summaryrefslogtreecommitdiffstats
path: root/llvm/tools/llvm-cfi-verify/lib
Commit message (Collapse)AuthorAgeFilesLines
* [cfi-verify] Abort on unsupported targetsJoel Galenson2018-07-161-0/+10
| | | | | | | | As suggested in the review for r337007, this makes cfi-verify abort on unsupported targets instead of producing incorrect results. It also updates the design document to reflect this. Differential Revision: https://reviews.llvm.org/D49304 llvm-svn: 337181
* [cfi-verify] Support AArch64.Joel Galenson2018-07-132-14/+39
| | | | | | | | | | | | This patch adds support for AArch64 to cfi-verify. This required three changes to cfi-verify. First, it generalizes checking if an instruction is a trap by adding a new isTrap flag to TableGen (and defining it for x86 and AArch64). Second, the code that ensures that the operand register is not clobbered between the CFI check and the indirect call needs to allow a single dereference (in x86 this happens as part of the jump instruction). Third, we needed to ensure that return instructions are not counted as indirect branches. Technically, returns are indirect branches and can be covered by CFI, but LLVM's forward-edge CFI does not protect them, and x86 does not consider them, so we keep that behavior. In addition, we had to improve AArch64's code to evaluate the branch target of a MCInst to handle calls where the destination is not the first operand (which it often is not). Differential Revision: https://reviews.llvm.org/D48836 llvm-svn: 337007
* Make llvm-cfi-verify CMakeLists.txt formatting more consistent with the rest ↵Nico Weber2018-05-091-3/+5
| | | | | | of LLVM. llvm-svn: 331835
* Remove redundant includes from tools.Michael Zolotukhin2017-12-132-4/+0
| | | | llvm-svn: 320631
* [cfi-verify] Validate there are no register clobbers between CFI-check and ↵Mitch Phillips2017-11-154-0/+57
| | | | | | | | | | | | | | | | | | | instruction execution. Summary: This patch adds another failure mode for `validateCFIProtection(..)`, wherein any register that affects the indirect control flow instruction is clobbered to between the CFI-check and the instruction's execution. Also includes a modification to make MCInstrDesc::hasDefOfPhysReg public. Reviewers: vlad.tsyrklevich Reviewed By: vlad.tsyrklevich Subscribers: llvm-commits, pcc, kcc Differential Revision: https://reviews.llvm.org/D39820 llvm-svn: 318238
* [cfi-verify] Add DOT graph printing for GraphResult objects.Mitch Phillips2017-11-144-0/+36
| | | | | | | | | | | | | | Allows users to view GraphResult objects in a DOT directed-graph format. This feature can be turned on through the --print-graphs flag. Also enabled pretty-printing of instructions in output. Together these features make analysis of unprotected CF instructions much easier by providing a visual control flow graph. Reviewers: pcc Subscribers: llvm-commits, kcc, vlad.tsyrklevich Differential Revision: https://reviews.llvm.org/D39819 llvm-svn: 318211
* [cfi-verify] Made FileAnalysis operate on a GraphResult rather than build ↵Mitch Phillips2017-11-102-44/+70
| | | | | | | | | | | | | | | | one and validate it. Refactors the behaviour of building graphs out of FileAnalysis, allowing for analysis of the GraphResult by the callee without having to rebuild the graph. Means when we want to analyse the constructed graph (planned for later revisions), we don't do repeated work. Also makes CFI verification in FileAnalysis now return an enum that allows us to differentiate why something failed, not just that it did/didn't fail. Reviewers: vlad.tsyrklevich Subscribers: kcc, pcc, llvm-commits Differential Revision: https://reviews.llvm.org/D39764 llvm-svn: 317927
* [cfi-verify] Adds blacklist blame behaviour to cfi-verify.Mitch Phillips2017-11-091-15/+15
| | | | | | | | | | | | | | Adds the blacklist behaviour to llvm-cfi-verify. Now will calculate which lines caused expected failures in the blacklist and reports the number of affected indirect CF instructions for each blacklist entry. Also moved DWARF checking after instruction analysis to improve performance significantly - unrolling the inlining stack is expensive. Reviewers: vlad.tsyrklevich Subscribers: aprantl, pcc, kcc, llvm-commits Differential Revision: https://reviews.llvm.org/D39750 llvm-svn: 317743
* Move the LLVMCFIVerify project into the Libraries folder on IDEs like Visual ↵Aaron Ballman2017-11-041-0/+1
| | | | | | Studio rather than leave it in the root directory. NFC. llvm-svn: 317415
* [cfi-verify] Add blacklist parsing for result filtering.Mitch Phillips2017-11-034-29/+34
| | | | | | | | | | | | | | | | | | | | | Adds blacklist parsing behaviour for filtering results into four categories: - Expected Protected: Things that are not in the blacklist and are protected. - Unexpected Protected: Things that are in the blacklist and are protected. - Expected Unprotected: Things that are in the blacklist and are unprotected. - Unexpected Unprotected: Things that are not in the blacklist and are unprotected. now can optionally be invoked with a second command line argument, which specifies the blacklist file that the binary was built with. Current statistics for chromium: Reviewers: vlad.tsyrklevich Subscribers: mgorny, llvm-commits, pcc, kcc Differential Revision: https://reviews.llvm.org/D39525 llvm-svn: 317364
