This is an archive of the discontinued LLVM Phabricator instance.

Differential D66377

hwasan: Untag unwound stack frames by wrapping personality functions.
ClosedPublic

Authored by pcc on Aug 16 2019, 6:18 PM.

Details

Reviewers
eugenis
hctim
Commits
rG21a181441724: hwasan: Untag unwound stack frames by wrapping personality functions.
rL369721: hwasan: Untag unwound stack frames by wrapping personality functions.
rCRT369721: hwasan: Untag unwound stack frames by wrapping personality functions.
Summary

One problem with untagging memory in landing pads is that it only works
correctly if the function that catches the exception is instrumented.
If the function is uninstrumented, we have no opportunity to untag the
memory.

To address this, replace landing pad instrumentation with personality function
wrapping. Each function with an instrumented stack has its personality function
replaced with a wrapper provided by the runtime. Functions that did not have
a personality function to begin with also get wrappers if they may be unwound
past. As the unwinder calls personality functions during stack unwinding,
the original personality function is called and the function's stack frame is
untagged by the wrapper if the personality function instructs the unwinder
to keep unwinding. If unwinding stops at a landing pad, the function is
still responsible for untagging its stack frame if it resumes unwinding.

The old landing pad mechanism is preserved for compatibility with old runtimes.

Diff Detail

Repository
rL LLVM

Event Timeline

pcc created this revision.Aug 16 2019, 6:18 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptAug 16 2019, 6:18 PM
Herald added subscribers: Restricted Project, hiraditya, mgorny, srhines. · View Herald Transcript
Harbormaster completed remote builds in B36917: Diff 215729.Aug 16 2019, 6:19 PM
pcc added a comment.Aug 22 2019, 10:34 AM

Ping.

eugenis added a comment.Aug 22 2019, 4:50 PM

What's the binary size overhead? I assume most of it comes from adding personality functions to noexcept but !nounwind functions?

llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
1434 ↗(On Diff #215729)

What if the personality function is an alias or an expression that does not strip down to a function? We could still wrap it.

pcc updated this revision to Diff 216746.Aug 22 2019, 5:42 PM
pcc marked an inline comment as done.
  • Support aliases and other constants
pcc added a comment.Aug 22 2019, 5:42 PM
In D66377#1642092, @eugenis wrote:

What's the binary size overhead? I assume most of it comes from adding personality functions to noexcept but !nounwind functions?

It seems to be negative overhead, at least for Android libc++.so, presumably because we're no longer instrumenting landing pads. The size of libc++.so is 1116808 bytes without this change and 1101704 bytes with the change.

llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
1434 ↗(On Diff #215729)

Yes we could, done.

Harbormaster completed remote builds in B37151: Diff 216746.Aug 22 2019, 5:43 PM
eugenis accepted this revision.Aug 22 2019, 5:50 PM

LGTM

This revision is now accepted and ready to land.Aug 22 2019, 5:50 PM
Closed by commit rL369721: hwasan: Untag unwound stack frames by wrapping personality functions. (authored by pcc). · Explain WhyAug 22 2019, 6:29 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: delcypher. · View Herald TranscriptAug 22 2019, 6:29 PM

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
hwasan/
1 line
64 lines
test/
hwasan/
TestCases/
7 lines
9 lines
llvm/
trunk/
lib/
Transforms/
Instrumentation/
110 lines
test/
Instrumentation/
HWAddressSanitizer/
10 lines
90 lines
utils/
gn/
secondary/
compiler-rt/
lib/
hwasan/
1 line

Diff 216755

compiler-rt/trunk/lib/hwasan/CMakeLists.txt

include_directories(..) include_directories(..)
# Runtime library sources and build flags. # Runtime library sources and build flags.
set(HWASAN_RTL_SOURCES set(HWASAN_RTL_SOURCES
hwasan.cpp hwasan.cpp
hwasan_allocator.cpp hwasan_allocator.cpp
hwasan_dynamic_shadow.cpp hwasan_dynamic_shadow.cpp
hwasan_exceptions.cpp
hwasan_interceptors.cpp hwasan_interceptors.cpp
hwasan_interceptors_vfork.S hwasan_interceptors_vfork.S
hwasan_linux.cpp hwasan_linux.cpp
hwasan_memintrinsics.cpp hwasan_memintrinsics.cpp
hwasan_poisoning.cpp hwasan_poisoning.cpp
hwasan_report.cpp hwasan_report.cpp
hwasan_tag_mismatch_aarch64.S hwasan_tag_mismatch_aarch64.S
hwasan_thread.cpp hwasan_thread.cpp
▲ Show 20 LinesShow All 168 LinesShow Last 20 Lines

