This is an archive of the discontinued LLVM Phabricator instance.

Differential D12318

[ASan] Enable optional ASan recovery
ClosedPublic

Authored by ygribov on Aug 25 2015, 5:53 AM.

Details

Reviewers
kcc
samsonov
eugenis
Commits
rG468d955b9863: [ASan] Enable optional ASan recovery.
rCRT252723: [ASan] Enable optional ASan recovery.
rL252723: [ASan] Enable optional ASan recovery.
Summary

This patch adds flags to clang and libasan to continue execution after detection of first error (in hope that more errors can be detected during single run). Such mode allows for a faster run-report-fix loop on embedded system where fixing a bug and preparing new firmware may take a significant time. To enable, user should build his code with -fsanitize-recover=address and then run it under ASAN_OPTIONS=keep_going=1.

I know kcc's generally negative attitude towards keep_going mode but I want the patch to at least be available publicly so that poor souls dealing with complex systems may access it easily.

Diff Detail

Repository
rL LLVM

Event Timeline

ygribov updated this revision to Diff 33064.Aug 25 2015, 5:53 AM
ygribov retitled this revision from to [ASan] Enable optional ASan recovery.
ygribov updated this object.
ygribov added reviewers: kcc, samsonov.
ygribov set the repository for this revision to rL LLVM.
ygribov added subscribers: llvm-commits, dvyukov, m.ostapenko.
eugenis added a subscriber: eugenis.Aug 25 2015, 11:46 AM
eugenis added inline comments.
include/clang/Frontend/CodeGenOptions.def
118 ↗(On Diff #33064)

Could you make it not specific to ASan? Smth like SanitizeRecover so that it could affect MSan as well in the future.

lib/CodeGen/BackendUtil.cpp
343 ↗(On Diff #33064)

Why do you need separate "noabort" functions for this? See addMemorySanitizerPass which inspects CodeGenOptions in the function body.

lib/Transforms/Instrumentation/AddressSanitizer.cpp
125 ↗(On Diff #33064)

Lets stick to existing terminology (we already have "recover" and "keep-going" names for the same concept).

lib/asan/asan_flags.inc
147 ↗(On Diff #33064)

call it max_errors, similarly to the compiler flag?

lib/asan/asan_poisoning.cc
221 ↗(On Diff #33064)

why "false"? Do you need to check the keep_going flag?

kcc added inline comments.Aug 25 2015, 6:50 PM
lib/asan/asan_report.cc
652 ↗(On Diff #33064)

OMG

ygribov added inline comments.Aug 26 2015, 2:53 AM
include/clang/Frontend/CodeGenOptions.def
118 ↗(On Diff #33064)

Right.

lib/CodeGen/BackendUtil.cpp
343 ↗(On Diff #33064)

Ok.

lib/Transforms/Instrumentation/AddressSanitizer.cpp
125 ↗(On Diff #33064)

Ok, I'll use "recover" then. Most of this was done in pre-recover times.

lib/asan/asan_flags.inc
147 ↗(On Diff #33064)

Sure.

lib/asan/asan_poisoning.cc
221 ↗(On Diff #33064)

Hm, probably yes.

lib/asan/asan_report.cc
652 ↗(On Diff #33064)

This section could be removed if we are ok with ignoring bugs that run in parallel.

ygribov added inline comments.Aug 26 2015, 2:59 AM
lib/asan/asan_report.cc
652 ↗(On Diff #33064)

Could you suggest a cleaner way to do this?

ygribov updated this revision to Diff 33203.Aug 26 2015, 8:10 AM
ygribov added a reviewer: eugenis.
ygribov removed a subscriber: eugenis.

Updated based on initial feedback. It seems we have way too many different names for recovery feature (UBSan's trap-on-error, MSan's keep-going, ASan's recover, noabort, etc.).

samsonov added inline comments.Aug 26 2015, 1:44 PM
include/clang/Basic/Sanitizers.h
82 ↗(On Diff #33203)

Do you actually use it anywhere?

lib/CodeGen/BackendUtil.cpp
214 ↗(On Diff #33203)

Is recovery supposed to work for -fsanitize=kernel-address? Should you mark it as Unrecoverable?

lib/asan/asan_flags.inc
144 ↗(On Diff #33203)

This is really sad, but we tend to use halt_on_error runtime flag for that. This name is already used in TSan, MSan and UBSan.

lib/asan/asan_interface_internal.h
134 ↗(On Diff #33203)

This function is also declared in public header: include/sanitizer/asan_interface.h (which is kind of stupid), so you have to fix it in both places. Looks like it's not an ABI break, though.

lib/asan/asan_internal.h
129 ↗(On Diff #33203)

We have atomic_fetch_add

samsonov edited edge metadata.Aug 26 2015, 1:46 PM
In D12318#233103, @ygribov wrote:

Updated based on initial feedback. It seems we have way too many different names for recovery feature (UBSan's trap-on-error, MSan's keep-going, ASan's recover, noabort, etc.).

Right, naming is hard :( Speaking of user-visible flags, we should use -fsanitize-recover=address flag (UBSan's trap-on-error corresponds to -fsanitize-trap= and is slightly different).

ygribov added inline comments.Aug 26 2015, 1:49 PM
include/clang/Basic/Sanitizers.h
82 ↗(On Diff #33203)

No, that's remains of some removed code.

lib/CodeGen/BackendUtil.cpp
214 ↗(On Diff #33203)

KAsan is actually recoverable by default. Perhaps I should do explicit Recover for CompileKernel as well.

lib/asan/asan_internal.h
129 ↗(On Diff #33203)

Yeah but it may be slower.

filcab added a subscriber: filcab.Aug 26 2015, 2:59 PM

What about the file test/asan/TestCases/Darwin/interface_symbols_darwin.c? Shouldn't it be changed too?

lib/asan/asan_report.cc
695 ↗(On Diff #33203)

Comment on line 632 would apply here too.

697 ↗(On Diff #33203)

The usual "I see no benefit in using LIKELY here".

lib/asan/scripts/asan_symbolize.py
429 ↗(On Diff #33203)

Why? I might have missed the reason for this change.

test/Driver/fsanitize.c
168 ↗(On Diff #33203)

Shouldn't address be added here too?

filcab added inline comments.Aug 26 2015, 2:59 PM
lib/asan/asan_internal.h
125 ↗(On Diff #33203)

Technically it might be unlikely, but this is noise in the code.
If we're not recovering, we will blow up anyway. Removing UNLIKELY would make the code easier to read with 0 practical difference in performance for any case.
In fact, it we're not silencing, *then* we want to be as fast as possible. (I'd go with the simple if, though)

129 ↗(On Diff #33203)

Slower is better than undefined behavior, no? ;-)

lib/asan/asan_report.cc
632 ↗(On Diff #33203)

cmpxchg should work, no?

646 ↗(On Diff #33203)

Again, no benefit in tagging these as UNLIKELY.

652 ↗(On Diff #33203)

At the very least, you can create a helper function with the code executed when you get the lock, no?

659 ↗(On Diff #33203)

This comment should be changed, too. It's not true after this diff gets applied.

661 ↗(On Diff #33203)

Why did you remove the first part of the comment?
It's still the reason why we have the sleep call here.

ygribov added a comment.Aug 26 2015, 11:03 PM

Thanks a lot for detailed review!

What about the file test/asan/TestCases/Darwin/interface_symbols_darwin.c? Shouldn't it be changed too?

Yup.

lib/asan/asan_internal.h
125 ↗(On Diff #33203)

Sorry, could you give more details? I indeed favor the default (non-recovery) case here. As for the UNLIKELY, we've seen cases where it significantly improved performance.

129 ↗(On Diff #33203)

Again, I was probably too scary to slow down the default path. I'll switch to atomics in next version then.

lib/asan/asan_poisoning.cc
221 ↗(On Diff #33203)

BTW what are these sanitizer_unaligned functions for? I don't think compiler emits then but they are also missing in public headers.

lib/asan/asan_report.cc
632 ↗(On Diff #33203)

Yup.

652 ↗(On Diff #33203)

Ah, so it's all about this tiny goto (not about hacky trial-and-error mutex acquisition). Ok, I'll put the code to a separate function.

659 ↗(On Diff #33203)

Right.

