bool restoreCalleeSavedRegisters(MachineBasicBlock &MBB,
MachineBasicBlock::iterator MI, MachineBasicBlock::iterator MI,
std::vector<CalleeSavedInfo> &CSI, std::vector<CalleeSavedInfo> &CSI,
Show All 40 Lines

llvm/trunk/lib/Target/AArch64/AArch64FrameLowering.cpp

Show First 20 LinesShow All 1,491 Lines▼ Show 20 Lines
/// getFrameIndexReference - Provide a base+offset reference to an FI slot for /// getFrameIndexReference - Provide a base+offset reference to an FI slot for
/// debug info. It's the same as what we use for resolving the code-gen /// debug info. It's the same as what we use for resolving the code-gen
/// references for now. FIXME: This can go wrong when references are /// references for now. FIXME: This can go wrong when references are
/// SP-relative and simple call frames aren't used. /// SP-relative and simple call frames aren't used.
int AArch64FrameLowering::getFrameIndexReference(const MachineFunction &MF, int AArch64FrameLowering::getFrameIndexReference(const MachineFunction &MF,
int FI, int FI,
unsigned &FrameReg) const { unsigned &FrameReg) const {
return resolveFrameIndexReference(MF, FI, FrameReg); return resolveFrameIndexReference(
MF, FI, FrameReg,
/*PreferFP=*/
MF.getFunction().hasFnAttribute(Attribute::SanitizeHWAddress),
/*ForSimm=*/false);
} }
int AArch64FrameLowering::getNonLocalFrameIndexReference( int AArch64FrameLowering::getNonLocalFrameIndexReference(
const MachineFunction &MF, int FI) const { const MachineFunction &MF, int FI) const {
return getSEHFrameIndexOffset(MF, FI); return getSEHFrameIndexOffset(MF, FI);
} }
static int getFPOffset(const MachineFunction &MF, int FI) { static int getFPOffset(const MachineFunction &MF, int FI) {
Show All 16 Linesint AArch64FrameLowering::getSEHFrameIndexOffset(const MachineFunction &MF,
const auto *RegInfo = static_cast<const AArch64RegisterInfo *>( const auto *RegInfo = static_cast<const AArch64RegisterInfo *>(
MF.getSubtarget().getRegisterInfo()); MF.getSubtarget().getRegisterInfo());
return RegInfo->getLocalAddressRegister(MF) == AArch64::FP ? return RegInfo->getLocalAddressRegister(MF) == AArch64::FP ?
getFPOffset(MF, FI) : getStackOffset(MF, FI); getFPOffset(MF, FI) : getStackOffset(MF, FI);
} }
int AArch64FrameLowering::resolveFrameIndexReference(const MachineFunction &MF, int AArch64FrameLowering::resolveFrameIndexReference(const MachineFunction &MF,
int FI, unsigned &FrameReg, int FI, unsigned &FrameReg,
bool PreferFP) const { bool PreferFP,
bool ForSimm) const {
const auto &MFI = MF.getFrameInfo(); const auto &MFI = MF.getFrameInfo();
const auto *RegInfo = static_cast<const AArch64RegisterInfo *>( const auto *RegInfo = static_cast<const AArch64RegisterInfo *>(
MF.getSubtarget().getRegisterInfo()); MF.getSubtarget().getRegisterInfo());
const auto *AFI = MF.getInfo<AArch64FunctionInfo>(); const auto *AFI = MF.getInfo<AArch64FunctionInfo>();
const auto &Subtarget = MF.getSubtarget<AArch64Subtarget>(); const auto &Subtarget = MF.getSubtarget<AArch64Subtarget>();
int FPOffset = getFPOffset(MF, FI); int FPOffset = getFPOffset(MF, FI);
int Offset = getStackOffset(MF, FI); int Offset = getStackOffset(MF, FI);
bool isFixed = MFI.isFixedObjectIndex(FI); bool isFixed = MFI.isFixedObjectIndex(FI);
Show All 14 Lines if (isFixed) {
UseFP = hasFP(MF); UseFP = hasFP(MF);
} else if (isCSR && RegInfo->needsStackRealignment(MF)) { } else if (isCSR && RegInfo->needsStackRealignment(MF)) {
// References to the CSR area must use FP if we're re-aligning the stack // References to the CSR area must use FP if we're re-aligning the stack
// since the dynamically-sized alignment padding is between the SP/BP and // since the dynamically-sized alignment padding is between the SP/BP and
// the CSR area. // the CSR area.
assert(hasFP(MF) && "Re-aligned stack must have frame pointer"); assert(hasFP(MF) && "Re-aligned stack must have frame pointer");
UseFP = true; UseFP = true;
} else if (hasFP(MF) && !RegInfo->needsStackRealignment(MF)) { } else if (hasFP(MF) && !RegInfo->needsStackRealignment(MF)) {
// If the FPOffset is negative, we have to keep in mind that the // If the FPOffset is negative and we're producing a signed immediate, we
// available offset range for negative offsets is smaller than for // have to keep in mind that the available offset range for negative
// positive ones. If an offset is // offsets is smaller than for positive ones. If an offset is available
// available via the FP and the SP, use whichever is closest. // via the FP and the SP, use whichever is closest.
bool FPOffsetFits = FPOffset >= -256; bool FPOffsetFits = !ForSimm || FPOffset >= -256;
PreferFP |= Offset > -FPOffset; PreferFP |= Offset > -FPOffset;
if (MFI.hasVarSizedObjects()) { if (MFI.hasVarSizedObjects()) {
// If we have variable sized objects, we can use either FP or BP, as the // If we have variable sized objects, we can use either FP or BP, as the
// SP offset is unknown. We can use the base pointer if we have one and // SP offset is unknown. We can use the base pointer if we have one and
// FP is not preferred. If not, we're stuck with using FP. // FP is not preferred. If not, we're stuck with using FP.
bool CanUseBP = RegInfo->hasBasePointer(MF); bool CanUseBP = RegInfo->hasBasePointer(MF);
if (FPOffsetFits && CanUseBP) // Both are ok. Pick the best. if (FPOffsetFits && CanUseBP) // Both are ok. Pick the best.
▲ Show 20 LinesShow All 652 LinesShow Last 20 Lines