compiler-rt/trunk/lib/hwasan/hwasan_exceptions.cpp

//===-- hwasan_exceptions.cpp ---------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This file is a part of HWAddressSanitizer.
//
// HWAddressSanitizer runtime.
//===----------------------------------------------------------------------===//
#include "hwasan_poisoning.h"
#include "sanitizer_common/sanitizer_common.h"
#include <unwind.h>
using namespace __hwasan;
using namespace __sanitizer;
typedef _Unwind_Reason_Code PersonalityFn(int version, _Unwind_Action actions,
uint64_t exception_class,
_Unwind_Exception* unwind_exception,
_Unwind_Context* context);
// Pointers to the _Unwind_GetGR and _Unwind_GetCFA functions are passed in
// instead of being called directly. This is to handle cases where the unwinder
// is statically linked and the sanitizer runtime and the program are linked
// against different unwinders. The _Unwind_Context data structure is opaque so
// it may be incompatible between unwinders.
typedef _Unwind_Word GetGRFn(_Unwind_Context* context, int index);
typedef _Unwind_Word GetCFAFn(_Unwind_Context* context);
extern "C" _Unwind_Reason_Code __hwasan_personality_wrapper(
int version, _Unwind_Action actions, uint64_t exception_class,
_Unwind_Exception* unwind_exception, _Unwind_Context* context,
PersonalityFn* real_personality, GetGRFn* get_gr, GetCFAFn* get_cfa) {
_Unwind_Reason_Code rc;
if (real_personality)
rc = real_personality(version, actions, exception_class, unwind_exception,
context);
else
rc = _URC_CONTINUE_UNWIND;
// We only untag frames without a landing pad because landing pads are
// responsible for untagging the stack themselves if they resume.
//
// Here we assume that the frame record appears after any locals. This is not
// required by AAPCS but is a requirement for HWASAN instrumented functions.
if ((actions & _UA_CLEANUP_PHASE) && rc == _URC_CONTINUE_UNWIND) {
#if defined(__x86_64__)
uptr fp = get_gr(context, 6); // rbp
#elif defined(__aarch64__)
uptr fp = get_gr(context, 29); // x29
#else
#error Unsupported architecture
#endif
uptr sp = get_cfa(context);
TagMemory(sp, fp - sp, 0);
}
return rc;
}

compiler-rt/trunk/test/hwasan/TestCases/try-catch.cpp

// RUN: %clangxx_hwasan %s -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=GOOD // RUN: %clangxx_hwasan %s -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=GOOD
// RUN: %clangxx_hwasan %s -mllvm -hwasan-instrument-landing-pads=0 -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=BAD // RUN: %clangxx_hwasan -DNO_SANITIZE_F %s -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=GOOD
// RUN: %clangxx_hwasan_oldrt %s -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=GOOD
// RUN: %clangxx_hwasan_oldrt %s -mllvm -hwasan-instrument-landing-pads=0 -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=BAD
// C++ tests on x86_64 require instrumented libc++/libstdc++. // C++ tests on x86_64 require instrumented libc++/libstdc++.
// REQUIRES: aarch64-target-arch // REQUIRES: aarch64-target-arch
#include <stdexcept> #include <stdexcept>
#include <cstdio> #include <cstdio>
static void optimization_barrier(void* arg) { static void optimization_barrier(void* arg) {
Show All 24 Lines
__attribute__((noinline, no_sanitize("hwaddress"))) void after_catch() { __attribute__((noinline, no_sanitize("hwaddress"))) void after_catch() {
char x[10000]; char x[10000];
hwasan_read(&x[0], sizeof(x)); hwasan_read(&x[0], sizeof(x));
} }
__attribute__((noinline)) __attribute__((noinline))
#ifdef NO_SANITIZE_F
__attribute__((no_sanitize("hwaddress")))
#endif
void f() { void f() {
char x[1000]; char x[1000];
try { try {
// Put two tagged frames on the stack, throw an exception from the deepest one. // Put two tagged frames on the stack, throw an exception from the deepest one.
g(); g();
} catch (const std::runtime_error &e) { } catch (const std::runtime_error &e) {
// Put an untagged frame on stack, check that it is indeed untagged. // Put an untagged frame on stack, check that it is indeed untagged.
// This relies on exception support zeroing out stack tags. // This relies on exception support zeroing out stack tags.
Show All 13 Lines

