[dfsan] Expose dfsan_get_track_origins to get origin tracking status

This allows application code checks if origin tracking is on before
printing out traces.

-dfsan-track-origins can be 0,1,2.
The

[dfsan] Expose dfsan_get_track_origins to get origin tracking status

This allows application code checks if origin tracking is on before
printing out traces.

-dfsan-track-origins can be 0,1,2.
The current code only distinguishes 1 and 2 in compile time, but not at runtime.
Made runtime distinguish 1 and 2 too.

Reviewed By: browneee

Differential Revision: https://reviews.llvm.org/D105128

show more ...

[DFSan] Change shadow and origin memory layouts to match MSan.

Previously on x86_64:

+--------------------+ 0x800000000000 (top of memory)
| application memory |
+--------------------+ 0x7000

[DFSan] Change shadow and origin memory layouts to match MSan.

Previously on x86_64:

+--------------------+ 0x800000000000 (top of memory)
| application memory |
+--------------------+ 0x700000008000 (kAppAddr)
| |
| unused |
| |
+--------------------+ 0x300000000000 (kUnusedAddr)
| origin |
+--------------------+ 0x200000008000 (kOriginAddr)
| unused |
+--------------------+ 0x200000000000
| shadow memory |
+--------------------+ 0x100000008000 (kShadowAddr)
| unused |
+--------------------+ 0x000000010000
| reserved by kernel |
+--------------------+ 0x000000000000

MEM_TO_SHADOW(mem) = mem & ~0x600000000000
SHADOW_TO_ORIGIN(shadow) = kOriginAddr - kShadowAddr + shadow

Now for x86_64:

+--------------------+ 0x800000000000 (top of memory)
| application 3 |
+--------------------+ 0x700000000000
| invalid |
+--------------------+ 0x610000000000
| origin 1 |
+--------------------+ 0x600000000000
| application 2 |
+--------------------+ 0x510000000000
| shadow 1 |
+--------------------+ 0x500000000000
| invalid |
+--------------------+ 0x400000000000
| origin 3 |
+--------------------+ 0x300000000000
| shadow 3 |
+--------------------+ 0x200000000000
| origin 2 |
+--------------------+ 0x110000000000
| invalid |
+--------------------+ 0x100000000000
| shadow 2 |
+--------------------+ 0x010000000000
| application 1 |
+--------------------+ 0x000000000000

MEM_TO_SHADOW(mem) = mem ^ 0x500000000000
SHADOW_TO_ORIGIN(shadow) = shadow + 0x100000000000

Reviewed By: stephan.yichao.zhao, gbalats

Differential Revision: https://reviews.llvm.org/D104896

show more ...

[DFSan] Cleanup code for platforms other than Linux x86_64.

These other platforms are unsupported and untested.
They could be re-added later based on MSan code.

Reviewed By: gbalats, stephan.yichao

[DFSan] Cleanup code for platforms other than Linux x86_64.

These other platforms are unsupported and untested.
They could be re-added later based on MSan code.

Reviewed By: gbalats, stephan.yichao.zhao

Differential Revision: https://reviews.llvm.org/D104481

show more ...

[dfsan] Replace dfs$ prefix with .dfsan suffix

The current naming scheme adds the `dfs$` prefix to all
DFSan-instrumented functions. This breaks mangling and prevents stack
trace printers and other

[dfsan] Replace dfs$ prefix with .dfsan suffix

The current naming scheme adds the `dfs$` prefix to all
DFSan-instrumented functions. This breaks mangling and prevents stack
trace printers and other tools from automatically demangling function
names.

This new naming scheme is mangling-compatible, with the `.dfsan`
suffix being a vendor-specific suffix:
https://itanium-cxx-abi.github.io/cxx-abi/abi.html#mangling-structure

With this fix, demangling utils would work out-of-the-box.

Reviewed By: stephan.yichao.zhao

Differential Revision: https://reviews.llvm.org/D104494

show more ...

