Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
On Wed, Jun 11, 2014 at 04:53:32PM +0400, Yury Gribov wrote: On 06/11/2014 01:31 PM, Jakub Jelinek wrote: The plan (we had already for 4.9, but didn't get to that yet) is in the end not to lower the checks in asan pass that much, and lower it in sanopt pass later on after performing some inter-bb optimizations. ... The reason for the plan is that it will be easier in the sanopt pass to try to remove redundant instrumentation, e.g. when dominator bb already checks a particular address/length and no calls that could change the validity of the checks happen between the dominator bb and the dominated __asan_load/storeX. Sounds great, should help get rid of many useless checks. Do you guys need a hand with this? That would be appreciated. Like this? -Y 2014-06-11 Yury Gribov y.gri...@samsung.com New asan-instrumentation-with-call-threshold parameter. Ok, thanks. Jakub
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
On 06/16/2014 12:23 PM, Jakub Jelinek wrote: 2014-06-11 Yury Gribov y.gri...@samsung.com New asan-instrumentation-with-call-threshold parameter. Ok, thanks. Done in r211699.
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
Done in r211699. This breaks bootstrap on x86_64-apple-darwin13: /opt/gcc/build_w/./prev-gcc/xg++ -B/opt/gcc/build_w/./prev-gcc/ -B/opt/gcc/gcc4.10w/x86_64-apple-darwin13.2.0/bin/ -nostdinc++ -B/opt/gcc/build_w/prev-x86_64-apple-darwin13.2.0/libstdc++-v3/src/.libs -B/opt/gcc/build_w/prev-x86_64-apple-darwin13.2.0/libstdc++-v3/libsupc++/.libs -I/opt/gcc/build_w/prev-x86_64-apple-darwin13.2.0/libstdc++-v3/include/x86_64-apple-darwin13.2.0 -I/opt/gcc/build_w/prev-x86_64-apple-darwin13.2.0/libstdc++-v3/include -I/opt/gcc/work/libstdc++-v3/libsupc++ -L/opt/gcc/build_w/prev-x86_64-apple-darwin13.2.0/libstdc++-v3/src/.libs -L/opt/gcc/build_w/prev-x86_64-apple-darwin13.2.0/libstdc++-v3/libsupc++/.libs -c -g -O2 -gtoggle -DIN_GCC-fno-exceptions -fno-rtti -fasynchronous-unwind-tables -W -Wall -Wno-narrowing -Wwrite-strings -Wcast-qual -Wmissing-format-attribute -Woverloaded-virtual -pedantic -Wno-long-long -Wno-variadic-macros -Wno-overlength-strings -Werror -fno-common -DHAVE_CONFIG_H -I. -I. -I../../work/gcc -I../../work/gcc/. -I../../work/gcc/../include -I./../intl -I../../work/gcc/../libcpp/include -I/opt/mp/include -I../../work/gcc/../libdecnumber -I../../work/gcc/../libdecnumber/dpd -I../libdecnumber -I../../work/gcc/../libbacktrace -DCLOOG_INT_GMP -I/opt/mp/include -o asan.o -MT asan.o -MMD -MP -MF ./.deps/asan.TPo ../../work/gcc/asan.c ../../work/gcc/asan.c: In function 'void build_check_stmt(location_t, tree, tree, long long int, gimple_stmt_iterator*, bool, bool, bool, bool, unsigned int, bool, bool)': ../../work/gcc/asan.c:1810:34: error: 't' may be used uninitialized in this function [-Werror=maybe-uninitialized] gimple_seq_last (seq))); ^ cc1plus: all warnings being treated as errors TIA Dominique
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
On 06/16/2014 02:34 PM, Dominique Dhumieres wrote:
Done in r211699.
This breaks bootstrap on x86_64-apple-darwin13:
Hm, perhaps I didn't run full bootstrap after last round of review.
Does attached patch solve the problem for you? I've started bootstrap
but it'll take couple of hours to complete.
-Y
diff --git a/gcc/asan.c b/gcc/asan.c
index 19e1524..281a795 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -1636,6 +1636,13 @@ build_check_stmt (location_t location, tree base, tree len,
gcc_assert (!(size_in_bytes 0 !non_zero_len_p));
+ if (start_instrumented end_instrumented)
+{
+ if (!before_p)
+gsi_next (iter);
+ return;
+}
+
if (len)
len = unshare_expr (len);
else
@@ -1735,7 +1742,7 @@ build_check_stmt (location_t location, tree base, tree len,
gsi_insert_after (gsi, g, GSI_NEW_STMT);
tree base_addr = gimple_assign_lhs (g);
- tree t;
+ tree t = NULL_TREE;
if (real_size_in_bytes = 8)
{
tree shadow = build_shadow_mem_access (gsi, location, base_addr,
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
I have done the change to tree t = NULL_TREE; then bootstrap fails with Bootstrap comparison failure! gcc/plugin.o differs gcc/toplev.o differs I'll try your full patch later (currently bootstrapping r211698). Thanks, Dominique
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
On 06/16/2014 04:52 PM, Dominique Dhumieres wrote: I have done the change to tree t = NULL_TREE; then bootstrap fails with Bootstrap comparison failure! gcc/plugin.o differs gcc/toplev.o differs Interesting, I didn't know that asan.c runs during normal bootstrap. -Y
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
On Mon, Jun 16, 2014 at 04:57:54PM +0400, Yury Gribov wrote: On 06/16/2014 04:52 PM, Dominique Dhumieres wrote: I have done the change to tree t = NULL_TREE; then bootstrap fails with Bootstrap comparison failure! gcc/plugin.o differs gcc/toplev.o differs Interesting, I didn't know that asan.c runs during normal bootstrap. It does not. So the above is IMHO very likely completely unrelated, perhaps Darwin specific, issue. Jakub
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
I have bootstrapped r211707 with the full patch (among others!). It does not. So the above is IMHO very likely completely unrelated, perhaps Darwin specific, issue. More likely related to the fact that I only resumed bootstrap after the change tree t = NULL_TREE; and an update from r211700 to r211701, instead of starting a clean bootstrap. Cheers, Dominiaue
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
On 06/16/2014 04:47 PM, Yury Gribov wrote:
On 06/16/2014 02:34 PM, Dominique Dhumieres wrote:
Done in r211699.