compiler-rt/trunk/test/hwasan/lit.cfg.py

# -*- Python -*- # -*- Python -*-
import os import os
# Setup config name. # Setup config name.
config.name = 'HWAddressSanitizer' + getattr(config, 'name_suffix', 'default') config.name = 'HWAddressSanitizer' + getattr(config, 'name_suffix', 'default')
# Setup source root. # Setup source root.
config.test_source_root = os.path.dirname(__file__) config.test_source_root = os.path.dirname(__file__)
# Setup default compiler flags used with -fsanitize=memory option. # Setup default compiler flags used with -fsanitize=memory option.
clang_cflags = [config.target_cflags] + config.debug_info_flags clang_cflags = [config.target_cflags] + config.debug_info_flags
clang_cxxflags = config.cxx_mode_flags + clang_cflags clang_cxxflags = config.cxx_mode_flags + clang_cflags
clang_hwasan_cflags = clang_cflags + ["-fsanitize=hwaddress", "-mllvm", "-hwasan-globals", "-fuse-ld=lld"] clang_hwasan_oldrt_cflags = clang_cflags + ["-fsanitize=hwaddress", "-fuse-ld=lld"]
if config.target_arch == 'x86_64': if config.target_arch == 'x86_64':
# This does basically the same thing as tagged-globals on aarch64. Because # This does basically the same thing as tagged-globals on aarch64. Because
# the x86_64 implementation is for testing purposes only there is no # the x86_64 implementation is for testing purposes only there is no
# equivalent target feature implemented on x86_64. # equivalent target feature implemented on x86_64.
clang_hwasan_cflags += ["-mcmodel=large"] clang_hwasan_oldrt_cflags += ["-mcmodel=large"]
clang_hwasan_cflags = clang_hwasan_oldrt_cflags + ["-mllvm", "-hwasan-globals",
"-mllvm", "-hwasan-instrument-landing-pads=0",
"-mllvm", "-hwasan-instrument-personality-functions"]
clang_hwasan_cxxflags = config.cxx_mode_flags + clang_hwasan_cflags clang_hwasan_cxxflags = config.cxx_mode_flags + clang_hwasan_cflags
clang_hwasan_oldrt_cxxflags = config.cxx_mode_flags + clang_hwasan_oldrt_cflags
def build_invocation(compile_flags): def build_invocation(compile_flags):
return " " + " ".join([config.clang] + compile_flags) + " " return " " + " ".join([config.clang] + compile_flags) + " "
config.substitutions.append( ("%clangxx ", build_invocation(clang_cxxflags)) ) config.substitutions.append( ("%clangxx ", build_invocation(clang_cxxflags)) )
config.substitutions.append( ("%clang_hwasan ", build_invocation(clang_hwasan_cflags)) ) config.substitutions.append( ("%clang_hwasan ", build_invocation(clang_hwasan_cflags)) )
config.substitutions.append( ("%clangxx_hwasan ", build_invocation(clang_hwasan_cxxflags)) ) config.substitutions.append( ("%clangxx_hwasan ", build_invocation(clang_hwasan_cxxflags)) )
config.substitutions.append( ("%clangxx_hwasan_oldrt ", build_invocation(clang_hwasan_oldrt_cxxflags)) )
config.substitutions.append( ("%compiler_rt_libdir", config.compiler_rt_libdir) ) config.substitutions.append( ("%compiler_rt_libdir", config.compiler_rt_libdir) )
default_hwasan_opts_str = ':'.join(['disable_allocator_tagging=1', 'random_tags=0'] + config.default_sanitizer_opts) default_hwasan_opts_str = ':'.join(['disable_allocator_tagging=1', 'random_tags=0'] + config.default_sanitizer_opts)
if default_hwasan_opts_str: if default_hwasan_opts_str:
config.environment['HWASAN_OPTIONS'] = default_hwasan_opts_str config.environment['HWASAN_OPTIONS'] = default_hwasan_opts_str
default_hwasan_opts_str += ':' default_hwasan_opts_str += ':'
config.substitutions.append(('%env_hwasan_opts=', config.substitutions.append(('%env_hwasan_opts=',
'env HWASAN_OPTIONS=' + default_hwasan_opts_str)) 'env HWASAN_OPTIONS=' + default_hwasan_opts_str))
# Default test suffixes. # Default test suffixes.
config.suffixes = ['.c', '.cpp'] config.suffixes = ['.c', '.cpp']
if config.host_os not in ['Linux', 'Android'] or not config.has_lld: if config.host_os not in ['Linux', 'Android'] or not config.has_lld:
config.unsupported = True config.unsupported = True

