[ASAN] Don't inline when -asan-max-inline-poisoning-size=0

When -asan-max-inline-poisoning-size=0, all shadow memory access should be
outlined (through asan calls). This was not occuring when partial poisoning
was required on the right side of a variable's redzone. This diff contains
the changes necessary to implement and utilize  __asan_set_shadow_01() through
__asan_set_shadow_07(). The change is necessary for the full abstraction of
the asan implementation and will enable experimentation with alternate strategies.

Differential Revision: https://reviews.llvm.org/D136197

Author: Roy Sundahl

compiler-rt/lib/asan/asan_interface.inc

@@ -108,6 +108,13 @@ INTERFACE_FUNCTION(__asan_report_store_n_noabort)
 INTERFACE_FUNCTION(__asan_set_death_callback)
 INTERFACE_FUNCTION(__asan_set_error_report_callback)
 INTERFACE_FUNCTION(__asan_set_shadow_00)
+INTERFACE_FUNCTION(__asan_set_shadow_01)
+INTERFACE_FUNCTION(__asan_set_shadow_02)
+INTERFACE_FUNCTION(__asan_set_shadow_03)
+INTERFACE_FUNCTION(__asan_set_shadow_04)
+INTERFACE_FUNCTION(__asan_set_shadow_05)
+INTERFACE_FUNCTION(__asan_set_shadow_06)
+INTERFACE_FUNCTION(__asan_set_shadow_07)
 INTERFACE_FUNCTION(__asan_set_shadow_f1)
 INTERFACE_FUNCTION(__asan_set_shadow_f2)
 INTERFACE_FUNCTION(__asan_set_shadow_f3)

compiler-rt/lib/asan/asan_interface_internal.h

@@ -90,6 +90,20 @@ extern "C" {
   SANITIZER_INTERFACE_ATTRIBUTE
   void __asan_set_shadow_00(uptr addr, uptr size);
   SANITIZER_INTERFACE_ATTRIBUTE
+  void __asan_set_shadow_01(uptr addr, uptr size);
+  SANITIZER_INTERFACE_ATTRIBUTE
+  void __asan_set_shadow_02(uptr addr, uptr size);
+  SANITIZER_INTERFACE_ATTRIBUTE
+  void __asan_set_shadow_03(uptr addr, uptr size);
+  SANITIZER_INTERFACE_ATTRIBUTE
+  void __asan_set_shadow_04(uptr addr, uptr size);
+  SANITIZER_INTERFACE_ATTRIBUTE
+  void __asan_set_shadow_05(uptr addr, uptr size);
+  SANITIZER_INTERFACE_ATTRIBUTE
+  void __asan_set_shadow_06(uptr addr, uptr size);
+  SANITIZER_INTERFACE_ATTRIBUTE
+  void __asan_set_shadow_07(uptr addr, uptr size);
+  SANITIZER_INTERFACE_ATTRIBUTE
   void __asan_set_shadow_f1(uptr addr, uptr size);
   SANITIZER_INTERFACE_ATTRIBUTE
   void __asan_set_shadow_f2(uptr addr, uptr size);

compiler-rt/lib/asan/asan_poisoning.cpp

@@ -13,6 +13,8 @@
 
 #include "asan_poisoning.h"
 
+#include <assert.h>
+
 #include "asan_report.h"
 #include "asan_stack.h"
 #include "sanitizer_common/sanitizer_atomic.h"
@@ -312,6 +314,41 @@ void __asan_set_shadow_00(uptr addr, uptr size) {
   REAL(memset)((void *)addr, 0, size);
 }
 
