llvm.org GIT mirror llvm / c6bc69a
[NewPM] Second attempt at porting ASan This is the second attempt to port ASan to new PM after D52739. This takes the initialization requried by ASan from the Module by moving it into a separate class with it's own analysis that the new PM ASan can use. Changes: - Split AddressSanitizer into 2 passes: 1 for the instrumentation on the function, and 1 for the pass itself which creates an instance of the first during it's run. The same is done for AddressSanitizerModule. - Add new PM AddressSanitizer and AddressSanitizerModule. - Add legacy and new PM analyses for reading data needed to initialize ASan with. - Removed DominatorTree dependency from ASan since it was unused. - Move GlobalsMetadata and ShadowMapping out of anonymous namespace since the new PM analysis holds these 2 classes and will need to expose them. Differential Revision: https://reviews.llvm.org/D56470 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@353985 91177308-0d34-0410-b5e6-96231b3b80d8 Leonard Chan 7 months ago
9 changed file(s) with 428 addition(s) and 207 deletion(s). Raw diff Collapse all Expand all
1414 #include "llvm/IR/LegacyPassManager.h"
1515 #include "llvm/IR/Module.h"
1616 #include "llvm/Transforms/Instrumentation.h"
17 #include "llvm/Transforms/Instrumentation/AddressSanitizer.h"
1718 #include "llvm/Transforms/Instrumentation/MemorySanitizer.h"
1819 #include "llvm/Transforms/Instrumentation/ThreadSanitizer.h"
1920
2425 }
2526
2627 void LLVMAddAddressSanitizerModulePass(LLVMPassManagerRef PM) {
27 unwrap(PM)->add(createAddressSanitizerModulePass());
28 unwrap(PM)->add(createModuleAddressSanitizerLegacyPassPass());
2829 }
2930
3031 void LLVMAddThreadSanitizerPass(LLVMPassManagerRef PM) {
6363 void initializeAAResultsWrapperPassPass(PassRegistry&);
6464 void initializeADCELegacyPassPass(PassRegistry&);
6565 void initializeAddDiscriminatorsLegacyPassPass(PassRegistry&);
66 void initializeAddressSanitizerModulePass(PassRegistry&);
67 void initializeAddressSanitizerPass(PassRegistry&);
66 void initializeModuleAddressSanitizerLegacyPassPass(PassRegistry &);
67 void initializeASanGlobalsMetadataWrapperPassPass(PassRegistry &);
68 void initializeAddressSanitizerLegacyPassPass(PassRegistry &);
6869 void initializeAggressiveInstCombinerLegacyPassPass(PassRegistry&);
6970 void initializeAliasSetPrinterPass(PassRegistry&);
7071 void initializeAlignmentFromAssumptionsPass(PassRegistry&);
0 //===--------- Definition of the AddressSanitizer class ---------*- C++ -*-===//
1 //
2 // The LLVM Compiler Infrastructure
3 //
4 // This file is distributed under the University of Illinois Open Source
5 // License. See LICENSE.TXT for details.
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file declares the AddressSanitizer class which is a port of the legacy
10 // AddressSanitizer pass to use the new PassManager infrastructure.
11 //
12 //===----------------------------------------------------------------------===//
13 #ifndef LLVM_TRANSFORMS_INSTRUMENTATION_ADDRESSSANITIZERPASS_H
14 #define LLVM_TRANSFORMS_INSTRUMENTATION_ADDRESSSANITIZERPASS_H
15
16 #include "llvm/IR/Function.h"
17 #include "llvm/IR/Module.h"
18 #include "llvm/IR/PassManager.h"
19
20 namespace llvm {
21
22 /// Frontend-provided metadata for source location.
23 struct LocationMetadata {
24 StringRef Filename;
25 int LineNo = 0;
26 int ColumnNo = 0;
27
28 LocationMetadata() = default;
29
30 bool empty() const { return Filename.empty(); }
31 void parse(MDNode *MDN);
32 };
33
34 /// Frontend-provided metadata for global variables.
35 class GlobalsMetadata {
36 public:
37 struct Entry {
38 LocationMetadata SourceLoc;
39 StringRef Name;
40 bool IsDynInit = false;
41 bool IsBlacklisted = false;
42
43 Entry() = default;
44 };
45
46 /// Create a default uninitialized GlobalsMetadata instance.
47 GlobalsMetadata() = default;
48
49 /// Create an initialized GlobalsMetadata instance.
50 GlobalsMetadata(Module &M);
51
52 /// Returns metadata entry for a given global.
53 Entry get(GlobalVariable *G) const {
54 auto Pos = Entries.find(G);
55 return (Pos != Entries.end()) ? Pos->second : Entry();
56 }
57
58 /// Handle invalidation from the pass manager.
59 /// These results are never invalidated.
60 bool invalidate(Module &, const PreservedAnalyses &,
61 ModuleAnalysisManager::Invalidator &) {
62 return false;
63 }
64 bool invalidate(Function &, const PreservedAnalyses &,
65 FunctionAnalysisManager::Invalidator &) {
66 return false;
67 }
68
69 private:
70 DenseMap Entries;
71 };
72
73 /// The ASanGlobalsMetadataAnalysis initializes and returns a GlobalsMetadata
74 /// object. More specifically, ASan requires looking at all globals registered
75 /// in 'llvm.asan.globals' before running, which only depends on reading module
76 /// level metadata. This analysis is required to run before running the
77 /// AddressSanitizerPass since it collects that metadata.
78 /// The legacy pass manager equivalent of this is ASanGlobalsMetadataLegacyPass.