661 ↗(On Diff #33203)

I moved the first part of the comment above because it's applicable to both branches.

lib/asan/scripts/asan_symbolize.py
429 ↗(On Diff #33203)

Hm, I don't remember doing this hunk at all. I'll double check when at work.

test/Driver/fsanitize.c
168 ↗(On Diff #33203)

Ok.

ygribov updated this revision to Diff 33321.Aug 27 2015, 6:28 AM
ygribov edited edge metadata.

Updated based on reviews.

filcab added a comment.Aug 27 2015, 3:15 PM

Still missing the Darwin interface symbols file.

Thanks for working on this.

Filipe

lib/asan/asan_interceptors.cc
73 ↗(On Diff #33321)

Why false? Shouldn't it be the flag for halt_on_error?

lib/asan/asan_internal.h
125 ↗(On Diff #33321)

So, I see two things that can happen:

halt_on_error is true:
We go through the if once (maybe more times, if we find several errors in several threads).
QuickCheckSilence returns false
LIKELY Isn't really doing much. Tweaking a jump that is executed once doesn't really matter.

halt_on_error is false:
We go through the if roughly max_errors times (let's say around 100, which seems to me is already a too big number for max_errors (if you actually manage to skip 100 errors and still execute code, that's a huge amount of luck!)

From these two, I would actually say that, at most, you should have an UNLIKELY, and not a LIKELY. *If* we execute that if more than once, then I should always expect it to be false.

Still, even in the case where we execute it "a bunch of times" we're still "almost never" executing it. QuickCheckSilence is called only when reporting errors, which means that:
If halt_on_error, then the program is terminating right after this report. We're not winning anything.
If halt_on_error, then the LIKELY is reversed. And we're still not winning much, we're not expecting this code to be executed more than max_errors, which, I'm assuming, will always be a small number.

My opinion is that it's not making the code faster, and it's making it less clear.

You mentioned performance increases. What tests were you running, and how?

131 ↗(On Diff #33321)

You can change the previous atomic_load to be an atomic_fetch_add of 0 or 1, no?

test/Driver/fsanitize.c
168 ↗(On Diff #33321)

Why didn't you update the number too? Does the test pass?

test/asan/TestCases/Linux/halt_on_error-torture.cc
1 ↗(On Diff #33321)

Why is this test linux only?

kcc added inline comments.Aug 27 2015, 3:17 PM
lib/asan/asan_flags.inc
147 ↗(On Diff #33321)

Shouldn't this go to sanitizer_common?

lib/asan/asan_interceptors.cc
52 ↗(On Diff #33321)

why do we need it here?

lib/asan/asan_internal.h
124 ↗(On Diff #33321)

Does it have to be static inline?
Also, I don't like the name. But it depends on another question later.

lib/asan/asan_report.cc
29 ↗(On Diff #33321)

Don't define this macro, just use the C++ line as is

697 ↗(On Diff #33321)

Agree.

1014 ↗(On Diff #33321)

I think we should revert the name and the meaning of the flag:
make it "int recover" instead of "int fatal" to match the flag.
No?

Also, we need to make the parameter more clear.
One way is to declare a enum {ABORT_ON_ERROR, RECOVER_ON_ERROR} and pass it as the parameter.
Another is to
define two more internal functions
asan_report_error_and_abort() &
asan_report_error_and_maybe_recover()
and instead of calling __asan_report_error with a constant in the last parameter call one of these.

At the very least, write /*recover=*/false

test/asan/TestCases/Linux/halt_on_error-torture.cc
29 ↗(On Diff #33321)

don't we want to check that multiple errors were reported?

check how the tests set ASAN_OPTIONS nowadays.
There were some massive changes...

44 ↗(On Diff #33321)

use C++ new/delete

ygribov added a comment.Aug 28 2015, 12:53 AM

Still missing the Darwin interface symbols file.

Right, I iterated Phab's comments and completely forgot about this item. I can add a test but I don't have Mac at hand so I'll have to XFAIL it if problem arises after commit.

lib/asan/asan_flags.inc
147 ↗(On Diff #33321)

Hm, perhaps we should implement it for UBSan/MSan and then move to sanitizer_common?

lib/asan/asan_interceptors.cc
52 ↗(On Diff #33321)

This enables fast path once error reporting limit is reached. Otherwise an error in a busy loop may cause significant (100x) performance degradation. One might argue that we should not be interested in continuing execution at all after we can't report more errors but in fully sanitized distribution it may be beneficial to continue execution to provoke errors in dependent processes.

73 ↗(On Diff #33321)

This is covered by quick check above.

lib/asan/asan_internal.h
124 ↗(On Diff #33321)

It doesn't but I thought this would be more efficient.

125 ↗(On Diff #33321)

halt_on_error is true:
We go through the if once (maybe more times, if we find several errors in several threads).

I don't quite see it like this. Quick check may be called in non-fatal context (e.g. to enable fast path in ACCESS_MEMORY_RANGE). Information about likeliness may inform compiler to e.g. allocate registers in favor of preferred code or align it in a more appropriate way (e.g. to the same cache line).

You mentioned performance increases. What tests were you running, and how?

Check https://www.mail-archive.com/address-sanitizer@googlegroups.com/msg00403.html . Adding unlikely hint to noreturning if improved code by some 40%.

131 ↗(On Diff #33321)

Well yeah but this would add a risk of overflow.

lib/asan/asan_report.cc
29 ↗(On Diff #33321)

Ok.

1014 ↗(On Diff #33321)

Frankly I don't like the idea of adding fatal/recover parameter to public interface at all. Fatality should be controlled by ASAN_OPTIONS and be transparent for user code. Thoughts?

test/Driver/fsanitize.c
168 ↗(On Diff #33321)

Yup, it did. I'll reexamine it.

test/asan/TestCases/Linux/halt_on_error-torture.cc
1 ↗(On Diff #33321)

Mainly because I'm afraid that Mac/BSD maintainers will shout at me when I break their bots)

29 ↗(On Diff #33321)

Ok.

44 ↗(On Diff #33321)

Ok.

ygribov updated this revision to Diff 33570.Aug 31 2015, 4:37 AM

Updated based on review. I haven't yet made torture test generic because I'm yet to test this patch on Mac (I plan to do this for next iteration).

ygribov added inline comments.Aug 31 2015, 4:41 AM
test/Driver/fsanitize.c
168 ↗(On Diff #33570)

This should be ok - recovery is not enabled by default for ASan so resulting number didn't change.

kubamracek added a subscriber: kubamracek.Aug 31 2015, 5:48 AM
ygribov added a comment.Sep 3 2015, 11:18 AM

Folks, any feedback on this?

kcc edited edge metadata.Sep 4 2015, 11:36 AM

The patch is already too long and has too many comments.
Some parts are less controversial, some are more.
I suggest you to split it at this point and start reviewing/submitting it in parts.
Probably start from the driver/flags changes.

lib/Transforms/Instrumentation/AddressSanitizer.cpp
1099 ↗(On Diff #33570)

I think we use {} in such cases (if followed by an else with {})

lib/asan/asan_flags.inc
141 ↗(On Diff #33570)

No, just add it to sanitizer_common and write something like ("currently supported by asan") in the description.

If we add things that are potentially useful to other sanitizers to one of them (not to sanitizer_common)
we then end up having duplicates in all sanitizers.

lib/asan/asan_internal.h
122 ↗(On Diff #33570)

I don't like the name,
I don't like the fact that it has a parameter,
I don't like that it's static inline,
I don't like its behavior.

We have two situations:

  1. We are reporting an error and don't want to do it (is_error=true).

There is no harm in making this function non-inline in this case.
bool WantToReportMoreError();

  1. We don't know whether there will be an error, but we are shutting down the checking functionality

just in case (or to win a bit of performance).
I don't think we need to do this at all.
The win is not clear, but the added complexity is.

lib/asan/asan_report.cc
626 ↗(On Diff #33570)

This is all exceptionally horrible.
I've spent quite a bit of time and failed to understand how it works,
also I don't understand how to test it.
Why not just grab a lock for the entire duration of error reporting?

The current logic was there because we never reported more than one bug,
now that we do -- simply grab a lock!

698 ↗(On Diff #33570)

class members have the _ suffix.

lib/asan/asan_rtl.cc
126 ↗(On Diff #33570)

please leave __asan_report_error here. It is used as a target for break points in debugger.

You may then check halt_on_error inside __asan_report_error

kcc added a comment.Sep 4 2015, 12:50 PM

One more interesting question that came to my mind: is this going to be async-signal-safe?
If you think it will, please add tests.
If not, the whole idea is kind of questionable.

ygribov added a comment.Sep 4 2015, 1:06 PM

Some parts are less controversial, some are more.

