DataFlowSanitizer; compiler-rt changes.

DataFlowSanitizer is a generalised dynamic data flow analysis.

Unlike other Sanitizer tools, this tool is not designed to detect a
specific class of bugs on its own.  Instead, it provides a generic
dynamic data flow analysis framework to be used by clients to help
detect application-specific issues within their own code.

Differential Revision: http://llvm-reviews.chandlerc.com/D967

llvm-svn: 187924

Author: pcc

compiler-rt/include/CMakeLists.txt

@@ -1,6 +1,7 @@
 set(SANITIZER_HEADERS
   sanitizer/asan_interface.h
   sanitizer/common_interface_defs.h
+  sanitizer/dfsan_interface.h
   sanitizer/linux_syscall_hooks.h
   sanitizer/lsan_interface.h
   sanitizer/msan_interface.h)

compiler-rt/include/sanitizer/dfsan_interface.h

@@ -0,0 +1,80 @@
+//===-- dfsan_interface.h -------------------------------------------------===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// This file is a part of DataFlowSanitizer.
+//
+// Public interface header.
+//===----------------------------------------------------------------------===//
+#ifndef DFSAN_INTERFACE_H
+#define DFSAN_INTERFACE_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <sanitizer/common_interface_defs.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef uint16_t dfsan_label;
+
+/// Stores information associated with a specific label identifier.  A label
+/// may be a base label created using dfsan_create_label, with associated
+/// text description and user data, or an automatically created union label,
+/// which represents the union of two label identifiers (which may themselves
+/// be base or union labels).
+struct dfsan_label_info {
+  // Fields for union labels, set to 0 for base labels.
+  dfsan_label l1;
+  dfsan_label l2;
+
+  // Fields for base labels.
+  const char *desc;
+  void *userdata;
+};
+
+/// Creates and returns a base label with the given description and user data.
+dfsan_label dfsan_create_label(const char *desc, void *userdata);
+
+/// Sets the label for each address in [addr,addr+size) to \c label.
+void dfsan_set_label(dfsan_label label, void *addr, size_t size);
+
+/// Sets the label for each address in [addr,addr+size) to the union of the
+/// current label for that address and \c label.
+void dfsan_add_label(dfsan_label label, void *addr, size_t size);
+
+/// Retrieves the label associated with the given data.
+///
+/// The type of 'data' is arbitrary.  The function accepts a value of any type,
+/// which can be truncated or extended (implicitly or explicitly) as necessary.
+/// The truncation/extension operations will preserve the label of the original
+/// value.
+dfsan_label dfsan_get_label(long data);
+
+/// Retrieves a pointer to the dfsan_label_info struct for the given label.
+const struct dfsan_label_info *dfsan_get_label_info(dfsan_label label);
+
+/// Returns whether the given label label contains the label elem.
+int dfsan_has_label(dfsan_label label, dfsan_label elem);
+
+/// If the given label label contains a label with the description desc, returns
+/// that label, else returns 0.
+dfsan_label dfsan_has_label_with_desc(dfsan_label label, const char *desc);
+
+#ifdef __cplusplus
+}  // extern "C"
+
+template <typename T>
+void dfsan_set_label(dfsan_label label, T &data) {
+  dfsan_set_label(label, (void *)&data, sizeof(T));
+}
+
+#endif
+
+#endif  // DFSAN_INTERFACE_H

compiler-rt/lib/CMakeLists.txt

@@ -17,6 +17,7 @@ if("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux" AND NOT ANDROID)
   add_subdirectory(tsan)
   add_subdirectory(msan)
   add_subdirectory(msandr)
+  add_subdirectory(dfsan)
 endif()
 
 # The top-level lib directory contains a large amount of C code which provides

compiler-rt/lib/Makefile.mk

@@ -22,6 +22,7 @@ SubDirs += tsan
 SubDirs += msan
 SubDirs += ubsan
 SubDirs += lsan
+SubDirs += dfsan
 
