From patchwork Fri Dec 9 11:39:24 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Martin_Li=C5=A1ka?= X-Patchwork-Id: 87441 Delivered-To: patch@linaro.org Received: by 10.140.20.101 with SMTP id 92csp258620qgi; Fri, 9 Dec 2016 03:39:58 -0800 (PST) X-Received: by 10.99.159.26 with SMTP id g26mr143372879pge.62.1481283598737; Fri, 09 Dec 2016 03:39:58 -0800 (PST) Return-Path: Received: from sourceware.org (server1.sourceware.org. [209.132.180.131]) by mx.google.com with ESMTPS id r88si33505772pfg.173.2016.12.09.03.39.58 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 09 Dec 2016 03:39:58 -0800 (PST) Received-SPF: pass (google.com: domain of gcc-patches-return-443887-patch=linaro.org@gcc.gnu.org designates 209.132.180.131 as permitted sender) client-ip=209.132.180.131; Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org; spf=pass (google.com: domain of gcc-patches-return-443887-patch=linaro.org@gcc.gnu.org designates 209.132.180.131 as permitted sender) smtp.mailfrom=gcc-patches-return-443887-patch=linaro.org@gcc.gnu.org DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:to:cc :from:subject:message-id:date:mime-version:content-type; q=dns; s=default; b=ON14mWh7Kkm0wYSYgE9rTr1jxaE7d7ckDSgJZssIDNNc0jICAY suerNsRgX753wDFJaLlRm6ky2uoVG9zweCY7A0DJweec0NL2GQUlymJBY6Hf/RqA miWxZ0V0vHzy2aJGLT/nel2gX3DQn8aJXzUfxQu4zoSpCh5LzqCcO7jJ0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:to:cc :from:subject:message-id:date:mime-version:content-type; s= default; bh=CsLwjUIu7vlgsWI1LOS5FoRmQXQ=; b=HJzHqptvZfhC5SRqyc7t pD79YmGqgXRff7Oq+I7wAxBNoddWf5hoeRcPi2CfL8VhL8gX00QYYCto50drFBCC 4kUAYqiXkVtyMJcFWllgurL4DGe9mjHsJbvgk2MOcdNbLNk1o7azD5BtakBTeg6X rtc5RRC42AM2vaxIzdt6pvE= Received: (qmail 12610 invoked by alias); 9 Dec 2016 11:39:41 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 12595 invoked by uid 89); 9 Dec 2016 11:39:41 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00, SPF_PASS autolearn=ham version=3.3.2 spammy=1920, 8124, utilizes, H*MI:d40c X-HELO: mx2.suse.de Received: from mx2.suse.de (HELO mx2.suse.de) (195.135.220.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 09 Dec 2016 11:39:27 +0000 Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 7A62CABC3; Fri, 9 Dec 2016 11:39:24 +0000 (UTC) To: GCC Patches Cc: Jakub Jelinek From: =?UTF-8?Q?Martin_Li=c5=a1ka?= Subject: [RFC][PATCH] Sanopt for use-after-scope ASAN_MARK internal functions Message-ID: Date: Fri, 9 Dec 2016 12:39:24 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 X-IsSubscribed: yes Hello. I've spent quite some time reading sanopt pass and I eventually decided to come up with quite simplified optimization algorithm for ASAN_MARK internal functions. As the most interesting (common) cases are that an ASAN_MARK unpoison is dominated by entry block (where we unpoison all variables). Second interesting situation is ASAN_MARK poison which is not followed by a ASAN_CHECK (in post dominator tree). Both these internal functions can be removed. There are numbers for linux kernel (running for couple of minutes): 20306 expand ASAN_MARK 2892 Removing ASAN_MARK poison 8124 Removing ASAN_MARK unpoison This removes 1/3 of ASAN_MARK internal function call. For