-
Notifications
You must be signed in to change notification settings - Fork 11.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[asan] Enable StackSafetyAnalysis by default #77210
[asan] Enable StackSafetyAnalysis by default #77210
Conversation
@llvm/pr-subscribers-llvm-transforms Author: Fangrui Song (MaskRay) ChangesStackSafetyAnalysis determines whether stack-allocated variables are Test updates:
Full diff: https://github.com/llvm/llvm-project/pull/77210.diff 12 Files Affected:
diff --git a/compiler-rt/test/asan/TestCases/alloca_vla_interact.cpp b/compiler-rt/test/asan/TestCases/alloca_vla_interact.cpp
index 92b0afafc8db77..96ac4c7db291a0 100644
--- a/compiler-rt/test/asan/TestCases/alloca_vla_interact.cpp
+++ b/compiler-rt/test/asan/TestCases/alloca_vla_interact.cpp
@@ -33,6 +33,8 @@ __attribute__((noinline)) void foo(int len) {
if (i) assert(!__asan_region_is_poisoned(bot, 96));
// VLA is unpoisoned at the end of iteration.
volatile char array[i];
+ // Ensure that asan-use-stack-safety does not optimize out the poisoning.
+ if (i) array[0] = 0;
assert(!(reinterpret_cast<uintptr_t>(array) & 31L));
// Alloca is unpoisoned at the end of iteration,
// because dominated by VLA.
diff --git a/compiler-rt/test/asan/TestCases/scariness_score_test.cpp b/compiler-rt/test/asan/TestCases/scariness_score_test.cpp
index d73975feb6873b..9e55e33675fde3 100644
--- a/compiler-rt/test/asan/TestCases/scariness_score_test.cpp
+++ b/compiler-rt/test/asan/TestCases/scariness_score_test.cpp
@@ -1,7 +1,9 @@
// Test how we produce the scariness score.
// UAR Mode: runtime
-// RUN: %clangxx_asan -O0 %s -o %t
+// Case 26 loads a __asan_poison_memory_region-poisoned local variable, which is
+// only instrumented when StackSafetyAnalysis is disabled.
+// RUN: %clangxx_asan -O0 -mllvm -asan-use-stack-safety=0 %s -o %t
// On OSX and Windows, alloc_dealloc_mismatch=1 isn't 100% reliable, so it's
// off by default. It's safe for these tests, though, so we turn it on.
// RUN: export %env_asan_opts=symbolize=0:detect_stack_use_after_return=1:handle_abort=1:print_scariness=1:alloc_dealloc_mismatch=1
@@ -36,7 +38,7 @@
// RUN: not %run %t 27 2>&1 | FileCheck %s --check-prefix=CHECK27
//
// UAR Mode: always
-// RUN: %clangxx_asan -O0 %s -o %t -fsanitize-address-use-after-return=always
+// RUN: %clangxx_asan -O0 %s -o %t -fsanitize-address-use-after-return=always -mllvm -asan-use-stack-safety=0
// On OSX and Windows, alloc_dealloc_mismatch=1 isn't 100% reliable, so it's
// off by default. It's safe for these tests, though, so we turn it on.
// RUN: export %env_asan_opts=symbolize=0:handle_abort=1:print_scariness=1:alloc_dealloc_mismatch=1
diff --git a/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
index e3deafa49bd91e..5e7e08eaa9978d 100644
--- a/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
+++ b/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
@@ -216,7 +216,7 @@ static cl::opt<bool> ClInstrumentWrites(
cl::Hidden, cl::init(true));
static cl::opt<bool>
- ClUseStackSafety("asan-use-stack-safety", cl::Hidden, cl::init(false),
+ ClUseStackSafety("asan-use-stack-safety", cl::Hidden, cl::init(true),
cl::Hidden, cl::desc("Use Stack Safety analysis results"),
cl::Optional);
diff --git a/llvm/test/Instrumentation/AddressSanitizer/asan-stack-safety.ll b/llvm/test/Instrumentation/AddressSanitizer/asan-stack-safety.ll
index 9ba2dce6145f86..a7c1d24c061db1 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/asan-stack-safety.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/asan-stack-safety.ll
@@ -1,7 +1,7 @@
; REQUIRES: x86-registered-target
; RUN: opt < %s -S -asan-instrumentation-with-call-threshold=0 -passes=asan -asan-use-stack-safety=0 -o - | FileCheck %s --implicit-check-not="call {{.*}} @__asan_{{load|store|stack}}" --check-prefixes=CHECK,NOSAFETY
-; RUN: opt < %s -S -asan-instrumentation-with-call-threshold=0 -passes=asan -asan-use-stack-safety=1 -o - | FileCheck %s --implicit-check-not="call {{.*}} @__asan_{{load|store|stack}}"
+; RUN: opt < %s -S -asan-instrumentation-with-call-threshold=0 -passes=asan | FileCheck %s --implicit-check-not="call {{.*}} @__asan_{{load|store|stack}}"
; CHECK-LABEL: define i32 @load
define i32 @load() sanitize_address {
diff --git a/llvm/test/Instrumentation/AddressSanitizer/debug_info.ll b/llvm/test/Instrumentation/AddressSanitizer/debug_info.ll
index 4c678f984864ae..edd63c614857fe 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/debug_info.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/debug_info.ll
@@ -1,4 +1,4 @@
-; RUN: opt < %s -passes=asan -asan-use-after-return=never -S | FileCheck %s
+; RUN: opt < %s -passes=asan -asan-use-after-return=never -asan-use-stack-safety=0 -S | FileCheck %s
; Checks that llvm.dbg.declare instructions are updated
; accordingly as we merge allocas.
