This is an archive of the discontinued LLVM Phabricator instance.

[asan] Remove debug locations from alloca prologue instrumentation
ClosedPublic

Authored by johannes on Dec 2 2019, 4:44 AM.

Download Raw Diff

Details

Reviewers

eugenis
aprantl

Commits

rG09667bc19204: [asan] Remove debug locations from alloca prologue instrumentation

Summary

This fixes https://llvm.org/PR26673
"Wrong debugging information with -fsanitize=address"
where asan instrumentation causes the prologue end to be computed
incorrectly: findPrologueEndLoc, looks for the first instruction
with a debug location to determine the prologue end. Since the asan
instrumentation instructions had debug locations, that prologue end was
at some instruction, where the stack frame is still being set up.

There seems to be no good reason for extra debug locations for the
asan instrumentations that set up the frame; they don't have a natural
source location. In the debugger they are simply located at the start
of the function.

For certain other instrumentations like -fsanitize-coverage=trace-pc-guard
the same problem persists - that might be more work to fix, since it
looks like they rely on locations of the tracee functions.

This partly reverts aaf4bb239487e0a3b20a8eaf94fc641235ba2c29
"[asan] Set debug location in ASan function prologue"
whose motivation was to give debug location info to the coverage callback.
Its test only ensures that the call to @__sanitizer_cov_trace_pc_guard is
given the correct source location; as the debug location is still set in
ModuleSanitizerCoverage::InjectCoverageAtBlock, the test does not break.
So -fsanitize-coverage is hopefully unaffected - I don't think it should
rely on the debug locations of asan-generated allocas.

Related revision: 3c6c14d14b40adfb581940859ede1ac7d8ceae7a
"ASAN: Provide reliable debug info for local variables at -O0."

Below is how the X86 assembly version of the added test case changes.
We get rid of some .loc lines and put prologue_end where the user code starts.

diff
--- 2.master.s	2019-12-02 12:32:38.982959053 +0100
+++ 2.patch.s	2019-12-02 12:32:41.106246674 +0100
@@ -45,8 +45,6 @@
 	.cfi_offset %rbx, -24
 	xorl	%eax, %eax
 	movl	%eax, %ecx
- .Ltmp2:
- 	.loc	1 3 0 prologue_end      # 2.c:3:0
 	cmpl	$0, __asan_option_detect_stack_use_after_return
 	movl	%edi, 92(%rbx)          # 4-byte Spill
 	movq	%rsi, 80(%rbx)          # 8-byte Spill
@@ -57,9 +55,7 @@
 	callq	__asan_stack_malloc_0
 	movq	%rax, 72(%rbx)          # 8-byte Spill
 .LBB1_2:
- 	.loc	1 0 0 is_stmt 0         # 2.c:0:0
 	movq	72(%rbx), %rax          # 8-byte Reload
- 	.loc	1 3 0                   # 2.c:3:0
 	cmpq	$0, %rax
 	movq	%rax, %rcx
 	movq	%rax, 64(%rbx)          # 8-byte Spill
@@ -72,9 +68,7 @@
 	movq	%rax, %rsp
 	movq	%rax, 56(%rbx)          # 8-byte Spill
 .LBB1_4:
- 	.loc	1 0 0                   # 2.c:0:0
 	movq	56(%rbx), %rax          # 8-byte Reload
- 	.loc	1 3 0                   # 2.c:3:0
 	movq	%rax, 120(%rbx)
 	movq	%rax, %rcx
 	addq	$32, %rcx
@@ -99,7 +93,6 @@
 	movb	%r8b, 31(%rbx)          # 1-byte Spill
 	je	.LBB1_7
 # %bb.5:
- 	.loc	1 0 0                   # 2.c:0:0
 	movq	40(%rbx), %rax          # 8-byte Reload
 	andq	$7, %rax
 	addq	$3, %rax
@@ -118,7 +111,8 @@
 	movl	%ecx, (%rax)
 	movq	80(%rbx), %rdx          # 8-byte Reload
 	movq	%rdx, 128(%rbx)
-	.loc	1 4 3 is_stmt 1         # 2.c:4:3
+.Ltmp2:
+	.loc	1 4 3 prologue_end      # 2.c:4:3
 	movq	%rax, %rdi
 	callq	f
 	movq	48(%rbx), %rax          # 8-byte Reload