79 class ASanGlobalsMetadataAnalysis
80 : public AnalysisInfoMixin {
81 public:
82 using Result = GlobalsMetadata;
83
84 Result run(Module &, ModuleAnalysisManager &);
85
86 private:
87 friend AnalysisInfoMixin;
88 static AnalysisKey Key;
89 };
90
91 /// Public interface to the address sanitizer pass for instrumenting code to
92 /// check for various memory errors at runtime.
93 ///
94 /// The sanitizer itself is a function pass that works by inserting various
95 /// calls to the ASan runtime library functions. The runtime library essentially
96 /// replaces malloc() and free() with custom implementations that allow regions
97 /// surrounding requested memory to be checked for invalid accesses.
98 class AddressSanitizerPass : public PassInfoMixin {
99 public:
100 explicit AddressSanitizerPass(bool CompileKernel = false,
101 bool Recover = false,
102 bool UseAfterScope = false);
103 PreservedAnalyses run(Function &F, FunctionAnalysisManager &AM);
104
105 private:
106 bool CompileKernel;
107 bool Recover;
108 bool UseAfterScope;
109 };
110
111 /// Public interface to the address sanitizer module pass for instrumenting code
112 /// to check for various memory errors.
113 ///
114 /// This adds 'asan.module_ctor' to 'llvm.global_ctors'. This pass may also
115 /// run intependently of the function address sanitizer.
116 class ModuleAddressSanitizerPass
117 : public PassInfoMixin {
118 public:
119 explicit ModuleAddressSanitizerPass(bool CompileKernel = false,
120 bool Recover = false,
121 bool UseGlobalGC = true,
122 bool UseOdrIndicator = false);
123 PreservedAnalyses run(Module &M, ModuleAnalysisManager &AM);
124
125 private:
126 bool CompileKernel;
127 bool Recover;
128 bool UseGlobalGC;
129 bool UseOdrIndicator;
130 };
131
132 // Insert AddressSanitizer (address sanity checking) instrumentation
133 FunctionPass *createAddressSanitizerFunctionPass(bool CompileKernel = false,
134 bool Recover = false,
135 bool UseAfterScope = false);
136 ModulePass *createModuleAddressSanitizerLegacyPassPass(
137 bool CompileKernel = false, bool Recover = false, bool UseGlobalsGC = true,
138 bool UseOdrIndicator = true);
139
140 } // namespace llvm
141
142 #endif
140140 /// Insert frontend instrumentation based profiling.
141141 ModulePass *createInstrProfilingLegacyPass(
142142 const InstrProfOptions &Options = InstrProfOptions());
143
144 // Insert AddressSanitizer (address sanity checking) instrumentation
145 FunctionPass *createAddressSanitizerFunctionPass(bool CompileKernel = false,
146 bool Recover = false,
147 bool UseAfterScope = false);
148 ModulePass *createAddressSanitizerModulePass(bool CompileKernel = false,
149 bool Recover = false,
150 bool UseGlobalsGC = true,
151 bool UseOdrIndicator = true);
152143
153144 FunctionPass *createHWAddressSanitizerPass(bool CompileKernel = false,
154145 bool Recover = false);
8787 #include "llvm/Transforms/IPO/WholeProgramDevirt.h"
8888 #include "llvm/Transforms/InstCombine/InstCombine.h"
8989 #include "llvm/Transforms/Instrumentation.h"
90 #include "llvm/Transforms/Instrumentation/AddressSanitizer.h"
9091 #include "llvm/Transforms/Instrumentation/BoundsChecking.h"
9192 #include "llvm/Transforms/Instrumentation/CGProfile.h"
9293 #include "llvm/Transforms/Instrumentation/ControlHeightReduction.h"
9394 #include "llvm/Transforms/Instrumentation/GCOVProfiler.h"
9495 #include "llvm/Transforms/Instrumentation/InstrProfiling.h"
9596 #include "llvm/Transforms/Instrumentation/MemorySanitizer.h"
97 #include "llvm/Transforms/Instrumentation/PGOInstrumentation.h"
9698 #include "llvm/Transforms/Instrumentation/ThreadSanitizer.h"
97 #include "llvm/Transforms/Instrumentation/PGOInstrumentation.h"
9899 #include "llvm/Transforms/Scalar/ADCE.h"
99100 #include "llvm/Transforms/Scalar/AlignmentFromAssumptions.h"
100101 #include "llvm/Transforms/Scalar/BDCE.h"
2626 MODULE_ANALYSIS("targetlibinfo", TargetLibraryAnalysis())
2727 MODULE_ANALYSIS("verify", VerifierAnalysis())
2828 MODULE_ANALYSIS("pass-instrumentation", PassInstrumentationAnalysis(PIC))
29 MODULE_ANALYSIS("asan-globals-md", ASanGlobalsMetadataAnalysis())
2930
3031 #ifndef MODULE_ALIAS_ANALYSIS
3132 #define MODULE_ALIAS_ANALYSIS(NAME, CREATE_PASS) \
8081 MODULE_PASS("synthetic-counts-propagation", SyntheticCountsPropagation())
8182 MODULE_PASS("wholeprogramdevirt", WholeProgramDevirtPass(nullptr, nullptr))
8283 MODULE_PASS("verify", VerifierPass())
84 MODULE_PASS("asan-module", ModuleAddressSanitizerPass(false, false, true, false))
8385 #undef MODULE_PASS
8486
8587 #ifndef CGSCC_ANALYSIS
230232 FUNCTION_PASS("view-cfg", CFGViewerPass())
231233 FUNCTION_PASS("view-cfg-only", CFGOnlyViewerPass())
232234 FUNCTION_PASS("transform-warning", WarnMissedTransformationsPass())
235 FUNCTION_PASS("asan", AddressSanitizerPass(false, false, false))
233236 FUNCTION_PASS("msan", MemorySanitizerPass({}))
234237 FUNCTION_PASS("tsan", ThreadSanitizerPass())
235238 #undef FUNCTION_PASS
1111 //
1212 //===----------------------------------------------------------------------===//
1313
14 #include "llvm/Transforms/Instrumentation/AddressSanitizer.h"
1415 #include "llvm/ADT/ArrayRef.h"
1516 #include "llvm/ADT/DenseMap.h"
1617 #include "llvm/ADT/DepthFirstIterator.h"
2324 #include "llvm/ADT/Twine.h"
2425 #include "llvm/Analysis/MemoryBuiltins.h"
2526 #include "llvm/Analysis/TargetLibraryInfo.h"
26 #include "llvm/Transforms/Utils/Local.h"
2727 #include "llvm/Analysis/ValueTracking.h"
2828 #include "llvm/BinaryFormat/MachO.h"
2929 #include "llvm/IR/Argument.h"
7070 #include "llvm/Transforms/Instrumentation.h"
7171 #include "llvm/Transforms/Utils/ASanStackFrameLayout.h"
7272 #include "llvm/Transforms/Utils/BasicBlockUtils.h"
73 #include "llvm/Transforms/Utils/Local.h"
7374 #include "llvm/Transforms/Utils/ModuleUtils.h"
7475 #include "llvm/Transforms/Utils/PromoteMemToReg.h"
7576 #include
390391 "Number of optimized accesses to stack vars");
391392
392393 namespace {
393
394 /// Frontend-provided metadata for source location.