diff --git a/llvm/test/Instrumentation/AddressSanitizer/debug_info_noninstrumented_alloca2.ll b/llvm/test/Instrumentation/AddressSanitizer/debug_info_noninstrumented_alloca2.ll
index dff4e4be4acfc8..ea18f9ed320d01 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/debug_info_noninstrumented_alloca2.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/debug_info_noninstrumented_alloca2.ll
@@ -1,7 +1,7 @@
; Make sure we don't break the IR when moving non-instrumented allocas
-; RUN: opt < %s -passes=asan -S | FileCheck %s
-; RUN: opt < %s -passes=asan -asan-instrument-dynamic-allocas -S | FileCheck %s
+; RUN: opt < %s -passes=asan -asan-use-stack-safety=0 -S | FileCheck %s
+; RUN: opt < %s -passes=asan -asan-use-stack-safety=0 -asan-instrument-dynamic-allocas -S | FileCheck %s
target datalayout = "e-m:o-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-apple-macosx10.10.0"
diff --git a/llvm/test/Instrumentation/AddressSanitizer/hoist-argument-init-insts.ll b/llvm/test/Instrumentation/AddressSanitizer/hoist-argument-init-insts.ll
index 5fab725565c955..c882ac17d15a76 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/hoist-argument-init-insts.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/hoist-argument-init-insts.ll
@@ -1,4 +1,4 @@
-; RUN: opt < %s -passes=asan -S | FileCheck %s
+; RUN: opt < %s -passes=asan -asan-use-stack-safety=0 -S | FileCheck %s
; Source (-O0 -fsanitize=address -fsanitize-address-use-after-scope):
;; struct S { int x, y; };
diff --git a/llvm/test/Instrumentation/AddressSanitizer/lifetime-uar-uas.ll b/llvm/test/Instrumentation/AddressSanitizer/lifetime-uar-uas.ll
index 302205c4f6cad0..a40dad526a14dc 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/lifetime-uar-uas.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/lifetime-uar-uas.ll
@@ -11,26 +11,29 @@ target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f3
declare void @llvm.lifetime.start.p0(i64, ptr nocapture) nounwind
declare void @llvm.lifetime.end.p0(i64, ptr nocapture) nounwind
-define i32 @basic_test() sanitize_address {
- ; CHECK-LABEL: define i32 @basic_test()
+define i32 @basic_test(i64 %i) sanitize_address {
+ ; CHECK-LABEL: define i32 @basic_test(
entry:
%retval = alloca i32, align 4
- %c = alloca i8, align 1
+ %c = alloca [2 x i8], align 1
; Memory is poisoned in prologue: F1F1F1F104F3F8F2
; CHECK-UAS: store i64 -866676825215864335, ptr %{{[0-9]+}}
+ ; CHECK-UAS-SS-NOT: store i64
call void @llvm.lifetime.start.p0(i64 1, ptr %c)
; Memory is unpoisoned at llvm.lifetime.start: 01
- ; CHECK-UAS: store i8 1, ptr %{{[0-9]+}}
+ ; CHECK-UAS: store i8 2, ptr %{{[0-9]+}}
+ %ci = getelementptr inbounds [2 x i8], ptr %c, i64 0, i64 %i
store volatile i32 0, ptr %retval
- store volatile i8 0, ptr %c, align 1
+ store volatile i8 0, ptr %ci, align 1
call void @llvm.lifetime.end.p0(i64 1, ptr %c)
; Memory is poisoned at llvm.lifetime.end: F8
; CHECK-UAS: store i8 -8, ptr %{{[0-9]+}}
+ ; CHECK-UAS-SS-NOT: store i8 -8,
; Unpoison memory at function exit in UAS mode.