[dfsan] Add full fast8 support

Complete support for fast8:
- amend shadow size and mapping in runtime
- remove fast16 mode and -dfsan-fast-16-labels flag
- remove legacy mode and make fast8 mode the

[dfsan] Add full fast8 support

Complete support for fast8:
- amend shadow size and mapping in runtime
- remove fast16 mode and -dfsan-fast-16-labels flag
- remove legacy mode and make fast8 mode the default
- remove dfsan-fast-8-labels flag
- remove functions in dfsan interface only applicable to legacy
- remove legacy-related instrumentation code and tests
- update documentation.

Reviewed By: stephan.yichao.zhao, browneee

Differential Revision: https://reviews.llvm.org/D103745

show more ...

[dfsan] Track origin at loads

The first version of origin tracking tracks only memory stores. Although
this is sufficient for understanding correct flows, it is hard to figure
out where

[dfsan] Track origin at loads

The first version of origin tracking tracks only memory stores. Although
this is sufficient for understanding correct flows, it is hard to figure
out where an undefined value is read from. To find reading undefined values,
we still have to do a reverse binary search from the last store in the chain
with printing and logging at possible code paths. This is
quite inefficient.

Tracking memory load instructions can help this case. The main issues of
tracking loads are performance and code size overheads.

With tracking only stores, the code size overhead is 38%,
memory overhead is 1x, and cpu overhead is 3x. In practice #load is much
larger than #store, so both code size and cpu overhead increases. The
first blocker is code size overhead: link fails if we inline tracking
loads. The workaround is using external function calls to propagate
metadata. This is also the workaround ASan uses. The cpu overhead
is ~10x. This is a trade off between debuggability and performance,
and will be used only when debugging cases that tracking only stores
is not enough.

Reviewed By: gbalats

Differential Revision: https://reviews.llvm.org/D100967

show more ...

[dfsan] Enable origin tracking with fast8 mode

All related instrumentation tests have been updated.

Reviewed By: stephan.yichao.zhao

Differential Revision: https://reviews.llvm.org/D100903

[dfsan] Add -dfsan-fast-8-labels flag

This is only adding support to the dfsan instrumentation pass but not
to the runtime.

Added more RUN lines for testing: for each instrumentation test that
had

[dfsan] Add -dfsan-fast-8-labels flag

This is only adding support to the dfsan instrumentation pass but not
to the runtime.

Added more RUN lines for testing: for each instrumentation test that
had a -dfsan-fast-16-labels invocation, a new invocation was added
using fast8.

Reviewed By: stephan.yichao.zhao

Differential Revision: https://reviews.llvm.org/D98734

show more ...

[dfsan] Propagate origin tracking at store

This is a part of https://reviews.llvm.org/D95835.

Reviewed By: morehouse, gbalats

Differential Revision: https://reviews.llvm.org/D97789

[dfsan] Record dfsan metadata in globals

This will allow identifying exactly how many shadow bytes were used
during compilation, for when fast8 mode is introduced.

Also, it will provide a consisten

[dfsan] Record dfsan metadata in globals

This will allow identifying exactly how many shadow bytes were used
during compilation, for when fast8 mode is introduced.

Also, it will provide a consistent matching point for instrumentation
tests so that the exact llvm type used (i8 or i16) for the shadow can
be replaced by a pattern substitution. This is handy for tests with
multiple prefixes.

Reviewed by: stephan.yichao.zhao, morehouse

Differential Revision: https://reviews.llvm.org/D97409

show more ...

[dfsan] Update memset and dfsan_(set|add)_label with origin tracking

This is a part of https://reviews.llvm.org/D95835.

Reviewed-by: morehouse

Differential Revision: https://reviews.llvm.org/D97302

[dfsan] Instrument origin variable and function definitions

This is a part of https://reviews.llvm.org/D95835.

Reviewed-by: morehouse, gbalats

Differential Revision: https://reviews.llvm.org/D96977