This breaks bootstrap on x86_64-apple-darwin13:
Hm, perhaps I didn't run full bootstrap after last round of review.
Does attached patch solve the problem for you? I've started bootstrap
but it'll take couple of hours to complete.
Bootstrapped successfully on x64 with proposed patch.
The original commit indeed failed to bootstrap
(https://gcc.gnu.org/ml/gcc-testresults/2014-06/msg01419.html).
Ok to commit fix?
-Y
diff --git a/gcc/asan.c b/gcc/asan.c
index 19e1524..281a795 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -1636,6 +1636,13 @@ build_check_stmt (location_t location, tree base, tree len,
gcc_assert (!(size_in_bytes 0 !non_zero_len_p));
+ if (start_instrumented end_instrumented)
+{
+ if (!before_p)
+gsi_next (iter);
+ return;
+}
+
if (len)
len = unshare_expr (len);
else
@@ -1735,7 +1742,7 @@ build_check_stmt (location_t location, tree base, tree len,
gsi_insert_after (gsi, g, GSI_NEW_STMT);
tree base_addr = gimple_assign_lhs (g);
- tree t;
+ tree t = NULL_TREE;
if (real_size_in_bytes = 8)
{
tree shadow = build_shadow_mem_access (gsi, location, base_addr,
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
On Mon, Jun 16, 2014 at 10:21:39PM +0400, Yury Gribov wrote:
On 06/16/2014 04:47 PM, Yury Gribov wrote:
On 06/16/2014 02:34 PM, Dominique Dhumieres wrote:
Done in r211699.
This breaks bootstrap on x86_64-apple-darwin13:
Hm, perhaps I didn't run full bootstrap after last round of review.
Does attached patch solve the problem for you? I've started bootstrap
but it'll take couple of hours to complete.
Bootstrapped successfully on x64 with proposed patch.
The original commit indeed failed to bootstrap
(https://gcc.gnu.org/ml/gcc-testresults/2014-06/msg01419.html).
Ok to commit fix?
Ok (with proper ChangeLog entry).
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -1636,6 +1636,13 @@ build_check_stmt (location_t location, tree base, tree
len,
gcc_assert (!(size_in_bytes 0 !non_zero_len_p));
+ if (start_instrumented end_instrumented)
+{
+ if (!before_p)
+gsi_next (iter);
+ return;
+}
+
if (len)
len = unshare_expr (len);
else
@@ -1735,7 +1742,7 @@ build_check_stmt (location_t location, tree base, tree
len,
gsi_insert_after (gsi, g, GSI_NEW_STMT);
tree base_addr = gimple_assign_lhs (g);
- tree t;
+ tree t = NULL_TREE;
if (real_size_in_bytes = 8)
{
tree shadow = build_shadow_mem_access (gsi, location, base_addr,
Jakub
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
Bootstrapped successfully on x64 with proposed patch. The original commit indeed failed to bootstrap (https://gcc.gnu.org/ml/gcc-testresults/2014-06/msg01419.html). Ok to commit fix? Ok (with proper ChangeLog entry). r211713. -Y
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
On Mon, Jun 09, 2014 at 07:48:46PM +0400, Yury Gribov wrote:
Build_check_stmt is now unified for const/variable lengths
but I'd still prefer to treat the use_calls case specially
because calling single __asan_loadN is more space-efficient
than emitting two separate calls with a length check.
That is not what I meant.
1) instrument_mem_region_access/instrument_strlen should use a single
build_check_stmt call instead of two that they do now,
both for use_calls case and !use_calls case, the difference
is just that instrument_mem_region_access needs to guard
it against len == 0, while for use_calls it doesn't have to,
it seems __asan_{load,store}N handles length of 0 correctly
(still, the caller shouldn't update_mem_ref_hash_table
if length might be zero, even in the use_calls case)
2) passing always a tree length to build_check_stmt and then
recreating size_in_bytes out of it is ugly, just add a new
tree parameter, if it is non-NULL, the length is variable,
and real_size_in_bytes should be 1, and the code additionally
has to compute length - 1 at runtime and add the result,
otherwise it just keeps adding precomputed constant
Let's check if I'm on the right way. I've attached current version. It may
have some rough edges but at least all regtests pass on x64.
The plan (we had already for 4.9, but didn't get to that yet) is in the end
not to lower the checks in asan pass that much, and lower it in sanopt
pass later on after performing some inter-bb optimizations.
The plan has been to use internal builtins, but the __builtin___asan_loadX
etc. perhaps could serve the same purpose, with the only problem being that
__asan_loadN handles zero, while the inline expansion thereof doesn't unless
it explicitly checks for zero value. But don't want to hold your patch
for that. Once we switch to that model, we'd simply inline the __asan_*
builtins in the sanopt pass until we hit the limit.
The reason for the plan is that it will be easier in the sanopt pass to
try to remove redundant instrumentation, e.g. when dominator bb already
checks a particular address/length and no calls that could change the
validity of the checks happen between the dominator bb and the dominated
__asan_load/storeX.
Some obvious problems:
1) build_check_stmt argument list has become really long and messy;
(this could be simplified to some extent if we get rid of size_of_bytes and
non_zero_len_p and recompute them from len instead
but all other parameters seem really unavoidable)
I think that is fine.
2) we can't easily check number of instrumentations in
no-redundant-instrumentation-*.c family of tests
because memory region accesses now have single error handler
(__asan_report_load_n/store_n);
the best solution I came up with is counting all 'X 7' patterns.
Ok.
3) strlen instrumentation is still using two separate calls to
build_check_stmt (due to reasons I mentioned above).
