This repository has been archived by the owner on Sep 30, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Florian Kasten
committed
Sep 27, 2024
1 parent
d7b669b
commit ec37baf
Showing
18 changed files
with
1,719 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
add_subdirectory(CmpCFIPass) | ||
add_subdirectory(JmpCFIPass) | ||
add_subdirectory(MLTAPass) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
//===-- CmpCFIBase.cpp ---------------------------------------------------===// | ||
|
||
// | ||
|
||
|
||
// This file is distributed under the Apache License v2.0 | ||
// License with LLVM Exceptions. See LICENSE.TXT for details. | ||
// | ||
// Author: Florian Kasten, Fraunhofer AISEC | ||
// | ||
//===----------------------------------------------------------------------===// | ||
#include "CmpCFIBase.h" | ||
|
||
using namespace llvm; | ||
|
||
namespace HPCFI { | ||
BasicBlock *CmpCFIBase::insertCmpCFICheck(CallBase *CB, std::set<Function *> Targets) { | ||
assert(CB->isIndirectCall()); | ||
|
||
// Split block containing "Call %reg" into two blocks: | ||
// BBS contains every instruction before the call | ||
// BBC contains the call + every instruction after the call | ||
BasicBlock *BBC = CB->getParent()->splitBasicBlock(CB, "BBC"); | ||
BasicBlock *BBS = BBC->getSinglePredecessor(); | ||
BBS->getTerminator()->eraseFromParent(); | ||
|
||
// Insert CFI checks between BB1 and BBC. Every check gives one block. | ||
llvm::IRBuilder<> B(BBS); | ||
BasicBlock *CurrBB = BasicBlock::Create(M->getContext(), "B", CB->getFunction(), BBC); | ||
BasicBlock *First = CurrBB; | ||
B.CreateBr(CurrBB); | ||
|
||
for (Function *Target : Targets) { | ||
BasicBlock *NextBB = BasicBlock::Create(M->getContext(), "B", CB->getFunction(), BBC); | ||
|
||
B.SetInsertPoint(CurrBB); | ||
Value *CastedTarget = | ||
B.CreateCast(Instruction::BitCast, Target, CB->getCalledOperand()->getType(), "Target"); | ||
Value *IsValidPtr = | ||
B.CreateCmp(CmpInst::Predicate::ICMP_EQ, CastedTarget, CB->getCalledOperand(), "Check"); | ||
B.CreateCondBr(IsValidPtr, BBC, NextBB); | ||
|
||
CurrBB = NextBB; | ||
} | ||
|
||
// Create CFI Fail Block | ||
B.SetInsertPoint(CurrBB); | ||
B.CreateCall(CFIFailFunc); | ||
B.CreateUnreachable(); | ||
return First; | ||
} | ||
} // namespace HPCFI |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
//===-- CmpCFIBase.h -----------------------------------------------------===// | ||
|
||
// | ||
|
||
|
||
// This file is distributed under the Apache License v2.0 | ||
// License with LLVM Exceptions. See LICENSE.TXT for details. | ||
// | ||
// Author: Florian Kasten, Fraunhofer AISEC | ||
// | ||
//===----------------------------------------------------------------------===// | ||
#ifndef CMPCFIBASE_H_ | ||
#define CMPCFIBASE_H_ | ||
|
||
#include "HPCFIBase.h" | ||
|
||
using namespace llvm; | ||
|
||
namespace HPCFI { | ||
class CmpCFIBase : public virtual HPCFIBase { | ||
protected: | ||
CmpCFIBase(char ID) : HPCFIBase(ID) {} | ||
|
||
// insert CMP-CFI check at indirect call | ||
BasicBlock *insertCmpCFICheck(CallBase *, std::set<Function *>); | ||
}; | ||
} // namespace HPCFI | ||
|
||
#endif // CMPCFIBASE_H_ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
include_directories( ${CMAKE_SOURCE_DIR}/../../hpcfi-svf/include ) | ||
|
||
add_llvm_library( LLVMHPCFICmp MODULE | ||
CmpCFIPass.cpp | ||
../HPCFIBase.cpp | ||
../CmpCFIBase.cpp | ||
|
||
PLUGIN_TOOL | ||
opt | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
//===-- CmpCFIPass.cpp ----------------------------------------------------===// | ||
|
||
// | ||
|
||
|
||
// This file is distributed under the Apache License v2.0 | ||
// License with LLVM Exceptions. See LICENSE.TXT for details. | ||
// | ||
// Author: Florian Kasten, Fraunhofer AISEC | ||
// | ||
//===----------------------------------------------------------------------===// | ||
#include "../CmpCFIBase.h" | ||
|
||
using namespace llvm; | ||
|
||
namespace HPCFI { | ||
struct CmpCFIPass : CmpCFIBase { | ||
static char ID; | ||
CmpCFIPass() : HPCFIBase(ID), CmpCFIBase(ID) {} | ||
|
||
StringRef getPassName() const override { return "cmpcfi"; } | ||
|
||
bool runOnModule(Module &M) override { | ||
HPCFIBase::runOnModule(M); | ||
std::vector<CallBase *> IndirectCalls = getIndirectCalls(); | ||
for (CallBase *CB : IndirectCalls) { | ||
std::set<Function *> Targets = getTargets(CB, true); | ||
insertCmpCFICheck(CB, Targets); | ||
} | ||
|
||
return true; | ||
} | ||
}; | ||
} // namespace HPCFI | ||
|
||
char HPCFI::CmpCFIPass::ID = 77; | ||
static RegisterPass<HPCFI::CmpCFIPass> X("cmpcfi", "CMP CFI"); | ||
|
||
static RegisterStandardPasses C(PassManagerBuilder::EP_FullLinkTimeOptimizationLast, | ||
[](const PassManagerBuilder &Builder, legacy::PassManagerBase &PM) { | ||
PM.add(new HPCFI::CmpCFIPass()); | ||
}); |
Oops, something went wrong.