17 Commits

Author SHA1 Message Date
Mitch Phillips
592aa29380 [cfi-verify] Validate there are no register clobbers between CFI-check and instruction execution.
Summary:
This patch adds another failure mode for `validateCFIProtection(..)`, wherein any register that affects the indirect control flow instruction is clobbered to between the CFI-check and the instruction's execution.

Also includes a modification to make MCInstrDesc::hasDefOfPhysReg public.

Reviewers: vlad.tsyrklevich

Reviewed By: vlad.tsyrklevich

Subscribers: llvm-commits, pcc, kcc

Differential Revision: https://reviews.llvm.org/D39820

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@318238 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-15 00:35:26 +00:00
Mitch Phillips
7c7bb61bbf [cfi-verify] Made FileAnalysis operate on a GraphResult rather than build one and validate it.
Refactors the behaviour of building graphs out of FileAnalysis, allowing for analysis of the GraphResult by the callee without having to rebuild the graph. Means when we want to analyse the constructed graph (planned for later revisions), we don't do repeated work.

Also makes CFI verification in FileAnalysis now return an enum that allows us to differentiate why something failed, not just that it did/didn't fail.

Reviewers: vlad.tsyrklevich

Subscribers: kcc, pcc, llvm-commits

Differential Revision: https://reviews.llvm.org/D39764

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@317927 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-10 21:00:22 +00:00
Mitch Phillips
79eed6909a [cfi-verify] Add blacklist parsing for result filtering.
Adds blacklist parsing behaviour for filtering results into four categories:

 - Expected Protected: Things that are not in the blacklist and are protected.
 - Unexpected Protected: Things that are in the blacklist and are protected.
 - Expected Unprotected: Things that are in the blacklist and are unprotected.
 - Unexpected Unprotected: Things that are not in the blacklist and are unprotected.

 now can optionally be invoked with a second command line argument, which specifies the blacklist file that the binary was built with.

Current  statistics for chromium:

Reviewers: vlad.tsyrklevich

Subscribers: mgorny, llvm-commits, pcc, kcc

Differential Revision: https://reviews.llvm.org/D39525

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@317364 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-03 20:54:26 +00:00
Mitch Phillips
b72a3a9da4 [cfi-verify] Add an interesting unit test where undef search length changes result.
Add an interesting unit test, found by changing --search-length-undef from the default. Program handles it correctly but good for ensuring correctness on further changes :)

Reviewers: pcc

Subscribers: mgorny, llvm-commits, kcc, vlad.tsyrklevich

Differential Revision: https://reviews.llvm.org/D38658

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@317355 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-03 20:00:05 +00:00
Mitch Phillips
46254ad823 Add FileVerifier::isCFIProtected().
Add a CFI protection check that is implemented by building a graph and inspecting the output to deduce if the indirect CF instruction is CFI protected. Also added the output of this instruction to printIndirectInstructions().

Reviewers: vlad.tsyrklevich

Subscribers: llvm-commits, kcc, pcc, mgorny

Differential Revision: https://reviews.llvm.org/D38428

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@316610 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-25 21:21:16 +00:00
Sam Clegg
3defffe969 Fix LLVM_LINK_LLVM_DYLIB=On build of llvm-cfi-verify
Subscribers: mgorny, aheejin

Differential Revision: https://reviews.llvm.org/D39250

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@316493 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-24 20:21:15 +00:00
Serguei Katkov
425ce346c7 Restore the fix rL316059 eliminated by rL316372
rL316059 fixed the potential build failure when compiling
with -DLLVM_BUILD_LLVM_DYLIB=ON -DLLVM_LINK_LLVM_DYLIB=ON.

rL316372 just reverted the part of the fix, so restore it.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@316422 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-24 09:42:55 +00:00
Mitch Phillips
30e015950d Made llvm-cfi-verify not execute unit tests on non-x86 builds.
Patched out from D38427.

Reviewers: vlad.tsyrklevich

Reviewed By: vlad.tsyrklevich

Subscribers: llvm-commits, kcc, pcc, mgorny

Differential Revision: https://reviews.llvm.org/D39197

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@316375 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-23 20:54:01 +00:00
Mitch Phillips
fa601dee99 Graph builder implementation.
Implement a localised graph builder for indirect control flow
instructions. Main interface is through GraphBuilder::buildFlowGraph,
which will build a flow graph around an indirect CF instruction. Various
modifications to FileVerifier are also made to const-expose some members
needed for machine code analysis done by the graph builder.

