|  | //===- subzero/src/IceASanInstrumentation.cpp - ASan ------------*- C++ -*-===// | 
|  | // | 
|  | //                        The Subzero Code Generator | 
|  | // | 
|  | // This file is distributed under the University of Illinois Open Source | 
|  | // License. See LICENSE.TXT for details. | 
|  | // | 
|  | //===----------------------------------------------------------------------===// | 
|  | /// | 
|  | /// \file | 
|  | /// \brief Implements the AddressSanitizer instrumentation class. | 
|  | /// | 
|  | //===----------------------------------------------------------------------===// | 
|  |  | 
|  | #include "IceASanInstrumentation.h" | 
|  |  | 
|  | #include "IceBuildDefs.h" | 
|  | #include "IceCfg.h" | 
|  | #include "IceCfgNode.h" | 
|  | #include "IceGlobalInits.h" | 
|  | #include "IceInst.h" | 
|  | #include "IceTargetLowering.h" | 
|  | #include "IceTypes.h" | 
|  |  | 
|  | #include <sstream> | 
|  | #include <unordered_map> | 
|  | #include <unordered_set> | 
|  | #include <vector> | 
|  |  | 
|  | namespace Ice { | 
|  |  | 
|  | namespace { | 
|  |  | 
|  | constexpr SizeT BytesPerWord = sizeof(uint32_t); | 
|  | constexpr SizeT RzSize = 32; | 
|  | constexpr SizeT ShadowScaleLog2 = 3; | 
|  | constexpr SizeT ShadowScale = 1 << ShadowScaleLog2; | 
|  | constexpr SizeT ShadowLength32 = 1 << (32 - ShadowScaleLog2); | 
|  | constexpr int32_t StackPoisonVal = -1; | 
|  | constexpr const char *ASanPrefix = "__asan"; | 
|  | constexpr const char *RzPrefix = "__$rz"; | 
|  | constexpr const char *RzArrayName = "__$rz_array"; | 
|  | constexpr const char *RzSizesName = "__$rz_sizes"; | 
|  | const llvm::NaClBitcodeRecord::RecordVector RzContents = | 
|  | llvm::NaClBitcodeRecord::RecordVector(RzSize, 'R'); | 
|  |  | 
|  | // In order to instrument the code correctly, the .pexe must not have had its | 
|  | // symbols stripped. | 
|  | using StringMap = std::unordered_map<std::string, std::string>; | 
|  | using StringSet = std::unordered_set<std::string>; | 
|  | // TODO(tlively): Handle all allocation functions | 
|  | const StringMap FuncSubstitutions = {{"malloc", "__asan_malloc"}, | 
|  | {"free", "__asan_free"}, | 
|  | {"calloc", "__asan_calloc"}, | 
|  | {"__asan_dummy_calloc", "__asan_calloc"}, | 
|  | {"realloc", "__asan_realloc"}}; | 
|  | const StringSet FuncBlackList = {"_Balloc"}; | 
|  |  | 
|  | llvm::NaClBitcodeRecord::RecordVector sizeToByteVec(SizeT Size) { | 
|  | llvm::NaClBitcodeRecord::RecordVector SizeContents; | 
|  | for (unsigned i = 0; i < sizeof(Size); ++i) { | 
|  | SizeContents.emplace_back(Size % (1 << CHAR_BIT)); | 
|  | Size >>= CHAR_BIT; | 
|  | } | 
|  | return SizeContents; | 
|  | } | 
|  |  | 
|  | } // end of anonymous namespace | 
|  |  | 
|  | ICE_TLS_DEFINE_FIELD(VarSizeMap *, ASanInstrumentation, LocalVars); | 
|  | ICE_TLS_DEFINE_FIELD(std::vector<InstStore *> *, ASanInstrumentation, | 
|  | LocalDtors); | 
|  | ICE_TLS_DEFINE_FIELD(CfgNode *, ASanInstrumentation, CurNode); | 
