Commit Graph

5672 Commits

Author SHA1 Message Date
Peter Collingbourne
7ffec838a2 Protection against stack-based memory corruption errors using SafeStack
This patch adds the safe stack instrumentation pass to LLVM, which separates
the program stack into a safe stack, which stores return addresses, register
spills, and local variables that are statically verified to be accessed
in a safe way, and the unsafe stack, which stores everything else. Such
separation makes it much harder for an attacker to corrupt objects on the
safe stack, including function pointers stored in spilled registers and
return addresses. You can find more information about the safe stack, as
well as other parts of or control-flow hijack protection technique in our
OSDI paper on code-pointer integrity (http://dslab.epfl.ch/pubs/cpi.pdf)
and our project website (http://levee.epfl.ch).

The overhead of our implementation of the safe stack is very close to zero
(0.01% on the Phoronix benchmarks). This is lower than the overhead of
stack cookies, which are supported by LLVM and are commonly used today,
yet the security guarantees of the safe stack are strictly stronger than
stack cookies. In some cases, the safe stack improves performance due to
better cache locality.

Our current implementation of the safe stack is stable and robust, we
used it to recompile multiple projects on Linux including Chromium, and
we also recompiled the entire FreeBSD user-space system and more than 100
packages. We ran unit tests on the FreeBSD system and many of the packages
and observed no errors caused by the safe stack. The safe stack is also fully
binary compatible with non-instrumented code and can be applied to parts of
a program selectively.

This patch is our implementation of the safe stack on top of LLVM. The
patches make the following changes:

- Add the safestack function attribute, similar to the ssp, sspstrong and
  sspreq attributes.

- Add the SafeStack instrumentation pass that applies the safe stack to all
  functions that have the safestack attribute. This pass moves all unsafe local
  variables to the unsafe stack with a separate stack pointer, whereas all
  safe variables remain on the regular stack that is managed by LLVM as usual.

- Invoke the pass as the last stage before code generation (at the same time
  the existing cookie-based stack protector pass is invoked).

- Add unit tests for the safe stack.

Original patch by Volodymyr Kuznetsov and others at the Dependable Systems
Lab at EPFL; updates and upstreaming by myself.

Differential Revision: http://reviews.llvm.org/D6094

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@239761 91177308-0d34-0410-b5e6-96231b3b80d8
2015-06-15 21:07:11 +00:00
Sanjoy Das
deca672bbd Unbreak docs build from r239740.
Add FaultMaps.rst to toctree.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@239747 91177308-0d34-0410-b5e6-96231b3b80d8
2015-06-15 19:38:15 +00:00
Sanjoy Das
18a05df213 Unbreak the build from r239740.
Do not re-use an enum name as a field name.  Some bots don't like this.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@239746 91177308-0d34-0410-b5e6-96231b3b80d8
2015-06-15 19:29:44 +00:00
Sanjoy Das
1991e2a4df [CodeGen] Introduce a FAULTING_LOAD_OP pseudo-op.
Summary:
This instruction encodes a loading operation that may fault, and a label
to branch to if the load page-faults.  The locations of potentially
faulting loads and their "handler" destinations are recorded in a
FaultMap section, meant to be consumed by LLVM's clients.

Nothing generates FAULTING_LOAD_OP instructions yet, but they will be
used in a future change.

The documentation (FaultMaps.rst) needs improvement and I will update
this diff with a more expanded version shortly.

Depends on D10196

Reviewers: rnk, reames, AndyAyers, ab, atrick, pgavlin

Reviewed By: atrick, pgavlin

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D10197

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@239740 91177308-0d34-0410-b5e6-96231b3b80d8
2015-06-15 18:44:08 +00:00
Tom Stellard
953c681473 R600 -> AMDGPU rename
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@239657 91177308-0d34-0410-b5e6-96231b3b80d8
2015-06-13 03:28:10 +00:00
Tom Stellard
f28da43112 R600/SI: Add assembler support for FLAT instructions
- Add glc, slc, and tfe operands to flat instructions
- Add missing flat instructions
- Fix the encoding of flat_load_dwordx3 and flat_store_dwordx3.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@239637 91177308-0d34-0410-b5e6-96231b3b80d8
2015-06-12 20:47:06 +00:00
Craig Topper
02890a5cf3 [TableGen] Correct the documentation for 'foreach' in the Language Intro.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@239204 91177308-0d34-0410-b5e6-96231b3b80d8
2015-06-06 00:44:42 +00:00
Sean Silva
3eb860ab87 [docs] Document "LGTM" in the lexicon.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@239085 91177308-0d34-0410-b5e6-96231b3b80d8
2015-06-04 20:28:09 +00:00
Filipe Cabecinhas
6af0f89f37 [IR/AsmWriter] Output escape sequences if the first character isdigit()
If the first character in a metadata attachment's name is a digit, it has
to be output using an escape sequence, otherwise it's not valid text IR.