If for strlen we check before the call the first byte and after the
call the last byte, then indeed we want two calls. Or we could check
everything after the call and use one call after it.
+static void
+build_check_stmt_with_calls (location_t loc, tree base, tree len,
+ HOST_WIDE_INT size_in_bytes, gimple_stmt_iterator *iter,
+ bool before_p, bool is_store, bool is_scalar_access)
Whitespace. Please use tabs instead of spaces, and align the lines below
location_t.
@@ -1501,111 +1608,198 @@ build_shadow_mem_access (gimple_stmt_iterator *gsi,
location_t location,
SSA_NAME, or a non-SSA expression. LOCATION is the source code
location. IS_STORE is TRUE for a store, FALSE for a load.
BEFORE_P is TRUE for inserting the instrumentation code before
- ITER, FALSE for inserting it after ITER.
+ ITER, FALSE for inserting it after ITER. IS_SCALAR_ACCESS is TRUE
+ for a scalar memory access and FALSE for memory region access.
+ NON_ZERO_P is TRUE if memory region is guaranteed to have non-zero
+ length. ALIGN tells alignment of accessed memory object.
+
+ START_INSTRUMENTED and END_INSTRUMENTED are TRUE if start/end of
+ memory region have already been instrumented.
If BEFORE_P is TRUE, *ITER is arranged to still point to the
statement it was pointing to prior to calling this function,
otherwise, it points to the statement logically following it. */
static void
-build_check_stmt (location_t location, tree base, gimple_stmt_iterator *iter,
- bool before_p, bool is_store, HOST_WIDE_INT size_in_bytes,
- bool slow_p = false)
+build_check_stmt (location_t location, tree base, tree len,
+ HOST_WIDE_INT size_in_bytes, gimple_stmt_iterator *iter,
+ bool non_zero_len_p, bool before_p, bool is_store,
+ bool is_scalar_access, unsigned int align = 0,
+ bool start_instrumented = false,
+
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
On 06/11/2014 01:31 PM, Jakub Jelinek wrote:
The plan (we had already for 4.9, but didn't get to that yet) is in the end
not to lower the checks in asan pass that much, and lower it in sanopt
pass later on after performing some inter-bb optimizations.
...
The reason for the plan is that it will be easier in the sanopt pass to
try to remove redundant instrumentation, e.g. when dominator bb already
checks a particular address/length and no calls that could change the
validity of the checks happen between the dominator bb and the dominated
__asan_load/storeX.
Sounds great, should help get rid of many useless checks.
Do you guys need a hand with this?
3) strlen instrumentation is still using two separate calls to
build_check_stmt (due to reasons I mentioned above).
If for strlen we check before the call the first byte and after the
call the last byte, then indeed we want two calls. Or we could check
everything after the call and use one call after it.
Well, on one hand delaying the check risks accessing invalid memory.
But this would cause memory protection error worst case so may be fine.
Whitespace. Please use tabs instead of spaces,
and align the lines below location_t.
Right, I didn't bother when sending the patch because I mostly worried
about general correctness.
Attached version should have proper formatting.
Also, when it is one call or two minor checks in one
build_check_stmt call, we shouldn't record in the hash table start and end,
just the start, plus for NULL len also size_in_bytes, for non-NULL len
probably nothing, we don't know if len isn't zero.
Like this?
-Y
2014-06-11 Yury Gribov y.gri...@samsung.com
New asan-instrumentation-with-call-threshold parameter.
gcc/
* asan.c (check_func): New function.
(maybe_create_ssa_name): Likewise.
(build_check_stmt_with_calls): Likewise.
(use_calls_p): Likewise.
(report_error_func): Change interface.
(build_check_stmt): Allow non-integer lengths; add support
for new parameter.
(asan_instrument): Likewise.
(instrument_mem_region_access): Moved code to
build_check_stmt.
(instrument_derefs): Likewise.
(instrument_strlen_call): Likewise.
* cfgcleanup.c (old_insns_match_p): Add support for new
functions.
* doc/invoke.texi: Describe new parameter.
* params.def: Define new parameter.
* params.h: Likewise.
* sanitizer.def: Describe new builtins.
gcc/testsuite/
* c-c++-common/asan/instrument-with-calls-1.c: New test.
* c-c++-common/asan/instrument-with-calls-2.c: Likewise.
* c-c++-common/asan/instrument-with-calls-3.c: Likewise.
* c-c++-common/asan/no-redundant-instrumentation-1.c: Update
test patterns.
* c-c++-common/asan/no-redundant-instrumentation-2.c:
Likewise.
* c-c++-common/asan/no-redundant-instrumentation-4.c:
Likewise.
* c-c++-common/asan/no-redundant-instrumentation-5.c:
Likewise.
* c-c++-common/asan/no-redundant-instrumentation-6.c:
Likewise.
* c-c++-common/asan/no-redundant-instrumentation-7.c:
Likewise.
* c-c++-common/asan/no-redundant-instrumentation-8.c:
Likewise.
