From d5ec14989d7cf87082779bf8a85750a176e1e0bd Mon Sep 17 00:00:00 2001 From: Vitaly Buka Date: Thu, 18 Aug 2016 00:56:58 +0000 Subject: [PATCH] [asan] Add support of lifetime poisoning into ComputeASanStackFrameLayout Summary: We are going to combine poisoning of red zones and scope poisoning. PR27453 Reviewers: kcc, eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D23623 llvm-svn: 279020 --- .../llvm/Transforms/Utils/ASanStackFrameLayout.h | 17 ++++---- .../Instrumentation/AddressSanitizer.cpp | 5 ++- llvm/lib/Transforms/Utils/ASanStackFrameLayout.cpp | 13 ++++-- .../Transforms/Utils/ASanStackFrameLayoutTest.cpp | 46 +++++++++++----------- 4 files changed, 48 insertions(+), 33 deletions(-) diff --git a/llvm/include/llvm/Transforms/Utils/ASanStackFrameLayout.h b/llvm/include/llvm/Transforms/Utils/ASanStackFrameLayout.h index 4e4f02c..0c9b72f 100644 --- a/llvm/include/llvm/Transforms/Utils/ASanStackFrameLayout.h +++ b/llvm/include/llvm/Transforms/Utils/ASanStackFrameLayout.h @@ -24,16 +24,19 @@ class AllocaInst; static const int kAsanStackLeftRedzoneMagic = 0xf1; static const int kAsanStackMidRedzoneMagic = 0xf2; static const int kAsanStackRightRedzoneMagic = 0xf3; +static const int kAsanStackUseAfterScopeMagic = 0xf8; // Input/output data struct for ComputeASanStackFrameLayout. struct ASanStackVariableDescription { - const char *Name; // Name of the variable that will be displayed by asan - // if a stack-related bug is reported. - uint64_t Size; // Size of the variable in bytes. - size_t Alignment; // Alignment of the variable (power of 2). - AllocaInst *AI; // The actual AllocaInst. - size_t Offset; // Offset from the beginning of the frame; - // set by ComputeASanStackFrameLayout. + const char *Name; // Name of the variable that will be displayed by asan + // if a stack-related bug is reported. + uint64_t Size; // Size of the variable in bytes. + size_t LifetimeSize; // Size in bytes to use for lifetime analysis check. + // Will be rounded up to Granularity. + size_t Alignment; // Alignment of the variable (power of 2). + AllocaInst *AI; // The actual AllocaInst. + size_t Offset; // Offset from the beginning of the frame; + // set by ComputeASanStackFrameLayout. }; // Output data struct for ComputeASanStackFrameLayout. diff --git a/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp index 58e5527..3ad8e14 100644 --- a/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp +++ b/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp @@ -2079,7 +2079,10 @@ void FunctionStackPoisoner::poisonStack() { for (AllocaInst *AI : AllocaVec) { ASanStackVariableDescription D = {AI->getName().data(), ASan.getAllocaSizeInBytes(*AI), - AI->getAlignment(), AI, 0}; + 0, + AI->getAlignment(), + AI, + 0}; SVD.push_back(D); } // Minimal header size (left redzone) is 4 pointers, diff --git a/llvm/lib/Transforms/Utils/ASanStackFrameLayout.cpp b/llvm/lib/Transforms/Utils/ASanStackFrameLayout.cpp index 7e50d4b..8e2ff7f 100644 --- a/llvm/lib/Transforms/Utils/ASanStackFrameLayout.cpp +++ b/llvm/lib/Transforms/Utils/ASanStackFrameLayout.cpp @@ -81,19 +81,26 @@ ComputeASanStackFrameLayout(SmallVectorImpl &Vars, assert(Layout->FrameAlignment >= Alignment); assert((Offset % Alignment) == 0); assert(Size > 0); + assert(Vars[i].LifetimeSize <= Size); StackDescription << " " << Offset << " " << Size << " " << strlen(Name) << " " << Name; size_t NextAlignment = IsLast ? Granularity : std::max(Granularity, Vars[i + 1].Alignment); size_t SizeWithRedzone = VarAndRedzoneSize(Vars[i].Size, NextAlignment); - SB.insert(SB.end(), Size / Granularity, 0); - if (Size % Granularity) - SB.insert(SB.end(), Size % Granularity); + size_t LifetimeShadowSize = + (Vars[i].LifetimeSize + Granularity - 1) / Granularity; + SB.insert(SB.end(), LifetimeShadowSize, kAsanStackUseAfterScopeMagic); + if (Size / Granularity >= LifetimeShadowSize) { + SB.insert(SB.end(), Size / Granularity - LifetimeShadowSize, 0); + if (Size % Granularity) + SB.insert(SB.end(), Size % Granularity); + } SB.insert(SB.end(), (SizeWithRedzone - Size) / Granularity, IsLast ? kAsanStackRightRedzoneMagic : kAsanStackMidRedzoneMagic); Vars[i].Offset = Offset; Offset += SizeWithRedzone; + assert(Offset == SB.size() * Granularity); } if (Offset % MinHeaderSize) { size_t ExtraRedzone = MinHeaderSize - (Offset % MinHeaderSize); diff --git a/llvm/unittests/Transforms/Utils/ASanStackFrameLayoutTest.cpp b/llvm/unittests/Transforms/Utils/ASanStackFrameLayoutTest.cpp index 0d3a239d..6bac5cd 100644 --- a/llvm/unittests/Transforms/Utils/ASanStackFrameLayoutTest.cpp +++ b/llvm/unittests/Transforms/Utils/ASanStackFrameLayoutTest.cpp @@ -21,6 +21,9 @@ ShadowBytesToString(ArrayRef ShadowBytes) { case kAsanStackLeftRedzoneMagic: os << "L"; break; case kAsanStackRightRedzoneMagic: os << "R"; break; case kAsanStackMidRedzoneMagic: os << "M"; break; + case kAsanStackUseAfterScopeMagic: + os << "S"; + break; default: os << (unsigned)ShadowBytes[i]; } } @@ -42,27 +45,28 @@ TEST(ASanStackFrameLayout, Test) { #define VEC(a) \ SmallVector(a, a + sizeof(a) / sizeof(a[0])) -#define VAR(name, size, alignment) \ +#define VAR(name, size, lifetime, alignment) \ ASanStackVariableDescription name##size##_##alignment = { \ #name #size "_" #alignment, \ size, \ + lifetime, \ alignment, \ 0, \ 0 \ } - VAR(a, 1, 1); - VAR(p, 1, 32); - VAR(p, 1, 256); - VAR(a, 2, 1); - VAR(a, 3, 1); - VAR(a, 4, 1); - VAR(a, 7, 1); - VAR(a, 8, 1); - VAR(a, 9, 1); - VAR(a, 16, 1); - VAR(a, 41, 1); - VAR(a, 105, 1); + VAR(a, 1, 0, 1); + VAR(p, 1, 0, 32); + VAR(p, 1, 0, 256); + VAR(a, 2, 0, 1); + VAR(a, 3, 0, 1); + VAR(a, 4, 0, 1); + VAR(a, 7, 0, 1); + VAR(a, 8, 8, 1); + VAR(a, 9, 0, 1); + VAR(a, 16, 0, 1); + VAR(a, 41, 9, 1); + VAR(a, 105, 103, 1); TestLayout(VEC1(a1_1), 8, 16, "1 16 1 4 a1_1", "LL1R"); TestLayout(VEC1(a1_1), 64, 64, "1 64 1 4 a1_1", "L1"); @@ -74,27 +78,25 @@ TEST(ASanStackFrameLayout, Test) { TestLayout(VEC1(a3_1), 8, 32, "1 32 3 4 a3_1", "LLLL3RRR"); TestLayout(VEC1(a4_1), 8, 32, "1 32 4 4 a4_1", "LLLL4RRR"); TestLayout(VEC1(a7_1), 8, 32, "1 32 7 4 a7_1", "LLLL7RRR"); - TestLayout(VEC1(a8_1), 8, 32, "1 32 8 4 a8_1", "LLLL0RRR"); + TestLayout(VEC1(a8_1), 8, 32, "1 32 8 4 a8_1", "LLLLSRRR"); TestLayout(VEC1(a9_1), 8, 32, "1 32 9 4 a9_1", "LLLL01RR"); TestLayout(VEC1(a16_1), 8, 32, "1 32 16 5 a16_1", "LLLL00RR"); TestLayout(VEC1(p1_256), 8, 32, "1 256 1 6 p1_256", "LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL1RRR"); - TestLayout(VEC1(a41_1), 8, 32, "1 32 41 5 a41_1", "LLLL000001RRRRRR"); + TestLayout(VEC1(a41_1), 8, 32, "1 32 41 5 a41_1", "LLLLSS0001RRRRRR"); TestLayout(VEC1(a105_1), 8, 32, "1 32 105 6 a105_1", - "LLLL00000000000001RRRRRR"); + "LLLLSSSSSSSSSSSSS1RRRRRR"); { ASanStackVariableDescription t[] = {a1_1, p1_256}; - TestLayout(VEC(t), 8, 32, - "2 256 1 6 p1_256 272 1 4 a1_1", - "LLLLLLLL" "LLLLLLLL" "LLLLLLLL" "LLLLLLLL" "1M1R"); + TestLayout(VEC(t), 8, 32, "2 256 1 6 p1_256 272 1 4 a1_1", + "LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL1M1R"); } { ASanStackVariableDescription t[] = {a1_1, a16_1, a41_1}; - TestLayout(VEC(t), 8, 32, - "3 32 1 4 a1_1 48 16 5 a16_1 80 41 5 a41_1", - "LLLL" "1M00" "MM00" "0001" "RRRR"); + TestLayout(VEC(t), 8, 32, "3 32 1 4 a1_1 48 16 5 a16_1 80 41 5 a41_1", + "LLLL1M00MMSS0001RRRR"); } #undef VEC1 #undef VEC -- 2.7.4