This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
include/sanitizer/
-
sanitizer/
3
asan_interface.h
-
lib/asan/
-
asan/
14
asan_debugging.cc
6
asan_globals.cc
2
asan_interface_internal.h
1
asan_report.h
20
asan_report.cc
-
test/asan/TestCases/
-
asan/
-
TestCases/
2
debug_locate.cc
2
debug_report.cc

Differential D4527

[compiler-rt] ASan debugging API for report info extraction and locating addresses
ClosedPublic

Authored by kubamracek on Jul 15 2014, 3:00 PM.

Download Raw Diff

Details

Reviewers

kcc
glider
samsonov

Summary

This patch is part of an effort to implement a more generic debugging API, as proposed in http://lists.cs.uiuc.edu/pipermail/llvmdev/2014-July/074656.html, with first part reviewed at http://reviews.llvm.org/D4466.

Now adding two new APIs:

__asan_get_report_data which returns a 0 if no asan report happened yet, or 1 if yes and also returns the PC, BP, SP, address, access type (read/write), access size and bug description (e.g. "heap-use-after-free")

__asan_locate_address which takes a pointer and tries to locate it, i.e. say whether it is a heap pointer, a global or a stack, or whether it's a pointer into the shadow memory. If global or stack, tries to also return the variable name, address and size. If heap, tries to return the chunk address and size.

Generally these should serve as an alternative to "asan_describe_address", which only returns all the data in text form. Having an API to get these data could allow having debugging scripts/extensions that could show additional information about a variable/expression/pointer. The idea behind having asan_get_report_data is that we could have a special lldb stop reason that could show much more information than just "EXC_BAD_ACCESS".

Diff Detail

Event Timeline

kubamracek retitled this revision from to [compiler-rt] ASan debugging API for report info extraction and locating addresses.Jul 15 2014, 3:00 PM

kubamracek updated this object.

kubamracek edited the test plan for this revision. (Show Details)

kubamracek added reviewers: kcc, glider.

kubamracek added subscribers: Unknown Object (MLST), Unknown Object (MLST).

kubamracek updated this revision to Diff 11470.Jul 15 2014, 3:00 PM

kcc added inline comments.Jul 16 2014, 1:36 AM

include/sanitizer/asan_interface.h
69	I don't like the interface. You may eventually need to get other kinds of data, so you will have to change this function. Instead, I suggest to add a set of functions like __asan_get_report_foo each of which returns just one part of report if such is known.
78	Do you need this to be a enum? Can this be just a 'const char *' containing the description, e.g. 'stack', "heap". BTW, this is missign at least one kind of memory: fake-stack.
lib/asan/asan_debugging.cc
46	here and below, please avoid copy-paste at all costs. You've copied this code from DescribeAddressIfStack -- don't do it. Instead, refactor the code so that you can call it from other places. If possible, please send the refactoring as separate patches.
lib/asan/asan_report.cc
34	wrap these into a struct. struct ReportData { uptr foo; uptr bar; }; static ReportData report_data;
947	why did you move this here?

glider added inline comments.Jul 16 2014, 2:45 AM

include/sanitizer/asan_interface.h
69	As an alternative you can make `__asan_get_report_data` return the ReportData struct suggested by Kostya below. Keep in mind you'll have to keep your LLDB scripts in sync with that struct's layout which might be less convenient than having `__asan_get_report_foo` for every foo. On the other hand `__asan_get_report_data` is more convenient to call from the user code that includes asan_interface.h
test/asan/TestCases/debug_locate.cc
9	Please fix the includes order.

Updated the patch to address review comments. Sent a separate refactor patch, http://reviews.llvm.org/D4545, this patch depends on it.

kubamracek added inline comments.Jul 16 2014, 1:41 PM

lib/asan/asan_report.cc
947	Because ScopedInErrorReport's constructor does things where I'd like the report data to already be available. Namely, it calls __asan_on_error, which seems like the only sensible place for a breakpoint before the actual report is printed (I'm using it in the debug_report.cc test case).

samsonov added a subscriber: samsonov.Jul 16 2014, 2:20 PM

samsonov added inline comments.

lib/asan/asan_report.cc
35	I believe this wouldn't compile on Windows :-/
248	static is not necessary

kubamracek added inline comments.Jul 16 2014, 2:54 PM

lib/asan/asan_report.cc
35	I don't have a Windows box nearby, would it be because of the member initialization or because of assignment of zero into a bool?