395 struct LocationMetadata {
396 StringRef Filename;
397 int LineNo = 0;
398 int ColumnNo = 0;
399
400 LocationMetadata() = default;
401
402 bool empty() const { return Filename.empty(); }
403
404 void parse(MDNode *MDN) {
405 assert(MDN->getNumOperands() == 3);
406 MDString *DIFilename = cast(MDN->getOperand(0));
407 Filename = DIFilename->getString();
408 LineNo =
409 mdconst::extract(MDN->getOperand(1))->getLimitedValue();
410 ColumnNo =
411 mdconst::extract(MDN->getOperand(2))->getLimitedValue();
412 }
413 };
414
415 /// Frontend-provided metadata for global variables.
416 class GlobalsMetadata {
417 public:
418 struct Entry {
419 LocationMetadata SourceLoc;
420 StringRef Name;
421 bool IsDynInit = false;
422 bool IsBlacklisted = false;
423
424 Entry() = default;
425 };
426
427 GlobalsMetadata() = default;
428
429 void reset() {
430 inited_ = false;
431 Entries.clear();
432 }
433
434 void init(Module &M) {
435 assert(!inited_);
436 inited_ = true;
437 NamedMDNode *Globals = M.getNamedMetadata("llvm.asan.globals");
438 if (!Globals) return;
439 for (auto MDN : Globals->operands()) {
440 // Metadata node contains the global and the fields of "Entry".
441 assert(MDN->getNumOperands() == 5);
442 auto *V = mdconst::extract_or_null(MDN->getOperand(0));
443 // The optimizer may optimize away a global entirely.
444 if (!V) continue;
445 auto *StrippedV = V->stripPointerCasts();
446 auto *GV = dyn_cast(StrippedV);
447 if (!GV) continue;
448 // We can already have an entry for GV if it was merged with another
449 // global.
450 Entry &E = Entries[GV];
451 if (auto *Loc = cast_or_null(MDN->getOperand(1)))
452 E.SourceLoc.parse(Loc);
453 if (auto *Name = cast_or_null(MDN->getOperand(2)))
454 E.Name = Name->getString();
455 ConstantInt *IsDynInit =
456 mdconst::extract(MDN->getOperand(3));
457 E.IsDynInit |= IsDynInit->isOne();
458 ConstantInt *IsBlacklisted =
459 mdconst::extract(MDN->getOperand(4));
460 E.IsBlacklisted |= IsBlacklisted->isOne();
461 }
462 }
463
464 /// Returns metadata entry for a given global.
465 Entry get(GlobalVariable *G) const {
466 auto Pos = Entries.find(G);
467 return (Pos != Entries.end()) ? Pos->second : Entry();
468 }
469
470 private:
471 bool inited_ = false;
472 DenseMap Entries;
473 };
474394
475395 /// This struct defines the shadow mapping using the rule:
476396 /// shadow = (mem >> Scale) ADD-or-OR Offset.
605525
606526 namespace {
607527
528 /// Module analysis for getting various metadata about the module.
529 class ASanGlobalsMetadataWrapperPass : public ModulePass {
530 public:
531 static char ID;
532
533 ASanGlobalsMetadataWrapperPass() : ModulePass(ID) {
534 initializeASanGlobalsMetadataWrapperPassPass(
535 *PassRegistry::getPassRegistry());
536 }
537
538 bool runOnModule(Module &M) override {
539 GlobalsMD = GlobalsMetadata(M);
540 return false;
541 }
542
543 StringRef getPassName() const override {
544 return "ASanGlobalsMetadataWrapperPass";
545 }
546
547 void getAnalysisUsage(AnalysisUsage &AU) const override {
548 AU.setPreservesAll();
549 }
550
551 GlobalsMetadata &getGlobalsMD() { return GlobalsMD; }
552
553 private:
554 GlobalsMetadata GlobalsMD;
555 };
556
557 char ASanGlobalsMetadataWrapperPass::ID = 0;
558
608559 /// AddressSanitizer: instrument the code in module to find memory bugs.