|  | ICE_TLS_DEFINE_FIELD(VarSizeMap *, ASanInstrumentation, CheckedVars); | 
|  |  | 
|  | bool ASanInstrumentation::isInstrumentable(Cfg *Func) { | 
|  | std::string FuncName = Func->getFunctionName().toStringOrEmpty(); | 
|  | return FuncName == "" || | 
|  | (FuncBlackList.count(FuncName) == 0 && FuncName.find(ASanPrefix) != 0); | 
|  | } | 
|  |  | 
|  | // Create redzones around all global variables, ensuring that the initializer | 
|  | // types of the redzones and their associated globals match so that they are | 
|  | // laid out together in memory. | 
|  | void ASanInstrumentation::instrumentGlobals(VariableDeclarationList &Globals) { | 
|  | std::unique_lock<std::mutex> _(GlobalsMutex); | 
|  | if (DidProcessGlobals) | 
|  | return; | 
|  | VariableDeclarationList NewGlobals; | 
|  | // Global holding pointers to all redzones | 
|  | auto *RzArray = VariableDeclaration::create(&NewGlobals); | 
|  | // Global holding sizes of all redzones | 
|  | auto *RzSizes = VariableDeclaration::create(&NewGlobals); | 
|  |  | 
|  | RzArray->setName(Ctx, RzArrayName); | 
|  | RzSizes->setName(Ctx, RzSizesName); | 
|  | RzArray->setIsConstant(true); | 
|  | RzSizes->setIsConstant(true); | 
|  | NewGlobals.push_back(RzArray); | 
|  | NewGlobals.push_back(RzSizes); | 
|  |  | 
|  | using PrototypeMap = std::unordered_map<std::string, FunctionDeclaration *>; | 
|  | PrototypeMap ProtoSubstitutions; | 
|  | for (VariableDeclaration *Global : Globals) { | 
|  | assert(Global->getAlignment() <= RzSize); | 
|  | VariableDeclaration *RzLeft = VariableDeclaration::create(&NewGlobals); | 
|  | VariableDeclaration *NewGlobal = Global; | 
|  | VariableDeclaration *RzRight = VariableDeclaration::create(&NewGlobals); | 
|  | RzLeft->setName(Ctx, nextRzName()); | 
|  | RzRight->setName(Ctx, nextRzName()); | 
|  | SizeT Alignment = std::max(RzSize, Global->getAlignment()); | 
|  | SizeT RzLeftSize = Alignment; | 
|  | SizeT RzRightSize = | 
|  | RzSize + Utils::OffsetToAlignment(Global->getNumBytes(), Alignment); | 
|  | if (!Global->hasNonzeroInitializer()) { | 
|  | RzLeft->addInitializer(VariableDeclaration::ZeroInitializer::create( | 
|  | &NewGlobals, RzLeftSize)); | 
|  | RzRight->addInitializer(VariableDeclaration::ZeroInitializer::create( | 
|  | &NewGlobals, RzRightSize)); | 
|  | } else { | 
|  | RzLeft->addInitializer(VariableDeclaration::DataInitializer::create( | 
|  | &NewGlobals, llvm::NaClBitcodeRecord::RecordVector(RzLeftSize, 'R'))); | 
|  | RzRight->addInitializer(VariableDeclaration::DataInitializer::create( | 
|  | &NewGlobals, | 
|  | llvm::NaClBitcodeRecord::RecordVector(RzRightSize, 'R'))); | 
|  |  | 
|  | // replace any pointers to allocator functions | 
|  | NewGlobal = VariableDeclaration::create(&NewGlobals); | 
|  | NewGlobal->setName(Global->getName()); | 
|  | std::vector<VariableDeclaration::Initializer *> GlobalInits = | 
|  | Global->getInitializers(); | 
|  | for (VariableDeclaration::Initializer *Init : GlobalInits) { | 
|  | auto *RelocInit = | 