Update addressing review comments.

ping

Sorry for the delay, will review tomorrow (MSK time)

Looks mostly good.

lib/asan/asan_debugging.cc
51	Single-line comments must start with a capital letter and end with a period. Please fix here and below.
lib/asan/asan_interface_internal.h
94	Please add a comment for this family of functions.
lib/asan/asan_report.cc
35	IIUC for a non-empty ReportData the value of \|already_happened\| is always true. I suggest to extract it into a separate flag variable to avoid copying this meaningless value when passing ReportData around.
test/asan/TestCases/debug_report.cc
7	Please mind the order of includes.
17	nit: too much vertical whitespace in this function.

glider added inline comments.Jul 30 2014, 4:12 AM

lib/asan/asan_report.cc
994	BTW why this function returns int, not bool?

Please disregard my question about bool.

I still see some copy-paste
Your patches are uploaded w/o context. Please make them with full context.

Addressing the review comments. Tried to minimize any code duplication. Added full context.

samsonov added a reviewer: samsonov.Sep 8 2014, 5:16 PM

samsonov added inline comments.

lib/asan/asan_globals.cc
93–94	Can you make this function do one of the following: (1) print the address description (what it does now) if "print" input parameter is true (2) set __asan_global output parameter to the structure describing the global. Then you won't need GetInfoForAddressRelativeToGlobal at all.
116	See above: passing a pack of fake parameters is ugly. Instead you can call this function in two modes: DescrineOrGetInfoForGlobal(addr, size, /print/true, /global/nullptr); or Global g; DescribeOrGetInfoForGlobal(addr, 1, /print/false, &g);
lib/asan/asan_report.cc
306–307	Can you use the identical strings in the output and in shadow_type variable? That is, make shadow_type equal to "shadow gap", or "high shadow", or "low shadow".
311	Consider using internal_strncpy here.
994	Why have you moved ScopedInErrorReport here?
1055	Any specific reason to not expose report_data structure layout in the interface header? This pack of functions doesn't look nice.

Any specific reason to not expose report_data structure layout in the interface header? This pack of functions doesn't look nice.

It's to make it easier to use from LLDB. When we add a new function, it's easier to check whether that symbol exists than to version this struct. See the original suggestion at http://reviews.llvm.org/D4527?id=11470#inline-37585

Why have you moved ScopedInErrorReport here?

Because ScopedInErrorReport's constructor does things where I'd like the report data to already be available. Namely, it calls __asan_on_error, which seems like the only sensible place for a breakpoint *before* the actual report is printed (I'm using it in the debug_report.cc test case). I know we have to be careful about this, but it seems to me this move should be safe (the code in between doesn't do any locks, etc.). Or is there any subtle issue due to this move?

I agree with the other comments, will submit a new patch.

Kuba

Addressing comments from review.

samsonov added inline comments.Sep 11 2014, 3:09 PM

lib/asan/asan_debugging.cc
38	internal_strncpy?
121	Consider introducing a struct for address description instead of passing quadruple (name, name_size, region_address, region_size) around. It would be much easier to modify it later. You can also add region_kind ("global", "stack" etc.) string there.
lib/asan/asan_globals.cc
93–94	This function can be static.
106	I believe output_global should always be nonnull in this case. Remove the if() and optionally add a CHECK.
lib/asan/asan_interface_internal.h
97	Don't duplicate the comments here.
lib/asan/asan_report.cc
279	This clearly belongs to asan_globals.cc
314	I guess that if print() is false, output_type should be nonnull.
986	Can you use aggregate assignment here? report_data = { ... };

Updated patch.

Consider introducing a struct for address description instead of
passing quadruple (name, name_size, region_address, region_size)
around. It would be much easier to modify it later. You can also add
region_kind ("global", "stack" etc.) string there.

Introduced AddressDescription. However, I still kept the external interface not to use this struct, again for LLDB convenience reasons.

Getting closer.

lib/asan/asan_debugging.cc
35	Why not internal_strncpy(descr->name, vars[i].name_pos, Min(descr->name_size - 1, vars[i].name_len)) ?
40	s/break/return
48	See another comment about passing AddressDescription into DescribeAddressIfShadow()
55	This should be filled by GtInfoForAddressIfGlobal
69	Consider factoring out filling heap address description into a separate routine. AsanLocateAddress would then be really straightforward.
lib/asan/asan_globals.cc
105	put CHECK() under if()
126	You can (and probably should) fill descr->region_type here.
lib/asan/asan_report.h
44	Why not pass AddressDescription here as well?

