Add support for pointer authentication on load and store instructions with ARM's PAC

.vscode/launch.json

@@ -33,13 +33,13 @@
                 "-resource-dir",
                 "./build/lib/clang/17",
                 "-isysroot",
-                "../wasi-libc/sysroot",
+                "/scratch/martin/src/wasm/wasi-libc/sysroot",
                 "-internal-isystem",
                 "./build/lib/clang/17/include",
                 "-internal-isystem",
-                "../wasi-libc/sysroot/include/wasm64-wasi",
+                "/scratch/martin/src/wasm/wasi-libc/sysroot/include/wasm64-wasi",
                 "-internal-isystem",
-                "../wasi-libc/sysroot/include",
+                "/scratch/martin/src/wasm/wasi-libc/sysroot/include",
                 "-Os",
                 "-ferror-limit",
                 "19",
@@ -135,7 +135,7 @@
             "command": "extension.commandvariable.file.pickFile",
             "args": {
                 "fromFolder": {
-                    "fixed": "/scratch/martin/src/wasm/hello-world"
+                    "fixed": "/scratch/fritz/src/safe-wasm/llvm-project/demo"
                 },
                 "include": "**/*.c"
             }

.vscode/settings.json

@@ -95,7 +95,8 @@
     "shared_mutex": "cpp",
     "stop_token": "cpp",
     "variant": "cpp",
-    "*.inc": "cpp"
+    "*.inc": "cpp",
+    "*.def": "c"
   },
   "clangd.arguments": [
     "--query-driver=${env:PATH_TO_CLANG}"

demo/.gitignore

@@ -0,0 +1 @@
+*.wasm

demo/README.md

@@ -1,5 +1,11 @@
 # Demo
 
+## PAC Testing
+
+To test the PAC features, which consist of a module pass that inserts custom wasm instructions that sign (`pointer_sign`) and authenticate (`pointer_auth`) a pointer before it is stored to a memory address:
+- Disable MTE (in wasmtime or simply don't generate our MTE-based custom instructions in llvm/clang), since PAC can currently not effectively work when MTE is used (no PAC instructions would be inserted due to limits in our LLVM analysis).
+- Compile demo C file `test-prevent-real-attack.c` without optimizations (`-O0`), since the code that tests PAC would otherwise be optimized away.
+
 ## Building
 
 ```shell
@@ -39,3 +45,13 @@ Wasmtime can be cross-compiled for aarch64 with the provided `Dockerfile` in thi
 ./wasmtime compile demo-scanf.wasm --cranelift-enable use_mte --wasm-features=memory64,mem-safety
 ./wasmtime run --allow-precompiled --wasm-features=memory64,mem-safety -- demo-scanf.cwasm
 ```
+
+## Checking generated code
+
+You can test what code is generated with the following commands, even if you are on a machine that is not aarch64 or doesn't support mte.
+
+```shell
+./wasmtime compile --target aarch64-unknown-linux-gnu --cranelift-enable use_mte --wasm-features=memory64,mem-safety demo-<name>.c
+llvm-objdump -D demo-<name>.cwasm > demo-<name>.s
+```
+