llvm/trunk/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp

//===- HWAddressSanitizer.cpp - detector of uninitialized reads -------===// //===- HWAddressSanitizer.cpp - detector of uninitialized reads -------===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
/// \file /// \file
/// This file is a part of HWAddressSanitizer, an address sanity checker /// This file is a part of HWAddressSanitizer, an address sanity checker
/// based on tagged addressing. /// based on tagged addressing.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "llvm/Transforms/Instrumentation/HWAddressSanitizer.h" #include "llvm/Transforms/Instrumentation/HWAddressSanitizer.h"
#include "llvm/ADT/MapVector.h"
#include "llvm/ADT/SmallVector.h" #include "llvm/ADT/SmallVector.h"
#include "llvm/ADT/StringExtras.h" #include "llvm/ADT/StringExtras.h"
#include "llvm/ADT/StringRef.h" #include "llvm/ADT/StringRef.h"
#include "llvm/ADT/Triple.h" #include "llvm/ADT/Triple.h"
#include "llvm/BinaryFormat/ELF.h" #include "llvm/BinaryFormat/ELF.h"
#include "llvm/IR/Attributes.h" #include "llvm/IR/Attributes.h"
#include "llvm/IR/BasicBlock.h" #include "llvm/IR/BasicBlock.h"
#include "llvm/IR/Constant.h" #include "llvm/IR/Constant.h"
Show All 27 Lines
using namespace llvm; using namespace llvm;
#define DEBUG_TYPE "hwasan" #define DEBUG_TYPE "hwasan"
static const char *const kHwasanModuleCtorName = "hwasan.module_ctor"; static const char *const kHwasanModuleCtorName = "hwasan.module_ctor";
static const char *const kHwasanNoteName = "hwasan.note"; static const char *const kHwasanNoteName = "hwasan.note";
static const char *const kHwasanInitName = "__hwasan_init"; static const char *const kHwasanInitName = "__hwasan_init";
static const char *const kHwasanPersonalityThunkName =
"__hwasan_personality_thunk";
static const char *const kHwasanShadowMemoryDynamicAddress = static const char *const kHwasanShadowMemoryDynamicAddress =
"__hwasan_shadow_memory_dynamic_address"; "__hwasan_shadow_memory_dynamic_address";
// Accesses sizes are powers of two: 1, 2, 4, 8, 16. // Accesses sizes are powers of two: 1, 2, 4, 8, 16.
static const size_t kNumberOfAccessSizes = 5; static const size_t kNumberOfAccessSizes = 5;
static const size_t kDefaultShadowScale = 4; static const size_t kDefaultShadowScale = 4;
▲ Show 20 LinesShow All 89 Lines▼ Show 20 Lines ClRecordStackHistory("hwasan-record-stack-history",
cl::Hidden, cl::init(true)); cl::Hidden, cl::init(true));
static cl::opt<bool> static cl::opt<bool>
ClInstrumentMemIntrinsics("hwasan-instrument-mem-intrinsics", ClInstrumentMemIntrinsics("hwasan-instrument-mem-intrinsics",
cl::desc("instrument memory intrinsics"), cl::desc("instrument memory intrinsics"),
cl::Hidden, cl::init(true)); cl::Hidden, cl::init(true));
static cl::opt<bool> static cl::opt<bool>
ClInstrumentLandingPads("hwasan-instrument-landing-pads", ClInstrumentLandingPads("hwasan-instrument-landing-pads",
cl::desc("instrument landing pads"), cl::Hidden, cl::desc("instrument landing pads"), cl::Hidden,
cl::init(true)); cl::init(false));
static cl::opt<bool> ClInstrumentPersonalityFunctions(
"hwasan-instrument-personality-functions",
cl::desc("instrument personality functions"), cl::Hidden, cl::init(false));
static cl::opt<bool> ClInlineAllChecks("hwasan-inline-all-checks", static cl::opt<bool> ClInlineAllChecks("hwasan-inline-all-checks",
cl::desc("inline all checks"), cl::desc("inline all checks"),
cl::Hidden, cl::init(false)); cl::Hidden, cl::init(false));
namespace { namespace {
/// An instrumentation pass implementing detection of addressability bugs /// An instrumentation pass implementing detection of addressability bugs
▲ Show 20 LinesShow All 46 Lines▼ Show 20 Linespublic:
Value *getUARTag(IRBuilder<> &IRB, Value *StackTag); Value *getUARTag(IRBuilder<> &IRB, Value *StackTag);
Value *getHwasanThreadSlotPtr(IRBuilder<> &IRB, Type *Ty); Value *getHwasanThreadSlotPtr(IRBuilder<> &IRB, Type *Ty);
void emitPrologue(IRBuilder<> &IRB, bool WithFrameRecord); void emitPrologue(IRBuilder<> &IRB, bool WithFrameRecord);
void instrumentGlobal(GlobalVariable *GV, uint8_t Tag); void instrumentGlobal(GlobalVariable *GV, uint8_t Tag);
void instrumentGlobals(); void instrumentGlobals();
void instrumentPersonalityFunctions();
private: private:
LLVMContext *C; LLVMContext *C;
Module &M; Module &M;
Triple TargetTriple; Triple TargetTriple;
FunctionCallee HWAsanMemmove, HWAsanMemcpy, HWAsanMemset; FunctionCallee HWAsanMemmove, HWAsanMemcpy, HWAsanMemset;
FunctionCallee HWAsanHandleVfork; FunctionCallee HWAsanHandleVfork;