+void __asan_set_shadow_01(uptr addr, uptr size) {
+  assert(size == 1);
+  REAL(memset)((void *)addr, 0x01, size);
+}
+
+void __asan_set_shadow_02(uptr addr, uptr size) {
+  assert(size == 1);
+  REAL(memset)((void *)addr, 0x02, size);
+}
+
+void __asan_set_shadow_03(uptr addr, uptr size) {
+  assert(size == 1);
+  REAL(memset)((void *)addr, 0x03, size);
+}
+
+void __asan_set_shadow_04(uptr addr, uptr size) {
+  assert(size == 1);
+  REAL(memset)((void *)addr, 0x04, size);
+}
+
+void __asan_set_shadow_05(uptr addr, uptr size) {
+  assert(size == 1);
+  REAL(memset)((void *)addr, 0x05, size);
+}
+
+void __asan_set_shadow_06(uptr addr, uptr size) {
+  assert(size == 1);
+  REAL(memset)((void *)addr, 0x06, size);
+}
+
+void __asan_set_shadow_07(uptr addr, uptr size) {
+  assert(size == 1);
+  REAL(memset)((void *)addr, 0x07, size);
+}
+
 void __asan_set_shadow_f1(uptr addr, uptr size) {
   REAL(memset)((void *)addr, 0xf1, size);
 }

compiler-rt/lib/asan/asan_rtl.cpp

@@ -288,11 +288,18 @@ static NOINLINE void force_interface_symbols() {
     case 38: __asan_region_is_poisoned(0, 0); break;
     case 39: __asan_describe_address(0); break;
     case 40: __asan_set_shadow_00(0, 0); break;
-    case 41: __asan_set_shadow_f1(0, 0); break;
-    case 42: __asan_set_shadow_f2(0, 0); break;
-    case 43: __asan_set_shadow_f3(0, 0); break;
-    case 44: __asan_set_shadow_f5(0, 0); break;
-    case 45: __asan_set_shadow_f8(0, 0); break;
+    case 41: __asan_set_shadow_01(0, 0); break;
+    case 42: __asan_set_shadow_02(0, 0); break;
+    case 43: __asan_set_shadow_03(0, 0); break;
+    case 44: __asan_set_shadow_04(0, 0); break;
+    case 45: __asan_set_shadow_05(0, 0); break;
+    case 46: __asan_set_shadow_06(0, 0); break;
+    case 47: __asan_set_shadow_07(0, 0); break;
+    case 48: __asan_set_shadow_f1(0, 0); break;
+    case 49: __asan_set_shadow_f2(0, 0); break;
+    case 50: __asan_set_shadow_f3(0, 0); break;
+    case 51: __asan_set_shadow_f5(0, 0); break;
+    case 52: __asan_set_shadow_f8(0, 0); break;
   }
   // clang-format on
 }

compiler-rt/lib/asan/tests/asan_internal_interface_test.cpp

@@ -19,6 +19,27 @@ TEST(AddressSanitizerInternalInterface, SetShadow) {
   __asan_set_shadow_00((uptr)buffer.data(), buffer.size());
   EXPECT_EQ(std::vector<char>(buffer.size(), 0x00), buffer);
 
+  __asan_set_shadow_01((uptr)buffer.data(), buffer.size());
+  EXPECT_EQ(std::vector<char>(buffer.size(), 0x01), buffer);
+
+  __asan_set_shadow_02((uptr)buffer.data(), buffer.size());
+  EXPECT_EQ(std::vector<char>(buffer.size(), 0x02), buffer);
+
+  __asan_set_shadow_03((uptr)buffer.data(), buffer.size());
+  EXPECT_EQ(std::vector<char>(buffer.size(), 0x03), buffer);
+
+  __asan_set_shadow_04((uptr)buffer.data(), buffer.size());
+  EXPECT_EQ(std::vector<char>(buffer.size(), 0x04), buffer);
+
+  __asan_set_shadow_05((uptr)buffer.data(), buffer.size());
+  EXPECT_EQ(std::vector<char>(buffer.size(), 0x05), buffer);
+
+  __asan_set_shadow_06((uptr)buffer.data(), buffer.size());
+  EXPECT_EQ(std::vector<char>(buffer.size(), 0x06), buffer);
+
+  __asan_set_shadow_07((uptr)buffer.data(), buffer.size());
+  EXPECT_EQ(std::vector<char>(buffer.size(), 0x07), buffer);
+
   __asan_set_shadow_f1((uptr)buffer.data(), buffer.size());
   EXPECT_EQ(std::vector<char>(buffer.size(), 0xf1), buffer);
 