Getting closer.

Thanks for the patience :)

Why not internal_strncpy(descr->name, vars[i].name_pos, Min(descr->name_size - 1, vars[i].name_len)) ?

Because that would not write \0 after the string (we're copying just a part of the string pointed to by vars[i].name_pos). So I would have to memset the whole buffer to zero before. Should I do that, instead of the strncat? (The strncat is also used in asan_report.cc:436).

In D4527#31, @kubabrecka wrote:

Getting closer.

Thanks for the patience :)

Why not internal_strncpy(descr->name, vars[i].name_pos, Min(descr->name_size - 1, vars[i].name_len)) ?

Because that would not write \0 after the string (we're copying just a part of the string pointed to by vars[i].name_pos). So I would have to memset the whole buffer to zero before. Should I do that, instead of the strncat? (The strncat is also used in asan_report.cc:436).

Right, let's keep strncat here then.

In D4527#33, @samsonov wrote:

Why not internal_strncpy(descr->name, vars[i].name_pos, Min(descr->name_size - 1, vars[i].name_len)) ?

Because that would not write \0 after the string (we're copying just a part of the string pointed to by vars[i].name_pos). So I would have to memset the whole buffer to zero before. Should I do that, instead of the strncat? (The strncat is also used in asan_report.cc:436).

Right, let's keep strncat here then.

Ok. So, are you fine with how the patch looks like now?

samsonov added inline comments.Sep 17 2014, 3:04 PM

lib/asan/asan_debugging.cc
43	what if you haven't found a stack variable? Should you still set descr->region_kind in this case?
58	Minor nit: comments seems to be redundant in this function. Also, you can reduce the amount of vertical whitespace here.
73	Rename this function to GetInfoForStackVar to make this consistent with GetInfoForAddressIfGlobal and GetInfoForHeapAddress.
lib/asan/asan_report.cc
306–307	Get rid of this variable - just put this string inside a single Printf call.
310	else if
311	else if
985	Note that report_happened might be set to true even though report_data is not yet initialized. Have you considered setting this flag inside "ScopedInErrorReport constructor? Yes, you will have no report data for other kinds of error reports, but it still seems like the right place for it. You can also pass ReportData into ScopedInErrorReport constructor, to make sure you initialize global "report_data" exactly once, under a lock.

Addressing review comments.

Uploading patch with more context.

I've got only a handful of comments left.

Kostya, are you OK with the change?

lib/asan/asan_debugging.cc
49	Do you need to at least set descr->name to empty string?
lib/asan/asan_report.cc
596	Just make nullptr default value for report. explicit ScopedInErrorReport(ReportData *report = nullptr) {...}
test/asan/TestCases/debug_locate.cc
32	You can just use asserts instead of CHECK-lines here. It doesn't look like this test needs FileCheck. assert(0 == strcmp(type, "global"));

Addressing review comments.

LGTM (but please let Kostya sign this off).

This revision is now accepted and ready to land.Sep 24 2014, 7:05 PM

Almost LGTM, sorry for delay

lib/asan/asan_debugging.cc
30	If the stack corruption is really bad we may return false here. This should be handled.

Handle the case when ParseFrameDescription returns false.

LGTM, thanks!

Landed in r218481, thanks for review!

Reverted in r218501 due to test failure on the sanitizer-x86_64-linux buildbot. Committed again in r218538 with a fix, intptr_t -> uintptr_t, and an extra free(heap_ptr) to fix the LeakSanitizer report. Both changes are in the test file only (debug_locate.cc).

Revision Contents

Path

Size

include/

sanitizer/

asan_interface.h

26 lines

lib/

asan/

asan_debugging.cc

70 lines

asan_globals.cc

42 lines

asan_interface_internal.h

22 lines

asan_report.h

13 lines

asan_report.cc

85 lines

test/

asan/

TestCases/

debug_locate.cc

77 lines

debug_report.cc

48 lines

Diff 14088

include/sanitizer/asan_interface.h

Show First 20 Lines • Show All 56 Lines • ▼ Show 20 Lines	#endif

// If at least on byte in [beg, beg+size) is poisoned, return the address		// If at least on byte in [beg, beg+size) is poisoned, return the address
// of the first such byte. Otherwise return 0.		// of the first such byte. Otherwise return 0.
void __asan_region_is_poisoned(void beg, size_t size);		void __asan_region_is_poisoned(void beg, size_t size);