/// This struct defines the shadow mapping using the rule: /// This struct defines the shadow mapping using the rule:
Show All 10 Lines struct ShadowMapping {
bool InGlobal; bool InGlobal;
bool InTls; bool InTls;
void init(Triple &TargetTriple); void init(Triple &TargetTriple);
unsigned getObjectAlignment() const { return 1U << Scale; } unsigned getObjectAlignment() const { return 1U << Scale; }
}; };
ShadowMapping Mapping; ShadowMapping Mapping;
Type *VoidTy = Type::getVoidTy(M.getContext());
Type *IntptrTy; Type *IntptrTy;
Type *Int8PtrTy; Type *Int8PtrTy;
Type *Int8Ty; Type *Int8Ty;
Type *Int32Ty; Type *Int32Ty;
Type *Int64Ty = Type::getInt64Ty(M.getContext()); Type *Int64Ty = Type::getInt64Ty(M.getContext());
bool CompileKernel; bool CompileKernel;
bool Recover; bool Recover;
bool InstrumentLandingPads;
Function *HwasanCtorFunction; Function *HwasanCtorFunction;
FunctionCallee HwasanMemoryAccessCallback[2][kNumberOfAccessSizes]; FunctionCallee HwasanMemoryAccessCallback[2][kNumberOfAccessSizes];
FunctionCallee HwasanMemoryAccessCallbackSized[2]; FunctionCallee HwasanMemoryAccessCallbackSized[2];
FunctionCallee HwasanTagMemoryFunc; FunctionCallee HwasanTagMemoryFunc;
FunctionCallee HwasanGenerateTagFunc; FunctionCallee HwasanGenerateTagFunc;
▲ Show 20 LinesShow All 99 Lines▼ Show 20 Lines std::tie(HwasanCtorFunction, std::ignore) =
// time. Hook them into the global ctors list in that case: // time. Hook them into the global ctors list in that case:
[&](Function *Ctor, FunctionCallee) { [&](Function *Ctor, FunctionCallee) {
Comdat *CtorComdat = M.getOrInsertComdat(kHwasanModuleCtorName); Comdat *CtorComdat = M.getOrInsertComdat(kHwasanModuleCtorName);
Ctor->setComdat(CtorComdat); Ctor->setComdat(CtorComdat);
appendToGlobalCtors(M, Ctor, 0, Ctor); appendToGlobalCtors(M, Ctor, 0, Ctor);
}); });
// Older versions of Android do not have the required runtime support for // Older versions of Android do not have the required runtime support for
// global instrumentation. On other platforms we currently require using the // global or personality function instrumentation. On other platforms we
// latest version of the runtime. // currently require using the latest version of the runtime.
bool InstrumentGlobals = bool NewRuntime =
!TargetTriple.isAndroid() || !TargetTriple.isAndroidVersionLT(30); !TargetTriple.isAndroid() || !TargetTriple.isAndroidVersionLT(30);
if (ClGlobals.getNumOccurrences())
InstrumentGlobals = ClGlobals; bool InstrumentGlobals =
ClGlobals.getNumOccurrences() ? ClGlobals : NewRuntime;
if (InstrumentGlobals) if (InstrumentGlobals)
instrumentGlobals(); instrumentGlobals();
// If we don't have personality function support, fall back to landing pads.
InstrumentLandingPads = ClInstrumentLandingPads.getNumOccurrences()
? ClInstrumentLandingPads
: !NewRuntime;
bool InstrumentPersonalityFunctions =
ClInstrumentPersonalityFunctions.getNumOccurrences()
? ClInstrumentPersonalityFunctions
: NewRuntime;
if (InstrumentPersonalityFunctions)
instrumentPersonalityFunctions();
} }
if (!TargetTriple.isAndroid()) { if (!TargetTriple.isAndroid()) {
Constant *C = M.getOrInsertGlobal("__hwasan_tls", IntptrTy, [&] { Constant *C = M.getOrInsertGlobal("__hwasan_tls", IntptrTy, [&] {
auto *GV = new GlobalVariable(M, IntptrTy, /*isConstant=*/false, auto *GV = new GlobalVariable(M, IntptrTy, /*isConstant=*/false,
GlobalValue::ExternalLinkage, nullptr, GlobalValue::ExternalLinkage, nullptr,
"__hwasan_tls", nullptr, "__hwasan_tls", nullptr,
GlobalVariable::InitialExecTLSModel); GlobalVariable::InitialExecTLSModel);
▲ Show 20 LinesShow All 695 Lines▼ Show 20 Lines for (auto &Inst : BB) {
if (isa<ReturnInst>(Inst) || isa<ResumeInst>(Inst) || if (isa<ReturnInst>(Inst) || isa<ResumeInst>(Inst) ||
isa<CleanupReturnInst>(Inst)) isa<CleanupReturnInst>(Inst))
RetVec.push_back(&Inst); RetVec.push_back(&Inst);
if (auto *DDI = dyn_cast<DbgDeclareInst>(&Inst)) if (auto *DDI = dyn_cast<DbgDeclareInst>(&Inst))
if (auto *Alloca = dyn_cast_or_null<AllocaInst>(DDI->getAddress())) if (auto *Alloca = dyn_cast_or_null<AllocaInst>(DDI->getAddress()))
AllocaDeclareMap[Alloca].push_back(DDI); AllocaDeclareMap[Alloca].push_back(DDI);
if (ClInstrumentLandingPads && isa<LandingPadInst>(Inst)) if (InstrumentLandingPads && isa<LandingPadInst>(Inst))
LandingPadVec.push_back(&Inst); LandingPadVec.push_back(&Inst);
Value *MaybeMask = nullptr; Value *MaybeMask = nullptr;
bool IsWrite; bool IsWrite;
unsigned Alignment; unsigned Alignment;
uint64_t TypeSize; uint64_t TypeSize;
