Skip to content
Snippets Groups Projects
Commit 8e0bb219 authored by Matt Morehouse's avatar Matt Morehouse
Browse files

[HWASan] Mention x86_64 aliasing mode in design doc. 

Reviewed By: eugenis

Differential Revision: https://reviews.llvm.org/D98892
parent 5797feaa
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
clang/docs/HardwareAssistedAddressSanitizerDesign.rst
+ 16
4
View file @ 8e0bb219
......@@ -19,13 +19,17 @@ The redzones, the quarantine, and, to a less extent, the shadow, are the
sources of AddressSanitizer's memory overhead.
See the `AddressSanitizer paper`_ for details.
AArch64 has the `Address Tagging`_ (or top-byte-ignore, TBI), a hardware feature that allows
software to use 8 most significant bits of a 64-bit pointer as
AArch64 has `Address Tagging`_ (or top-byte-ignore, TBI), a hardware feature that allows
software to use the 8 most significant bits of a 64-bit pointer as
a tag. HWASAN uses `Address Tagging`_
to implement a memory safety tool, similar to :doc:`AddressSanitizer`,
but with smaller memory overhead and slightly different (mostly better)
accuracy guarantees.
Intel's `Linear Address Masking`_ (LAM) also provides address tagging for
x86_64, though it is not widely available in hardware yet. For x86_64, HWASAN
has a limited implementation using page aliasing instead.
Algorithm
=========
* Every heap/stack/global memory object is forcibly aligned by `TG` bytes
......@@ -266,7 +270,15 @@ before every load and store by compiler instrumentation, but this variant
will have limited deployability since not all of the code is
typically instrumented.
The HWASAN's approach is not applicable to 32-bit architectures.
On x86_64, HWASAN utilizes page aliasing to place tags in userspace address
bits. Currently only heap tagging is supported. The page aliases rely on
shared memory, which will cause heap memory to be shared between processes if
the application calls ``fork()``. Therefore x86_64 is really only safe for
applications that do not fork.
HWASAN does not currently support 32-bit architectures since they do not
support `Address Tagging`_ and the address space is too constrained to easily
implement page aliasing.
Related Work
......@@ -284,4 +296,4 @@ Related Work
.. _SPARC ADI: https://lazytyped.blogspot.com/2017/09/getting-started-with-adi.html
.. _AddressSanitizer paper: https://www.usenix.org/system/files/conference/atc12/atc12-final39.pdf
.. _Address Tagging: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.den0024a/ch12s05s01.html
.. _Linear Address Masking: https://software.intel.com/content/www/us/en/develop/download/intel-architecture-instruction-set-extensions-programming-reference.html
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment