1*0fca6ea1SDimitry Andric //===------------------------ nsan_platform.h -------------------*- C++ -*-===//
2*0fca6ea1SDimitry Andric //
3*0fca6ea1SDimitry Andric // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4*0fca6ea1SDimitry Andric // See https://llvm.org/LICENSE.txt for license information.
5*0fca6ea1SDimitry Andric // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6*0fca6ea1SDimitry Andric //
7*0fca6ea1SDimitry Andric //===----------------------------------------------------------------------===//
8*0fca6ea1SDimitry Andric //
9*0fca6ea1SDimitry Andric // Platform specific information for NSan.
10*0fca6ea1SDimitry Andric //
11*0fca6ea1SDimitry Andric //===----------------------------------------------------------------------===//
12*0fca6ea1SDimitry Andric
13*0fca6ea1SDimitry Andric #ifndef NSAN_PLATFORM_H
14*0fca6ea1SDimitry Andric #define NSAN_PLATFORM_H
15*0fca6ea1SDimitry Andric
16*0fca6ea1SDimitry Andric namespace __nsan {
17*0fca6ea1SDimitry Andric
18*0fca6ea1SDimitry Andric // NSan uses two regions of memory to store information:
19*0fca6ea1SDimitry Andric // - 'shadow memory' stores the shadow copies of numerical values stored in
20*0fca6ea1SDimitry Andric // application memory.
21*0fca6ea1SDimitry Andric // - 'shadow types' is used to determine which value type each byte of memory
22*0fca6ea1SDimitry Andric // belongs to. This makes sure that we always know whether a shadow value is
23*0fca6ea1SDimitry Andric // valid. Shadow values may be tampered with using access through other
24*0fca6ea1SDimitry Andric // pointer types (type punning). Each byte stores:
25*0fca6ea1SDimitry Andric // - bit 1-0: whether the corresponding value is of unknown (00),
26*0fca6ea1SDimitry Andric // float (01), double (10), or long double (11) type.
27*0fca6ea1SDimitry Andric // - bit 5-2: the index of this byte in the value, or 0000 if type is
28*0fca6ea1SDimitry Andric // unknown.
29*0fca6ea1SDimitry Andric // This allows handling unaligned loat load/stores by checking that a load
30*0fca6ea1SDimitry Andric // with a given alignment corresponds to the alignment of the store.
31*0fca6ea1SDimitry Andric // Any store of a non-floating point type invalidates the corresponding
32*0fca6ea1SDimitry Andric // bytes, so that subsequent overlapping loads (aligned or not) know that
33*0fca6ea1SDimitry Andric // the corresponding shadow value is no longer valid.
34*0fca6ea1SDimitry Andric
35*0fca6ea1SDimitry Andric // On Linux/x86_64, memory is laid out as follows:
36*0fca6ea1SDimitry Andric //
37*0fca6ea1SDimitry Andric // +--------------------+ 0x800000000000 (top of memory)
38*0fca6ea1SDimitry Andric // | application memory |
39*0fca6ea1SDimitry Andric // +--------------------+ 0x700000008000 (kAppAddr)
40*0fca6ea1SDimitry Andric // | |
41*0fca6ea1SDimitry Andric // | unused |
42*0fca6ea1SDimitry Andric // | |
43*0fca6ea1SDimitry Andric // +--------------------+ 0x400000000000 (kUnusedAddr)
44*0fca6ea1SDimitry Andric // | shadow memory |
45*0fca6ea1SDimitry Andric // +--------------------+ 0x200000000000 (kShadowAddr)
46*0fca6ea1SDimitry Andric // | shadow types |
47*0fca6ea1SDimitry Andric // +--------------------+ 0x100000000000 (kTypesAddr)
48*0fca6ea1SDimitry Andric // | reserved by kernel |
49*0fca6ea1SDimitry Andric // +--------------------+ 0x000000000000
50*0fca6ea1SDimitry Andric //
51*0fca6ea1SDimitry Andric //
52*0fca6ea1SDimitry Andric // To derive a shadow memory address from an application memory address,
53*0fca6ea1SDimitry Andric // bits 44-46 are cleared to bring the address into the range
54*0fca6ea1SDimitry Andric // [0x000000000000,0x100000000000). We scale to account for the fact that a
55*0fca6ea1SDimitry Andric // shadow value takes twice as much space as the original value.
56*0fca6ea1SDimitry Andric // Then we add kShadowAddr to put the shadow relative offset into the shadow
57*0fca6ea1SDimitry Andric // memory. See getShadowAddrFor().
58*0fca6ea1SDimitry Andric // The process is similar for the shadow types.
59*0fca6ea1SDimitry Andric
60*0fca6ea1SDimitry Andric // The ratio of app to shadow memory.
61*0fca6ea1SDimitry Andric enum { kShadowScale = 2 };
62*0fca6ea1SDimitry Andric
63*0fca6ea1SDimitry Andric // The original value type of a byte in app memory. Uses LLVM terminology:
64*0fca6ea1SDimitry Andric // https://llvm.org/docs/LangRef.html#floating-point-types
65*0fca6ea1SDimitry Andric // FIXME: support half and bfloat.
66*0fca6ea1SDimitry Andric enum ValueType {
67*0fca6ea1SDimitry Andric kUnknownValueType = 0,
68*0fca6ea1SDimitry Andric kFloatValueType = 1, // LLVM float, shadow type double.
