[asan] Add support of lifetime poisoning into ComputeASanStackFrameLayout

vitalybuka · vitalybuka · commit d5ec14989d7c · 2016-08-18T00:56:58.000Z
Summary: We are going to combine poisoning of red zones and scope poisoning. PR27453 Reviewers: kcc, eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D23623 llvm-svn: 279020
diff --git a/llvm/include/llvm/Transforms/Utils/ASanStackFrameLayout.h b/llvm/include/llvm/Transforms/Utils/ASanStackFrameLayout.h
@@ -24,16 +24,19 @@ class AllocaInst;
 static const int kAsanStackLeftRedzoneMagic = 0xf1;
 static const int kAsanStackMidRedzoneMagic = 0xf2;
 static const int kAsanStackRightRedzoneMagic = 0xf3;
+static const int kAsanStackUseAfterScopeMagic = 0xf8;
 
 // Input/output data struct for ComputeASanStackFrameLayout.
 struct ASanStackVariableDescription {
-  const char *Name;  // Name of the variable that will be displayed by asan
-                     // if a stack-related bug is reported.
-  uint64_t Size;     // Size of the variable in bytes.
-  size_t Alignment;  // Alignment of the variable (power of 2).
-  AllocaInst *AI;    // The actual AllocaInst.
-  size_t Offset;     // Offset from the beginning of the frame;
-                     // set by ComputeASanStackFrameLayout.
+  const char *Name;    // Name of the variable that will be displayed by asan
+                       // if a stack-related bug is reported.
+  uint64_t Size;       // Size of the variable in bytes.
+  size_t LifetimeSize; // Size in bytes to use for lifetime analysis check.
+                       // Will be rounded up to Granularity.
+  size_t Alignment;    // Alignment of the variable (power of 2).
+  AllocaInst *AI;      // The actual AllocaInst.
+  size_t Offset;       // Offset from the beginning of the frame;
+                       // set by ComputeASanStackFrameLayout.
 };
 
 // Output data struct for ComputeASanStackFrameLayout.
diff --git a/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
@@ -2079,7 +2079,10 @@ void FunctionStackPoisoner::poisonStack() {
   for (AllocaInst *AI : AllocaVec) {
     ASanStackVariableDescription D = {AI->getName().data(),
                                       ASan.getAllocaSizeInBytes(*AI),
-                                      AI->getAlignment(), AI, 0};
+                                      0,
+                                      AI->getAlignment(),
+                                      AI,
+                                      0};
     SVD.push_back(D);
   }
   // Minimal header size (left redzone) is 4 pointers,
diff --git a/llvm/lib/Transforms/Utils/ASanStackFrameLayout.cpp b/llvm/lib/Transforms/Utils/ASanStackFrameLayout.cpp
@@ -81,19 +81,26 @@ ComputeASanStackFrameLayout(SmallVectorImpl<ASanStackVariableDescription> &Vars,
     assert(Layout->FrameAlignment >= Alignment);
     assert((Offset % Alignment) == 0);
     assert(Size > 0);
+    assert(Vars[i].LifetimeSize <= Size);
     StackDescription << " " << Offset << " " << Size << " " << strlen(Name)
                      << " " << Name;
     size_t NextAlignment = IsLast ? Granularity
                    : std::max(Granularity, Vars[i + 1].Alignment);
     size_t SizeWithRedzone = VarAndRedzoneSize(Vars[i].Size, NextAlignment);
-    SB.insert(SB.end(), Size / Granularity, 0);
-    if (Size % Granularity)
-      SB.insert(SB.end(), Size % Granularity);
+    size_t LifetimeShadowSize =
+        (Vars[i].LifetimeSize + Granularity - 1) / Granularity;
+    SB.insert(SB.end(), LifetimeShadowSize, kAsanStackUseAfterScopeMagic);
+    if (Size / Granularity >= LifetimeShadowSize) {
+      SB.insert(SB.end(), Size / Granularity - LifetimeShadowSize, 0);
+      if (Size % Granularity)
+        SB.insert(SB.end(), Size % Granularity);
+    }
     SB.insert(SB.end(), (SizeWithRedzone - Size) / Granularity,
         IsLast ? kAsanStackRightRedzoneMagic
         : kAsanStackMidRedzoneMagic);
     Vars[i].Offset = Offset;
     Offset += SizeWithRedzone;
+    assert(Offset == SB.size() * Granularity);
   }
   if (Offset % MinHeaderSize) {
     size_t ExtraRedzone = MinHeaderSize - (Offset % MinHeaderSize);
diff --git a/llvm/unittests/Transforms/Utils/ASanStackFrameLayoutTest.cpp b/llvm/unittests/Transforms/Utils/ASanStackFrameLayoutTest.cpp
@@ -21,6 +21,9 @@ ShadowBytesToString(ArrayRef<uint8_t> ShadowBytes) {
       case kAsanStackLeftRedzoneMagic:    os << "L"; break;
       case kAsanStackRightRedzoneMagic:   os << "R"; break;
       case kAsanStackMidRedzoneMagic:     os << "M"; break;
+      case kAsanStackUseAfterScopeMagic:
+        os << "S";
+        break;
       default:                            os << (unsigned)ShadowBytes[i];
     }
   }
@@ -42,27 +45,28 @@ TEST(ASanStackFrameLayout, Test) {
 #define VEC(a)                                                                 \
   SmallVector<ASanStackVariableDescription, 10>(a, a + sizeof(a) / sizeof(a[0]))
 