demo/benchmarks-code/memory-tagging/Makefile

@@ -0,0 +1,51 @@
+# CC=/scratch/fritz/src/safe-wasm/llvm-project/build/bin/clang
+# WASM_FLAGS=--target=wasm64-unknown-wasi --sysroot /scratch/martin/src/wasm/wasi-libc/sysroot -g -D_WASI_EMULATED_PROCESS_CLOCKS -lwasi-emulated-process-clocks -Wl,--stack-first -Wl,--initial-memory=104857600 -Wl,--max-memory=104857600 -Wl,-z,stack-size=83886080
+# SAN_FLAGS=-march=wasm64-wasi+mem-safety -fsanitize=wasm-memsafety
+# CFLAGS=-O0 ${WASM_FLAGS}
+# # CFLAGS=-O2 ${WASM_FLAGS}
+# BUILD_DIR=build
+
+# all: ${BUILD_DIR}/tagging.wasm
+
+# # ${BUILD_DIR}/tagging.wasm: tagging.c
+# ${BUILD_DIR}/tagging.wasm: tagging.ll
+# 	${CC} -o $@ $< ${CFLAGS} ${EXTRA_FLAGS} ${SAN_FLAGS}
+
+# clean:
+# 	@ rm -f ${BUILD_DIR}/tagging.wasm
+
+# ${BUILD_DIR}:
+# 	mkdir -p $@
+
+# # Add the directory as a dependency to ensure it's created before compilation
+# ${BUILD_DIR}/%.wasm: | ${BUILD_DIR}
+
+
+CC=/scratch/fritz/src/safe-wasm/llvm-project/build/bin/clang
+WASM_FLAGS=--target=wasm64-unknown-wasi --sysroot /scratch/martin/src/wasm/wasi-libc/sysroot -g -D_WASI_EMULATED_PROCESS_CLOCKS -lwasi-emulated-process-clocks -Wl,--stack-first -Wl,--initial-memory=104857600 -Wl,--max-memory=104857600 -Wl,-z,stack-size=83886080
+SAN_FLAGS=-march=wasm64-wasi+mem-safety -fsanitize=wasm-memsafety
+CFLAGS=-O0 ${WASM_FLAGS}
+# CFLAGS=-O2 ${WASM_FLAGS}
+BUILD_DIR=build
+
+FILES=tagging-few-loops-large-segments \
+      tagging-few-loops-small-segments \
+      tagging-many-loops-large-segments \
+      tagging-many-loops-small-segments
+
+TARGETS=$(addprefix ${BUILD_DIR}/, $(addsuffix .wasm, ${FILES}))
+
+all: ${TARGETS}
+
+${BUILD_DIR}/%.wasm: %.ll
+	${CC} -o $@ $< ${CFLAGS} ${EXTRA_FLAGS} ${SAN_FLAGS}
+
+clean:
+	@ rm -f ${BUILD_DIR}/*.wasm
+
+${BUILD_DIR}:
+	mkdir -p $@
+
+# Add the directory as a dependency to ensure it's created before compilation
+${BUILD_DIR}/%.wasm: | ${BUILD_DIR}
+

demo/benchmarks-code/memory-tagging/tagging-few-loops-large-segments.ll

@@ -0,0 +1,29 @@
+; File: segment_stack_test.ll
+
+declare ptr @llvm.wasm.segment.stack.new(ptr, i64)
+declare void @llvm.wasm.segment.stack.free(ptr, ptr, i64)
+
+define i32 @__main_void() {
+entry:
+  %static_size_array = alloca [1000000 x i32], align 16
+  %iteration_count = alloca i32
+  store i32 1600, i32* %iteration_count
+
+  br label %loop_start
+
+loop_start:
+  %count = load i32, i32* %iteration_count
+  %is_done = icmp eq i32 %count, 0
+  br i1 %is_done, label %loop_end, label %loop_body
+
+loop_body:
+  %segment_ptr = call ptr @llvm.wasm.segment.stack.new(ptr %static_size_array, i64 4000000)
+  call void @llvm.wasm.segment.stack.free(ptr %segment_ptr, ptr %static_size_array, i64 4000000)
+
+  %new_count = sub i32 %count, 1
+  store i32 %new_count, i32* %iteration_count
+  br label %loop_start
+
+loop_end:
+  ret i32 0
+}

demo/benchmarks-code/memory-tagging/tagging-few-loops-small-segments.ll

@@ -0,0 +1,29 @@
+; File: segment_stack_test.ll
+
+declare ptr @llvm.wasm.segment.stack.new(ptr, i64)
+declare void @llvm.wasm.segment.stack.free(ptr, ptr, i64)
+
+define i32 @__main_void() {
+entry:
+  %static_size_array = alloca [400 x i32], align 16
+  %iteration_count = alloca i32
+  store i32 1600, i32* %iteration_count
+
+  br label %loop_start
+
+loop_start:
+  %count = load i32, i32* %iteration_count
+  %is_done = icmp eq i32 %count, 0
+  br i1 %is_done, label %loop_end, label %loop_body
+
+loop_body:
+  %segment_ptr = call ptr @llvm.wasm.segment.stack.new(ptr %static_size_array, i64 1600)
+  call void @llvm.wasm.segment.stack.free(ptr %segment_ptr, ptr %static_size_array, i64 1600)
+
+  %new_count = sub i32 %count, 1
+  store i32 %new_count, i32* %iteration_count
+  br label %loop_start
+
+loop_end:
+  ret i32 0
+}