What's your general impression on the feature though?

I suggest you to split it at this point and start reviewing/submitting it in parts.
Probably start from the driver/flags changes.

Hm but I don't see any functionality which can be moved to independent commit (except the flags part which is really minor). We could split to separate patches for rt, clang and llvm but I don't see how this is going to simplify review.

lib/asan/asan_flags.inc
141 ↗(On Diff #33570)

If we add things that are potentially useful to other sanitizers to one of them (not to sanitizer_common)
we then end up having duplicates in all sanitizers.

That makes sense, we already have too many semi-duplicate flags.

lib/asan/asan_internal.h
122 ↗(On Diff #33570)

Problem is that lack of this check would cause program to crawl in some cases. But ok, this may live in a private branch.

lib/asan/asan_report.cc
626 ↗(On Diff #33570)

also I don't understand how to test it.

Did you ever understand how to test original code :) ? The behavior for fatal errors didn't change by the way.

Why not just grab a lock for the entire duration of error reporting?

Because we may run into second error while reporting the first one in the same thread. Grabbing a lock would cause a deadlock in this case.

698 ↗(On Diff #33570)

I'm not sure that's true for statics, I see numerous places where they aren't undered.

ygribov added a comment.Sep 4 2015, 1:14 PM

One more interesting question that came to my mind: is this going to be async-signal-safe?
If not, the whole idea is kind of questionable.

I don't see why it shouldn't - the only problematic place is acquiring the mutex which will either wait (in case reporting_tid is different from current_tid) or fail with informative message after timeout.

If you think it will, please add tests.

I could generate errors in endless loop in a thread and bombard it with signals but that's probably not very reliable.

kcc added a comment.Sep 4 2015, 1:35 PM
In D12318#240258, @ygribov wrote:

One more interesting question that came to my mind: is this going to be async-signal-safe?
If not, the whole idea is kind of questionable.

I don't see why it shouldn't - the only problematic place is acquiring the mutex which will either wait (in case reporting_tid is different from current_tid) or fail with informative message after timeout.

If you think it will, please add tests.

I could generate errors in endless loop in a thread and bombard it with signals but that's probably not very reliable.

The more interesting would be to test the case where we have asan-ish reports in signal handlers (and at the same time in regular code).

kcc added a comment.Sep 4 2015, 1:39 PM

What's your general impression on the feature though?

Same as before.
It is an anti-feature for the majority of users and it will bring much additional complexity to the code
and extra maintenance cost.

I am willing to go forward with it because for some (still obscure) reasons you need this feature
and because your contribution is valuable.

kcc added a comment.Sep 4 2015, 1:42 PM

Hm but I don't see any functionality which can be moved to independent commit (except the flags part which is really minor). We could split to separate patches for rt, clang and llvm but I don't see how this is going to simplify review.

Review is an O(N^2) process. The smaller are the patches the quicker you get through.

kcc added inline comments.Sep 4 2015, 1:47 PM
lib/asan/asan_report.cc
626 ↗(On Diff #33570)

Did you ever understand how to test original code :) ?

That's not an argument. We don't want to make things worse just because they are not good at the moment.

Because we may run into second error while reporting the first one in the same thread. Grabbing a lock would cause a deadlock in this case.

Yea. Async signal safety...

ygribov added a comment.Sep 16 2015, 6:35 AM

Folks,

In case anyone wants this feature it's probably good time to speak up. If there's no interest, I'll probably abandon this revision in a few days.

-Y

eugenis edited edge metadata.Sep 16 2015, 1:05 PM

I think this is a useful feature but I'm a bit worried about the implementation complexity.

We've been running entire Android devices with ASan, and having them crash at boot due to a single bug is moderately annoying.

For the reference, https://source.android.com/devices/tech/debug/asan.html#sanitize_target.

ygribov added a comment.Sep 16 2015, 2:34 PM

I think this is a useful feature but I'm a bit worried about the implementation complexity.

You mean the report lock part? I agree, although I'm not sure how to simplify it. Perhaps always abort in case of conflict?

We've been running entire Android devices with ASan, and having them crash at boot due to a single bug is moderately annoying.

Yup, that's my use-case as well.

kcc added a subscriber: kcc.Sep 16 2015, 10:25 PM

Let's try to finish it.
I won't be able to participate in the review before 28-th, but feel free to
continue/finish w/o me.

eugenis added inline comments.Sep 21 2015, 3:09 PM
lib/asan/asan_report.cc
649 ↗(On Diff #33570)

I think this timeout complicates things without any benefit. Why not wait indefinitely?

I think the logic should be like this:

  1. if the current thread is already reporting, die immediately
  2. if (recover) {lock()} else { if (!try_lock()) sleep(inf) }
  3. report
  4. unlock()
1006–1007 ↗(On Diff #33570)

I agree, if the outside caller thinks the error is fatal, it can just abort() or something.

samsonov added inline comments.Sep 21 2015, 4:46 PM
lib/asan/asan_internal.h
122 ↗(On Diff #33570)

The name is really confusing. It should be smth. like IgnoreError. Also, instead of passing is_error as a parameter, and doing conditional atomic_fetch_add, can you just split this function into two: one would check if need to ignore the error (halt_on_error is true, or number of reported errors is too large already), and another one would increment the number of detected errors. (could you then call the latter one from ScopedInErrorReport constructor)?

Can you make it ALWAYS_INLINE?

lib/asan/asan_report.cc
698 ↗(On Diff #33570)

There are no trailing _ in simple structs, but there should be in classes.

ygribov added a comment.Oct 30 2015, 11:40 AM

Sorry, I got distracted by other projects. I'm mostly done with all remarks with just one issue (can't commonize halt_on_error).

lib/asan/asan_flags.inc
141 ↗(On Diff #33570)

Here's the problem - we need two halt_on_error's for ASan and integrated UBSan. Another problem is that msan does some local magic to alias current halt_on_error to keep_going flag.

lib/asan/asan_report.cc
626 ↗(On Diff #33570)

Funny enough, even current ASan isn't asynch signal stable. If you have repeated error in nodeferred signals which are being send to a thread, it may deadlock during error reporting in ScopedInErrorLock. The sequence is roughly:

  • kernel delivers signal
  • trigger error
  • lock report file
  • call internal_write
  • enter kernel
  • kernel delivers next nodeferred signal
  • trigger the same error
  • etc.
ygribov updated this revision to Diff 38931.Nov 2 2015, 9:02 AM
ygribov edited edge metadata.
ygribov removed rL LLVM as the repository for this revision.

I've addressed the remarks from previous review except the one for halt_on_error (we want separate halt_on_error for ASan and UBSan). The llvm and clang parts of the patch will be submitted for review separately per Kostya's request.

ygribov added a comment.Nov 2 2015, 9:10 AM

BTW I haven't yet ported tests to Darwin, this is something tbd.

ygribov added inline comments.Nov 3 2015, 11:32 PM
lib/asan/asan_report.cc
644 ↗(On Diff #38931)

This could be much simpler if we had recursive locks.

jevinskie added a subscriber: jevinskie.Nov 4 2015, 11:06 AM
eugenis accepted this revision.Nov 5 2015, 11:33 AM
eugenis edited edge metadata.

LGTM
Thanks for working on this!

This revision is now accepted and ready to land.Nov 5 2015, 11:33 AM
Closed by commit rL252723: [ASan] Enable optional ASan recovery. (authored by ygribov). · Explain WhyNov 11 2015, 4:02 AM
This revision was automatically updated to reflect the committed changes.
ygribov added a comment.Nov 16 2015, 9:38 AM

BTW I haven't yet ported tests to Darwin, this is something tbd.

Filipe, Kuba, the feature has been merged to upstream and seems to work robustly. But I don't think I'll have time to test it on OS X in near future (I don't have easy access to hardware and my customer does not need it). So I was wondering whether you could help? I don't expect any errors, just maybe some really simple portability fixes.

kubamracek added a comment.Nov 17 2015, 7:36 AM
In D12318#290215, @ygribov wrote:

BTW I haven't yet ported tests to Darwin, this is something tbd.

Filipe, Kuba, the feature has been merged to upstream and seems to work robustly. But I don't think I'll have time to test it on OS X in near future (I don't have easy access to hardware and my customer does not need it). So I was wondering whether you could help? I don't expect any errors, just maybe some really simple portability fixes.