* Update cl::opt<uint64_t> instances to cl::opt<unsigned long long>Mitch Phillips2017-11-012-6/+6
| | | | | | | | | | | | | | cl::opt<uint64_t> fails when parsing command line arguments. See https://bugs.llvm.org/show_bug.cgi?id=19665. Reviewers: pcc Subscribers: mgorny, llvm-commits, kcc Differential Revision: https://reviews.llvm.org/D38657 llvm-svn: 317141
* Parse DWARF information to reduce false positives.Mitch Phillips2017-10-315-2/+81
| | | | | | | | | | | | | | Summary: Help differentiate code and data by parsing DWARF information. This will reduce false positive rates where data is placed in executable sections and is mistakenly parsed as code, resulting in an inflation in the number of indirect CF instructions (and hence an inflation of the number of unprotected). Also prints the DWARF line data around the region of each indirect CF instruction. Reviewers: pcc Subscribers: probinson, llvm-commits, vlad.tsyrklevich, mgorny, aprantl, kcc Differential Revision: https://reviews.llvm.org/D38654 llvm-svn: 317050
* Add FileVerifier::isCFIProtected().Mitch Phillips2017-10-252-1/+35
| | | | | | | | | | | | Add a CFI protection check that is implemented by building a graph and inspecting the output to deduce if the indirect CF instruction is CFI protected. Also added the output of this instruction to printIndirectInstructions(). Reviewers: vlad.tsyrklevich Subscribers: llvm-commits, kcc, pcc, mgorny Differential Revision: https://reviews.llvm.org/D38428 llvm-svn: 316610
* Made llvm-cfi-verify not execute unit tests on non-x86 builds.Mitch Phillips2017-10-232-16/+18
| | | | | | | | | | | | | | Patched out from D38427. Reviewers: vlad.tsyrklevich Reviewed By: vlad.tsyrklevich Subscribers: llvm-commits, kcc, pcc, mgorny Differential Revision: https://reviews.llvm.org/D39197 llvm-svn: 316375
* Graph builder implementation.Mitch Phillips2017-10-234-2/+429
| | | | | | | | | | | | | | | | | | Implement a localised graph builder for indirect control flow instructions. Main interface is through GraphBuilder::buildFlowGraph, which will build a flow graph around an indirect CF instruction. Various modifications to FileVerifier are also made to const-expose some members needed for machine code analysis done by the graph builder. Reviewers: vlad.tsyrklevich Reviewed By: vlad.tsyrklevich Subscribers: llvm-commits, kcc, pcc Differential Revision: https://reviews.llvm.org/D38427 llvm-svn: 316372
* Accidently merged an incomplete upstream patch in ↵Mitch Phillips2017-10-232-5/+2
| | | | | | 10e6ee563a6b5ca498f27972ca6dbe6c308f1ac2 - reverting the changes. llvm-svn: 316359
* Patch inMitch Phillips2017-10-232-2/+5
| | | | llvm-svn: 316358
* Statically link llvm-cfi-verify's libraries.Vlad Tsyrklevich2017-10-181-3/+6
| | | | | | | | | | | | | | | | | | | Summary: llvm-cfi-verify (D38379) introduced a potential build failure when compiling with `-DLLVM_BUILD_LLVM_DYLIB=ON -DLLVM_LINK_LLVM_DYLIB=ON`. Specific versions of cmake seem to treat the `add_subdirectory()` rule differently. It seems as if old versions of cmake BFS these rules, adding them to the fringe for expansion later. Newer versions of cmake seem to immediately execute CMakeFiles that are present in this subdirectory. If the subdirectory is expanded through the fringe, the globbing resultant from `llvm_add_implicit_projects()` from `cmake/modules/AddLLVM.cmake:1012` means that `tools/llvm-shlib/CMakeFile.txt` gets executed before `tools/llvm-cfi-verify/lib/CMakeFile.txt`. As the latter CMakeFile adds a new library, this expansion order means that the library files required the unit tests in `unittests/tools/llvm-cfi-verify/` are not present in the dynamic library. This causes unit tests to fail as the required functions can't be found. This change now ensures that the libraries created by `llvm-cfi-verify` are statically linked into the unit tests. As `tools/llvm-cfi-verify/lib` no longer adds anything to `llvm-shlib`, there should be no concern about the order-of-compilation. Reviewers: skatkov, pcc Reviewed By: skatkov, pcc Subscribers: llvm-commits, kcc, pcc, aheejin, vlad.tsyrklevich, mgorny Differential Revision: https://reviews.llvm.org/D39020 llvm-svn: 316059
* MC Helpers for llvm-cfi-verify.Vlad Tsyrklevich2017-10-112-0/+101
| | | | | | | | | | | | | | | Add instruction analysis and machinecode traversal helpers in preparation for control flow graph generation implementation. Reviewers: vlad.tsyrklevich Reviewed By: vlad.tsyrklevich Subscribers: mgorny, llvm-commits, pcc, kcc Differential Revision: https://reviews.llvm.org/D38424 llvm-svn: 315528
* Reland 'Classify llvm-cfi-verify.'Vlad Tsyrklevich2017-10-114-0/+465
Summary: Move llvm-cfi-verify into a class in preparation for CFI analysis to come. Reviewers: vlad.tsyrklevich Reviewed By: vlad.tsyrklevich Subscribers: mgorny, llvm-commits, pcc, kcc Differential Revision: https://reviews.llvm.org/D38379 llvm-svn: 315504
OpenPOWER on IntegriCloud