Hardware-assisted AddressSanitizer (llvm part).
Summary:
This is LLVM instrumentation for the new HWASan tool. It is basically
a stripped down copy of ASan at this point, w/o stack or global
support. Instrumenation adds a global constructor + runtime callbacks
for every load and store.
HWASan comes with its own IR attribute.
A brief design document can be found in
clang/docs/HardwareAssistedAddressSanitizerDesign.rst (submitted earlier).
Reviewers: kcc, pcc, alekseyshl
Subscribers: srhines, mehdi_amini, mgorny, javed.absar, eraman, llvm-commits, hiraditya
Differential Revision: https://reviews.llvm.org/D40932
llvm-svn: 320217
diff --git a/llvm/test/Transforms/GVN/no_speculative_loads_with_asan.ll b/llvm/test/Transforms/GVN/no_speculative_loads_with_asan.ll
index a83d7b6..72e0b4e 100644
--- a/llvm/test/Transforms/GVN/no_speculative_loads_with_asan.ll
+++ b/llvm/test/Transforms/GVN/no_speculative_loads_with_asan.ll
@@ -53,3 +53,30 @@
; CHECK-NOT: %[[LOAD:[^ ]+]] = load i32
; CHECK: {{.*}} = phi
+
+define i32 @TestHWAsan() sanitize_hwaddress {
+ %1 = tail call noalias i8* @_Znam(i64 2)
+ %2 = getelementptr inbounds i8, i8* %1, i64 1
+ store i8 0, i8* %2, align 1
+ store i8 0, i8* %1, align 1
+ %3 = bitcast i8* %1 to i16*
+ %4 = load i16, i16* %3, align 4
+ %5 = icmp eq i16 %4, 0
+ br i1 %5, label %11, label %6
+
+; <label>:6 ; preds = %0
+ %7 = getelementptr inbounds i8, i8* %1, i64 2
+ %8 = bitcast i8* %7 to i16*
+ %9 = load i16, i16* %8, align 2
+ %10 = sext i16 %9 to i32
+ br label %11
+
+; <label>:11 ; preds = %0, %6
+ %12 = phi i32 [ %10, %6 ], [ 0, %0 ]
+ ret i32 %12
+}
+
+; CHECK-LABEL: @TestHWAsan
+; CHECK-NOT: %[[LOAD:[^ ]+]] = load i32
+; CHECK: {{.*}} = phi
+
diff --git a/llvm/test/Transforms/Inline/attributes.ll b/llvm/test/Transforms/Inline/attributes.ll
index 1cc64b7..0df3cfa 100644
--- a/llvm/test/Transforms/Inline/attributes.ll
+++ b/llvm/test/Transforms/Inline/attributes.ll
@@ -10,6 +10,10 @@
ret i32 %i
}
+define i32 @sanitize_hwaddress_callee(i32 %i) sanitize_hwaddress {
+ ret i32 %i
+}
+
define i32 @sanitize_thread_callee(i32 %i) sanitize_thread {
ret i32 %i
}
@@ -30,6 +34,10 @@
ret i32 %i
}
+define i32 @alwaysinline_sanitize_hwaddress_callee(i32 %i) alwaysinline sanitize_hwaddress {
+ ret i32 %i
+}
+
define i32 @alwaysinline_sanitize_thread_callee(i32 %i) alwaysinline sanitize_thread {
ret i32 %i
}
@@ -59,6 +67,17 @@
; CHECK-NEXT: ret i32
}
+define i32 @test_no_sanitize_hwaddress(i32 %arg) {
+ %x1 = call i32 @noattr_callee(i32 %arg)
+ %x2 = call i32 @sanitize_hwaddress_callee(i32 %x1)
+ %x3 = call i32 @alwaysinline_callee(i32 %x2)
+ %x4 = call i32 @alwaysinline_sanitize_hwaddress_callee(i32 %x3)
+ ret i32 %x4
+; CHECK-LABEL: @test_no_sanitize_hwaddress(
+; CHECK-NEXT: @sanitize_hwaddress_callee
+; CHECK-NEXT: ret i32
+}
+
define i32 @test_no_sanitize_memory(i32 %arg) {
%x1 = call i32 @noattr_callee(i32 %arg)
%x2 = call i32 @sanitize_memory_callee(i32 %x1)
@@ -98,6 +117,17 @@
; CHECK-NEXT: ret i32
}
+define i32 @test_sanitize_hwaddress(i32 %arg) sanitize_hwaddress {
+ %x1 = call i32 @noattr_callee(i32 %arg)