llvm/trunk/lib/Target/AArch64/AArch64RegisterInfo.cpp

Show First 20 LinesShow All 447 Lines▼ Show 20 Linesvoid AArch64RegisterInfo::eliminateFrameIndex(MachineBasicBlock::iterator II,
int FrameIndex = MI.getOperand(FIOperandNum).getIndex(); int FrameIndex = MI.getOperand(FIOperandNum).getIndex();
unsigned FrameReg; unsigned FrameReg;
int Offset; int Offset;
// Special handling of dbg_value, stackmap and patchpoint instructions. // Special handling of dbg_value, stackmap and patchpoint instructions.
if (MI.isDebugValue() || MI.getOpcode() == TargetOpcode::STACKMAP || if (MI.isDebugValue() || MI.getOpcode() == TargetOpcode::STACKMAP ||
MI.getOpcode() == TargetOpcode::PATCHPOINT) { MI.getOpcode() == TargetOpcode::PATCHPOINT) {
Offset = TFI->resolveFrameIndexReference(MF, FrameIndex, FrameReg, Offset = TFI->resolveFrameIndexReference(MF, FrameIndex, FrameReg,
/*PreferFP=*/true); /*PreferFP=*/true,
/*ForSimm=*/false);
Offset += MI.getOperand(FIOperandNum + 1).getImm(); Offset += MI.getOperand(FIOperandNum + 1).getImm();
MI.getOperand(FIOperandNum).ChangeToRegister(FrameReg, false /*isDef*/); MI.getOperand(FIOperandNum).ChangeToRegister(FrameReg, false /*isDef*/);
MI.getOperand(FIOperandNum + 1).ChangeToImmediate(Offset); MI.getOperand(FIOperandNum + 1).ChangeToImmediate(Offset);
return; return;
} }
if (MI.getOpcode() == TargetOpcode::LOCAL_ESCAPE) { if (MI.getOpcode() == TargetOpcode::LOCAL_ESCAPE) {
MachineOperand &FI = MI.getOperand(FIOperandNum); MachineOperand &FI = MI.getOperand(FIOperandNum);
Offset = TFI->getNonLocalFrameIndexReference(MF, FrameIndex); Offset = TFI->getNonLocalFrameIndexReference(MF, FrameIndex);
FI.ChangeToImmediate(Offset); FI.ChangeToImmediate(Offset);
return; return;
} }
// Modify MI as necessary to handle as much of 'Offset' as possible // Modify MI as necessary to handle as much of 'Offset' as possible
Offset = TFI->getFrameIndexReference(MF, FrameIndex, FrameReg); Offset = TFI->resolveFrameIndexReference(
MF, FrameIndex, FrameReg, /*PreferFP=*/false, /*ForSimm=*/true);
if (rewriteAArch64FrameIndex(MI, FIOperandNum, FrameReg, Offset, TII)) if (rewriteAArch64FrameIndex(MI, FIOperandNum, FrameReg, Offset, TII))
return; return;
assert((!RS || !RS->isScavengingFrameIndex(FrameIndex)) && assert((!RS || !RS->isScavengingFrameIndex(FrameIndex)) &&
"Emergency spill slot is out of reach"); "Emergency spill slot is out of reach");
// If we get here, the immediate doesn't fit into the instruction. We folded // If we get here, the immediate doesn't fit into the instruction. We folded
▲ Show 20 LinesShow All 56 LinesShow Last 20 Lines