// Print the description of addr (useful when debugging in gdb).		// Print the description of addr (useful when debugging in gdb).
void __asan_describe_address(void *addr);		void __asan_describe_address(void *addr);

		// Useful for calling from a debugger to get information about an ASan error.
		// Returns 1 if an error has been (or is being) reported, otherwise returns 0.
		int __asan_report_present();

		// Useful for calling from a debugger to get information about an ASan error.
		kccUnsubmitted Not Done Reply Inline Actions I don't like the interface. You may eventually need to get other kinds of data, so you will have to change this function. Instead, I suggest to add a set of functions like __asan_get_report_foo each of which returns just one part of report if such is known. kcc: I don't like the interface. You may eventually need to get other kinds of data, so you will…
		gliderUnsubmitted Not Done Reply Inline Actions As an alternative you can make `__asan_get_report_data` return the ReportData struct suggested by Kostya below. Keep in mind you'll have to keep your LLDB scripts in sync with that struct's layout which might be less convenient than having `__asan_get_report_foo` for every foo. On the other hand `__asan_get_report_data` is more convenient to call from the user code that includes asan_interface.h glider: As an alternative you can make `__asan_get_report_data` return the ReportData struct suggested…
		// If an error has been (or is being) reported, the following functions return
		// the pc, bp, sp, address, access type (0 = read, 1 = write), access size and
		// bug description (e.g. "heap-use-after-free"). Otherwise they return 0.
		void *__asan_get_report_pc();
		void *__asan_get_report_bp();
		void *__asan_get_report_sp();
		void *__asan_get_report_address();
		int __asan_get_report_access_type();
		size_t __asan_get_report_access_size();
		kccUnsubmitted Not Done Reply Inline Actions Do you need this to be a enum? Can this be just a 'const char ' containing the description, e.g. 'stack', "heap". BTW, this is missign at least one kind of memory: fake-stack. kcc:* Do you need this to be a enum? Can this be just a 'const char *' containing the description, e.
		const char *__asan_get_report_description();

		// Useful for calling from the debugger to get information about a pointer.
		// Returns the category of the given pointer as a constant string.
		// Possible return values are "global", "stack", "stack-fake", "heap",
		// "heap-invalid", "shadow-low", "shadow-gap", "shadow-high", "unknown".
		// If global or stack, tries to also return the variable name, address and
		// size. If heap, tries to return the chunk address and size. 'name' should
		// point to an allocated buffer of size 'name_size'.
		const char __asan_locate_address(void addr, char *name, size_t name_size,
		void *region_address, size_t region_size);

// Useful for calling from the debugger to get the allocation stack trace		// Useful for calling from the debugger to get the allocation stack trace
// and thread ID for a heap address. Stores up to 'size' frames into 'trace',		// and thread ID for a heap address. Stores up to 'size' frames into 'trace',
// returns the number of stored frames or 0 on error.		// returns the number of stored frames or 0 on error.
size_t __asan_get_alloc_stack(void addr, void *trace, size_t size,		size_t __asan_get_alloc_stack(void addr, void *trace, size_t size,
int *thread_id);		int *thread_id);

// Useful for calling from the debugger to get the free stack trace		// Useful for calling from the debugger to get the free stack trace
// and thread ID for a heap address. Stores up to 'size' frames into 'trace',		// and thread ID for a heap address. Stores up to 'size' frames into 'trace',
▲ Show 20 Lines • Show All 58 Lines • Show Last 20 Lines

lib/asan/asan_debugging.cc

Show All 11 Lines
// This file contains various functions that are generally useful to call when		// This file contains various functions that are generally useful to call when
// using a debugger (LLDB, GDB).		// using a debugger (LLDB, GDB).
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//

