RPCS3/llvm-mirror
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm-mirror.git synced 2024-11-24 03:33:20 +01:00
Code Issues Projects Releases Wiki Activity
205f1a60c6
llvm-mirror/tools/llvm-cfi-verify/llvm-cfi-verify.cpp
Alexey Lapshin 279a200561 [DebugInfo] add SectionedAddress to DebugInfo interfaces. 
That patch is the fix for https://bugs.llvm.org/show_bug.cgi?id=40703
   "wrong line number info for obj file compiled with -ffunction-sections"
   bug. The problem happened with only .o files. If object file contains
   several .text sections then line number information showed incorrectly.
   The reason for this is that DwarfLineTable could not detect section which
   corresponds to specified address(because address is the local to the
   section). And as the result it could not select proper sequence in the
   line table. The fix is to pass SectionIndex with the address. So that it
   would be possible to differentiate addresses from various sections. With
   this fix llvm-objdump shows correct line numbers for disassembled code.

   Differential review: https://reviews.llvm.org/D58194

llvm-svn: 354972
2019-02-27 13:17:36 +00:00

276 lines
9.5 KiB
C++
Raw Blame History

//===-- llvm-cfi-verify.cpp - CFI Verification tool for LLVM --------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This tool verifies Control Flow Integrity (CFI) instrumentation by static
// binary anaylsis. See the design document in /docs/CFIVerify.rst for more
// information.
//
// This tool is currently incomplete. It currently only does disassembly for
// object files, and searches through the code for indirect control flow
// instructions, printing them once found.
//
//===----------------------------------------------------------------------===//
#include "lib/FileAnalysis.h"
#include "lib/GraphBuilder.h"
#include "llvm/BinaryFormat/ELF.h"
#include "llvm/Support/CommandLine.h"
#include "llvm/Support/Error.h"
#include "llvm/Support/FormatVariadic.h"
#include "llvm/Support/SpecialCaseList.h"
#include <cstdlib>
using namespace llvm;
using namespace llvm::object;
using namespace llvm::cfi_verify;
cl::opt<std::string> InputFilename(cl::Positional, cl::desc("<input file>"),
cl::Required);
cl::opt<std::string> BlacklistFilename(cl::Positional,
cl::desc("[blacklist file]"),
cl::init("-"));
cl::opt<bool> PrintGraphs(
"print-graphs",
cl::desc("Print graphs around indirect CF instructions in DOT format."),
cl::init(false));
cl::opt<unsigned> PrintBlameContext(
"blame-context",
cl::desc("Print the blame context (if possible) for BAD instructions. This "
"specifies the number of lines of context to include, where zero "
"disables this feature."),
cl::init(0));
cl::opt<unsigned> PrintBlameContextAll(
"blame-context-all",
cl::desc("Prints the blame context (if possible) for ALL instructions. "
"This specifies the number of lines of context for non-BAD "
"instructions (see --blame-context). If --blame-context is "
"unspecified, it prints this number of contextual lines for BAD "
"instructions as well."),
cl::init(0));
cl::opt<bool> Summarize("summarize", cl::desc("Print the summary only."),
cl::init(false));
ExitOnError ExitOnErr;
void printBlameContext(const DILineInfo &LineInfo, unsigned Context) {
auto FileOrErr = MemoryBuffer::getFile(LineInfo.FileName);
if (!FileOrErr) {
errs() << "Could not open file: " << LineInfo.FileName << "\n";
return;
}
std::unique_ptr<MemoryBuffer> File = std::move(FileOrErr.get());
SmallVector<StringRef, 100> Lines;
File->getBuffer().split(Lines, '\n');
for (unsigned i = std::max<size_t>(1, LineInfo.Line - Context);
i <
std::min<size_t>(Lines.size() + 1, LineInfo.Line + Context + 1);
++i) {
if (i == LineInfo.Line)
outs() << ">";
else
outs() << " ";
outs() << i << ": " << Lines[i - 1] << "\n";
}
}
void printInstructionInformation(const FileAnalysis &Analysis,
const Instr &InstrMeta,
const GraphResult &Graph,
CFIProtectionStatus ProtectionStatus) {
outs() << "Instruction: " << format_hex(InstrMeta.VMAddress, 2) << " ("
<< stringCFIProtectionStatus(ProtectionStatus) << "): ";
Analysis.printInstruction(InstrMeta, outs());
outs() << " \n";
if (PrintGraphs)
Graph.printToDOT(Analysis, outs());
}
void printInstructionStatus(unsigned BlameLine, bool CFIProtected,
const DILineInfo &LineInfo) {
if (BlameLine) {
outs() << "Blacklist Match: " << BlacklistFilename << ":" << BlameLine
<< "\n";
if (CFIProtected)
outs() << "====> Unexpected Protected\n";
else
outs() << "====> Expected Unprotected\n";
if (PrintBlameContextAll)
printBlameContext(LineInfo, PrintBlameContextAll);
} else {
if (CFIProtected) {
outs() << "====> Expected Protected\n";
if (PrintBlameContextAll)