Diff Detail

Repository

rG LLVM Github Monorepo

Build Status

Buildable 41775
Build 42075: arc lint + arc unit

Event Timeline

johannes created this revision.Dec 2 2019, 4:44 AM

Herald added a project: Restricted Project. · View Herald TranscriptDec 2 2019, 4:44 AM

Herald added subscribers: llvm-commits, hiraditya, aprantl. · View Herald Transcript

johannes added reviewers: eugenis, aprantl.Dec 2 2019, 4:47 AM

Herald added a subscriber: ormris. · View Herald TranscriptDec 2 2019, 4:47 AM

Harbormaster completed remote builds in B41698: Diff 231675.Dec 2 2019, 4:48 AM

johannes edited the summary of this revision. (Show Details)Dec 2 2019, 5:11 AM

johannes edited the summary of this revision. (Show Details)

Looks reasonable to me, but I'll let someone more familiar with asan give an lgtm.

llvm/test/Instrumentation/AddressSanitizer/debug-info-alloca.ll
2	nit: s/asan instrumentation/asan prologue/ ?

aprantl added inline comments.Dec 2 2019, 1:41 PM

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
2999	Can there be calls anywhere in the prologue? If yes, this may cause a verifier error i any of these calls get inlined. What does the commit message for the deleted statements say?

I think this is fine. The original change was about the coverage callback location.

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
2999	Yes, but they can not be inlined.

This revision is now accepted and ready to land.Dec 2 2019, 3:24 PM

vsk added inline comments.Dec 2 2019, 3:30 PM

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
2999	Yeah, so long as these callees have no DISubprogram (and I don't see why they would) there should be no verifier issues.

update comment and commit message

Harbormaster completed remote builds in B41775: Diff 231849.Dec 3 2019, 2:10 AM

Closed by commit rG09667bc19204: [asan] Remove debug locations from alloca prologue instrumentation (authored by johannes). · Explain WhyDec 3 2019, 2:29 AM

This revision was automatically updated to reflect the committed changes.

johannes marked an inline comment as done.

Revision Contents

Path

Size

llvm/

lib/

Transforms/

Instrumentation/

AddressSanitizer.cpp

6 lines

test/

Instrumentation/

AddressSanitizer/

debug-info-alloca.ll

75 lines

local_stack_base.ll

4 lines

Diff 231849

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp

Show First 20 Lines • Show All 2,990 Lines • ▼ Show 20 Lines	void FunctionStackPoisoner::processStaticAllocas() {

int StackMallocIdx = -1;		int StackMallocIdx = -1;
DebugLoc EntryDebugLocation;		DebugLoc EntryDebugLocation;
if (auto SP = F.getSubprogram())		if (auto SP = F.getSubprogram())
EntryDebugLocation = DebugLoc::get(SP->getScopeLine(), 0, SP);		EntryDebugLocation = DebugLoc::get(SP->getScopeLine(), 0, SP);

Instruction *InsBefore = AllocaVec[0];		Instruction *InsBefore = AllocaVec[0];
IRBuilder<> IRB(InsBefore);		IRBuilder<> IRB(InsBefore);
IRB.SetCurrentDebugLocation(EntryDebugLocation);