 # Define the variables for this specific directory.
 Sources := $(foreach file,$(wildcard $(Dir)/*.c),$(notdir $(file)))

compiler-rt/lib/dfsan/CMakeLists.txt

@@ -0,0 +1,29 @@
+include_directories(..)
+
+# Runtime library sources and build flags.
+set(DFSAN_RTL_SOURCES
+  dfsan.cc
+  )
+set(DFSAN_RTL_CFLAGS
+  ${SANITIZER_COMMON_CFLAGS}
+  # Prevent clang from generating libc calls.
+  -ffreestanding)
+
+# Static runtime library.
+set(DFSAN_RUNTIME_LIBRARIES)
+set(arch "x86_64")
+if(CAN_TARGET_${arch})
+  add_compiler_rt_static_runtime(clang_rt.dfsan-${arch} ${arch}
+    SOURCES ${DFSAN_RTL_SOURCES}
+            $<TARGET_OBJECTS:RTInterception.${arch}>
+            $<TARGET_OBJECTS:RTSanitizerCommon.${arch}>
+            $<TARGET_OBJECTS:RTSanitizerCommonLibc.${arch}>
+    CFLAGS ${DFSAN_RTL_CFLAGS} -fPIE)
+  add_compiler_rt_static_runtime(clang_rt.dfsan-libc-${arch} ${arch}
+    SOURCES ${DFSAN_RTL_SOURCES}
+            $<TARGET_OBJECTS:RTSanitizerCommon.${arch}>
+            CFLAGS ${DFSAN_RTL_CFLAGS} -fPIC -DDFSAN_NOLIBC)
+  list(APPEND DFSAN_RUNTIME_LIBRARIES clang_rt.dfsan-${arch})
+endif()
+
+add_subdirectory(lit_tests)

compiler-rt/lib/dfsan/Makefile.mk

@@ -0,0 +1,23 @@
+#===- lib/dfsan/Makefile.mk --------------------------------*- Makefile -*--===#
+#
+#                     The LLVM Compiler Infrastructure
+#
+# This file is distributed under the University of Illinois Open Source
+# License. See LICENSE.TXT for details.
+#
+#===------------------------------------------------------------------------===#
+
+ModuleName := dfsan
+SubDirs :=
+
+Sources := $(foreach file,$(wildcard $(Dir)/*.cc),$(notdir $(file)))
+ObjNames := $(Sources:%.cc=%.o)
+
+Implementation := Generic
+
+# FIXME: use automatic dependencies?
+Dependencies := $(wildcard $(Dir)/*.h)
+Dependencies += $(wildcard $(Dir)/../sanitizer_common/*.h)
+
+# Define a convenience variable for all the dfsan functions.
+DfsanFunctions := $(Sources:%.cc=%)