; CHECK-UAS: store i64 0, ptr %{{[0-9]+}}
diff --git a/llvm/test/Instrumentation/AddressSanitizer/lifetime.ll b/llvm/test/Instrumentation/AddressSanitizer/lifetime.ll
index b57605a6556745..56dfb1b311598c 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/lifetime.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/lifetime.ll
@@ -1,6 +1,6 @@
; Test handling of llvm.lifetime intrinsics.
-; RUN: opt < %s -passes=asan -asan-use-after-scope -asan-use-after-return=never -S | FileCheck %s --check-prefixes=CHECK,CHECK-DEFAULT
-; RUN: opt < %s -passes=asan -asan-use-after-scope -asan-use-after-return=never -asan-instrument-dynamic-allocas=0 -S | FileCheck %s --check-prefixes=CHECK,CHECK-NO-DYNAMIC
+; RUN: opt < %s -passes=asan -asan-use-after-scope -asan-use-after-return=never -asan-use-stack-safety=0 -S | FileCheck %s --check-prefixes=CHECK,CHECK-DEFAULT
+; RUN: opt < %s -passes=asan -asan-use-after-scope -asan-use-after-return=never -asan-use-stack-safety=0 -asan-instrument-dynamic-allocas=0 -S | FileCheck %s --check-prefixes=CHECK,CHECK-NO-DYNAMIC
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"
diff --git a/llvm/test/Instrumentation/AddressSanitizer/local_stack_base.ll b/llvm/test/Instrumentation/AddressSanitizer/local_stack_base.ll
index 43b402e1b166f2..4e8466b685689b 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/local_stack_base.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/local_stack_base.ll
@@ -1,4 +1,4 @@
-; RUN: opt -S -passes=asan -asan-skip-promotable-allocas=0 %s -o - | FileCheck %s
+; RUN: opt -S -passes=asan -asan-use-stack-safety=0 -asan-skip-promotable-allocas=0 %s -o - | FileCheck %s
; Generated from:
; int bar(int y) {
; return y + 2;
diff --git a/llvm/test/Instrumentation/AddressSanitizer/stack_dynamic_alloca.ll b/llvm/test/Instrumentation/AddressSanitizer/stack_dynamic_alloca.ll
index 98851b871393c5..cbb2001c45e651 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/stack_dynamic_alloca.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/stack_dynamic_alloca.ll
@@ -1,14 +1,14 @@
-; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca \
+; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca -asan-use-stack-safety=0 \
; RUN: -asan-use-after-return=runtime -S | FileCheck %s \
; RUN: --check-prefixes=CHECK,CHECK-RUNTIME
-; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca -asan-mapping-scale=5 \
+; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca -asan-mapping-scale=5 -asan-use-stack-safety=0 \
; RUN: -asan-use-after-return=runtime -S | FileCheck %s \
; RUN: --check-prefixes=CHECK,CHECK-RUNTIME
-; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca \
+; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca -asan-use-stack-safety=0 \
; RUN: -asan-use-after-return=always -S | FileCheck %s \
; RUN: --check-prefixes=CHECK,CHECK-ALWAYS \
; RUN: --implicit-check-not=__asan_option_detect_stack_use_after_return
-; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca \
+; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca -asan-use-stack-safety=0 \
; RUN: -asan-use-after-return=always -S | FileCheck %s \
; RUN: --check-prefixes=CHECK,CHECK-ALWAYS \
; RUN: --implicit-check-not=__asan_option_detect_stack_use_after_return
diff --git a/llvm/test/Instrumentation/AddressSanitizer/stack_layout.ll b/llvm/test/Instrumentation/AddressSanitizer/stack_layout.ll
index 726f628607dae1..48465be36789d6 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/stack_layout.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/stack_layout.ll
@@ -1,8 +1,8 @@
; Test the ASan's stack layout.
; More tests in tests/Transforms/Utils/ASanStackFrameLayoutTest.cpp
-; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca=0 -asan-use-after-scope -S \
+; RUN: opt < %s -passes=asan -asan-use-stack-safety=0 -asan-stack-dynamic-alloca=0 -asan-use-after-scope -S \
; RUN: | FileCheck %s --check-prefixes=CHECK,CHECK-STATIC
-; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca=1 -asan-use-after-scope -S \
+; RUN: opt < %s -passes=asan -asan-use-stack-safety=0 -asan-stack-dynamic-alloca=1 -asan-use-after-scope -S \
; RUN: | FileCheck %s --check-prefixes=CHECK,CHECK-DYNAMIC
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
|
@llvm/pr-subscribers-compiler-rt-sanitizer Author: Fangrui Song (MaskRay) ChangesStackSafetyAnalysis determines whether stack-allocated variables are Test updates:
Full diff: https://github.com/llvm/llvm-project/pull/77210.diff 12 Files Affected:
diff --git a/compiler-rt/test/asan/TestCases/alloca_vla_interact.cpp b/compiler-rt/test/asan/TestCases/alloca_vla_interact.cpp
index 92b0afafc8db77..96ac4c7db291a0 100644
--- a/compiler-rt/test/asan/TestCases/alloca_vla_interact.cpp
+++ b/compiler-rt/test/asan/TestCases/alloca_vla_interact.cpp
@@ -33,6 +33,8 @@ __attribute__((noinline)) void foo(int len) {
if (i) assert(!__asan_region_is_poisoned(bot, 96));
// VLA is unpoisoned at the end of iteration.
volatile char array[i];
+ // Ensure that asan-use-stack-safety does not optimize out the poisoning.