Hi, are you talking about the halt_on_error-signals and halt_on_error-torture testcases? On my OS X machine, they both pass, so you might just want to move them out of the Linux/ directory. Let me know if the OS X buildbot fails and I'll take a look at it.

ygribov added a comment.Nov 17 2015, 7:54 AM

On my OS X machine, they both pass, so you might just want to move them out of the Linux/ directory

Great, thanks!

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
asan/
3 lines
2 lines
13 lines
68 lines
117 lines
75 lines
test/
asan/
TestCases/
Darwin/
12 lines
Linux/
79 lines
12 lines
29 lines

Diff 39900

compiler-rt/trunk/lib/asan/asan_flags.inc

Show First 20 LinesShow All 128 Lines▼ Show 20 LinesASAN_FLAG(
"See https://code.google.com/p/address-sanitizer/wiki/ContainerOverflow") "See https://code.google.com/p/address-sanitizer/wiki/ContainerOverflow")
ASAN_FLAG(int, detect_odr_violation, 2, ASAN_FLAG(int, detect_odr_violation, 2,
"If >=2, detect violation of One-Definition-Rule (ODR); " "If >=2, detect violation of One-Definition-Rule (ODR); "
"If ==1, detect ODR-violation only if the two variables " "If ==1, detect ODR-violation only if the two variables "
"have different sizes") "have different sizes")
ASAN_FLAG(bool, dump_instruction_bytes, false, ASAN_FLAG(bool, dump_instruction_bytes, false,
"If true, dump 16 bytes starting at the instruction that caused SEGV") "If true, dump 16 bytes starting at the instruction that caused SEGV")
ASAN_FLAG(const char *, suppressions, "", "Suppressions file name.") ASAN_FLAG(const char *, suppressions, "", "Suppressions file name.")
ASAN_FLAG(bool, halt_on_error, true,
"Crash the program after printing the first error report "
"(WARNING: USE AT YOUR OWN RISK!)")

compiler-rt/trunk/lib/asan/asan_interceptors.cc

Show First 20 LinesShow All 69 Lines▼ Show 20 Lines if (!QuickCheckForUnpoisonedRegion(__offset, __size) && \
suppressed = IsInterceptorSuppressed(_ctx->interceptor_name); \ suppressed = IsInterceptorSuppressed(_ctx->interceptor_name); \
if (!suppressed && HaveStackTraceBasedSuppressions()) { \ if (!suppressed && HaveStackTraceBasedSuppressions()) { \
GET_STACK_TRACE_FATAL_HERE; \ GET_STACK_TRACE_FATAL_HERE; \
suppressed = IsStackTraceSuppressed(&stack); \ suppressed = IsStackTraceSuppressed(&stack); \
} \ } \
} \ } \
if (!suppressed) { \ if (!suppressed) { \
GET_CURRENT_PC_BP_SP; \ GET_CURRENT_PC_BP_SP; \
__asan_report_error(pc, bp, sp, __bad, isWrite, __size, 0); \ ReportGenericError(pc, bp, sp, __bad, isWrite, __size, 0, false);\
} \ } \
} \ } \
} while (0) } while (0)
#define ASAN_READ_RANGE(ctx, offset, size) \ #define ASAN_READ_RANGE(ctx, offset, size) \
ACCESS_MEMORY_RANGE(ctx, offset, size, false) ACCESS_MEMORY_RANGE(ctx, offset, size, false)
#define ASAN_WRITE_RANGE(ctx, offset, size) \ #define ASAN_WRITE_RANGE(ctx, offset, size) \
ACCESS_MEMORY_RANGE(ctx, offset, size, true) ACCESS_MEMORY_RANGE(ctx, offset, size, true)
▲ Show 20 LinesShow All 736 LinesShow Last 20 Lines

compiler-rt/trunk/lib/asan/asan_interface_internal.h

Show First 20 LinesShow All 161 Lines▼ Show 20 Linesextern "C" {
SANITIZER_INTERFACE_ATTRIBUTE void __asan_store1(uptr p); SANITIZER_INTERFACE_ATTRIBUTE void __asan_store1(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_store2(uptr p); SANITIZER_INTERFACE_ATTRIBUTE void __asan_store2(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_store4(uptr p); SANITIZER_INTERFACE_ATTRIBUTE void __asan_store4(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_store8(uptr p); SANITIZER_INTERFACE_ATTRIBUTE void __asan_store8(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_store16(uptr p); SANITIZER_INTERFACE_ATTRIBUTE void __asan_store16(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_loadN(uptr p, uptr size); SANITIZER_INTERFACE_ATTRIBUTE void __asan_loadN(uptr p, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_storeN(uptr p, uptr size); SANITIZER_INTERFACE_ATTRIBUTE void __asan_storeN(uptr p, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_load1_noabort(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_load2_noabort(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_load4_noabort(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_load8_noabort(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_load16_noabort(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_store1_noabort(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_store2_noabort(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_store4_noabort(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_store8_noabort(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_store16_noabort(uptr p);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_loadN_noabort(uptr p, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_storeN_noabort(uptr p, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_load1(uptr p, u32 exp); SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_load1(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_load2(uptr p, u32 exp); SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_load2(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_load4(uptr p, u32 exp); SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_load4(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_load8(uptr p, u32 exp); SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_load8(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_load16(uptr p, u32 exp); SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_load16(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_store1(uptr p, u32 exp); SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_store1(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_store2(uptr p, u32 exp); SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_store2(uptr p, u32 exp);
SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_store4(uptr p, u32 exp); SANITIZER_INTERFACE_ATTRIBUTE void __asan_exp_store4(uptr p, u32 exp);
Show All 29 Lines

compiler-rt/trunk/lib/asan/asan_report.h

Show First 20 LinesShow All 43 Lines▼ Show 20 Lines
bool DescribeAddressIfShadow(uptr addr, AddressDescription *descr = nullptr, bool DescribeAddressIfShadow(uptr addr, AddressDescription *descr = nullptr,
bool print = true); bool print = true);
bool ParseFrameDescription(const char *frame_descr, bool ParseFrameDescription(const char *frame_descr,
InternalMmapVector<StackVarDescr> *vars); InternalMmapVector<StackVarDescr> *vars);
bool DescribeAddressIfStack(uptr addr, uptr access_size); bool DescribeAddressIfStack(uptr addr, uptr access_size);
void DescribeThread(AsanThreadContext *context); void DescribeThread(AsanThreadContext *context);
// Different kinds of error reports. // Different kinds of error reports.
void NORETURN ReportStackOverflow(const SignalContext &sig); void ReportGenericError(uptr pc, uptr bp, uptr sp, uptr addr, bool is_write,
void NORETURN ReportDeadlySignal(const char* description, uptr access_size, u32 exp, bool fatal);
const SignalContext &sig); void ReportStackOverflow(const SignalContext &sig);
void NORETURN ReportNewDeleteSizeMismatch(uptr addr, uptr delete_size, void ReportDeadlySignal(const char *description, const SignalContext &sig);
void ReportNewDeleteSizeMismatch(uptr addr, uptr delete_size,
BufferedStackTrace *free_stack); BufferedStackTrace *free_stack);
void NORETURN ReportDoubleFree(uptr addr, BufferedStackTrace *free_stack); void ReportDoubleFree(uptr addr, BufferedStackTrace *free_stack);
void NORETURN ReportFreeNotMalloced(uptr addr, BufferedStackTrace *free_stack); void ReportFreeNotMalloced(uptr addr, BufferedStackTrace *free_stack);
void NORETURN ReportAllocTypeMismatch(uptr addr, BufferedStackTrace *free_stack, void ReportAllocTypeMismatch(uptr addr, BufferedStackTrace *free_stack,
AllocType alloc_type, AllocType alloc_type,
AllocType dealloc_type); AllocType dealloc_type);
void NORETURN void ReportMallocUsableSizeNotOwned(uptr addr, BufferedStackTrace *stack);
ReportMallocUsableSizeNotOwned(uptr addr, BufferedStackTrace *stack); void ReportSanitizerGetAllocatedSizeNotOwned(uptr addr,
void NORETURN
ReportSanitizerGetAllocatedSizeNotOwned(uptr addr,
BufferedStackTrace *stack); BufferedStackTrace *stack);
void NORETURN void ReportStringFunctionMemoryRangesOverlap(const char *function,
ReportStringFunctionMemoryRangesOverlap(const char *function,
const char *offset1, uptr length1, const char *offset1, uptr length1,
const char *offset2, uptr length2, const char *offset2, uptr length2,
BufferedStackTrace *stack); BufferedStackTrace *stack);
void NORETURN ReportStringFunctionSizeOverflow(uptr offset, uptr size, void ReportStringFunctionSizeOverflow(uptr offset, uptr size,
BufferedStackTrace *stack); BufferedStackTrace *stack);
void NORETURN void ReportBadParamsToAnnotateContiguousContainer(uptr beg, uptr end,
ReportBadParamsToAnnotateContiguousContainer(uptr beg, uptr end,
uptr old_mid, uptr new_mid, uptr old_mid, uptr new_mid,
BufferedStackTrace *stack); BufferedStackTrace *stack);
void NORETURN void ReportODRViolation(const __asan_global *g1, u32 stack_id1,
ReportODRViolation(const __asan_global *g1, u32 stack_id1,
const __asan_global *g2, u32 stack_id2); const __asan_global *g2, u32 stack_id2);
// Mac-specific errors and warnings. // Mac-specific errors and warnings.
void WarnMacFreeUnallocated(uptr addr, uptr zone_ptr, const char *zone_name, void WarnMacFreeUnallocated(uptr addr, uptr zone_ptr, const char *zone_name,
BufferedStackTrace *stack); BufferedStackTrace *stack);
void NORETURN ReportMacMzReallocUnknown(uptr addr, uptr zone_ptr, void ReportMacMzReallocUnknown(uptr addr, uptr zone_ptr,
const char *zone_name, const char *zone_name,
BufferedStackTrace *stack); BufferedStackTrace *stack);
void NORETURN ReportMacCfReallocUnknown(uptr addr, uptr zone_ptr, void ReportMacCfReallocUnknown(uptr addr, uptr zone_ptr,
const char *zone_name, const char *zone_name,
BufferedStackTrace *stack); BufferedStackTrace *stack);
} // namespace __asan } // namespace __asan

