After DFSan reports taint sinks, the next questions are "How did they get it?", "When did that happen?", "Who has tainted data originally?", etc. This change addresses this by adding origin tracking. This change will be split into small diffs for incremental review. //////////// The Design //////////// Inspired by MSan's origin tracking. 1) The new flag -dfsan-track-origins is added. It works only with 16bit mode. 2) Each 4 contiguous user bytes share one 4-byte origin information aligned by 4: the user byte at addr uses an origin at addr && ~3UL + origin_start_addr. 3) An 4-byte origin is a hash of an origin chain. An origin chain is a pair of a stack hash id and a hash to its previous origin chain. 0 means no previous origin chains exist. We limit the length of a chain to be 16. With origin_history_size = 0, the limit is removed. 4) Only at store and memory transfer operations, new chains are created when taint data are written. This is to reduce chain lengths. 5) At each instruction with > 1 operands, only one origin chain is propagated. This is to reduce chain widths. 6) Each customized function has two wrappers. The first one is for the normal shadow propagation. The second one is used when origin tracking is on. It calls the first one, and does additional origin propagation. Which one to use can be decided at instrumentation time. This is to ensure minimal additional overhead when origin tracking is off. 7) Provide an API dfsan_print_origin_trace that reports stack traces along a trace.
|90 ms||x64 windows > LLVM.Instrumentation/DataFlowSanitizer::origin_ldst.ll|
Script: -- : 'RUN: at line 1'; c:\ws\w1\llvm-project\premerge-checks\build\bin\opt.exe < C:\ws\w1\llvm-project\premerge-checks\llvm\test\Instrumentation\DataFlowSanitizer\origin_ldst.ll -dfsan -dfsan-track-origins=1 -dfsan-fast-16-labels=true -S | c:\ws\w1\llvm-project\premerge-checks\build\bin\filecheck.exe --allow-unused-prefixes=false C:\ws\w1\llvm-project\premerge-checks\llvm\test\Instrumentation\DataFlowSanitizer\origin_ldst.ll --check-prefix=CHECK