609 struct AddressSanitizer : public FunctionPass {
610 // Pass identification, replacement for typeid
611 static char ID;
612
613 explicit AddressSanitizer(bool CompileKernel = false, bool Recover = false,
614 bool UseAfterScope = false)
615 : FunctionPass(ID), UseAfterScope(UseAfterScope || ClUseAfterScope) {
560 struct AddressSanitizer {
561 AddressSanitizer(Module &M, GlobalsMetadata &GlobalsMD,
562 bool CompileKernel = false, bool Recover = false,
563 bool UseAfterScope = false)
564 : UseAfterScope(UseAfterScope || ClUseAfterScope), GlobalsMD(GlobalsMD) {
616565 this->Recover = ClRecover.getNumOccurrences() > 0 ? ClRecover : Recover;
617 this->CompileKernel = ClEnableKasan.getNumOccurrences() > 0 ?
618 ClEnableKasan : CompileKernel;
619 initializeAddressSanitizerPass(*PassRegistry::getPassRegistry());
620 }
621
622 StringRef getPassName() const override {
623 return "AddressSanitizerFunctionPass";
624 }
625
626 void getAnalysisUsage(AnalysisUsage &AU) const override {
627 AU.addRequired();
628 AU.addRequired();
566 this->CompileKernel =
567 ClEnableKasan.getNumOccurrences() > 0 ? ClEnableKasan : CompileKernel;
568
569 C = &(M.getContext());
570 LongSize = M.getDataLayout().getPointerSizeInBits();
571 IntptrTy = Type::getIntNTy(*C, LongSize);
572 TargetTriple = Triple(M.getTargetTriple());
573
574 Mapping = getShadowMapping(TargetTriple, LongSize, this->CompileKernel);
629575 }
630576
631577 uint64_t getAllocaSizeInBytes(const AllocaInst &AI) const {
670616 Value *SizeArgument, uint32_t Exp);
671617 void instrumentMemIntrinsic(MemIntrinsic *MI);
672618 Value *memToShadow(Value *Shadow, IRBuilder<> &IRB);
673 bool runOnFunction(Function &F) override;
619 bool instrumentFunction(Function &F, const TargetLibraryInfo *TLI);
674620 bool maybeInsertAsanInitAtFunctionEntry(Function &F);
675621 void maybeInsertDynamicShadowAtFunctionEntry(Function &F);
676622 void markEscapedLocalAllocas(Function &F);
677 bool doInitialization(Module &M) override;
678 bool doFinalization(Module &M) override;
679
680 DominatorTree &getDominatorTree() const { return *DT; }
681623
682624 private:
683625 friend struct FunctionStackPoisoner;
713655 bool UseAfterScope;
714656 Type *IntptrTy;
715657 ShadowMapping Mapping;
716 DominatorTree *DT;
717658 FunctionCallee AsanHandleNoReturnFunc;
718659 FunctionCallee AsanPtrCmpFunction, AsanPtrSubFunction;
719660 Constant *AsanShadowGlobal;
733674 DenseMap ProcessedAllocas;
734675 };
735676
736 class AddressSanitizerModule : public ModulePass {
677 class AddressSanitizerLegacyPass : public FunctionPass {
737678 public:
738 // Pass identification, replacement for typeid
739679 static char ID;
740680
741 explicit AddressSanitizerModule(bool CompileKernel = false,
742 bool Recover = false,
743 bool UseGlobalsGC = true,
744 bool UseOdrIndicator = false)
745 : ModulePass(ID), UseGlobalsGC(UseGlobalsGC && ClUseGlobalsGC),
681 explicit AddressSanitizerLegacyPass(bool CompileKernel = false,
682 bool Recover = false,
683 bool UseAfterScope = false)
684 : FunctionPass(ID), CompileKernel(CompileKernel), Recover(Recover),
685 UseAfterScope(UseAfterScope) {
686 initializeAddressSanitizerLegacyPassPass(*PassRegistry::getPassRegistry());
687 }
688
689 StringRef getPassName() const override {
690 return "AddressSanitizerFunctionPass";
691 }
692
693 void getAnalysisUsage(AnalysisUsage &AU) const override {
694 AU.addRequired();
695 AU.addRequired();
696 }
697
698 bool runOnFunction(Function &F) override {
699 GlobalsMetadata &GlobalsMD =
700 getAnalysis().getGlobalsMD();
701 const TargetLibraryInfo *TLI =
702 &getAnalysis().getTLI();
703 AddressSanitizer ASan(*F.getParent(), GlobalsMD, CompileKernel, Recover,
704 UseAfterScope);
705 return ASan.instrumentFunction(F, TLI);
706 }
707
708 private:
709 bool CompileKernel;
710 bool Recover;
711 bool UseAfterScope;
712 };
713
714 class ModuleAddressSanitizer {
715 public:
716 ModuleAddressSanitizer(Module &M, GlobalsMetadata &GlobalsMD,
717 bool CompileKernel = false, bool Recover = false,
718 bool UseGlobalsGC = true, bool UseOdrIndicator = false)
719 : GlobalsMD(GlobalsMD), UseGlobalsGC(UseGlobalsGC && ClUseGlobalsGC),
746720 // Enable aliases as they should have no downside with ODR indicators.