tramp3d the situation is not so happy as it massively utilizes C++ temporaries: 34163 expand ASAN_MARK 1920 Removing ASAN_MARK poison 2051 Removing ASAN_MARK unpoison Thoughts? Thanks, Martin >From c91ad7c9fa2406145467c473dc7239479635c9a2 Mon Sep 17 00:00:00 2001 From: marxin Date: Fri, 25 Nov 2016 15:05:33 +0100 Subject: [PATCH] Add sanopt for ASAN_MARK poison and unpoison. --- gcc/sanopt.c | 235 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 234 insertions(+), 1 deletion(-) diff --git a/gcc/sanopt.c b/gcc/sanopt.c index 77307d9..a110db5 100644 --- a/gcc/sanopt.c +++ b/gcc/sanopt.c @@ -162,7 +162,6 @@ struct sanopt_ctx int asan_num_accesses; }; - /* Return true if there might be any call to free/munmap operation on any path in between DOM (which should be imm(BB)) and BB. */ @@ -671,6 +670,237 @@ public: }; // class pass_sanopt +static void +sanitize_asan_mark_unpoison (void) +{ + /* 1) Find all BBs that contain an ASAN_MARK poison call. */ + auto_sbitmap with_poison (last_basic_block_for_fn (cfun) + 1); + bitmap_clear (with_poison); + basic_block bb; + + FOR_EACH_BB_FN (bb, cfun) + { + if (bitmap_bit_p (with_poison, bb->index)) + continue; + + gimple_stmt_iterator gsi; + bool finish = false; + for (gsi = gsi_last_bb (bb); !gsi_end_p (gsi); gsi_prev (&gsi)) + { + gimple *stmt = gsi_stmt (gsi); + if (is_gimple_call (stmt) && gimple_call_internal_p (stmt)) + { + enum internal_fn ifn = gimple_call_internal_fn (stmt); + switch (ifn) + { + case IFN_ASAN_MARK: + { + HOST_WIDE_INT flags = tree_to_shwi (gimple_call_arg (stmt, 0)); + bool is_clobber = (flags & ASAN_MARK_CLOBBER) != 0; + if (is_clobber) + { + bitmap_set_bit (with_poison, bb->index); + finish = true; + } + break; + } + default: + break; + } + } + + if (finish) + break; + } + } + + auto_sbitmap poisoned (last_basic_block_for_fn (cfun) + 1); + bitmap_clear (poisoned); + auto_sbitmap worklist (last_basic_block_for_fn (cfun) + 1); + bitmap_copy (worklist, with_poison); + + /* 2) Propagate the information to all reachable blocks. */ + while (!bitmap_empty_p (worklist)) + { + unsigned i = bitmap_first_set_bit (worklist); + bitmap_clear_bit (worklist, i); + basic_block bb = BASIC_BLOCK_FOR_FN (cfun, i); + gcc_assert (bb); + + edge e; + edge_iterator ei; + FOR_EACH_EDGE (e, ei, bb->succs) + if (!bitmap_bit_p (poisoned, e->dest->index)) + { + bitmap_set_bit (poisoned, e->dest->index); + bitmap_set_bit (worklist, e->dest->index); + } + } + + /* 3) Iterate all BBs not included in POISONED BBs and remove unpoison + ASAN_MARK preceding an ASAN_MARK poison (which can still happen). */ + FOR_EACH_BB_FN (bb, cfun) + { + if (bitmap_bit_p (poisoned, bb->index)) + continue; + + gimple_stmt_iterator gsi; + bool finish = false; + for (gsi = gsi_start_bb (bb); !gsi_end_p (gsi);) + { + bool next = true; + gimple *stmt = gsi_stmt (gsi); + if (is_gimple_call (stmt) && gimple_call_internal_p (stmt)) + { + enum internal_fn ifn = gimple_call_internal_fn (stmt); + switch (ifn) + { + case IFN_ASAN_MARK: + { + HOST_WIDE_INT flags + = tree_to_shwi (gimple_call_arg (stmt, 0)); + bool is_clobber = (flags & ASAN_MARK_CLOBBER) != 0; + if (is_clobber) + finish = true; + else + { + if (dump_file) + fprintf (dump_file, "Removing ASAN_MARK unpoison\n"); + unlink_stmt_vdef (stmt); + gsi_remove (&gsi, true); + next = false; + } + break; + } + default: + break; + } + } + + if (finish) + break; + + if (next) + gsi_next (&gsi); + } + } +} + +static bool +maybe_contains_asan_check (gimple *stmt) +{ + if (is_gimple_call (stmt)) + { + if (gimple_call_internal_p (stmt)) + { + enum internal_fn ifn = gimple_call_internal_fn (stmt); + switch (ifn) + { + case IFN_ASAN_CHECK: + return true; + default: + return false; + } + } + else + return true; + } + else if (is_a (stmt)) + return true; + + return false; +} + +static void +sanitize_asan_mark_poison (void) +{ + /* 1) Find all BBs that possibly contain an ASAN_CHECK. */ + auto_sbitmap with_check (last_basic_block_for_fn (cfun) + 1); + bitmap_clear (with_check); + basic_block bb; + + FOR_EACH_BB_FN (bb, cfun) + { + if (bitmap_bit_p (with_check, bb->index)) + continue; + + gimple_stmt_iterator gsi; + bool finish = false; + for (gsi = gsi_last_bb (bb); !gsi_end_p (gsi); gsi_prev (&gsi)) + { + gimple *stmt = gsi_stmt (gsi); + if (maybe_contains_asan_check (stmt)) + { + bitmap_set_bit (with_check, bb->index); + finish = true; + } + + if (finish) + break; + } + } + + auto_sbitmap can_reach_check (last_basic_block_for_fn (cfun) + 1); + bitmap_clear (can_reach_check); + auto_sbitmap worklist (last_basic_block_for_fn (cfun) + 1); + bitmap_copy (worklist, with_check); + + /* 2) Propagate the information to all definitions blocks. */ + while (!bitmap_empty_p (worklist)) + { + unsigned i = bitmap_first_set_bit (worklist); + bitmap_clear_bit (worklist, i); + basic_block bb = BASIC_BLOCK_FOR_FN (cfun, i); + gcc_assert (bb); + + edge e; + edge_iterator ei; + FOR_EACH_EDGE (e, ei, bb->preds) + if (!bitmap_bit_p (can_reach_check, e->src->index)) + { + bitmap_set_bit (can_reach_check, e->src->index); + bitmap_set_bit (worklist, e->src->index); + } + } + + /* 3) Iterate all BBs not included in CAN_REACH_CHECK BBs and remove poison + ASAN_MARK not followed by a call to function having an ASAN_CHECK. */ + FOR_EACH_BB_FN (bb, cfun) + { + if (bitmap_bit_p (can_reach_check, bb->index)) + continue; + + gimple_stmt_iterator gsi; + bool finish = false; + for (gsi = gsi_last_bb (bb); !gsi_end_p (gsi);) + { + bool prev = true; + gimple *stmt = gsi_stmt (gsi); + if (maybe_contains_asan_check (stmt)) + finish = true; + else if (gimple_call_internal_p (stmt, IFN_ASAN_MARK)) + { + HOST_WIDE_INT flags = tree_to_shwi (gimple_call_arg (stmt, 0)); + bool is_clobber = (flags & ASAN_MARK_CLOBBER) != 0; + if (is_clobber) + { + if (dump_file) + fprintf (dump_file, "Removing ASAN_MARK poison\n"); + unlink_stmt_vdef (stmt); + gsi_remove (&gsi, true); + prev = false; + } + } + + if (finish) + break; + + if (prev) + gsi_prev (&gsi); + } + } +} + unsigned int pass_sanopt::execute (function *fun) { @@ -698,6 +928,9 @@ pass_sanopt::execute (function *fun) bool use_calls = ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD < INT_MAX && asan_num_accesses >= ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD; + sanitize_asan_mark_unpoison (); + sanitize_asan_mark_poison (); + bool need_commit_edge_insert = false; FOR_EACH_BB_FN (bb, fun) { -- 2.10.2