doxygen/MemoryTaggingSupport_8cpp_source.html

//== MemoryTaggingSupport.cpp - helpers for memory tagging implementations ===//

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.

// See https://llvm.org/LICENSE.txt for license information.

// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

//

//===----------------------------------------------------------------------===//

//

// This file declares common infrastructure for HWAddressSanitizer and

// Aarch64StackTagging.

//

//===----------------------------------------------------------------------===//


#include "llvm/Transforms/Utils/MemoryTaggingSupport.h"


#include "llvm/Analysis/CFG.h"

#include "llvm/Analysis/PostDominators.h"

#include "llvm/Analysis/StackSafetyAnalysis.h"

#include "llvm/Analysis/ValueTracking.h"

#include "llvm/IR/BasicBlock.h"

#include "llvm/IR/IntrinsicInst.h"

#include "llvm/Transforms/Utils/PromoteMemToReg.h"


namespace llvm {

namespace memtag {

namespace {

bool maybeReachableFromEachOther(const SmallVectorImpl<IntrinsicInst *> &Insts,

                                 const DominatorTree *DT, const LoopInfo *LI,

                                 size_t MaxLifetimes) {

  // If we have too many lifetime ends, give up, as the algorithm below is N^2.

  if (Insts.size() > MaxLifetimes)

    return true;

  for (size_t I = 0; I < Insts.size(); ++I) {

    for (size_t J = 0; J < Insts.size(); ++J) {

      if (I == J)

        continue;

      if (isPotentiallyReachable(Insts[I], Insts[J], nullptr, DT, LI))

        return true;

    }

  }

  return false;

}

} // namespace


bool forAllReachableExits(const DominatorTree &DT, const PostDominatorTree &PDT,

                          const LoopInfo &LI, const Instruction *Start,

                          const SmallVectorImpl<IntrinsicInst *> &Ends,

                          const SmallVectorImpl<Instruction *> &RetVec,

                          llvm::function_ref<void(Instruction *)> Callback) {

  if (Ends.size() == 1 && PDT.dominates(Ends[0], Start)) {

    Callback(Ends[0]);

    return true;

  }

  SmallPtrSet<BasicBlock *, 2> EndBlocks;

  for (auto *End : Ends) {

    EndBlocks.insert(End->getParent());

  }

  SmallVector<Instruction *, 8> ReachableRetVec;

  unsigned NumCoveredExits = 0;

  for (auto *RI : RetVec) {

    if (!isPotentiallyReachable(Start, RI, nullptr, &DT, &LI))

      continue;

    ReachableRetVec.push_back(RI);

    // If there is an end in the same basic block as the return, we know for

    // sure that the return is covered. Otherwise, we can check whether there

    // is a way to reach the RI from the start of the lifetime without passing

    // through an end.

    if (EndBlocks.count(RI->getParent()) > 0 ||

        !isPotentiallyReachable(Start, RI, &EndBlocks, &DT, &LI)) {

      ++NumCoveredExits;

    }

  }

  // If there's a mix of covered and non-covered exits, just put the untag

  // on exits, so we avoid the redundancy of untagging twice.

  if (NumCoveredExits == ReachableRetVec.size()) {

    for (auto *End : Ends)

      Callback(End);

  } else {

    for (auto *RI : ReachableRetVec)

      Callback(RI);

    // We may have inserted untag outside of the lifetime interval.

    // Signal the caller to remove the lifetime end call for this alloca.

    return false;

  }

  return true;

}


bool isStandardLifetime(const SmallVectorImpl<IntrinsicInst *> &LifetimeStart,

                        const SmallVectorImpl<IntrinsicInst *> &LifetimeEnd,

                        const DominatorTree *DT, const LoopInfo *LI,

                        size_t MaxLifetimes) {

  // An alloca that has exactly one start and end in every possible execution.

  // If it has multiple ends, they have to be unreachable from each other, so

  // at most one of them is actually used for each execution of the function.

  return LifetimeStart.size() == 1 &&

         (LifetimeEnd.size() == 1 ||

          (LifetimeEnd.size() > 0 &&

           !maybeReachableFromEachOther(LifetimeEnd, DT, LI, MaxLifetimes)));

}


Instruction *getUntagLocationIfFunctionExit(Instruction &Inst) {

  if (isa<ReturnInst>(Inst)) {

    if (CallInst *CI = Inst.getParent()->getTerminatingMustTailCall())

      return CI;

    return &Inst;

  }

  if (isa<ResumeInst, CleanupReturnInst>(Inst)) {

    return &Inst;

  }

  return nullptr;