747721 UsePrivateAlias(UseOdrIndicator || ClUsePrivateAlias),
748722 UseOdrIndicator(UseOdrIndicator || ClUseOdrIndicator),
757731 this->Recover = ClRecover.getNumOccurrences() > 0 ? ClRecover : Recover;
758732 this->CompileKernel =
759733 ClEnableKasan.getNumOccurrences() > 0 ? ClEnableKasan : CompileKernel;
760 }
761
762 bool runOnModule(Module &M) override;
763 StringRef getPassName() const override { return "AddressSanitizerModule"; }
734
735 C = &(M.getContext());
736 int LongSize = M.getDataLayout().getPointerSizeInBits();
737 IntptrTy = Type::getIntNTy(*C, LongSize);
738 TargetTriple = Triple(M.getTargetTriple());
739 Mapping = getShadowMapping(TargetTriple, LongSize, this->CompileKernel);
740 }
741
742 bool instrumentModule(Module &);
764743
765744 private:
766745 void initializeCallbacks(Module &M);
821800 Function *AsanDtorFunction = nullptr;
822801 };
823802
803 class ModuleAddressSanitizerLegacyPass : public ModulePass {
804 public:
805 static char ID;
806
807 explicit ModuleAddressSanitizerLegacyPass(bool CompileKernel = false,
808 bool Recover = false,
809 bool UseGlobalGC = true,
810 bool UseOdrIndicator = false)
811 : ModulePass(ID), CompileKernel(CompileKernel), Recover(Recover),
812 UseGlobalGC(UseGlobalGC), UseOdrIndicator(UseOdrIndicator) {
813 initializeModuleAddressSanitizerLegacyPassPass(
814 *PassRegistry::getPassRegistry());
815 }
816
817 StringRef getPassName() const override { return "ModuleAddressSanitizer"; }
818
819 void getAnalysisUsage(AnalysisUsage &AU) const override {
820 AU.addRequired();
821 }
822
823 bool runOnModule(Module &M) override {
824 GlobalsMetadata &GlobalsMD =
825 getAnalysis().getGlobalsMD();
826 ModuleAddressSanitizer ASanModule(M, GlobalsMD, CompileKernel, Recover,
827 UseGlobalGC, UseOdrIndicator);
828 return ASanModule.instrumentModule(M);
829 }
830
831 private:
832 bool CompileKernel;
833 bool Recover;
834 bool UseGlobalGC;
835 bool UseOdrIndicator;
836 };
837
824838 // Stack poisoning does not play well with exception handling.
825839 // When an exception is thrown, we essentially bypass the code
826840 // that unpoisones the stack. This is why the run-time library has
874888 std::unique_ptr EmptyInlineAsm;
875889
876890 FunctionStackPoisoner(Function &F, AddressSanitizer &ASan)
877 : F(F),
878 ASan(ASan),
879 DIB(*F.getParent(), /*AllowUnresolved*/ false),
880 C(ASan.C),
881 IntptrTy(ASan.IntptrTy),
882 IntptrPtrTy(PointerType::get(IntptrTy, 0)),
883 Mapping(ASan.Mapping),
891 : F(F), ASan(ASan), DIB(*F.getParent(), /*AllowUnresolved*/ false),
892 C(ASan.C), IntptrTy(ASan.IntptrTy),
893 IntptrPtrTy(PointerType::get(IntptrTy, 0)), Mapping(ASan.Mapping),
884894 StackAlignment(1 << Mapping.Scale),
885895 EmptyInlineAsm(CallInst::Create(ASan.EmptyAsm)) {}
886896
10411051 // ---------------------- Helpers.
10421052 void initializeCallbacks(Module &M);
10431053
1044 bool doesDominateAllExits(const Instruction *I) const {
1045 for (auto Ret : RetVec) {
1046 if (!ASan.getDominatorTree().dominates(I, Ret)) return false;
1047 }
1048 return true;
1049 }
1050
10511054 /// Finds alloca where the value comes from.
10521055 AllocaInst *findAllocaForValue(Value *V);
10531056
10731076
10741077 } // end anonymous namespace
10751078
1076 char AddressSanitizer::ID = 0;
1079 void LocationMetadata::parse(MDNode *MDN) {
1080 assert(MDN->getNumOperands() == 3);
1081 MDString *DIFilename = cast(MDN->getOperand(0));
1082 Filename = DIFilename->getString();
1083 LineNo = mdconst::extract(MDN->getOperand(1))->getLimitedValue();
1084 ColumnNo =
1085 mdconst::extract(MDN->getOperand(2))->getLimitedValue();
1086 }
1087
1088 // FIXME: It would be cleaner to instead attach relevant metadata to the globals
1089 // we want to sanitize instead and reading this metadata on each pass over a
1090 // function instead of reading module level metadata at first.
1091 GlobalsMetadata::GlobalsMetadata(Module &M) {
1092 NamedMDNode *Globals = M.getNamedMetadata("llvm.asan.globals");
1093 if (!Globals)
1094 return;
1095 for (auto MDN : Globals->operands()) {
1096 // Metadata node contains the global and the fields of "Entry".
1097 assert(MDN->getNumOperands() == 5);
1098 auto *V = mdconst::extract_or_null(MDN->getOperand(0));
1099 // The optimizer may optimize away a global entirely.
1100 if (!V)
1101 continue;
1102 auto *StrippedV = V->stripPointerCasts();
1103 auto *GV = dyn_cast(StrippedV);
1104 if (!GV)
1105 continue;
1106 // We can already have an entry for GV if it was merged with another
1107 // global.
