Chromium Code Reviews Chromium Code Reviews
Issue 2128643002:
Fixed instruction corruption bug for multiple returns. (Closed)
Base URL: https://chromium.googlesource.com/native_client/pnacl-subzero.git@master| OLD | NEW |
|---|---|
| 1 //===- subzero/src/IceASanInstrumentation.cpp - ASan ------------*- C++ -*-===// | 1 //===- subzero/src/IceASanInstrumentation.cpp - ASan ------------*- C++ -*-===// |
| 2 // | 2 // |
| 3 // The Subzero Code Generator | 3 // The Subzero Code Generator |
| 4 // | 4 // |
| 5 // This file is distributed under the University of Illinois Open Source | 5 // This file is distributed under the University of Illinois Open Source |
| 6 // License. See LICENSE.TXT for details. | 6 // License. See LICENSE.TXT for details. |
| 7 // | 7 // |
| 8 //===----------------------------------------------------------------------===// | 8 //===----------------------------------------------------------------------===// |
| 9 /// | 9 /// |
| 10 /// \file | 10 /// \file |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 57 | 57 |
| 58 ICE_TLS_DEFINE_FIELD(std::vector<InstCall *> *, ASanInstrumentation, | 58 ICE_TLS_DEFINE_FIELD(std::vector<InstCall *> *, ASanInstrumentation, |
| 59 LocalDtors); | 59 LocalDtors); |
| 60 | 60 |
| 61 // Create redzones around all global variables, ensuring that the initializer | 61 // Create redzones around all global variables, ensuring that the initializer |
| 62 // types of the redzones and their associated globals match so that they are | 62 // types of the redzones and their associated globals match so that they are |
| 63 // laid out together in memory. | 63 // laid out together in memory. |
| 64 void ASanInstrumentation::instrumentGlobals(VariableDeclarationList &Globals) { | 64 void ASanInstrumentation::instrumentGlobals(VariableDeclarationList &Globals) { |
| 65 if (DidProcessGlobals) | 65 if (DidProcessGlobals) |
| 66 return; | 66 return; |
| 67 | |
| 68 VariableDeclarationList NewGlobals; | 67 VariableDeclarationList NewGlobals; |
| 69 // Global holding pointers to all redzones | 68 // Global holding pointers to all redzones |
| 70 auto *RzArray = VariableDeclaration::create(&NewGlobals); | 69 auto *RzArray = VariableDeclaration::create(&NewGlobals); |
| 71 // Global holding sizes of all redzones | 70 // Global holding sizes of all redzones |
| 72 auto *RzSizes = VariableDeclaration::create(&NewGlobals); | 71 auto *RzSizes = VariableDeclaration::create(&NewGlobals); |
| 73 | 72 |
| 74 RzArray->setName(Ctx, RzArrayName); | 73 RzArray->setName(Ctx, RzArrayName); |
| 75 RzSizes->setName(Ctx, RzSizesName); | 74 RzSizes->setName(Ctx, RzSizesName); |
| 76 RzArray->setIsConstant(true); | 75 RzArray->setIsConstant(true); |
| 77 RzSizes->setIsConstant(true); | 76 RzSizes->setIsConstant(true); |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 140 std::stringstream Name; | 139 std::stringstream Name; |
| 141 Name << RzPrefix << RzNum++; | 140 Name << RzPrefix << RzNum++; |
| 142 return Name.str(); | 141 return Name.str(); |
| 143 } | 142 } |
| 144 | 143 |
| 145 // Check for an alloca signaling the presence of local variables and add a | 144 // Check for an alloca signaling the presence of local variables and add a |
| 146 // redzone if it is found | 145 // redzone if it is found |
| 147 void ASanInstrumentation::instrumentFuncStart(LoweringContext &Context) { | 146 void ASanInstrumentation::instrumentFuncStart(LoweringContext &Context) { |
| 148 if (ICE_TLS_GET_FIELD(LocalDtors) == nullptr) | 147 if (ICE_TLS_GET_FIELD(LocalDtors) == nullptr) |
| 149 ICE_TLS_SET_FIELD(LocalDtors, new std::vector<InstCall *>()); | 148 ICE_TLS_SET_FIELD(LocalDtors, new std::vector<InstCall *>()); |
| 150 | |
| 151 Cfg *Func = Context.getNode()->getCfg(); | 149 Cfg *Func = Context.getNode()->getCfg(); |
| 152 bool HasLocals = false; | 150 bool HasLocals = false; |
| 153 LoweringContext C; | 151 LoweringContext C; |
| 154 C.init(Context.getNode()); | 152 C.init(Context.getNode()); |
