From: Diego Novillo <dnovillo@google.com>
To: Dodji Seketeli <dodji@redhat.com>
Cc: gcc-patches@gcc.gnu.org, jakub@redhat.com, wmi@google.com,
davidxl@google.com, konstantin.s.serebryany@gmail.com
Subject: Re: [PATCH 05/10] Implement protection of stack variables
Date: Tue, 06 Nov 2012 17:22:00 -0000 [thread overview]
Message-ID: <5099474D.6050609@google.com> (raw)
In-Reply-To: <871ugb8vax.fsf_-_@redhat.com>
On 2012-11-02 16:00 , Dodji Seketeli wrote:
> This patch implements the protection of stack variables.
>
> To understand how this works, lets look at this example on x86_64
> where the stack grows downward:
>
> int
> foo ()
> {
> char a[23] = {0};
> int b[2] = {0};
>
> a[5] = 1;
> b[1] = 2;
>
> return a[5] + b[1];
> }
>
> For this function, the stack protected by asan will be organized as
> follows, from the top of the stack to the bottom:
>
> Slot 1/ [red zone of 32 bytes called 'RIGHT RedZone']
>
> Slot 2/ [24 bytes for variable 'a']
>
> Slot 3/ [8 bytes of red zone, that adds up to the space of 'a' to make
> the next slot be 32 bytes aligned; this one is called Partial
> Redzone; this 32 bytes alignment is an asan constraint]
>
> Slot 4/ [red zone of 32 bytes called 'Middle RedZone']
>
> Slot 5/ [8 bytes for variable 'b']
>
> Slot 6/ [24 bytes of Partial Red Zone (similar to slot 3]
>
> Slot 7/ [32 bytes of Red Zone at the bottom of the stack, called 'LEFT
> RedZone']
>
> [A cultural question I've kept asking myself is Why has address
> sanitizer authors called these red zones (LEFT, MIDDLE, RIGHT)
> instead of e.g, (BOTTOM, MIDDLE, TOP). Maybe they can step up and
> educate me so that I get less confused in the future. :-)]
I believe they layout the stack from right to left (top is to the
right). Feels like reading a middle earth map. Kostya, is my
recollection correct?
> The 32 bytes of LEFT red zone at the bottom of the stack can be
> decomposed as such:
>
> 1/ The first 8 bytes contain a magical asan number that is always
> 0x41B58AB3.
>
> 2/ The following 8 bytes contains a pointer to a string (to be
> parsed at runtime by the runtime asan library), which format is
> the following:
>
> "<function-name> <space> <num-of-variables-on-the-stack>
> (<32-bytes-aligned-offset-in-bytes-of-variable> <space>
> <length-of-var-in-bytes> ){n} "
>
> where '(...){n}' means the content inside the parenthesis occurs 'n'
> times, with 'n' being the number of variables on the stack.
>
> 3/ The following 16 bytes of the red zone have no particular
> format.
>
> The shadow memory for that stack layout is going to look like this:
>
> - content of shadow memory 8 bytes for slot 7: 0xFFFFFFFFF1F1F1F1.
> The F1 byte pattern is a magic number called
> ASAN_STACK_MAGIC_LEFT and is a way for the runtime to know that
> the memory for that shadow byte is part of a the LEFT red zone
> intended to seat at the bottom of the variables on the stack.
>
> - content of shadow memory 8 bytes for slots 6 and 5:
> 0xFFFFFFFFF4F4F400. The F4 byte pattern is a magic number
> called ASAN_STACK_MAGIC_PARTIAL. It flags the fact that the
> memory region for this shadow byte is a PARTIAL red zone
> intended to pad a variable A, so that the slot following
> {A,padding} is 32 bytes aligned.
>
> Note that the fact that the least significant byte of this
> shadow memory content is 00 means that 8 bytes of its
> corresponding memory (which corresponds to the memory of
> variable 'b') is addressable.
>
> - content of shadow memory 8 bytes for slot 4: 0xFFFFFFFFF2F2F2F2.
> The F2 byte pattern is a magic number called
> ASAN_STACK_MAGIC_MIDDLE. It flags the fact that the memory
> region for this shadow byte is a MIDDLE red zone intended to
> seat between two 32 aligned slots of {variable,padding}.