compiler-rt/lib/dfsan/dfsan.cc

@@ -0,0 +1,221 @@
+//===-- dfsan.cc ----------------------------------------------------------===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// This file is a part of DataFlowSanitizer.
+//
+// DataFlowSanitizer runtime.  This file defines the public interface to
+// DataFlowSanitizer as well as the definition of certain runtime functions
+// called automatically by the compiler (specifically the instrumentation pass
+// in llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp).
+//
+// The public interface is defined in include/sanitizer/dfsan_interface.h whose
+// functions are prefixed dfsan_ while the compiler interface functions are
+// prefixed __dfsan_.
+//===----------------------------------------------------------------------===//
+
+#include "sanitizer/dfsan_interface.h"
+#include "sanitizer_common/sanitizer_atomic.h"
+#include "sanitizer_common/sanitizer_common.h"
+#include "sanitizer_common/sanitizer_libc.h"
+
+typedef atomic_uint16_t atomic_dfsan_label;
+static const dfsan_label kInitializingLabel = -1;
+
+static const uptr kNumLabels = 1 << (sizeof(dfsan_label) * 8);
+
+static atomic_dfsan_label __dfsan_last_label;
+static dfsan_label_info __dfsan_label_info[kNumLabels];
+
+SANITIZER_INTERFACE_ATTRIBUTE THREADLOCAL dfsan_label __dfsan_retval_tls;
+SANITIZER_INTERFACE_ATTRIBUTE THREADLOCAL dfsan_label __dfsan_arg_tls[64];
+
+// On Linux/x86_64, memory is laid out as follows:
+//
+// +--------------------+ 0x800000000000 (top of memory)
+// | application memory |
+// +--------------------+ 0x700000008000 (kAppAddr)
+// |                    |
+// |       unused       |
+// |                    |
+// +--------------------+ 0x200200000000 (kUnusedAddr)
+// |    union table     |
+// +--------------------+ 0x200000000000 (kUnionTableAddr)
+// |   shadow memory    |
+// +--------------------+ 0x000000010000 (kShadowAddr)
+// | reserved by kernel |
+// +--------------------+ 0x000000000000
+//
+// To derive a shadow memory address from an application memory address,
+// bits 44-46 are cleared to bring the address into the range
+// [0x000000008000,0x100000000000).  Then the address is shifted left by 1 to
+// account for the double byte representation of shadow labels and move the
+// address into the shadow memory range.  See the function shadow_for below.
+
+typedef atomic_dfsan_label dfsan_union_table_t[kNumLabels][kNumLabels];
+
+static const uptr kShadowAddr = 0x10000;
+static const uptr kUnionTableAddr = 0x200000000000;
+static const uptr kUnusedAddr = kUnionTableAddr + sizeof(dfsan_union_table_t);
+static const uptr kAppAddr = 0x700000008000;
+
+static atomic_dfsan_label *union_table(dfsan_label l1, dfsan_label l2) {
+  return &(*(dfsan_union_table_t *) kUnionTableAddr)[l1][l2];
+}
+
+static dfsan_label *shadow_for(void *ptr) {
+  return (dfsan_label *) ((((uintptr_t) ptr) & ~0x700000000000) << 1);
+}
+
+// Resolves the union of two unequal labels.  Nonequality is a precondition for
+// this function (the instrumentation pass inlines the equality test).
+extern "C" SANITIZER_INTERFACE_ATTRIBUTE
+dfsan_label __dfsan_union(dfsan_label l1, dfsan_label l2) {
+  DCHECK_NE(l1, l2);
+
+  if (l1 == 0)
+    return l2;
+  if (l2 == 0)
+    return l1;
+
+  if (l1 > l2)
+    Swap(l1, l2);
+
+  atomic_dfsan_label *table_ent = union_table(l1, l2);
+  // We need to deal with the case where two threads concurrently request
+  // a union of the same pair of labels.  If the table entry is uninitialized,
+  // (i.e. 0) use a compare-exchange to set the entry to kInitializingLabel
+  // (i.e. -1) to mark that we are initializing it.
+  dfsan_label label = 0;
+  if (atomic_compare_exchange_strong(table_ent, &label, kInitializingLabel,
+                                     memory_order_acquire)) {
+    // Check whether l2 subsumes l1.  We don't need to check whether l1
+    // subsumes l2 because we are guaranteed here that l1 < l2, and (at least
+    // in the cases we are interested in) a label may only subsume labels
+    // created earlier (i.e. with a lower numerical value).
+    if (__dfsan_label_info[l2].l1 == l1 ||
+        __dfsan_label_info[l2].l2 == l1) {
+      label = l2;
+    } else {
+      label =
+        atomic_fetch_add(&__dfsan_last_label, 1, memory_order_relaxed) + 1;
