llvm dev - Sep 2019 - Debugging LowerTypeTests in LLVM Using GDB

Hi,

I am looking into Control-Flow Integrity for indirect function calls,
implemented with jump tables. I want to step through the code that produces
these jump tables in GDB. I have built clang and opt from source with
debugging symbols. I believe this code lives in
llvm/lib/Transforms/LowerTypeTests.cpp, but when I try to debug *opt* by
running the command "run -lowertypetests cfi-icall.bc > /dev/null",
I am
never able to reach this file.

Also, I have tried to debug the command "clang -flto -fsanitize=cfi-icall
indirect.c -o indirect" (where indirect.c is a C file containing an
indirect call), and am able to see the CFI jump tables in the resulting
assembly, but I cannot reach the code that produces these jump tables in
GDB. Am I targeting the wrong code for these changes, or is there something
more I need in order to run through this code in GDB? Thanks for your help!

Shishir Jessu
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20190930/2a8594de/attachment.html>

`clang` is the driver not the compiler.

Run this to get the compiler invocation: (“path/to/clang” “-cc1” ….), then debug
that instead.
"clang -flto -fsanitize=cfi-icall indirect.c -o indirect -###"

-Yuanfang

From: llvm-dev <llvm-dev-bounces at lists.llvm.org> On Behalf Of Shishir V
Jessu via llvm-dev
Sent: Monday, September 30, 2019 12:42 PM
To: llvm-dev at lists.llvm.org
Subject: [llvm-dev] Debugging LowerTypeTests in LLVM Using GDB

Hi,

I am looking into Control-Flow Integrity for indirect function calls,
implemented with jump tables. I want to step through the code that produces
these jump tables in GDB. I have built clang and opt from source with debugging
symbols. I believe this code lives in llvm/lib/Transforms/LowerTypeTests.cpp,
but when I try to debug opt by running the command "run -lowertypetests
cfi-icall.bc > /dev/null", I am never able to reach this file.

Also, I have tried to debug the command "clang -flto -fsanitize=cfi-icall
indirect.c -o indirect" (where indirect.c is a C file containing an
indirect call), and am able to see the CFI jump tables in the resulting
assembly, but I cannot reach the code that produces these jump tables in GDB. Am
I targeting the wrong code for these changes, or is there something more I need
in order to run through this code in GDB? Thanks for your help!

Shishir Jessu
[https://my-email-signature.link/signature.gif?u=452460&e=69832799&v=6efa26dd8b7b5e591d1b31d3c4a3519873f620bdba0e97b50ce1fae745e580e7]
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20190930/6f7518b1/attachment.html>

Hi Yuanfang,

Do you have any guidance about how to proceed from here? The following is
the output from the command you've given:

"Target: x86_64-unknown-linux-gnuThread model: posixInstalledDir:
/home/shishir_jessu/clang/build/bin/.
"/home/shishir_jessu/clang/build/bin/clang-10" "-cc1"
"-triple"
"x86_64-unknown-linux-gnu" "-emit-llvm-bc" "-flto"
"-flto-unit"
"-disable-free" "-main-file-name" "indirect.c"
"-mrelocation-model"
"static" "-mthread-model" "posix"
"-mframe-pointer=all" "-fmath-errno"
"-masm-verbose" "-mconstructor-aliases"
"-munwind-tables"
"-fuse-init-array" "-target-cpu" "x86-64"
"-dwarf-column-info"
"-debugger-tuning=gdb" "-resource-dir"
"/home/shishir_jessu/clang/build/lib/clang/10.0.0"
"-internal-isystem"
"/usr/local/include" "-internal-isystem"
"/home/shishir_jessu/clang/build/lib/clang/10.0.0/include"
"-internal-externc-isystem" "/usr/include/x86_64-linux-gnu"
"-internal-externc-isystem" "/include"
"-internal-externc-isystem"
"/usr/include" "-fdebug-compilation-dir"
"/home/shishir_jessu/clang/build/bin" "-ferror-limit"
"19"
"-fmessage-length" "0" "-fsanitize=cfi-icall"
"-fsanitize-trap=cfi-icall"
"-fsanitize-blacklist=/home/shishir_jessu/clang/build/lib/clang/10.0.0/share/cfi_blacklist.txt"
"-fsanitize-cfi-canonical-jump-tables" "-fobjc-runtime=gcc"
"-fdiagnostics-show-option" "-fcolor-diagnostics"
"-fsplit-lto-unit"
"-faddrsig" "-o" "/tmp/indirect-1aceda.o"
"-x" "c" "indirect.c"
"/usr/bin/ld" "-z" "relro"
"--hash-style=gnu" "--eh-frame-hdr" "-m"
"elf_x86_64" "-dynamic-linker"
"/lib64/ld-linux-x86-64.so.2" "-o"
"indirect"
"/usr/lib/gcc/x86_64-linux-gnu/7.4.0/../../../x86_64-linux-gnu/crt1.o"
"/usr/lib/gcc/x86_64-linux-gnu/7.4.0/../../../x86_64-linux-gnu/crti.o"
"/usr/lib/gcc/x86_64-linux-gnu/7.4.0/crtbegin.o"
"-L/usr/lib/gcc/x86_64-linux-gnu/7.4.0"
"-L/usr/lib/gcc/x86_64-linux-gnu/7.4.0/../../../x86_64-linux-gnu"
"-L/lib/x86_64-linux-gnu" "-L/lib/../lib64"
"-L/usr/lib/x86_64-linux-gnu"
"-L/usr/lib/gcc/x86_64-linux-gnu/7.4.0/../../.."
"-L/home/shishir_jessu/clang/build/bin/../lib" "-L/lib"
"-L/usr/lib"
"-plugin"
"/home/shishir_jessu/clang/build/bin/../lib/LLVMgold.so"
"-plugin-opt=mcpu=x86-64" "/tmp/indirect-1aceda.o"
"-lgcc"
"--as-needed" "-lgcc_s" "--no-as-needed"
"-lc" "-lgcc" "--as-needed"
"-lgcc_s" "--no-as-needed"
"/usr/lib/gcc/x86_64-linux-gnu/7.4.0/crtend.o"
"/usr/lib/gcc/x86_64-linux-gnu/7.4.0/../../../x86_64-linux-gnu/crtn.o"


