[hwasan] Consider order of mapping copts #109621

vitalybuka · 2024-09-23T07:26:32Z

Flags "-hwasan-mapping-offset" and
"-hwasan-mapping-offset-dynamic" are mutually
exclusive, use the last one.

Created using spr 1.3.4 [skip ci]

Created using spr 1.3.4

llvmbot · 2024-09-23T07:27:07Z

@llvm/pr-subscribers-llvm-transforms

Author: Vitaly Buka (vitalybuka)

Changes

Flags "-hwasan-mapping-offset" and
"-hwasan-mapping-offset-dynamic" are mutually
exclusive, use the last one.

Full diff: https://github.com/llvm/llvm-project/pull/109621.diff

2 Files Affected:

(modified) llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp (+8-4)
(added) llvm/test/Instrumentation/HWAddressSanitizer/mapping-override.ll (+50)

diff --git a/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
index e386fa5d50b4d6..a70bfd121a2647 100644
--- a/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
+++ b/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
@@ -1938,14 +1938,18 @@ void HWAddressSanitizer::ShadowMapping::init(Triple &TargetTriple,
     // Fuchsia is always PIE, which means that the beginning of the address
     // space is always available.
     SetFixed(0);
-  } else if (ClMappingOffset.getNumOccurrences() > 0) {
-    SetFixed(ClMappingOffset);
   } else if (ClEnableKhwasan || InstrumentWithCalls) {
     SetFixed(0);
     WithFrameRecord = false;
-  } else if (ClMappingOffsetDynamic.getNumOccurrences() > 0) {
-    Kind = ClMappingOffsetDynamic;
   }
 
