the type sanitizer free yourself from fno strict aliasing
play

The Type Sanitizer: Free Yourself from -fno-strict-aliasing Hal - PowerPoint PPT Presentation

Oct 24, 2023 •42 likes •262 views

The Type Sanitizer: Free Yourself from -fno-strict-aliasing Hal Finkel Argonne National Laboratory 2017 LLVM Developers' Meeting An Example $ cat /tmp/clever.c #include <stdio.h> #include <math.h> float i_am_clever(unsigned int

  1. The Type Sanitizer: Free Yourself from -fno-strict-aliasing Hal Finkel Argonne National Laboratory 2017 LLVM Developers' Meeting

  2. An Example $ cat /tmp/clever.c #include <stdio.h> #include <math.h> float i_am_clever(unsigned int *i, float *f) { if (!isnan(*f)) *i ^= 1 << 31; return *f; Do we need to load *f again here? } int main() { float f = 5; f = i_am_clever((unsigned int *) &f, &f); printf("%f\n", f); } 2

  3. An Example $ gcc -o /tmp/c /tmp/clever.c Clang and GCC are $ /tmp/c similar in this regard... -5.000000 $ gcc -o /tmp/c /tmp/clever.c -O3 $ /tmp/c 5.000000 $ gcc -o /tmp/c /tmp/clever.c -O3 -fno-strict-aliasing $ /tmp/c -5.000000 $ clang -o /tmp/c ~/tmp/clever.c $ /tmp/c -5.000000 $ clang -o /tmp/c ~/tmp/clever.c -O3 $ /tmp/c 5.000000 $ clang -o /tmp/c ~/tmp/clever.c -O3 -fno-strict-aliasing $ /tmp/c -5.000000 3

  4. An Example $ clang -o /tmp/c /tmp/clever.c -fsanitize=type -g $ /tmp/c 4

  5. The Rules Clang's vector types are also included in this list. 5

  6. TBAA Metadata ... store i32* %i, i32** %i.addr, align 8, !tbaa !3 ... %348 = load float*, float** %f.addr, align 8, !tbaa !3 ... %409 = load float, float* %348, align 4, !tbaa !7 ... store i32 %xor, i32* %870, align 4, !tbaa !9 All pointers are the same. ... !3 = !{!4, !4, i64 0} !4 = !{!"any pointer", !5, i64 0} !5 = !{!"omnipotent char", !6, i64 0} !6 = !{!"Simple C/C++ TBAA"} !7 = !{!8, !8, i64 0} The root for C++ code. !8 = !{!"float", !5, i64 0} !9 = !{!10, !10, i64 0} !10 = !{!"int", !5, i64 0} 6

  7. TBAA Metadata Access Tag: (Base Type, Access Type,Offset) ● For scalar accesses, the base type == access type ● The base/access type is: (name, member 1 type, offset 1, member 2 type, offset 2, …) Scalar types, not just structure types, have the above form. Scalar types don't have members, but they do have parent types... char int short 7

  8. TBAA Metadata struct Inner { struct Outer { int i; // offset 0 float f; // offset 0 float f; // offset 4 double d; // offset 8 }; struct Inner inner_a; // offset 16 }; An access to: Outer::inner_a::i, Outer @ offset 16 Can alias with... Inner::i, Inner @ offset 0 Can alias with... int “@ offset 0” Can alias with... char “@ offset 0” 8

  9. TBAA Metadata struct Inner { struct Outer { int i; // offset 0 float f; // offset 0 float f; // offset 4 double d; // offset 8 }; struct Inner inner_a; // offset 16 }; !2 = !{!3, !3, i64 0} !3 = !{!"any pointer", !4, i64 0} !4 = !{!"omnipotent char", !5, i64 0} !5 = !{!"Simple C/C++ TBAA"} !6 = !{!7, !8, i64 0} !7 = !{!"Outer", !8, i64 0, !9, i64 8, !10, i64 16} !8 = !{!"float", !4, i64 0} !9 = !{!"double", !4, i64 0} !10 = !{!"Inner", !11, i64 0, !8, i64 4} Start here and work backward. !11 = !{!"int", !4, i64 0} !12 = !{!7, !11, i64 16} 9