		aprantlUnsubmitted Not Done Reply Inline Actions Can there be calls anywhere in the prologue? If yes, this may cause a verifier error i any of these calls get inlined. What does the commit message for the deleted statements say? aprantl: Can there be calls anywhere in the prologue? If yes, this may cause a verifier error i any of…
		eugenisUnsubmitted Not Done Reply Inline Actions Yes, but they can not be inlined. eugenis: Yes, but they can not be inlined.
		vskUnsubmitted Not Done Reply Inline Actions Yeah, so long as these callees have no DISubprogram (and I don't see why they would) there should be no verifier issues. vsk: Yeah, so long as these callees have no DISubprogram (and I don't see why they would) there…
// Make sure non-instrumented allocas stay in the entry block. Otherwise,		// Make sure non-instrumented allocas stay in the entry block. Otherwise,
// debug info is broken, because only entry-block allocas are treated as		// debug info is broken, because only entry-block allocas are treated as
// regular stack slots.		// regular stack slots.
auto InsBeforeB = InsBefore->getParent();		auto InsBeforeB = InsBefore->getParent();
assert(InsBeforeB == &F.getEntryBlock());		assert(InsBeforeB == &F.getEntryBlock());
for (auto *AI : StaticAllocasToMoveUp)		for (auto *AI : StaticAllocasToMoveUp)
if (AI->getParent() == InsBeforeB)		if (AI->getParent() == InsBeforeB)
AI->moveBefore(InsBefore);		AI->moveBefore(InsBefore);
▲ Show 20 Lines • Show All 77 Lines • ▼ Show 20 Lines	if (DoStackMalloc) {
Constant *OptionDetectUseAfterReturn = F.getParent()->getOrInsertGlobal(		Constant *OptionDetectUseAfterReturn = F.getParent()->getOrInsertGlobal(
kAsanOptionDetectUseAfterReturn, IRB.getInt32Ty());		kAsanOptionDetectUseAfterReturn, IRB.getInt32Ty());
Value *UseAfterReturnIsEnabled = IRB.CreateICmpNE(		Value *UseAfterReturnIsEnabled = IRB.CreateICmpNE(
IRB.CreateLoad(IRB.getInt32Ty(), OptionDetectUseAfterReturn),		IRB.CreateLoad(IRB.getInt32Ty(), OptionDetectUseAfterReturn),
Constant::getNullValue(IRB.getInt32Ty()));		Constant::getNullValue(IRB.getInt32Ty()));
Instruction *Term =		Instruction *Term =
SplitBlockAndInsertIfThen(UseAfterReturnIsEnabled, InsBefore, false);		SplitBlockAndInsertIfThen(UseAfterReturnIsEnabled, InsBefore, false);
IRBuilder<> IRBIf(Term);		IRBuilder<> IRBIf(Term);
IRBIf.SetCurrentDebugLocation(EntryDebugLocation);
StackMallocIdx = StackMallocSizeClass(LocalStackSize);		StackMallocIdx = StackMallocSizeClass(LocalStackSize);
assert(StackMallocIdx <= kMaxAsanStackMallocSizeClass);		assert(StackMallocIdx <= kMaxAsanStackMallocSizeClass);
Value *FakeStackValue =		Value *FakeStackValue =
IRBIf.CreateCall(AsanStackMallocFunc[StackMallocIdx],		IRBIf.CreateCall(AsanStackMallocFunc[StackMallocIdx],
ConstantInt::get(IntptrTy, LocalStackSize));		ConstantInt::get(IntptrTy, LocalStackSize));
IRB.SetInsertPoint(InsBefore);		IRB.SetInsertPoint(InsBefore);
IRB.SetCurrentDebugLocation(EntryDebugLocation);
FakeStack = createPHI(IRB, UseAfterReturnIsEnabled, FakeStackValue, Term,		FakeStack = createPHI(IRB, UseAfterReturnIsEnabled, FakeStackValue, Term,
ConstantInt::get(IntptrTy, 0));		ConstantInt::get(IntptrTy, 0));

Value *NoFakeStack =		Value *NoFakeStack =
IRB.CreateICmpEQ(FakeStack, Constant::getNullValue(IntptrTy));		IRB.CreateICmpEQ(FakeStack, Constant::getNullValue(IntptrTy));
Term = SplitBlockAndInsertIfThen(NoFakeStack, InsBefore, false);		Term = SplitBlockAndInsertIfThen(NoFakeStack, InsBefore, false);
IRBIf.SetInsertPoint(Term);		IRBIf.SetInsertPoint(Term);
IRBIf.SetCurrentDebugLocation(EntryDebugLocation);
Value *AllocaValue =		Value *AllocaValue =
DoDynamicAlloca ? createAllocaForLayout(IRBIf, L, true) : StaticAlloca;		DoDynamicAlloca ? createAllocaForLayout(IRBIf, L, true) : StaticAlloca;