Of the flags given, I only need one of them. So I run clang -cc1
-fsanitizecfi-icall indirect.c,  but am still not able to hit the code I'm
looking
for. Is there anything else I should be doing? Thank you!

Shishir Jessu

On Mon, Sep 30, 2019 at 2:55 PM <Yuanfang.Chen at sony.com> wrote:
> `clang` is the driver not the compiler.
>
>
>
> Run this to get the compiler invocation: (“path/to/clang” “-cc1” ….), then
> debug that instead.
>
> "clang -flto -fsanitize=cfi-icall indirect.c -o indirect -###"
>
>
>
> -Yuanfang
>
>
>
> *From:* llvm-dev <llvm-dev-bounces at lists.llvm.org> *On Behalf Of
*Shishir
> V Jessu via llvm-dev
> *Sent:* Monday, September 30, 2019 12:42 PM
> *To:* llvm-dev at lists.llvm.org
> *Subject:* [llvm-dev] Debugging LowerTypeTests in LLVM Using GDB
>
>
>
> Hi,
>
> I am looking into Control-Flow Integrity for indirect function calls,
> implemented with jump tables. I want to step through the code that produces
> these jump tables in GDB. I have built clang and opt from source with
> debugging symbols. I believe this code lives in
> llvm/lib/Transforms/LowerTypeTests.cpp, but when I try to debug *opt* by
> running the command "run -lowertypetests cfi-icall.bc >
/dev/null", I am
> never able to reach this file.
>
> Also, I have tried to debug the command "clang -flto
-fsanitize=cfi-icall
> indirect.c -o indirect" (where indirect.c is a C file containing an
> indirect call), and am able to see the CFI jump tables in the resulting
> assembly, but I cannot reach the code that produces these jump tables in
> GDB. Am I targeting the wrong code for these changes, or is there something
> more I need in order to run through this code in GDB? Thanks for your help!
>
> Shishir Jessu
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20190930/40284153/attachment.html>

---------- Forwarded message ---------
寄件者： PenYiWang <s89162504 at gmail.com>
Date: 2019年10月1日 週二 08:14
Subject: Re: [llvm-dev] Debugging LowerTypeTests in LLVM Using GDB
To: Shishir V Jessu <shishir.jessu at utexas.edu>


LLVM CFI is at LTO time

you should use -v option

to see how clang invoke /usr/bin/ld with llvm gold plugin to run LTO pass

or use "opt -lowertypetests ...."