1108 Entry &E = Entries[GV];
1109 if (auto *Loc = cast_or_null(MDN->getOperand(1)))
1110 E.SourceLoc.parse(Loc);
1111 if (auto *Name = cast_or_null(MDN->getOperand(2)))
1112 E.Name = Name->getString();
1113 ConstantInt *IsDynInit = mdconst::extract(MDN->getOperand(3));
1114 E.IsDynInit |= IsDynInit->isOne();
1115 ConstantInt *IsBlacklisted =
1116 mdconst::extract(MDN->getOperand(4));
1117 E.IsBlacklisted |= IsBlacklisted->isOne();
1118 }
1119 }
1120
1121 AnalysisKey ASanGlobalsMetadataAnalysis::Key;
1122
1123 GlobalsMetadata ASanGlobalsMetadataAnalysis::run(Module &M,
1124 ModuleAnalysisManager &AM) {
1125 return GlobalsMetadata(M);
1126 }
1127
1128 AddressSanitizerPass::AddressSanitizerPass(bool CompileKernel, bool Recover,
1129 bool UseAfterScope)
1130 : CompileKernel(CompileKernel), Recover(Recover),
1131 UseAfterScope(UseAfterScope) {}
1132
1133 PreservedAnalyses AddressSanitizerPass::run(Function &F,
1134 AnalysisManager &AM) {
1135 auto &MAMProxy = AM.getResult(F);
1136 auto &MAM = MAMProxy.getManager();
1137 Module &M = *F.getParent();
1138 if (auto *R = MAM.getCachedResult(M)) {
1139 const TargetLibraryInfo *TLI = &AM.getResult(F);
1140 AddressSanitizer Sanitizer(M, *R, CompileKernel, Recover, UseAfterScope);
1141 if (Sanitizer.instrumentFunction(F, TLI))
1142 return PreservedAnalyses::none();
1143 return PreservedAnalyses::all();
1144 }
1145
1146 report_fatal_error(
1147 "The ASanGlobalsMetadataAnalysis is required to run before "
1148 "AddressSanitizer can run");
1149 return PreservedAnalyses::all();
1150 }
1151
1152 ModuleAddressSanitizerPass::ModuleAddressSanitizerPass(bool CompileKernel,
1153 bool Recover,
1154 bool UseGlobalGC,
1155 bool UseOdrIndicator)
1156 : CompileKernel(CompileKernel), Recover(Recover), UseGlobalGC(UseGlobalGC),
1157 UseOdrIndicator(UseOdrIndicator) {}
1158
1159 PreservedAnalyses ModuleAddressSanitizerPass::run(Module &M,
1160 AnalysisManager &AM) {
1161 GlobalsMetadata &GlobalsMD = AM.getResult(M);
1162 ModuleAddressSanitizer Sanitizer(M, GlobalsMD, CompileKernel, Recover,
1163 UseGlobalGC, UseOdrIndicator);
1164 if (Sanitizer.instrumentModule(M))
1165 return PreservedAnalyses::none();
1166 return PreservedAnalyses::all();
1167 }
1168
1169 INITIALIZE_PASS(ASanGlobalsMetadataWrapperPass, "asan-globals-md",
1170 "Read metadata to mark which globals should be instrumented "
1171 "when running ASan.",
1172 false, true);
1173
1174 char AddressSanitizerLegacyPass::ID = 0;
10771175
10781176 INITIALIZE_PASS_BEGIN(
1079 AddressSanitizer, "asan",
1177 AddressSanitizerLegacyPass, "asan",
10801178 "AddressSanitizer: detects use-after-free and out-of-bounds bugs.", false,
10811179 false)
1082 INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
1180 INITIALIZE_PASS_DEPENDENCY(ASanGlobalsMetadataWrapperPass)
10831181 INITIALIZE_PASS_DEPENDENCY(TargetLibraryInfoWrapperPass)
10841182 INITIALIZE_PASS_END(
1085 AddressSanitizer, "asan",
1183 AddressSanitizerLegacyPass, "asan",
10861184 "AddressSanitizer: detects use-after-free and out-of-bounds bugs.", false,
10871185 false)
10881186
10901188 bool Recover,
10911189 bool UseAfterScope) {
10921190 assert(!CompileKernel || Recover);
1093 return new AddressSanitizer(CompileKernel, Recover, UseAfterScope);
1094 }
1095
1096 char AddressSanitizerModule::ID = 0;
1191 return new AddressSanitizerLegacyPass(CompileKernel, Recover, UseAfterScope);
1192 }
1193
1194 char ModuleAddressSanitizerLegacyPass::ID = 0;
10971195
10981196 INITIALIZE_PASS(
1099 AddressSanitizerModule, "asan-module",
1197 ModuleAddressSanitizerLegacyPass, "asan-module",
11001198 "AddressSanitizer: detects use-after-free and out-of-bounds bugs."
11011199 "ModulePass",
11021200 false, false)
11031201
1104 ModulePass *llvm::createAddressSanitizerModulePass(bool CompileKernel,
1105 bool Recover,
1106 bool UseGlobalsGC,
1107 bool UseOdrIndicator) {
1202 ModulePass *llvm::createModuleAddressSanitizerLegacyPassPass(
1203 bool CompileKernel, bool Recover, bool UseGlobalsGC, bool UseOdrIndicator) {
11081204 assert(!CompileKernel || Recover);
1109 return new AddressSanitizerModule(CompileKernel, Recover, UseGlobalsGC,
1110 UseOdrIndicator);
1205 return new ModuleAddressSanitizerLegacyPass(CompileKernel, Recover,
1206 UseGlobalsGC, UseOdrIndicator);
11111207 }
11121208
11131209 static size_t TypeSizeToSizeIndex(uint32_t TypeSize) {
13271423 // If a global variable does not have dynamic initialization we don't
13281424 // have to instrument it. However, if a global does not have initializer
13291425 // at all, we assume it has dynamic initializer (in other TU).
1426 //
1427 // FIXME: Metadata should be attched directly to the global directly instead
1428 // of being added to llvm.asan.globals.
13301429 return G->hasInitializer() && !GlobalsMD.get(G).IsDynInit;
13311430 }
13321431
16111710 }
16121711 }
16131712
1614 void AddressSanitizerModule::poisonOneInitializer(Function &GlobalInit,
1713 void ModuleAddressSanitizer::poisonOneInitializer(Function &GlobalInit,
16151714 GlobalValue *ModuleName) {
16161715 // Set up the arguments to our poison/unpoison functions.