   WithFrameRecord = optOr(ClFrameRecords, WithFrameRecord);
+
+  // Apply the last of ClMappingOffset and ClMappingOffsetDynamic.
+  Kind = optOr(ClMappingOffsetDynamic, Kind);
+  if (ClMappingOffset.getNumOccurrences() > 0 &&
+      !(ClMappingOffsetDynamic.getNumOccurrences() > 0 &&
+        ClMappingOffsetDynamic.getPosition() > ClMappingOffset.getPosition())) {
+    SetFixed(ClMappingOffset);
+  }
 }
diff --git a/llvm/test/Instrumentation/HWAddressSanitizer/mapping-override.ll b/llvm/test/Instrumentation/HWAddressSanitizer/mapping-override.ll
new file mode 100644
index 00000000000000..5cd23f3ebe2b07
--- /dev/null
+++ b/llvm/test/Instrumentation/HWAddressSanitizer/mapping-override.ll
@@ -0,0 +1,50 @@
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py UTC_ARGS: --version 2
+
+; RUN: opt < %s -passes=hwasan -S | FileCheck %s
+; RUN: opt < %s -passes=hwasan -hwasan-mapping-offset-dynamic=global -S | FileCheck %s --check-prefixes=GLOBAL
+; RUN: opt < %s -passes=hwasan -hwasan-mapping-offset=567 -S | FileCheck %s --check-prefixes=FIXED
+; RUN: opt < %s -passes=hwasan -hwasan-mapping-offset=567 -hwasan-mapping-offset-dynamic=global -S | FileCheck %s --check-prefixes=FIXED-GLOBAL
+; RUN: opt < %s -passes=hwasan -hwasan-mapping-offset-dynamic=global -hwasan-mapping-offset=567 -S | FileCheck %s --check-prefixes=GLOBAL-FIXED
+
+target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
+target triple = "aarch64--linux-android"
+
+define i8 @test_load8(ptr %a) sanitize_hwaddress {
+; CHECK-LABEL: define i8 @test_load8
+; CHECK-SAME: (ptr [[A:%.*]]) #[[ATTR0:[0-9]+]] {
+; CHECK-NEXT:    [[DOTHWASAN_SHADOW:%.*]] = call ptr asm "", "=r,0"(ptr @__hwasan_shadow)
+; CHECK-NEXT:    call void @llvm.hwasan.check.memaccess(ptr [[DOTHWASAN_SHADOW]], ptr [[A]], i32 0)
+; CHECK-NEXT:    [[B:%.*]] = load i8, ptr [[A]], align 4
+; CHECK-NEXT:    ret i8 [[B]]
+;
+; GLOBAL-LABEL: define i8 @test_load8
+; GLOBAL-SAME: (ptr [[A:%.*]]) #[[ATTR0:[0-9]+]] {
+; GLOBAL-NEXT:    [[TMP1:%.*]] = load ptr, ptr @__hwasan_shadow_memory_dynamic_address, align 8
+; GLOBAL-NEXT:    call void @llvm.hwasan.check.memaccess(ptr [[TMP1]], ptr [[A]], i32 0)
+; GLOBAL-NEXT:    [[B:%.*]] = load i8, ptr [[A]], align 4
+; GLOBAL-NEXT:    ret i8 [[B]]
+;
+; FIXED-LABEL: define i8 @test_load8
+; FIXED-SAME: (ptr [[A:%.*]]) #[[ATTR0:[0-9]+]] {
+; FIXED-NEXT:    [[DOTHWASAN_SHADOW:%.*]] = call ptr asm "", "=r,0"(ptr inttoptr (i64 567 to ptr))
+; FIXED-NEXT:    call void @llvm.hwasan.check.memaccess(ptr [[DOTHWASAN_SHADOW]], ptr [[A]], i32 0)
+; FIXED-NEXT:    [[B:%.*]] = load i8, ptr [[A]], align 4
+; FIXED-NEXT:    ret i8 [[B]]
+;
+; FIXED-GLOBAL-LABEL: define i8 @test_load8
+; FIXED-GLOBAL-SAME: (ptr [[A:%.*]]) #[[ATTR0:[0-9]+]] {
+; FIXED-GLOBAL-NEXT:    [[TMP1:%.*]] = load ptr, ptr @__hwasan_shadow_memory_dynamic_address, align 8
+; FIXED-GLOBAL-NEXT:    call void @llvm.hwasan.check.memaccess(ptr [[TMP1]], ptr [[A]], i32 0)
+; FIXED-GLOBAL-NEXT:    [[B:%.*]] = load i8, ptr [[A]], align 4
+; FIXED-GLOBAL-NEXT:    ret i8 [[B]]
+;
+; GLOBAL-FIXED-LABEL: define i8 @test_load8
+; GLOBAL-FIXED-SAME: (ptr [[A:%.*]]) #[[ATTR0:[0-9]+]] {
+; GLOBAL-FIXED-NEXT:    [[DOTHWASAN_SHADOW:%.*]] = call ptr asm "", "=r,0"(ptr inttoptr (i64 567 to ptr))
+; GLOBAL-FIXED-NEXT:    call void @llvm.hwasan.check.memaccess(ptr [[DOTHWASAN_SHADOW]], ptr [[A]], i32 0)
+; GLOBAL-FIXED-NEXT:    [[B:%.*]] = load i8, ptr [[A]], align 4
+; GLOBAL-FIXED-NEXT:    ret i8 [[B]]
+;
+  %b = load i8, ptr %a, align 4
+  ret i8 %b
+}

llvmbot · 2024-09-23T07:27:07Z

@llvm/pr-subscribers-compiler-rt-sanitizer

Author: Vitaly Buka (vitalybuka)

Changes

Flags "-hwasan-mapping-offset" and
"-hwasan-mapping-offset-dynamic" are mutually
exclusive, use the last one.

Full diff: https://github.com/llvm/llvm-project/pull/109621.diff

2 Files Affected:

(modified) llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp (+8-4)
(added) llvm/test/Instrumentation/HWAddressSanitizer/mapping-override.ll (+50)

diff --git a/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
index e386fa5d50b4d6..a70bfd121a2647 100644
--- a/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
+++ b/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
@@ -1938,14 +1938,18 @@ void HWAddressSanitizer::ShadowMapping::init(Triple &TargetTriple,
     // Fuchsia is always PIE, which means that the beginning of the address
     // space is always available.
     SetFixed(0);
-  } else if (ClMappingOffset.getNumOccurrences() > 0) {
-    SetFixed(ClMappingOffset);
   } else if (ClEnableKhwasan || InstrumentWithCalls) {
     SetFixed(0);
     WithFrameRecord = false;
-  } else if (ClMappingOffsetDynamic.getNumOccurrences() > 0) {
-    Kind = ClMappingOffsetDynamic;
   }
 
