search for: canary

Dear LLVMers, I am trying to measure the performance overhead (if any) of the canaries that clang inserts in the code. I would like to do this automatically, using the LLVM test infra-structure. However, I am not sure if that is possible. Could someone tell me which flags in the TEST.nightly.Makefile script, (or any other script) I must change to have this done? Usually I insert canaries with

I have a question about the performance of the implementation of the stack protector in LLVM. Consider the following C program: ===== void canary() { char buf[20]; buf[0]++; } int main() { int i; for (i = 0; i < 1000000000; ++i) canary(); return 0; } ===== This should definately run slower when stack protection is enabled, right? I have measured the runtime of this program on two different systems compiled w...

If you compile this with optimizations, then the 'canary()' function should be totally inlined into the 'main()' function. In that case, the cost of the stack protectors will be very small compared to the loop. -bw On Mar 9, 2012, at 2:52 AM, Job Noorman <jobnoorman at gmail.com> wrote: > I have a question about the performance of...

Hi all, I want to implement the Xor random canary, so I have to get the return address in the prologue and epilogue of the function. In the prologue of the function, before I insert into the canary on the stack, I can get the return address by: ConstantInt* ci = llvm::ConstantInt::get(Type::getInt32Ty(RI->getContext()), 0); Value...

...Time(s) CPU Affinity Domain-0 0 0 3 -b- 2465.5 3 Domain-0 0 1 1 -b- 218.2 3 Domain-0 0 2 0 -b- 191.0 3 Domain-0 0 3 3 r-- 445.0 3 canary 1 0 2 r-- 11463.5 0-2 canary 1 1 1 r-- 10293.0 0-2 canary 1 2 0 r-- 9983.4 0-2 I can''t seem to figure out how to do this in the configuration file. I can issue t...

Hi all, I am master student in Edinburgh, UK. I am doing my MSc project with LLVM compiler and I have to modify LLVM to implement the StackGuard with a XOR random Canary. However, I am not familiar with LLVM. My problem is that I want to XOR the random canary word with the return address which are both 32 bits. I found a method called SimplifyXorInst(Value *, Value *, const TargetData *,const DominatorTree *, unsigned) but I do not know whether it is right...

...ted by the fact that these sorts of checkers still aren't used in standard software builds, so I find optimizing for performance and simplicity particularly interesting. Also, this is an anecdote, but have you considered writing pseudo-random data to the padding area and using its checksum as a canary? Alternately, you could even just use the first few bytes of the padding directly. We recently added optional canaries to OpenBSD and it's been useful in finding bugs. I'll have to read more about the kernel projects before I can comment. Thanks, Michael

People, Anybody knows what mean this message in my CLI: [Apr 1 16:58:34] WARNING[3845]: asterisk.c:3050 canary_thread: The canary is no more. He has ceased to be! He's expired and gone to meet his maker! He's a stiff! Bereft of life, he rests in peace. His metabolic processes are now history! He's off the twig! He's kicked the bucket. He's shuffled off his mortal coil, run down t...

All, I just noticed this in my logs, and am rather lost as to what module it pertains to. I would assume pseudo-realtime priority for the process, but I am looking for a little confirmation from the group: [Apr 28 12:28:36] WARNING[20773] asterisk.c: The canary is no more. He has ceased to be! He's expired and gone to meet his maker! He's a stiff! Bereft of life, he rests in peace. His metabolic processes are now history! He's off the twig! He's kicked the bucket. He's shuffled off his mortal coil, run down the curtain, and...

...ets generated is horribly wrong, but in > order to understand how to fix it I was wondering if there is a clear > statement of how the mechanism is supposed to work? > __stack_chk_guard is loaded and the resulting value is stored on the stack. The location on the stack contains the "canary". Before the function returns, the canary and __stack_chk_guard are compared again. If they compare unequal, __stack_chk_fail is called. Typically, the implementation of __stack_chk_fail is expected to abort the program. I believe your libc is responsible for implementing these symbols....

