Instrumented load and store with dummy calls to __asan_check().

BUG=https://bugs.chromium.org/p/nativeclient/issues/detail?id=4374 R=kschimpf@google.com Review URL: https://codereview.chromium.org/2067403002 .

Instrumented load and store with dummy calls to __asan_check().
bdb912f4 · Thomas Lively · a1410df9 · bdb912f4 · bdb912f4 · bdb912f4
Commit bdb912f4 authored Jun 16, 2016 by Thomas Lively
7 changed files
--- a/runtime/szrt_asan.c
+++ b/runtime/szrt_asan.c
@@ -22,3 +22,8 @@ void __asan_init(void) {
  printf("Set up shadow memory here\n");
  return;
 }
+void __asan_check(void *addr, int size) {
+  printf("Check access of %p of size %d\n", addr, size);
+  return;
+}
--- a/src/IceASanInstrumentation.cpp
+++ b/src/IceASanInstrumentation.cpp
@@ -18,6 +18,8 @@
 #include "IceCfgNode.h"
 #include "IceGlobalInits.h"
 #include "IceInst.h"
+#include "IceTargetLowering.h"
+#include "IceTypes.h"
 #include <sstream>
@@ -111,13 +113,43 @@ ASanInstrumentation::createRz(VariableDeclarationList *List,
  return Rz;
 }
+void ASanInstrumentation::instrumentLoad(LoweringContext &Context,
+                                         const InstLoad *Inst) {
+  instrumentAccess(Context, Inst->getSourceAddress(),
+                   typeWidthInBytes(Inst->getDest()->getType()));
+}
+void ASanInstrumentation::instrumentStore(LoweringContext &Context,
+                                          const InstStore *Inst) {
+  instrumentAccess(Context, Inst->getAddr(),
+                   typeWidthInBytes(Inst->getData()->getType()));
+}
+// TODO(tlively): Take size of access into account as well
+void ASanInstrumentation::instrumentAccess(LoweringContext &Context,
+                                           Operand *Op, SizeT Size) {
+  Constant *AccessCheck =
+      Ctx->getConstantExternSym(Ctx->getGlobalString("__asan_check"));
+  constexpr SizeT NumArgs = 2;
+  constexpr Variable *Void = nullptr;
+  constexpr bool NoTailCall = false;
+  auto *Call = InstCall::create(Context.getNode()->getCfg(), NumArgs, Void,
+                                AccessCheck, NoTailCall);
+  Call->addArg(Op);
+  Call->addArg(ConstantInteger32::create(Ctx, IceType_i32, Size));
+  // play games to insert the call before the access instruction
+  InstList::iterator Next = Context.getNext();
+  Context.setInsertPoint(Context.getCur());
+  Context.insert(Call);
+  Context.setNext(Next);
+}
 void ASanInstrumentation::instrumentStart(Cfg *Func) {
  Constant *ShadowMemInit =
      Ctx->getConstantExternSym(Ctx->getGlobalString("__asan_init"));
  constexpr SizeT NumArgs = 0;
  constexpr Variable *Void = nullptr;
  constexpr bool NoTailCall = false;
  auto *Call = InstCall::create(Func, NumArgs, Void, ShadowMemInit, NoTailCall);
  Func->getEntryNode()->getInsts().push_front(Call);
 }

--- a/src/IceASanInstrumentation.h
+++ b/src/IceASanInstrumentation.h
@@ -40,6 +40,10 @@ private:
                                VariableDeclaration *RzArray,
                                SizeT &RzArraySize,
                                VariableDeclaration *Global);
+  void instrumentLoad(LoweringContext &Context, const InstLoad *Inst) override;
+  void instrumentStore(LoweringContext &Context,
+                       const InstStore *Inst) override;
+  void instrumentAccess(LoweringContext &Context, Operand *Op, SizeT Size);
