Commit Graph

203039 Commits

Author SHA1 Message Date
Peter Collingbourne 82437bf7a5 Protection against stack-based memory corruption errors using SafeStack
This patch adds the safe stack instrumentation pass to LLVM, which separates
the program stack into a safe stack, which stores return addresses, register
spills, and local variables that are statically verified to be accessed
in a safe way, and the unsafe stack, which stores everything else. Such
separation makes it much harder for an attacker to corrupt objects on the
safe stack, including function pointers stored in spilled registers and
return addresses. You can find more information about the safe stack, as
well as other parts of or control-flow hijack protection technique in our
OSDI paper on code-pointer integrity (http://dslab.epfl.ch/pubs/cpi.pdf)
and our project website (http://levee.epfl.ch).

The overhead of our implementation of the safe stack is very close to zero
(0.01% on the Phoronix benchmarks). This is lower than the overhead of
stack cookies, which are supported by LLVM and are commonly used today,
yet the security guarantees of the safe stack are strictly stronger than
stack cookies. In some cases, the safe stack improves performance due to
better cache locality.

Our current implementation of the safe stack is stable and robust, we
used it to recompile multiple projects on Linux including Chromium, and
we also recompiled the entire FreeBSD user-space system and more than 100
packages. We ran unit tests on the FreeBSD system and many of the packages
and observed no errors caused by the safe stack. The safe stack is also fully
binary compatible with non-instrumented code and can be applied to parts of
a program selectively.

This patch is our implementation of the safe stack on top of LLVM. The
patches make the following changes:

- Add the safestack function attribute, similar to the ssp, sspstrong and
  sspreq attributes.

- Add the SafeStack instrumentation pass that applies the safe stack to all
  functions that have the safestack attribute. This pass moves all unsafe local
  variables to the unsafe stack with a separate stack pointer, whereas all
  safe variables remain on the regular stack that is managed by LLVM as usual.

- Invoke the pass as the last stage before code generation (at the same time
  the existing cookie-based stack protector pass is invoked).

- Add unit tests for the safe stack.

Original patch by Volodymyr Kuznetsov and others at the Dependable Systems
Lab at EPFL; updates and upstreaming by myself.

Differential Revision: http://reviews.llvm.org/D6094

llvm-svn: 239761
2015-06-15 21:07:11 +00:00
Rafael Espindola 64a27fb801 Don't indent inside a namespace. NFC.
llvm-svn: 239760
2015-06-15 21:04:27 +00:00
Rafael Espindola 6ace68554d Replace @ with the more common \. NFC.
llvm-svn: 239759
2015-06-15 21:02:49 +00:00
Saleem Abdulrasool 425efcf6ea parser: improve diagnostics for MS attributes
Switch to using BalancedDelimiterTracker to get better diagnostics for
unbalanced delimiters.  This still does not handle any of the attributes, simply
improves the parsing.

llvm-svn: 239758
2015-06-15 20:57:04 +00:00
Reid Kleckner 717820faa0 Wildcard out some SSA value names from the ACLE intrinsic test case
llvm-svn: 239757
2015-06-15 20:55:43 +00:00
Rafael Espindola cbdcb50554 Don't repeat names in comments and start functions with a lower case letter.
llvm-svn: 239756
2015-06-15 20:55:37 +00:00
James Y Knight b240652746 [Sparc] Make soft-float emit an error.
LLVM does not and has not ever supported a soft-float ABI mode on
Sparc, so don't pretend that it does.

Also switch the default from "soft-float" -- which was actually
hard-float because soft-float is unimplemented -- to hard-float.

Differential Revision: http://reviews.llvm.org/D10457

llvm-svn: 239755
2015-06-15 20:51:24 +00:00
Filipe Cabecinhas 91244924cb [ASan] Test churn for setting ASAN_OPTIONS=symbolize_vs_style=false
Summary:
This commit adds symbolize_vs_style=false to every instance of
ASAN_OPTIONS in the asan tests and sets
ASAN_OPTIONS=symbolize_vs_style=false in lit, for tests which don't set
it.