|  | llvm::dyn_cast<VariableDeclaration::RelocInitializer>(Init); | 
|  | if (RelocInit == nullptr) { | 
|  | NewGlobal->addInitializer(Init); | 
|  | continue; | 
|  | } | 
|  | const GlobalDeclaration *TargetDecl = RelocInit->getDeclaration(); | 
|  | const auto *TargetFunc = | 
|  | llvm::dyn_cast<FunctionDeclaration>(TargetDecl); | 
|  | if (TargetFunc == nullptr) { | 
|  | NewGlobal->addInitializer(Init); | 
|  | continue; | 
|  | } | 
|  | std::string TargetName = TargetDecl->getName().toStringOrEmpty(); | 
|  | StringMap::const_iterator Subst = FuncSubstitutions.find(TargetName); | 
|  | if (Subst == FuncSubstitutions.end()) { | 
|  | NewGlobal->addInitializer(Init); | 
|  | continue; | 
|  | } | 
|  | std::string SubstName = Subst->second; | 
|  | PrototypeMap::iterator SubstProtoEntry = | 
|  | ProtoSubstitutions.find(SubstName); | 
|  | FunctionDeclaration *SubstProto; | 
|  | if (SubstProtoEntry != ProtoSubstitutions.end()) | 
|  | SubstProto = SubstProtoEntry->second; | 
|  | else { | 
|  | constexpr bool IsProto = true; | 
|  | SubstProto = FunctionDeclaration::create( | 
|  | Ctx, TargetFunc->getSignature(), TargetFunc->getCallingConv(), | 
|  | llvm::GlobalValue::ExternalLinkage, IsProto); | 
|  | SubstProto->setName(Ctx, SubstName); | 
|  | ProtoSubstitutions.insert({SubstName, SubstProto}); | 
|  | } | 
|  |  | 
|  | NewGlobal->addInitializer(VariableDeclaration::RelocInitializer::create( | 
|  | &NewGlobals, SubstProto, RelocOffsetArray(0))); | 
|  | } | 
|  | } | 
|  |  | 
|  | RzLeft->setIsConstant(Global->getIsConstant()); | 
|  | NewGlobal->setIsConstant(Global->getIsConstant()); | 
|  | RzRight->setIsConstant(Global->getIsConstant()); | 
|  | RzLeft->setAlignment(Alignment); | 
|  | NewGlobal->setAlignment(Alignment); | 
|  | RzRight->setAlignment(1); | 
|  | RzArray->addInitializer(VariableDeclaration::RelocInitializer::create( | 
|  | &NewGlobals, RzLeft, RelocOffsetArray(0))); | 
|  | RzArray->addInitializer(VariableDeclaration::RelocInitializer::create( | 
|  | &NewGlobals, RzRight, RelocOffsetArray(0))); | 
|  | RzSizes->addInitializer(VariableDeclaration::DataInitializer::create( | 
|  | &NewGlobals, sizeToByteVec(RzLeftSize))); | 
|  | RzSizes->addInitializer(VariableDeclaration::DataInitializer::create( | 
|  | &NewGlobals, sizeToByteVec(RzRightSize))); | 
|  |  | 
|  | NewGlobals.push_back(RzLeft); | 
|  | NewGlobals.push_back(NewGlobal); | 
|  | NewGlobals.push_back(RzRight); | 
|  | RzGlobalsNum += 2; | 
|  |  | 
|  | GlobalSizes.insert({NewGlobal->getName(), NewGlobal->getNumBytes()}); | 
|  | } | 
|  |  | 
|  | // Replace old list of globals, without messing up arena allocators | 
|  | Globals.clear(); | 
|  | Globals.merge(&NewGlobals); | 
|  | DidProcessGlobals = true; | 
|  |  | 
|  | // Log the new set of globals | 
|  | if (BuildDefs::dump() && (getFlags().getVerbose() & IceV_GlobalInit)) { | 
|  | OstreamLocker _(Ctx); | 
|  | Ctx->getStrDump() << "========= Instrumented Globals =========\n"; | 