diff --git a/gcc/asan.c b/gcc/asan.c
index 3397655..5f0a2de 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -242,6 +242,19 @@ static GTY(()) tree shadow_ptr_types[2];
/* Decl for __asan_option_detect_stack_use_after_return. */
static GTY(()) tree asan_detect_stack_use_after_return;
+/* Number of instrumentations in current function so far. */
+
+static int asan_num_accesses;
+
+/* Check whether we should replace inline instrumentation with calls. */
+
+static inline bool
+use_calls_p ()
+{
+ return ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD INT_MAX
+ asan_num_accesses = ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD;
+}
+
/* Hashtable support for memory references used by gimple
statements. */
@@ -1319,7 +1332,7 @@ asan_protect_global (tree decl)
IS_STORE is either 1 (for a store) or 0 (for a load). */
static tree
-report_error_func (bool is_store, HOST_WIDE_INT size_in_bytes, bool slow_p)
+report_error_func (bool is_store, HOST_WIDE_INT size_in_bytes, int *nargs)
{
static enum built_in_function report[2][6]
= { { BUILT_IN_ASAN_REPORT_LOAD1, BUILT_IN_ASAN_REPORT_LOAD2,
@@ -1328,13 +1341,37 @@ report_error_func (bool is_store, HOST_WIDE_INT size_in_bytes, bool slow_p)
{ BUILT_IN_ASAN_REPORT_STORE1, BUILT_IN_ASAN_REPORT_STORE2,
BUILT_IN_ASAN_REPORT_STORE4, BUILT_IN_ASAN_REPORT_STORE8,
BUILT_IN_ASAN_REPORT_STORE16, BUILT_IN_ASAN_REPORT_STORE_N } };
- if ((size_in_bytes (size_in_bytes - 1)) != 0
- || size_in_bytes 16
- || slow_p)
-return builtin_decl_implicit (report[is_store][5]);
+ if (size_in_bytes == -1)
+{
+ *nargs = 2;
+ return builtin_decl_implicit (report[is_store][5]);
+}
+ *nargs = 1;
return builtin_decl_implicit (report[is_store][exact_log2 (size_in_bytes)]);
}
+/* Construct a function tree for __asan_{load,store}{1,2,4,8,16,_n}.
+ IS_STORE is either 1 (for a store) or 0 (for a load). */
+
+static tree
+check_func (bool is_store, int
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
Build_check_stmt is now unified for const/variable lengths
but I'd still prefer to treat the use_calls case specially
because calling single __asan_loadN is more space-efficient
than emitting two separate calls with a length check.
That is not what I meant.
1) instrument_mem_region_access/instrument_strlen should use a single
build_check_stmt call instead of two that they do now,
both for use_calls case and !use_calls case, the difference
is just that instrument_mem_region_access needs to guard
it against len == 0, while for use_calls it doesn't have to,
it seems __asan_{load,store}N handles length of 0 correctly
(still, the caller shouldn't update_mem_ref_hash_table
if length might be zero, even in the use_calls case)
2) passing always a tree length to build_check_stmt and then
recreating size_in_bytes out of it is ugly, just add a new
tree parameter, if it is non-NULL, the length is variable,
and real_size_in_bytes should be 1, and the code additionally
has to compute length - 1 at runtime and add the result,
otherwise it just keeps adding precomputed constant
Let's check if I'm on the right way. I've attached current version. It
may have some rough edges but at least all regtests pass on x64.
Some obvious problems:
1) build_check_stmt argument list has become really long and messy;
(this could be simplified to some extent if we get rid of size_of_bytes
and non_zero_len_p and recompute them from len instead
but all other parameters seem really unavoidable)
2) we can't easily check number of instrumentations in
no-redundant-instrumentation-*.c family of tests
because memory region accesses now have single error handler
(__asan_report_load_n/store_n);
the best solution I came up with is counting all 'X 7' patterns.
3) strlen instrumentation is still using two separate calls to
build_check_stmt (due to reasons I mentioned above).
-Y
diff --git a/gcc/asan.c b/gcc/asan.c
index 3397655..fb1ddb9 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -242,6 +242,19 @@ static GTY(()) tree shadow_ptr_types[2];
/* Decl for __asan_option_detect_stack_use_after_return. */
static GTY(()) tree asan_detect_stack_use_after_return;
+/* Number of instrumentations in current function so far. */
+
+static int asan_num_accesses;
+
+/* Check whether we should replace inline instrumentation with calls. */
+
+static inline bool
+use_calls_p ()
+{
+ return ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD INT_MAX
+ asan_num_accesses = ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD;
+}
+
/* Hashtable support for memory references used by gimple
statements. */
@@ -1319,7 +1332,7 @@ asan_protect_global (tree decl)
IS_STORE is either 1 (for a store) or 0 (for a load). */
static tree
-report_error_func (bool is_store, HOST_WIDE_INT size_in_bytes, bool slow_p)
+report_error_func (bool is_store, HOST_WIDE_INT size_in_bytes, int *nargs)
{
static enum built_in_function report[2][6]
= { { BUILT_IN_ASAN_REPORT_LOAD1, BUILT_IN_ASAN_REPORT_LOAD2,
@@ -1328,13 +1341,37 @@ report_error_func (bool is_store, HOST_WIDE_INT size_in_bytes, bool slow_p)
{ BUILT_IN_ASAN_REPORT_STORE1, BUILT_IN_ASAN_REPORT_STORE2,
BUILT_IN_ASAN_REPORT_STORE4, BUILT_IN_ASAN_REPORT_STORE8,
BUILT_IN_ASAN_REPORT_STORE16, BUILT_IN_ASAN_REPORT_STORE_N } };
- if ((size_in_bytes (size_in_bytes - 1)) != 0
- || size_in_bytes 16
- || slow_p)
-return builtin_decl_implicit (report[is_store][5]);
+ if (size_in_bytes == -1)
+{
+ *nargs = 2;
+ return builtin_decl_implicit (report[is_store][5]);
+}
+ *nargs = 1;
return builtin_decl_implicit (report[is_store][exact_log2 (size_in_bytes)]);
}
+/* Construct a function tree for __asan_{load,store}{1,2,4,8,16,_n}.