This way we don't need to make the tests be able to deal with both
symbolize styles.

This is the first patch in the series. I will eventually submit for the
other sanitizers too.

We need this change (or another way to deal with the different outputs) in
order to be able to default to symbolize_vs_style=true on some platforms.

Adding to this change, I'm also adding "env " before any command line
which sets environment variables. That way the test works on other host
shells, like we have if the host is running Windows.

Reviewers: samsonov, kcc, rnk

Subscribers: tberghammer, llvm-commits

Differential Revision: http://reviews.llvm.org/D10294

llvm-svn: 239754
2015-06-15 20:43:42 +00:00
Alex Lorenz 735c47ec3e MIR Serialization: Connect the machine function analysis pass to the MIR parser.
This commit connects the machine function analysis pass (which creates machine
functions) to the MIR parser, which will initialize the machine functions 
with the state from the MIR file and reconstruct the machine IR.

This commit introduces a new interface called 'MachineFunctionInitializer',
which can be used to provide custom initialization for the machine functions.

This commit also introduces a new diagnostic class called 
'DiagnosticInfoMIRParser' which is used for MIR parsing errors.
This commit modifies the default diagnostic handling in LLVMContext - now the
the diagnostics are printed directly into llvm::errs() so that the MIR parsing 
errors can be printed with colours.  

Reviewers: Justin Bogner

Differential Revision: http://reviews.llvm.org/D9928

llvm-svn: 239753
2015-06-15 20:30:22 +00:00
Greg Clayton 49e9010ca3 Found an issue that was causing types to be completed much more often than they needed to be.
The problem is for lldb_private::Type instances that have encoding types (pointer/reference/const/volatile/restrict/typedef to type with user ID 0x123). If they started out with m_flags.clang_type_resolve_state being set to eResolveStateUnresolved (0), then when we would call Type::ResolveClangType(eResolveStateForward) we would complete the full type due to logic errors in the code. 

We now only complete the type if clang_type_resolve_state is eResolveStateLayout or eResolveStateFull and we correctly upgrade the type's current completion state to eResolveStateForward after we make a forward delcaration to the pointer/reference/const/volatile/restrict/typedef type instead of leaving it set to eResolveStateUnresolved.

llvm-svn: 239752
2015-06-15 20:17:18 +00:00
Eric Christopher c30eae4567 Remove duplicate conditional in if-stmt.
Fixes PR23839.

llvm-svn: 239751
2015-06-15 20:16:53 +00:00
Richard Smith f2b1eb9eb2 [modules] Better support for redefinitions of an entity from the same module.
Support this across module save/reload and extend the 'missing import'
diagnostics with a list of providing modules.

llvm-svn: 239750
2015-06-15 20:15:48 +00:00
Rafael Espindola 4223a1f811 Cleanup the constructor of BitcodeReader. NFC.
Use the same argument names as the members.
Use default member initializes.

Extracted from a patch by Karl Schimpf.

llvm-svn: 239749
2015-06-15 20:08:17 +00:00
Sanjoy Das 784582f116 Add "REQUIRES: asserts" to test case that uses -debug-only
llvm-svn: 239748
2015-06-15 20:05:38 +00:00
Sanjoy Das 5553bc8e45 Unbreak docs build from r239740.
Add FaultMaps.rst to toctree.

llvm-svn: 239747
2015-06-15 19:38:15 +00:00
Sanjoy Das baeb678a91 Unbreak the build from r239740.
Do not re-use an enum name as a field name.  Some bots don't like this.

llvm-svn: 239746
2015-06-15 19:29:44 +00:00
Rui Ueyama e25147626c COFF: Simplify SymbolBody::compare(SymbolBody *Other).
We are currently handling all combinations of SymbolBody types directly.
This patch is to flip this and Other if Other->kind() < this->kind()
to reduce number of combinations. No functionality change intended.