#include "asan_allocator.h"		#include "asan_allocator.h"
#include "asan_flags.h"		#include "asan_flags.h"
#include "asan_internal.h"		#include "asan_internal.h"
#include "asan_mapping.h"		#include "asan_mapping.h"
		#include "asan_report.h"
#include "asan_thread.h"		#include "asan_thread.h"

namespace __asan {		namespace __asan {

		void GetInfoForStackVar(uptr addr, AddressDescription descr, AsanThread t) {
		descr->name[0] = 0;
		descr->region_address = 0;
		descr->region_size = 0;
		descr->region_kind = "stack";

		kccUnsubmitted Not Done Reply Inline Actions If the stack corruption is really bad we may return false here. This should be handled. kcc: If the stack corruption is really bad we may return false here. This should be handled.
		uptr offset = 0;
		uptr frame_pc = 0;
		const char *frame_descr = t->GetFrameNameByAddr(addr, &offset, &frame_pc);
		InternalMmapVector<StackVarDescr> vars(16);
		if (!ParseFrameDescription(frame_descr, &vars)) {
		samsonovUnsubmitted Not Done Reply Inline Actions Why not internal_strncpy(descr->name, vars[i].name_pos, Min(descr->name_size - 1, vars[i].name_len)) ? samsonov: Why not internal_strncpy(descr->name, vars[i].name_pos, Min(descr->name_size - 1, vars[i].
		return;
		}

		samsonovUnsubmitted Not Done Reply Inline Actions internal_strncpy? samsonov: internal_strncpy?
		for (uptr i = 0; i < vars.size(); i++) {
		if (offset <= vars[i].beg + vars[i].size) {
		samsonovUnsubmitted Not Done Reply Inline Actions s/break/return samsonov: s/break/return
		internal_strncat(descr->name, vars[i].name_pos,
		Min(descr->name_size, vars[i].name_len));
		descr->region_address = addr - (offset - vars[i].beg);
		samsonovUnsubmitted Not Done Reply Inline Actions what if you haven't found a stack variable? Should you still set descr->region_kind in this case? samsonov: what if you haven't found a stack variable? Should you still set descr->region_kind in this…
		descr->region_size = vars[i].size;
		return;
		}
		kccUnsubmitted Not Done Reply Inline Actions here and below, please avoid copy-paste at all costs. You've copied this code from DescribeAddressIfStack -- don't do it. Instead, refactor the code so that you can call it from other places. If possible, please send the refactoring as separate patches. kcc: here and below, please avoid copy-paste at all costs. You've copied this code from…
		}
		}
		samsonovUnsubmitted Not Done Reply Inline Actions See another comment about passing AddressDescription into DescribeAddressIfShadow() samsonov: See another comment about passing AddressDescription into DescribeAddressIfShadow()

		samsonovUnsubmitted Not Done Reply Inline Actions Do you need to at least set descr->name to empty string? samsonov: Do you need to at least set descr->name to empty string?
		void GetInfoForHeapAddress(uptr addr, AddressDescription *descr) {
		AsanChunkView chunk = FindHeapChunkByAddress(addr);
		gliderUnsubmitted Not Done Reply Inline Actions Single-line comments must start with a capital letter and end with a period. Please fix here and below. glider: Single-line comments must start with a capital letter and end with a period. Please fix here…

		descr->name[0] = 0;
		descr->region_address = 0;
		descr->region_size = 0;
		samsonovUnsubmitted Not Done Reply Inline Actions This should be filled by GtInfoForAddressIfGlobal samsonov: This should be filled by GtInfoForAddressIfGlobal

		if (!chunk.IsValid()) {
		descr->region_kind = "heap-invalid";
		samsonovUnsubmitted Not Done Reply Inline Actions Minor nit: comments seems to be redundant in this function. Also, you can reduce the amount of vertical whitespace here. samsonov: Minor nit: comments seems to be redundant in this function. Also, you can reduce the amount of…
		return;
		}

		descr->region_address = chunk.Beg();
		descr->region_size = chunk.UsedSize();
		descr->region_kind = "heap";
		}

		void AsanLocateAddress(uptr addr, AddressDescription *descr) {
		if (DescribeAddressIfShadow(addr, descr, /* print */ false)) {
		return;
		samsonovUnsubmitted Not Done Reply Inline Actions Consider factoring out filling heap address description into a separate routine. AsanLocateAddress would then be really straightforward. samsonov: Consider factoring out filling heap address description into a separate routine.
		}
		if (GetInfoForAddressIfGlobal(addr, descr)) {
		return;
		}
		samsonovUnsubmitted Not Done Reply Inline Actions Rename this function to GetInfoForStackVar to make this consistent with GetInfoForAddressIfGlobal and GetInfoForHeapAddress. samsonov: Rename this function to GetInfoForStackVar to make this consistent with…
		asanThreadRegistry().Lock();
		AsanThread *thread = FindThreadByStackAddress(addr);
		asanThreadRegistry().Unlock();
		if (thread) {
		GetInfoForStackVar(addr, descr, thread);
		return;
		}
		GetInfoForHeapAddress(addr, descr);
		}

uptr AsanGetStack(uptr addr, uptr trace, uptr size, u32 thread_id,		uptr AsanGetStack(uptr addr, uptr trace, uptr size, u32 thread_id,
bool alloc_stack) {		bool alloc_stack) {
AsanChunkView chunk = FindHeapChunkByAddress(addr);		AsanChunkView chunk = FindHeapChunkByAddress(addr);
if (!chunk.IsValid()) return 0;		if (!chunk.IsValid()) return 0;

