[RISC-V] Add support for AddressSanitizer on RISC-V GCC

Sat Aug 22 14:33:16 GMT 2020

On Fri, Aug 21, 2020 at 12:04 AM Palmer Dabbelt <palmer@dabbelt.com> wrote:
>
> On Wed, 19 Aug 2020 02:25:37 PDT (-0700), gcc-patches@gcc.gnu.org wrote:
> > Hi Andrew:
> >
> > I am not sure the reason why some targets pick different numbers.
> > It seems it's not only target dependent but also OS dependent[1].
> >
> > For RV32, I think using 1<<29 like other 32 bit targets is fine.
> >
> > [1] https://github.com/llvm/llvm-project/blob/master/compiler-rt/lib/asan/asan_mapping.h#L159
> >
> > Hi Joshua:
> >
> > Could you update that for RV32, and this patch will be pending until
> > LLVM accepts the libsanitizer part.
>
> This is ABI, and Linux only supports kasan on rv64 right now so it's
> technically undefined.  It's probably best to avoid picking an arbitrary number
> for rv32, as we still have some open questions WRT the kernel memory map over
> there.  I doubt that will get sorted out for a while, as the rv32 doesn't get a
> lot of attention (though hopefully the glibc stuff will help out).

Yeah, I agree it's part of ABI, and I think this part could wait until
rv32 glibc upstream, the day seems not too far.

> > On Wed, Aug 19, 2020 at 4:48 PM Andrew Waterman <andrew@sifive.com> wrote:
> >>
> >> I'm having trouble understanding why different ports chose their
> >> various constants--e.g., SPARC uses 1<<29 for 32-bit and 1<<43 for
> >> 64-bit, whereas x86 uses 1<<29 and 0x7fff8000, respectively.  So I
> >> can't comment on the choice of the constant 1<<36 for RISC-V.  But
> >> isn't it a problem that 1<<36 is not a valid Pmode value for ILP32?
>
> This is for kasan (not regular asan), which requires some coordination between
> the kernel's memory map and the compiler's inline address sanitizer (as you
> can't just pick your own memory map).  Essentially what's going on is that
> there's an array of valid tags associated with each address, which is checked
> in-line by the compiler for performance reasons (IIRC it used to be library
> routines).  The compiler needs to know how to map between addresses and tags,
> which depends on the kernel's memory map -- essentially baking the kernel's
> memory map into the compiler.  That's why the constants seem somewhat
> arbitrary.

IIRC kasan will give the offset via -fasan-shadow-offset,
so TARGET_ASAN_SHADOW_OFFSET only meaningful for (user-space) asan.

>
> In order to save memory there's some lossyness in the address->tag mapping.
> Most 32-bit ports pick a tag array that's 1/8th of the memory size, which is
> where the 29 comes from.  I don't see any reason why that wouldn't be workable
> on rv32, but it seems better to make sure that's the case rather than just
> making up an ABI :)

I guess we could try it after rv32 glibc upstream.

>
> >> On Wed, Aug 19, 2020 at 1:02 AM Joshua via Gcc-patches
> >> <gcc-patches@gcc.gnu.org> wrote:
> >> >
> >> > From: cooper.joshua <cooper.joshua@linux.alibaba.com>
> >> >
> >> >     gcc/
> >> >
> >> >         * config/riscv/riscv.c (asan_shadow_offset): Implement the offset of asan shadow memory for risc-v.
> >> >         (asan_shadow_offset): new macro definition.
> >> > ---
> >> >
> >> >  gcc/config/riscv/riscv.c | 11 +++++++++++
> >> >  1 file changed, 11 insertions(+)
> >> >
> >> > diff --git a/gcc/config/riscv/riscv.c b/gcc/config/riscv/riscv.c
> >> > index 63b0c38..b85b459 100644
> >> > --- a/gcc/config/riscv/riscv.c
> >> > +++ b/gcc/config/riscv/riscv.c
> >> > @@ -5292,6 +5292,14 @@ riscv_gpr_save_operation_p (rtx op)
> >> >    return true;
> >> >  }
> >> >
> >> > +/* Implement TARGET_ASAN_SHADOW_OFFSET.  */
> >> > +
> >> > +static unsigned HOST_WIDE_INT
> >> > +riscv_asan_shadow_offset (void)
> >> > +{
> >> > +  return HOST_WIDE_INT_1U << 36;
> >> > +}
> >> > +
> >> >  /* Initialize the GCC target structure.  */
> >> >  #undef TARGET_ASM_ALIGNED_HI_OP
> >> >  #define TARGET_ASM_ALIGNED_HI_OP "\t.half\t"
> >> > @@ -5475,6 +5483,9 @@ riscv_gpr_save_operation_p (rtx op)
> >> >  #undef TARGET_NEW_ADDRESS_PROFITABLE_P
> >> >  #define TARGET_NEW_ADDRESS_PROFITABLE_P riscv_new_address_profitable_p
> >> >
> >> > +#undef TARGET_ASAN_SHADOW_OFFSET
> >> > +#define TARGET_ASAN_SHADOW_OFFSET riscv_asan_shadow_offset
> >> > +
> >> >  struct gcc_target targetm = TARGET_INITIALIZER;
> >> >
> >> >  #include "gt-riscv.h"
> >> > --
> >> > 2.7.4
> >> >