LLVM  12.0.0git
Functions | Variables
DataFlowSanitizer.cpp File Reference

This file is a part of DataFlowSanitizer, a generalised dynamic data flow analysis. More...

#include "llvm/ADT/DenseMap.h"
#include "llvm/ADT/DenseSet.h"
#include "llvm/ADT/DepthFirstIterator.h"
#include "llvm/ADT/None.h"
#include "llvm/ADT/SmallPtrSet.h"
#include "llvm/ADT/SmallVector.h"
#include "llvm/ADT/StringExtras.h"
#include "llvm/ADT/StringRef.h"
#include "llvm/ADT/Triple.h"
#include "llvm/Analysis/ValueTracking.h"
#include "llvm/IR/Argument.h"
#include "llvm/IR/Attributes.h"
#include "llvm/IR/BasicBlock.h"
#include "llvm/IR/Constant.h"
#include "llvm/IR/Constants.h"
#include "llvm/IR/DataLayout.h"
#include "llvm/IR/DerivedTypes.h"
#include "llvm/IR/Dominators.h"
#include "llvm/IR/Function.h"
#include "llvm/IR/GlobalAlias.h"
#include "llvm/IR/GlobalValue.h"
#include "llvm/IR/GlobalVariable.h"
#include "llvm/IR/IRBuilder.h"
#include "llvm/IR/InlineAsm.h"
#include "llvm/IR/InstVisitor.h"
#include "llvm/IR/InstrTypes.h"
#include "llvm/IR/Instruction.h"
#include "llvm/IR/Instructions.h"
#include "llvm/IR/IntrinsicInst.h"
#include "llvm/IR/LLVMContext.h"
#include "llvm/IR/MDBuilder.h"
#include "llvm/IR/Module.h"
#include "llvm/IR/Type.h"
#include "llvm/IR/User.h"
#include "llvm/IR/Value.h"
#include "llvm/InitializePasses.h"
#include "llvm/Pass.h"
#include "llvm/Support/Casting.h"
#include "llvm/Support/CommandLine.h"
#include "llvm/Support/ErrorHandling.h"
#include "llvm/Support/SpecialCaseList.h"
#include "llvm/Support/VirtualFileSystem.h"
#include "llvm/Transforms/Instrumentation.h"
#include "llvm/Transforms/Utils/BasicBlockUtils.h"
#include "llvm/Transforms/Utils/Local.h"
#include <algorithm>
#include <cassert>
#include <cstddef>
#include <cstdint>
#include <iterator>
#include <memory>
#include <set>
#include <string>
#include <utility>
#include <vector>

Go to the source code of this file.

Functions

static StringRef GetGlobalTypeString (const GlobalValue &G)
 
 INITIALIZE_PASS (DataFlowSanitizer, "dfsan", "DataFlowSanitizer: dynamic data flow analysis.", false, false) ModulePass *llvm
 

Variables

static const char *const kDFSanExternShadowPtrMask = "__dfsan_shadow_ptr_mask"
 
static cl::opt< boolClPreserveAlignment ("dfsan-preserve-alignment", cl::desc("respect alignment requirements provided by input IR"), cl::Hidden, cl::init(false))
 
static cl::list< std::string > ClABIListFiles ("dfsan-abilist", cl::desc("File listing native ABI functions and how the pass treats them"), cl::Hidden)
 
static cl::opt< boolClArgsABI ("dfsan-args-abi", cl::desc("Use the argument ABI rather than the TLS ABI"), cl::Hidden)
 
static cl::opt< boolClCombinePointerLabelsOnLoad ("dfsan-combine-pointer-labels-on-load", cl::desc("Combine the label of the pointer with the label of the data when " "loading from memory."), cl::Hidden, cl::init(true))
 
static cl::opt< boolClCombinePointerLabelsOnStore ("dfsan-combine-pointer-labels-on-store", cl::desc("Combine the label of the pointer with the label of the data when " "storing in memory."), cl::Hidden, cl::init(false))
 
static cl::opt< boolClDebugNonzeroLabels ("dfsan-debug-nonzero-labels", cl::desc("Insert calls to __dfsan_nonzero_label on observing a parameter, " "load or return with a nonzero label"), cl::Hidden)
 
static cl::opt< boolClEventCallbacks ("dfsan-event-callbacks", cl::desc("Insert calls to __dfsan_*_callback functions on data events."), cl::Hidden, cl::init(false))
 

Detailed Description

This file is a part of DataFlowSanitizer, a generalised dynamic data flow analysis.

Unlike other Sanitizer tools, this tool is not designed to detect a specific class of bugs on its own. Instead, it provides a generic dynamic data flow analysis framework to be used by clients to help detect application-specific issues within their own code.