StackTrace stack;		StackTrace stack;
if (alloc_stack) {		if (alloc_stack) {
if (chunk.AllocTid() == kInvalidTid) return 0;		if (chunk.AllocTid() == kInvalidTid) return 0;
Show All 19 Lines	uptr AsanGetStack(uptr addr, uptr trace, uptr size, u32 thread_id,
return 0;		return 0;
}		}

} // namespace __asan		} // namespace __asan

using namespace __asan;		using namespace __asan;

SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
		const char __asan_locate_address(uptr addr, char name, uptr name_size,
		uptr region_address, uptr region_size) {
		AddressDescription descr = { name, name_size, 0, 0, 0 };
		samsonovUnsubmitted Not Done Reply Inline Actions Consider introducing a struct for address description instead of passing quadruple (name, name_size, region_address, region_size) around. It would be much easier to modify it later. You can also add region_kind ("global", "stack" etc.) string there. samsonov: Consider introducing a struct for address description instead of passing quadruple (name…
		AsanLocateAddress(addr, &descr);
		if (region_address) *region_address = descr.region_address;
		if (region_size) *region_size = descr.region_size;
		return descr.region_kind;
		}

		SANITIZER_INTERFACE_ATTRIBUTE
uptr __asan_get_alloc_stack(uptr addr, uptr trace, uptr size, u32 thread_id) {		uptr __asan_get_alloc_stack(uptr addr, uptr trace, uptr size, u32 thread_id) {
return AsanGetStack(addr, trace, size, thread_id, /* alloc_stack */ true);		return AsanGetStack(addr, trace, size, thread_id, /* alloc_stack */ true);
}		}

SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
uptr __asan_get_free_stack(uptr addr, uptr trace, uptr size, u32 thread_id) {		uptr __asan_get_free_stack(uptr addr, uptr trace, uptr size, u32 thread_id) {
return AsanGetStack(addr, trace, size, thread_id, /* alloc_stack */ false);		return AsanGetStack(addr, trace, size, thread_id, /* alloc_stack */ false);
}		}

SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
void __asan_get_shadow_mapping(uptr shadow_scale, uptr shadow_offset) {		void __asan_get_shadow_mapping(uptr shadow_scale, uptr shadow_offset) {
if (shadow_scale)		if (shadow_scale)
*shadow_scale = SHADOW_SCALE;		*shadow_scale = SHADOW_SCALE;
if (shadow_offset)		if (shadow_offset)
*shadow_offset = SHADOW_OFFSET;		*shadow_offset = SHADOW_OFFSET;
}		}

lib/asan/asan_globals.cc

Show First 20 Lines • Show All 65 Lines • ▼ Show 20 Lines	if (g.size != aligned_size) {
FastPoisonShadowPartialRightRedzone(		FastPoisonShadowPartialRightRedzone(
g.beg + RoundDownTo(g.size, SHADOW_GRANULARITY),		g.beg + RoundDownTo(g.size, SHADOW_GRANULARITY),
g.size % SHADOW_GRANULARITY,		g.size % SHADOW_GRANULARITY,
SHADOW_GRANULARITY,		SHADOW_GRANULARITY,
kAsanGlobalRedzoneMagic);		kAsanGlobalRedzoneMagic);
}		}
}		}

		const uptr kMinimalDistanceFromAnotherGlobal = 64;

		bool IsAddressNearGlobal(uptr addr, const __asan_global &g) {
		if (addr <= g.beg - kMinimalDistanceFromAnotherGlobal) return false;
		if (addr >= g.beg + g.size_with_redzone) return false;
		return true;
		}