16171716 IRBuilder<> IRB(&GlobalInit.front(),
16271726 CallInst::Create(AsanUnpoisonGlobals, "", RI);
16281727 }
16291728
1630 void AddressSanitizerModule::createInitializerPoisonCalls(
1729 void ModuleAddressSanitizer::createInitializerPoisonCalls(
16311730 Module &M, GlobalValue *ModuleName) {
16321731 GlobalVariable *GV = M.getGlobalVariable("llvm.global_ctors");
16331732 if (!GV)
16521751 }
16531752 }
16541753
1655 bool AddressSanitizerModule::ShouldInstrumentGlobal(GlobalVariable *G) {
1754 bool ModuleAddressSanitizer::ShouldInstrumentGlobal(GlobalVariable *G) {
16561755 Type *Ty = G->getValueType();
16571756 LLVM_DEBUG(dbgs() << "GLOBAL: " << *G << "\n");
16581757
1758 // FIXME: Metadata should be attched directly to the global directly instead
1759 // of being added to llvm.asan.globals.
16591760 if (GlobalsMD.get(G).IsBlacklisted) return false;
16601761 if (!Ty->isSized()) return false;
16611762 if (!G->hasInitializer()) return false;
17671868 // On Mach-O platforms, we emit global metadata in a separate section of the
17681869 // binary in order to allow the linker to properly dead strip. This is only
17691870 // supported on recent versions of ld64.
1770 bool AddressSanitizerModule::ShouldUseMachOGlobalsSection() const {
1871 bool ModuleAddressSanitizer::ShouldUseMachOGlobalsSection() const {
17711872 if (!TargetTriple.isOSBinFormatMachO())
17721873 return false;
17731874
17811882 return false;
17821883 }
17831884
1784 StringRef AddressSanitizerModule::getGlobalMetadataSection() const {
1885 StringRef ModuleAddressSanitizer::getGlobalMetadataSection() const {
17851886 switch (TargetTriple.getObjectFormat()) {
17861887 case Triple::COFF: return ".ASAN$GL";
17871888 case Triple::ELF: return "asan_globals";
17911892 llvm_unreachable("unsupported object format");
17921893 }
17931894
1794 void AddressSanitizerModule::initializeCallbacks(Module &M) {
1895 void ModuleAddressSanitizer::initializeCallbacks(Module &M) {
17951896 IRBuilder<> IRB(*C);
17961897
17971898 // Declare our poisoning and unpoisoning functions.
18231924
18241925 // Put the metadata and the instrumented global in the same group. This ensures
18251926 // that the metadata is discarded if the instrumented global is discarded.
1826 void AddressSanitizerModule::SetComdatForGlobalMetadata(
1927 void ModuleAddressSanitizer::SetComdatForGlobalMetadata(
18271928 GlobalVariable *G, GlobalVariable *Metadata, StringRef InternalSuffix) {
18281929 Module &M = *G->getParent();
18291930 Comdat *C = G->getComdat();
18611962 // Create a separate metadata global and put it in the appropriate ASan
18621963 // global registration section.
18631964 GlobalVariable *
1864 AddressSanitizerModule::CreateMetadataGlobal(Module &M, Constant *Initializer,
1965 ModuleAddressSanitizer::CreateMetadataGlobal(Module &M, Constant *Initializer,
18651966 StringRef OriginalName) {
18661967 auto Linkage = TargetTriple.isOSBinFormatMachO()
18671968 ? GlobalVariable::InternalLinkage
18731974 return Metadata;
18741975 }
18751976
1876 IRBuilder<> AddressSanitizerModule::CreateAsanModuleDtor(Module &M) {
1977 IRBuilder<> ModuleAddressSanitizer::CreateAsanModuleDtor(Module &M) {
18771978 AsanDtorFunction =
18781979 Function::Create(FunctionType::get(Type::getVoidTy(*C), false),
18791980 GlobalValue::InternalLinkage, kAsanModuleDtorName, &M);
18821983 return IRBuilder<>(ReturnInst::Create(*C, AsanDtorBB));
18831984 }
18841985
1885 void AddressSanitizerModule::InstrumentGlobalsCOFF(
1986 void ModuleAddressSanitizer::InstrumentGlobalsCOFF(
18861987 IRBuilder<> &IRB, Module &M, ArrayRef ExtendedGlobals,
18871988 ArrayRef MetadataInitializers) {
18881989 assert(ExtendedGlobals.size() == MetadataInitializers.size());
19062007 }
19072008 }
19082009
1909 void AddressSanitizerModule::InstrumentGlobalsELF(
2010 void ModuleAddressSanitizer::InstrumentGlobalsELF(
19102011 IRBuilder<> &IRB, Module &M, ArrayRef ExtendedGlobals,
19112012 ArrayRef MetadataInitializers,
19122013 const std::string &UniqueModuleId) {
19652066 IRB.CreatePointerCast(StopELFMetadata, IntptrTy)});
19662067 }
19672068
1968 void AddressSanitizerModule::InstrumentGlobalsMachO(
2069 void ModuleAddressSanitizer::InstrumentGlobalsMachO(
19692070 IRBuilder<> &IRB, Module &M, ArrayRef ExtendedGlobals,
19702071 ArrayRef MetadataInitializers) {
19712072 assert(ExtendedGlobals.size() == MetadataInitializers.size());
20222123 {IRB.CreatePointerCast(RegisteredFlag, IntptrTy)});
20232124 }
20242125
2025 void AddressSanitizerModule::InstrumentGlobalsWithMetadataArray(
2126 void ModuleAddressSanitizer::InstrumentGlobalsWithMetadataArray(
20262127 IRBuilder<> &IRB, Module &M, ArrayRef ExtendedGlobals,
20272128 ArrayRef MetadataInitializers) {
20282129 assert(ExtendedGlobals.size() == MetadataInitializers.size());
20562157 // redzones and inserts this function into llvm.global_ctors.