+ if (i) array[0] = 0;
assert(!(reinterpret_cast<uintptr_t>(array) & 31L));
// Alloca is unpoisoned at the end of iteration,
// because dominated by VLA.
diff --git a/compiler-rt/test/asan/TestCases/scariness_score_test.cpp b/compiler-rt/test/asan/TestCases/scariness_score_test.cpp
index d73975feb6873b..9e55e33675fde3 100644
--- a/compiler-rt/test/asan/TestCases/scariness_score_test.cpp
+++ b/compiler-rt/test/asan/TestCases/scariness_score_test.cpp
@@ -1,7 +1,9 @@
// Test how we produce the scariness score.
// UAR Mode: runtime
-// RUN: %clangxx_asan -O0 %s -o %t
+// Case 26 loads a __asan_poison_memory_region-poisoned local variable, which is
+// only instrumented when StackSafetyAnalysis is disabled.
+// RUN: %clangxx_asan -O0 -mllvm -asan-use-stack-safety=0 %s -o %t
// On OSX and Windows, alloc_dealloc_mismatch=1 isn't 100% reliable, so it's
// off by default. It's safe for these tests, though, so we turn it on.
// RUN: export %env_asan_opts=symbolize=0:detect_stack_use_after_return=1:handle_abort=1:print_scariness=1:alloc_dealloc_mismatch=1
@@ -36,7 +38,7 @@
// RUN: not %run %t 27 2>&1 | FileCheck %s --check-prefix=CHECK27
//
// UAR Mode: always
-// RUN: %clangxx_asan -O0 %s -o %t -fsanitize-address-use-after-return=always
+// RUN: %clangxx_asan -O0 %s -o %t -fsanitize-address-use-after-return=always -mllvm -asan-use-stack-safety=0
// On OSX and Windows, alloc_dealloc_mismatch=1 isn't 100% reliable, so it's
// off by default. It's safe for these tests, though, so we turn it on.
// RUN: export %env_asan_opts=symbolize=0:handle_abort=1:print_scariness=1:alloc_dealloc_mismatch=1
diff --git a/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
index e3deafa49bd91e..5e7e08eaa9978d 100644
--- a/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
+++ b/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
@@ -216,7 +216,7 @@ static cl::opt<bool> ClInstrumentWrites(
cl::Hidden, cl::init(true));
static cl::opt<bool>
- ClUseStackSafety("asan-use-stack-safety", cl::Hidden, cl::init(false),
+ ClUseStackSafety("asan-use-stack-safety", cl::Hidden, cl::init(true),
cl::Hidden, cl::desc("Use Stack Safety analysis results"),
cl::Optional);
diff --git a/llvm/test/Instrumentation/AddressSanitizer/asan-stack-safety.ll b/llvm/test/Instrumentation/AddressSanitizer/asan-stack-safety.ll
index 9ba2dce6145f86..a7c1d24c061db1 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/asan-stack-safety.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/asan-stack-safety.ll
@@ -1,7 +1,7 @@
; REQUIRES: x86-registered-target
; RUN: opt < %s -S -asan-instrumentation-with-call-threshold=0 -passes=asan -asan-use-stack-safety=0 -o - | FileCheck %s --implicit-check-not="call {{.*}} @__asan_{{load|store|stack}}" --check-prefixes=CHECK,NOSAFETY
-; RUN: opt < %s -S -asan-instrumentation-with-call-threshold=0 -passes=asan -asan-use-stack-safety=1 -o - | FileCheck %s --implicit-check-not="call {{.*}} @__asan_{{load|store|stack}}"
+; RUN: opt < %s -S -asan-instrumentation-with-call-threshold=0 -passes=asan | FileCheck %s --implicit-check-not="call {{.*}} @__asan_{{load|store|stack}}"
; CHECK-LABEL: define i32 @load
define i32 @load() sanitize_address {
diff --git a/llvm/test/Instrumentation/AddressSanitizer/debug_info.ll b/llvm/test/Instrumentation/AddressSanitizer/debug_info.ll
index 4c678f984864ae..edd63c614857fe 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/debug_info.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/debug_info.ll
@@ -1,4 +1,4 @@
-; RUN: opt < %s -passes=asan -asan-use-after-return=never -S | FileCheck %s
+; RUN: opt < %s -passes=asan -asan-use-after-return=never -asan-use-stack-safety=0 -S | FileCheck %s
; Checks that llvm.dbg.declare instructions are updated
; accordingly as we merge allocas.