Value *Addr = isInterestingMemoryAccess(&Inst, &IsWrite, &TypeSize, Value *Addr = isInterestingMemoryAccess(&Inst, &IsWrite, &TypeSize,
&Alignment, &MaybeMask); &Alignment, &MaybeMask);
if (Addr || isa<MemIntrinsic>(Inst)) if (Addr || isa<MemIntrinsic>(Inst))
ToInstrument.push_back(&Inst); ToInstrument.push_back(&Inst);
} }
} }
initializeCallbacks(*F.getParent()); initializeCallbacks(*F.getParent());
if (!LandingPadVec.empty()) if (!LandingPadVec.empty())
instrumentLandingPads(LandingPadVec); instrumentLandingPads(LandingPadVec);
if (AllocasToInstrument.empty() && F.hasPersonalityFn() &&
F.getPersonalityFn()->getName() == kHwasanPersonalityThunkName) {
// __hwasan_personality_thunk is a no-op for functions without an
// instrumented stack, so we can drop it.
F.setPersonalityFn(nullptr);
}
if (AllocasToInstrument.empty() && ToInstrument.empty()) if (AllocasToInstrument.empty() && ToInstrument.empty())
return false; return false;
assert(!LocalDynamicShadow); assert(!LocalDynamicShadow);
Instruction *InsertPt = &*F.getEntryBlock().begin(); Instruction *InsertPt = &*F.getEntryBlock().begin();
IRBuilder<> EntryIRB(InsertPt); IRBuilder<> EntryIRB(InsertPt);
emitPrologue(EntryIRB, emitPrologue(EntryIRB,
▲ Show 20 LinesShow All 259 Lines▼ Show 20 Linesvoid HWAddressSanitizer::instrumentGlobals() {
for (GlobalVariable *GV : Globals) { for (GlobalVariable *GV : Globals) {
// Skip tag 0 in order to avoid collisions with untagged memory. // Skip tag 0 in order to avoid collisions with untagged memory.
if (Tag == 0) if (Tag == 0)
Tag = 1; Tag = 1;
instrumentGlobal(GV, Tag++); instrumentGlobal(GV, Tag++);
} }
} }
void HWAddressSanitizer::instrumentPersonalityFunctions() {
// We need to untag stack frames as we unwind past them. That is the job of
// the personality function wrapper, which either wraps an existing
// personality function or acts as a personality function on its own. Each
// function that has a personality function or that can be unwound past has
// its personality function changed to a thunk that calls the personality
// function wrapper in the runtime.
MapVector<Constant *, std::vector<Function *>> PersonalityFns;
for (Function &F : M) {
if (F.isDeclaration() || !F.hasFnAttribute(Attribute::SanitizeHWAddress))
continue;
if (F.hasPersonalityFn()) {
PersonalityFns[F.getPersonalityFn()->stripPointerCasts()].push_back(&F);
} else if (!F.hasFnAttribute(Attribute::NoUnwind)) {
PersonalityFns[nullptr].push_back(&F);
}
}
if (PersonalityFns.empty())
return;
FunctionCallee HwasanPersonalityWrapper = M.getOrInsertFunction(
"__hwasan_personality_wrapper", Int32Ty, Int32Ty, Int32Ty, Int64Ty,
Int8PtrTy, Int8PtrTy, Int8PtrTy, Int8PtrTy, Int8PtrTy);
FunctionCallee UnwindGetGR = M.getOrInsertFunction("_Unwind_GetGR", VoidTy);
FunctionCallee UnwindGetCFA = M.getOrInsertFunction("_Unwind_GetCFA", VoidTy);
for (auto &P : PersonalityFns) {
std::string ThunkName = kHwasanPersonalityThunkName;
if (P.first)
ThunkName += ("." + P.first->getName()).str();
FunctionType *ThunkFnTy = FunctionType::get(
Int32Ty, {Int32Ty, Int32Ty, Int64Ty, Int8PtrTy, Int8PtrTy}, false);
bool IsLocal = P.first && (!isa<GlobalValue>(P.first) ||
cast<GlobalValue>(P.first)->hasLocalLinkage());
auto *ThunkFn = Function::Create(ThunkFnTy,
IsLocal ? GlobalValue::InternalLinkage
: GlobalValue::LinkOnceODRLinkage,
ThunkName, &M);
if (!IsLocal) {
ThunkFn->setVisibility(GlobalValue::HiddenVisibility);
ThunkFn->setComdat(M.getOrInsertComdat(ThunkName));
}
auto *BB = BasicBlock::Create(*C, "entry", ThunkFn);
IRBuilder<> IRB(BB);
CallInst *WrapperCall = IRB.CreateCall(
HwasanPersonalityWrapper,
{ThunkFn->getArg(0), ThunkFn->getArg(1), ThunkFn->getArg(2),
ThunkFn->getArg(3), ThunkFn->getArg(4),
P.first ? IRB.CreateBitCast(P.first, Int8PtrTy)
: Constant::getNullValue(Int8PtrTy),
IRB.CreateBitCast(UnwindGetGR.getCallee(), Int8PtrTy),
IRB.CreateBitCast(UnwindGetCFA.getCallee(), Int8PtrTy)});
WrapperCall->setTailCall();
IRB.CreateRet(WrapperCall);
for (Function *F : P.second)
F->setPersonalityFn(ThunkFn);
}
}
void HWAddressSanitizer::ShadowMapping::init(Triple &TargetTriple) { void HWAddressSanitizer::ShadowMapping::init(Triple &TargetTriple) {
Scale = kDefaultShadowScale; Scale = kDefaultShadowScale;
if (ClMappingOffset.getNumOccurrences() > 0) { if (ClMappingOffset.getNumOccurrences() > 0) {
InGlobal = false; InGlobal = false;
InTls = false; InTls = false;
Offset = ClMappingOffset; Offset = ClMappingOffset;
} else if (ClEnableKhwasan || ClInstrumentWithCalls) { } else if (ClEnableKhwasan || ClInstrumentWithCalls) {
InGlobal = false; InGlobal = false;
Show All 16 Lines

