llvm-project/llvm/test
Jianzhou Zhao ea981165a4 [dfsan] Track field/index-level shadow values in variables
*************
* The problem
*************
See motivation examples in compiler-rt/test/dfsan/pair.cpp. The current
DFSan always uses a 16bit shadow value for a variable with any type by
combining all shadow values of all bytes of the variable. So it cannot
distinguish two fields of a struct: each field's shadow value equals the
combined shadow value of all fields. This introduces an overtaint issue.

Consider a parsing function

   std::pair<char*, int> get_token(char* p);

where p points to a buffer to parse, the returned pair includes the next
token and the pointer to the position in the buffer after the token.

If the token is tainted, then both the returned pointer and int ar
tainted. If the parser keeps on using get_token for the rest parsing,
all the following outputs are tainted because of the tainted pointer.

The CL is the first change to address the issue.

**************************
* The proposed improvement
**************************
Eventually all fields and indices have their own shadow values in
variables and memory.

For example, variables with type {i1, i3}, [2 x i1], {[2 x i4], i8},
[2 x {i1, i1}] have shadow values with type {i16, i16}, [2 x i16],
{[2 x i16], i16}, [2 x {i16, i16}] correspondingly; variables with
primary type still have shadow values i16.

***************************
* An potential implementation plan
***************************

The idea is to adopt the change incrementially.

1) This CL
Support field-level accuracy at variables/args/ret in TLS mode,
load/store/alloca still use combined shadow values.

After the alloca promotion and SSA construction phases (>=-O1), we
assume alloca and memory operations are reduced. So if struct
variables do not relate to memory, their tracking is accurate at
field level.

2) Support field-level accuracy at alloca
3) Support field-level accuracy at load/store

These two should make O0 and real memory access work.

4) Support vector if necessary.
5) Support Args mode if necessary.
6) Support passing more accurate shadow values via custom functions if
necessary.

***************
* About this CL.
***************
The CL did the following

1) extended TLS arg/ret to work with aggregate types. This is similar
to what MSan does.

2) implemented how to map between an original type/value/zero-const to
its shadow type/value/zero-const.

3) extended (insert|extract)value to use field/index-level progagation.

4) for other instructions, propagation rules are combining inputs by or.
The CL converts between aggragate and primary shadow values at the
cases.

5) Custom function interfaces also need such a conversion because
all existing custom functions use i16. It is unclear whether custome
functions need more accurate shadow propagation yet.

6) Added test cases for aggregate type related cases.

Reviewed-by: morehouse

Differential Revision: https://reviews.llvm.org/D92261
2020-12-09 19:38:35 +00:00
..
Analysis Teach isKnownNonEqual how to recurse through invertible multiplies 2020-12-07 14:52:08 -08:00
Assembler OpaquePtr: Make byval/sret types mandatory 2020-11-20 21:23:33 -05:00
Bindings Adding PoisonValue for representing poison value explicitly in IR 2020-11-25 17:33:51 -07:00
Bitcode Adding PoisonValue for representing poison value explicitly in IR 2020-11-25 17:33:51 -07:00
BugPoint
CodeGen [VE] Add vsum and vfsum intrinsic instructions 2020-12-10 01:11:53 +09:00
DebugInfo [Debuginfo] [CSInfo] Do not create CSInfo for undef arguments 2020-12-09 12:54:59 +01:00
Demangle
Examples
ExecutionEngine
Feature OpaquePtr: Bulk update tests to use typed sret 2020-11-20 17:58:26 -05:00
FileCheck
Instrumentation [dfsan] Track field/index-level shadow values in variables 2020-12-09 19:38:35 +00:00
Integer
JitListener [MCJIT] Profile the code generated by MCJIT engine using Intel VTune profiler 2020-11-16 19:28:14 +11:00
LTO [ICP] Don't promote when target not defined in module 2020-12-08 07:45:36 -08:00
Linker Simplify append to module inline asm string in IRLinker::run() 2020-12-02 14:56:43 +01:00
MC [RISCV] Detect more errors when parsing vsetvli in the assembler 2020-12-08 11:25:39 -08:00
MachineVerifier
Object [llvm-readelf/obj] - Lowercase the warning message reported. 2020-12-02 13:09:47 +03:00
ObjectYAML Reland "[lib/Support/YAMLTraits] - Don't print leading zeroes when dumping Hex8/Hex16/Hex32 types." (https://reviews.llvm.org/D90930). 2020-11-18 13:08:46 +03:00
Other [Time-report] Add a flag -ftime-report={per-pass,per-pass-run} to control the pass timing aggregation 2020-12-08 10:13:19 -08:00
Reduce [llvm-reduce] Add reduction for special globals like llvm.used. 2020-11-11 11:25:05 +00:00
SafepointIRVerifier
Support
SymbolRewriter
TableGen [TableGen] Eliminate the 'code' type 2020-12-03 10:19:11 -05:00
ThinLTO/X86 [ThinLTO][test] Fix X86/nossp.ll after D91816 2020-12-02 13:13:58 -08:00
Transforms [FileCheck] Enforce --allow-unused-prefixes=false for llvm/test/Transforms 2020-12-09 08:51:38 -08:00
Unit
Verifier [SelectionDAG] Add llvm.vector.{extract,insert} intrinsics 2020-12-09 11:08:41 +00:00
YAMLParser
tools [llvm-readelf/obj] - Improve diagnostics when printing NT_FILE notes. 2020-12-09 12:31:46 +03:00
.clang-format
CMakeLists.txt [CMake] Add llvm-profgen to LLVM_TEST_DEPENDS 2020-12-09 09:34:51 -08:00
TestRunner.sh
lit.cfg.py [FileCheck] Enforce --allow-unused-prefixes=false for llvm/test/Transforms 2020-12-09 08:51:38 -08:00
lit.site.cfg.py.in