+ IS_STORE is either 1 (for a store) or 0 (for a load). */
+
+static tree
+check_func (bool is_store, int size_in_bytes, int *nargs)
+{
+ static enum built_in_function check[2][6]
+= { { BUILT_IN_ASAN_LOAD1, BUILT_IN_ASAN_LOAD2,
+ BUILT_IN_ASAN_LOAD4, BUILT_IN_ASAN_LOAD8,
+ BUILT_IN_ASAN_LOAD16, BUILT_IN_ASAN_LOADN },
+ { BUILT_IN_ASAN_STORE1, BUILT_IN_ASAN_STORE2,
+ BUILT_IN_ASAN_STORE4, BUILT_IN_ASAN_STORE8,
+ BUILT_IN_ASAN_STORE16, BUILT_IN_ASAN_STOREN } };
+ if (size_in_bytes == -1)
+{
+ *nargs = 2;
+ return builtin_decl_implicit (check[is_store][5]);
+}
+ *nargs = 1;
+ return builtin_decl_implicit (check[is_store][exact_log2 (size_in_bytes)]);
+}
+
/* Split the current basic block and create a condition statement
insertion point right before or after the statement pointed to by
ITER. Return an iterator to the point at which the caller might
@@ -1494,6 +1531,76 @@ build_shadow_mem_access (gimple_stmt_iterator *gsi, location_t location,
return gimple_assign_lhs (g);
}
+/* BASE can already be an SSA_NAME; in that case, do not create a
+ new SSA_NAME for it. */
+
+static tree
+maybe_create_ssa_name (location_t loc, tree base,
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
1) instrument_mem_region_access/instrument_strlen should use a single build_check_stmt call instead of two that they do now, I agree with instrument_mem_region_access but the strlen case is quite different because checks are inserted at different sides of instrumented insn. Adding yet more flags and code paths to build_check_stmt would IMHO overcomplicate it. -Y
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
On Fri, Jun 06, 2014 at 09:08:17AM +0400, Yury Gribov wrote:
Build_check_stmt is now unified for const/variable lengths
but I'd still prefer to treat the use_calls case specially
because calling single __asan_loadN is more space-efficient
than emitting two separate calls with a length check.
That is not what I meant.
1) instrument_mem_region_access/instrument_strlen should use a single
build_check_stmt call instead of two that they do now,
both for use_calls case and !use_calls case, the difference
is just that instrument_mem_region_access needs to guard
it against len == 0, while for use_calls it doesn't have to,
it seems __asan_{load,store}N handles length of 0 correctly
(still, the caller shouldn't update_mem_ref_hash_table
if length might be zero, even in the use_calls case)
2) passing always a tree length to build_check_stmt and then
recreating size_in_bytes out of it is ugly, just add a new
tree parameter, if it is non-NULL, the length is variable,
and real_size_in_bytes should be 1, and the code additionally
has to compute length - 1 at runtime and add the result,
otherwise it just keeps adding precomputed constant
Jakub
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
Jakub,
Here is an updated patch. I have not addressed some of the points:
Also note (but, already preexisting issue) is that the
__asan_report* and __asan_{load,store}* calls are declared in
sanitizer.def as having 1st argument PTR type, while in the library
it is uptr (aka PTRMODE). So, either we should fix up sanitizer.def
to match that (we were passing already base_addr which is integral,
not pointer), or if we keep sanitizer.def as is, we should pass
to the calls base_ssa instead of base_addr.
Can I do this with a separate patch? The current one is already quite big.
+ if (use_calls)
+{
+ build_check_stmt_sized (location, base, len, iter, is_store);
+ update_mem_ref_hash_table (base, 1);
+ update_mem_ref_hash_table (end, 1);
+ return;
+}
+
See above, here we should not handle use_calls any differently from
!use_calls.
Build_check_stmt is now unified for const/variable lengths
but I'd still prefer to treat the use_calls case specially
because calling single __asan_loadN is more space-efficient
than emitting two separate calls with a length check.
-Y
2014-06-06 Yury Gribov y.gri...@samsung.com
New asan-instrumentation-with-call-threshold parameter.
gcc/
* asan.c (check_func): New function.
(use_calls_p): Likewise.
(report_error_func): Change interface.
(build_check_stmt): Allow non-integer lengths; add support
for new parameter.
(instrument_mem_region_access): Likewise.
(asan_instrument): Likewise.
(instrument_derefs): Moved code to build_check_stmt.
* cfgcleanup.c (old_insns_match_p): Add support for new
functions.
* doc/invoke.texi: Describe new parameter.
* params.def: Define new parameter.
* params.h: Likewise.
* sanitizer.def: Describe new builtins.
gcc/testsuite/
* c-c++-common/asan/instrument-with-calls-1.c: New test.
* c-c++-common/asan/instrument-with-calls-2.c: Likewise.
* c-c++-common/asan/instrument-with-calls-3.c: Likewise.
diff --git a/gcc/asan.c b/gcc/asan.c
index 3397655..acaf110 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -257,6 +257,15 @@ struct asan_mem_ref
static alloc_pool asan_mem_ref_alloc_pool;
+static int asan_num_accesses;
+
+static inline bool
+use_calls_p ()
+{
+ return ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD INT_MAX
+ asan_num_accesses = ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD;
+}
+
/* This creates the alloc pool used to store the instances of
asan_mem_ref that are stored in the hash table asan_mem_ref_ht. */
@@ -1319,7 +1328,7 @@ asan_protect_global (tree decl)
IS_STORE is either 1 (for a store) or 0 (for a load). */
static tree
-report_error_func (bool is_store, HOST_WIDE_INT size_in_bytes, bool slow_p)
+report_error_func (bool is_store, HOST_WIDE_INT size_in_bytes, int *nargs)
{
static enum built_in_function report[2][6]
= { { BUILT_IN_ASAN_REPORT_LOAD1, BUILT_IN_ASAN_REPORT_LOAD2,
@@ -1328,13 +1337,37 @@ report_error_func (bool is_store, HOST_WIDE_INT size_in_bytes, bool slow_p)
{ BUILT_IN_ASAN_REPORT_STORE1, BUILT_IN_ASAN_REPORT_STORE2,
BUILT_IN_ASAN_REPORT_STORE4, BUILT_IN_ASAN_REPORT_STORE8,
BUILT_IN_ASAN_REPORT_STORE16, BUILT_IN_ASAN_REPORT_STORE_N } };
- if ((size_in_bytes (size_in_bytes - 1)) != 0
- || size_in_bytes 16
- || slow_p)
-return builtin_decl_implicit (report[is_store][5]);
+ if (size_in_bytes == -1)
+{
+ *nargs = 2;
+ return builtin_decl_implicit (report[is_store][5]);
+}
+ *nargs = 1;
return builtin_decl_implicit (report[is_store][exact_log2 (size_in_bytes)]);
}
+/* Construct a function tree for __asan_{load,store}{1,2,4,8,16,_n}.
