intel/llvm
1
0
Fork 0
mirror of https://github.com/intel/llvm.git synced 2026-01-26 12:26:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

[HWASan] Mention x86_64 aliasing mode in design doc.

Browse Source 
Reviewed By: eugenis

Differential Revision: https://reviews.llvm.org/D98892
This commit is contained in:
Matt Morehouse
2021-03-25 14:20:48 -07:00
parent 5797feaa55
commit 8e0bb21931
1 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
clang/docs/HardwareAssistedAddressSanitizerDesign.rst
View File

@@ -19,13 +19,17 @@ The redzones, the quarantine, and, to a less extent, the shadow, are the
sources of AddressSanitizer's memory overhead.
See the `AddressSanitizer paper`_ for details.
AArch64 has the `Address Tagging`_ (or top-byte-ignore, TBI), a hardware feature that allows
software to use 8 most significant bits of a 64-bit pointer as
AArch64 has `Address Tagging`_ (or top-byte-ignore, TBI), a hardware feature that allows
software to use the 8 most significant bits of a 64-bit pointer as
a tag. HWASAN uses `Address Tagging`_
to implement a memory safety tool, similar to :doc:`AddressSanitizer`,
but with smaller memory overhead and slightly different (mostly better)
accuracy guarantees.
Intel's `Linear Address Masking`_ (LAM) also provides address tagging for
x86_64, though it is not widely available in hardware yet. For x86_64, HWASAN
has a limited implementation using page aliasing instead.
Algorithm
=========
* Every heap/stack/global memory object is forcibly aligned by `TG` bytes
@@ -266,7 +270,15 @@ before every load and store by compiler instrumentation, but this variant
will have limited deployability since not all of the code is
typically instrumented.
The HWASAN's approach is not applicable to 32-bit architectures.
On x86_64, HWASAN utilizes page aliasing to place tags in userspace address
bits. Currently only heap tagging is supported. The page aliases rely on
shared memory, which will cause heap memory to be shared between processes if
the application calls ``fork()``. Therefore x86_64 is really only safe for
applications that do not fork.
HWASAN does not currently support 32-bit architectures since they do not
support `Address Tagging`_ and the address space is too constrained to easily
implement page aliasing.
Related Work
@@ -284,4 +296,4 @@ Related Work
.. _SPARC ADI: https://lazytyped.blogspot.com/2017/09/getting-started-with-adi.html
.. _AddressSanitizer paper: https://www.usenix.org/system/files/conference/atc12/atc12-final39.pdf
.. _Address Tagging: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.den0024a/ch12s05s01.html
.. _Linear Address Masking: https://software.intel.com/content/www/us/en/develop/download/intel-architecture-instruction-set-extensions-programming-reference.html