>
> - content of shadow memory 8 bytes for slot 3 and 2:
> 0xFFFFFFFFF4000000. This represents is the concatenation of
> variable 'a' and the partial red zone following it, like what we
> had for variable 'b'. The least significant 3 bytes being 00
> means that the 3 bytes of variable 'a' are addressable.
>
> - content of shadow memory 8 bytes for slot 1: 0xFFFFFFFFF3F3F3F3.
> The F3 byte pattern is a magic number called
> ASAN_STACK_MAGIC_RIGHT. It flags the fact that the memory
> region for this shadow byte is a RIGHT red zone intended to seat
> at the top of the variables of the stack.
>
This is a great summary. Please put it at the top of asan.c or in some
other prominent place.
> - offset = alloc_stack_frame_space (stack_vars[i].size, alignb);
> + if (flag_asan && pred)
> + {
> + HOST_WIDE_INT prev_offset = frame_offset;
> + tree repr_decl = NULL_TREE;
> +
> + offset
> + = alloc_stack_frame_space (stack_vars[i].size
> + + ASAN_RED_ZONE_SIZE,
> + MAX (alignb, ASAN_RED_ZONE_SIZE));
> + VEC_safe_push (HOST_WIDE_INT, heap, data->asan_vec,
> + prev_offset);
> + VEC_safe_push (HOST_WIDE_INT, heap, data->asan_vec,
> + offset + stack_vars[i].size);
Oh, gee, thanks. More VEC() code for me to convert ;)
The patch is OK.
Diego.
next prev parent reply other threads:[~2012-11-06 17:22 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-01 19:53 [PATCH 00/13] Request to merge Address Sanitizer in dodji
2012-11-01 19:53 ` [PATCH 05/13] Allow asan at -O0 dodji
2012-11-01 19:53 ` [PATCH 09/13] Don't forget to protect 32 bytes aligned global variables dodji
2012-11-01 19:53 ` [PATCH 12/13] Instrument built-in memory access function calls dodji
2012-11-01 19:53 ` [PATCH 11/13] Factorize condition insertion code out of build_check_stmt dodji
2012-11-01 19:53 ` [PATCH 07/13] Implement protection of global variables dodji
2012-11-01 19:53 ` [PATCH 06/13] Implement protection of stack variables dodji
[not found] ` <CAGQ9bdweH8Pn=8vLTNa8FSzAh92OYrWScxK78n9znCodADJUvw@mail.gmail.com>
2012-11-02 4:35 ` Xinliang David Li
2012-11-02 15:25 ` Dodji Seketeli
2012-11-02 14:44 ` Dodji Seketeli
[not found] ` <CAGQ9bdxQG3i=BrSYmaN-ssdv4omW6F5VTg50viskKNcYrF-8BQ@mail.gmail.com>
2012-11-02 16:02 ` Dodji Seketeli
2012-11-01 19:53 ` [PATCH 10/13] Make build_check_stmt accept an SSA_NAME for its base dodji
2012-11-01 19:53 ` [PATCH 02/13] Rename tree-asan.[ch] to asan.[ch] dodji
2012-11-01 21:54 ` Joseph S. Myers
2012-11-02 22:44 ` Dodji Seketeli
2012-11-01 19:53 ` [PATCH 01/13] Initial import of asan from the Google branch dodji
2012-11-01 19:53 ` [PATCH 08/13] Fix a couple of ICEs dodji
2012-11-01 19:53 ` [PATCH 03/13] Initial asan cleanups dodji
2012-11-01 19:54 ` [PATCH 04/13] Emit GIMPLE directly instead of gimplifying GENERIC dodji
2012-11-02 22:53 ` [PATCH 00/13] Request to merge Address Sanitizer in Dodji Seketeli
2012-11-02 22:56 ` [PATCH 01/10] Initial import of asan from the Google branch into trunk Dodji Seketeli
2012-11-06 17:04 ` Diego Novillo