+ IS_STORE is either 1 (for a store) or 0 (for a load). */
+
+static tree
+check_func (bool is_store, int size_in_bytes, int *nargs)
+{
+ static enum built_in_function check[2][6]
+= { { BUILT_IN_ASAN_LOAD1, BUILT_IN_ASAN_LOAD2,
+ BUILT_IN_ASAN_LOAD4, BUILT_IN_ASAN_LOAD8,
+ BUILT_IN_ASAN_LOAD16, BUILT_IN_ASAN_LOADN },
+ { BUILT_IN_ASAN_STORE1, BUILT_IN_ASAN_STORE2,
+ BUILT_IN_ASAN_STORE4, BUILT_IN_ASAN_STORE8,
+ BUILT_IN_ASAN_STORE16, BUILT_IN_ASAN_STOREN } };
+ if (size_in_bytes == -1)
+{
+ *nargs = 2;
+ return builtin_decl_implicit (check[is_store][5]);
+}
+ *nargs = 1;
+ return builtin_decl_implicit (check[is_store][exact_log2 (size_in_bytes)]);
+}
+
/* Split the current basic block and create a condition statement
insertion point right before or after the statement pointed to by
ITER. Return an iterator to the point at which the caller might
@@ -1508,41 +1541,72 @@ build_shadow_mem_access (gimple_stmt_iterator *gsi, location_t location,
otherwise, it points to the statement logically following it. */
static void
-build_check_stmt (location_t location, tree base, gimple_stmt_iterator *iter,
- bool before_p, bool is_store, HOST_WIDE_INT size_in_bytes,
- bool slow_p = false)
+build_check_stmt (location_t location, tree base, tree len,
+ gimple_stmt_iterator *iter, bool before_p, bool
[PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
Hi all,
This is a second try on outline Asan instrumentation (original patch:
https://gcc.gnu.org/ml/gcc-patches/2014-05/msg02194.html).
This patch adds support for replacing Asan inline checks with function
calls. This feature has been recently added to LLVM to
* reduce long compiler runtimes on large functions with huge (over 10K)
number of memory accesses (http://llvm.org/bugs/show_bug.cgi?id=12653)
* a step to full Kasan support in GCC
* reduce code size overhead
Bootstrapped/regtested on x64.
-Y
2014-06-03 Yury Gribov y.gri...@samsung.com
New asan-instrumentation-with-call-threshold parameter.
gcc/
* asan.c (check_func): New function.
(build_check_stmt_sized): Likewise.
(build_check_stmt): Add support for new parameter.
(instrument_mem_region_access): Likewise.
(asan_instrument): Likewise.
* cfgcleanup.c (old_insns_match_p): Add support for new
functions.
* doc/invoke.texi: Describe new parameter.
* params.def: Define new parameter.
* params.h: Likewise.
* sanitizer.def: Describe new builtins.
gcc/testsuite/
* c-c++-common/asan/instrument-with-calls-1.c: New test.
* c-c++-common/asan/instrument-with-calls-2.c: Likewise.
* c-c++-common/asan/instrument-with-calls-3.c: Likewise.
diff --git a/gcc/asan.c b/gcc/asan.c
index 3397655..1677c51 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -257,6 +257,8 @@ struct asan_mem_ref
static alloc_pool asan_mem_ref_alloc_pool;
+static int asan_num_accesses;
+
/* This creates the alloc pool used to store the instances of
asan_mem_ref that are stored in the hash table asan_mem_ref_ht. */
@@ -1335,6 +1337,26 @@ report_error_func (bool is_store, HOST_WIDE_INT size_in_bytes, bool slow_p)
return builtin_decl_implicit (report[is_store][exact_log2 (size_in_bytes)]);
}
+/* Construct a function tree for __asan_{load,store}{1,2,4,8,16,_n}.
