Support AddressSanitizer instrumentation of LLVM JIT routines
The instrumentation produces helpful crash reports and detects more
issues.
This is expected to cause a 2x slowdown on average.
Bug: b/240465596
Change-Id: I8861a51344866c646580763cbd0c7a491143dbf9
Reviewed-on: https://swiftshader-review.googlesource.com/c/SwiftShader/+/67128
Kokoro-Result: kokoro <noreply+kokoro@google.com>
Reviewed-by: Alexis Hétu <sugoi@google.com>
Tested-by: Nicolas Capens <nicolascapens@google.com>
diff --git a/src/Reactor/LLVMJIT.cpp b/src/Reactor/LLVMJIT.cpp
index d21cf22..ca0a5c8 100644
--- a/src/Reactor/LLVMJIT.cpp
+++ b/src/Reactor/LLVMJIT.cpp
@@ -36,6 +36,7 @@
#include "llvm/Support/Host.h"
#include "llvm/Support/TargetSelect.h"
#include "llvm/Transforms/InstCombine/InstCombine.h"
+#include "llvm/Transforms/Instrumentation/AddressSanitizer.h"
#include "llvm/Transforms/Instrumentation/MemorySanitizer.h"
#include "llvm/Transforms/Scalar.h"
#include "llvm/Transforms/Scalar/GVN.h"
@@ -62,6 +63,10 @@
__pragma(warning(pop))
#endif
+#if __has_feature(memory_sanitizer) || __has_feature(address_sanitizer)
+# include <dlfcn.h> // dlsym()
+#endif
+
#ifndef REACTOR_ASM_EMIT_DIR
# define REACTOR_ASM_EMIT_DIR "./"
#endif
@@ -77,12 +82,8 @@
#endif
#if __has_feature(memory_sanitizer)
-
-// TODO(b/155148722): Remove when we no longer unpoison any writes.
# include "sanitizer/msan_interface.h"
-# include <dlfcn.h> // dlsym()
-
// MemorySanitizer uses thread-local storage (TLS) data arrays for passing around
// the 'shadow' values of function arguments and return values. The LLVM JIT can't
// access TLS directly, but it calls __emutls_get_address() to obtain the address.
@@ -590,7 +591,6 @@
functions.try_emplace("__emutls_v.__msan_va_arg_overflow_size_tls", reinterpret_cast<void *>(static_cast<uintptr_t>(rr::MSanTLS::va_arg_overflow_size)));
functions.try_emplace("__emutls_v.__msan_origin_tls", reinterpret_cast<void *>(static_cast<uintptr_t>(rr::MSanTLS::origin)));
- // TODO(b/155148722): Remove when we no longer unpoison any writes.
functions.try_emplace("__msan_unpoison", reinterpret_cast<void *>(__msan_unpoison));
functions.try_emplace("__msan_unpoison_param", reinterpret_cast<void *>(__msan_unpoison_param));
#endif
@@ -636,9 +636,9 @@
continue;
}
-#if __has_feature(memory_sanitizer)
- // MemorySanitizer uses a dynamically linked runtime. Instrumented routines reference
- // some symbols from this library. Look them up dynamically in the default namespace.
+#if __has_feature(memory_sanitizer) || __has_feature(address_sanitizer)
+ // Sanitizers use a dynamically linked runtime. Instrumented routines reference some
+ // symbols from this library. Look them up dynamically in the default namespace.
// Note this approach should not be used for other symbols, since they might not be
// visible (e.g. due to static linking), we may wish to provide an alternate
// implementation, and/or it would be a security vulnerability.