diff --git a/llvm/test/Instrumentation/AddressSanitizer/debug_info_noninstrumented_alloca2.ll b/llvm/test/Instrumentation/AddressSanitizer/debug_info_noninstrumented_alloca2.ll
index dff4e4be4acfc8..ea18f9ed320d01 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/debug_info_noninstrumented_alloca2.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/debug_info_noninstrumented_alloca2.ll
@@ -1,7 +1,7 @@
; Make sure we don't break the IR when moving non-instrumented allocas
-; RUN: opt < %s -passes=asan -S | FileCheck %s
-; RUN: opt < %s -passes=asan -asan-instrument-dynamic-allocas -S | FileCheck %s
+; RUN: opt < %s -passes=asan -asan-use-stack-safety=0 -S | FileCheck %s
+; RUN: opt < %s -passes=asan -asan-use-stack-safety=0 -asan-instrument-dynamic-allocas -S | FileCheck %s
target datalayout = "e-m:o-i64:64-f80:128-n8:16:32:64-S128"
target triple = "x86_64-apple-macosx10.10.0"
diff --git a/llvm/test/Instrumentation/AddressSanitizer/hoist-argument-init-insts.ll b/llvm/test/Instrumentation/AddressSanitizer/hoist-argument-init-insts.ll
index 5fab725565c955..c882ac17d15a76 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/hoist-argument-init-insts.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/hoist-argument-init-insts.ll
@@ -1,4 +1,4 @@
-; RUN: opt < %s -passes=asan -S | FileCheck %s
+; RUN: opt < %s -passes=asan -asan-use-stack-safety=0 -S | FileCheck %s
; Source (-O0 -fsanitize=address -fsanitize-address-use-after-scope):
;; struct S { int x, y; };
diff --git a/llvm/test/Instrumentation/AddressSanitizer/lifetime-uar-uas.ll b/llvm/test/Instrumentation/AddressSanitizer/lifetime-uar-uas.ll
index 302205c4f6cad0..a40dad526a14dc 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/lifetime-uar-uas.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/lifetime-uar-uas.ll
@@ -11,26 +11,29 @@ target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f3
declare void @llvm.lifetime.start.p0(i64, ptr nocapture) nounwind
declare void @llvm.lifetime.end.p0(i64, ptr nocapture) nounwind
-define i32 @basic_test() sanitize_address {
- ; CHECK-LABEL: define i32 @basic_test()
+define i32 @basic_test(i64 %i) sanitize_address {
+ ; CHECK-LABEL: define i32 @basic_test(
entry:
%retval = alloca i32, align 4
- %c = alloca i8, align 1
+ %c = alloca [2 x i8], align 1
; Memory is poisoned in prologue: F1F1F1F104F3F8F2
; CHECK-UAS: store i64 -866676825215864335, ptr %{{[0-9]+}}
+ ; CHECK-UAS-SS-NOT: store i64
call void @llvm.lifetime.start.p0(i64 1, ptr %c)
; Memory is unpoisoned at llvm.lifetime.start: 01
- ; CHECK-UAS: store i8 1, ptr %{{[0-9]+}}
+ ; CHECK-UAS: store i8 2, ptr %{{[0-9]+}}
+ %ci = getelementptr inbounds [2 x i8], ptr %c, i64 0, i64 %i
store volatile i32 0, ptr %retval
- store volatile i8 0, ptr %c, align 1
+ store volatile i8 0, ptr %ci, align 1
call void @llvm.lifetime.end.p0(i64 1, ptr %c)
; Memory is poisoned at llvm.lifetime.end: F8
; CHECK-UAS: store i8 -8, ptr %{{[0-9]+}}
+ ; CHECK-UAS-SS-NOT: store i8 -8,
; Unpoison memory at function exit in UAS mode.
; CHECK-UAS: store i64 0, ptr %{{[0-9]+}}
diff --git a/llvm/test/Instrumentation/AddressSanitizer/lifetime.ll b/llvm/test/Instrumentation/AddressSanitizer/lifetime.ll
index b57605a6556745..56dfb1b311598c 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/lifetime.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/lifetime.ll
@@ -1,6 +1,6 @@
; Test handling of llvm.lifetime intrinsics.