  void instrumentStart(Cfg *Func) override;
  bool DidInsertRedZones = false;
  uint32_t RzNum = 0;

--- a/src/IceCompileServer.cpp
+++ b/src/IceCompileServer.cpp
@@ -243,7 +243,6 @@ void CLCompileServer::run() {
  Ctx.reset(new GlobalContext(Ls.get(), Os.get(), Ls.get(), ELFStr.get()));
-  // TODO(tlively): Make this instantiate an instrumentation subclass
  if (!BuildDefs::minimal() && getFlags().getSanitizeAddresses()) {
    std::unique_ptr<Instrumentation> Instr(new ASanInstrumentation(Ctx.get()));
    Ctx->setInstrumentation(std::move(Instr));

--- a/tests_lit/asan_tests/instrumentload.ll
+++ b/tests_lit/asan_tests/instrumentload.ll
+; Test for a call to __asan_check() preceding loads
+; REQUIRES: allow_dump
+; RUN: %p2i -i %s --args -verbose=inst -threads=0 -fsanitize-address \
+; RUN:     | FileCheck --check-prefix=DUMP %s
+; Constants to load data from
+@srcConst8 = internal constant [1 x i8] c"D"
+@srcConst16 = internal constant [2 x i8] c"DA"
+@srcConst32 = internal constant [4 x i8] c"DATA"
+@srcConst64 = internal constant [8 x i8] c"DATADATA"
+@srcConst128 = internal constant [16 x i8] c"DATADATADATADATA"
+; A global to load data from
+@srcGlobal8 = internal global [1 x i8] c"D"
+@srcGlobal16 = internal global [2 x i8] c"DA"
+@srcGlobal32 = internal global [4 x i8] c"DATA"
+@srcGlobal64 = internal global [8 x i8] c"DATADATA"
+@srcGlobal128 = internal global [16 x i8] c"DATADATADATADATA"
+; A function with a local variable that does the loads
+define internal void @doLoads() {
+  %srcLocal8 = alloca i8, i32 1, align 4
+  %srcLocal16 = alloca i8, i32 2, align 4
+  %srcLocal32 = alloca i8, i32 4, align 4
+  %srcLocal64 = alloca i8, i32 8, align 4
+  %srcLocal128 = alloca i8, i32 16, align 4
+  %ptrConst8 = bitcast [1 x i8]* @srcConst8 to i8*
+  %ptrConst16 = bitcast [2 x i8]* @srcConst16 to i16*
+  %ptrConst32 = bitcast [4 x i8]* @srcConst32 to i32*
+  %ptrConst64 = bitcast [8 x i8]* @srcConst64 to i64*
+  %ptrConst128 = bitcast [16 x i8]* @srcConst128 to <4 x i32>*
+  %ptrGlobal8 = bitcast [1 x i8]* @srcGlobal8 to i8*
+  %ptrGlobal16 = bitcast [2 x i8]* @srcGlobal16 to i16*
+  %ptrGlobal32 = bitcast [4 x i8]* @srcGlobal32 to i32*
+  %ptrGlobal64 = bitcast [8 x i8]* @srcGlobal64 to i64*
+  %ptrGlobal128 = bitcast [16 x i8]* @srcGlobal128 to <4 x i32>*
+  %ptrLocal8 = bitcast i8* %srcLocal8 to i8*
+  %ptrLocal16 = bitcast i8* %srcLocal16 to i16*
+  %ptrLocal32 = bitcast i8* %srcLocal32 to i32*
+  %ptrLocal64 = bitcast i8* %srcLocal64 to i64*
+  %ptrLocal128 = bitcast i8* %srcLocal128 to <4 x i32>*
+  %dest1 = load i8, i8* %ptrConst8, align 1
+  %dest2 = load i16, i16* %ptrConst16, align 1
+  %dest3 = load i32, i32* %ptrConst32, align 1
+  %dest4 = load i64, i64* %ptrConst64, align 1
+  %dest5 = load <4 x i32>, <4 x i32>* %ptrConst128, align 4
+  %dest6 = load i8, i8* %ptrGlobal8, align 1
+  %dest7 = load i16, i16* %ptrGlobal16, align 1
+  %dest8 = load i32, i32* %ptrGlobal32, align 1
+  %dest9 = load i64, i64* %ptrGlobal64, align 1
+  %dest10 = load <4 x i32>, <4 x i32>* %ptrGlobal128, align 4
+  %dest11 = load i8, i8* %ptrLocal8, align 1
+  %dest12 = load i16, i16* %ptrLocal16, align 1
+  %dest13 = load i32, i32* %ptrLocal32, align 1
+  %dest14 = load i64, i64* %ptrLocal64, align 1
+  %dest15 = load <4 x i32>, <4 x i32>* %ptrLocal128, align 4
+  ret void
+}