  10. The Type Sanitizer Clang ● -fsanitize=type ● Always produce TBAA metadata, even at -O0 ● Add type metadata to globals ● Link with the tysan runtime library LLVM ● Don't use TBAA metadata for pointer-aliasing analysis ● Instrument access and generate type descriptors ● Disable some “sanitizer unfriendly” optimizations compiler-rt ● Uses shadow memory to record access types for memory ranges ● Uses TBAA algorithm at runtime to check access legality ● Reports illegal accesses to the user 10

  11. Shadow Memory access -1 -2 -3 access -1 access -1 0 ... descriptor descriptor descriptor 2-byte access (scalar) type 4-byte access (scalar) type Each box above is sizeof(void *) bytes. Shadow Address = (((Access Address) & __tysan_app_memory_mask) * sizeof(void*)) + __tysan_shadow_memory_address 11

  12. Descriptors Access descriptor: 1 base-type desc. ptr. access-type desc. ptr. offset Type descriptor: 2 member count member desc. ptr. member offset ... name ● Except for types in anonymous namespaces, use comdat for each descriptor. ● For unnamed types, hash the structure to make a unique name. 12

  13. Instrumentation ● Reset shadow memory to zero for: ● byval arguments and allocas (i.e., new stack allocations) ● lifetime_start/lifetime_end ● memset ● For memcpy/memmove, do the same for the corresponding shadow memory ● For a memory access, if the type is unknown (all zeros), set the type in shadow memory. If the type is set, then check that it matches (i.e., that the first shadow memory value is the type descriptor and the remaining values are -1, -2, …). If it does not match, call the runtime (which may nevertheless determine that the access is legal). 13

  14. Interceptors Intercept system functions to… ● Reset the shadow memory to zero (i.e., mark the type as unknown) ● memset, mmap, malloc, and related functions ● Copy the corresponding shadow memory ● memcpy, memmove, strdup Writing interceptors is easy… INTERCEPTOR(int, posix_memalign, void **memptr, uptr alignment, uptr size) { int res = REAL(posix_memalign)(memptr, alignment, size); if (res == 0 && *memptr) tysan_set_type_unknown(*memptr, size); return res; } ... INTERCEPT_FUNCTION(posix_memalign); 14

  15. Shadow Memory Allocate unreserved (i.e., unbacked) pages for the shadow memory based on how each architecture uses its address space… #if defined(__x86_64__) struct Mapping { static const uptr kShadowAddr = 0x010000000000ull; static const uptr kAppAddr = 0x550000000000ull; static const uptr kAppMemMsk = ~0x780000000000ull; }; … __tysan_shadow_memory_address = ShadowAddr(); __tysan_app_memory_mask = AppMask(); … MmapFixedNoReserve(ShadowAddr(), AppAddr() - ShadowAddr()); 15

  16. Printing Errors How do you generate those characteristic sanitizer error messages and stack traces? First, record information about the caller when you enter the runtime… extern "C" SANITIZER_INTERFACE_ATTRIBUTE void __tysan_check(void *addr, int size, tysan_type_descriptor *td, int flags) { GET_CALLER_PC_BP_SP; Declares and initializes: pc, bp, sp 16

  17. Printing Errors Next, make use of provided functions for printing and the stack trace… Decorator d; Printf("%s", d.Warning()); Report("ERROR: TypeSanitizer: type-aliasing-violation on address %p" " (pc %p bp %p sp %p tid %d)\n", Addr, (void *) pc, (void *) bp, (void *) sp, GetTid()); Printf("%s", d.End()); Printf("%s of size %d at %p with type ", AccessStr, Size, Addr); … if (pc) { BufferedStackTrace ST; ST.Unwind(kStackTraceMax, pc, bp, 0, 0, 0, false); ST.Print(); } else { Printf("\n"); } 17

  18. Another Example $ cat /tmp/so.c #include <stdio.h> WRITE of size 4 at #include <stdlib.h> 0x000002712014 with type int (in X at offset 0) accesses an existing struct X { int i; object of type int (in X at offset 4) int j; }; int foo(struct X *p, struct X *q) { q->j = 1; p->i = 0; return q->j; } int main() { unsigned char *p = malloc(3 * sizeof(int)); printf("%i\n", foo((struct X *)(p + sizeof(int)), (struct X *)p)); } 18

  19. Partial Overlaps The instrumentation and runtime deals with different overlap cases: ● The current access points to the first byte of the previously-recorded type in memory ● The current access points to the middle of some previously-recorded type in memory ● Not the first byte, but some later bytes, of the current access overlap with some previously-recorded type in memory READ of size 4 at ... with type float accesses part of an existing object of type long that starts at offset -4 19