-; RUN: opt < %s -passes=asan -asan-use-after-scope -asan-use-after-return=never -S | FileCheck %s --check-prefixes=CHECK,CHECK-DEFAULT
-; RUN: opt < %s -passes=asan -asan-use-after-scope -asan-use-after-return=never -asan-instrument-dynamic-allocas=0 -S | FileCheck %s --check-prefixes=CHECK,CHECK-NO-DYNAMIC
+; RUN: opt < %s -passes=asan -asan-use-after-scope -asan-use-after-return=never -asan-use-stack-safety=0 -S | FileCheck %s --check-prefixes=CHECK,CHECK-DEFAULT
+; RUN: opt < %s -passes=asan -asan-use-after-scope -asan-use-after-return=never -asan-use-stack-safety=0 -asan-instrument-dynamic-allocas=0 -S | FileCheck %s --check-prefixes=CHECK,CHECK-NO-DYNAMIC
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
target triple = "x86_64-unknown-linux-gnu"
diff --git a/llvm/test/Instrumentation/AddressSanitizer/local_stack_base.ll b/llvm/test/Instrumentation/AddressSanitizer/local_stack_base.ll
index 43b402e1b166f2..4e8466b685689b 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/local_stack_base.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/local_stack_base.ll
@@ -1,4 +1,4 @@
-; RUN: opt -S -passes=asan -asan-skip-promotable-allocas=0 %s -o - | FileCheck %s
+; RUN: opt -S -passes=asan -asan-use-stack-safety=0 -asan-skip-promotable-allocas=0 %s -o - | FileCheck %s
; Generated from:
; int bar(int y) {
; return y + 2;
diff --git a/llvm/test/Instrumentation/AddressSanitizer/stack_dynamic_alloca.ll b/llvm/test/Instrumentation/AddressSanitizer/stack_dynamic_alloca.ll
index 98851b871393c5..cbb2001c45e651 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/stack_dynamic_alloca.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/stack_dynamic_alloca.ll
@@ -1,14 +1,14 @@
-; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca \
+; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca -asan-use-stack-safety=0 \
; RUN: -asan-use-after-return=runtime -S | FileCheck %s \
; RUN: --check-prefixes=CHECK,CHECK-RUNTIME
-; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca -asan-mapping-scale=5 \
+; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca -asan-mapping-scale=5 -asan-use-stack-safety=0 \
; RUN: -asan-use-after-return=runtime -S | FileCheck %s \
; RUN: --check-prefixes=CHECK,CHECK-RUNTIME
-; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca \
+; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca -asan-use-stack-safety=0 \
; RUN: -asan-use-after-return=always -S | FileCheck %s \
; RUN: --check-prefixes=CHECK,CHECK-ALWAYS \
; RUN: --implicit-check-not=__asan_option_detect_stack_use_after_return
-; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca \
+; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca -asan-use-stack-safety=0 \
; RUN: -asan-use-after-return=always -S | FileCheck %s \
; RUN: --check-prefixes=CHECK,CHECK-ALWAYS \
; RUN: --implicit-check-not=__asan_option_detect_stack_use_after_return
diff --git a/llvm/test/Instrumentation/AddressSanitizer/stack_layout.ll b/llvm/test/Instrumentation/AddressSanitizer/stack_layout.ll
index 726f628607dae1..48465be36789d6 100644
--- a/llvm/test/Instrumentation/AddressSanitizer/stack_layout.ll
+++ b/llvm/test/Instrumentation/AddressSanitizer/stack_layout.ll
@@ -1,8 +1,8 @@
; Test the ASan's stack layout.
; More tests in tests/Transforms/Utils/ASanStackFrameLayoutTest.cpp
-; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca=0 -asan-use-after-scope -S \
+; RUN: opt < %s -passes=asan -asan-use-stack-safety=0 -asan-stack-dynamic-alloca=0 -asan-use-after-scope -S \
; RUN: | FileCheck %s --check-prefixes=CHECK,CHECK-STATIC
-; RUN: opt < %s -passes=asan -asan-stack-dynamic-alloca=1 -asan-use-after-scope -S \
+; RUN: opt < %s -passes=asan -asan-use-stack-safety=0 -asan-stack-dynamic-alloca=1 -asan-use-after-scope -S \
; RUN: | FileCheck %s --check-prefixes=CHECK,CHECK-DYNAMIC
target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128"
|
You can test this locally with the following command:git-clang-format --diff 92e243173c09fc78c25814a7d7e392971034f5be ae7898223ac26b246a2e513ccfdfecea82716170 -- compiler-rt/test/asan/TestCases/alloca_vla_interact.cpp compiler-rt/test/asan/TestCases/scariness_score_test.cpp llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp View the diff from clang-format here.diff --git a/compiler-rt/test/asan/TestCases/alloca_vla_interact.cpp b/compiler-rt/test/asan/TestCases/alloca_vla_interact.cpp
index 96ac4c7db2..6b8fd29919 100644
--- a/compiler-rt/test/asan/TestCases/alloca_vla_interact.cpp
+++ b/compiler-rt/test/asan/TestCases/alloca_vla_interact.cpp
@@ -34,7 +34,8 @@ __attribute__((noinline)) void foo(int len) {
// VLA is unpoisoned at the end of iteration.
volatile char array[i];
// Ensure that asan-use-stack-safety does not optimize out the poisoning.