}


void StackInfoBuilder::visit(Instruction &Inst) {

  if (CallInst *CI = dyn_cast<CallInst>(&Inst)) {

    if (CI->canReturnTwice()) {

      Info.CallsReturnTwice = true;

    }

  }

  if (AllocaInst *AI = dyn_cast<AllocaInst>(&Inst)) {

    if (isInterestingAlloca(*AI)) {

      Info.AllocasToInstrument[AI].AI = AI;

    }

    return;

  }

  auto *II = dyn_cast<IntrinsicInst>(&Inst);

  if (II && (II->getIntrinsicID() == Intrinsic::lifetime_start ||

             II->getIntrinsicID() == Intrinsic::lifetime_end)) {

    AllocaInst *AI = findAllocaForValue(II->getArgOperand(1));

    if (!AI) {

      Info.UnrecognizedLifetimes.push_back(&Inst);

      return;

    }

    if (!isInterestingAlloca(*AI))

      return;

    if (II->getIntrinsicID() == Intrinsic::lifetime_start)

      Info.AllocasToInstrument[AI].LifetimeStart.push_back(II);

    else

      Info.AllocasToInstrument[AI].LifetimeEnd.push_back(II);

    return;

  }

  if (auto *DVI = dyn_cast<DbgVariableIntrinsic>(&Inst)) {

    for (Value *V : DVI->location_ops()) {

      if (auto *AI = dyn_cast_or_null<AllocaInst>(V)) {

        if (!isInterestingAlloca(*AI))

          continue;

        AllocaInfo &AInfo = Info.AllocasToInstrument[AI];

        auto &DVIVec = AInfo.DbgVariableIntrinsics;

        if (DVIVec.empty() || DVIVec.back() != DVI)

          DVIVec.push_back(DVI);

      }

    }

  }

  Instruction *ExitUntag = getUntagLocationIfFunctionExit(Inst);

  if (ExitUntag)

    Info.RetVec.push_back(ExitUntag);

}


bool StackInfoBuilder::isInterestingAlloca(const AllocaInst &AI) {

  return (AI.getAllocatedType()->isSized() &&

          // FIXME: instrument dynamic allocas, too

          AI.isStaticAlloca() &&

          // alloca() may be called with 0 size, ignore it.

          memtag::getAllocaSizeInBytes(AI) > 0 &&

          // We are only interested in allocas not promotable to registers.

          // Promotable allocas are common under -O0.

          !isAllocaPromotable(&AI) &&

          // inalloca allocas are not treated as static, and we don't want

          // dynamic alloca instrumentation for them as well.

          !AI.isUsedWithInAlloca() &&

          // swifterror allocas are register promoted by ISel

          !AI.isSwiftError()) &&

         // safe allocas are not interesting

         !(SSI && SSI->isSafe(AI));

}


uint64_t getAllocaSizeInBytes(const AllocaInst &AI) {

  auto DL = AI.getModule()->getDataLayout();

  return *AI.getAllocationSize(DL);

}


void alignAndPadAlloca(memtag::AllocaInfo &Info, llvm::Align Alignment) {

  const Align NewAlignment = std::max(Info.AI->getAlign(), Alignment);

  Info.AI->setAlignment(NewAlignment);

  auto &Ctx = Info.AI->getFunction()->getContext();


  uint64_t Size = getAllocaSizeInBytes(*Info.AI);

  uint64_t AlignedSize = alignTo(Size, Alignment);

  if (Size == AlignedSize)

    return;


  // Add padding to the alloca.

  Type *AllocatedType =

      Info.AI->isArrayAllocation()

          ? ArrayType::get(

                Info.AI->getAllocatedType(),

                cast<ConstantInt>(Info.AI->getArraySize())->getZExtValue())

          : Info.AI->getAllocatedType();

  Type *PaddingType = ArrayType::get(Type::getInt8Ty(Ctx), AlignedSize - Size);

  Type *TypeWithPadding = StructType::get(AllocatedType, PaddingType);

  auto *NewAI = new AllocaInst(TypeWithPadding, Info.AI->getAddressSpace(),

                               nullptr, "", Info.AI);

  NewAI->takeName(Info.AI);

  NewAI->setAlignment(Info.AI->getAlign());

  NewAI->setUsedWithInAlloca(Info.AI->isUsedWithInAlloca());

  NewAI->setSwiftError(Info.AI->isSwiftError());

  NewAI->copyMetadata(*Info.AI);


  Value *NewPtr = NewAI;


  // TODO: Remove when typed pointers dropped

  if (Info.AI->getType() != NewAI->getType())

    NewPtr = new BitCastInst(NewAI, Info.AI->getType(), "", Info.AI);