llvm/trunk/test/CodeGen/AArch64/hwasan-prefer-fp.ll

; RUN: llc -o - %s -filetype=obj -frame-pointer=all | llvm-dwarfdump - | FileCheck %s
target triple="aarch64--"
define void @f() sanitize_hwaddress !dbg !6 {
entry:
%x = call i8* @g(i32 0)
%a = alloca [128 x i8]
%b = alloca [128 x i8]
; CHECK: DW_AT_location (DW_OP_fbreg
call void @llvm.dbg.declare(metadata [128 x i8]* %a, metadata !12, metadata !DIExpression()), !dbg !14
; CHECK: DW_AT_location (DW_OP_fbreg
call void @llvm.dbg.declare(metadata [128 x i8]* %b, metadata !13, metadata !DIExpression()), !dbg !14
ret void, !dbg !15
}
declare i8* @g(i32)
declare void @llvm.dbg.declare(metadata, metadata, metadata)
!llvm.dbg.cu = !{!0}
!llvm.module.flags = !{!3, !4}
!llvm.ident = !{!5}
!0 = distinct !DICompileUnit(language: DW_LANG_C99, file: !1, producer: "clang", isOptimized: false, runtimeVersion: 0, emissionKind: FullDebug, enums: !2)
!1 = !DIFile(filename: "x.c", directory: "/")
!2 = !{}
!3 = !{i32 2, !"Dwarf Version", i32 4}
!4 = !{i32 2, !"Debug Info Version", i32 3}
!5 = !{!"clang"}
!6 = distinct !DISubprogram(name: "f", scope: !1, file: !1, line: 1, type: !7, isLocal: false, isDefinition: true, scopeLine: 1, flags:
DIFlagPrototyped, isOptimized: false, unit: !0, retainedNodes: !2)
!7 = !DISubroutineType(types: !8)
!8 = !{null, !9}
!9 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !10, size: 64)
!10 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !11)
!11 = !DIBasicType(name: "char", size: 8, encoding: DW_ATE_signed_char)
!12 = !DILocalVariable(name: "a", scope: !6, file: !1, line: 1, type: !9)
!13 = !DILocalVariable(name: "b", scope: !6, file: !1, line: 1, type: !9)
!14 = !DILocation(line: 1, column: 29, scope: !6)
!15 = !DILocation(line: 1, column: 37, scope: !6)