Shishir V Jessu via llvm-dev <llvm-dev at lists.llvm.org> 於 2019年10月1日 週二
07:22 寫道：
> Hi Yuanfang,
>
> Do you have any guidance about how to proceed from here? The following is
> the output from the command you've given:
>
> "Target: x86_64-unknown-linux-gnuThread model: posixInstalledDir:
/home/shishir_jessu/clang/build/bin/.
"/home/shishir_jessu/clang/build/bin/clang-10" "-cc1"
"-triple" "x86_64-unknown-linux-gnu"
"-emit-llvm-bc" "-flto" "-flto-unit"
"-disable-free" "-main-file-name" "indirect.c"
"-mrelocation-model" "static" "-mthread-model"
"posix" "-mframe-pointer=all" "-fmath-errno"
"-masm-verbose" "-mconstructor-aliases"
"-munwind-tables" "-fuse-init-array" "-target-cpu"
"x86-64" "-dwarf-column-info"
"-debugger-tuning=gdb" "-resource-dir"
"/home/shishir_jessu/clang/build/lib/clang/10.0.0"
"-internal-isystem" "/usr/local/include"
"-internal-isystem"
"/home/shishir_jessu/clang/build/lib/clang/10.0.0/include"
"-internal-externc-isystem" "/usr/include/x86_64-linux-gnu"
"-internal-externc-isystem" "/include"
"-internal-externc-isystem" "/usr/include"
"-fdebug-compilation-dir"
"/home/shishir_jessu/clang/build/bin" "-ferror-limit"
"19" "-fmessage-length" "0"
"-fsanitize=cfi-icall" "-fsanitize-trap=cfi-icall"
"-fsanitize-blacklist=/home/shishir_jessu/clang/build/lib/clang/10.0.0/share/cfi_blacklist.txt"
"-fsanitize-cfi-canonical-jump-tables" "-fobjc-runtime=gcc"
"-fdiagnostics-show-option" "-fcolor-diagnostics"
"-fsplit-lto-unit" "-faddrsig" "-o"
"/tmp/indirect-1aceda.o" "-x" "c"
"indirect.c" "/usr/bin/ld" "-z" "relro"
"--hash-style=gnu" "--eh-frame-hdr" "-m"
"elf_x86_64" "-dynamic-linker"
"/lib64/ld-linux-x86-64.so.2" "-o" "indirect"
"/usr/lib/gcc/x86_64-linux-gnu/7.4.0/../../../x86_64-linux-gnu/crt1.o"
"/usr/lib/gcc/x86_64-linux-gnu/7.4.0/../../../x86_64-linux-gnu/crti.o"
"/usr/lib/gcc/x86_64-linux-gnu/7.4.0/crtbegin.o"
"-L/usr/lib/gcc/x86_64-linux-gnu/7.4.0"
"-L/usr/lib/gcc/x86_64-linux-gnu/7.4.0/../../../x86_64-linux-gnu"
"-L/lib/x86_64-linux-gnu" "-L/lib/../lib64"
"-L/usr/lib/x86_64-linux-gnu"
"-L/usr/lib/gcc/x86_64-linux-gnu/7.4.0/../../.."
"-L/home/shishir_jessu/clang/build/bin/../lib" "-L/lib"
"-L/usr/lib" "-plugin"
"/home/shishir_jessu/clang/build/bin/../lib/LLVMgold.so"
"-plugin-opt=mcpu=x86-64" "/tmp/indirect-1aceda.o"
"-lgcc" "--as-needed" "-lgcc_s"
"--no-as-needed" "-lc" "-lgcc"
"--as-needed" "-lgcc_s" "--no-as-needed"
"/usr/lib/gcc/x86_64-linux-gnu/7.4.0/crtend.o"
"/usr/lib/gcc/x86_64-linux-gnu/7.4.0/../../../x86_64-linux-gnu/crtn.o"
>
>
> Of the flags given, I only need one of them. So I run clang -cc1 -
> fsanitize=cfi-icall indirect.c,  but am still not able to hit the code
> I'm looking for. Is there anything else I should be doing? Thank you!
>
> Shishir Jessu
>
> On Mon, Sep 30, 2019 at 2:55 PM <Yuanfang.Chen at sony.com> wrote:
>
>> `clang` is the driver not the compiler.
>>
>>
>>
>> Run this to get the compiler invocation: (“path/to/clang” “-cc1” ….),
>> then debug that instead.
>>
>> "clang -flto -fsanitize=cfi-icall indirect.c -o indirect
-###"
>>
>>
>>
>> -Yuanfang
>>
>>
>>
>> *From:* llvm-dev <llvm-dev-bounces at lists.llvm.org> *On Behalf
Of *Shishir
>> V Jessu via llvm-dev
>> *Sent:* Monday, September 30, 2019 12:42 PM
>> *To:* llvm-dev at lists.llvm.org
>> *Subject:* [llvm-dev] Debugging LowerTypeTests in LLVM Using GDB
>>
>>
>>
>> Hi,
>>
>> I am looking into Control-Flow Integrity for indirect function calls,
>> implemented with jump tables. I want to step through the code that
produces
>> these jump tables in GDB. I have built clang and opt from source with
>> debugging symbols. I believe this code lives in
>> llvm/lib/Transforms/LowerTypeTests.cpp, but when I try to debug *opt*
by
>> running the command "run -lowertypetests cfi-icall.bc >
/dev/null", I am
>> never able to reach this file.
>>
>> Also, I have tried to debug the command "clang -flto
-fsanitize=cfi-icall
>> indirect.c -o indirect" (where indirect.c is a C file containing
an
>> indirect call), and am able to see the CFI jump tables in the resulting
>> assembly, but I cannot reach the code that produces these jump tables
in
>> GDB. Am I targeting the wrong code for these changes, or is there
something
>> more I need in order to run through this code in GDB? Thanks for your
help!
>>
>> Shishir Jessu
>>
>> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20191001/448eb145/attachment-0001.html>