demo/benchmarks-code/memory-tagging/tagging-many-loops-large-segments.ll

@@ -0,0 +1,29 @@
+; File: segment_stack_test.ll
+
+declare ptr @llvm.wasm.segment.stack.new(ptr, i64)
+declare void @llvm.wasm.segment.stack.free(ptr, ptr, i64)
+
+define i32 @__main_void() {
+entry:
+  %static_size_array = alloca [10000 x i32], align 16
+  %iteration_count = alloca i32
+  store i32 40000, i32* %iteration_count
+
+  br label %loop_start
+
+loop_start:
+  %count = load i32, i32* %iteration_count
+  %is_done = icmp eq i32 %count, 0
+  br i1 %is_done, label %loop_end, label %loop_body
+
+loop_body:
+  %segment_ptr = call ptr @llvm.wasm.segment.stack.new(ptr %static_size_array, i64  40000)
+  call void @llvm.wasm.segment.stack.free(ptr %segment_ptr, ptr %static_size_array, i64  40000)
+
+  %new_count = sub i32 %count, 1
+  store i32 %new_count, i32* %iteration_count
+  br label %loop_start
+
+loop_end:
+  ret i32 0
+}

demo/benchmarks-code/memory-tagging/tagging-many-loops-small-segments.ll

@@ -0,0 +1,29 @@
+; File: segment_stack_test.ll
+
+declare ptr @llvm.wasm.segment.stack.new(ptr, i64)
+declare void @llvm.wasm.segment.stack.free(ptr, ptr, i64)
+
+define i32 @__main_void() {
+entry:
+  %static_size_array = alloca [400 x i32], align 16
+  %iteration_count = alloca i32
+  store i32 4000000, i32* %iteration_count
+
+  br label %loop_start
+
+loop_start:
+  %count = load i32, i32* %iteration_count
+  %is_done = icmp eq i32 %count, 0
+  br i1 %is_done, label %loop_end, label %loop_body
+
+loop_body:
+  %segment_ptr = call ptr @llvm.wasm.segment.stack.new(ptr %static_size_array, i64 1600)
+  call void @llvm.wasm.segment.stack.free(ptr %segment_ptr, ptr %static_size_array, i64 1600)
+
+  %new_count = sub i32 %count, 1
+  store i32 %new_count, i32* %iteration_count
+  br label %loop_start
+
+loop_end:
+  ret i32 0
+}

demo/benchmarks-code/memory-tagging/tagging.c

@@ -0,0 +1,46 @@
+// #include <stdio.h>
+// #include <stdlib.h>
+
+// int main() {
+//     size_t n = 1000;
+//     // volatile int static_size_array[1000];
+//     volatile int static_size_array[n];
+
+//     // for (int i = 0; i < n; i++) {
+//     //     static_size_array[i] = i % 255;
+//     // }
+
+//     for (int i = 0; i < n; i++) {
+//         static_size_array[i] = i % 255;
+//     }
+
+//     // Pretend to use the data
+//     use_array(static_size_array, n);
+
+//     return 0;
+// }
+
+
+#include <stdio.h>
+#include <stdlib.h>
+
+int check = 0; // global variable
+
+int main() {
+    size_t n = 10000;
+    size_t alignment = 32;
+    int static_size_array[n * 32];
+    // int *static_size_array = malloc(sizeof(int) * (n*32));
+
+    for (int i = 0; i < n; i++) {
+        static_size_array[i] = i % 255;
+    }
+
+    // Unpredictable branch to compiler, will never actually run, 
+    // but compiler doesn't know that for sure
+    if (check) {
+        printf("%d", static_size_array[0]);
+    }
+
+    return 0;
+}