Reviewers: vlad.tsyrklevich

Reviewed By: vlad.tsyrklevich

Subscribers: llvm-commits, kcc, pcc

Differential Revision: https://reviews.llvm.org/D38427

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@316372 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-23 20:25:19 +00:00
Mitch Phillips
879f02b69c Accidently merged an incomplete upstream patch in 10e6ee563a6b5ca498f27972ca6dbe6c308f1ac2 - reverting the changes.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@316359 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-23 18:17:56 +00:00
Mitch Phillips
10e6ee563a Patch in
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@316358 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-23 18:11:31 +00:00
Vlad Tsyrklevich
61b2faea7e Statically link llvm-cfi-verify's libraries.
Summary:
llvm-cfi-verify (D38379) introduced a potential build failure when compiling with `-DLLVM_BUILD_LLVM_DYLIB=ON -DLLVM_LINK_LLVM_DYLIB=ON`. Specific versions of cmake seem to treat the `add_subdirectory()` rule differently. It seems as if old versions of cmake BFS these rules, adding them to the fringe for expansion later. Newer versions of cmake seem to immediately execute CMakeFiles that are present in this subdirectory.

If the subdirectory is expanded through the fringe, the globbing resultant from `llvm_add_implicit_projects()` from `cmake/modules/AddLLVM.cmake:1012` means that `tools/llvm-shlib/CMakeFile.txt` gets executed before `tools/llvm-cfi-verify/lib/CMakeFile.txt`. As the latter CMakeFile adds a new library, this expansion order means that the library files required the unit tests in `unittests/tools/llvm-cfi-verify/` are not present in the dynamic library. This causes unit tests to fail as the required functions can't be found.

This change now ensures that the libraries created by `llvm-cfi-verify` are statically linked into the unit tests. As `tools/llvm-cfi-verify/lib` no longer adds anything to `llvm-shlib`, there should be no concern about the order-of-compilation.

Reviewers: skatkov, pcc

Reviewed By: skatkov, pcc

Subscribers: llvm-commits, kcc, pcc, aheejin, vlad.tsyrklevich, mgorny

Differential Revision: https://reviews.llvm.org/D39020

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@316059 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-18 04:27:53 +00:00
Krzysztof Parzyszek
8ceb11ff2e [unittests] Only build llvm-cfi-verify if X86 is in LLVM_TARGETS_TO_BUILD
The test requires a target for triple x86-64, and it fails in builds that
do not have the X86 backend.



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@315861 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-15 16:55:23 +00:00
Vlad Tsyrklevich
e8c3c21d5e [cfi-verify] Fix typo, actually check X86 target
The typo in r315556 disabled the cfi-verify unit tests from building
unconditionally, have it correctly check for the X86 target.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@315581 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-12 14:42:26 +00:00
Vlad Tsyrklevich
fff82ffa0e [cfi-verify] Fix unittest failures w/o x86 target
The llvm-cfi-verify unit tests fail if LLVM is built without the X86
target, disable the unit tests from being built unless X86 is enabled
for now.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@315556 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-12 04:17:33 +00:00
Vlad Tsyrklevich
3a5178e70a MC Helpers for llvm-cfi-verify.
Add instruction analysis and machinecode traversal helpers in
preparation for control flow graph generation implementation.

Reviewers: vlad.tsyrklevich

Reviewed By: vlad.tsyrklevich

Subscribers: mgorny, llvm-commits, pcc, kcc

Differential Revision: https://reviews.llvm.org/D38424

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@315528 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-11 23:17:29 +00:00
Vlad Tsyrklevich
9c28c0a064 Reland 'Classify llvm-cfi-verify.'
Summary: Move llvm-cfi-verify into a class in preparation for CFI analysis to come.

Reviewers: vlad.tsyrklevich

Reviewed By: vlad.tsyrklevich

Subscribers: mgorny, llvm-commits, pcc, kcc

Differential Revision: https://reviews.llvm.org/D38379

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@315504 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-11 20:35:01 +00:00