The analysis is based on automatic propagation of data flow labels (also known as taint labels) through a program as it performs computation. Each byte of application memory is backed by two bytes of shadow memory which hold the label. On Linux/x86_64, memory is laid out as follows:

+-----------------—+ 0x800000000000 (top of memory) | application memory | +-----------------—+ 0x700000008000 (kAppAddr) | | | unused | | | +-----------------—+ 0x200200000000 (kUnusedAddr) | union table | +-----------------—+ 0x200000000000 (kUnionTableAddr) | shadow memory | +-----------------—+ 0x000000010000 (kShadowAddr) | reserved by kernel | +-----------------—+ 0x000000000000

To derive a shadow memory address from an application memory address, bits 44-46 are cleared to bring the address into the range [0x000000008000,0x100000000000). Then the address is shifted left by 1 to account for the double byte representation of shadow labels and move the address into the shadow memory range. See the function DataFlowSanitizer::getShadowAddress below.

For more information, please refer to the design document: http://clang.llvm.org/docs/DataFlowSanitizerDesign.html

Definition in file DataFlowSanitizer.cpp.

Function Documentation

◆ GetGlobalTypeString()

static StringRef GetGlobalTypeString ( const GlobalValue G)
static

Definition at line 179 of file DataFlowSanitizer.cpp.

References DFS(), F(), llvm::AttributeList::get(), llvm::AttributeList::getFnAttributes(), llvm::Module::getModuleIdentifier(), llvm::Value::getName(), llvm::AttributeList::getNumAttrSets(), llvm::AttributeList::getParamAttributes(), llvm::GlobalValue::getParent(), llvm::AttributeList::getRetAttributes(), llvm::GlobalValue::getValueType(), I, llvm::List, llvm::makeArrayRef(), llvm::Mod, llvm::DominatorTreeBase< NodeT, IsPostDom >::recalculate(), SI, Size, llvm::Function::size(), and llvm::NVPTX::PTXLdStInstCode::V2.

◆ INITIALIZE_PASS()

INITIALIZE_PASS ( DataFlowSanitizer  ,
"dfsan"  ,
"DataFlowSanitizer: dynamic data flow analysis."  ,
false  ,
false   
)

Definition at line 490 of file DataFlowSanitizer.cpp.