2012-11-09 13:14 ` Tobias Burnus
2012-11-09 13:58 ` Jakub Jelinek
2012-11-09 16:53 ` Xinliang David Li
2012-11-09 17:13 ` Tobias Burnus
2012-11-09 17:18 ` Wei Mi
2012-11-12 11:09 ` [PATCH 03/11] Emit GIMPLE directly instead of gimplifying GENERIC Dodji Seketeli
2012-11-12 11:20 ` [PATCH 01/10] Initial import of asan from the Google branch into trunk Dodji Seketeli
2012-11-02 22:57 ` [PATCH 02/10] Initial asan cleanups Dodji Seketeli
2012-11-06 17:04 ` Diego Novillo
2012-11-12 11:12 ` Dodji Seketeli
2012-11-02 22:58 ` [PATCH 03/10] Emit GIMPLE directly instead of gimplifying GENERIC Dodji Seketeli
2012-11-06 17:08 ` Diego Novillo
2012-11-02 22:59 ` [PATCH 04/10] Allow asan at -O0 Dodji Seketeli
2012-11-06 17:12 ` Diego Novillo
2012-11-02 23:00 ` [PATCH 05/10] Implement protection of stack variables Dodji Seketeli
2012-11-06 17:22 ` Diego Novillo [this message]
2012-11-12 11:31 ` Dodji Seketeli
2012-11-12 11:51 ` Jakub Jelinek
2012-11-12 16:08 ` Dodji Seketeli
2012-11-02 23:01 ` [PATCH 06/10] Implement protection of global variables Dodji Seketeli
2012-11-06 17:27 ` Diego Novillo
2012-11-12 11:32 ` Dodji Seketeli
2012-11-02 23:02 ` [PATCH 07/10] Make build_check_stmt accept an SSA_NAME for its base Dodji Seketeli
2012-11-06 17:28 ` Diego Novillo
2012-11-02 23:03 ` [PATCH 08/10] Factorize condition insertion code out of build_check_stmt Dodji Seketeli
2012-11-05 15:50 ` Jakub Jelinek
2012-11-05 20:25 ` Dodji Seketeli
2012-11-06 17:30 ` Diego Novillo
2012-11-02 23:05 ` [PATCH 09/10] Instrument built-in memory access function calls Dodji Seketeli
2012-11-06 17:37 ` Diego Novillo
2012-11-12 11:40 ` Dodji Seketeli
2012-11-03 8:22 ` [PATCH 10/10] Import the asan runtime library into GCC tree Dodji Seketeli
[not found] ` <87fw4r7g8w.fsf_-_@redhat.com>
2012-11-06 17:41 ` Diego Novillo
2012-11-12 11:47 ` Dodji Seketeli
2012-11-12 18:59 ` H.J. Lu
2012-11-14 11:11 ` H.J. Lu
2012-11-14 11:42 ` H.J. Lu
2012-11-12 16:07 ` [PATCH 00/13] Request to merge Address Sanitizer in Dodji Seketeli
2012-11-12 16:21 ` Jakub Jelinek
2012-11-12 16:45 ` Tobias Burnus
2012-11-12 16:51 ` Konstantin Serebryany
2012-11-12 17:20 ` Jack Howarth
2012-11-12 17:34 ` Jack Howarth
2012-11-12 17:37 ` Tobias Burnus
2012-11-12 17:57 ` Jack Howarth
2012-11-12 17:55 ` Dodji Seketeli
2012-11-12 18:40 ` Jack Howarth
2012-11-12 20:39 ` H.J. Lu
2012-11-12 22:15 ` Ian Lance Taylor
2012-11-15 19:42 ` Jack Howarth
2012-11-15 23:42 ` Konstantin Serebryany
2012-11-16 8:27 ` Dodji Seketeli
2012-11-16 14:03 ` Jack Howarth
2012-11-16 15:57 ` Jack Howarth
2012-11-16 16:02 ` Jakub Jelinek
2012-11-16 16:47 ` Jack Howarth
2012-11-16 16:56 ` Alexander Potapenko
2012-11-16 17:06 ` Jack Howarth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5099474D.6050609@google.com \
--to=dnovillo@google.com \
--cc=davidxl@google.com \
--cc=dodji@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=jakub@redhat.com \
--cc=konstantin.s.serebryany@gmail.com \
--cc=wmi@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).