compiler-rt/trunk/lib/asan/asan_report.cc

Show First 20 LinesShow All 616 Lines▼ Show 20 Lines
} }
// -------------------- Different kinds of reports ----------------- {{{1 // -------------------- Different kinds of reports ----------------- {{{1
// Use ScopedInErrorReport to run common actions just before and // Use ScopedInErrorReport to run common actions just before and
// immediately after printing error report. // immediately after printing error report.
class ScopedInErrorReport { class ScopedInErrorReport {
public: public:
explicit ScopedInErrorReport(ReportData *report = nullptr) { explicit ScopedInErrorReport(ReportData *report = nullptr,
static atomic_uint32_t num_calls; bool fatal = false) {
static u32 reporting_thread_tid; halt_on_error_ = fatal || flags()->halt_on_error;
if (atomic_fetch_add(&num_calls, 1, memory_order_relaxed) != 0) {
if (lock_.TryLock()) {
StartReporting(report);
return;
}
// ASan found two bugs in different threads simultaneously.
u32 current_tid = GetCurrentTidOrInvalid();
if (current_tid == reporting_thread_tid_ || current_tid == kInvalidTid) {
// This is either asynch signal or nested error during error reporting.
// Fail fast to avoid deadlocks.
// Can't use Report() here because of potential deadlocks
// in nested signal handlers.
const char msg[] = "AddressSanitizer: nested bug in the same thread, "
"aborting.\n";
WriteToFile(kStderrFd, msg, sizeof(msg));
internal__exit(common_flags()->exitcode);
}
if (halt_on_error_) {
// Do not print more than one report, otherwise they will mix up. // Do not print more than one report, otherwise they will mix up.
// Error reporting functions shouldn't return at this situation, as // Error reporting functions shouldn't return at this situation, as
// they are defined as no-return. // they are effectively no-returns.
Report("AddressSanitizer: while reporting a bug found another one. " Report("AddressSanitizer: while reporting a bug found another one. "
"Ignoring.\n"); "Ignoring.\n");
u32 current_tid = GetCurrentTidOrInvalid();
if (current_tid != reporting_thread_tid) { // Sleep long enough to make sure that the thread which started
// ASan found two bugs in different threads simultaneously. Sleep // to print an error report will finish doing it.
// long enough to make sure that the thread which started to print
// an error report will finish doing it.
SleepForSeconds(Max(100, flags()->sleep_before_dying + 1)); SleepForSeconds(Max(100, flags()->sleep_before_dying + 1));
}
// If we're still not dead for some reason, use raw _exit() instead of // If we're still not dead for some reason, use raw _exit() instead of
// Die() to bypass any additional checks. // Die() to bypass any additional checks.
internal__exit(common_flags()->exitcode); internal__exit(common_flags()->exitcode);
} else {
// The other thread will eventually finish reporting
// so it's safe to wait
lock_.Lock();
} }
if (report) report_data = *report;
report_happened = true; StartReporting(report);
ASAN_ON_ERROR();
// Make sure the registry and sanitizer report mutexes are locked while
// we're printing an error report.
// We can lock them only here to avoid self-deadlock in case of
// recursive reports.
asanThreadRegistry().Lock();
CommonSanitizerReportMutex.Lock();
reporting_thread_tid = GetCurrentTidOrInvalid();
Printf("===================================================="
"=============\n");
} }
// Destructor is NORETURN, as functions that report errors are.
NORETURN ~ScopedInErrorReport() { ~ScopedInErrorReport() {
// Make sure the current thread is announced. // Make sure the current thread is announced.
DescribeThread(GetCurrentThread()); DescribeThread(GetCurrentThread());
// We may want to grab this lock again when printing stats. // We may want to grab this lock again when printing stats.
asanThreadRegistry().Unlock(); asanThreadRegistry().Unlock();
// Print memory stats. // Print memory stats.
if (flags()->print_stats) if (flags()->print_stats)
__asan_print_accumulated_stats(); __asan_print_accumulated_stats();
if (error_report_callback) { if (error_report_callback) {
error_report_callback(error_message_buffer); error_report_callback(error_message_buffer);
} }
CommonSanitizerReportMutex.Unlock();
reporting_thread_tid_ = kInvalidTid;
lock_.Unlock();
if (halt_on_error_) {
Report("ABORTING\n"); Report("ABORTING\n");
Die(); Die();
} }
}
private:
void StartReporting(ReportData *report) {
if (report) report_data = *report;
report_happened = true;
ASAN_ON_ERROR();
// Make sure the registry and sanitizer report mutexes are locked while
// we're printing an error report.
// We can lock them only here to avoid self-deadlock in case of
// recursive reports.
asanThreadRegistry().Lock();
CommonSanitizerReportMutex.Lock();
reporting_thread_tid_ = GetCurrentTidOrInvalid();
Printf("===================================================="
"=============\n");
}
static StaticSpinMutex lock_;
static u32 reporting_thread_tid_;
bool halt_on_error_;
}; };
StaticSpinMutex ScopedInErrorReport::lock_;
u32 ScopedInErrorReport::reporting_thread_tid_;
void ReportStackOverflow(const SignalContext &sig) { void ReportStackOverflow(const SignalContext &sig) {
ScopedInErrorReport in_report; ScopedInErrorReport in_report;
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
Report( Report(
"ERROR: AddressSanitizer: stack-overflow on address %p" "ERROR: AddressSanitizer: stack-overflow on address %p"
" (pc %p bp %p sp %p T%d)\n", " (pc %p bp %p sp %p T%d)\n",
(void *)sig.addr, (void *)sig.pc, (void *)sig.bp, (void *)sig.sp, (void *)sig.addr, (void *)sig.pc, (void *)sig.bp, (void *)sig.sp,
GetCurrentTidOrInvalid()); GetCurrentTidOrInvalid());
Printf("%s", d.EndWarning()); Printf("%s", d.EndWarning());
GET_STACK_TRACE_SIGNAL(sig); GET_STACK_TRACE_SIGNAL(sig);
stack.Print(); stack.Print();
ReportErrorSummary("stack-overflow", &stack); ReportErrorSummary("stack-overflow", &stack);
} }
void ReportDeadlySignal(const char *description, const SignalContext &sig) { void ReportDeadlySignal(const char *description, const SignalContext &sig) {
ScopedInErrorReport in_report; ScopedInErrorReport in_report(/*report*/nullptr, /*fatal*/true);
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
Report( Report(
"ERROR: AddressSanitizer: %s on unknown address %p" "ERROR: AddressSanitizer: %s on unknown address %p"
" (pc %p bp %p sp %p T%d)\n", " (pc %p bp %p sp %p T%d)\n",
description, (void *)sig.addr, (void *)sig.pc, (void *)sig.bp, description, (void *)sig.addr, (void *)sig.pc, (void *)sig.bp,
(void *)sig.sp, GetCurrentTidOrInvalid()); (void *)sig.sp, GetCurrentTidOrInvalid());
if (sig.pc < GetPageSizeCached()) { if (sig.pc < GetPageSizeCached()) {
▲ Show 20 LinesShow All 329 Lines▼ Show 20 Lines switch (*shadow_addr) {
case kAsanAllocaRightMagic: case kAsanAllocaRightMagic:
bug_descr = "dynamic-stack-buffer-overflow"; bug_descr = "dynamic-stack-buffer-overflow";
break; break;
} }
} }
ReportData report = { pc, sp, bp, addr, (bool)is_write, access_size, ReportData report = { pc, sp, bp, addr, (bool)is_write, access_size,
bug_descr }; bug_descr };
ScopedInErrorReport in_report(&report); ScopedInErrorReport in_report(&report, fatal);
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
Report("ERROR: AddressSanitizer: %s on address " Report("ERROR: AddressSanitizer: %s on address "
"%p at pc %p bp %p sp %p\n", "%p at pc %p bp %p sp %p\n",
bug_descr, (void*)addr, pc, bp, sp); bug_descr, (void*)addr, pc, bp, sp);
Printf("%s", d.EndWarning()); Printf("%s", d.EndWarning());
Show All 9 Linesvoid __asan_report_error(uptr pc, uptr bp, uptr sp, uptr addr, int is_write,
GET_STACK_TRACE_FATAL(pc, bp); GET_STACK_TRACE_FATAL(pc, bp);
stack.Print(); stack.Print();
DescribeAddress(addr, access_size, bug_descr); DescribeAddress(addr, access_size, bug_descr);
ReportErrorSummary(bug_descr, &stack); ReportErrorSummary(bug_descr, &stack);
PrintShadowMemoryForAddress(addr); PrintShadowMemoryForAddress(addr);
} }
} // namespace __asan
// --------------------------- Interface --------------------- {{{1
using namespace __asan; // NOLINT
void __asan_report_error(uptr pc, uptr bp, uptr sp, uptr addr, int is_write,
uptr access_size, u32 exp) {
ENABLE_FRAME_POINTER;
bool fatal = flags()->halt_on_error;
ReportGenericError(pc, bp, sp, addr, is_write, access_size, exp, fatal);
}
void NOINLINE __asan_set_error_report_callback(void (*callback)(const char*)) { void NOINLINE __asan_set_error_report_callback(void (*callback)(const char*)) {
error_report_callback = callback; error_report_callback = callback;
if (callback) { if (callback) {
error_message_buffer_size = 1 << 16; error_message_buffer_size = 1 << 16;
error_message_buffer = error_message_buffer =
(char*)MmapOrDie(error_message_buffer_size, __func__); (char*)MmapOrDie(error_message_buffer_size, __func__);
error_message_buffer_pos = 0; error_message_buffer_pos = 0;
} }
▲ Show 20 LinesShow All 58 LinesShow Last 20 Lines