References llvm::Triple::aarch64, llvm::Triple::aarch64_be, llvm::AttributeList::addAttribute(), llvm::CallBase::addAttribute(), llvm::PHINode::addIncoming(), llvm::CallBase::addParamAttr(), llvm::AttributeList::addParamAttribute(), llvm::AArch64CC::AL, llvm::AMDGPU::HSAMD::Kernel::Arg::Key::Align, llvm::SmallVectorImpl< T >::append(), llvm::Function::arg_begin(), llvm::CallBase::arg_begin(), llvm::Function::arg_end(), llvm::CallBase::arg_end(), llvm::Function::arg_size(), llvm::CallBase::arg_size(), llvm::AMDGPU::HSAMD::Kernel::Key::Args, llvm::HexStyle::Asm, assert(), llvm::BasicBlock::begin(), llvm::Function::begin(), llvm::PHINode::block_begin(), llvm::PHINode::block_end(), C, ClABIListFiles, ClArgsABI, ClCombinePointerLabelsOnLoad, ClCombinePointerLabelsOnStore, ClDebugNonzeroLabels, ClEventCallbacks, ClPreserveAlignment, llvm::Function::copyAttributesFrom(), llvm::SmallPtrSetImpl< PtrType >::count(), llvm::BasicBlock::Create(), llvm::Function::Create(), llvm::CallInst::Create(), llvm::SelectInst::Create(), llvm::ExtractValueInst::Create(), llvm::PHINode::Create(), llvm::ReturnInst::Create(), llvm::BranchInst::Create(), llvm::IRBuilderBase::CreateAlignedLoad(), llvm::IRBuilderBase::CreateAlloca(), llvm::IRBuilderBase::CreateAnd(), llvm::IRBuilderBase::CreateBitCast(), llvm::IRBuilderBase::CreateBr(), llvm::MDBuilder::createBranchWeights(), llvm::IRBuilderBase::CreateCall(), llvm::IRBuilderBase::CreateCondBr(), llvm::IRBuilderBase::CreateConstGEP2_32(), llvm::IRBuilderBase::CreateConstGEP2_64(), llvm::IRBuilderBase::CreateGEP(), llvm::IRBuilderBase::CreateGlobalStringPtr(), llvm::IRBuilderBase::CreateICmpEQ(), llvm::IRBuilderBase::CreateICmpNE(), llvm::IRBuilderBase::CreateInsertValue(), llvm::IRBuilderBase::CreateIntToPtr(), llvm::IRBuilderBase::CreateInvoke(), llvm::IRBuilderBase::CreateLoad(), llvm::IRBuilderBase::CreateLShr(), llvm::IRBuilderBase::CreateMul(), llvm::IRBuilderBase::CreateOr(), llvm::SpecialCaseList::createOrDie(), llvm::IRBuilderBase::CreatePtrToInt(), llvm::IRBuilderBase::CreateShl(), llvm::IRBuilderBase::CreateStore(), llvm::IRBuilderBase::CreateStructGEP(), llvm::IRBuilderBase::CreateTrunc(), llvm::depth_first(), DFS(), DL, llvm::dyn_cast(), llvm::numbers::e, E, llvm::DenseMapBase< DenseMap< KeyT, ValueT, KeyInfoT, BucketT >, KeyT, ValueT, KeyInfoT, BucketT >::end(), llvm::BasicBlock::end(), llvm::GlobalAlias::eraseFromParent(), llvm::Instruction::eraseFromParent(), llvm::Function::eraseFromParent(), F(), llvm::DenseMapBase< DerivedT, KeyT, ValueT, KeyInfoT, BucketT >::find(), llvm::BasicBlock::front(), llvm::AttributeList::FunctionIndex, G, llvm::IntegerType::get(), llvm::ConstantInt::get(), llvm::FunctionType::get(), llvm::StructType::get(), llvm::ArrayType::get(), llvm::FixedVectorType::get(), llvm::BlockAddress::get(), llvm::UndefValue::get(), llvm::GlobalValue::getAddressSpace(), llvm::LoadInst::getAlign(), llvm::StoreInst::getAlign(), llvm::Triple::getArch(), llvm::CallBase::getArgOperand(), llvm::CallBase::getAttributes(), llvm::GlobalIndirectSymbol::getBaseObject(), llvm::BlockAddress::getBasicBlock(), llvm::Function::getBasicBlockList(), llvm::ConstantExpr::getBitCast(), llvm::CallBase::getCalledFunction(), llvm::CallBase::getCalledOperand(), llvm::FunctionCallee::getCallee(), llvm::CallBase::getCallingConv(), llvm::SelectInst::getCondition(), llvm::Value::getContext(), llvm::Module::getContext(), llvm::Module::getDataLayout(), llvm::MemIntrinsicBase< Derived >::getDest(), llvm::MemIntrinsicBase< Derived >::getDestAlign(), llvm::Function::getEntryBlock(), llvm::SelectInst::getFalseValue(), llvm::Function::getFunctionType(), llvm::CallBase::getFunctionType(), llvm::Type::getInt32Ty(), llvm::Type::getInt64PtrTy(), llvm::Type::getInt64Ty(), llvm::IRBuilderBase::getInt64Ty(), llvm::Type::getInt8PtrTy(), llvm::DataLayout::getIntPtrType(), llvm::ConstantExpr::getIntToPtr(), llvm::ilist_node_impl< OptionsT >::getIterator(), llvm::MemIntrinsicBase< Derived >::getLength(), llvm::GlobalValue::getLinkage(), llvm::Instruction::getModule(), llvm::Module::getModuleInlineAsm(), llvm::Value::getName(), llvm::ilist_node_with_parent< NodeTy, ParentTy, Options >::getNextNode(), llvm::PHINode::getNumIncomingValues(), llvm::User::getNumOperands(), llvm::FunctionType::getNumParams(), llvm::User::getOperand(), llvm::FunctionType::getParamType(), llvm::Instruction::getParent(), llvm::GlobalValue::getParent(), llvm::LoadInst::getPointerOperand(), llvm::StoreInst::getPointerOperand(), llvm::Type::getPointerTo(), llvm::vfs::getRealFileSystem(), llvm::FunctionType::getReturnType(), llvm::ReturnInst::getReturnValue(), llvm::ConstantInt::getSigned(), llvm::MemTransferBase< BaseCL >::getSource(), llvm::MemTransferBase< BaseCL >::getSourceAlign(), llvm::BranchInst::getSuccessor(), llvm::Module::getTargetTriple(), llvm::BasicBlock::getTerminator(), llvm::SelectInst::getTrueValue(), llvm::Value::getType(), llvm::GlobalValue::getType(), llvm::GetUnderlyingObjects(), llvm::PointerType::getUnqual(), llvm::MemSetBase< BaseCL >::getValue(), llvm::StoreInst::getValueOperand(), llvm::Type::getVoidTy(), llvm::MemIntrinsic::getVolatileCst(), llvm::Module::global_size(), llvm::GlobalValue::hasLocalLinkage(), I, llvm::GlobalValue::InitialExecTLSModel, llvm::SmallPtrSetImpl< PtrType >::insert(), isConstant(), llvm::GlobalValue::isDeclaration(), llvm::CallBase::isInlineAsm(), llvm::Function::isIntrinsic(), llvm::Instruction::isTerminator(), llvm::FunctionType::isVarArg(), llvm::Function::isVarArg(), llvm::Type::isVoidTy(), llvm::GlobalValue::LinkOnceODRLinkage, llvm::Mod, N, llvm::None, llvm::FunctionType::param_begin(), llvm::FunctionType::param_end(), llvm::cl::Prefix, llvm::SmallVectorTemplateBase< T, bool >::push_back(), llvm::SmallVectorTemplateBase< T >::push_back(), llvm::Function::removeAttributes(), llvm::AttributeList::removeAttributes(), llvm::removeUnreachableBlocks(), llvm::Value::replaceAllUsesWith(), llvm::ReplaceInstWithInst(), llvm::report_fatal_error(), llvm::AttributeList::ReturnIndex, llvm::LoadInst::setAlignment(), llvm::CallBase::setAttributes(), llvm::CallBase::setCalledFunction(), llvm::CallBase::setCallingConv(), llvm::GlobalValue::setLinkage(), llvm::Module::setModuleInlineAsm(), llvm::Value::setName(), llvm::User::setOperand(), llvm::BranchInst::setSuccessor(), SI, Size, llvm::SmallVectorBase< SmallVectorSizeType< T > >::size(), llvm::Module::size(), llvm::iplist_impl< IntrusiveListT, TraitsT >::splice(), llvm::BasicBlock::splitBasicBlock(), llvm::SplitBlockAndInsertIfThen(), llvm::SplitEdge(), llvm::Constant::stripPointerCasts(), std::swap(), llvm::CallingConv::Tail, llvm::Value::takeName(), llvm::AttributeFuncs::typeIncompatible(), llvm::Value::user_begin(), llvm::Value::user_end(), llvm::Value::users(), llvm::utostr(), llvm::NVPTX::PTXLdStInstCode::V2, llvm::Align::value(), vector, and llvm::Triple::x86_64.