+; DUMP-LABEL: ================ Instrumented CFG ================
+; DUMP-NEXT: define internal void @doLoads() {
+; DUMP-NEXT: __0:
+; DUMP-NEXT: %srcLocal8 = alloca i8, i32 1, align 4
+; DUMP-NEXT: %srcLocal16 = alloca i8, i32 2, align 4
+; DUMP-NEXT: %srcLocal32 = alloca i8, i32 4, align 4
+; DUMP-NEXT: %srcLocal64 = alloca i8, i32 8, align 4
+; DUMP-NEXT: %srcLocal128 = alloca i8, i32 16, align 4
+; DUMP-NEXT: call void @__asan_check(i32 @srcConst8, i32 1)
+; DUMP-NEXT: %dest1 = load i8, i8* @srcConst8, align 1
+; DUMP-NEXT: call void @__asan_check(i32 @srcConst16, i32 2)
+; DUMP-NEXT: %dest2 = load i16, i16* @srcConst16, align 1
+; DUMP-NEXT: call void @__asan_check(i32 @srcConst32, i32 4)
+; DUMP-NEXT: %dest3 = load i32, i32* @srcConst32, align 1
+; DUMP-NEXT: call void @__asan_check(i32 @srcConst64, i32 8)
+; DUMP-NEXT: %dest4 = load i64, i64* @srcConst64, align 1
+; DUMP-NEXT: call void @__asan_check(i32 @srcConst128, i32 16)
+; DUMP-NEXT: %dest5 = load <4 x i32>, <4 x i32>* @srcConst128, align 4
+; DUMP-NEXT: call void @__asan_check(i32 @srcGlobal8, i32 1)
+; DUMP-NEXT: %dest6 = load i8, i8* @srcGlobal8, align 1
+; DUMP-NEXT: call void @__asan_check(i32 @srcGlobal16, i32 2)
+; DUMP-NEXT: %dest7 = load i16, i16* @srcGlobal16, align 1
+; DUMP-NEXT: call void @__asan_check(i32 @srcGlobal32, i32 4)
+; DUMP-NEXT: %dest8 = load i32, i32* @srcGlobal32, align 1
+; DUMP-NEXT: call void @__asan_check(i32 @srcGlobal64, i32 8)
+; DUMP-NEXT: %dest9 = load i64, i64* @srcGlobal64, align 1
+; DUMP-NEXT: call void @__asan_check(i32 @srcGlobal128, i32 16)
+; DUMP-NEXT: %dest10 = load <4 x i32>, <4 x i32>* @srcGlobal128, align 4
+; DUMP-NEXT: call void @__asan_check(i32 %srcLocal8, i32 1)
+; DUMP-NEXT: %dest11 = load i8, i8* %srcLocal8, align 1
+; DUMP-NEXT: call void @__asan_check(i32 %srcLocal16, i32 2)
+; DUMP-NEXT: %dest12 = load i16, i16* %srcLocal16, align 1
+; DUMP-NEXT: call void @__asan_check(i32 %srcLocal32, i32 4)
+; DUMP-NEXT: %dest13 = load i32, i32* %srcLocal32, align 1
+; DUMP-NEXT: call void @__asan_check(i32 %srcLocal64, i32 8)
+; DUMP-NEXT: %dest14 = load i64, i64* %srcLocal64, align 1
+; DUMP-NEXT: call void @__asan_check(i32 %srcLocal128, i32 16)
+; DUMP-NEXT: %dest15 = load <4 x i32>, <4 x i32>* %srcLocal128, align 4
+; DUMP-NEXT: ret void
+; DUMP-NEXT }
--- a/tests_lit/asan_tests/instrumentstore.ll
+++ b/tests_lit/asan_tests/instrumentstore.ll
+; Test for a call to __asan_check() preceding stores
+; REQUIRES: allow_dump
+; RUN: %p2i -i %s --args -verbose=inst -threads=0 -fsanitize-address \
+; RUN:     | FileCheck --check-prefix=DUMP %s
+; A global to store data to
+@destGlobal8 = internal global [1 x i8] zeroinitializer
+@destGlobal16 = internal global [2 x i8] zeroinitializer
+@destGlobal32 = internal global [4 x i8] zeroinitializer
+@destGlobal64 = internal global [8 x i8] zeroinitializer
+@destGlobal128 = internal global [16 x i8] zeroinitializer
+; A function with a local variable that does the stores
+define internal void @doStores(<4 x i32> %vecSrc) {
+  %destLocal8 = alloca i8, i32 1, align 4
+  %destLocal16 = alloca i8, i32 2, align 4
+  %destLocal32 = alloca i8, i32 4, align 4
+  %destLocal64 = alloca i8, i32 8, align 4
+  %destLocal128 = alloca i8, i32 16, align 4
+  %ptrGlobal8 = bitcast [1 x i8]* @destGlobal8 to i8*
+  %ptrGlobal16 = bitcast [2 x i8]* @destGlobal16 to i16*