  20. An Experiment As has been previously identified by others [1], the popular XML parser library Expat, violates type-aliasing rules. Compiling Expat 2.2.0 with the Type Sanitizer and executing the “runtests” program reports 2613 errors, including many like: “READ of size 8 at ... with type any pointer (in attribute_id at offset 0) accesses an existing object of type any pointer (in <anonymous type> at offset 0)” “READ of size 4 at ... with type int (in XML_ParserStruct at offset 512) accesses an existing object of type int (in prolog_state at offset 8)” [1] “Detecting Strict Aliasing Violations in the Wild” http://trust-in-soft.com/wp-content/uploads/2017/01/vmcai.pdf 20

  21. Future Enhancements ● “Sticky” types for local/global variables (and more) – Some variables have declared types and those types can be set “up front”, and shouldn't be changed later by accesses. ● (Optional) Origin tracking – Currently the stack trace shows the location of the illegal access but not the location of the code that set the type. ● Better handling of unions and arrays – This requires enhancements to the TBAA representation (such enhancements are currently under discussion). 21

  22. Acknowledgments ● The LLVM community ● ALCF, ANL, and DOE ● ALCF is supported by DOE/SC under contract DE- AC02-06CH11357 https://reviews.llvm.org/D32199 (Clang) https://reviews.llvm.org/D32197 (Runtime) https://reviews.llvm.org/D32198 (LLVM) 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A smart watch with alcohol-based sanitizer gel dual purpose unit that can flip from watch to

A smart watch with alcohol-based sanitizer gel dual purpose unit that can flip from watch to

A smart watch with alcohol-based sanitizer gel dual purpose unit that can flip from watch to roll on sanitizer gel. watch + sanitizer gel watch + sanitizer gel SANITIZER GEL WATCH ROLLER 70 x 50 x 18 MM watch + sanitizer gel 28 x 210 MM

112 views • 8 slides
Post processing anti-aliasing Heiki Prn Aliasing Aliasing Supersampling Render to some

Post processing anti-aliasing Heiki Prn Aliasing Aliasing Supersampling Render to some

Post processing anti-aliasing Heiki Prn Aliasing Aliasing Supersampling Render to some resolution higher than the screen, and then downsample to screen resolution. Computationally expensive. Inefficient.

504 views • 23 slides
DEALING WITH ALIASING USING DEALING WITH ALIASING USING CONTRACTS CONTRACTS BEATING FORTRAN'S

DEALING WITH ALIASING USING DEALING WITH ALIASING USING CONTRACTS CONTRACTS BEATING FORTRAN'S

DEALING WITH ALIASING USING DEALING WITH ALIASING USING CONTRACTS CONTRACTS BEATING FORTRAN'S PERFORMANCE BEATING FORTRAN'S PERFORMANCE , PhD Student, Etvs Lornd University Gbor Horvth xazax.hun@gmail.com 1 ALIASING ALIASING int

1k views • 61 slides
Aliasing Aliases are low frequencies in a rendered image that are due to higher frequencies in

Aliasing Aliases are low frequencies in a rendered image that are due to higher frequencies in

CS-184: Computer Graphics Lecture 9: Sampling and Aliasing Robert Carroll University of California, Berkeley Aliasing Aliases are low frequencies in a rendered image that are due to higher frequencies in the original image. aliasing effects

440 views • 16 slides
FuZZan: Efficient Sanitizer Metadata Design for Fuzzing Yuseok Jeon 1 , WookHyun Han 2 , Nathan

FuZZan: Efficient Sanitizer Metadata Design for Fuzzing Yuseok Jeon 1 , WookHyun Han 2 , Nathan

FuZZan: Efficient Sanitizer Metadata Design for Fuzzing Yuseok Jeon 1 , WookHyun Han 2 , Nathan Burow 1 , Mathias Payer 1 3 1 2 3 Sanitizer: Debug Policy Violations Observe actual execution and flag incorrect behavior E.g., detect

470 views • 23 slides
How do we remove aliasing ? Anti-Aliasing Techniques Cheaper solution : take multiple samples

How do we remove aliasing ? Anti-Aliasing Techniques Cheaper solution : take multiple samples