IRB.SetInsertPoint(InsBefore);		IRB.SetInsertPoint(InsBefore);
IRB.SetCurrentDebugLocation(EntryDebugLocation);
LocalStackBase = createPHI(IRB, NoFakeStack, AllocaValue, Term, FakeStack);		LocalStackBase = createPHI(IRB, NoFakeStack, AllocaValue, Term, FakeStack);
IRB.SetCurrentDebugLocation(EntryDebugLocation);
IRB.CreateStore(LocalStackBase, LocalStackBaseAlloca);		IRB.CreateStore(LocalStackBase, LocalStackBaseAlloca);
DIExprFlags \|= DIExpression::DerefBefore;		DIExprFlags \|= DIExpression::DerefBefore;
} else {		} else {
// void *FakeStack = nullptr;		// void *FakeStack = nullptr;
// void *LocalStackBase = alloca(LocalStackSize);		// void *LocalStackBase = alloca(LocalStackSize);
FakeStack = ConstantInt::get(IntptrTy, 0);		FakeStack = ConstantInt::get(IntptrTy, 0);
LocalStackBase =		LocalStackBase =
DoDynamicAlloca ? createAllocaForLayout(IRB, L, true) : StaticAlloca;		DoDynamicAlloca ? createAllocaForLayout(IRB, L, true) : StaticAlloca;
▲ Show 20 Lines • Show All 216 Lines • Show Last 20 Lines

llvm/test/Instrumentation/AddressSanitizer/debug-info-alloca.ll

This file was added.

				; Checks that asan prologue does not add debug locations, which would
				; fool findPrologueEndLoc because it sets the end of the prologue to the
				vskUnsubmitted Done Reply Inline Actions nit: s/asan instrumentation/asan prologue/ ? vsk: nit: s/asan instrumentation/asan prologue/ ?
				; first instruction. Breaking on the instrumented function in a debugger
				; would then stop at that instruction, before the prologue is finished.

				; RUN: opt < %s -asan -asan-module -S \| FileCheck %s
				; 1: void f(int *arg) {
				; 2: }
				; 3: int main(int argc, char **argv) {
				; 4: f(&argc);
				; 5: }
				; clang 1.cc -g -S -emit-llvm -o - \| sed 's/#0 = {/#0 = { sanitize_address/'

				target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128"
				target triple = "x86_64-unknown-linux-gnu"

				define dso_local i32 @main(i32 %argc, i8** %argv) #0 !dbg !15 {
				entry:
				; No suffix like !dbg !123
				; CHECK: %asan_local_stack_base = alloca i64{{$}}
				; CHECK: %3 = call i64 @__asan_stack_malloc_0(i64 64){{$}}
				%argc.addr = alloca i32, align 4
				%argv.addr = alloca i8**, align 8
				store i32 %argc, i32* %argc.addr, align 4
				call void @llvm.dbg.declare(metadata i32* %argc.addr, metadata !21, metadata !DIExpression()), !dbg !22
				store i8 %argv, i8* %argv.addr, align 8
				call void @llvm.dbg.declare(metadata i8*** %argv.addr, metadata !23, metadata !DIExpression()), !dbg !24
				call void @f(i32* %argc.addr), !dbg !25
				ret i32 0, !dbg !26
				}

				define dso_local void @f(i32* %arg) #0 !dbg !7 {
				entry:
				%arg.addr = alloca i32*, align 8
				store i32* %arg, i32** %arg.addr, align 8
				call void @llvm.dbg.declare(metadata i32** %arg.addr, metadata !12, metadata !DIExpression()), !dbg !13
				ret void, !dbg !14
				}

				declare void @llvm.dbg.declare(metadata, metadata, metadata) #1

				attributes #0 = { sanitize_address noinline nounwind optnone uwtable "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "frame-pointer"="all" "less-precise-fpmad"="false" "min-legal-vector-width"="0" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+cx8,+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" }
				attributes #1 = { nounwind readnone speculatable willreturn }

				!llvm.dbg.cu = !{!0}
				!llvm.module.flags = !{!3, !4, !5}
				!llvm.ident = !{!6}