llvm/trunk/test/Instrumentation/HWAddressSanitizer/landingpad.ll

; RUN: opt < %s -mtriple aarch64-linux-android -hwasan -S | FileCheck %s --check-prefixes=COMMON,ARM ; RUN: opt < %s -mtriple aarch64-linux-android29 -hwasan -S | FileCheck %s --check-prefixes=COMMON,LP,ARM
; RUN: opt < %s -mtriple x86_64-linux -hwasan -S | FileCheck %s --check-prefixes=COMMON,X86 ; RUN: opt < %s -mtriple x86_64-linux -hwasan-instrument-landing-pads -hwasan -S | FileCheck %s --check-prefixes=COMMON,LP,X86
; RUN: opt < %s -mtriple aarch64-linux-android30 -hwasan -S | FileCheck %s --check-prefixes=COMMON,NOLP
target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128" target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
target triple = "aarch64-unknown-linux-android" target triple = "aarch64-unknown-linux-android"
define i32 @f() local_unnamed_addr sanitize_hwaddress personality i8* bitcast (i32 (...)* @__gxx_personality_v0 to i8*) { define i32 @f() local_unnamed_addr sanitize_hwaddress personality i8* bitcast (i32 (...)* @__gxx_personality_v0 to i8*) {
entry: entry:
invoke void @g() invoke void @g()
to label %return unwind label %lpad to label %return unwind label %lpad
lpad: lpad:
; COMMON: landingpad { i8*, i32 } ; COMMON: landingpad { i8*, i32 }
; COMMON-NEXT: catch i8* null ; COMMON-NEXT: catch i8* null
%0 = landingpad { i8*, i32 } %0 = landingpad { i8*, i32 }
catch i8* null catch i8* null
; COMMON-NEXT: %[[X:[^ ]*]] = call i64 @llvm.read_register.i64(metadata ![[META:[^ ]*]]) ; NOLP-NOT: call void @__hwasan_handle_vfork
; COMMON-NEXT: call void @__hwasan_handle_vfork(i64 %[[X]]) ; LP-NEXT: %[[X:[^ ]*]] = call i64 @llvm.read_register.i64(metadata ![[META:[^ ]*]])
; LP-NEXT: call void @__hwasan_handle_vfork(i64 %[[X]])
%1 = extractvalue { i8*, i32 } %0, 0 %1 = extractvalue { i8*, i32 } %0, 0
%2 = tail call i8* @__cxa_begin_catch(i8* %1) %2 = tail call i8* @__cxa_begin_catch(i8* %1)
tail call void @__cxa_end_catch() tail call void @__cxa_end_catch()
br label %return br label %return
return: return:
%retval.0 = phi i32 [ 1, %lpad ], [ 0, %entry ] %retval.0 = phi i32 [ 1, %lpad ], [ 0, %entry ]
ret i32 %retval.0 ret i32 %retval.0
Show All 10 Lines