llvm-svn: 239745
2015-06-15 19:06:53 +00:00
Colin LeMahieu 56efafc056 [Hexagon] Moving pass declarations out of header and in to implementation files. Removing unused function getSubtargetInfo from HexagonMCCodeEmitter.cpp Removing deletion of copy construction and assignment operator since parent already deletes it.
llvm-svn: 239744
2015-06-15 19:05:35 +00:00
Sanjoy Das 69fad0799e [CodeGen] Add a pass to fold null checks into nearby memory operations.
Summary:
This change adds an "ImplicitNullChecks" target dependent pass.  This
pass folds null checks into memory operation using the FAULTING_LOAD
pseudo-op introduced in previous patches.

Depends on D10197
Depends on D10199
Depends on D10200

Reviewers: reames, rnk, pgavlin, JosephTremoulet, atrick

Reviewed By: atrick

Subscribers: ab, JosephTremoulet, llvm-commits

Differential Revision: http://reviews.llvm.org/D10201

llvm-svn: 239743
2015-06-15 18:44:27 +00:00
Sanjoy Das 6b34a46298 [TargetInstrInfo] Add new hook: AnalyzeBranchPredicate.
Summary:
NFC: no one uses AnalyzeBranchPredicate yet.

Add TargetInstrInfo::AnalyzeBranchPredicate and implement for x86.  A
later change adding support for page-fault based implicit null checks
depends on this.

Reviewers: reames, ab, atrick

Reviewed By: atrick

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D10200

llvm-svn: 239742
2015-06-15 18:44:21 +00:00
Sanjoy Das b666ea369c [TargetInstrInfo] Rename getLdStBaseRegImmOfs and implement for x86.
Summary:

TargetInstrInfo::getLdStBaseRegImmOfs to
TargetInstrInfo::getMemOpBaseRegImmOfs and implement for x86.  The
implementation only handles a few easy cases now and will be made more
sophisticated in the future.

This is NFCI: the only user of `getLdStBaseRegImmOfs` (now
`getmemOpBaseRegImmOfs`) is `LoadClusterMotion` and `LoadClusterMotion`
is disabled for x86.

Reviewers: reames, ab, MatzeB, atrick

Reviewed By: MatzeB, atrick

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D10199

llvm-svn: 239741
2015-06-15 18:44:14 +00:00
Sanjoy Das c63244daa1 [CodeGen] Introduce a FAULTING_LOAD_OP pseudo-op.
Summary:
This instruction encodes a loading operation that may fault, and a label
to branch to if the load page-faults.  The locations of potentially
faulting loads and their "handler" destinations are recorded in a
FaultMap section, meant to be consumed by LLVM's clients.

Nothing generates FAULTING_LOAD_OP instructions yet, but they will be
used in a future change.

The documentation (FaultMaps.rst) needs improvement and I will update
this diff with a more expanded version shortly.

Depends on D10196

Reviewers: rnk, reames, AndyAyers, ab, atrick, pgavlin

Reviewed By: atrick, pgavlin

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D10197

llvm-svn: 239740
2015-06-15 18:44:08 +00:00
Sanjoy Das 2d869b230b [NFC] Extract X86MCInstLower::LowerMachineOperand.
Summary: Refactoring-only change that will be used later.

Reviewers: reames, atrick

Reviewed By: atrick

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D10196

llvm-svn: 239739
2015-06-15 18:44:01 +00:00
Rui Ueyama bc2cc7d0b8 COFF: Fix .reloc section attributes.
llvm-svn: 239738
2015-06-15 18:03:47 +00:00
Luke Cheeseman 59b2d83909 This patch implements clang support for the ACLE special register intrinsics
in section 10.1, __arm_{w,r}sr{,p,64}.

This includes arm_acle.h definitions with builtins and codegen to support
these, the intrinsics are implemented by generating read/write_register calls
which get appropriately lowered in the backend based on the register string
provided. SemaChecking is also implemented to fault invalid parameters.