I am trying to implement stack probes for our SHAVE target, and I see that the compiler injects references to '__stack_chk_guard' and '__stack_chk_fail'. The code that gets generated is horribly wrong, but in order to understand how to fix it I was wondering if there is a clear statement of how the mechanism is supposed to work? The variable '__stack_chk_guard' appears

...e return address > again > cmpl %ecx, %eax > jne .LBB0_2 > > > How can I solve this problem? If it's an optimization that's causing the problem, you'll have to figure out which optimization it is and disable it. That said, I think implementing a stack canary system at the LLVM IR level is the wrong way to go. As I've suggested before, you should look into writing a pass that modifies the prologue/epilogue code at the level of MachineInstructions (i.e., you should write a MachineFunctionPass instead of a FunctionPass or ModulePass). A Machine...

I'm using bleeding-edge R-devel, so maybe my build is weird. Can anyone else reproduce this? View() seems to crash on just about anything. View(1:3) *** stack smashing detected ***: terminated Aborted (core dumped) If I debug(View) I get to the last line of code with nothing obviously looking pathological: Browse[1]> debug: invisible(.External2(C_dataviewer, x, title))

On Tuesday 10 March 2009 21:47:59 someguy wrote: > From a cursory glance, it looks like something is messing with the > stack canarys. Probably a stack buffer overflow. In case it is relevant, HLVM uses libsigsegv to detect stack overflows and that stack handler is initialized in my JITted code which LLVM's runFunction should be calling. Could libsigsegv be conflicing with the stack smashing code? -- Dr Jon Harrop, Fly...

Hi all, How to XOR the return address on the stack with a canary word both are 32 bits? Is there a method to implement it? Thank you. Ying -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.

Dear Duncan, thank you very much. I have been able to use it now, via the following command line: clang -emit-llvm -c -fstack-protector canary.c -o canary.bc llc -print-before=stack-protector -print-after=stack-protector -o canary.s < canary.bc Thank you again, Izabela Maffra. On 26 January 2013 15:55, <llvmdev-request at cs.uiuc.edu> wrote: > Send LLVMdev mailing list submissions to > llvmdev at cs.uiuc.ed...

On Mar 10, 2009, at 3:07 PM, Jon Harrop wrote: > On Tuesday 10 March 2009 21:47:59 someguy wrote: >> From a cursory glance, it looks like something is messing with the >> stack canarys. Probably a stack buffer overflow. > > In case it is relevant, HLVM uses libsigsegv to detect stack > overflows and > that stack handler is initialized in my JITted code which LLVM's > runFunction > should be calling. > > Could libsigsegv be conflicing with the stac...

Hi all, I am master student in Edinburgh, UK. I am doing my MSc project with LLVM compiler and I have to modify LLVM to implement the StackGuard with a XOR random Canary. However, I am not familiar with LLVM. My problem is that I want to XOR the random canary word with the return address which are both 32 bits. I found a method called SimplifyXorInst(Value *, Value *, const TargetData *,const DominatorTree *, unsigned) but I do not know whether it is right m...

Hello > In the prologue of the function, before I insert into the canary on > the stack, I can get the return address by: Note that there is no epilogue and prologue at IR level :) > But it does not work this time. I cannot get the return address. > What is problem? How can I get the return address? Thank you! What is the problem? It seems you're getting t...

...don't really need to load %fs or %gs, but load them anyway + * to kill any stale realmode selectors. This allows execution + * under VT hardware. + */ + movl %eax,%fs + movl %eax,%gs + + /* Set up %gs. + * + * The base of %gs always points to fixed_percpu_data. If the + * stack protector canary is enabled, it is located at %gs:40. + * Note that, on SMP, the boot cpu uses init data section until + * the per cpu areas are set up. + */ + movl $MSR_GS_BASE,%ecx + movl initial_gs(%rip),%eax + movl initial_gs+4(%rip),%edx + wrmsr + /* Check if nx is implemented */ movl $0x80000001, %eax...