+  %ptrGlobal32 = bitcast [4 x i8]* @destGlobal32 to i32*
+  %ptrGlobal64 = bitcast [8 x i8]* @destGlobal64 to i64*
+  %ptrGlobal128 = bitcast [16 x i8]* @destGlobal128 to <4 x i32>*
+  %ptrLocal8 = bitcast i8* %destLocal8 to i8*
+  %ptrLocal16 = bitcast i8* %destLocal16 to i16*
+  %ptrLocal32 = bitcast i8* %destLocal32 to i32*
+  %ptrLocal64 = bitcast i8* %destLocal64 to i64*
+  %ptrLocal128 = bitcast i8* %destLocal128 to <4 x i32>*
+  store i8 42, i8* %ptrGlobal8, align 1
+  store i16 42, i16* %ptrGlobal16, align 1
+  store i32 42, i32* %ptrGlobal32, align 1
+  store i64 42, i64* %ptrGlobal64, align 1
+  store <4 x i32> %vecSrc, <4 x i32>* %ptrGlobal128, align 4
+  store i8 42, i8* %ptrLocal8, align 1
+  store i16 42, i16* %ptrLocal16, align 1
+  store i32 42, i32* %ptrLocal32, align 1
+  store i64 42, i64* %ptrLocal64, align 1
+  store <4 x i32> %vecSrc, <4 x i32>* %ptrLocal128, align 4
+  ret void
+}
+; DUMP-LABEL: ================ Instrumented CFG ================
+; DUMP-NEXT: define internal void @doStores(<4 x i32> %vecSrc) {
+; DUMP-NEXT: __0:
+; DUMP-NEXT: %destLocal8 = alloca i8, i32 1, align 4
+; DUMP-NEXT: %destLocal16 = alloca i8, i32 2, align 4
+; DUMP-NEXT: %destLocal32 = alloca i8, i32 4, align 4
+; DUMP-NEXT: %destLocal64 = alloca i8, i32 8, align 4
+; DUMP-NEXT: %destLocal128 = alloca i8, i32 16, align 4
+; DUMP-NEXT: call void @__asan_check(i32 @destGlobal8, i32 1)
+; DUMP-NEXT: store i8 42, i8* @destGlobal8, align 1
+; DUMP-NEXT: call void @__asan_check(i32 @destGlobal16, i32 2)
+; DUMP-NEXT: store i16 42, i16* @destGlobal16, align 1
+; DUMP-NEXT: call void @__asan_check(i32 @destGlobal32, i32 4)
+; DUMP-NEXT: store i32 42, i32* @destGlobal32, align 1
+; DUMP-NEXT: call void @__asan_check(i32 @destGlobal64, i32 8)
+; DUMP-NEXT: store i64 42, i64* @destGlobal64, align 1
+; DUMP-NEXT: call void @__asan_check(i32 @destGlobal128, i32 16)
+; DUMP-NEXT: store <4 x i32> %vecSrc, <4 x i32>* @destGlobal128, align 4
+; DUMP-NEXT: call void @__asan_check(i32 %destLocal8, i32 1)
+; DUMP-NEXT: store i8 42, i8* %destLocal8, align 1
+; DUMP-NEXT: call void @__asan_check(i32 %destLocal16, i32 2)
+; DUMP-NEXT: store i16 42, i16* %destLocal16, align 1
+; DUMP-NEXT: call void @__asan_check(i32 %destLocal32, i32 4)
+; DUMP-NEXT: store i32 42, i32* %destLocal32, align 1
+; DUMP-NEXT: call void @__asan_check(i32 %destLocal64, i32 8)
+; DUMP-NEXT: store i64 42, i64* %destLocal64, align 1
+; DUMP-NEXT: call void @__asan_check(i32 %destLocal128, i32 16)
+; DUMP-NEXT: store <4 x i32> %vecSrc, <4 x i32>* %destLocal128, align 4
+; DUMP-NEXT: ret void
+; DUMP-NEXT: }
--- a/tests_lit/asan_tests/startinitcall.ll
+++ b/tests_lit/asan_tests/startinitcall.ll
@@ -10,7 +10,8 @@ define internal void @notStart() {
  ret void
 }
-; DUMP-LABEL: define internal void @notStart() { # notStart(i=1:b=1)
+; DUMP-LABEL: ================ Instrumented CFG ================
+; DUMP-NEXT: define internal void @notStart() {
 ; DUMP-NEXT: __0:
 ; DUMP-NOT: __asan_init()
 ; DUMP: ret void
@@ -21,7 +22,8 @@ define void @_start() {
  ret void
 }
-; DUMP-LABEL: define void @_start() { # _start(i=2:b=1)
+; DUMP-LABEL: ================ Instrumented CFG ================
+; DUMP-NEXT: define void @_start() {
 ; DUMP-NEXT: __0:
 ; DUMP-NEXT: call void @__asan_init()
 ; DUMP-NEXT: ret void