@@ -933,6 +933,11 @@
pm.addPass(llvm::createModuleToFunctionPassAdaptor(llvm::MemorySanitizerPass(msanOpts)));
}
+ if(__has_feature(address_sanitizer))
+ {
+ pm.addPass(llvm::ModuleAddressSanitizerPass(llvm::AddressSanitizerOptions{}));
+ }
+
pm.run(*module, mam);
#else // Legacy pass manager
llvm::legacy::PassManager passManager;
@@ -959,6 +964,11 @@
passManager.add(llvm::createMemorySanitizerLegacyPassPass(msanOpts));
}
+ if(__has_feature(address_sanitizer))
+ {
+ passManager.add(llvm::createAddressSanitizerFunctionPass());
+ }
+
passManager.run(*module);
#endif
}
diff --git a/src/Reactor/LLVMReactor.cpp b/src/Reactor/LLVMReactor.cpp
index 6512b0d..54bbebc 100644
--- a/src/Reactor/LLVMReactor.cpp
+++ b/src/Reactor/LLVMReactor.cpp
@@ -503,6 +503,11 @@
#endif
}
+ if(__has_feature(address_sanitizer))
+ {
+ func->addFnAttr(llvm::Attribute::SanitizeAddress);
+ }
+
func->addFnAttr("warn-stack-size", "524288"); // Warn when a function uses more than 512 KiB of stack memory
return func;
@@ -4021,7 +4026,7 @@
auto promisePtrTy = promiseTy->getPointerTo();
jit->function = rr::createFunction("coroutine_begin", handleTy, T(Params));
-#if LLVM_VERSION_MAJOR >= 15
+#if LLVM_VERSION_MAJOR >= 16
jit->function->setPresplitCoroutine();
#else
jit->function->addFnAttr("coroutine.presplit", "0");
diff --git a/third_party/llvm-10.0/Android.bp b/third_party/llvm-10.0/Android.bp
index 306285e..5030e4b 100644
--- a/third_party/llvm-10.0/Android.bp
+++ b/third_party/llvm-10.0/Android.bp
@@ -628,6 +628,7 @@
"llvm/lib/Support/SmallPtrSet.cpp",
"llvm/lib/Support/SmallVector.cpp",
"llvm/lib/Support/SourceMgr.cpp",
+ "llvm/lib/Support/SpecialCaseList.cpp",
"llvm/lib/Support/Statistic.cpp",
"llvm/lib/Support/StringExtras.cpp",
"llvm/lib/Support/StringMap.cpp",
@@ -640,6 +641,7 @@
"llvm/lib/Support/TimeProfiler.cpp",
"llvm/lib/Support/Timer.cpp",
"llvm/lib/Support/ToolOutputFile.cpp",
+ "llvm/lib/Support/TrigramIndex.cpp",
"llvm/lib/Support/Triple.cpp",
"llvm/lib/Support/Twine.cpp",
"llvm/lib/Support/Unicode.cpp",
@@ -683,12 +685,21 @@
"llvm/lib/Transforms/InstCombine/InstCombineSimplifyDemanded.cpp",
"llvm/lib/Transforms/InstCombine/InstCombineVectorOps.cpp",
"llvm/lib/Transforms/InstCombine/InstructionCombining.cpp",
+ "llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp",
+ "llvm/lib/Transforms/Instrumentation/BoundsChecking.cpp",
"llvm/lib/Transforms/Instrumentation/ControlHeightReduction.cpp",
+ "llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp",
+ "llvm/lib/Transforms/Instrumentation/GCOVProfiling.cpp",
+ "llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp",
"llvm/lib/Transforms/Instrumentation/IndirectCallPromotion.cpp",
"llvm/lib/Transforms/Instrumentation/InstrOrderFile.cpp",
"llvm/lib/Transforms/Instrumentation/InstrProfiling.cpp",
+ "llvm/lib/Transforms/Instrumentation/Instrumentation.cpp",