  Info.AI->replaceAllUsesWith(NewPtr);

  Info.AI->eraseFromParent();

  Info.AI = NewAI;

}


} // namespace memtag

} // namespace llvm

DL
MachineBasicBlock MachineBasicBlock::iterator DebugLoc DL
Definition: AArch64SLSHardening.cpp:76

CFG.h

BasicBlock.h

Info
Analysis containing CSE Info
Definition: CSEInfo.cpp:27

Size
uint64_t Size
Definition: ELFObjHandler.cpp:81

IntrinsicInst.h

I
#define I(x, y, z)
Definition: MD5.cpp:58

MemoryTaggingSupport.h

PostDominators.h

PromoteMemToReg.h

StackSafetyAnalysis.h

ValueTracking.h

llvm::AllocaInst
an instruction to allocate memory on the stack
Definition: Instructions.h:58

llvm::AllocaInst::isSwiftError
bool isSwiftError() const
Return true if this alloca is used as a swifterror argument to a call.
Definition: Instructions.h:150

llvm::AllocaInst::isStaticAlloca
bool isStaticAlloca() const
Return true if this alloca is in the entry block of the function and is a constant size.
Definition: Instructions.cpp:1533

llvm::AllocaInst::getAllocatedType
Type * getAllocatedType() const
Return the type that is being allocated by the instruction.
Definition: Instructions.h:118

llvm::AllocaInst::isUsedWithInAlloca
bool isUsedWithInAlloca() const
Return true if this alloca is used as an inalloca argument to a call.
Definition: Instructions.h:140

llvm::AllocaInst::getAllocationSize
std::optional< TypeSize > getAllocationSize(const DataLayout &DL) const
Get allocation size in bytes.
Definition: Instructions.cpp:60

llvm::ArrayType::get
static ArrayType * get(Type *ElementType, uint64_t NumElements)
This static method is the primary way to construct an ArrayType.
Definition: Type.cpp:658

llvm::BasicBlock::getTerminatingMustTailCall
const CallInst * getTerminatingMustTailCall() const
Returns the call instruction marked 'musttail' prior to the terminating return instruction of this ba...
Definition: BasicBlock.cpp:150

llvm::BitCastInst
This class represents a no-op cast from one type to another.
Definition: Instructions.h:5289

llvm::CallInst
This class represents a function call, abstracting a target machine's calling convention.
Definition: Instructions.h:1485

llvm::DominatorTree
Concrete subclass of DominatorTreeBase that is used to compute a normal dominator tree.
Definition: Dominators.h:166

llvm::Instruction
Definition: Instruction.h:42

llvm::Instruction::getModule
const Module * getModule() const
Return the module owning the function this instruction belongs to or nullptr it the function does not...
Definition: Instruction.cpp:70

llvm::Instruction::getParent
const BasicBlock * getParent() const
Definition: Instruction.h:90

llvm::LoopInfo
Definition: LoopInfo.h:1108

llvm::Module::getDataLayout
const DataLayout & getDataLayout() const
Get the data layout for the module's target platform.
Definition: Module.cpp:398

llvm::PostDominatorTree
PostDominatorTree Class - Concrete subclass of DominatorTree that is used to compute the post-dominat...
Definition: PostDominators.h:28

llvm::PostDominatorTree::dominates
bool dominates(const Instruction *I1, const Instruction *I2) const
Return true if I1 dominates I2.
Definition: PostDominators.cpp:54

llvm::SmallPtrSetImpl::count
size_type count(ConstPtrType Ptr) const
count - Return 1 if the specified pointer is in the set, 0 otherwise.
Definition: SmallPtrSet.h:383

llvm::SmallPtrSetImpl::insert
std::pair< iterator, bool > insert(PtrType Ptr)
Inserts Ptr if and only if there is no element in the container equal to Ptr.
Definition: SmallPtrSet.h:365

llvm::SmallPtrSet
SmallPtrSet - This class implements a set which is optimized for holding SmallSize or less elements.
Definition: SmallPtrSet.h:450

llvm::SmallVectorBase::size
size_t size() const
Definition: SmallVector.h:91

llvm::SmallVectorImpl
This class consists of common code factored out of the SmallVector class to reduce code duplication b...
Definition: SmallVector.h:577

llvm::SmallVectorTemplateBase::push_back
void push_back(const T &Elt)
Definition: SmallVector.h:416

llvm::SmallVector
This is a 'vector' (really, a variable-sized array), optimized for the case when the array is small.
Definition: SmallVector.h:1200

llvm::StackSafetyGlobalInfo::isSafe
bool isSafe(const AllocaInst &AI) const
Definition: StackSafetyAnalysis.cpp:966