compiler-rt/trunk/lib/asan/asan_rtl.cc

Show First 20 LinesShow All 107 Lines▼ Show 20 Lines
} }
// -------------------------- Run-time entry ------------------- {{{1 // -------------------------- Run-time entry ------------------- {{{1
// exported functions // exported functions
#define ASAN_REPORT_ERROR(type, is_write, size) \ #define ASAN_REPORT_ERROR(type, is_write, size) \
extern "C" NOINLINE INTERFACE_ATTRIBUTE \ extern "C" NOINLINE INTERFACE_ATTRIBUTE \
void __asan_report_ ## type ## size(uptr addr) { \ void __asan_report_ ## type ## size(uptr addr) { \
GET_CALLER_PC_BP_SP; \ GET_CALLER_PC_BP_SP; \
__asan_report_error(pc, bp, sp, addr, is_write, size, 0); \ ReportGenericError(pc, bp, sp, addr, is_write, size, 0, true); \
} \ } \
extern "C" NOINLINE INTERFACE_ATTRIBUTE \ extern "C" NOINLINE INTERFACE_ATTRIBUTE \
void __asan_report_exp_ ## type ## size(uptr addr, u32 exp) { \ void __asan_report_exp_ ## type ## size(uptr addr, u32 exp) { \
GET_CALLER_PC_BP_SP; \ GET_CALLER_PC_BP_SP; \
__asan_report_error(pc, bp, sp, addr, is_write, size, exp); \ ReportGenericError(pc, bp, sp, addr, is_write, size, exp, true); \
} } \
extern "C" NOINLINE INTERFACE_ATTRIBUTE \
void __asan_report_ ## type ## size ## _noabort(uptr addr) { \
GET_CALLER_PC_BP_SP; \
ReportGenericError(pc, bp, sp, addr, is_write, size, 0, false); \
} \
ASAN_REPORT_ERROR(load, false, 1) ASAN_REPORT_ERROR(load, false, 1)
ASAN_REPORT_ERROR(load, false, 2) ASAN_REPORT_ERROR(load, false, 2)
ASAN_REPORT_ERROR(load, false, 4) ASAN_REPORT_ERROR(load, false, 4)
ASAN_REPORT_ERROR(load, false, 8) ASAN_REPORT_ERROR(load, false, 8)
ASAN_REPORT_ERROR(load, false, 16) ASAN_REPORT_ERROR(load, false, 16)
ASAN_REPORT_ERROR(store, true, 1) ASAN_REPORT_ERROR(store, true, 1)
ASAN_REPORT_ERROR(store, true, 2) ASAN_REPORT_ERROR(store, true, 2)
ASAN_REPORT_ERROR(store, true, 4) ASAN_REPORT_ERROR(store, true, 4)
ASAN_REPORT_ERROR(store, true, 8) ASAN_REPORT_ERROR(store, true, 8)
ASAN_REPORT_ERROR(store, true, 16) ASAN_REPORT_ERROR(store, true, 16)
#define ASAN_REPORT_ERROR_N(type, is_write) \ #define ASAN_REPORT_ERROR_N(type, is_write) \
extern "C" NOINLINE INTERFACE_ATTRIBUTE \ extern "C" NOINLINE INTERFACE_ATTRIBUTE \
void __asan_report_ ## type ## _n(uptr addr, uptr size) { \ void __asan_report_ ## type ## _n(uptr addr, uptr size) { \
GET_CALLER_PC_BP_SP; \ GET_CALLER_PC_BP_SP; \
__asan_report_error(pc, bp, sp, addr, is_write, size, 0); \ ReportGenericError(pc, bp, sp, addr, is_write, size, 0, true); \
} \ } \
extern "C" NOINLINE INTERFACE_ATTRIBUTE \ extern "C" NOINLINE INTERFACE_ATTRIBUTE \
void __asan_report_exp_ ## type ## _n(uptr addr, uptr size, u32 exp) { \ void __asan_report_exp_ ## type ## _n(uptr addr, uptr size, u32 exp) { \
GET_CALLER_PC_BP_SP; \ GET_CALLER_PC_BP_SP; \
__asan_report_error(pc, bp, sp, addr, is_write, size, exp); \ ReportGenericError(pc, bp, sp, addr, is_write, size, exp, true); \
} } \
extern "C" NOINLINE INTERFACE_ATTRIBUTE \
void __asan_report_ ## type ## _n_noabort(uptr addr, uptr size) { \
GET_CALLER_PC_BP_SP; \
ReportGenericError(pc, bp, sp, addr, is_write, size, 0, false); \
} \
ASAN_REPORT_ERROR_N(load, false) ASAN_REPORT_ERROR_N(load, false)
ASAN_REPORT_ERROR_N(store, true) ASAN_REPORT_ERROR_N(store, true)
#define ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, exp_arg) \ #define ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, exp_arg, fatal) \
uptr sp = MEM_TO_SHADOW(addr); \ uptr sp = MEM_TO_SHADOW(addr); \
uptr s = size <= SHADOW_GRANULARITY ? *reinterpret_cast<u8 *>(sp) \ uptr s = size <= SHADOW_GRANULARITY ? *reinterpret_cast<u8 *>(sp) \
: *reinterpret_cast<u16 *>(sp); \ : *reinterpret_cast<u16 *>(sp); \
if (UNLIKELY(s)) { \ if (UNLIKELY(s)) { \
if (UNLIKELY(size >= SHADOW_GRANULARITY || \ if (UNLIKELY(size >= SHADOW_GRANULARITY || \
((s8)((addr & (SHADOW_GRANULARITY - 1)) + size - 1)) >= \ ((s8)((addr & (SHADOW_GRANULARITY - 1)) + size - 1)) >= \
(s8)s)) { \ (s8)s)) { \
if (__asan_test_only_reported_buggy_pointer) { \ if (__asan_test_only_reported_buggy_pointer) { \
*__asan_test_only_reported_buggy_pointer = addr; \ *__asan_test_only_reported_buggy_pointer = addr; \
} else { \ } else { \
GET_CALLER_PC_BP_SP; \ GET_CALLER_PC_BP_SP; \
__asan_report_error(pc, bp, sp, addr, is_write, size, exp_arg); \ ReportGenericError(pc, bp, sp, addr, is_write, size, exp_arg, \
fatal); \
} \ } \
} \ } \
} }
#define ASAN_MEMORY_ACCESS_CALLBACK(type, is_write, size) \ #define ASAN_MEMORY_ACCESS_CALLBACK(type, is_write, size) \
