Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Track and check alignment for memory regions in llvm overrides #637

Merged
merged 10 commits into from
Feb 5, 2020
Merged

Track and check alignment for memory regions in llvm overrides #637

merged 10 commits into from
Feb 5, 2020

Conversation

brianhuffman
Copy link
Contributor

This contains a fix for #635. I'm making a PR now for the automated tests, but I want to also implement a fix for #633 on this branch before it's ready to merge.

andreistefanescu
andreistefanescu reviewed Jan 24, 2020
View reviewed changes
Copy link
Contributor

@andreistefanescu andreistefanescu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you for splitting this in multiple commits, it was easy to review :-)

src/SAWScript/Crucible/LLVM/Builtins.hs Outdated
Just a -> do
when (a < memTyAlign) $ fail $ unlines
[ "User error: manually-specified alignment was less than needed"
, "Needed for this type: " ++ show memTyAlign
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe show both memTy and memTyAlign

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good idea

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See revision 950f106

@andreistefanescu
Copy link
Contributor

let's add the test from https://github.com/GaloisInc/saw-script/tree/issue633

andreistefanescu
andreistefanescu approved these changes Jan 24, 2020
View reviewed changes
Copy link
Contributor

@andreistefanescu andreistefanescu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good, thank you!

@brianhuffman
Copy link
Contributor Author

It's not quite ready, as it appears there is a bug in crucible-llvm's isAligned function, where it ignores the alignment of the memory region of the pointer and only checks that the offset part is a multiple of the alignment. Crucible still correctly catches memory writes with insufficient alignment, but it produces the wrong error message, reporting that the "region wasn't allocated, or wasn't mutable" instead of complaining about insufficient alignment.

@robdockins
Copy link
Contributor

Yeah, the check is broken into two phases. The isAllocated check ensures that the base pointer is currently allocated with at least as much alignment as required, while the isAligned function just checks the offset. Aside from the issue with error reporting (which we should fix), I would be surprised if overrides don't check the precondition that pointers are allocated. Is the alignment information not being passed in there?

@brianhuffman
Copy link
Contributor Author

It turns out that saw-script is not calling isAllocated at all to check that the precondition that input memory regions are all valid. I can very nearly write an unsound "proof" exploiting that, by proving an override for a function that takes a pointer to a scratch buffer: When we use the override, saw-script doesn't bother to check that the pointer to the scratch buffer is valid; however, the invalidateMutableAllocs pass that we do as part of executing overrides will fail when it tries to invalidate a memory region that is not the right size or doesn't exist.

Enforce validity, mutability, and alignment for LLVM pointers.
8610ae9 
When executing an override, we now perform explicit checks on
all input pointers to enforce that each pointer points to a
valid region of sufficient size and mutability, and that it has
sufficient alignment.

Fixes #635.
Fixes #639.
langston-barrett
langston-barrett reviewed Jan 28, 2020
View reviewed changes
src/SAWScript/Crucible/LLVM/Override.hs
liftIO $
Crucible.isAllocatedAlignedPointer sym w alignment mut ptr (Just psz') mem
let msg =
"Pointer not valid:"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's unfortunate that we can't have a more specific diagnosis here. The tradeoff for a better API on the Crucible side seems to be that we and more predicates together, losing some granularity in the assertions.

@brianhuffman brianhuffman merged commit 0ce9c53 into master Feb 5, 2020
@brianhuffman brianhuffman mentioned this pull request Feb 5, 2020
Closed
@brianhuffman brianhuffman deleted the bh-alignment branch May 17, 2020 22:09
@brianhuffman brianhuffman mentioned this pull request Jan 18, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@langston-barrett langston-barrett langston-barrett left review comments

@andreistefanescu andreistefanescu andreistefanescu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@brianhuffman @andreistefanescu @robdockins @langston-barrett