llvm::StructType::get
static StructType * get(LLVMContext &Context, ArrayRef< Type * > Elements, bool isPacked=false)
This static method is the primary way to create a literal StructType.
Definition: Type.cpp:426

llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition: Type.h:45

llvm::Type::isSized
bool isSized(SmallPtrSetImpl< Type * > *Visited=nullptr) const
Return true if it makes sense to take the size of this type.
Definition: Type.h:304

llvm::Type::getInt8Ty
static IntegerType * getInt8Ty(LLVMContext &C)

llvm::Value
LLVM Value Representation.
Definition: Value.h:74

llvm::function_ref
An efficient, type-erasing, non-owning reference to a callable.
Definition: STLFunctionalExtras.h:36

llvm::memtag::StackInfoBuilder::isInterestingAlloca
bool isInterestingAlloca(const AllocaInst &AI)
Definition: MemoryTaggingSupport.cpp:157

llvm::memtag::StackInfoBuilder::visit
void visit(Instruction &Inst)
Definition: MemoryTaggingSupport.cpp:112

uint64_t

llvm::memtag::isStandardLifetime
bool isStandardLifetime(const SmallVectorImpl< IntrinsicInst * > &LifetimeStart, const SmallVectorImpl< IntrinsicInst * > &LifetimeEnd, const DominatorTree *DT, const LoopInfo *LI, size_t MaxLifetimes)
Definition: MemoryTaggingSupport.cpp:87

llvm::memtag::forAllReachableExits
bool forAllReachableExits(const DominatorTree &DT, const PostDominatorTree &PDT, const LoopInfo &LI, const Instruction *Start, const SmallVectorImpl< IntrinsicInst * > &Ends, const SmallVectorImpl< Instruction * > &RetVec, llvm::function_ref< void(Instruction *)> Callback)
Definition: MemoryTaggingSupport.cpp:44

llvm::memtag::getAllocaSizeInBytes
uint64_t getAllocaSizeInBytes(const AllocaInst &AI)
Definition: MemoryTaggingSupport.cpp:175

llvm::memtag::getUntagLocationIfFunctionExit
Instruction * getUntagLocationIfFunctionExit(Instruction &Inst)
Definition: MemoryTaggingSupport.cpp:100

llvm::memtag::alignAndPadAlloca
void alignAndPadAlloca(memtag::AllocaInfo &Info, llvm::Align Align)
Definition: MemoryTaggingSupport.cpp:180

llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition: AddressRanges.h:18

llvm::findAllocaForValue
AllocaInst * findAllocaForValue(Value *V, bool OffsetZero=false)
Returns unique alloca where the value comes from, or nullptr.
Definition: ValueTracking.cpp:5216

llvm::isAllocaPromotable
bool isAllocaPromotable(const AllocaInst *AI)
Return true if this alloca is legal for promotion.
Definition: PromoteMemoryToRegister.cpp:63

llvm::alignTo
uint64_t alignTo(uint64_t Size, Align A)
Returns a multiple of A needed to store Size bytes.
Definition: Alignment.h:155

llvm::isPotentiallyReachable
bool isPotentiallyReachable(const Instruction *From, const Instruction *To, const SmallPtrSetImpl< BasicBlock * > *ExclusionSet=nullptr, const DominatorTree *DT=nullptr, const LoopInfo *LI=nullptr)
Determine whether instruction 'To' is reachable from 'From', without passing through any blocks in Ex...
Definition: CFG.cpp:231

llvm::Align
This struct is a compact representation of a valid (non-zero power of two) alignment.
Definition: Alignment.h:39

llvm::memtag::AllocaInfo
Definition: MemoryTaggingSupport.h:50

llvm::memtag::AllocaInfo::DbgVariableIntrinsics
SmallVector< DbgVariableIntrinsic *, 2 > DbgVariableIntrinsics
Definition: MemoryTaggingSupport.h:54

llvm::memtag::StackInfo::AllocasToInstrument
MapVector< AllocaInst *, AllocaInfo > AllocasToInstrument
Definition: MemoryTaggingSupport.h:58

llvm::memtag::StackInfo::CallsReturnTwice
bool CallsReturnTwice
Definition: MemoryTaggingSupport.h:61

llvm::memtag::StackInfo::UnrecognizedLifetimes
SmallVector< Instruction *, 4 > UnrecognizedLifetimes
Definition: MemoryTaggingSupport.h:59

llvm::memtag::StackInfo::RetVec
SmallVector< Instruction *, 8 > RetVec
Definition: MemoryTaggingSupport.h:60