+ IS_STORE is either 1 (for a store) or 0 (for a load). */
+
+static tree
+check_func (bool is_store, int size_in_bytes, int slow_p)
+{
+ static enum built_in_function check[2][6]
+= { { BUILT_IN_ASAN_CHECK_LOAD1, BUILT_IN_ASAN_CHECK_LOAD2,
+ BUILT_IN_ASAN_CHECK_LOAD4, BUILT_IN_ASAN_CHECK_LOAD8,
+ BUILT_IN_ASAN_CHECK_LOAD16, BUILT_IN_ASAN_CHECK_LOAD_N },
+ { BUILT_IN_ASAN_CHECK_STORE1, BUILT_IN_ASAN_CHECK_STORE2,
+ BUILT_IN_ASAN_CHECK_STORE4, BUILT_IN_ASAN_CHECK_STORE8,
+ BUILT_IN_ASAN_CHECK_STORE16, BUILT_IN_ASAN_CHECK_STORE_N } };
+ if ((size_in_bytes (size_in_bytes - 1)) != 0
+ || size_in_bytes 16
+ || slow_p)
+return builtin_decl_implicit (check[is_store][5]);
+ return builtin_decl_implicit (check[is_store][exact_log2 (size_in_bytes)]);
+}
+
/* Split the current basic block and create a condition statement
insertion point right before or after the statement pointed to by
ITER. Return an iterator to the point at which the caller might
@@ -1520,9 +1542,11 @@ build_check_stmt (location_t location, tree base, gimple_stmt_iterator *iter,
tree shadow_type = TREE_TYPE (shadow_ptr_type);
tree uintptr_type
= build_nonstandard_integer_type (TYPE_PRECISION (TREE_TYPE (base)), 1);
- tree base_ssa = base;
+ tree base_ssa;
HOST_WIDE_INT real_size_in_bytes = size_in_bytes;
tree sz_arg = NULL_TREE;
+ bool use_calls =
+asan_num_accesses++ = ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD;
if (size_in_bytes == 1)
slow_p = false;
@@ -1534,15 +1558,27 @@ build_check_stmt (location_t location, tree base, gimple_stmt_iterator *iter,
slow_p = true;
}
- /* Get an iterator on the point where we can add the condition
- statement for the instrumentation. */
- gsi = create_cond_insert_point (iter, before_p,
- /*then_more_likely_p=*/false,
- /*create_then_fallthru_edge=*/false,
- then_bb,
- else_bb);
+ base_ssa = base = unshare_expr (base);
- base = unshare_expr (base);
+ if (use_calls)
+{
+ gsi = *iter;
+ g = gimple_build_nop ();
+ if (before_p)
+ gsi_insert_before (gsi, g, GSI_NEW_STMT);
+ else
+ gsi_insert_after (gsi, g, GSI_NEW_STMT);
+}
+ else
+{
+ /* Get an iterator on the point where we can add the condition
+ statement for the instrumentation. */
+ gsi = create_cond_insert_point (iter, before_p,
+ /*then_more_likely_p=*/false,
+ /*create_then_fallthru_edge=*/false,
+ then_bb,
+ else_bb);
+}
/* BASE can already be an SSA_NAME; in that case, do not create a
new SSA_NAME for it. */
@@ -1563,6 +1599,22 @@ build_check_stmt (location_t location, tree base, gimple_stmt_iterator *iter,
gsi_insert_after (gsi, g, GSI_NEW_STMT);
base_addr = gimple_assign_lhs (g);
+ if (use_calls)
+{
+ tree fun = check_func (is_store, size_in_bytes, slow_p);
+ g = slow_p
+ ? gimple_build_call (fun, 1, base_addr)
+ : gimple_build_call (fun, 2, base_addr,
+ build_int_cst (pointer_sized_int_node, size_in_bytes));
+ gimple_set_location (g, location);
+ gsi_insert_after (gsi, g, GSI_NEW_STMT);
+
+
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
On Tue, Jun 03, 2014 at 12:03:02PM +0400, Yury Gribov wrote:
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -257,6 +257,8 @@ struct asan_mem_ref
static alloc_pool asan_mem_ref_alloc_pool;
+static int asan_num_accesses;
+
/* This creates the alloc pool used to store the instances of
asan_mem_ref that are stored in the hash table asan_mem_ref_ht. */
@@ -1335,6 +1337,26 @@ report_error_func (bool is_store, HOST_WIDE_INT
size_in_bytes, bool slow_p)
return builtin_decl_implicit (report[is_store][exact_log2
(size_in_bytes)]);
}
+/* Construct a function tree for __asan_{load,store}{1,2,4,8,16,_n}.
+ IS_STORE is either 1 (for a store) or 0 (for a load). */
+
+static tree
+check_func (bool is_store, int size_in_bytes, int slow_p)
+{
+ static enum built_in_function check[2][6]
+= { { BUILT_IN_ASAN_CHECK_LOAD1, BUILT_IN_ASAN_CHECK_LOAD2,
+ BUILT_IN_ASAN_CHECK_LOAD4, BUILT_IN_ASAN_CHECK_LOAD8,
+ BUILT_IN_ASAN_CHECK_LOAD16, BUILT_IN_ASAN_CHECK_LOAD_N },
+ { BUILT_IN_ASAN_CHECK_STORE1, BUILT_IN_ASAN_CHECK_STORE2,
+ BUILT_IN_ASAN_CHECK_STORE4, BUILT_IN_ASAN_CHECK_STORE8,
+ BUILT_IN_ASAN_CHECK_STORE16, BUILT_IN_ASAN_CHECK_STORE_N } };
Any reason why the BUILT_IN_* names so differ from the actual function
names? I.e. why not use BUILT_IN_ASAN_{LOAD,STORE}{1,2,4,8,16,N}
(no underscore before N, no CHECK_)?
@@ -1520,9 +1542,11 @@ build_check_stmt (location_t location, tree base,
gimple_stmt_iterator *iter,
tree shadow_type = TREE_TYPE (shadow_ptr_type);
tree uintptr_type
= build_nonstandard_integer_type (TYPE_PRECISION (TREE_TYPE (base)), 1);
- tree base_ssa = base;
+ tree base_ssa;
HOST_WIDE_INT real_size_in_bytes = size_in_bytes;
tree sz_arg = NULL_TREE;
+ bool use_calls =
+asan_num_accesses++ = ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD;
Wouldn't it be better to do
bool use_calls
= asan_num_accesses = ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD;
(note, = on next line per GNU Coding Conventions), and then
if (!use_calls)
asan_num_accesses++;
so that you don't risk signed overflow? Maybe also
if (ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD == INT_MAX)
use_calls = false;
before that, so that there is a way to turn the calls off completely.
@@ -1534,15 +1558,27 @@ build_check_stmt (location_t location, tree base,
gimple_stmt_iterator *iter,
slow_p = true;
}
- /* Get an iterator on the point where we can add the condition
- statement for the instrumentation. */
- gsi = create_cond_insert_point (iter, before_p,
- /*then_more_likely_p=*/false,
- /*create_then_fallthru_edge=*/false,
- then_bb,
- else_bb);
+ base_ssa = base = unshare_expr (base);
- base = unshare_expr (base);
+ if (use_calls)
+{
+ gsi = *iter;
+ g = gimple_build_nop ();
+ if (before_p)
+ gsi_insert_before (gsi, g, GSI_NEW_STMT);
+ else
+ gsi_insert_after (gsi, g, GSI_NEW_STMT);
This looks ugly. I don't like adding GIMPLE_NOP, it is going
to take many passes before it is going to be DCEd.
Just handle the use_calls before_p case in the two spots
where a new stmt is inserted.