69*0fca6ea1SDimitry Andric kDoubleValueType = 2, // LLVM double, shadow type fp128.
70*0fca6ea1SDimitry Andric kFp80ValueType = 3, // LLVM x86_fp80, shadow type fp128.
71*0fca6ea1SDimitry Andric };
72*0fca6ea1SDimitry Andric
73*0fca6ea1SDimitry Andric // The size of ValueType encoding, in bits.
74*0fca6ea1SDimitry Andric enum {
75*0fca6ea1SDimitry Andric kValueSizeSizeBits = 2,
76*0fca6ea1SDimitry Andric };
77*0fca6ea1SDimitry Andric
78*0fca6ea1SDimitry Andric #if defined(__x86_64__)
79*0fca6ea1SDimitry Andric struct Mapping {
80*0fca6ea1SDimitry Andric // FIXME: kAppAddr == 0x700000000000 ?
81*0fca6ea1SDimitry Andric static const uptr kAppAddr = 0x700000008000;
82*0fca6ea1SDimitry Andric static const uptr kUnusedAddr = 0x400000000000;
83*0fca6ea1SDimitry Andric static const uptr kShadowAddr = 0x200000000000;
84*0fca6ea1SDimitry Andric static const uptr kTypesAddr = 0x100000000000;
85*0fca6ea1SDimitry Andric static const uptr kShadowMask = ~0x700000000000;
86*0fca6ea1SDimitry Andric };
87*0fca6ea1SDimitry Andric #else
88*0fca6ea1SDimitry Andric #error "NSan not supported for this platform!"
89*0fca6ea1SDimitry Andric #endif
90*0fca6ea1SDimitry Andric
91*0fca6ea1SDimitry Andric enum MappingType {
92*0fca6ea1SDimitry Andric MAPPING_APP_ADDR,
93*0fca6ea1SDimitry Andric MAPPING_UNUSED_ADDR,
94*0fca6ea1SDimitry Andric MAPPING_SHADOW_ADDR,
95*0fca6ea1SDimitry Andric MAPPING_TYPES_ADDR,
96*0fca6ea1SDimitry Andric MAPPING_SHADOW_MASK
97*0fca6ea1SDimitry Andric };
98*0fca6ea1SDimitry Andric
MappingImpl()99*0fca6ea1SDimitry Andric template <typename Mapping, int Type> uptr MappingImpl() {
100*0fca6ea1SDimitry Andric switch (Type) {
101*0fca6ea1SDimitry Andric case MAPPING_APP_ADDR:
102*0fca6ea1SDimitry Andric return Mapping::kAppAddr;
103*0fca6ea1SDimitry Andric case MAPPING_UNUSED_ADDR:
104*0fca6ea1SDimitry Andric return Mapping::kUnusedAddr;
105*0fca6ea1SDimitry Andric case MAPPING_SHADOW_ADDR:
106*0fca6ea1SDimitry Andric return Mapping::kShadowAddr;
107*0fca6ea1SDimitry Andric case MAPPING_TYPES_ADDR:
108*0fca6ea1SDimitry Andric return Mapping::kTypesAddr;
109*0fca6ea1SDimitry Andric case MAPPING_SHADOW_MASK:
110*0fca6ea1SDimitry Andric return Mapping::kShadowMask;
111*0fca6ea1SDimitry Andric }
112*0fca6ea1SDimitry Andric }
113*0fca6ea1SDimitry Andric
MappingArchImpl()114*0fca6ea1SDimitry Andric template <int Type> uptr MappingArchImpl() {
115*0fca6ea1SDimitry Andric return MappingImpl<Mapping, Type>();
116*0fca6ea1SDimitry Andric }
117*0fca6ea1SDimitry Andric
118*0fca6ea1SDimitry Andric ALWAYS_INLINE
AppAddr()119*0fca6ea1SDimitry Andric uptr AppAddr() { return MappingArchImpl<MAPPING_APP_ADDR>(); }
120*0fca6ea1SDimitry Andric
121*0fca6ea1SDimitry Andric ALWAYS_INLINE
UnusedAddr()122*0fca6ea1SDimitry Andric uptr UnusedAddr() { return MappingArchImpl<MAPPING_UNUSED_ADDR>(); }
123*0fca6ea1SDimitry Andric
124*0fca6ea1SDimitry Andric ALWAYS_INLINE
ShadowAddr()125*0fca6ea1SDimitry Andric uptr ShadowAddr() { return MappingArchImpl<MAPPING_SHADOW_ADDR>(); }
126*0fca6ea1SDimitry Andric
127*0fca6ea1SDimitry Andric ALWAYS_INLINE
TypesAddr()128*0fca6ea1SDimitry Andric uptr TypesAddr() { return MappingArchImpl<MAPPING_TYPES_ADDR>(); }
129*0fca6ea1SDimitry Andric
130*0fca6ea1SDimitry Andric ALWAYS_INLINE
ShadowMask()131*0fca6ea1SDimitry Andric uptr ShadowMask() { return MappingArchImpl<MAPPING_SHADOW_MASK>(); }
132*0fca6ea1SDimitry Andric
133*0fca6ea1SDimitry Andric } // end namespace __nsan
134*0fca6ea1SDimitry Andric
135*0fca6ea1SDimitry Andric #endif
136