				!0 = distinct !DICompileUnit(language: DW_LANG_C99, file: !1, producer: "clang version 10.0.0 (git@github.com:llvm/llvm-project 1ac700cdef787383ad49a0e37d9894491ef19480)", isOptimized: false, runtimeVersion: 0, emissionKind: FullDebug, enums: !2, nameTableKind: None)
				!1 = !DIFile(filename: "2.c", directory: "/home/builduser")
				!2 = !{}
				!3 = !{i32 7, !"Dwarf Version", i32 4}
				!4 = !{i32 2, !"Debug Info Version", i32 3}
				!5 = !{i32 1, !"wchar_size", i32 4}
				!6 = !{!"clang version 10.0.0 (git@github.com:llvm/llvm-project 1ac700cdef787383ad49a0e37d9894491ef19480)"}
				!7 = distinct !DISubprogram(name: "f", scope: !1, file: !1, line: 1, type: !8, scopeLine: 1, flags: DIFlagPrototyped, spFlags: DISPFlagDefinition, unit: !0, retainedNodes: !2)
				!8 = !DISubroutineType(types: !9)
				!9 = !{null, !10}
				!10 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !11, size: 64)
				!11 = !DIBasicType(name: "int", size: 32, encoding: DW_ATE_signed)
				!12 = !DILocalVariable(name: "arg", arg: 1, scope: !7, file: !1, line: 1, type: !10)
				!13 = !DILocation(line: 1, column: 13, scope: !7)
				!14 = !DILocation(line: 2, column: 1, scope: !7)
				!15 = distinct !DISubprogram(name: "main", scope: !1, file: !1, line: 3, type: !16, scopeLine: 3, flags: DIFlagPrototyped, spFlags: DISPFlagDefinition, unit: !0, retainedNodes: !2)
				!16 = !DISubroutineType(types: !17)
				!17 = !{!11, !11, !18}
				!18 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !19, size: 64)
				!19 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !20, size: 64)
				!20 = !DIBasicType(name: "char", size: 8, encoding: DW_ATE_signed_char)
				!21 = !DILocalVariable(name: "argc", arg: 1, scope: !15, file: !1, line: 3, type: !11)
				!22 = !DILocation(line: 3, column: 14, scope: !15)
				!23 = !DILocalVariable(name: "argv", arg: 2, scope: !15, file: !1, line: 3, type: !18)
				!24 = !DILocation(line: 3, column: 27, scope: !15)
				!25 = !DILocation(line: 4, column: 3, scope: !15)
				!26 = !DILocation(line: 5, column: 1, scope: !15)

llvm/test/Instrumentation/AddressSanitizer/local_stack_base.ll

	Show All 12 Lines
	entry:			entry:
	%i.addr = alloca i32, align 4			%i.addr = alloca i32, align 4
	store i32 %i, i32* %i.addr, align 4			store i32 %i, i32* %i.addr, align 4
	call void @llvm.dbg.declare(metadata i32* %i.addr, metadata !12, metadata !DIExpression()), !dbg !13			call void @llvm.dbg.declare(metadata i32* %i.addr, metadata !12, metadata !DIExpression()), !dbg !13

	; CHECK: %asan_local_stack_base = alloca i64			; CHECK: %asan_local_stack_base = alloca i64
	; CHECK: %[[ALLOCA:.]] = ptrtoint i8 %MyAlloca to i64			; CHECK: %[[ALLOCA:.]] = ptrtoint i8 %MyAlloca to i64
	; CHECK: %[[PHI:.]] = phi i64 {{.}} %[[ALLOCA]],			; CHECK: %[[PHI:.]] = phi i64 {{.}} %[[ALLOCA]],
	; CHECK: store i64 %[[PHI]], i64* %asan_local_stack_base, !dbg			; CHECK: store i64 %[[PHI]], i64* %asan_local_stack_base
	; CHECK: call void @llvm.dbg.declare(metadata i64* %asan_local_stack_base, metadata !13, metadata !DIExpression(DW_OP_deref, DW_OP_plus_uconst, 32)), !dbg !14			; CHECK: call void @llvm.dbg.declare(metadata i64* %asan_local_stack_base, metadata !12, metadata !DIExpression(DW_OP_deref, DW_OP_plus_uconst, 32)), !dbg !13
	%0 = load i32, i32* %i.addr, align 4, !dbg !14			%0 = load i32, i32* %i.addr, align 4, !dbg !14
	%add = add nsw i32 %0, 2, !dbg !15			%add = add nsw i32 %0, 2, !dbg !15
	ret i32 %add, !dbg !16			ret i32 %add, !dbg !16
	}			}

	; Function Attrs: nounwind readnone speculatable			; Function Attrs: nounwind readnone speculatable
	declare void @llvm.dbg.declare(metadata, metadata, metadata) #1			declare void @llvm.dbg.declare(metadata, metadata, metadata) #1

	Show All 24 Lines