Removed an over-zealous assert from LLVMContext which didn't allow this.
The rule should only apply to text IR. Actual names can have any sequence
of non-NUL bytes.

Also added some documentation on accepted names.

Bug found with AFL fuzz.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238867 91177308-0d34-0410-b5e6-96231b3b80d8
2015-06-02 21:25:08 +00:00
Jingyue Wu
bb06a52fa7 [docs] fix the declarations of the llvm.nvvm.ptr.gen.to.* intrinsics
Summary:
These intrinsics should take a generic input address space and outputs a
non-generic address space.

Test Plan: no

Reviewers: jholewinski, eliben

Reviewed By: eliben

Subscribers: eliben, jholewinski, llvm-commits

Differential Revision: http://reviews.llvm.org/D10132

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238620 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-29 22:18:03 +00:00
Frederic Riss
9282af9d6c [YAMLIO] Make line-wrapping configurable and test it.
Summary:
We would wrap flow mappings and sequences when they go over a hardcoded 70
characters limit. Make the wrapping column configurable (and default to 70
co the change should be NFC for current users). Passing 0 allows to completely
suppress the wrapping which makes it easier to handle in tools like FileCheck.

Reviewers: bogner

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D10109

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238584 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-29 17:56:28 +00:00
Diego Novillo
6882d57ef2 Update documentation for llvm-profdata.
These options have been present for a while, but I had never updated the
documentation. Fixed.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238511 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-28 21:57:17 +00:00
Chandler Carruth
957830dc8e Add some more detailed docs about the current state of Phabricator and
reviwes.llvm.org to help reduce confusion.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238295 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-27 07:20:46 +00:00
Owen Anderson
13146c7e3b Add initial support for the convergent attribute.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238264 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-26 23:48:40 +00:00
Kostya Serebryany
ea8a3963b4 [lib/Fuzzer] make the fuzzing timeout 1200 seconds by default (was: infinity)
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238251 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-26 20:57:47 +00:00
Kostya Serebryany
e4af3b4160 [lib/Fuzzer] fix docs
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238236 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-26 19:32:52 +00:00
Kostya Serebryany
b3fdcb3739 [lib/Fuzzer] mention the user-supplied mutators
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238062 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-22 22:43:05 +00:00
Swaroop Sridhar
0141c66026 Document the CoreCLR GC Strategy
Add notead about the CoreCLR GC Strategy to the 
Garbage Collection document.



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237869 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-21 00:50:10 +00:00
Nick Kledzik
0dd9a6767c [doc] Update Lexicon with C++ unwinder acronyms
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237840 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-20 22:04:06 +00:00
Kostya Serebryany
b753a30d3b [lib/Fuzzer] more docs
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237836 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-20 21:03:03 +00:00
Sanjoy Das
4d88c3ebad Dereferenceable, dereferenceable_or_null metadata for loads
Summary:
Introduce dereferenceable, dereferenceable_or_null metadata for loads
with the same semantic as corresponding attributes.

This patch depends on http://reviews.llvm.org/D9253

Patch by Artur Pilipenko!

Reviewers: hfinkel, sanjoy, reames

Reviewed By: sanjoy, reames

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D9365

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237720 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-19 20:10:19 +00:00
Artyom Skrobov
6aed5afbbb Fix documentation for Set-Like Containers
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237677 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-19 10:21:12 +00:00
Matthias Braun
1cf942cb4f Doxygen: Enable autobrief feature and update coding standards.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237417 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-15 03:34:01 +00:00
Justin Bogner
d0db0dec5e docs: Fix up some .rst formatting
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237409 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-14 23:56:58 +00:00
Nick Lewycky
2b5899e7fc Add a missing piece of existing practice to the developer policy. This may need further refinement, but I think is roughly correct.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237405 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-14 23:21:33 +00:00
Alex Lorenz
29a3c1d580 YAML: Add support for literal block scalar I/O.
This commit gives the users of the YAML Traits I/O library 
the ability to serialize scalars using the YAML literal block 
scalar notation by allowing them to implement a specialization 
of the `BlockScalarTraits` struct for their custom types.