| 155 std::vector<Inst *> Initializations; | 153 std::vector<Inst *> Initializations; |
| 156 Constant *InitFunc = | 154 Constant *InitFunc = |
| 157 Ctx->getConstantExternSym(Ctx->getGlobalString("__asan_poison")); | 155 Ctx->getConstantExternSym(Ctx->getGlobalString("__asan_poison")); |
| 158 Constant *DestroyFunc = | 156 Constant *DestroyFunc = |
| 159 Ctx->getConstantExternSym(Ctx->getGlobalString("__asan_unpoison")); | 157 Ctx->getConstantExternSym(Ctx->getGlobalString("__asan_unpoison")); |
| 160 | 158 |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 287 Call->addArg(Op); | 285 Call->addArg(Op); |
| 288 Call->addArg(ConstantInteger32::create(Ctx, IceType_i32, Size)); | 286 Call->addArg(ConstantInteger32::create(Ctx, IceType_i32, Size)); |
| 289 // play games to insert the call before the access instruction | 287 // play games to insert the call before the access instruction |
| 290 InstList::iterator Next = Context.getNext(); | 288 InstList::iterator Next = Context.getNext(); |
| 291 Context.setInsertPoint(Context.getCur()); | 289 Context.setInsertPoint(Context.getCur()); |
| 292 Context.insert(Call); | 290 Context.insert(Call); |
| 293 Context.setNext(Next); | 291 Context.setNext(Next); |
| 294 } | 292 } |
| 295 | 293 |
| 296 void ASanInstrumentation::instrumentRet(LoweringContext &Context, InstRet *) { | 294 void ASanInstrumentation::instrumentRet(LoweringContext &Context, InstRet *) { |
| 295 Cfg *Func = Context.getNode()->getCfg(); | |
| 297 InstList::iterator Next = Context.getNext(); | 296 InstList::iterator Next = Context.getNext(); |
| 298 Context.setInsertPoint(Context.getCur()); | 297 Context.setInsertPoint(Context.getCur()); |
| 299 for (InstCall *RzUnpoison : *ICE_TLS_GET_FIELD(LocalDtors)) { | 298 for (InstCall *RzUnpoison : *ICE_TLS_GET_FIELD(LocalDtors)) { |
| 300 Context.insert(RzUnpoison); | 299 SizeT NumArgs = RzUnpoison->getNumArgs(); |
| 300 Variable *Dest = RzUnpoison->getDest(); | |
| 301 Operand *CallTarget = RzUnpoison->getCallTarget(); | |
| 302 bool HasTailCall = RzUnpoison->isTailcall(); | |
| 303 bool IsTargetHelperCall = RzUnpoison->isTargetHelperCall(); | |
| 304 auto *RzUnpoisonCpy = InstCall::create(Func, NumArgs, Dest, CallTarget, | |
| 305 HasTailCall, IsTargetHelperCall); | |
|
tlively
2016/07/06 19:47:05
Since Insts are linked list nodes, they cannot be
| |
| 306 for (int I = 0, Args = RzUnpoison->getNumArgs(); I < Args; ++I) { | |
| 307 RzUnpoisonCpy->addArg(RzUnpoison->getArg(I)); | |
| 308 } | |
| 309 Context.insert(RzUnpoisonCpy); | |
| 301 } | 310 } |
| 302 Context.setNext(Next); | 311 Context.setNext(Next); |
| 303 } | 312 } |
| 304 | 313 |
| 305 void ASanInstrumentation::instrumentStart(Cfg *Func) { | 314 void ASanInstrumentation::instrumentStart(Cfg *Func) { |
| 306 Constant *ShadowMemInit = | 315 Constant *ShadowMemInit = |
| 307 Ctx->getConstantExternSym(Ctx->getGlobalString("__asan_init")); | 316 Ctx->getConstantExternSym(Ctx->getGlobalString("__asan_init")); |
| 308 constexpr SizeT NumArgs = 3; | 317 constexpr SizeT NumArgs = 3; |
| 309 constexpr Variable *Void = nullptr; | 318 constexpr Variable *Void = nullptr; |
| 310 constexpr bool NoTailCall = false; | 319 constexpr bool NoTailCall = false; |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 323 Call->addArg(Ctx->getConstantSym(0, Ctx->getGlobalString(RzSizesName))); | 332 Call->addArg(Ctx->getConstantSym(0, Ctx->getGlobalString(RzSizesName))); |
| 324 } | 333 } |
| 325 | 334 |
| 326 // TODO(tlively): make this more efficient with swap idiom | 335 // TODO(tlively): make this more efficient with swap idiom |
| 327 void ASanInstrumentation::finishFunc(Cfg *Func) { | 336 void ASanInstrumentation::finishFunc(Cfg *Func) { |
| 328 (void)Func; | 337 (void)Func; |
| 329 ICE_TLS_GET_FIELD(LocalDtors)->clear(); | 338 ICE_TLS_GET_FIELD(LocalDtors)->clear(); |
| 330 } | 339 } |
| 331 | 340 |
| 332 } // end of namespace Ice | 341 } // end of namespace Ice |
| OLD | NEW |