demo/benchmarks-code/pac-store-load-loops/Makefile

@@ -0,0 +1,25 @@
+CC=/scratch/fritz/src/safe-wasm/llvm-project/build/bin/clang
+# WASM_FLAGS=--target=wasm64-unknown-wasi --sysroot /scratch/martin/src/wasm/wasi-libc/sysroot -g -D_WASI_EMULATED_PROCESS_CLOCKS -lwasi-emulated-process-clocks -Wl,--stack-first -Wl,--initial-memory=104857600 -Wl,--max-memory=104857600 -Wl,-z,stack-size=83886080
+WASM_FLAGS=--target=wasm64-unknown-wasi --sysroot /scratch/martin/src/wasm/wasi-libc/sysroot -g -D_WASI_EMULATED_PROCESS_CLOCKS -lwasi-emulated-process-clocks -Wl,--stack-first -Wl,--initial-memory=1677721600 -Wl,--max-memory=1677721600 -Wl,-z,stack-size=1342177280
+
+SAN_FLAGS=-march=wasm64-wasi+mem-safety -fsanitize=wasm-memsafety
+#CFLAGS=-O0 ${WASM_FLAGS}
+CFLAGS=-O2 ${WASM_FLAGS}
+BUILD_DIR=build
+
+PAC_SOURCES=$(wildcard pac-*.c)
+PAC_WASMS=$(PAC_SOURCES:%.c=${BUILD_DIR}/%.wasm)
+
+all: ${PAC_WASMS}
+
+${BUILD_DIR}/%.wasm: %.c
+	${CC} -o $@ $< ${CFLAGS} ${EXTRA_FLAGS} ${SAN_FLAGS}
+
+clean:
+	@ rm -f ${BUILD_DIR}/*.wasm
+
+${BUILD_DIR}:
+	mkdir -p $@
+
+# Add the directory as a dependency to ensure it's created before compilation
+${BUILD_DIR}/%.wasm: | ${BUILD_DIR}

demo/benchmarks-code/pac-store-load-loops/pac-1.c

@@ -0,0 +1,21 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(int argc, char **argv) {
+    size_t n = 10000;
+
+    void* ptrArray[n];
+
+    // Store n pointers in the array
+    for (size_t i = 0; i < n; i++) {
+        ptrArray[i] = (void*) i; // casting the iterating variable to a pointer
+    }
+
+    // Load the n pointers from the array and accumulate their values
+    size_t sum = 0;
+    for (size_t i = 0; i < n; i++) {
+        sum += (size_t) ptrArray[i];
+    }
+
+    return sum % 125;  // modulo to make sure it's a valid return code
+}

demo/benchmarks-code/pac-store-load-loops/pac-2.c

@@ -0,0 +1,21 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(int argc, char **argv) {
+    size_t n = 100000;
+
+    void* ptrArray[n];
+
+    // Store n pointers in the array
+    for (size_t i = 0; i < n; i++) {
+        ptrArray[i] = (void*) i; // casting the iterating variable to a pointer
+    }
+
+    // Load the n pointers from the array and accumulate their values
+    size_t sum = 0;
+    for (size_t i = 0; i < n; i++) {
+        sum += (size_t) ptrArray[i];
+    }
+
+    return sum % 125;  // modulo to make sure it's a valid return code
+}

demo/benchmarks-code/pac-store-load-loops/pac-3.c

@@ -0,0 +1,21 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(int argc, char **argv) {
+    size_t n = 1000000;
+
+    void* ptrArray[n];
+
+    // Store n pointers in the array
+    for (size_t i = 0; i < n; i++) {
+        ptrArray[i] = (void*) i; // casting the iterating variable to a pointer
+    }
+
+    // Load the n pointers from the array and accumulate their values
+    size_t sum = 0;
+    for (size_t i = 0; i < n; i++) {
+        sum += (size_t) ptrArray[i];
+    }
+
+    return sum % 125;  // modulo to make sure it's a valid return code
+}

demo/benchmarks-code/pac-store-load-loops/pac-4.c

@@ -0,0 +1,21 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(int argc, char **argv) {
+    size_t n = 10000000;
+
+    void* ptrArray[n];
+
+    // Store n pointers in the array
+    for (size_t i = 0; i < n; i++) {
+        ptrArray[i] = (void*) i; // casting the iterating variable to a pointer
+    }
+
+    // Load the n pointers from the array and accumulate their values
+    size_t sum = 0;
+    for (size_t i = 0; i < n; i++) {
+        sum += (size_t) ptrArray[i];
+    }
+
+    return sum % 125;  // modulo to make sure it's a valid return code
+}