20572158 // Sets *CtorComdat to true if the global registration code emitted into the
20582159 // asan constructor is comdat-compatible.
2059 bool AddressSanitizerModule::InstrumentGlobals(IRBuilder<> &IRB, Module &M, bool *CtorComdat) {
2160 bool ModuleAddressSanitizer::InstrumentGlobals(IRBuilder<> &IRB, Module &M,
2161 bool *CtorComdat) {
20602162 *CtorComdat = false;
2061 GlobalsMD.init(M);
20622163
20632164 SmallVector GlobalsToChange;
20642165
21012202 static const uint64_t kMaxGlobalRedzone = 1 << 18;
21022203 GlobalVariable *G = GlobalsToChange[i];
21032204
2205 // FIXME: Metadata should be attched directly to the global directly instead
2206 // of being added to llvm.asan.globals.
21042207 auto MD = GlobalsMD.get(G);
21052208 StringRef NameForGlobal = G->getName();
21062209 // Create string holding the global name (use global name from metadata
22572360 return true;
22582361 }
22592362
2260 int AddressSanitizerModule::GetAsanVersion(const Module &M) const {
2363 int ModuleAddressSanitizer::GetAsanVersion(const Module &M) const {
22612364 int LongSize = M.getDataLayout().getPointerSizeInBits();
22622365 bool isAndroid = Triple(M.getTargetTriple()).isAndroid();
22632366 int Version = 8;
22672370 return Version;
22682371 }
22692372
2270 bool AddressSanitizerModule::runOnModule(Module &M) {
2271 C = &(M.getContext());
2272 int LongSize = M.getDataLayout().getPointerSizeInBits();
2273 IntptrTy = Type::getIntNTy(*C, LongSize);
2274 TargetTriple = Triple(M.getTargetTriple());
2275 Mapping = getShadowMapping(TargetTriple, LongSize, CompileKernel);
2373 bool ModuleAddressSanitizer::instrumentModule(Module &M) {
22762374 initializeCallbacks(M);
22772375
22782376 if (CompileKernel)
23822480 if (Mapping.InGlobal)
23832481 AsanShadowGlobal = M.getOrInsertGlobal("__asan_shadow",
23842482 ArrayType::get(IRB.getInt8Ty(), 0));
2385 }
2386
2387 // virtual
2388 bool AddressSanitizer::doInitialization(Module &M) {
2389 // Initialize the private fields. No one has accessed them before.
2390 GlobalsMD.init(M);
2391
2392 C = &(M.getContext());
2393 LongSize = M.getDataLayout().getPointerSizeInBits();
2394 IntptrTy = Type::getIntNTy(*C, LongSize);
2395 TargetTriple = Triple(M.getTargetTriple());
2396
2397 Mapping = getShadowMapping(TargetTriple, LongSize, CompileKernel);
2398 return true;
2399 }
2400
2401 bool AddressSanitizer::doFinalization(Module &M) {
2402 GlobalsMD.reset();
2403 return false;
24042483 }
24052484
24062485 bool AddressSanitizer::maybeInsertAsanInitAtFunctionEntry(Function &F) {
24762555 }
24772556 }
24782557
2479 bool AddressSanitizer::runOnFunction(Function &F) {
2558 bool AddressSanitizer::instrumentFunction(Function &F,
2559 const TargetLibraryInfo *TLI) {
24802560 if (F.getLinkage() == GlobalValue::AvailableExternallyLinkage) return false;
24812561 if (!ClDebugFunc.empty() && ClDebugFunc == F.getName()) return false;
24822562 if (F.getName().startswith("__asan_")) return false;
24952575 LLVM_DEBUG(dbgs() << "ASAN instrumenting:\n" << F << "\n");
24962576
24972577 initializeCallbacks(*F.getParent());
2498 DT = &getAnalysis().getDomTree();
24992578
25002579 FunctionStateRAII CleanupObj(this);
25012580
25162595 bool IsWrite;
25172596 unsigned Alignment;
25182597 uint64_t TypeSize;
2519 const TargetLibraryInfo *TLI =
2520 &getAnalysis().getTLI();
25212598
25222599 // Fill the set of memory operations to instrument.
25232600 for (auto &BB : F) {
9999 /// initializeInstrumentation - Initialize all passes in the TransformUtils
100100 /// library.
101101 void llvm::initializeInstrumentation(PassRegistry &Registry) {
102 initializeAddressSanitizerPass(Registry);
103 initializeAddressSanitizerModulePass(Registry);
102 initializeAddressSanitizerLegacyPassPass(Registry);
103 initializeModuleAddressSanitizerLegacyPassPass(Registry);
104104 initializeBoundsCheckingLegacyPassPass(Registry);
105105 initializeControlHeightReductionLegacyPassPass(Registry);
106106 initializeGCOVProfilerLegacyPassPass(Registry);
11 ;
22 ; RUN: opt < %s -asan -asan-module -S | FileCheck --check-prefixes=CHECK,CHECK-S3 %s
33 ; RUN: opt < %s -asan -asan-module -asan-mapping-scale=5 -S | FileCheck --check-prefixes=CHECK,CHECK-S5 %s
4
5 ; We need the requires since both asan and asan-module require reading module level metadata which is done once by the asan-globals-md analysis
6 ; RUN: opt < %s -passes='require,function(asan),module(asan-module)' -S | FileCheck --check-prefixes=CHECK,CHECK-S3 %s
7 ; RUN: opt < %s -passes='require,function(asan),module(asan-module)' -asan-mapping-scale=5 -S | FileCheck --check-prefixes=CHECK,CHECK-S5 %s
48
59 target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64"
610 target triple = "x86_64-unknown-linux-gnu"