+      CHECK_NE(label, kInitializingLabel);
+      __dfsan_label_info[label].l1 = l1;
+      __dfsan_label_info[label].l2 = l2;
+    }
+    atomic_store(table_ent, label, memory_order_release);
+  } else if (label == kInitializingLabel) {
+    // Another thread is initializing the entry.  Wait until it is finished.
+    do {
+      internal_sched_yield();
+      label = atomic_load(table_ent, memory_order_acquire);
+    } while (label == kInitializingLabel);
+  }
+  return label;
+}
+
+extern "C" SANITIZER_INTERFACE_ATTRIBUTE
+dfsan_label __dfsan_union_load(dfsan_label *ls, size_t n) {
+  dfsan_label label = ls[0];
+  for (size_t i = 1; i != n; ++i) {
+    dfsan_label next_label = ls[i];
+    if (label != next_label)
+      label = __dfsan_union(label, next_label);
+  }
+  return label;
+}
+
+extern "C" SANITIZER_INTERFACE_ATTRIBUTE
+void *__dfsan_memcpy(void *dest, const void *src, size_t n) {
+  dfsan_label *sdest = shadow_for(dest), *ssrc = shadow_for((void *)src);
+  internal_memcpy((void *)sdest, (void *)ssrc, n * sizeof(dfsan_label));
+  return internal_memcpy(dest, src, n);
+}
+
+SANITIZER_INTERFACE_ATTRIBUTE
+dfsan_label dfsan_create_label(const char *desc, void *userdata) {
+  dfsan_label label =
+    atomic_fetch_add(&__dfsan_last_label, 1, memory_order_relaxed) + 1;
+  CHECK_NE(label, kInitializingLabel);
+  __dfsan_label_info[label].l1 = __dfsan_label_info[label].l2 = 0;
+  __dfsan_label_info[label].desc = desc;
+  __dfsan_label_info[label].userdata = userdata;
+  __dfsan_retval_tls = 0;  // Ensures return value is unlabelled in the caller.
+  return label;
+}
+
+SANITIZER_INTERFACE_ATTRIBUTE
+void dfsan_set_label(dfsan_label label, void *addr, size_t size) {
+  for (dfsan_label *labelp = shadow_for(addr); size != 0; --size, ++labelp)
+    *labelp = label;
+}
+
+SANITIZER_INTERFACE_ATTRIBUTE
+void dfsan_add_label(dfsan_label label, void *addr, size_t size) {
+  for (dfsan_label *labelp = shadow_for(addr); size != 0; --size, ++labelp)
+    if (*labelp != label)
+      *labelp = __dfsan_union(*labelp, label);
+}
+
+SANITIZER_INTERFACE_ATTRIBUTE dfsan_label dfsan_get_label(long data) {
+  // The label for 'data' is implicitly passed by the instrumentation pass in
+  // the first element of __dfsan_arg_tls.  So we can just return it.
+  __dfsan_retval_tls = 0;  // Ensures return value is unlabelled in the caller.
+  return __dfsan_arg_tls[0];
+}
+
+SANITIZER_INTERFACE_ATTRIBUTE
+const struct dfsan_label_info *dfsan_get_label_info(dfsan_label label) {
+  __dfsan_retval_tls = 0;  // Ensures return value is unlabelled in the caller.
+  return &__dfsan_label_info[label];
+}
+
+int dfsan_has_label(dfsan_label label, dfsan_label elem) {
+  __dfsan_retval_tls = 0;  // Ensures return value is unlabelled in the caller.
+  if (label == elem)
+    return true;
+  const dfsan_label_info *info = dfsan_get_label_info(label);
+  if (info->l1 != 0) {
+    return dfsan_has_label(info->l1, elem) || dfsan_has_label(info->l2, elem);
+  } else {
+    return false;
+  }
+}
+
+dfsan_label dfsan_has_label_with_desc(dfsan_label label, const char *desc) {
+  __dfsan_retval_tls = 0;  // Ensures return value is unlabelled in the caller.
+  const dfsan_label_info *info = dfsan_get_label_info(label);
+  if (info->l1 != 0) {
+    return dfsan_has_label_with_desc(info->l1, desc) ||
+           dfsan_has_label_with_desc(info->l2, desc);
+  } else {
+    return internal_strcmp(desc, info->desc) == 0;
+  }
+}
+
+#ifdef DFSAN_NOLIBC
+extern "C" void dfsan_init() {
+#else
+static void dfsan_init(int argc, char **argv, char **envp) {
+#endif
+  MmapFixedNoReserve(kShadowAddr, kUnusedAddr - kShadowAddr);
+
+  // Protect the region of memory we don't use, to preserve the one-to-one
+  // mapping from application to shadow memory. But if ASLR is disabled, Linux
+  // will load our executable in the middle of our unused region. This mostly
+  // works so long as the program doesn't use too much memory. We support this
+  // case by disabling memory protection when ASLR is disabled.
+  uptr init_addr = (uptr)&dfsan_init;
+  if (!(init_addr >= kUnusedAddr && init_addr < kAppAddr))
+    Mprotect(kUnusedAddr, kAppAddr - kUnusedAddr);
+}
+
+#ifndef DFSAN_NOLIBC
+__attribute__((section(".preinit_array"), used))
+static void (*dfsan_init_ptr)(int, char **, char **) = dfsan_init;
+#endif