+ "llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp",
"llvm/lib/Transforms/Instrumentation/PGOInstrumentation.cpp",
"llvm/lib/Transforms/Instrumentation/PGOMemOPSizeOpt.cpp",
+ "llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp",
+ "llvm/lib/Transforms/Instrumentation/ThreadSanitizer.cpp",
"llvm/lib/Transforms/Instrumentation/ValueProfileCollector.cpp",
"llvm/lib/Transforms/IPO/ArgumentPromotion.cpp",
"llvm/lib/Transforms/IPO/Attributor.cpp",
@@ -767,6 +778,7 @@
"llvm/lib/Transforms/Scalar/SROA.cpp",
"llvm/lib/Transforms/Scalar/TailRecursionElimination.cpp",
"llvm/lib/Transforms/Scalar/WarnMissedTransforms.cpp",
+ "llvm/lib/Transforms/Utils/ASanStackFrameLayout.cpp",
"llvm/lib/Transforms/Utils/BasicBlockUtils.cpp",
"llvm/lib/Transforms/Utils/BreakCriticalEdges.cpp",
"llvm/lib/Transforms/Utils/BuildLibCalls.cpp",
diff --git a/third_party/llvm-10.0/BUILD.gn b/third_party/llvm-10.0/BUILD.gn
index 6c40b2c..59e5230 100644
--- a/third_party/llvm-10.0/BUILD.gn
+++ b/third_party/llvm-10.0/BUILD.gn
@@ -738,14 +738,23 @@
"llvm/lib/Transforms/InstCombine/InstCombineSimplifyDemanded.cpp",
"llvm/lib/Transforms/InstCombine/InstCombineVectorOps.cpp",
"llvm/lib/Transforms/InstCombine/InstructionCombining.cpp",
+ "llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp",
+ "llvm/lib/Transforms/Instrumentation/BoundsChecking.cpp",
"llvm/lib/Transforms/Instrumentation/ControlHeightReduction.cpp",
+ "llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp",
+ "llvm/lib/Transforms/Instrumentation/GCOVProfiling.cpp",
+ "llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp",
"llvm/lib/Transforms/Instrumentation/IndirectCallPromotion.cpp",
"llvm/lib/Transforms/Instrumentation/InstrOrderFile.cpp",
"llvm/lib/Transforms/Instrumentation/InstrProfiling.cpp",
+ "llvm/lib/Transforms/Instrumentation/Instrumentation.cpp",
"llvm/lib/Transforms/Instrumentation/MemorySanitizer.cpp",
"llvm/lib/Transforms/Instrumentation/PGOInstrumentation.cpp",
"llvm/lib/Transforms/Instrumentation/PGOMemOPSizeOpt.cpp",
+ "llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp",
+ "llvm/lib/Transforms/Instrumentation/ThreadSanitizer.cpp",
"llvm/lib/Transforms/Instrumentation/ValueProfileCollector.cpp",
+ "llvm/lib/Transforms/Utils/ASanStackFrameLayout.cpp",
"llvm/lib/Transforms/Utils/BasicBlockUtils.cpp",
"llvm/lib/Transforms/Utils/BreakCriticalEdges.cpp",
"llvm/lib/Transforms/Utils/BuildLibCalls.cpp",
@@ -918,6 +927,7 @@
"llvm/lib/Support/SmallPtrSet.cpp",
"llvm/lib/Support/SmallVector.cpp",
"llvm/lib/Support/SourceMgr.cpp",
+ "llvm/lib/Support/SpecialCaseList.cpp",
"llvm/lib/Support/Statistic.cpp",
"llvm/lib/Support/StringExtras.cpp",
"llvm/lib/Support/StringMap.cpp",
@@ -930,6 +940,7 @@
"llvm/lib/Support/TimeProfiler.cpp",
"llvm/lib/Support/Timer.cpp",
"llvm/lib/Support/ToolOutputFile.cpp",
