diff --git a/clang/docs/HardwareAssistedAddressSanitizerDesign.rst b/clang/docs/HardwareAssistedAddressSanitizerDesign.rst --- a/clang/docs/HardwareAssistedAddressSanitizerDesign.rst +++ b/clang/docs/HardwareAssistedAddressSanitizerDesign.rst @@ -19,13 +19,17 @@ sources of AddressSanitizer's memory overhead. See the `AddressSanitizer paper`_ for details. -AArch64 has the `Address Tagging`_ (or top-byte-ignore, TBI), a hardware feature that allows -software to use 8 most significant bits of a 64-bit pointer as +AArch64 has `Address Tagging`_ (or top-byte-ignore, TBI), a hardware feature that allows +software to use the 8 most significant bits of a 64-bit pointer as a tag. HWASAN uses `Address Tagging`_ to implement a memory safety tool, similar to :doc:`AddressSanitizer`, but with smaller memory overhead and slightly different (mostly better) accuracy guarantees. +Intel's `Linear Address Masking`_ (LAM) also provides address tagging for +x86_64, though it is not widely available in hardware yet. For x86_64, HWASAN +has a limited implementation using page aliasing instead. + Algorithm ========= * Every heap/stack/global memory object is forcibly aligned by `TG` bytes @@ -266,7 +270,15 @@ will have limited deployability since not all of the code is typically instrumented. -The HWASAN's approach is not applicable to 32-bit architectures. +On x86_64, HWASAN utilizes page aliasing to place tags in userspace address +bits. Currently only heap tagging is supported. The page aliases rely on +shared memory, which will cause heap memory to be shared between processes if +the application calls ``fork()``. Therefore x86_64 is really only safe for +applications that do not fork. + +HWASAN does not currently support 32-bit architectures since they do not +support `Address Tagging`_ and the address space is too constrained to easily +implement page aliasing. Related Work @@ -284,4 +296,4 @@ .. _SPARC ADI: https://lazytyped.blogspot.com/2017/09/getting-started-with-adi.html .. _AddressSanitizer paper: https://www.usenix.org/system/files/conference/atc12/atc12-final39.pdf .. _Address Tagging: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.den0024a/ch12s05s01.html - +.. _Linear Address Masking: https://software.intel.com/content/www/us/en/develop/download/intel-architecture-instruction-set-extensions-programming-reference.html