Reviewers: Duncan P. N. Exon Smith

Differential Revision: http://reviews.llvm.org/D9613


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237404 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-14 23:08:22 +00:00
Michael Kuperstein
6a882f8907 Fixed some typos and broken links in source level debugging docs.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237357 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-14 10:58:59 +00:00
Kostya Serebryany
933e6287fe [lib/Fuzzer] update docs about test corpuses in git
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237308 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-13 22:42:28 +00:00
Sanjoy Das
ac8a7cc8d2 [Statepoints][Docs] Fix a couple of out of date examples.
Things I had missed in r237285.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237290 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-13 20:20:10 +00:00
Sanjoy Das
3bc33d9ca1 [Statepoints][Docs] Fix typo: change a period to a comma.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237289 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-13 20:19:51 +00:00
Sanjoy Das
3f0ca03e94 [PlaceSafepoints] New attributes for patchable statepoints.
Summary:
This patch teaches the PlaceSafepoints pass about two `CallSite`
function attributes:

 * "statepoint-id": if the string value of this attribute can be parsed
   as an integer, then it is propagated to the ID parameter of the
   statepoint created.

 * "statepoint-num-patch-bytes": if the string value of this attribute
   can be parsed as an integer, then it is propagated to the `num patch
   bytes` parameter of the statepoint created.

This change intentionally does not assert on a malformed value for these
attributes, given that they're not "official" attributes.

Reviewers: reames, pgavlin

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D9735

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237286 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-13 20:11:31 +00:00
Sanjoy Das
7569db4a8c [PlaceSafepoints] Update docs for r237214.
Show the two new ID and NumPatchBytes fields in the PlaceSafepoint
examples in Statepoints.rst to avoid confusion.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237285 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-13 20:11:24 +00:00
Diego Novillo
a3bccceda7 Add function entry count metadata.
Summary:
This adds three Function methods to handle function entry counts:
setEntryCount() and getEntryCount().

Entry counts are stored under the MD_prof metadata node with the name
"function_entry_count". They are unsigned 64 bit values set by profilers
(instrumentation and sample profiler changes coming up).

Added documentation for new profile metadata and tests.

Reviewers: dexonsmith, bogner

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D9628

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237260 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-13 15:13:45 +00:00
Sanjoy Das
ead2d1fbe0 [Statepoints] Support for "patchable" statepoints.
Summary:
This change adds two new parameters to the statepoint intrinsic, `i64 id`
and `i32 num_patch_bytes`.  `id` gets propagated to the ID field
in the generated StackMap section.  If the `num_patch_bytes` is
non-zero then the statepoint is lowered to `num_patch_bytes` bytes of
nops instead of a call (the spill and reload code remains unchanged).
A non-zero `num_patch_bytes` is useful in situations where a language
runtime requires complete control over how a call is lowered.

This change brings statepoints one step closer to patchpoints.  With
some additional work (that is not part of this patch) it should be
possible to get rid of `TargetOpcode::STATEPOINT` altogether.

PlaceSafepoints generates `statepoint` wrappers with `id` set to
`0xABCDEF00` (the old default value for the ID reported in the stackmap)
and `num_patch_bytes` set to `0`.  This can be made more sophisticated
later.

Reviewers: reames, pgavlin, swaroop.sridhar, AndyAyers

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D9546

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237214 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-12 23:52:24 +00:00
Pat Gavlin
81b3ceba60 [Statepoints] Split the calling convention and statepoint flags operand to STATEPOINT into two separate operands.
Differential Revision: http://reviews.llvm.org/D9623

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237166 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-12 19:50:19 +00:00
Kostya Serebryany
eaba2dd2f1 [lib/Fuzzer] guess the right number of workers if -jobs=N is given but -workers=M is not. Update the docs.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237163 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-12 18:51:57 +00:00
Adam Nemet
d6a9af6fd3 [Docs] Fix scoped noalias example
Summary:
As far as I understand the entire point of this example is to show that
if noalias is not a superset/equal to the alias.scope list on a scope
domain then load could reference locations that the store is not known
to not-alias i.e may alias.

Reviewers: hfinkel

Reviewed By: hfinkel

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D9598

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236977 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-11 08:30:28 +00:00
Pat Gavlin
278c121d39 Fix a docs build break introduced by rL236888.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236891 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-08 18:37:49 +00:00
Pat Gavlin
5c7f7462e4 Extend the statepoint intrinsic to allow statepoints to be marked as transitions from GC-aware code to code that is not GC-aware.
This changes the shape of the statepoint intrinsic from:

  @llvm.experimental.gc.statepoint(anyptr target, i32 # call args, i32 unused, ...call args, i32 # deopt args, ...deopt args, ...gc args)

to:

  @llvm.experimental.gc.statepoint(anyptr target, i32 # call args, i32 flags, ...call args, i32 # transition args, ...transition args, i32 # deopt args, ...deopt args, ...gc args)

This extension offers the backend the opportunity to insert (somewhat) arbitrary code to manage the transition from GC-aware code to code that is not GC-aware and back.