How do we remove aliasing ? Anti-Aliasing Techniques Cheaper solution : take multiple samples for each pixel and average them together supersampling. Can weight them towards the centre weighted average sampling Stochastic

626 views • 10 slides
Aliasing and Mutability 15-110 Wednesday 02/19 Learning Goals Recognize how aliasing

Aliasing and Mutability 15-110 Wednesday 02/19 Learning Goals Recognize how aliasing

Aliasing and Mutability 15-110 Wednesday 02/19 Learning Goals Recognize how aliasing impacts the values held in mutable variables Recognize the difference between functions on mutable values that are destructive vs. non-destructive

343 views • 33 slides
The Monad of Strict Computation A Categorical Framework for the Semantics of Languages in which

The Monad of Strict Computation A Categorical Framework for the Semantics of Languages in which

The Monad of Strict Computation A Categorical Framework for the Semantics of Languages in which Strict and Non-strict computation rules are mixed Dick Kieburtz Portland State University WG2.8 Meeting July 16-20, 2007 The Problem, illustrated

507 views • 16 slides
lecture 16 Texture mapping Aliasing (and anti-aliasing) Texture (images) Texture Mapping Q:

lecture 16 Texture mapping Aliasing (and anti-aliasing) Texture (images) Texture Mapping Q:

lecture 16 Texture mapping Aliasing (and anti-aliasing) Texture (images) Texture Mapping Q: Why do we need texture mapping ? A: Because objects look fake and boring without it. Adding texture improves realism. recall mapping for

513 views • 48 slides
Texture Mapping Texture (images) lecture 16 Texture mapping Aliasing (and anti-aliasing)

Texture Mapping Texture (images) lecture 16 Texture mapping Aliasing (and anti-aliasing)

Texture Mapping Texture (images) lecture 16 Texture mapping Aliasing (and anti-aliasing) Adding texture improves realism. Q: Why do we need texture mapping ? A: Because objects look fake and boring without it. recall mapping for

176 views • 6 slides
Segal-type models of weak n -categories Simona Paoli Department of Mathematics University of

Segal-type models of weak n -categories Simona Paoli Department of Mathematics University of

Segal-type models of weak n -categories Simona Paoli Department of Mathematics University of Leicester CT2019, University of Edinburgh Simona Paoli (University of Leicester) July 2019 1 / 54 Strict versus weak n -categories Idea of strict n

1.1k views • 54 slides
CIRCLean - USB key sanitizer Some bash, some python, a RaspberryPi, and a lot of glue. TLP:WHITE

CIRCLean - USB key sanitizer Some bash, some python, a RaspberryPi, and a lot of glue. TLP:WHITE

CIRCLean - USB key sanitizer Some bash, some python, a RaspberryPi, and a lot of glue. TLP:WHITE info@circl.lu July 7, 2015 Context An USB key is a blackbox We all use USB keys Antiviruses wont detect more than 60% of common

569 views • 14 slides
All ( , 1)-toposes have strict univalent universes Michael Shulman SYCO 4 Chapman University

All ( , 1)-toposes have strict univalent universes Michael Shulman SYCO 4 Chapman University

All ( , 1)-toposes have strict univalent universes Michael Shulman SYCO 4 Chapman University May 22, 2019 The theorem Theorem Every Grothendieck -topos can be presented by a model category that interprets homotopy type theory with

628 views • 45 slides
SHOULD STRICT CRIMINAL LIABILITY BE REMOVED FROM ALL IMPRISONABLE OFFENCES? ANDREW ASHW ORTH,

SHOULD STRICT CRIMINAL LIABILITY BE REMOVED FROM ALL IMPRISONABLE OFFENCES? ANDREW ASHW ORTH,

SHOULD STRICT CRIMINAL LIABILITY BE REMOVED FROM ALL IMPRISONABLE OFFENCES? ANDREW ASHW ORTH, THE J.M. K ELLY LECTURE 20 10 What is strict crim inal liability? An offence should be treated as a crime of strict liability if it

309 views • 14 slides
FREE PROBABILITY OF TYPE B AND ASYMPTOTICS OF FINITE-RANK PERTURBATIONS OF RANDOM MATRICES Dima

FREE PROBABILITY OF TYPE B AND ASYMPTOTICS OF FINITE-RANK PERTURBATIONS OF RANDOM MATRICES Dima

FREE PROBABILITY OF TYPE B AND ASYMPTOTICS OF FINITE-RANK PERTURBATIONS OF RANDOM MATRICES Dima Shlyakhtenko, UCLA Free Probability and Large N Limit, V Many B s around: Many B s around: bi-free probability (Voiculescus talk) Many B