|  | for (VariableDeclaration *Global : Globals) { | 
|  | Global->dump(Ctx->getStrDump()); | 
|  | } | 
|  | } | 
|  | } | 
|  |  | 
|  | std::string ASanInstrumentation::nextRzName() { | 
|  | std::stringstream Name; | 
|  | Name << RzPrefix << RzNum++; | 
|  | return Name.str(); | 
|  | } | 
|  |  | 
|  | // Check for an alloca signaling the presence of local variables and add a | 
|  | // redzone if it is found | 
|  | void ASanInstrumentation::instrumentFuncStart(LoweringContext &Context) { | 
|  | if (ICE_TLS_GET_FIELD(LocalDtors) == nullptr) { | 
|  | ICE_TLS_SET_FIELD(LocalDtors, new std::vector<InstStore *>()); | 
|  | ICE_TLS_SET_FIELD(LocalVars, new VarSizeMap()); | 
|  | } | 
|  | Cfg *Func = Context.getNode()->getCfg(); | 
|  | using Entry = std::pair<SizeT, int32_t>; | 
|  | std::vector<InstAlloca *> NewAllocas; | 
|  | std::vector<Entry> PoisonVals; | 
|  | Variable *FirstShadowLocVar; | 
|  | InstArithmetic *ShadowIndexCalc; | 
|  | InstArithmetic *ShadowLocCalc; | 
|  | InstAlloca *Cur; | 
|  | ConstantInteger32 *VarSizeOp; | 
|  | while (!Context.atEnd()) { | 
|  | Cur = llvm::dyn_cast<InstAlloca>(iteratorToInst(Context.getCur())); | 
|  | VarSizeOp = (Cur == nullptr) | 
|  | ? nullptr | 
|  | : llvm::dyn_cast<ConstantInteger32>(Cur->getSizeInBytes()); | 
|  | if (Cur == nullptr || VarSizeOp == nullptr) { | 
|  | Context.advanceCur(); | 
|  | Context.advanceNext(); | 
|  | continue; | 
|  | } | 
|  |  | 
|  | Cur->setDeleted(); | 
|  |  | 
|  | if (PoisonVals.empty()) { | 
|  | // insert leftmost redzone | 
|  | auto *LastRzVar = Func->makeVariable(IceType_i32); | 
|  | LastRzVar->setName(Func, nextRzName()); | 
|  | auto *ByteCount = ConstantInteger32::create(Ctx, IceType_i32, RzSize); | 
|  | constexpr SizeT Alignment = 8; | 
|  | NewAllocas.emplace_back( | 
|  | InstAlloca::create(Func, LastRzVar, ByteCount, Alignment)); | 
|  | PoisonVals.emplace_back(Entry{RzSize >> ShadowScaleLog2, StackPoisonVal}); | 
|  |  | 
|  | // Calculate starting address for poisoning | 
|  | FirstShadowLocVar = Func->makeVariable(IceType_i32); | 
|  | FirstShadowLocVar->setName(Func, "firstShadowLoc"); | 
|  | auto *ShadowIndexVar = Func->makeVariable(IceType_i32); | 
|  | ShadowIndexVar->setName(Func, "shadowIndex"); | 
|  |  | 
|  | auto *ShadowScaleLog2Const = | 
|  | ConstantInteger32::create(Ctx, IceType_i32, ShadowScaleLog2); | 
|  | auto *ShadowMemLocConst = | 
|  | ConstantInteger32::create(Ctx, IceType_i32, ShadowLength32); | 
|  |  | 
|  | ShadowIndexCalc = | 
|  | InstArithmetic::create(Func, InstArithmetic::Lshr, ShadowIndexVar, | 
|  | LastRzVar, ShadowScaleLog2Const); | 
|  | ShadowLocCalc = | 
|  | InstArithmetic::create(Func, InstArithmetic::Add, FirstShadowLocVar, | 
|  | ShadowIndexVar, ShadowMemLocConst); | 
|  | } | 
|  |  | 
|  | // create the new alloca that includes a redzone | 
|  | SizeT VarSize = VarSizeOp->getValue(); | 
|  | Variable *Dest = Cur->getDest(); | 
|  | ICE_TLS_GET_FIELD(LocalVars)->insert({Dest, VarSize}); | 