printBlameContext(LineInfo, PrintBlameContextAll);
} else {
outs() << "====> Unexpected Unprotected (BAD)\n";
if (PrintBlameContext)
printBlameContext(LineInfo, PrintBlameContext);
}
}
}
void printIndirectCFInstructions(FileAnalysis &Analysis,
const SpecialCaseList *SpecialCaseList) {
uint64_t ExpectedProtected = 0;
uint64_t UnexpectedProtected = 0;
uint64_t ExpectedUnprotected = 0;
uint64_t UnexpectedUnprotected = 0;
std::map<unsigned, uint64_t> BlameCounter;
for (object::SectionedAddress Address : Analysis.getIndirectInstructions()) {
const auto &InstrMeta = Analysis.getInstructionOrDie(Address.Address);
GraphResult Graph = GraphBuilder::buildFlowGraph(Analysis, Address);
CFIProtectionStatus ProtectionStatus =
Analysis.validateCFIProtection(Graph);
bool CFIProtected = (ProtectionStatus == CFIProtectionStatus::PROTECTED);
if (!Summarize) {
outs() << "-----------------------------------------------------\n";
printInstructionInformation(Analysis, InstrMeta, Graph, ProtectionStatus);
}
if (IgnoreDWARFFlag) {
if (CFIProtected)
ExpectedProtected++;
else
UnexpectedUnprotected++;
continue;
}
auto InliningInfo = Analysis.symbolizeInlinedCode(Address);
if (!InliningInfo || InliningInfo->getNumberOfFrames() == 0) {
errs() << "Failed to symbolise " << format_hex(Address.Address, 2)
<< " with line tables from " << InputFilename << "\n";
exit(EXIT_FAILURE);
}
const auto &LineInfo = InliningInfo->getFrame(0);
// Print the inlining symbolisation of this instruction.
if (!Summarize) {
for (uint32_t i = 0; i < InliningInfo->getNumberOfFrames(); ++i) {
const auto &Line = InliningInfo->getFrame(i);
outs() << " " << format_hex(Address.Address, 2) << " = "
<< Line.FileName << ":" << Line.Line << ":" << Line.Column
<< " (" << Line.FunctionName << ")\n";
}
}
if (!SpecialCaseList) {
if (CFIProtected) {
if (PrintBlameContextAll && !Summarize)
printBlameContext(LineInfo, PrintBlameContextAll);
ExpectedProtected++;
} else {
if (PrintBlameContext && !Summarize)
printBlameContext(LineInfo, PrintBlameContext);
UnexpectedUnprotected++;
}
continue;
}
unsigned BlameLine = 0;
for (auto &K : {"cfi-icall", "cfi-vcall"}) {
if (!BlameLine)
BlameLine =
SpecialCaseList->inSectionBlame(K, "src", LineInfo.FileName);
if (!BlameLine)
BlameLine =
SpecialCaseList->inSectionBlame(K, "fun", LineInfo.FunctionName);
}
if (BlameLine) {
BlameCounter[BlameLine]++;
if (CFIProtected)
UnexpectedProtected++;
else
ExpectedUnprotected++;
} else {
if (CFIProtected)
ExpectedProtected++;
else
UnexpectedUnprotected++;
}
if (!Summarize)
printInstructionStatus(BlameLine, CFIProtected, LineInfo);
}
uint64_t IndirectCFInstructions = ExpectedProtected + UnexpectedProtected +
ExpectedUnprotected + UnexpectedUnprotected;
if (IndirectCFInstructions == 0) {
outs() << "No indirect CF instructions found.\n";
return;
}
outs() << formatv("\nTotal Indirect CF Instructions: {0}\n"
"Expected Protected: {1} ({2:P})\n"
"Unexpected Protected: {3} ({4:P})\n"
"Expected Unprotected: {5} ({6:P})\n"
"Unexpected Unprotected (BAD): {7} ({8:P})\n",
IndirectCFInstructions, ExpectedProtected,
((double)ExpectedProtected) / IndirectCFInstructions,
UnexpectedProtected,
((double)UnexpectedProtected) / IndirectCFInstructions,
ExpectedUnprotected,
((double)ExpectedUnprotected) / IndirectCFInstructions,
UnexpectedUnprotected,
((double)UnexpectedUnprotected) / IndirectCFInstructions);
if (!SpecialCaseList)
return;
outs() << "\nBlacklist Results:\n";
for (const auto &KV : BlameCounter) {
outs() << " " << BlacklistFilename << ":" << KV.first << " affects "
<< KV.second << " indirect CF instructions.\n";
}
}
int main(int argc, char **argv) {
cl::ParseCommandLineOptions(
argc, argv,
"Identifies whether Control Flow Integrity protects all indirect control "
"flow instructions in the provided object file, DSO or binary.\nNote: "
"Anything statically linked into the provided file *must* be compiled "
"with '-g'. This can be relaxed through the '--ignore-dwarf' flag.");
InitializeAllTargetInfos();
InitializeAllTargetMCs();
InitializeAllAsmParsers();
InitializeAllDisassemblers();
if (PrintBlameContextAll && !PrintBlameContext)
PrintBlameContext.setValue(PrintBlameContextAll);
std::unique_ptr<SpecialCaseList> SpecialCaseList;
if (BlacklistFilename != "-") {
std::string Error;
SpecialCaseList = SpecialCaseList::create({BlacklistFilename}, Error);
if (!SpecialCaseList) {
errs() << "Failed to get blacklist: " << Error << "\n";
exit(EXIT_FAILURE);
}
}
FileAnalysis Analysis = ExitOnErr(FileAnalysis::Create(InputFilename));
printIndirectCFInstructions(Analysis, SpecialCaseList.get());
return EXIT_SUCCESS;
}
Reference in New Issue View Git Blame Copy Permalink