Variable Documentation

◆ ClABIListFiles

cl::list<std::string> ClABIListFiles("dfsan-abilist", cl::desc("File listing native ABI functions and how the pass treats them"), cl::Hidden)
static

Referenced by INITIALIZE_PASS().

◆ ClArgsABI

cl::opt<bool> ClArgsABI("dfsan-args-abi", cl::desc("Use the argument ABI rather than the TLS ABI"), cl::Hidden)
static

Referenced by INITIALIZE_PASS().

◆ ClCombinePointerLabelsOnLoad

cl::opt<bool> ClCombinePointerLabelsOnLoad("dfsan-combine-pointer-labels-on-load", cl::desc("Combine the label of the pointer with the label of the data when " "loading from memory."), cl::Hidden, cl::init(true))
static

Referenced by INITIALIZE_PASS().

◆ ClCombinePointerLabelsOnStore

cl::opt<bool> ClCombinePointerLabelsOnStore("dfsan-combine-pointer-labels-on-store", cl::desc("Combine the label of the pointer with the label of the data when " "storing in memory."), cl::Hidden, cl::init(false))
static

Referenced by INITIALIZE_PASS().

◆ ClDebugNonzeroLabels

cl::opt<bool> ClDebugNonzeroLabels("dfsan-debug-nonzero-labels", cl::desc("Insert calls to __dfsan_nonzero_label on observing a parameter, " "load or return with a nonzero label"), cl::Hidden)
static

Referenced by INITIALIZE_PASS().

◆ ClEventCallbacks

cl::opt<bool> ClEventCallbacks("dfsan-event-callbacks", cl::desc("Insert calls to __dfsan_*_callback functions on data events."), cl::Hidden, cl::init(false))
static

Referenced by INITIALIZE_PASS().

◆ ClPreserveAlignment

cl::opt<bool> ClPreserveAlignment("dfsan-preserve-alignment", cl::desc("respect alignment requirements provided by input IR"), cl::Hidden, cl::init(false))
static

Referenced by INITIALIZE_PASS().

◆ kDFSanExternShadowPtrMask

const char* const kDFSanExternShadowPtrMask = "__dfsan_shadow_ptr_mask"
static

Definition at line 110 of file DataFlowSanitizer.cpp.

Generated on Thu Jul 16 2020 00:43:57 for LLVM by   doxygen 1.8.13