In order to support the injection of transition code, this extension wraps the STATEPOINT ISD node generated by the usual lowering lowering with two additional nodes: GC_TRANSITION_START and GC_TRANSITION_END. The transition arguments that were passed passed to the intrinsic (if any) are lowered and provided as operands to these nodes and may be used by the backend during code generation.

Eventually, the lowering of the GC_TRANSITION_{START,END} nodes should be informed by the GC strategy in use for the function containing the intrinsic call; for now, these nodes are instead replaced with no-ops.

Differential Revision: http://reviews.llvm.org/D9501

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236888 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-08 18:07:42 +00:00
Alexey Samsonov
8227e6a8b4 Update CMake flags, LibFuzzer comments and docs for new -fsanitize-coverage= flags.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236797 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-07 23:33:24 +00:00
Elena Demikhovsky
89711f8e5c Masked Gather and Scatter intrinsics - updated documentation.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236721 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-07 12:25:11 +00:00
Kostya Serebryany
b6ca45c39f [lib/Fuzzer] rename TestOneInput to LLVMFuzzerTestOneInput to make it more unique
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236652 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-06 22:19:00 +00:00
Matthias Braun
458a265e30 Document some of the options in test/lit.cfg
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236462 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-04 21:37:00 +00:00
Matthias Braun
cccd128a8a Lit: Allow overriding llvm tool paths+arguments, make -D an alias for --param
These changes allow usages where you want to pass an additional
commandline option to all invocations of a specific llvm tool. Example:

> llvm-lit -Dllc=llc -enable-misched -verify-machineinstrs

Differential Revision: http://reviews.llvm.org/D9487

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236461 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-04 21:36:36 +00:00
Alex Lorenz
c41c3a4c3b YAML: Add an optional 'flow' field to the mapping trait to allow flow mapping output.
This patch adds an optional 'flow' field to the MappingTrait
class so that yaml IO will be able to output flow mappings.

Reviewers: Justin Bogner

Differential Revision: http://reviews.llvm.org/D9450


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236456 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-04 20:11:40 +00:00
Alex Lorenz
0b74b0823f Update YamlIO documentation for the ScalarTraits class.
This patch adds the missing context parameter to the
input and output methods in ScalarTraits.

Differential Revision: http://reviews.llvm.org/D9173


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236328 91177308-0d34-0410-b5e6-96231b3b80d8
2015-05-01 18:20:23 +00:00
Reid Kleckner
1ed169d8a1 Add a note about permitting default member initializers
Use them in WinEHPrepare so that we can spot any toolchain bugs that
come up.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236244 91177308-0d34-0410-b5e6-96231b3b80d8
2015-04-30 18:17:12 +00:00
Jonathan Roelofs
b241283669 Clean up docs references to './configure' in preparation for deprecating in-source builds
http://reviews.llvm.org/D8787


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236144 91177308-0d34-0410-b5e6-96231b3b80d8
2015-04-29 20:06:41 +00:00
Duncan P. N. Exon Smith
e56023a059 IR: Give 'DI' prefix to debug info metadata
Finish off PR23080 by renaming the debug info IR constructs from `MD*`
to `DI*`.  The last of the `DIDescriptor` classes were deleted in
r235356, and the last of the related typedefs removed in r235413, so
this has all baked for about a week.

Note: If you have out-of-tree code (like a frontend), I recommend that
you get everything compiling and tests passing with the *previous*
commit before updating to this one.  It'll be easier to keep track of
what code is using the `DIDescriptor` hierarchy and what you've already
updated, and I think you're extremely unlikely to insert bugs.  YMMV of
course.

Back to *this* commit: I did this using the rename-md-di-nodes.sh
upgrade script I've attached to PR23080 (both code and testcases) and
filtered through clang-format-diff.py.  I edited the tests for
test/Assembler/invalid-generic-debug-node-*.ll by hand since the columns
were off-by-three.  It should work on your out-of-tree testcases (and
code, if you've followed the advice in the previous paragraph).

Some of the tests are in badly named files now (e.g.,
test/Assembler/invalid-mdcompositetype-missing-tag.ll should be
'dicompositetype'); I'll come back and move the files in a follow-up
commit.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236120 91177308-0d34-0410-b5e6-96231b3b80d8
2015-04-29 16:38:44 +00:00
Alexey Samsonov
5d3a9d6339 [docs] Fix the link to SanitizerCoverage docs.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@235934 91177308-0d34-0410-b5e6-96231b3b80d8
2015-04-27 22:50:06 +00:00