|
LLVM
10.0.0svn
|
This file is a part of DataFlowSanitizer, a generalised dynamic data flow analysis. More...
#include "llvm/ADT/DenseMap.h"#include "llvm/ADT/DenseSet.h"#include "llvm/ADT/DepthFirstIterator.h"#include "llvm/ADT/None.h"#include "llvm/ADT/SmallPtrSet.h"#include "llvm/ADT/SmallVector.h"#include "llvm/ADT/StringExtras.h"#include "llvm/ADT/StringRef.h"#include "llvm/ADT/Triple.h"#include "llvm/Transforms/Utils/Local.h"#include "llvm/Analysis/ValueTracking.h"#include "llvm/IR/Argument.h"#include "llvm/IR/Attributes.h"#include "llvm/IR/BasicBlock.h"#include "llvm/IR/CallSite.h"#include "llvm/IR/Constant.h"#include "llvm/IR/Constants.h"#include "llvm/IR/DataLayout.h"#include "llvm/IR/DerivedTypes.h"#include "llvm/IR/Dominators.h"#include "llvm/IR/Function.h"#include "llvm/IR/GlobalAlias.h"#include "llvm/IR/GlobalValue.h"#include "llvm/IR/GlobalVariable.h"#include "llvm/IR/IRBuilder.h"#include "llvm/IR/InlineAsm.h"#include "llvm/IR/InstVisitor.h"#include "llvm/IR/InstrTypes.h"#include "llvm/IR/Instruction.h"#include "llvm/IR/Instructions.h"#include "llvm/IR/IntrinsicInst.h"#include "llvm/IR/LLVMContext.h"#include "llvm/IR/MDBuilder.h"#include "llvm/IR/Module.h"#include "llvm/IR/Type.h"#include "llvm/IR/User.h"#include "llvm/IR/Value.h"#include "llvm/Pass.h"#include "llvm/Support/Casting.h"#include "llvm/Support/CommandLine.h"#include "llvm/Support/ErrorHandling.h"#include "llvm/Support/SpecialCaseList.h"#include "llvm/Transforms/Instrumentation.h"#include "llvm/Transforms/Utils/BasicBlockUtils.h"#include <algorithm>#include <cassert>#include <cstddef>#include <cstdint>#include <iterator>#include <memory>#include <set>#include <string>#include <utility>#include <vector>Go to the source code of this file.
Functions | |
| static StringRef | GetGlobalTypeString (const GlobalValue &G) |
| INITIALIZE_PASS (DataFlowSanitizer, "dfsan", "DataFlowSanitizer: dynamic data flow analysis.", false, false) ModulePass *llvm | |
Variables | |
| static const char *const | kDFSanExternShadowPtrMask = "__dfsan_shadow_ptr_mask" |
| static cl::opt< bool > | ClPreserveAlignment ("dfsan-preserve-alignment", cl::desc("respect alignment requirements provided by input IR"), cl::Hidden, cl::init(false)) |
| static cl::list< std::string > | ClABIListFiles ("dfsan-abilist", cl::desc("File listing native ABI functions and how the pass treats them"), cl::Hidden) |
| static cl::opt< bool > | ClArgsABI ("dfsan-args-abi", cl::desc("Use the argument ABI rather than the TLS ABI"), cl::Hidden) |
| static cl::opt< bool > | ClCombinePointerLabelsOnLoad ("dfsan-combine-pointer-labels-on-load", cl::desc("Combine the label of the pointer with the label of the data when " "loading from memory."), cl::Hidden, cl::init(true)) |
| static cl::opt< bool > | ClCombinePointerLabelsOnStore ("dfsan-combine-pointer-labels-on-store", cl::desc("Combine the label of the pointer with the label of the data when " "storing in memory."), cl::Hidden, cl::init(false)) |
| static cl::opt< bool > | ClDebugNonzeroLabels ("dfsan-debug-nonzero-labels", cl::desc("Insert calls to __dfsan_nonzero_label on observing a parameter, " "load or return with a nonzero label"), cl::Hidden) |
This file is a part of DataFlowSanitizer, a generalised dynamic data flow analysis.
Unlike other Sanitizer tools, this tool is not designed to detect a specific class of bugs on its own. Instead, it provides a generic dynamic data flow analysis framework to be used by clients to help detect application-specific issues within their own code.