   WithFrameRecord = optOr(ClFrameRecords, WithFrameRecord);
+
+  // Apply the last of ClMappingOffset and ClMappingOffsetDynamic.
+  Kind = optOr(ClMappingOffsetDynamic, Kind);
+  if (ClMappingOffset.getNumOccurrences() > 0 &&
+      !(ClMappingOffsetDynamic.getNumOccurrences() > 0 &&
+        ClMappingOffsetDynamic.getPosition() > ClMappingOffset.getPosition())) {
+    SetFixed(ClMappingOffset);
+  }
 }
diff --git a/llvm/test/Instrumentation/HWAddressSanitizer/mapping-override.ll b/llvm/test/Instrumentation/HWAddressSanitizer/mapping-override.ll
new file mode 100644
index 00000000000000..5cd23f3ebe2b07
--- /dev/null
+++ b/llvm/test/Instrumentation/HWAddressSanitizer/mapping-override.ll
@@ -0,0 +1,50 @@
+; NOTE: Assertions have been autogenerated by utils/update_test_checks.py UTC_ARGS: --version 2
+
+; RUN: opt < %s -passes=hwasan -S | FileCheck %s
+; RUN: opt < %s -passes=hwasan -hwasan-mapping-offset-dynamic=global -S | FileCheck %s --check-prefixes=GLOBAL
+; RUN: opt < %s -passes=hwasan -hwasan-mapping-offset=567 -S | FileCheck %s --check-prefixes=FIXED
+; RUN: opt < %s -passes=hwasan -hwasan-mapping-offset=567 -hwasan-mapping-offset-dynamic=global -S | FileCheck %s --check-prefixes=FIXED-GLOBAL
+; RUN: opt < %s -passes=hwasan -hwasan-mapping-offset-dynamic=global -hwasan-mapping-offset=567 -S | FileCheck %s --check-prefixes=GLOBAL-FIXED
+
+target datalayout = "e-m:e-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128"
+target triple = "aarch64--linux-android"
+
+define i8 @test_load8(ptr %a) sanitize_hwaddress {
+; CHECK-LABEL: define i8 @test_load8
+; CHECK-SAME: (ptr [[A:%.*]]) #[[ATTR0:[0-9]+]] {
+; CHECK-NEXT:    [[DOTHWASAN_SHADOW:%.*]] = call ptr asm "", "=r,0"(ptr @__hwasan_shadow)
+; CHECK-NEXT:    call void @llvm.hwasan.check.memaccess(ptr [[DOTHWASAN_SHADOW]], ptr [[A]], i32 0)
+; CHECK-NEXT:    [[B:%.*]] = load i8, ptr [[A]], align 4
+; CHECK-NEXT:    ret i8 [[B]]
+;
+; GLOBAL-LABEL: define i8 @test_load8
+; GLOBAL-SAME: (ptr [[A:%.*]]) #[[ATTR0:[0-9]+]] {
+; GLOBAL-NEXT:    [[TMP1:%.*]] = load ptr, ptr @__hwasan_shadow_memory_dynamic_address, align 8
+; GLOBAL-NEXT:    call void @llvm.hwasan.check.memaccess(ptr [[TMP1]], ptr [[A]], i32 0)
+; GLOBAL-NEXT:    [[B:%.*]] = load i8, ptr [[A]], align 4
+; GLOBAL-NEXT:    ret i8 [[B]]
+;
+; FIXED-LABEL: define i8 @test_load8
+; FIXED-SAME: (ptr [[A:%.*]]) #[[ATTR0:[0-9]+]] {
+; FIXED-NEXT:    [[DOTHWASAN_SHADOW:%.*]] = call ptr asm "", "=r,0"(ptr inttoptr (i64 567 to ptr))
+; FIXED-NEXT:    call void @llvm.hwasan.check.memaccess(ptr [[DOTHWASAN_SHADOW]], ptr [[A]], i32 0)
+; FIXED-NEXT:    [[B:%.*]] = load i8, ptr [[A]], align 4
+; FIXED-NEXT:    ret i8 [[B]]
+;
+; FIXED-GLOBAL-LABEL: define i8 @test_load8
+; FIXED-GLOBAL-SAME: (ptr [[A:%.*]]) #[[ATTR0:[0-9]+]] {
+; FIXED-GLOBAL-NEXT:    [[TMP1:%.*]] = load ptr, ptr @__hwasan_shadow_memory_dynamic_address, align 8
+; FIXED-GLOBAL-NEXT:    call void @llvm.hwasan.check.memaccess(ptr [[TMP1]], ptr [[A]], i32 0)
+; FIXED-GLOBAL-NEXT:    [[B:%.*]] = load i8, ptr [[A]], align 4
+; FIXED-GLOBAL-NEXT:    ret i8 [[B]]
+;
+; GLOBAL-FIXED-LABEL: define i8 @test_load8
+; GLOBAL-FIXED-SAME: (ptr [[A:%.*]]) #[[ATTR0:[0-9]+]] {
+; GLOBAL-FIXED-NEXT:    [[DOTHWASAN_SHADOW:%.*]] = call ptr asm "", "=r,0"(ptr inttoptr (i64 567 to ptr))
+; GLOBAL-FIXED-NEXT:    call void @llvm.hwasan.check.memaccess(ptr [[DOTHWASAN_SHADOW]], ptr [[A]], i32 0)
+; GLOBAL-FIXED-NEXT:    [[B:%.*]] = load i8, ptr [[A]], align 4
+; GLOBAL-FIXED-NEXT:    ret i8 [[B]]
+;
+  %b = load i8, ptr %a, align 4
+  ret i8 %b
+}