Also note (but, already preexisting issue) is that the
__asan_report* and __asan_{load,store}* calls are declared in
sanitizer.def as having 1st argument PTR type, while in the library
it is uptr (aka PTRMODE). So, either we should fix up sanitizer.def
to match that (we were passing already base_addr which is integral,
not pointer), or if we keep sanitizer.def as is, we should pass
to the calls base_ssa instead of base_addr.
@@ -1642,6 +1694,61 @@ build_check_stmt (location_t location, tree base,
gimple_stmt_iterator *iter,
*iter = gsi_start_bb (else_bb);
}
+static void
+build_check_stmt_sized (location_t location, tree base, tree len,
+ gimple_stmt_iterator *iter, bool is_store)
Formatting, gimple_stmt_iterator needs to be below location_t.
Furthermore, this looks just like a partial transition, I don't see
why we should emit one __asan_loadN call but two separate
__asan_report_load_1 for the instrumented stringops.
Instead, build_check_stmt should be changed, so that it is possible to pass
it a variable length (checked by the caller for non-zero already),
and in that case force using the slow_p stuff, but instead of adding a
constant size add the variable length - 1.
@@ -1774,6 +1881,9 @@ instrument_mem_region_access (tree base, tree len,
gimple_stmt_iterator *iter,
location_t location, bool is_store)
{
+ bool use_calls =
+asan_num_accesses++ = ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD;
+
See above.
@@ -1795,6 +1905,14 @@ instrument_mem_region_access (tree base, tree len,
if (start_instrumented end_instrumented)
return;
+ if (use_calls)
+{
+
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
Any reason why the BUILT_IN_* names so differ from the actual function
names? I.e. why not use BUILT_IN_ASAN_{LOAD,STORE}{1,2,4,8,16,N}
(no underscore before N, no CHECK_)?
Makes sense.
Wouldn't it be better to do
...
so that you don't risk signed overflow? Maybe also
Yeah, that looks cleaner.
Also note (but, already preexisting issue) is that the
__asan_report* and __asan_{load,store}* calls are declared in
sanitizer.def as having 1st argument PTR type, while in the library
it is uptr (aka PTRMODE). So, either we should fix up sanitizer.def
to match that (we were passing already base_addr which is integral,
not pointer), or if we keep sanitizer.def as is, we should pass
to the calls base_ssa instead of base_addr.
Which solution is better for middle-end? Would casting to uptr
complicate alias analysis or somehow damage optimization capabilities of
further passes?
Frankly I don't understand why libsanitizer prefers uptr to void*'s and
size_t's...
Furthermore, this looks just like a partial transition, I don't see
why we should emit one __asan_loadN call but two separate
__asan_report_load_1 for the instrumented stringops.
I was too lazy to bother with strlen. But ok, I'll optimize this piece.
Instead, build_check_stmt should be changed, so that it is possible to pass
it a variable length (checked by the caller for non-zero already),
and in that case force using the slow_p stuff, but instead of adding a
constant size add the variable length - 1.
+1, this will simplify code.
-Y
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
On Tue, Jun 03, 2014 at 01:33:39PM +0400, Yury Gribov wrote:
Also note (but, already preexisting issue) is that the
__asan_report* and __asan_{load,store}* calls are declared in
sanitizer.def as having 1st argument PTR type, while in the library
it is uptr (aka PTRMODE). So, either we should fix up sanitizer.def
to match that (we were passing already base_addr which is integral,
not pointer), or if we keep sanitizer.def as is, we should pass
to the calls base_ssa instead of base_addr.
Which solution is better for middle-end? Would casting to uptr
complicate alias analysis or somehow damage optimization
capabilities of further passes?
Supposedly at least for use_calls case pretending the argument is
void * instead of uptr would result in smaller IL (no need to cast it
to integral type).
Frankly I don't understand why libsanitizer prefers uptr to void*'s
and size_t's...
Supposedly because then you don't have to cast it on the library side
if you want to perform masking/shifting etc. on it. But that doesn't sound
like a very strong argument.
Jakub
Re: [PATCH] Support asan-instrumentation-with-call-threshold in GCC (second try)
On Tue, Jun 3, 2014 at 1:33 PM, Yury Gribov y.gri...@samsung.com wrote:
Any reason why the BUILT_IN_* names so differ from the actual function
names? I.e. why not use BUILT_IN_ASAN_{LOAD,STORE}{1,2,4,8,16,N}
(no underscore before N, no CHECK_)?
Makes sense.
Wouldn't it be better to do
...
so that you don't risk signed overflow? Maybe also
Yeah, that looks cleaner.
Also note (but, already preexisting issue) is that the
__asan_report* and __asan_{load,store}* calls are declared in
sanitizer.def as having 1st argument PTR type, while in the library
it is uptr (aka PTRMODE). So, either we should fix up sanitizer.def
to match that (we were passing already base_addr which is integral,
not pointer), or if we keep sanitizer.def as is, we should pass
to the calls base_ssa instead of base_addr.
Which solution is better for middle-end? Would casting to uptr complicate
alias analysis or somehow damage optimization capabilities of further
passes?
Frankly I don't understand why libsanitizer prefers uptr to void*'s and
size_t's...
We can not use size_t because we do not include system headers.
Furthermore, this looks just like a partial transition, I don't see
why we should emit one __asan_loadN call but two separate
__asan_report_load_1 for the instrumented stringops.
I was too lazy to bother with strlen. But ok, I'll optimize this piece.
Note that in clang we stopped instrumenting stringops in compiler and
fully rely on interceptors
({memset,memcpy,memmove} are replaced with
__asan_{memset,memcpy,memmove} to avoid late inlining)
Instead, build_check_stmt should be changed, so that it is possible to
pass
it a variable length (checked by the caller for non-zero already),
and in that case force using the slow_p stuff, but instead of adding a
constant size add the variable length - 1.
+1, this will simplify code.
-Y
