[asan] Add support of lifetime poisoning into ComputeASanStackFrameLayout

Summary: We are going to combine poisoning of red zones and scope poisoning. PR27453 Reviewers: kcc, eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D23623 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@279020 91177308-0d34-0410-b5e6-96231b3b80d8
2024-12-04 17:58:22 +00:00 · 2016-08-18 00:56:58 +00:00 · 2016-08-18 00:56:58 +00:00 · 76e81b28c6
commit 76e81b28c6
parent 5bc5c47fda
4 changed files with 48 additions and 33 deletions
--- a/include/llvm/Transforms/Utils/ASanStackFrameLayout.h
+++ b/include/llvm/Transforms/Utils/ASanStackFrameLayout.h
@ -24,16 +24,19 @@ class AllocaInst;
 static const int kAsanStackLeftRedzoneMagic = 0xf1;
 static const int kAsanStackMidRedzoneMagic = 0xf2;
 static const int kAsanStackRightRedzoneMagic = 0xf3;
+static const int kAsanStackUseAfterScopeMagic = 0xf8;

 // Input/output data struct for ComputeASanStackFrameLayout.
 struct ASanStackVariableDescription {
-  const char *Name;  // Name of the variable that will be displayed by asan
-                     // if a stack-related bug is reported.
-  uint64_t Size;     // Size of the variable in bytes.
-  size_t Alignment;  // Alignment of the variable (power of 2).
-  AllocaInst *AI;    // The actual AllocaInst.
-  size_t Offset;     // Offset from the beginning of the frame;
-                     // set by ComputeASanStackFrameLayout.
+  const char *Name;    // Name of the variable that will be displayed by asan
+                       // if a stack-related bug is reported.
+  uint64_t Size;       // Size of the variable in bytes.
+  size_t LifetimeSize; // Size in bytes to use for lifetime analysis check.
+                       // Will be rounded up to Granularity.
+  size_t Alignment;    // Alignment of the variable (power of 2).
+  AllocaInst *AI;      // The actual AllocaInst.
+  size_t Offset;       // Offset from the beginning of the frame;
+                       // set by ComputeASanStackFrameLayout.
 };

 // Output data struct for ComputeASanStackFrameLayout.
--- a/lib/Transforms/Instrumentation/AddressSanitizer.cpp
+++ b/lib/Transforms/Instrumentation/AddressSanitizer.cpp
@ -2079,7 +2079,10 @@ void FunctionStackPoisoner::poisonStack() {
  for (AllocaInst *AI : AllocaVec) {
    ASanStackVariableDescription D = {AI->getName().data(),
                                      ASan.getAllocaSizeInBytes(*AI),
-                                      AI->getAlignment(), AI, 0};
+                                      0,
+                                      AI->getAlignment(),
+                                      AI,
+                                      0};
    SVD.push_back(D);
  }
  // Minimal header size (left redzone) is 4 pointers,
--- a/lib/Transforms/Utils/ASanStackFrameLayout.cpp
+++ b/lib/Transforms/Utils/ASanStackFrameLayout.cpp
@ -81,19 +81,26 @@ ComputeASanStackFrameLayout(SmallVectorImpl<ASanStackVariableDescription> &Vars,
    assert(Layout->FrameAlignment >= Alignment);
    assert((Offset % Alignment) == 0);
    assert(Size > 0);
+    assert(Vars[i].LifetimeSize <= Size);
    StackDescription << " " << Offset << " " << Size << " " << strlen(Name)
                     << " " << Name;
    size_t NextAlignment = IsLast ? Granularity
                   : std::max(Granularity, Vars[i + 1].Alignment);
    size_t SizeWithRedzone = VarAndRedzoneSize(Vars[i].Size, NextAlignment);
-    SB.insert(SB.end(), Size / Granularity, 0);
-    if (Size % Granularity)
-      SB.insert(SB.end(), Size % Granularity);
+    size_t LifetimeShadowSize =
+        (Vars[i].LifetimeSize + Granularity - 1) / Granularity;
+    SB.insert(SB.end(), LifetimeShadowSize, kAsanStackUseAfterScopeMagic);
+    if (Size / Granularity >= LifetimeShadowSize) {
+      SB.insert(SB.end(), Size / Granularity - LifetimeShadowSize, 0);
+      if (Size % Granularity)
+        SB.insert(SB.end(), Size % Granularity);
+    }
    SB.insert(SB.end(), (SizeWithRedzone - Size) / Granularity,
        IsLast ? kAsanStackRightRedzoneMagic
        : kAsanStackMidRedzoneMagic);
    Vars[i].Offset = Offset;
    Offset += SizeWithRedzone;
+    assert(Offset == SB.size() * Granularity);
  }
  if (Offset % MinHeaderSize) {
    size_t ExtraRedzone = MinHeaderSize - (Offset % MinHeaderSize);
--- a/unittests/Transforms/Utils/ASanStackFrameLayoutTest.cpp
+++ b/unittests/Transforms/Utils/ASanStackFrameLayoutTest.cpp
@ -21,6 +21,9 @@ ShadowBytesToString(ArrayRef<uint8_t> ShadowBytes) {
      case kAsanStackLeftRedzoneMagic:    os << "L"; break;
      case kAsanStackRightRedzoneMagic:   os << "R"; break;
      case kAsanStackMidRedzoneMagic:     os << "M"; break;
+      case kAsanStackUseAfterScopeMagic:
+        os << "S";
+        break;
      default:                            os << (unsigned)ShadowBytes[i];
    }
  }
@ -42,27 +45,28 @@ TEST(ASanStackFrameLayout, Test) {
 #define VEC(a)                                                                 \
  SmallVector<ASanStackVariableDescription, 10>(a, a + sizeof(a) / sizeof(a[0]))