extern "C" NOINLINE INTERFACE_ATTRIBUTE \ extern "C" NOINLINE INTERFACE_ATTRIBUTE \
void __asan_##type##size(uptr addr) { \ void __asan_##type##size(uptr addr) { \
ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, 0) \ ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, 0, true) \
} \ } \
extern "C" NOINLINE INTERFACE_ATTRIBUTE \ extern "C" NOINLINE INTERFACE_ATTRIBUTE \
void __asan_exp_##type##size(uptr addr, u32 exp) { \ void __asan_exp_##type##size(uptr addr, u32 exp) { \
ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, exp) \ ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, exp, true) \
} } \
extern "C" NOINLINE INTERFACE_ATTRIBUTE \
void __asan_##type##size ## _noabort(uptr addr) { \
ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, 0, false) \
} \
ASAN_MEMORY_ACCESS_CALLBACK(load, false, 1) ASAN_MEMORY_ACCESS_CALLBACK(load, false, 1)
ASAN_MEMORY_ACCESS_CALLBACK(load, false, 2) ASAN_MEMORY_ACCESS_CALLBACK(load, false, 2)
ASAN_MEMORY_ACCESS_CALLBACK(load, false, 4) ASAN_MEMORY_ACCESS_CALLBACK(load, false, 4)
ASAN_MEMORY_ACCESS_CALLBACK(load, false, 8) ASAN_MEMORY_ACCESS_CALLBACK(load, false, 8)
ASAN_MEMORY_ACCESS_CALLBACK(load, false, 16) ASAN_MEMORY_ACCESS_CALLBACK(load, false, 16)
ASAN_MEMORY_ACCESS_CALLBACK(store, true, 1) ASAN_MEMORY_ACCESS_CALLBACK(store, true, 1)
ASAN_MEMORY_ACCESS_CALLBACK(store, true, 2) ASAN_MEMORY_ACCESS_CALLBACK(store, true, 2)
ASAN_MEMORY_ACCESS_CALLBACK(store, true, 4) ASAN_MEMORY_ACCESS_CALLBACK(store, true, 4)
ASAN_MEMORY_ACCESS_CALLBACK(store, true, 8) ASAN_MEMORY_ACCESS_CALLBACK(store, true, 8)
ASAN_MEMORY_ACCESS_CALLBACK(store, true, 16) ASAN_MEMORY_ACCESS_CALLBACK(store, true, 16)
extern "C" extern "C"
NOINLINE INTERFACE_ATTRIBUTE NOINLINE INTERFACE_ATTRIBUTE
void __asan_loadN(uptr addr, uptr size) { void __asan_loadN(uptr addr, uptr size) {
if (__asan_region_is_poisoned(addr, size)) { if (__asan_region_is_poisoned(addr, size)) {
GET_CALLER_PC_BP_SP; GET_CALLER_PC_BP_SP;
__asan_report_error(pc, bp, sp, addr, false, size, 0); ReportGenericError(pc, bp, sp, addr, false, size, 0, true);
} }
} }
extern "C" extern "C"
NOINLINE INTERFACE_ATTRIBUTE NOINLINE INTERFACE_ATTRIBUTE
void __asan_exp_loadN(uptr addr, uptr size, u32 exp) { void __asan_exp_loadN(uptr addr, uptr size, u32 exp) {
if (__asan_region_is_poisoned(addr, size)) { if (__asan_region_is_poisoned(addr, size)) {
GET_CALLER_PC_BP_SP; GET_CALLER_PC_BP_SP;
__asan_report_error(pc, bp, sp, addr, false, size, exp); ReportGenericError(pc, bp, sp, addr, false, size, exp, true);
}
}
extern "C"
NOINLINE INTERFACE_ATTRIBUTE
void __asan_loadN_noabort(uptr addr, uptr size) {
if (__asan_region_is_poisoned(addr, size)) {
GET_CALLER_PC_BP_SP;
ReportGenericError(pc, bp, sp, addr, false, size, 0, false);
} }
} }
extern "C" extern "C"
NOINLINE INTERFACE_ATTRIBUTE NOINLINE INTERFACE_ATTRIBUTE
void __asan_storeN(uptr addr, uptr size) { void __asan_storeN(uptr addr, uptr size) {
if (__asan_region_is_poisoned(addr, size)) { if (__asan_region_is_poisoned(addr, size)) {
GET_CALLER_PC_BP_SP; GET_CALLER_PC_BP_SP;
__asan_report_error(pc, bp, sp, addr, true, size, 0); ReportGenericError(pc, bp, sp, addr, true, size, 0, true);
} }
} }
extern "C" extern "C"
NOINLINE INTERFACE_ATTRIBUTE NOINLINE INTERFACE_ATTRIBUTE
void __asan_exp_storeN(uptr addr, uptr size, u32 exp) { void __asan_exp_storeN(uptr addr, uptr size, u32 exp) {
if (__asan_region_is_poisoned(addr, size)) { if (__asan_region_is_poisoned(addr, size)) {
GET_CALLER_PC_BP_SP; GET_CALLER_PC_BP_SP;
__asan_report_error(pc, bp, sp, addr, true, size, exp); ReportGenericError(pc, bp, sp, addr, true, size, exp, true);
}
}
extern "C"
NOINLINE INTERFACE_ATTRIBUTE
void __asan_storeN_noabort(uptr addr, uptr size) {
if (__asan_region_is_poisoned(addr, size)) {
GET_CALLER_PC_BP_SP;
ReportGenericError(pc, bp, sp, addr, true, size, 0, false);
} }
} }
// Force the linker to keep the symbols for various ASan interface functions. // Force the linker to keep the symbols for various ASan interface functions.
// We want to keep those in the executable in order to let the instrumented // We want to keep those in the executable in order to let the instrumented
// dynamic libraries access the symbol even if it is not used by the executable // dynamic libraries access the symbol even if it is not used by the executable
// itself. This should help if the build system is removing dead code at link // itself. This should help if the build system is removing dead code at link
// time. // time.
▲ Show 20 LinesShow All 367 LinesShow Last 20 Lines