llvm/trunk/test/Instrumentation/HWAddressSanitizer/personality.ll

; RUN: opt < %s -mtriple aarch64-linux-android29 -hwasan -S | FileCheck %s --check-prefix=NOPERS
; RUN: opt < %s -mtriple aarch64-linux-android30 -hwasan -S | FileCheck %s --check-prefix=PERS
; NOPERS: define void @nostack() #{{[0-9]+}} {
; PERS: define void @nostack() #{{[0-9]+}} {
define void @nostack() sanitize_hwaddress {
ret void
}
; NOPERS: define void @stack1() #{{[0-9]+}} {
; PERS: personality {{.*}} @__hwasan_personality_thunk
define void @stack1() sanitize_hwaddress {
%p = alloca i8
call void @sink(i8* %p)
ret void
}
; NOPERS: personality void ()* @global
; PERS: personality {{.*}} @__hwasan_personality_thunk.global
define void @stack2() sanitize_hwaddress personality void ()* @global {
%p = alloca i8
call void @sink(i8* %p)
ret void
}
define internal void @local() {
ret void
}
@local_alias = internal alias void (), void ()* @local
; NOPERS: personality void ()* @local
; PERS: personality {{.*}} @__hwasan_personality_thunk.local
define void @stack3() sanitize_hwaddress personality void ()* @local {
%p = alloca i8
call void @sink(i8* %p)
ret void
}
; NOPERS: personality void ()* @local_alias
; PERS: personality {{.*}} @__hwasan_personality_thunk.local_alias
define void @stack4() sanitize_hwaddress personality void ()* @local_alias {
%p = alloca i8
call void @sink(i8* %p)
ret void
}
; NOPERS: personality void ()* inttoptr (i64 1 to void ()*)
; PERS: personality i32 (i32, i32, i64, i8*, i8*)* @__hwasan_personality_thunk.
define void @stack5() sanitize_hwaddress personality void ()* inttoptr (i64 1 to void ()*) {
%p = alloca i8
call void @sink(i8* %p)
ret void
}
; NOPERS: personality void ()* inttoptr (i64 2 to void ()*)
; PERS: personality i32 (i32, i32, i64, i8*, i8*)* @__hwasan_personality_thunk..1
define void @stack6() sanitize_hwaddress personality void ()* inttoptr (i64 2 to void ()*) {
%p = alloca i8
call void @sink(i8* %p)
ret void
}
declare void @global()
declare void @sink(i8*)
; PERS: define linkonce_odr hidden i32 @__hwasan_personality_thunk(i32 %0, i32 %1, i64 %2, i8* %3, i8* %4) comdat
; PERS: %5 = tail call i32 @__hwasan_personality_wrapper(i32 %0, i32 %1, i64 %2, i8* %3, i8* %4, i8* null, i8* bitcast (void ()* @_Unwind_GetGR to i8*), i8* bitcast (void ()* @_Unwind_GetCFA to i8*))
; PERS: ret i32 %5
; PERS: define linkonce_odr hidden i32 @__hwasan_personality_thunk.global(i32 %0, i32 %1, i64 %2, i8* %3, i8* %4) comdat
; PERS: %5 = tail call i32 @__hwasan_personality_wrapper(i32 %0, i32 %1, i64 %2, i8* %3, i8* %4, i8* bitcast (void ()* @global to i8*), i8* bitcast (void ()* @_Unwind_GetGR to i8*), i8* bitcast (void ()* @_Unwind_GetCFA to i8*))
; PERS: ret i32 %5
; PERS: define internal i32 @__hwasan_personality_thunk.local(i32 %0, i32 %1, i64 %2, i8* %3, i8* %4)
; PERS: %5 = tail call i32 @__hwasan_personality_wrapper(i32 %0, i32 %1, i64 %2, i8* %3, i8* %4, i8* bitcast (void ()* @local to i8*), i8* bitcast (void ()* @_Unwind_GetGR to i8*), i8* bitcast (void ()* @_Unwind_GetCFA to i8*))
; PERS: ret i32 %5
; PERS: define internal i32 @__hwasan_personality_thunk.local_alias(i32 %0, i32 %1, i64 %2, i8* %3, i8* %4)
; PERS: %5 = tail call i32 @__hwasan_personality_wrapper(i32 %0, i32 %1, i64 %2, i8* %3, i8* %4, i8* bitcast (void ()* @local_alias to i8*), i8* bitcast (void ()* @_Unwind_GetGR to i8*), i8* bitcast (void ()* @_Unwind_GetCFA to i8*))
; PERS: ret i32 %5
; PERS: define internal i32 @__hwasan_personality_thunk.(i32 %0, i32 %1, i64 %2, i8* %3, i8* %4) {
; PERS: %5 = tail call i32 @__hwasan_personality_wrapper(i32 %0, i32 %1, i64 %2, i8* %3, i8* %4, i8* inttoptr (i64 1 to i8*), i8* bitcast (void ()* @_Unwind_GetGR to i8*), i8* bitcast (void ()* @_Unwind_GetCFA to i8*))
; PERS: ret i32 %5
; PERS: define internal i32 @__hwasan_personality_thunk..1(i32 %0, i32 %1, i64 %2, i8* %3, i8* %4) {
; PERS: %5 = tail call i32 @__hwasan_personality_wrapper(i32 %0, i32 %1, i64 %2, i8* %3, i8* %4, i8* inttoptr (i64 2 to i8*), i8* bitcast (void ()* @_Unwind_GetGR to i8*), i8* bitcast (void ()* @_Unwind_GetCFA to i8*))
; PERS: ret i32 %5

llvm/trunk/utils/gn/secondary/compiler-rt/lib/hwasan/BUILD.gn

Show All 39 Linessource_set("sources") {
] ]
sources = [ sources = [
"hwasan.cpp", "hwasan.cpp",
"hwasan.h", "hwasan.h",
"hwasan_allocator.cpp", "hwasan_allocator.cpp",
"hwasan_allocator.h", "hwasan_allocator.h",
"hwasan_dynamic_shadow.cpp", "hwasan_dynamic_shadow.cpp",
"hwasan_dynamic_shadow.h", "hwasan_dynamic_shadow.h",
"hwasan_exceptions.cpp",
"hwasan_flags.h", "hwasan_flags.h",
"hwasan_interceptors.cpp", "hwasan_interceptors.cpp",
"hwasan_interceptors_vfork.S", "hwasan_interceptors_vfork.S",
"hwasan_interface_internal.h", "hwasan_interface_internal.h",
"hwasan_linux.cpp", "hwasan_linux.cpp",
"hwasan_malloc_bisect.h", "hwasan_malloc_bisect.h",
"hwasan_mapping.h", "hwasan_mapping.h",
"hwasan_memintrinsics.cpp", "hwasan_memintrinsics.cpp",
▲ Show 20 LinesShow All 69 LinesShow Last 20 Lines