|  | SizeT RzPadding = RzSize + Utils::OffsetToAlignment(VarSize, RzSize); | 
|  | auto *ByteCount = | 
|  | ConstantInteger32::create(Ctx, IceType_i32, VarSize + RzPadding); | 
|  | constexpr SizeT Alignment = 8; | 
|  | NewAllocas.emplace_back( | 
|  | InstAlloca::create(Func, Dest, ByteCount, Alignment)); | 
|  |  | 
|  | const SizeT Zeros = VarSize >> ShadowScaleLog2; | 
|  | const SizeT Offset = VarSize % ShadowScale; | 
|  | const SizeT PoisonBytes = | 
|  | ((VarSize + RzPadding) >> ShadowScaleLog2) - Zeros - 1; | 
|  | if (Zeros > 0) | 
|  | PoisonVals.emplace_back(Entry{Zeros, 0}); | 
|  | PoisonVals.emplace_back(Entry{1, (Offset == 0) ? StackPoisonVal : Offset}); | 
|  | PoisonVals.emplace_back(Entry{PoisonBytes, StackPoisonVal}); | 
|  | Context.advanceCur(); | 
|  | Context.advanceNext(); | 
|  | } | 
|  |  | 
|  | Context.rewind(); | 
|  | if (PoisonVals.empty()) { | 
|  | Context.advanceNext(); | 
|  | return; | 
|  | } | 
|  | for (InstAlloca *RzAlloca : NewAllocas) { | 
|  | Context.insert(RzAlloca); | 
|  | } | 
|  | Context.insert(ShadowIndexCalc); | 
|  | Context.insert(ShadowLocCalc); | 
|  |  | 
|  | // Poison redzones | 
|  | std::vector<Entry>::iterator Iter = PoisonVals.begin(); | 
|  | for (SizeT Offset = 0; Iter != PoisonVals.end(); Offset += BytesPerWord) { | 
|  | int32_t CurVals[BytesPerWord] = {0}; | 
|  | for (uint32_t i = 0; i < BytesPerWord; ++i) { | 
|  | if (Iter == PoisonVals.end()) | 
|  | break; | 
|  | Entry Val = *Iter; | 
|  | CurVals[i] = Val.second; | 
|  | --Val.first; | 
|  | if (Val.first > 0) | 
|  | *Iter = Val; | 
|  | else | 
|  | ++Iter; | 
|  | } | 
|  | int32_t Poison = ((CurVals[3] & 0xff) << 24) | ((CurVals[2] & 0xff) << 16) | | 
|  | ((CurVals[1] & 0xff) << 8) | (CurVals[0] & 0xff); | 
|  | if (Poison == 0) | 
|  | continue; | 
|  | auto *PoisonConst = ConstantInteger32::create(Ctx, IceType_i32, Poison); | 
|  | auto *ZeroConst = ConstantInteger32::create(Ctx, IceType_i32, 0); | 
|  | auto *OffsetConst = ConstantInteger32::create(Ctx, IceType_i32, Offset); | 
|  | auto *PoisonAddrVar = Func->makeVariable(IceType_i32); | 
|  | Context.insert(InstArithmetic::create(Func, InstArithmetic::Add, | 
|  | PoisonAddrVar, FirstShadowLocVar, | 
|  | OffsetConst)); | 
|  | Context.insert(InstStore::create(Func, PoisonConst, PoisonAddrVar)); | 
|  | ICE_TLS_GET_FIELD(LocalDtors) | 
|  | ->emplace_back(InstStore::create(Func, ZeroConst, PoisonAddrVar)); | 
|  | } | 
|  | Context.advanceNext(); | 
|  | } | 
|  |  | 
|  | void ASanInstrumentation::instrumentCall(LoweringContext &Context, | 
|  | InstCall *Instr) { | 
|  | auto *CallTarget = | 
|  | llvm::dyn_cast<ConstantRelocatable>(Instr->getCallTarget()); | 
|  | if (CallTarget == nullptr) | 
|  | return; | 
|  |  | 
|  | std::string TargetName = CallTarget->getName().toStringOrEmpty(); | 
|  | auto Subst = FuncSubstitutions.find(TargetName); | 
|  | if (Subst == FuncSubstitutions.end()) | 
|  | return; | 
|  |  | 
|  | std::string SubName = Subst->second; | 