compiler-rt/trunk/test/asan/TestCases/Darwin/interface_symbols_darwin.c

Show All 23 Lines
// RUN: echo __asan_report_load16 >> %t.interface // RUN: echo __asan_report_load16 >> %t.interface
// RUN: echo __asan_report_store1 >> %t.interface // RUN: echo __asan_report_store1 >> %t.interface
// RUN: echo __asan_report_store2 >> %t.interface // RUN: echo __asan_report_store2 >> %t.interface
// RUN: echo __asan_report_store4 >> %t.interface // RUN: echo __asan_report_store4 >> %t.interface
// RUN: echo __asan_report_store8 >> %t.interface // RUN: echo __asan_report_store8 >> %t.interface
// RUN: echo __asan_report_store16 >> %t.interface // RUN: echo __asan_report_store16 >> %t.interface
// RUN: echo __asan_report_load_n >> %t.interface // RUN: echo __asan_report_load_n >> %t.interface
// RUN: echo __asan_report_store_n >> %t.interface // RUN: echo __asan_report_store_n >> %t.interface
// RUN: echo __asan_report_load1_noabort >> %t.interface
// RUN: echo __asan_report_load2_noabort >> %t.interface
// RUN: echo __asan_report_load4_noabort >> %t.interface
// RUN: echo __asan_report_load8_noabort >> %t.interface
// RUN: echo __asan_report_load16_noabort >> %t.interface
// RUN: echo __asan_report_store1_noabort >> %t.interface
// RUN: echo __asan_report_store2_noabort >> %t.interface
// RUN: echo __asan_report_store4_noabort >> %t.interface
// RUN: echo __asan_report_store8_noabort >> %t.interface
// RUN: echo __asan_report_store16_noabort >> %t.interface
// RUN: echo __asan_report_load_n_noabort >> %t.interface
// RUN: echo __asan_report_store_n_noabort >> %t.interface
// RUN: echo __asan_report_exp_load1 >> %t.interface // RUN: echo __asan_report_exp_load1 >> %t.interface
// RUN: echo __asan_report_exp_load2 >> %t.interface // RUN: echo __asan_report_exp_load2 >> %t.interface
// RUN: echo __asan_report_exp_load4 >> %t.interface // RUN: echo __asan_report_exp_load4 >> %t.interface
// RUN: echo __asan_report_exp_load8 >> %t.interface // RUN: echo __asan_report_exp_load8 >> %t.interface
// RUN: echo __asan_report_exp_load16 >> %t.interface // RUN: echo __asan_report_exp_load16 >> %t.interface
// RUN: echo __asan_report_exp_store1 >> %t.interface // RUN: echo __asan_report_exp_store1 >> %t.interface
// RUN: echo __asan_report_exp_store2 >> %t.interface // RUN: echo __asan_report_exp_store2 >> %t.interface
// RUN: echo __asan_report_exp_store4 >> %t.interface // RUN: echo __asan_report_exp_store4 >> %t.interface
Show All 13 Lines

compiler-rt/trunk/test/asan/TestCases/Linux/halt_on_error-torture.cc

// Stress test recovery mode with many threads.
//
// RUN: %clangxx_asan -fsanitize-recover=address %s -o %t
//
// RUN: env ASAN_OPTIONS=halt_on_error=false:max_errors=1000 %run %t 1 10 >1.txt 2>&1
// RUN: FileCheck %s < 1.txt
// RUN: [ $(wc -l < 1.txt) -gt 1 ]
//
// RUN: env ASAN_OPTIONS=halt_on_error=false:max_errors=1000 %run %t 10 20 >10.txt 2>&1
// RUN: FileCheck %s < 10.txt
// This one is racy although very unlikely to fail:
// RUN: [ $(wc -l < 10.txt) -gt 1 ]
// Collisions are highly unlikely but still possible so we need the alternative:
// RUN: FileCheck --check-prefix=CHECK-COLLISION %s < 1.txt || FileCheck --check-prefix=CHECK-NO-COLLISION %s < 1.txt
//
// REQUIRES: stable-runtime
#include <stdio.h>
#include <stdlib.h>
#include <pthread.h>
#include <time.h>
#include <sanitizer/asan_interface.h>
size_t nthreads = 10;
size_t niter = 10;
void *run(void *arg) {
unsigned seed = (unsigned)(size_t)arg;
volatile char tmp[2];
__asan_poison_memory_region(&tmp, sizeof(tmp));
for (size_t i = 0; i < niter; ++i) {
struct timespec delay = { 0, rand_r(&seed) * 1000000 };
nanosleep(&delay, 0);
// Expect error collisions here
// CHECK: AddressSanitizer: use-after-poison
volatile int idx = 0;
tmp[idx] = 0;
}
return 0;
}
int main(int argc, char **argv) {
if (argc != 3) {
fprintf(stderr, "Syntax: %s nthreads niter\n", argv[0]);
exit(1);
}
nthreads = (size_t)strtoul(argv[1], 0, 0);
niter = (size_t)strtoul(argv[2], 0, 0);
pthread_t *tids = new pthread_t[nthreads];
for (size_t i = 0; i < nthreads; ++i) {
if (0 != pthread_create(&tids[i], 0, run, (void *)i)) {
fprintf(stderr, "Failed to create thread\n");
exit(1);
}
}
for (size_t i = 0; i < nthreads; ++i) {
if (0 != pthread_join(tids[i], 0)) {
fprintf(stderr, "Failed to join thread\n");
exit(1);
}
}
// CHECK-COLLISION: AddressSanitizer: nested bug in the same thread, aborting
// CHECK-NO-COLLISION: All threads terminated
printf("All threads terminated\n");
delete [] tids;
return 0;
}

compiler-rt/trunk/test/asan/TestCases/Linux/interface_symbols_linux.c

Show All 18 Lines
// RUN: echo __asan_report_load16 >> %t.interface // RUN: echo __asan_report_load16 >> %t.interface
// RUN: echo __asan_report_store1 >> %t.interface // RUN: echo __asan_report_store1 >> %t.interface
// RUN: echo __asan_report_store2 >> %t.interface // RUN: echo __asan_report_store2 >> %t.interface
// RUN: echo __asan_report_store4 >> %t.interface // RUN: echo __asan_report_store4 >> %t.interface
// RUN: echo __asan_report_store8 >> %t.interface // RUN: echo __asan_report_store8 >> %t.interface
// RUN: echo __asan_report_store16 >> %t.interface // RUN: echo __asan_report_store16 >> %t.interface
// RUN: echo __asan_report_load_n >> %t.interface // RUN: echo __asan_report_load_n >> %t.interface
// RUN: echo __asan_report_store_n >> %t.interface // RUN: echo __asan_report_store_n >> %t.interface
// RUN: echo __asan_report_load1_noabort >> %t.interface
// RUN: echo __asan_report_load2_noabort >> %t.interface
// RUN: echo __asan_report_load4_noabort >> %t.interface
// RUN: echo __asan_report_load8_noabort >> %t.interface
// RUN: echo __asan_report_load16_noabort >> %t.interface
// RUN: echo __asan_report_store1_noabort >> %t.interface
// RUN: echo __asan_report_store2_noabort >> %t.interface
// RUN: echo __asan_report_store4_noabort >> %t.interface
// RUN: echo __asan_report_store8_noabort >> %t.interface
// RUN: echo __asan_report_store16_noabort >> %t.interface
// RUN: echo __asan_report_load_n_noabort >> %t.interface
// RUN: echo __asan_report_store_n_noabort >> %t.interface
// RUN: echo __asan_report_exp_load1 >> %t.interface // RUN: echo __asan_report_exp_load1 >> %t.interface
// RUN: echo __asan_report_exp_load2 >> %t.interface // RUN: echo __asan_report_exp_load2 >> %t.interface
// RUN: echo __asan_report_exp_load4 >> %t.interface // RUN: echo __asan_report_exp_load4 >> %t.interface
// RUN: echo __asan_report_exp_load8 >> %t.interface // RUN: echo __asan_report_exp_load8 >> %t.interface
// RUN: echo __asan_report_exp_load16 >> %t.interface // RUN: echo __asan_report_exp_load16 >> %t.interface
// RUN: echo __asan_report_exp_store1 >> %t.interface // RUN: echo __asan_report_exp_store1 >> %t.interface
// RUN: echo __asan_report_exp_store2 >> %t.interface // RUN: echo __asan_report_exp_store2 >> %t.interface
// RUN: echo __asan_report_exp_store4 >> %t.interface // RUN: echo __asan_report_exp_store4 >> %t.interface
Show All 15 Lines

compiler-rt/trunk/test/asan/TestCases/halt_on_error-1.c

// Test recovery mode.
//
// RUN: %clang_asan -fsanitize-recover=address %s -o %t
//
// RUN: env not %run %t 2>&1 | FileCheck %s
// RUN: env ASAN_OPTIONS=$ASAN_OPTIONS:halt_on_error=true not %run %t 2>&1 | FileCheck %s
// RUN: env ASAN_OPTIONS=$ASAN_OPTIONS:halt_on_error=false %run %t 2>&1 | FileCheck %s --check-prefix CHECK-RECOVER
#include <string.h>
volatile int ten = 10;
int main() {
char x[10];
// CHECK: WRITE of size 11
// CHECK-RECOVER: WRITE of size 11
memset(x, 0, 11);
// CHECK-NOT: READ of size 1
// CHECK-RECOVER: READ of size 1
volatile int res = x[ten];
// CHECK-NOT: WRITE of size 1
// CHECK-RECOVER: WRITE of size 1
x[ten] = res + 3;
// CHECK-NOT: READ of size 1
// CHECK-RECOVER: READ of size 1
res = x[ten];
return 0;
}