+ %x2 = call i32 @sanitize_hwaddress_callee(i32 %x1)
+ %x3 = call i32 @alwaysinline_callee(i32 %x2)
+ %x4 = call i32 @alwaysinline_sanitize_hwaddress_callee(i32 %x3)
+ ret i32 %x4
+; CHECK-LABEL: @test_sanitize_hwaddress(
+; CHECK-NEXT: @noattr_callee
+; CHECK-NEXT: ret i32
+}
+
define i32 @test_sanitize_memory(i32 %arg) sanitize_memory {
%x1 = call i32 @noattr_callee(i32 %arg)
%x2 = call i32 @sanitize_memory_callee(i32 %x1)
diff --git a/llvm/test/Transforms/InstCombine/lifetime-asan.ll b/llvm/test/Transforms/InstCombine/lifetime-asan.ll
index 7fdc1fc..e7b996d 100644
--- a/llvm/test/Transforms/InstCombine/lifetime-asan.ll
+++ b/llvm/test/Transforms/InstCombine/lifetime-asan.ll
@@ -19,6 +19,20 @@
ret void
}
+define void @hwasan() sanitize_hwaddress {
+entry:
+ ; CHECK-LABEL: @hwasan(
+ %text = alloca i8, align 1
+
+ call void @llvm.lifetime.start.p0i8(i64 1, i8* %text)
+ call void @llvm.lifetime.end.p0i8(i64 1, i8* %text)
+ ; CHECK: call void @llvm.lifetime.start
+ ; CHECK-NEXT: call void @llvm.lifetime.end
+
+ call void @foo(i8* %text) ; Keep alloca alive
+
+ ret void
+}
define void @no_asan() {
entry:
diff --git a/llvm/test/Transforms/NewGVN/no_speculative_loads_with_asan.ll b/llvm/test/Transforms/NewGVN/no_speculative_loads_with_asan.ll
index a83d7b6..e1e5e4a 100644
--- a/llvm/test/Transforms/NewGVN/no_speculative_loads_with_asan.ll
+++ b/llvm/test/Transforms/NewGVN/no_speculative_loads_with_asan.ll
@@ -53,3 +53,29 @@
; CHECK-NOT: %[[LOAD:[^ ]+]] = load i32
; CHECK: {{.*}} = phi
+define i32 @TestHWAsan() sanitize_hwaddress {
+ %1 = tail call noalias i8* @_Znam(i64 2)
+ %2 = getelementptr inbounds i8, i8* %1, i64 1
+ store i8 0, i8* %2, align 1
+ store i8 0, i8* %1, align 1
+ %3 = bitcast i8* %1 to i16*
+ %4 = load i16, i16* %3, align 4
+ %5 = icmp eq i16 %4, 0
+ br i1 %5, label %11, label %6
+
+; <label>:6 ; preds = %0
+ %7 = getelementptr inbounds i8, i8* %1, i64 2
+ %8 = bitcast i8* %7 to i16*
+ %9 = load i16, i16* %8, align 2
+ %10 = sext i16 %9 to i32
+ br label %11
+
+; <label>:11 ; preds = %0, %6
+ %12 = phi i32 [ %10, %6 ], [ 0, %0 ]
+ ret i32 %12
+}
+
+; CHECK-LABEL: @TestHWAsan
+; CHECK-NOT: %[[LOAD:[^ ]+]] = load i32
+; CHECK: {{.*}} = phi
+
diff --git a/llvm/test/Transforms/SimplifyCFG/no_speculative_loads_with_asan.ll b/llvm/test/Transforms/SimplifyCFG/no_speculative_loads_with_asan.ll
index 063bde8..dfd0d71 100644
--- a/llvm/test/Transforms/SimplifyCFG/no_speculative_loads_with_asan.ll
+++ b/llvm/test/Transforms/SimplifyCFG/no_speculative_loads_with_asan.ll
@@ -38,3 +38,22 @@
; CHECK: br label
; CHECK: ret i32
}
+
+define i32 @TestHWAsan(i32 %cond) nounwind readonly uwtable sanitize_hwaddress {
+entry:
+ %tobool = icmp eq i32 %cond, 0
+ br i1 %tobool, label %return, label %if.then
+
+if.then: ; preds = %entry
+ %0 = load i32, i32* @g, align 4
+ br label %return
+
+return: ; preds = %entry, %if.then
+ %retval = phi i32 [ %0, %if.then ], [ 0, %entry ]
+ ret i32 %retval
+; CHECK-LABEL: @TestHWAsan
+; CHECK: br i1
+; CHECK: load i32, i32* @g
+; CHECK: br label
+; CHECK: ret i32
+}