- if (i) array[0] = 0;
+ if (i)
+ array[0] = 0;
assert(!(reinterpret_cast<uintptr_t>(array) & 31L));
// Alloca is unpoisoned at the end of iteration,
// because dominated by VLA.
|
StackSafetyAnalysis determines whether stack-allocated variables are safe from memory access bugs and allows removing certain unneeded instrumentations. (hwasan enables StackSafetyAnalysis in https://reviews.llvm.org/D108381) Test updates: * asan-stack-safety.ll: test the -asan-use-stack-safety=1 default * lifetime-uar-uas.ll: switch to an indexed store to prevent StackSafetyAnalysis from optimizing out instrumentation for %c * alloca_vla_interact.cpp: add a load to prevent StackSafetyAnalysis from optimizing out `__asan_alloca_poison` for the VLA `array` * scariness_score_test.cpp: add -asan-use-stack-safety=0 to make a load of a `__asan_poison_memory_region`-poisoned local variable fail as intended. * other .ll tests: add -asan-use-stack-safety=0 Pull Request: #77210
0e33450
to
af33fcd
Compare
…tcord-spr/76097 Created using spr 1.3.4
Heads up! This causes clang crash:
Attached source code: glslang_lex_autogen-7bfb0a.txt (Since it doesn't allow me to attach file ends with .cpp, I changed the suffix to .txt) |
Reverted at e7f7948. Will file an issue to track it once reducing is done. |
I've reduced it. It's code like below where a memcpy confused StackSafetyAnalysis in a int floatsuffix_check(TParseContext *context)
{
struct yyguts_t *yyg = (struct yyguts_t *)context->getScanner();
if (context->getShaderVersion() < 300)
{
context->error(*yyg->yylloc_r, "Floating-point suffix unsupported prior to GLSL ES 3.00", yyg->yytext_r);
return 0;
}
std::string text = yyg->yytext_r;
text.resize(text.size() - 1); /////////
if (!strtof_clamp(text, &(yyg->yylval_r->lex.f)))
yyg->yyextra_r->warning(*yyg->yylloc_r, "Float overflow", yyg->yytext_r);
return (FLOATCONSTANT);
} Further reduced to #include <string>
bool strtof_clamp(const std::string &str);
void floatsuffix_check(char *yytext_r) {
std::string text = yytext_r;
text.resize(text.size() - 1);
strtof_clamp(text);
} |
Clang generates llvm.memset.p0.i64 with size of -1 for following code in `-stdlib=libc++ -std=c++20` mode (llvm#77210 (comment)) ```cpp bool strtof_clamp(const std::string &str); void floatsuffix_check(char *yytext_r) { std::string text = yytext_r; text.resize(text.size() - 1); strtof_clamp(text); } ``` `Sizes = [0xffffffffffffffff, 0)`. `SizeRange` is `[0, 0-1)`, leading to `assert(!isUnsafe(SizeRange));` failure. Bail out if memset size is -1.
Clang generates llvm.memset.p0.i64 with a length of -1 for the following code in `-stdlib=libc++ -std=c++20` mode (#77210 (comment)) ```cpp bool strtof_clamp(const std::string &str); void floatsuffix_check(char *yytext_r) { std::string text = yytext_r; text.resize(text.size() - 1); strtof_clamp(text); } ``` `Sizes = [0xffffffffffffffff, 0)`. `SizeRange = [0, 0-1)`, leading to `assert(!isUnsafe(SizeRange));` failure. Bail out if the length is -1. Other negative values are handled by the existing condition.