+ "llvm/lib/Support/TrigramIndex.cpp",
"llvm/lib/Support/Triple.cpp",
"llvm/lib/Support/Twine.cpp",
"llvm/lib/Support/Unicode.cpp",
diff --git a/third_party/llvm-10.0/CMakeLists.txt b/third_party/llvm-10.0/CMakeLists.txt
index bda5362..3ea8d6a 100644
--- a/third_party/llvm-10.0/CMakeLists.txt
+++ b/third_party/llvm-10.0/CMakeLists.txt
@@ -631,6 +631,7 @@
${LLVM_DIR}/lib/Support/SmallPtrSet.cpp
${LLVM_DIR}/lib/Support/SmallVector.cpp
${LLVM_DIR}/lib/Support/SourceMgr.cpp
+ ${LLVM_DIR}/lib/Support/SpecialCaseList.cpp
${LLVM_DIR}/lib/Support/Statistic.cpp
${LLVM_DIR}/lib/Support/StringExtras.cpp
${LLVM_DIR}/lib/Support/StringMap.cpp
@@ -643,6 +644,7 @@
${LLVM_DIR}/lib/Support/TimeProfiler.cpp
${LLVM_DIR}/lib/Support/Timer.cpp
${LLVM_DIR}/lib/Support/ToolOutputFile.cpp
+ ${LLVM_DIR}/lib/Support/TrigramIndex.cpp
${LLVM_DIR}/lib/Support/Triple.cpp
${LLVM_DIR}/lib/Support/Twine.cpp
${LLVM_DIR}/lib/Support/Unicode.cpp
@@ -686,14 +688,22 @@
${LLVM_DIR}/lib/Transforms/InstCombine/InstCombineSimplifyDemanded.cpp
${LLVM_DIR}/lib/Transforms/InstCombine/InstCombineVectorOps.cpp
${LLVM_DIR}/lib/Transforms/InstCombine/InstructionCombining.cpp
+ ${LLVM_DIR}/lib/Transforms/Instrumentation/AddressSanitizer.cpp
+ ${LLVM_DIR}/lib/Transforms/Instrumentation/BoundsChecking.cpp
${LLVM_DIR}/lib/Transforms/Instrumentation/ControlHeightReduction.cpp
+ ${LLVM_DIR}/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp
+ ${LLVM_DIR}/lib/Transforms/Instrumentation/GCOVProfiling.cpp
+ ${LLVM_DIR}/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
${LLVM_DIR}/lib/Transforms/Instrumentation/IndirectCallPromotion.cpp
${LLVM_DIR}/lib/Transforms/Instrumentation/InstrOrderFile.cpp
${LLVM_DIR}/lib/Transforms/Instrumentation/InstrProfiling.cpp
+ ${LLVM_DIR}/lib/Transforms/Instrumentation/Instrumentation.cpp
+ ${LLVM_DIR}/lib/Transforms/Instrumentation/MemorySanitizer.cpp
${LLVM_DIR}/lib/Transforms/Instrumentation/PGOInstrumentation.cpp
${LLVM_DIR}/lib/Transforms/Instrumentation/PGOMemOPSizeOpt.cpp
+ ${LLVM_DIR}/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
+ ${LLVM_DIR}/lib/Transforms/Instrumentation/ThreadSanitizer.cpp
${LLVM_DIR}/lib/Transforms/Instrumentation/ValueProfileCollector.cpp
- ${LLVM_DIR}/lib/Transforms/Instrumentation/MemorySanitizer.cpp
${LLVM_DIR}/lib/Transforms/IPO/ArgumentPromotion.cpp
${LLVM_DIR}/lib/Transforms/IPO/Attributor.cpp
${LLVM_DIR}/lib/Transforms/IPO/BarrierNoopPass.cpp
@@ -771,6 +781,7 @@
${LLVM_DIR}/lib/Transforms/Scalar/SROA.cpp
${LLVM_DIR}/lib/Transforms/Scalar/TailRecursionElimination.cpp
${LLVM_DIR}/lib/Transforms/Scalar/WarnMissedTransforms.cpp
+ ${LLVM_DIR}/lib/Transforms/Utils/ASanStackFrameLayout.cpp
${LLVM_DIR}/lib/Transforms/Utils/BasicBlockUtils.cpp
${LLVM_DIR}/lib/Transforms/Utils/BreakCriticalEdges.cpp
${LLVM_DIR}/lib/Transforms/Utils/BuildLibCalls.cpp