compiler-rt/test/asan/TestCases/set_shadow_test.c

@@ -13,6 +13,13 @@
 #include <stdlib.h>
 
 void __asan_set_shadow_00(size_t addr, size_t size);
+void __asan_set_shadow_01(size_t addr, size_t size);
+void __asan_set_shadow_02(size_t addr, size_t size);
+void __asan_set_shadow_03(size_t addr, size_t size);
+void __asan_set_shadow_04(size_t addr, size_t size);
+void __asan_set_shadow_05(size_t addr, size_t size);
+void __asan_set_shadow_06(size_t addr, size_t size);
+void __asan_set_shadow_07(size_t addr, size_t size);
 void __asan_set_shadow_f1(size_t addr, size_t size);
 void __asan_set_shadow_f2(size_t addr, size_t size);
 void __asan_set_shadow_f3(size_t addr, size_t size);
@@ -32,6 +39,34 @@ void f(long arg) {
   // X00: PASS
   case 0x00:
     return __asan_set_shadow_00(addr, 1);
+  // X01: AddressSanitizer: stack-buffer-overflow
+  // X01: [01]
+  case 0x01:
+    return __asan_set_shadow_01(addr, 1);
+  // X02: AddressSanitizer: stack-buffer-overflow
+  // X02: [02]
+  case 0x02:
+    return __asan_set_shadow_02(addr, 1);
+  // X03: AddressSanitizer: stack-buffer-overflow
+  // X03: [03]
+  case 0x03:
+    return __asan_set_shadow_03(addr, 1);
+  // X04: AddressSanitizer: stack-buffer-overflow
+  // X04: [04]
+  case 0x04:
+    return __asan_set_shadow_04(addr, 1);
+  // X05: AddressSanitizer: stack-buffer-overflow
+  // X05: [05]
+  case 0x05:
+    return __asan_set_shadow_05(addr, 1);
+  // X06: AddressSanitizer: stack-buffer-overflow
+  // X06: [06]
+  case 0x06:
+    return __asan_set_shadow_06(addr, 1);
+  // X07: AddressSanitizer: stack-buffer-overflow
+  // X07: [07]
+  case 0x07:
+    return __asan_set_shadow_07(addr, 1);
   // XF1: AddressSanitizer: stack-buffer-underflow
   // XF1: [f1]
   case 0xf1:

llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp

@@ -2838,7 +2838,8 @@ void FunctionStackPoisoner::initializeCallbacks(Module &M) {
         kAsanUnpoisonStackMemoryName, IRB.getVoidTy(), IntptrTy, IntptrTy);
   }
 
-  for (size_t Val : {0x00, 0xf1, 0xf2, 0xf3, 0xf5, 0xf8}) {
+  for (size_t Val : {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0xf1, 0xf2,
+                     0xf3, 0xf5, 0xf8}) {
     std::ostringstream Name;
     Name << kAsanSetShadowPrefix;
     Name << std::setw(2) << std::setfill('0') << std::hex << Val;