|  | Constant *NewFunc = Ctx->getConstantExternSym(Ctx->getGlobalString(SubName)); | 
|  | auto *NewCall = | 
|  | InstCall::create(Context.getNode()->getCfg(), Instr->getNumArgs(), | 
|  | Instr->getDest(), NewFunc, Instr->isTailcall()); | 
|  | for (SizeT I = 0, Args = Instr->getNumArgs(); I < Args; ++I) | 
|  | NewCall->addArg(Instr->getArg(I)); | 
|  | Context.insert(NewCall); | 
|  | Instr->setDeleted(); | 
|  | } | 
|  |  | 
|  | void ASanInstrumentation::instrumentLoad(LoweringContext &Context, | 
|  | InstLoad *Instr) { | 
|  | Operand *Src = Instr->getSourceAddress(); | 
|  | if (auto *Reloc = llvm::dyn_cast<ConstantRelocatable>(Src)) { | 
|  | auto *NewLoad = InstLoad::create(Context.getNode()->getCfg(), | 
|  | Instr->getDest(), instrumentReloc(Reloc)); | 
|  | Instr->setDeleted(); | 
|  | Context.insert(NewLoad); | 
|  | Instr = NewLoad; | 
|  | } | 
|  | Constant *Func = | 
|  | Ctx->getConstantExternSym(Ctx->getGlobalString("__asan_check_load")); | 
|  | instrumentAccess(Context, Instr->getSourceAddress(), | 
|  | typeWidthInBytes(Instr->getDest()->getType()), Func); | 
|  | } | 
|  |  | 
|  | void ASanInstrumentation::instrumentStore(LoweringContext &Context, | 
|  | InstStore *Instr) { | 
|  | Operand *Data = Instr->getData(); | 
|  | if (auto *Reloc = llvm::dyn_cast<ConstantRelocatable>(Data)) { | 
|  | auto *NewStore = InstStore::create( | 
|  | Context.getNode()->getCfg(), instrumentReloc(Reloc), Instr->getAddr()); | 
|  | Instr->setDeleted(); | 
|  | Context.insert(NewStore); | 
|  | Instr = NewStore; | 
|  | } | 
|  | Constant *Func = | 
|  | Ctx->getConstantExternSym(Ctx->getGlobalString("__asan_check_store")); | 
|  | instrumentAccess(Context, Instr->getAddr(), | 
|  | typeWidthInBytes(Instr->getData()->getType()), Func); | 
|  | } | 
|  |  | 
|  | ConstantRelocatable * | 
|  | ASanInstrumentation::instrumentReloc(ConstantRelocatable *Reloc) { | 
|  | std::string DataName = Reloc->getName().toString(); | 
|  | StringMap::const_iterator DataSub = FuncSubstitutions.find(DataName); | 
|  | if (DataSub != FuncSubstitutions.end()) { | 
|  | return ConstantRelocatable::create( | 
|  | Ctx, Reloc->getType(), | 
|  | RelocatableTuple(Reloc->getOffset(), RelocOffsetArray(0), | 
|  | Ctx->getGlobalString(DataSub->second), | 
|  | Reloc->getEmitString())); | 
|  | } | 
|  | return Reloc; | 
|  | } | 
|  |  | 
|  | void ASanInstrumentation::instrumentAccess(LoweringContext &Context, | 
|  | Operand *Op, SizeT Size, | 
|  | Constant *CheckFunc) { | 
|  | // Skip redundant checks within basic blocks | 
|  | VarSizeMap *Checked = ICE_TLS_GET_FIELD(CheckedVars); | 
|  | if (ICE_TLS_GET_FIELD(CurNode) != Context.getNode()) { | 
|  | ICE_TLS_SET_FIELD(CurNode, Context.getNode()); | 
|  | if (Checked == NULL) { | 
|  | Checked = new VarSizeMap(); | 
|  | ICE_TLS_SET_FIELD(CheckedVars, Checked); | 
|  | } | 
|  | Checked->clear(); | 
|  | } | 
|  | VarSizeMap::iterator PrevCheck = Checked->find(Op); | 