-#define VAR(name, size, alignment)                                             \
+#define VAR(name, size, lifetime, alignment)                                   \
   ASanStackVariableDescription name##size##_##alignment = {                    \
     #name #size "_" #alignment,                                                \
     size,                                                                      \
+    lifetime,                                                                  \
     alignment,                                                                 \
     0,                                                                         \
     0                                                                          \
   }
 
-  VAR(a, 1, 1);
-  VAR(p, 1, 32);
-  VAR(p, 1, 256);
-  VAR(a, 2, 1);
-  VAR(a, 3, 1);
-  VAR(a, 4, 1);
-  VAR(a, 7, 1);
-  VAR(a, 8, 1);
-  VAR(a, 9, 1);
-  VAR(a, 16, 1);
-  VAR(a, 41, 1);
-  VAR(a, 105, 1);
+  VAR(a, 1, 0, 1);
+  VAR(p, 1, 0, 32);
+  VAR(p, 1, 0, 256);
+  VAR(a, 2, 0, 1);
+  VAR(a, 3, 0, 1);
+  VAR(a, 4, 0, 1);
+  VAR(a, 7, 0, 1);
+  VAR(a, 8, 8, 1);
+  VAR(a, 9, 0, 1);
+  VAR(a, 16, 0, 1);
+  VAR(a, 41, 9, 1);
+  VAR(a, 105, 103, 1);
 
   TestLayout(VEC1(a1_1), 8, 16, "1 16 1 4 a1_1", "LL1R");
   TestLayout(VEC1(a1_1), 64, 64, "1 64 1 4 a1_1", "L1");
@@ -74,27 +78,25 @@ TEST(ASanStackFrameLayout, Test) {
   TestLayout(VEC1(a3_1), 8, 32, "1 32 3 4 a3_1", "LLLL3RRR");
   TestLayout(VEC1(a4_1), 8, 32, "1 32 4 4 a4_1", "LLLL4RRR");
   TestLayout(VEC1(a7_1), 8, 32, "1 32 7 4 a7_1", "LLLL7RRR");
-  TestLayout(VEC1(a8_1), 8, 32, "1 32 8 4 a8_1", "LLLL0RRR");
+  TestLayout(VEC1(a8_1), 8, 32, "1 32 8 4 a8_1", "LLLLSRRR");
   TestLayout(VEC1(a9_1), 8, 32, "1 32 9 4 a9_1", "LLLL01RR");
   TestLayout(VEC1(a16_1), 8, 32, "1 32 16 5 a16_1", "LLLL00RR");
   TestLayout(VEC1(p1_256), 8, 32, "1 256 1 6 p1_256",
              "LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL1RRR");
-  TestLayout(VEC1(a41_1), 8, 32, "1 32 41 5 a41_1", "LLLL000001RRRRRR");
+  TestLayout(VEC1(a41_1), 8, 32, "1 32 41 5 a41_1", "LLLLSS0001RRRRRR");
   TestLayout(VEC1(a105_1), 8, 32, "1 32 105 6 a105_1",
-             "LLLL00000000000001RRRRRR");
+             "LLLLSSSSSSSSSSSSS1RRRRRR");
 
   {
     ASanStackVariableDescription t[] = {a1_1, p1_256};
-    TestLayout(VEC(t), 8, 32,
-               "2 256 1 6 p1_256 272 1 4 a1_1",
-               "LLLLLLLL" "LLLLLLLL" "LLLLLLLL" "LLLLLLLL" "1M1R");
+    TestLayout(VEC(t), 8, 32, "2 256 1 6 p1_256 272 1 4 a1_1",
+               "LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL1M1R");
   }
 
   {
     ASanStackVariableDescription t[] = {a1_1, a16_1, a41_1};
-    TestLayout(VEC(t), 8, 32,
-               "3 32 1 4 a1_1 48 16 5 a16_1 80 41 5 a41_1",
-               "LLLL" "1M00" "MM00" "0001" "RRRR");
+    TestLayout(VEC(t), 8, 32, "3 32 1 4 a1_1 48 16 5 a16_1 80 41 5 a41_1",
+               "LLLL1M00MMSS0001RRRR");
   }
 #undef VEC1
 #undef VEC