fmayer · 2024-09-24T00:15:16Z

[hwasan] Check order of mapping flags

~~I don't understand what "checking" we do here.~~ "Consider"?

vitalybuka · 2024-09-24T00:58:54Z

"Consider"?

Done

fmayer

LGTM.

Created using spr 1.3.4 [skip ci]

Created using spr 1.3.4

vitalybuka added 2 commits September 23, 2024 00:26

[𝘀𝗽𝗿] changes to main this commit is based on

1b29ef2

Created using spr 1.3.4 [skip ci]

[𝘀𝗽𝗿] initial version

3809bb6

Created using spr 1.3.4

llvmbot added compiler-rt:sanitizer llvm:transforms labels Sep 23, 2024

vitalybuka requested a review from fmayer September 23, 2024 07:27

vitalybuka mentioned this pull request Sep 23, 2024

[hwasan] Allow stack traces even when fixed shadow is used #109344

Closed

vitalybuka changed the title ~~[hwasan] Check order of mapping flags~~ [hwasan] Consider order of mapping copts Sep 24, 2024

fmayer approved these changes Sep 24, 2024

View reviewed changes

vitalybuka added 2 commits September 24, 2024 19:47

[𝘀𝗽𝗿] changes introduced through rebase

0e43e15

Created using spr 1.3.4 [skip ci]

rebase

b99a3a5

Created using spr 1.3.4

vitalybuka changed the base branch from users/vitalybuka/spr/main.hwasan-check-order-of-mapping-flags to main September 25, 2024 02:48

vitalybuka merged commit b218048 into main Sep 25, 2024
8 of 11 checks passed

vitalybuka deleted the users/vitalybuka/spr/hwasan-check-order-of-mapping-flags branch September 25, 2024 04:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[hwasan] Consider order of mapping copts #109621

[hwasan] Consider order of mapping copts #109621

Uh oh!

vitalybuka commented Sep 23, 2024

Uh oh!

llvmbot commented Sep 23, 2024

Uh oh!

llvmbot commented Sep 23, 2024

Uh oh!

fmayer commented Sep 24, 2024 •

edited

Loading

Uh oh!

vitalybuka commented Sep 24, 2024

Uh oh!

fmayer left a comment

Uh oh!

Uh oh!

Uh oh!

[hwasan] Consider order of mapping copts #109621

[hwasan] Consider order of mapping copts #109621

Uh oh!

Conversation

vitalybuka commented Sep 23, 2024

Uh oh!

llvmbot commented Sep 23, 2024

Uh oh!

llvmbot commented Sep 23, 2024

Uh oh!

fmayer commented Sep 24, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

vitalybuka commented Sep 24, 2024

Uh oh!

fmayer left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

fmayer commented Sep 24, 2024 •

edited

Loading