llvm/test/Instrumentation/AddressSanitizer/calls-only.ll

@@ -0,0 +1,55 @@
+; RUN: opt < %s -passes=asan -asan-max-inline-poisoning-size=0   -asan-stack-dynamic-alloca=0 -S | FileCheck --check-prefix=OUTLINE %s
+; RUN: opt < %s -passes=asan -asan-max-inline-poisoning-size=999 -asan-stack-dynamic-alloca=0 -S | FileCheck --check-prefix=INLINE  %s
+
+target datalayout = "e-m:o-i64:64-i128:128-n32:64-S128"
+target triple = "arm64-apple-macosx13.0.0"
+
+; Function Attrs: noinline nounwind optnone sanitize_address ssp uwtable(sync)
+define void @foo() #0 {
+entry:
+  %array01 = alloca [1 x i8], align 1
+  %array02 = alloca [2 x i8], align 1
+  %array03 = alloca [3 x i8], align 1
+  %array04 = alloca [4 x i8], align 1
+  %array05 = alloca [5 x i8], align 1
+  %array06 = alloca [6 x i8], align 1
+  %array07 = alloca [7 x i8], align 1
+; OUTLINE:  call void @__asan_set_shadow_f1(i64 %33, i64 4)
+; OUTLINE:  call void @__asan_set_shadow_01(i64 %34, i64 1)
+; OUTLINE:  call void @__asan_set_shadow_f2(i64 %35, i64 1)
+; OUTLINE:  call void @__asan_set_shadow_02(i64 %36, i64 1)
+; OUTLINE:  call void @__asan_set_shadow_f2(i64 %37, i64 1)
+; OUTLINE:  call void @__asan_set_shadow_03(i64 %38, i64 1)
+; OUTLINE:  call void @__asan_set_shadow_f2(i64 %39, i64 1)
+; OUTLINE:  call void @__asan_set_shadow_04(i64 %40, i64 1)
+; OUTLINE:  call void @__asan_set_shadow_f2(i64 %41, i64 1)
+; OUTLINE:  call void @__asan_set_shadow_05(i64 %42, i64 1)
+; OUTLINE:  call void @__asan_set_shadow_f2(i64 %43, i64 3)
+; OUTLINE:  call void @__asan_set_shadow_06(i64 %44, i64 1)
+; OUTLINE:  call void @__asan_set_shadow_f2(i64 %45, i64 3)
+; OUTLINE:  call void @__asan_set_shadow_07(i64 %46, i64 1)
+; OUTLINE:  call void @__asan_set_shadow_f3(i64 %47, i64 3)
+; OUTLINE:  call void @__asan_set_shadow_f5(i64 %134, i64 32)
+; OUTLINE:  call void @__asan_set_shadow_00(i64 %140, i64 24)
+; INLINE:  store i64 -1007977276409515535, ptr %34, align 1
+; INLINE:  store i64 -940423264817843709, ptr %36, align 1
+; INLINE:  store i64 -868083087686045178, ptr %38, align 1
+  %arrayidx = getelementptr inbounds [1 x i8], ptr %array01, i64 0, i64 1
+  store i8 1, ptr %arrayidx, align 1
+  %arrayidx1 = getelementptr inbounds [2 x i8], ptr %array02, i64 0, i64 2
+  store i8 2, ptr %arrayidx1, align 1
+  %arrayidx2 = getelementptr inbounds [3 x i8], ptr %array03, i64 0, i64 3
+  store i8 3, ptr %arrayidx2, align 1
+  %arrayidx3 = getelementptr inbounds [4 x i8], ptr %array04, i64 0, i64 4
+  store i8 4, ptr %arrayidx3, align 1
+  %arrayidx4 = getelementptr inbounds [5 x i8], ptr %array05, i64 0, i64 5
+  store i8 5, ptr %arrayidx4, align 1
+  %arrayidx5 = getelementptr inbounds [6 x i8], ptr %array06, i64 0, i64 6
+  store i8 6, ptr %arrayidx5, align 1
+  %arrayidx6 = getelementptr inbounds [7 x i8], ptr %array07, i64 0, i64 7
+  store i8 7, ptr %arrayidx6, align 1
+; CHECK-NOT:  store i64 -723401728380766731, ptr %126, align 1
+  ret void
+}
+attributes #0 = { noinline nounwind optnone sanitize_address ssp uwtable(sync) "frame-pointer"="non-leaf" "min-legal-vector-width"="0" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="apple-m1" "target-features"="+aes,+crc,+crypto,+dotprod,+fp-armv8,+fp16fml,+fullfp16,+lse,+neon,+ras,+rcpc,+rdm,+sha2,+sha3,+sm4,+v8.1a,+v8.2a,+v8.3a,+v8.4a,+v8.5a,+v8a,+zcm,+zcz" }
+