From patchwork Tue Dec 13 15:21:56 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Martin_Li=C5=A1ka?= X-Patchwork-Id: 87902 Delivered-To: patch@linaro.org Received: by 10.140.20.101 with SMTP id 92csp2259275qgi; Tue, 13 Dec 2016 07:22:26 -0800 (PST) X-Received: by 10.84.202.163 with SMTP id x32mr35047901pld.46.1481642546203; Tue, 13 Dec 2016 07:22:26 -0800 (PST) Return-Path: Received: from sourceware.org (server1.sourceware.org. [209.132.180.131]) by mx.google.com with ESMTPS id 89si48351013plc.155.2016.12.13.07.22.25 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Dec 2016 07:22:26 -0800 (PST) Received-SPF: pass (google.com: domain of gcc-patches-return-444311-patch=linaro.org@gcc.gnu.org designates 209.132.180.131 as permitted sender) client-ip=209.132.180.131; Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org; spf=pass (google.com: domain of gcc-patches-return-444311-patch=linaro.org@gcc.gnu.org designates 209.132.180.131 as permitted sender) smtp.mailfrom=gcc-patches-return-444311-patch=linaro.org@gcc.gnu.org DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :subject:to:references:cc:message-id:date:mime-version :in-reply-to:content-type; q=dns; s=default; b=E6+KfdzyHNe+Tgu8D VzPguMlN5mOLeVONWxTdDUUd1W7+TwMIpi7Kp/vQDrFaTaXLk4dffKmJZe4d1lZ0 aS9+prVXcZbaF69a+LoUDKZh7bYx/Z/yPGW/0BFyrhf5hNx4z80kOUlWBewhQ+2X 4Mh3PPfSlf+6J7WawbFrTjVJBs= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :subject:to:references:cc:message-id:date:mime-version :in-reply-to:content-type; s=default; bh=xMUnW9STf1Fm17pP59t5Lo9 BZP8=; b=teCC8WO4TqIqYQl4a40ycY7aUmH6qOTgweO53o/ii3koV7DW0ZmEc1H KdrBQK4LaUzYH3mObyGnytAnA3F6viYXC1fLjmuFIMnrjhIaHKji4vNQVzVx+vnA 32C48K1/LqchsUeXmHKal5ABWIXnM3PqVEynyiT4h0tw61WTsJmY= Received: (qmail 97526 invoked by alias); 13 Dec 2016 15:22:10 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 94844 invoked by uid 89); 13 Dec 2016 15:22:09 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00, SPF_PASS autolearn=ham version=3.3.2 spammy=H*M:3307, statements X-HELO: mx2.suse.de Received: from mx2.suse.de (HELO mx2.suse.de) (195.135.220.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 13 Dec 2016 15:21:59 +0000 Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id C8764ABD1; Tue, 13 Dec 2016 15:21:56 +0000 (UTC) From: =?UTF-8?Q?Martin_Li=c5=a1ka?= Subject: Re: [RFC][PATCH] Sanopt for use-after-scope ASAN_MARK internal functions To: Jakub Jelinek References: <20161209115625.GZ3541@tucnak.redhat.com> <2d344fe0-39d8-886d-ca8a-3ce732f6065f@suse.cz> <20161213091753.GJ3541@tucnak.redhat.com> <5ea79c11-5164-e496-5d1b-801510c9c543@suse.cz> <20161213122930.GS3541@tucnak.redhat.com> Cc: GCC Patches Message-ID: <49290977-3307-8f4d-f903-1ec4259bde00@suse.cz> Date: Tue, 13 Dec 2016 16:21:56 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: <20161213122930.GS3541@tucnak.redhat.com> X-IsSubscribed: yes On 12/13/2016 01:29 PM, Jakub Jelinek wrote: > On Tue, Dec 13, 2016 at 01:12:34PM +0100, Martin Liška wrote: >>>> + gimple_stmt_iterator gsi; >>>> + bool finish = false; >>>> + for (gsi = gsi_last_bb (bb); !gsi_end_p (gsi); gsi_prev (&gsi)) >>>> + { >>>> + gimple *stmt = gsi_stmt (gsi); >>>> + if (maybe_contains_asan_check (stmt)) >>>> + { >>>> + bitmap_set_bit (with_check, bb->index); >>>> + finish = true; >>> >>> Why the finish var and separate if (finish) break; ? Perhaps from the first >>> iteration when you used a switch? Just doing break; should be enough. >> >> Well, I verified that even the first iteration (of patch) needed if(finish) break; >> as I need to jump to next iteration of FOR_EACH_BB_FN (bb, cfun). > > I fail to see functional difference between > for (...) > { > ... > bool finish = false; > for (...) > { > ... > if (...) > { > ... > finish = true; > } > if (finish) > break; > } > } > and > for (...) > { > ... > for (...) > { > ... > if (...) > { > ... > break; > } > } > } > just the latter is not obfuscated. The break is in both cases in the same > for loop. Sorry for that, I really overlooked that. It was obfuscated. > >>> Don't you need also release_defs (stmt); here (and in the other gsi_remove >>> spot)? >> >> As I remove only internal function calls that do not define a SSA name then not: >> ASAN_MARK (UNPOISON, &my_char, 1); >> ASAN_MARK (POISON, &my_char, 1); > > If they have a vdef, then I believe they do define a SSA name (the vdef). > I think unlink_stmt_vdef does not release the vdef SSA_NAME if any. Yep, fixed in the patch. Patch can bootstrap on ppc64le-redhat-linux and survives regression tests. Martin > > Jakub > >From e313f08405ef7bb6597df64773348a3d04b3ab4e Mon Sep 17 00:00:00 2001 From: marxin Date: Mon, 12 Dec 2016 15:22:05 +0100 Subject: [PATCH] Add sanopt for ASAN_MARK poison and unpoison. gcc/ChangeLog: 2016-12-12 Martin Liska * sanopt.c (sanopt_optimize_walker): Set contains_asan_mark. (sanopt_optimize): Add new argument. (sanitize_asan_mark_unpoison): New function. (maybe_contains_asan_check): Likewise. (sanitize_asan_mark_poison): Likewise. (pass_sanopt::execute): Call the new functions. --- gcc/sanopt.c | 206 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 202 insertions(+), 4 deletions(-) diff --git a/gcc/sanopt.c b/gcc/sanopt.c index 320e14e9421..7fe8d32e39a 100644 --- a/gcc/sanopt.c +++ b/gcc/sanopt.c @@ -24,6 +24,7 @@ along with GCC; see the file COPYING3. If not see #include "backend.h" #include "tree.h" #include "gimple.h" +#include "ssa.h" #include "tree-pass.h" #include "tree-ssa-operands.h" #include "gimple-pretty-print.h" @@ -37,7 +38,6 @@ along with GCC; see the file COPYING3. If not see #include "tree-phinodes.h" #include "ssa-iterators.h" - /* This is used to carry information about basic blocks. It is attached to the AUX field of the standard CFG block. */ @@ -160,8 +160,10 @@ struct sanopt_ctx /* Number of IFN_ASAN_CHECK statements. */ int asan_num_accesses; -}; + /* True when the current functions constains an ASAN_MARK. */ + bool contains_asan_mark; +}; /* Return true if there might be any call to free/munmap operation on any path in between DOM (which should be imm(BB)) and BB. */ @@ -582,6 +584,9 @@ sanopt_optimize_walker (basic_block bb, struct sanopt_ctx *ctx) if (!remove) ctx->asan_num_accesses++; break; + case IFN_ASAN_MARK: + ctx->contains_asan_mark = true; + break; default: break; } @@ -620,10 +625,11 @@ sanopt_optimize_walker (basic_block bb, struct sanopt_ctx *ctx) /* Try to remove redundant sanitizer checks in function FUN. */ static int -sanopt_optimize (function *fun) +sanopt_optimize (function *fun, bool *contains_asan_mark) { struct sanopt_ctx ctx; ctx.asan_num_accesses = 0; + ctx.contains_asan_mark = false; /* Set up block info for each basic block. */ alloc_aux_for_blocks (sizeof (sanopt_info)); @@ -638,6 +644,7 @@ sanopt_optimize (function *fun) free_aux_for_blocks (); + *contains_asan_mark = ctx.contains_asan_mark; return ctx.asan_num_accesses; } @@ -671,18 +678,201 @@ public: }; // class pass_sanopt +/* Sanitize all ASAN_MARK unpoison calls that are not reachable by a BB + that contains an ASAN_MARK poison. All these ASAN_MARK unpoison call + can be removed as all variables are unpoisoned in a function prologue. */ + +static void +sanitize_asan_mark_unpoison (void) +{ + /* 1) Find all BBs that contain an ASAN_MARK poison call. */ + auto_sbitmap with_poison (last_basic_block_for_fn (cfun) + 1); + bitmap_clear (with_poison); + basic_block bb; + + FOR_EACH_BB_FN (bb, cfun) + { + if (bitmap_bit_p (with_poison, bb->index)) + continue; + + gimple_stmt_iterator gsi; + for (gsi = gsi_last_bb (bb); !gsi_end_p (gsi); gsi_prev (&gsi)) + { + gimple *stmt = gsi_stmt (gsi); + if (asan_mark_p (stmt, ASAN_MARK_POISON)) + { + bitmap_set_bit (with_poison, bb->index); + break; + } + } + } + + auto_sbitmap poisoned (last_basic_block_for_fn (cfun) + 1); + bitmap_clear (poisoned); + auto_sbitmap worklist (last_basic_block_for_fn (cfun) + 1); + bitmap_copy (worklist, with_poison); + + /* 2) Propagate the information to all reachable blocks. */ + while (!bitmap_empty_p (worklist)) + { + unsigned i = bitmap_first_set_bit (worklist); + bitmap_clear_bit (worklist, i); + basic_block bb = BASIC_BLOCK_FOR_FN (cfun, i); + gcc_assert (bb); + + edge e; + edge_iterator ei; + FOR_EACH_EDGE (e, ei, bb->succs) + if (!bitmap_bit_p (poisoned, e->dest->index)) + { + bitmap_set_bit (poisoned, e->dest->index); + bitmap_set_bit (worklist, e->dest->index); + } + } + + /* 3) Iterate all BBs not included in POISONED BBs and remove unpoison + ASAN_MARK preceding an ASAN_MARK poison (which can still happen). */ + FOR_EACH_BB_FN (bb, cfun) + { + if (bitmap_bit_p (poisoned, bb->index)) + continue; + + gimple_stmt_iterator gsi; + for (gsi = gsi_start_bb (bb); !gsi_end_p (gsi);) + { + bool next = true; + gimple *stmt = gsi_stmt (gsi); + if (gimple_call_internal_p (stmt, IFN_ASAN_MARK)) + { + if (asan_mark_p (stmt, ASAN_MARK_POISON)) + break; + else + { + if (dump_file) + fprintf (dump_file, "Removing ASAN_MARK unpoison\n"); + unlink_stmt_vdef (stmt); + release_defs (stmt); + gsi_remove (&gsi, true); + next = false; + } + } + + if (next) + gsi_next (&gsi); + } + } +} + +/* Return true when STMT is either ASAN_CHECK call or a call of a function + that can contain an ASAN_CHECK. */ + +static bool +maybe_contains_asan_check (gimple *stmt) +{ + if (is_gimple_call (stmt)) + { + if (gimple_call_internal_p (stmt, IFN_ASAN_MARK)) + return false; + else + return !(gimple_call_flags (stmt) & ECF_CONST); + } + else if (is_a (stmt)) + return true; + + return false; +} + +/* Sanitize all ASAN_MARK poison calls that are not followed by an ASAN_CHECK + call. These calls can be removed. */ + +static void +sanitize_asan_mark_poison (void) +{ + /* 1) Find all BBs that possibly contain an ASAN_CHECK. */ + auto_sbitmap with_check (last_basic_block_for_fn (cfun) + 1); + bitmap_clear (with_check); + basic_block bb; + + FOR_EACH_BB_FN (bb, cfun) + { + gimple_stmt_iterator gsi; + for (gsi = gsi_last_bb (bb); !gsi_end_p (gsi); gsi_prev (&gsi)) + { + gimple *stmt = gsi_stmt (gsi); + if (maybe_contains_asan_check (stmt)) + { + bitmap_set_bit (with_check, bb->index); + break; + } + } + } + + auto_sbitmap can_reach_check (last_basic_block_for_fn (cfun) + 1); + bitmap_clear (can_reach_check); + auto_sbitmap worklist (last_basic_block_for_fn (cfun) + 1); + bitmap_copy (worklist, with_check); + + /* 2) Propagate the information to all definitions blocks. */ + while (!bitmap_empty_p (worklist)) + { + unsigned i = bitmap_first_set_bit (worklist); + bitmap_clear_bit (worklist, i); + basic_block bb = BASIC_BLOCK_FOR_FN (cfun, i); + gcc_assert (bb); + + edge e; + edge_iterator ei; + FOR_EACH_EDGE (e, ei, bb->preds) + if (!bitmap_bit_p (can_reach_check, e->src->index)) + { + bitmap_set_bit (can_reach_check, e->src->index); + bitmap_set_bit (worklist, e->src->index); + } + } + + /* 3) Iterate all BBs not included in CAN_REACH_CHECK BBs and remove poison + ASAN_MARK not followed by a call to function having an ASAN_CHECK. */ + FOR_EACH_BB_FN (bb, cfun) + { + if (bitmap_bit_p (can_reach_check, bb->index)) + continue; + + gimple_stmt_iterator gsi; + for (gsi = gsi_last_bb (bb); !gsi_end_p (gsi);) + { + bool prev = true; + gimple *stmt = gsi_stmt (gsi); + if (maybe_contains_asan_check (stmt)) + break; + else if (asan_mark_p (stmt, ASAN_MARK_POISON)) + { + if (dump_file) + fprintf (dump_file, "Removing ASAN_MARK poison\n"); + unlink_stmt_vdef (stmt); + release_defs (stmt); + gsi_remove (&gsi, true); + prev = false; + } + + if (prev) + gsi_prev (&gsi); + } + } +} + unsigned int pass_sanopt::execute (function *fun) { basic_block bb; int asan_num_accesses = 0; + bool contains_asan_mark = false; /* Try to remove redundant checks. */ if (optimize && (flag_sanitize & (SANITIZE_NULL | SANITIZE_ALIGNMENT | SANITIZE_ADDRESS | SANITIZE_VPTR))) - asan_num_accesses = sanopt_optimize (fun); + asan_num_accesses = sanopt_optimize (fun, &contains_asan_mark); else if (flag_sanitize & SANITIZE_ADDRESS) { gimple_stmt_iterator gsi; @@ -692,9 +882,17 @@ pass_sanopt::execute (function *fun) gimple *stmt = gsi_stmt (gsi); if (gimple_call_internal_p (stmt, IFN_ASAN_CHECK)) ++asan_num_accesses; + else if (gimple_call_internal_p (stmt, IFN_ASAN_MARK)) + contains_asan_mark = true; } } + if (contains_asan_mark) + { + sanitize_asan_mark_unpoison (); + sanitize_asan_mark_poison (); + } + bool use_calls = ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD < INT_MAX && asan_num_accesses >= ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD; -- 2.11.0