829 views • 57 slides
Anton S. Kaplanyan 1 August 2016 SPECULAR ALIASING Specular highlight can be small Gets

Anton S. Kaplanyan 1 August 2016 SPECULAR ALIASING Specular highlight can be small Gets

Anton S. Kaplanyan 1 August 2016 SPECULAR ALIASING Specular highlight can be small Gets brighter when gets smaller Specular microdetails sparkle Specular aliasing Pixel footprint Emphasized on curved geometry Specular highlight Does not go

452 views • 32 slides
Optimized Scatter/Gather for Parallel Storage PDSW-DISCS 2017 Latchesar Ionkov Carlos Maltzahn

Optimized Scatter/Gather for Parallel Storage PDSW-DISCS 2017 Latchesar Ionkov Carlos Maltzahn

Optimized Scatter/Gather for Parallel Storage PDSW-DISCS 2017 Latchesar Ionkov Carlos Maltzahn Michael Lang Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA LA-UR-17-2163 HPC Storage: Stuck in the Past

364 views • 24 slides
1 3. Simple Memory System Cache Address Translation Example #1 16 lines, 4-byte block size

1 3. Simple Memory System Cache Address Translation Example #1 16 lines, 4-byte block size

Today Simple memory system example Case study: Core i7/Linux memory system Virtual Memory: Systems Memory mapping CSci 2021: Machine Architecture and Organization April 20th-22nd, 2020 Your instructor: Stephen McCamant Based on

587 views • 5 slides
Corrections and Transfers (Updated 4/14/12) Bill Cahill 4-5124 bpcahil@iastate.edu Agenda

Corrections and Transfers (Updated 4/14/12) Bill Cahill 4-5124 bpcahil@iastate.edu Agenda

Corrections and Transfers (Updated 4/14/12) Bill Cahill 4-5124 bpcahil@iastate.edu Agenda Introductions Objectives Review of Corrections and Transfers Matrix Cash Receipt Adjustment Correction Voucher Non-Payroll

576 views • 23 slides
STM32L476 Parallel I/O Ports References: STM32L4x6 Reference Manual STM32L476xx Data Sheet

STM32L476 Parallel I/O Ports References: STM32L4x6 Reference Manual STM32L476xx Data Sheet

STM32L476 Parallel I/O Ports References: STM32L4x6 Reference Manual STM32L476xx Data Sheet stm32l476xx.h Header File NVIC, System Tick Timer External memory ARM Cortex-M4 CPU Flash SRAM STMicroelectronics STM32L476xx microcontroller

664 views • 20 slides
CS415: Systems Programming File related System Calls Most of the slides in this lecture are

CS415: Systems Programming File related System Calls Most of the slides in this lecture are

CS415: Systems Programming File related System Calls Most of the slides in this lecture are either from or adapted from the slides provided by Dr. Ahmad Barghash Remember UNI File I/O: Performed mostly using 6 commands open close

436 views • 22 slides
LZ4, BulkIO, and offset removal performance Jim Pivarski Princeton University DIANA October

LZ4, BulkIO, and offset removal performance Jim Pivarski Princeton University DIANA October

LZ4, BulkIO, and offset removal performance Jim Pivarski Princeton University DIANA October 11, 2017 1 / 15 Motivation for this study Three updates to ROOT I/O are aimed at speeding up or reducing file size for end-user analysis: new

574 views • 18 slides
CS 423 Operating System Design: The Kernel Abstraction Professor Adam Bates CS423:

CS 423 Operating System Design: The Kernel Abstraction Professor Adam Bates CS423:

CS 423 Operating System Design: The Kernel Abstraction Professor Adam Bates CS423: Operating Systems Design Goals for Today Learning Objectives: (Learn how to use the vSphere console) Understand the Kernel/Process Abstraction

823 views • 49 slides
types of codon models Q ij = j for synonymous ts. j for non-synonymous

types of codon models Q ij = j for synonymous ts. j for non-synonymous

2017-07-29 part 3: analysis of natural selection pressure omega models ! 0 if i and j differ by &gt; 1 j for synonymous tv. types of codon models Q ij = j for synonymous ts. j for

516 views • 15 slides

More recommend