The analysis is based on automatic propagation of data flow labels (also known as taint labels) through a program as it performs computation. Each byte of application memory is backed by two bytes of shadow memory which hold the label. On Linux/x86_64, memory is laid out as follows:
+-----------------—+ 0x800000000000 (top of memory) | application memory | +-----------------—+ 0x700000008000 (kAppAddr) | | | unused | | | +-----------------—+ 0x200200000000 (kUnusedAddr) | union table | +-----------------—+ 0x200000000000 (kUnionTableAddr) | shadow memory | +-----------------—+ 0x000000010000 (kShadowAddr) | reserved by kernel | +-----------------—+ 0x000000000000
To derive a shadow memory address from an application memory address, bits 44-46 are cleared to bring the address into the range [0x000000008000,0x100000000000). Then the address is shifted left by 1 to account for the double byte representation of shadow labels and move the address into the shadow memory range. See the function DataFlowSanitizer::getShadowAddress below.
For more information, please refer to the design document: http://clang.llvm.org/docs/DataFlowSanitizerDesign.html
Definition in file DataFlowSanitizer.cpp.
|
static |
Definition at line 163 of file DataFlowSanitizer.cpp.
References DFS(), F(), llvm::AttributeList::get(), llvm::AttributeList::getFnAttributes(), llvm::Module::getModuleIdentifier(), llvm::Value::getName(), llvm::AttributeList::getNumAttrSets(), llvm::AttributeList::getParamAttributes(), llvm::GlobalValue::getParent(), llvm::AttributeList::getRetAttributes(), llvm::GlobalValue::getValueType(), I, List, llvm::makeArrayRef(), llvm::Mod, llvm::DominatorTreeBase< NodeT, IsPostDom >::recalculate(), SI, Size, llvm::Function::size(), and llvm::NVPTX::PTXLdStInstCode::V2.
| INITIALIZE_PASS | ( | DataFlowSanitizer | , |
| "dfsan" | , | ||
| "DataFlowSanitizer: dynamic data flow analysis." | , | ||
| false | , | ||
| false | |||
| ) |
Definition at line 465 of file DataFlowSanitizer.cpp.
References llvm::Triple::aarch64, llvm::Triple::aarch64_be, llvm::AttributeList::addAttribute(), llvm::CallBase::addAttribute(), llvm::PHINode::addIncoming(), llvm::CallBase::addParamAttr(), llvm::AttributeList::addParamAttribute(), llvm::AArch64CC::AL, llvm::AMDGPU::HSAMD::Kernel::Arg::Key::Align, llvm::SmallVectorImpl< T >::append(), llvm::CallSiteBase< FunTy, BBTy, ValTy, UserTy, UseTy, InstrTy, CallTy, InvokeTy, CallBrTy, IterTy >::arg_begin(), llvm::Function::arg_begin(), llvm::CallSiteBase< FunTy, BBTy, ValTy, UserTy, UseTy, InstrTy, CallTy, InvokeTy, CallBrTy, IterTy >::arg_end(), llvm::Function::arg_end(), llvm::CallSiteBase< FunTy, BBTy, ValTy, UserTy, UseTy, InstrTy, CallTy, InvokeTy, CallBrTy, IterTy >::arg_size(), llvm::Function::arg_size(), llvm::AMDGPU::HSAMD::Kernel::Key::Args, llvm::HexStyle::Asm, assert(), llvm::BasicBlock::begin(), llvm::Function::begin(), llvm::PHINode::block_begin(), llvm::PHINode::block_end(), C, ClABIListFiles, ClArgsABI, ClCombinePointerLabelsOnLoad, ClCombinePointerLabelsOnStore, ClDebugNonzeroLabels, ClPreserveAlignment, llvm::Function::copyAttributesFrom(), llvm::SmallPtrSetImpl< PtrType >::count(), llvm::BasicBlock::Create(), llvm::Function::Create(), llvm::CallInst::Create(), llvm::SelectInst::Create(), llvm::ExtractValueInst::Create(), llvm::PHINode::Create(), llvm::ReturnInst::Create(), llvm::BranchInst::Create(), llvm::IRBuilder< T, Inserter >::CreateAlignedLoad(), llvm::IRBuilder< T, Inserter >::CreateAlignedStore(), llvm::IRBuilder< T, Inserter >::CreateAlloca(), llvm::IRBuilder< T, Inserter >::CreateAnd(), llvm::IRBuilder< T, Inserter >::CreateBitCast(), llvm::IRBuilder< T, Inserter >::CreateBr(), llvm::MDBuilder::createBranchWeights(), llvm::IRBuilder< T, Inserter >::CreateCall(), llvm::IRBuilder< T, Inserter >::CreateCondBr(), llvm::IRBuilder< T, Inserter >::CreateConstGEP1_32(), llvm::IRBuilder< T, Inserter >::CreateConstGEP2_64(), llvm::IRBuilder< T, Inserter >::CreateGEP(), llvm::IRBuilder< T, Inserter >::CreateICmpEQ(), llvm::IRBuilder< T, Inserter >::CreateICmpNE(), llvm::IRBuilder< T, Inserter >::CreateInsertElement(), llvm::IRBuilder< T, Inserter >::CreateInsertValue(), llvm::IRBuilder< T, Inserter >::CreateIntToPtr(), llvm::IRBuilder< T, Inserter >::CreateLoad(), llvm::IRBuilder< T, Inserter >::CreateLShr(), llvm::IRBuilder< T, Inserter >::CreateMul(), llvm::IRBuilder< T, Inserter >::CreateOr(), llvm::SpecialCaseList::createOrDie(), llvm::IRBuilder< T, Inserter >::CreatePtrToInt(), llvm::IRBuilder< T, Inserter >::CreateShl(), llvm::IRBuilder< T, Inserter >::CreateStore(), llvm::IRBuilder< T, Inserter >::CreateTrunc(), llvm::depth_first(), DFS(), llvm::dyn_cast(), llvm::BasicBlock::end(), llvm::GlobalAlias::eraseFromParent(), llvm::Instruction::eraseFromParent(), llvm::Function::eraseFromParent(), F(), llvm::DenseMapBase< DerivedT, KeyT, ValueT, KeyInfoT, BucketT >::find(), llvm::BasicBlock::front(), llvm::AttributeList::FunctionIndex, G, llvm::IntegerType::get(), llvm::ConstantInt::get(), llvm::FunctionType::get(), llvm::StructType::get(), llvm::ArrayType::get(), llvm::VectorType::get(), llvm::BlockAddress::get(), llvm::UndefValue::get(), llvm::GlobalValue::getAddressSpace(), llvm::LoadInst::getAlignment(), llvm::StoreInst::getAlignment(), llvm::Triple::getArch(), llvm::CallBase::getArgOperand(), llvm::CallSiteBase< FunTy, BBTy, ValTy, UserTy, UseTy, InstrTy, CallTy, InvokeTy, CallBrTy, IterTy >::getArgument(), llvm::CallSiteBase< FunTy, BBTy, ValTy, UserTy, UseTy, InstrTy, CallTy, InvokeTy, CallBrTy, IterTy >::getAttributes(), llvm::GlobalIndirectSymbol::getBaseObject(), llvm::BlockAddress::getBasicBlock(), llvm::Function::getBasicBlockList(), llvm::ConstantExpr::getBitCast(), llvm::CallSiteBase< FunTy, BBTy, ValTy, UserTy, UseTy, InstrTy, CallTy, InvokeTy, CallBrTy, IterTy >::getCalledFunction(), llvm::CallSiteBase< FunTy, BBTy, ValTy, UserTy, UseTy, InstrTy, CallTy, InvokeTy, CallBrTy, IterTy >::getCalledValue(), llvm::CallBase::getCalledValue(), llvm::FunctionCallee::getCallee(), llvm::CallSiteBase< FunTy, BBTy, ValTy, UserTy, UseTy, InstrTy, CallTy, InvokeTy, CallBrTy, IterTy >::getCallingConv(), llvm::SelectInst::getCondition(), llvm::Module::getContext(), llvm::Value::getContext(), llvm::Module::getDataLayout(), llvm::MemIntrinsicBase< Derived >::getDest(), llvm::MemIntrinsicBase< Derived >::getDestAlignment(), llvm::Function::getEntryBlock(), llvm::SelectInst::getFalseValue(), llvm::Function::getFunctionType(), llvm::CallBase::getFunctionType(), llvm::CallSiteBase< FunTy, BBTy, ValTy, UserTy, UseTy, InstrTy, CallTy, InvokeTy, CallBrTy, IterTy >::getInstruction(), llvm::Type::getInt32Ty(), llvm::Type::getInt64PtrTy(), llvm::IRBuilderBase::getInt64Ty(), llvm::Type::getInt64Ty(), llvm::Type::getInt8PtrTy(), llvm::DataLayout::getIntPtrType(), llvm::ConstantExpr::getIntToPtr(), llvm::ilist_node_impl< OptionsT >::getIterator(), llvm::MemIntrinsicBase< Derived >::getLength(), llvm::GlobalValue::getLinkage(), llvm::Instruction::getModule(), llvm::Module::getModuleInlineAsm(), llvm::Value::getName(), llvm::ilist_node_with_parent< NodeTy, ParentTy, Options >::getNextNode(), llvm::PHINode::getNumIncomingValues(), llvm::User::getNumOperands(), llvm::FunctionType::getNumParams(), llvm::User::getOperand(), llvm::FunctionType::getParamType(), llvm::Instruction::getParent(), llvm::CallSiteBase< FunTy, BBTy, ValTy, UserTy, UseTy, InstrTy, CallTy, InvokeTy, CallBrTy, IterTy >::getParent(), llvm::GlobalValue::getParent(), llvm::Type::getPointerElementType(), llvm::LoadInst::getPointerOperand(), llvm::StoreInst::getPointerOperand(), llvm::Type::getPointerTo(), llvm::FunctionType::getReturnType(), llvm::ReturnInst::getReturnValue(), llvm::ConstantInt::getSigned(), llvm::MemTransferBase< BaseCL >::getSource(), llvm::MemTransferBase< BaseCL >::getSourceAlignment(), llvm::BranchInst::getSuccessor(), llvm::Module::getTargetTriple(), llvm::BasicBlock::getTerminator(), llvm::SelectInst::getTrueValue(), llvm::Value::getType(), llvm::CallSiteBase< FunTy, BBTy, ValTy, UserTy, UseTy, InstrTy, CallTy, InvokeTy, CallBrTy, IterTy >::getType(), llvm::GlobalValue::getType(), llvm::DataLayout::getTypeStoreSize(), llvm::GetUnderlyingObjects(), llvm::PointerType::getUnqual(), llvm::MemSetBase< BaseCL >::getValue(), llvm::StoreInst::getValueOperand(), llvm::Type::getVoidTy(), llvm::MemIntrinsic::getVolatileCst(), llvm::GlobalValue::hasLocalLinkage(), I, llvm::GlobalValue::InitialExecTLSModel, llvm::SmallPtrSetImpl< PtrType >::insert(), isConstant(), llvm::GlobalValue::isDeclaration(), llvm::Function::isIntrinsic(), llvm::Instruction::isTerminator(), llvm::FunctionType::isVarArg(), llvm::Function::isVarArg(), llvm::Type::isVoidTy(), llvm::GlobalValue::LinkOnceODRLinkage, llvm::Mod, N, llvm::None, llvm::FunctionType::param_begin(), llvm::FunctionType::param_end(), llvm::cl::Prefix, llvm::SmallVectorTemplateBase< T, bool >::push_back(), llvm::SmallVectorTemplateBase< T >::push_back(), llvm::Function::removeAttributes(), llvm::AttributeList::removeAttributes(), llvm::removeUnreachableBlocks(), llvm::Value::replaceAllUsesWith(), llvm::ReplaceInstWithInst(), llvm::report_fatal_error(), llvm::AttributeList::ReturnIndex, llvm::LoadInst::setAlignment(), llvm::CallSiteBase< FunTy, BBTy, ValTy, UserTy, UseTy, InstrTy, CallTy, InvokeTy, CallBrTy, IterTy >::setAttributes(), llvm::CallBase::setAttributes(), llvm::CallSiteBase< FunTy, BBTy, ValTy, UserTy, UseTy, InstrTy, CallTy, InvokeTy, CallBrTy, IterTy >::setCalledFunction(), llvm::CallSiteBase< FunTy, BBTy, ValTy, UserTy, UseTy, InstrTy, CallTy, InvokeTy, CallBrTy, IterTy >::setCallingConv(), llvm::CallBase::setCallingConv(), llvm::GlobalValue::setLinkage(), llvm::Module::setModuleInlineAsm(), llvm::Value::setName(), llvm::User::setOperand(), llvm::BranchInst::setSuccessor(), SI, Size, llvm::SmallVectorBase::size(), llvm::iplist_impl< IntrusiveListT, TraitsT >::splice(), llvm::BasicBlock::splitBasicBlock(), llvm::SplitBlockAndInsertIfThen(), llvm::SplitEdge(), llvm::Constant::stripPointerCasts(), std::swap(), llvm::Value::takeName(), llvm::AttributeFuncs::typeIncompatible(), llvm::Value::user_begin(), llvm::Value::user_end(), llvm::Value::users(), llvm::utostr(), llvm::NVPTX::PTXLdStInstCode::V2, and llvm::Triple::x86_64.
|
static |
Referenced by INITIALIZE_PASS().
|
static |
Referenced by INITIALIZE_PASS().
|
static |
Referenced by INITIALIZE_PASS().
|
static |
Referenced by INITIALIZE_PASS().
|
static |
Referenced by INITIALIZE_PASS().
|
static |
Referenced by INITIALIZE_PASS().
Definition at line 109 of file DataFlowSanitizer.cpp.
1.8.13