-#define VAR(name, size, alignment)                                             \
+#define VAR(name, size, lifetime, alignment)                                   \
  ASanStackVariableDescription name##size##_##alignment = {                    \
    #name #size "_" #alignment,                                                \
    size,                                                                      \
+    lifetime,                                                                  \
    alignment,                                                                 \
    0,                                                                         \
    0                                                                          \
  }

-  VAR(a, 1, 1);
-  VAR(p, 1, 32);
-  VAR(p, 1, 256);
-  VAR(a, 2, 1);
-  VAR(a, 3, 1);
-  VAR(a, 4, 1);
-  VAR(a, 7, 1);
-  VAR(a, 8, 1);
-  VAR(a, 9, 1);
-  VAR(a, 16, 1);
-  VAR(a, 41, 1);
-  VAR(a, 105, 1);
+  VAR(a, 1, 0, 1);
+  VAR(p, 1, 0, 32);
+  VAR(p, 1, 0, 256);
+  VAR(a, 2, 0, 1);
+  VAR(a, 3, 0, 1);
+  VAR(a, 4, 0, 1);
+  VAR(a, 7, 0, 1);
+  VAR(a, 8, 8, 1);
+  VAR(a, 9, 0, 1);
+  VAR(a, 16, 0, 1);
+  VAR(a, 41, 9, 1);
+  VAR(a, 105, 103, 1);

  TestLayout(VEC1(a1_1), 8, 16, "1 16 1 4 a1_1", "LL1R");
  TestLayout(VEC1(a1_1), 64, 64, "1 64 1 4 a1_1", "L1");
@ -74,27 +78,25 @@ TEST(ASanStackFrameLayout, Test) {
  TestLayout(VEC1(a3_1), 8, 32, "1 32 3 4 a3_1", "LLLL3RRR");
  TestLayout(VEC1(a4_1), 8, 32, "1 32 4 4 a4_1", "LLLL4RRR");
  TestLayout(VEC1(a7_1), 8, 32, "1 32 7 4 a7_1", "LLLL7RRR");
-  TestLayout(VEC1(a8_1), 8, 32, "1 32 8 4 a8_1", "LLLL0RRR");
+  TestLayout(VEC1(a8_1), 8, 32, "1 32 8 4 a8_1", "LLLLSRRR");
  TestLayout(VEC1(a9_1), 8, 32, "1 32 9 4 a9_1", "LLLL01RR");
  TestLayout(VEC1(a16_1), 8, 32, "1 32 16 5 a16_1", "LLLL00RR");
  TestLayout(VEC1(p1_256), 8, 32, "1 256 1 6 p1_256",
             "LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL1RRR");
-  TestLayout(VEC1(a41_1), 8, 32, "1 32 41 5 a41_1", "LLLL000001RRRRRR");
+  TestLayout(VEC1(a41_1), 8, 32, "1 32 41 5 a41_1", "LLLLSS0001RRRRRR");
  TestLayout(VEC1(a105_1), 8, 32, "1 32 105 6 a105_1",
-             "LLLL00000000000001RRRRRR");
+             "LLLLSSSSSSSSSSSSS1RRRRRR");

  {
    ASanStackVariableDescription t[] = {a1_1, p1_256};
-    TestLayout(VEC(t), 8, 32,
-               "2 256 1 6 p1_256 272 1 4 a1_1",
-               "LLLLLLLL" "LLLLLLLL" "LLLLLLLL" "LLLLLLLL" "1M1R");
+    TestLayout(VEC(t), 8, 32, "2 256 1 6 p1_256 272 1 4 a1_1",
+               "LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL1M1R");
  }

  {
    ASanStackVariableDescription t[] = {a1_1, a16_1, a41_1};
-    TestLayout(VEC(t), 8, 32,
-               "3 32 1 4 a1_1 48 16 5 a16_1 80 41 5 a41_1",
-               "LLLL" "1M00" "MM00" "0001" "RRRR");
+    TestLayout(VEC(t), 8, 32, "3 32 1 4 a1_1 48 16 5 a16_1 80 41 5 a41_1",
+               "LLLL1M00MMSS0001RRRR");
  }
 #undef VEC1
 #undef VEC