Differential Revision: http://reviews.llvm.org/D9697

llvm-svn: 239737
2015-06-15 17:51:01 +00:00
Yaron Keren 43b4d38944 De-duplicate common expression, NFC.
llvm-svn: 239736
2015-06-15 17:03:35 +00:00
Rui Ueyama 6200b6d593 COFF: Update README.
llvm-svn: 239734
2015-06-15 16:25:11 +00:00
Yaron Keren 3bf3f1f5b9 Rangify several for loops, NFC.
llvm-svn: 239733
2015-06-15 16:20:16 +00:00
Evgeny Astigeevich ff1f4be4c7 On behalf of Alexandros Lamprineas:
LLVM targeting aarch64 doesn't correctly produce aligned accesses for non-aligned
data at -O0/fast-isel (-mno-unaligned-access).
The root cause seems to be in fast-isel not producing unaligned access correctly
for -mno-unaligned-access.

The patch just aborts fast-isel for loads and stores when -mno-unaligned-access is
present. 
The regression test is updated to check this new test case (-mno-unaligned-access 
together with fast-isel).

Differential Revision: http://reviews.llvm.org/D10360

llvm-svn: 239732
2015-06-15 15:48:44 +00:00
Benjamin Kramer f1d570d4c5 [LinkerTest] Use LLVMDisposeMessage to free error string.
LLVMDisposeMessage is just a thing wrapper around free at the moment, but it's
the proper API to use here.

llvm-svn: 239731
2015-06-15 15:42:26 +00:00
Daniel Jasper d246a5ac16 clang-format: NFC. Move testing of selective formatting to a separate file.
This is a first step for splitting the huge FormatTest.cpp into separate
files to make it easier to find specific tests.

llvm-svn: 239730
2015-06-15 15:25:11 +00:00
Rafael Espindola 063584faef Avoid a "always true" warning from gcc.
llvm-svn: 239729
2015-06-15 14:49:41 +00:00
Douglas Katzman 9544098b8b Fix spelling in comment.
llvm-svn: 239727
2015-06-15 13:46:40 +00:00
Rafael Espindola 92200d237a gold-plugin: save the .o when given -save-temps.
The plugin now save the bitcode before and after optimizations and the
.o that is passed to the linker.

llvm-svn: 239726
2015-06-15 13:36:27 +00:00
Michael Kruse dd6011c494 Orthography: substracting -> subtracting
This is a test commit for being granted commit-after-approval access.

llvm-svn: 239725
2015-06-15 10:52:28 +00:00
Daniel Sanders fa555dc7f8 Revert r239721 - Replace string GNU Triples with llvm::Triple in InitMCObjectFileInfo. NFC.
It appears to cause sparc-little-endian.s to assert on Windows and Darwin.

llvm-svn: 239724
2015-06-15 10:34:38 +00:00
Denis Protivensky 11c7522c5e [LinkerScript] Allow destruction of PHDR
This is needed for static variable defined in sources.

llvm-svn: 239723
2015-06-15 09:44:25 +00:00
Daniel Jasper b2ad4d4c26 clang-format: [JS] Tweak behavior for multiline array initializer parameters
Before:
  var someVariable = SomeFuntion(aaaa, [
    aaaaaaaaaaaaaaaaaaaaaaaaaaa,
    bbbbbbbbbbbbbbbbbbbbbbbbbbb,
    ccccccccccccccccccccccccccc
  ],
                                 aaaa);

After:
  var someVariable = SomeFuntion(aaaa,
                                 [
                                   aaaaaaaaaaaaaaaaaaaaaaaaaaa,
                                   bbbbbbbbbbbbbbbbbbbbbbbbbbb,
                                   ccccccccccccccccccccccccccc
                                 ],
                                 aaaa);

llvm-svn: 239722
2015-06-15 09:23:17 +00:00
Daniel Sanders d6d12a1192 Replace string GNU Triples with llvm::Triple in InitMCObjectFileInfo. NFC.
Summary:
This affects other tools so the previous C++ API has been retained as a
deprecated function for the moment. Clang has been updated with a trivial
patch (not covered by the pre-commit review) to avoid breaking -Werror builds.
Other in-tree tools will be fixed with similar trivial patches.

