[LLVMdev] Adding a stack probe function attribute (original) (raw)

LLVM user iusellvm at gmail.com
Mon Jul 27 19:55:29 PDT 2015

For what it's worth, I need stack probes as well. My language usecase has two relevant properties:

  1. The language guarantees total memory safety/sandboxing. Malicious programs are unable to negatively affect the rest of the system beyond consuming resources.
  2. The user of the language is allowed significant expressive power, letting him manipulate the stack. Stack probes prevent users of a language from skipping over the guard page; it's the last memory hole to be plugged once the rest of the system is secure. I think in general, any language that has these two properties will require either stack probes or a much more complicated system (like geordi, segmented stacks, or obsessive loading of allocated memory). A great number of languages fall into this situation.

On Mon, Jul 27, 2015 at 3:44 PM, Reid Kleckner <rnk at google.com> wrote:

Yeah, the function attributes section of LangRef is a reasonable place to put stuff like this: http://llvm.org/docs/LangRef.html#function-attributes <https://urldefense.proofpoint.com/v2/url?u=http-3A_llvm.orgdocsLangRef.html-23function-2Dattributes&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=Mfk2qtn1LTDThVkh6-oGglNfMADXfJdty4bhmuhMHA&m=9SIQM2l9LBT0fy7gjw3gZJGUTA7MIRtzMSZmlqBtHI&s=R92M4dbBo9gOD8RfWBKDtYxbDkJFmKDuXaVP3Wx5IE&e=>

I think we should add this. I also know that LLILAC needs something like this as well. I propose the following: - Add a string attribute called "stack-probe-symbol"="foo". - The presence of this attribute indicates that stack probes should be emitted, even on non-Windows OSs. - (future work) For LLILAC, if this attribute is present but the string is empty, this can be a signal that the check must be emitted inline, either as a sequence of stores or a loop. _This also addresses David's concern with the hardcoded probestack symbol name. On Sun, Jul 26, 2015 at 2:23 AM, John Kåre Alsaker <_ _john.mailinglists at gmail.com> wrote:

Since David Majnemer doesn't seem overly eager to merge my patches, let's see if we can't figure things out here.

I noticed a string function attribute appeared in LangRef.rst, would that be the correct place to document this? For reference: http://reviews.llvm.org/D9653 <https://urldefense.proofpoint.com/v2/url?u=http-3A_reviews.llvm.orgD9653&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=Mfk2qtn1LTDThVkh6-oGglNfMADXfJdty4bhmuhMHA&m=9SIQM2l9LBT0fy7gjw3gZJGUTA7MIRtzMSZmlqBtHI&s=gV4pNmG2FALSPJQnNAjqjGyIRfdizkPb8iOmuKtSf8&e=> http://reviews.llvm.org/D9654 <https://urldefense.proofpoint.com/v2/url?u=http-3A_reviews.llvm.orgD9654&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=Mfk2qtn1LTDThVkh6-oGglNfMADXfJdty4bhmuhMHA&m=9SIQM2l9LBT0fy7gjw3gZJGUTA7MIRtzMSZmlqBtHI&s=FWQzblQwqWGOu9ERJCGtouQpV0sCATZiW3nESlX4hU&e=> http://reviews.llvm.org/D9858 <https://urldefense.proofpoint.com/v2/url?u=http-3A_reviews.llvm.orgD9858&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=Mfk2qtn1LTDThVkh6-oGglNfMADXfJdty4bhmuhMHA&m=9SIQM2l9LBT0fy7gjw3gZJGUTA7MIRtzMSZmlqBtHI&s=ceno8V9VFeBJBroOdwCco5sUIbSxH9vlZQoPnkGe9b8&e=> On Wed, Aug 6, 2014 at 5:34 PM, John Kåre Alsaker <john.mailinglists at gmail.com> wrote: > I updated http://reviews.llvm.org/D4717 <https://urldefense.proofpoint.com/v2/url?u=http-3A_reviews.llvm.orgD4717&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=Mfk2qtn1LTDThVkh6-oGglNfMADXfJdty4bhmuhMHA&m=9SIQM2l9LBT0fy7gjw3gZJGUTA7MIRtzMSZmlqBtHI&s=ibz-wRihBgpHNnNZPBdBfNEk9rzMRKH9aputdPTYA&e=> _and also wrote an probestack > implementation: > https://github.com/Zoxc/compiler-rt/compare/llvm-mirror:master...stprobe <https://urldefense.proofpoint.com/v2/url?u=https-3A_github.comZoxccompiler-2Drtcomparellvm-2Dmirror-3Amaster...stprobe&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=Mfk2qtn1LTDThVkh6-oGglNfMADXfJdty4bhmuhMHA&m=9SIQM2l9LBT0fy7gjw3gZJGUTA7MIRtzMSZmlqBtHI&s=EzU7LhO9y-f1kS1q6Yr76NSnyLRtOQ7LJeFru3G9wDU&e=> > > Which instruction would be the preferable one to probe with? I used OR since > that's what GCC/libgcc does, but I don't see why that would be better than a > write. > > > > On Tue, Aug 5, 2014 at 7:34 PM, Reid Kleckner <rnk at google.com> wrote: >> >> On Tue, Aug 5, 2014 at 8:53 AM, John Kåre Alsaker >> <john.mailinglists at gmail.com> wrote: >>> _>>> Would the probestack functions be a suitable addition to compiler-rt? _>>> Does it already have chkstk or is that provided by something else on >>> Windows? I noticed that libgcc implemented them in cygwin.S. >> >> >> It seems reasonable to put them in compiler-rt/lib/builtins. >> >> I don't think anyone is currently using compiler-rt's builtins on Windows, _>> so it doesn't have chkstk. Typically that is provided by the Cygwin, >> MinGW, or MSVC C runtime. > >

LLVM Developers mailing list LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150727/daa894fa/attachment.html>

More information about the llvm-dev mailing list