StackSafetyAnalysis determines whether stack-allocated variables are guaranteed to be safe from memory access bugs and enables the removal of certain unneeded instrumentations. (hwasan enables StackSafetyAnalysis in https://reviews.llvm.org/D108381) In a release build of clang, text sections are 9% smaller. Test updates: * asan-stack-safety.ll: test the -asan-use-stack-safety=1 default * lifetime-uar-uas.ll: switch to an indexed store to prevent StackSafetyAnalysis from optimizing out instrumentation for %c * alloca_vla_interact.cpp: add a load to prevent StackSafetyAnalysis from optimizing out `__asan_alloca_poison` for the VLA `array` * scariness_score_test.cpp: add -asan-use-stack-safety=0 to make a load of a `__asan_poison_memory_region`-poisoned local variable fail as intended. * other .ll tests: add -asan-use-stack-safety=0 Reviewed By: kstoimenov Pull Request: #77210
I guess we we should avoid ClUseStackSafety for -O0 |
There may be two competing goals. The traditional one that
However, there is a difference. Here the optimizations apply to the instrumentation (extra code), not the user code, so perhaps the traditional goal applies less and it isn't too bad to run StackSafetyAnalysis at -O0 for consistent with other -O levels, as long as it isn't too slow? |
This now causes failures in the SystemZ build bot: |
Looking at this a bit more, before this patch the stack alignment test passes because the IR is instrumented to include a call to Not sure why the |
@MaskRay can you help address #77210 (comment) , test cases are failing on LoZ buildbot. Thanks |
The test (from https://reviews.llvm.org/D7098) is about the interaction of VLA and alloca where the VLA causes alloca to have the same address. This is mostly about behavior checking and less about instrumentation correctness, so I think it is fair to disable it for a platform that does not work after StackSafetyAnalysis is enabled by default (#77210).
Disabled the test on |
@MaskRay I've done a bit more analysis now, and what seems to be going on is that with stack safety analysis off, this check:
succeeds because the VLA allocation gets instrumented, and therefore the VLA address is guaranteed to be 32-byte aligned. However, with stack safety analysis on, that analysis (correctly) detects that the VLA is actually never accessed, and therefore the allocation does not need be instrumented. Because it is isn't instrumented, it remains a regular alloca without special alignment requirements. Therefore, there is no guarantee that the assert will succeed. If the incoming stack pointer happened to already be 32-byte aligned, it will succeed - otherwise (and that's the cases where we're seeing failures on s390x), it will not. This seems to be a platform-independent bug that just happens to be visible only on some platforms sometimes. |
Thanks for the analysis. However, on s390x, #78774 should fix the failure on s390x. Note: |
StackSafetyAnalysis determines whether stack-allocated variables are guaranteed to be safe from memory access bugs and enables the removal of certain unneeded instrumentations. (hwasan enables StackSafetyAnalysis in https://reviews.llvm.org/D108381) Test updates: * asan-stack-safety.ll: test the -asan-use-stack-safety=1 default * lifetime-uar-uas.ll: switch to an indexed store to prevent StackSafetyAnalysis from optimizing out instrumentation for %c * alloca_vla_interact.cpp: add a load to prevent StackSafetyAnalysis from optimizing out `__asan_alloca_poison` for the VLA `array` * scariness_score_test.cpp: add -asan-use-stack-safety=0 to make a load of a `__asan_poison_memory_region`-poisoned local variable fail as intended. * other .ll tests: add -asan-use-stack-safety=0 Reviewers: kstoimenov, eugenis, vitalybuka Reviewed By: kstoimenov Pull Request: llvm#77210
Clang generates llvm.memset.p0.i64 with a length of -1 for the following code in `-stdlib=libc++ -std=c++20` mode (llvm#77210 (comment)) ```cpp bool strtof_clamp(const std::string &str); void floatsuffix_check(char *yytext_r) { std::string text = yytext_r; text.resize(text.size() - 1); strtof_clamp(text); } ``` `Sizes = [0xffffffffffffffff, 0)`. `SizeRange = [0, 0-1)`, leading to `assert(!isUnsafe(SizeRange));` failure. Bail out if the length is -1. Other negative values are handled by the existing condition.
StackSafetyAnalysis determines whether stack-allocated variables are guaranteed to be safe from memory access bugs and enables the removal of certain unneeded instrumentations. (hwasan enables StackSafetyAnalysis in https://reviews.llvm.org/D108381) In a release build of clang, text sections are 9% smaller. Test updates: * asan-stack-safety.ll: test the -asan-use-stack-safety=1 default * lifetime-uar-uas.ll: switch to an indexed store to prevent StackSafetyAnalysis from optimizing out instrumentation for %c * alloca_vla_interact.cpp: add a load to prevent StackSafetyAnalysis from optimizing out `__asan_alloca_poison` for the VLA `array` * scariness_score_test.cpp: add -asan-use-stack-safety=0 to make a load of a `__asan_poison_memory_region`-poisoned local variable fail as intended. * other .ll tests: add -asan-use-stack-safety=0 Reviewed By: kstoimenov Pull Request: llvm#77210
StackSafetyAnalysis determines whether stack-allocated variables are
guaranteed to be safe from memory access bugs and enables the removal of
certain unneeded instrumentations.
(hwasan enables StackSafetyAnalysis in https://reviews.llvm.org/D108381)
In a release build of clang, text sections are 9% smaller.
Test updates:
StackSafetyAnalysis from optimizing out instrumentation for %c
from optimizing out
__asan_alloca_poison
for the VLAarray
of a
__asan_poison_memory_region
-poisoned local variable fail asintended.