This continues the patch series to eliminate StringRef forms of GNU triples
from the internals of LLVM that began in r239036.

Reviewers: rengolin

Reviewed By: rengolin

Subscribers: llvm-commits, rengolin

Differential Revision: http://reviews.llvm.org/D10366

llvm-svn: 239721
2015-06-15 09:19:41 +00:00
Arnaud A. de Grandmaison d8673edc2d [MachineSink] Improve runtime performance. NFC.
This patch fixes a compilation time issue, when MachineSink faces PHIs
with a huge number of operands. This can happen for example in goto table
based interpreters, where some basic blocks can have several of those PHIs,
each one with several hundreds operands. MachineSink was spending a
significant time re-building and re-sorting the list of successors of
the current MachineBasicBlock. The computing and sorting of the current
MachineBasicBlock successors is now cached.

llvm-svn: 239720
2015-06-15 09:09:06 +00:00
Denis Protivensky 1aaf736d89 [LinkerScript] Add matching of output sections to segments
Add method to query segments for specified output section name.
Return error if the section is assigned to unknown segment.
Check matching of sections to segments during layout on the subject of correctness.
NOTE: no actual functionality of using custom segments is implemented.

Differential Revision: http://reviews.llvm.org/D10359

llvm-svn: 239719
2015-06-15 08:00:51 +00:00
Jingyue Wu 12b0c2835e [ValueTracking] do not overwrite analysis results already computed
Summary:
ValueTracking used to overwrite the analysis results computed from
assumes and dominating conditions. This patch fixes this issue.

Test Plan: test/Analysis/ValueTracking/assume.ll

Reviewers: hfinkel, majnemer

Reviewed By: majnemer

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D10283

llvm-svn: 239718
2015-06-15 05:46:29 +00:00
Rui Ueyama f3770d3edb COFF: Use ulittle32_t::operator|=. NFC.
llvm-svn: 239717
2015-06-15 03:03:23 +00:00
Rui Ueyama 55144e2423 [Support][Endian] Define |= and &= for u{big,little}{16,32,64}_t.
llvm-svn: 239716
2015-06-15 03:00:15 +00:00
Hao Liu 1c2e89a57a [AArch64] Delete two empty files, which should be removed by r239713.
llvm-svn: 239715
2015-06-15 02:56:40 +00:00
Rui Ueyama 095409e9e8 COFF: Add a brief description about LTO.
llvm-svn: 239714
2015-06-15 02:46:18 +00:00
Hao Liu d0ca8d7edd [AArch64] Revert r239711 again. We need to discuss how to share code between AArch64 and ARM backend.
llvm-svn: 239713
2015-06-15 01:56:40 +00:00
Rui Ueyama 59e9578f20 COFF: Fix resource table size.
The size field shouldn't include trailing padding.

llvm-svn: 239712
2015-06-15 01:35:56 +00:00
Hao Liu cb070e3833 [AArch64] Match interleaved memory accesses into ldN/stN instructions.
Re-commit after adding "-aarch64-neon-syntax=generic" to fix the failure on OS X.
This patch was firstly committed in r239514, then reverted in r239544 because of a syntax incompatible failure on OS X.

llvm-svn: 239711
2015-06-15 01:35:49 +00:00
Rui Ueyama 588e832d0a COFF: Support base relocations.
PE/COFF executables/DLLs usually contain data which is called
base relocations. Base relocations are a list of addresses that
need to be fixed by the loader if load-time relocation is needed.

Base relocations are in .reloc section.

We emit one base relocation entry for each IMAGE_REL_AMD64_ADDR64
relocation.

In order to save disk space, base relocations are grouped by page.
Each group is called a block. A block starts with a 32-bit page
address followed by 16-bit offsets in the page. That is more
efficient representation of addresses than just an array of 32-bit
addresses.

llvm-svn: 239710
2015-06-15 01:23:58 +00:00