|  | if (PrevCheck != Checked->end() && PrevCheck->second >= Size) | 
|  | return; | 
|  | else | 
|  | Checked->insert({Op, Size}); | 
|  |  | 
|  | // check for known good local access | 
|  | VarSizeMap::iterator LocalSize = ICE_TLS_GET_FIELD(LocalVars)->find(Op); | 
|  | if (LocalSize != ICE_TLS_GET_FIELD(LocalVars)->end() && | 
|  | LocalSize->second >= Size) | 
|  | return; | 
|  | if (isOkGlobalAccess(Op, Size)) | 
|  | return; | 
|  | constexpr SizeT NumArgs = 2; | 
|  | constexpr Variable *Void = nullptr; | 
|  | constexpr bool NoTailCall = false; | 
|  | auto *Call = InstCall::create(Context.getNode()->getCfg(), NumArgs, Void, | 
|  | CheckFunc, NoTailCall); | 
|  | Call->addArg(Op); | 
|  | Call->addArg(ConstantInteger32::create(Ctx, IceType_i32, Size)); | 
|  | // play games to insert the call before the access instruction | 
|  | InstList::iterator Next = Context.getNext(); | 
|  | Context.setInsertPoint(Context.getCur()); | 
|  | Context.insert(Call); | 
|  | Context.setNext(Next); | 
|  | } | 
|  |  | 
|  | // TODO(tlively): Trace back load and store addresses to find their real offsets | 
|  | bool ASanInstrumentation::isOkGlobalAccess(Operand *Op, SizeT Size) { | 
|  | auto *Reloc = llvm::dyn_cast<ConstantRelocatable>(Op); | 
|  | if (Reloc == nullptr) | 
|  | return false; | 
|  | RelocOffsetT Offset = Reloc->getOffset(); | 
|  | GlobalSizeMap::iterator GlobalSize = GlobalSizes.find(Reloc->getName()); | 
|  | return GlobalSize != GlobalSizes.end() && GlobalSize->second - Offset >= Size; | 
|  | } | 
|  |  | 
|  | void ASanInstrumentation::instrumentRet(LoweringContext &Context, InstRet *) { | 
|  | Cfg *Func = Context.getNode()->getCfg(); | 
|  | Context.setInsertPoint(Context.getCur()); | 
|  | for (InstStore *RzUnpoison : *ICE_TLS_GET_FIELD(LocalDtors)) { | 
|  | Context.insert( | 
|  | InstStore::create(Func, RzUnpoison->getData(), RzUnpoison->getAddr())); | 
|  | } | 
|  | Context.advanceCur(); | 
|  | Context.advanceNext(); | 
|  | } | 
|  |  | 
|  | void ASanInstrumentation::instrumentStart(Cfg *Func) { | 
|  | Constant *ShadowMemInit = | 
|  | Ctx->getConstantExternSym(Ctx->getGlobalString("__asan_init")); | 
|  | constexpr SizeT NumArgs = 3; | 
|  | constexpr Variable *Void = nullptr; | 
|  | constexpr bool NoTailCall = false; | 
|  | auto *Call = InstCall::create(Func, NumArgs, Void, ShadowMemInit, NoTailCall); | 
|  | Func->getEntryNode()->getInsts().push_front(Call); | 
|  |  | 
|  | instrumentGlobals(*getGlobals()); | 
|  |  | 
|  | Call->addArg(ConstantInteger32::create(Ctx, IceType_i32, RzGlobalsNum)); | 
|  | Call->addArg(Ctx->getConstantSym(0, Ctx->getGlobalString(RzArrayName))); | 
|  | Call->addArg(Ctx->getConstantSym(0, Ctx->getGlobalString(RzSizesName))); | 
|  | } | 
|  |  | 
|  | // TODO(tlively): make this more efficient with swap idiom | 
|  | void ASanInstrumentation::finishFunc(Cfg *) { | 
|  | ICE_TLS_GET_FIELD(LocalVars)->clear(); | 
|  | ICE_TLS_GET_FIELD(LocalDtors)->clear(); | 
|  | } | 
|  |  | 
|  | } // end of namespace Ice |