static void ReportGlobal(const Global &g, const char *prefix) {		static void ReportGlobal(const Global &g, const char *prefix) {
Report("%s Global[%p]: beg=%p size=%zu/%zu name=%s module=%s dyn_init=%zu\n",		Report("%s Global[%p]: beg=%p size=%zu/%zu name=%s module=%s dyn_init=%zu\n",
prefix, &g, (void *)g.beg, g.size, g.size_with_redzone, g.name,		prefix, &g, (void *)g.beg, g.size, g.size_with_redzone, g.name,
g.module_name, g.has_dynamic_init);		g.module_name, g.has_dynamic_init);
if (g.location) {		if (g.location) {
Report(" location (%p): name=%s[%p], %d %d\n", g.location,		Report(" location (%p): name=%s[%p], %d %d\n", g.location,
g.location->filename, g.location->filename, g.location->line_no,		g.location->filename, g.location->filename, g.location->line_no,
g.location->column_no);		g.location->column_no);
}		}
}		}

bool DescribeAddressIfGlobal(uptr addr, uptr size) {		static bool DescribeOrGetInfoIfGlobal(uptr addr, uptr size, bool print,
		Global *output_global) {
		samsonovUnsubmitted Not Done Reply Inline Actions Can you make this function do one of the following: (1) print the address description (what it does now) if "print" input parameter is true (2) set __asan_global output parameter to the structure describing the global. Then you won't need GetInfoForAddressRelativeToGlobal at all. samsonov: Can you make this function do one of the following: (1) print the address description (what it…
		samsonovUnsubmitted Not Done Reply Inline Actions This function can be static. samsonov: This function can be static.
if (!flags()->report_globals) return false;		if (!flags()->report_globals) return false;
BlockingMutexLock lock(&mu_for_globals);		BlockingMutexLock lock(&mu_for_globals);
bool res = false;		bool res = false;
for (ListOfGlobals *l = list_of_all_globals; l; l = l->next) {		for (ListOfGlobals *l = list_of_all_globals; l; l = l->next) {
const Global &g = *l->g;		const Global &g = *l->g;
		if (print) {
if (flags()->report_globals >= 2)		if (flags()->report_globals >= 2)
ReportGlobal(g, "Search");		ReportGlobal(g, "Search");
res \|= DescribeAddressRelativeToGlobal(addr, size, g);		res \|= DescribeAddressRelativeToGlobal(addr, size, g);
		} else {
		if (IsAddressNearGlobal(addr, g)) {
		samsonovUnsubmitted Not Done Reply Inline Actions put CHECK() under if() samsonov: put CHECK() under if()
		CHECK(output_global);
		samsonovUnsubmitted Not Done Reply Inline Actions I believe output_global should always be nonnull in this case. Remove the if() and optionally add a CHECK. samsonov: I believe output_global should always be nonnull in this case. Remove the if() and optionally…
		*output_global = g;
		return true;
		}
		}
}		}
return res;		return res;
}		}

		bool DescribeAddressIfGlobal(uptr addr, uptr size) {
		return DescribeOrGetInfoIfGlobal(addr, size, /* print */ true,
		samsonovUnsubmitted Not Done Reply Inline Actions See above: passing a pack of fake parameters is ugly. Instead you can call this function in two modes: DescrineOrGetInfoForGlobal(addr, size, /print/true, /global/nullptr); or Global g; DescribeOrGetInfoForGlobal(addr, 1, /print/false, &g); samsonov: See above: passing a pack of fake parameters is ugly. Instead you can call this function in two…
		/* output_global */ nullptr);
		}

		bool GetInfoForAddressIfGlobal(uptr addr, AddressDescription *descr) {
		Global g = {};
		if (DescribeOrGetInfoIfGlobal(addr, /* size / 1, / print */ false, &g)) {
		internal_strncpy(descr->name, g.name, descr->name_size);
		descr->region_address = g.beg;
		descr->region_size = g.size;
		descr->region_kind = "global";
		samsonovUnsubmitted Not Done Reply Inline Actions You can (and probably should) fill descr->region_type here. samsonov: You can (and probably should) fill descr->region_type here.
		return true;
		}
		return false;
		}

u32 FindRegistrationSite(const Global *g) {		u32 FindRegistrationSite(const Global *g) {
CHECK(global_registration_site_vector);		CHECK(global_registration_site_vector);
for (uptr i = 0, n = global_registration_site_vector->size(); i < n; i++) {		for (uptr i = 0, n = global_registration_site_vector->size(); i < n; i++) {
GlobalRegistrationSite &grs = (*global_registration_site_vector)[i];		GlobalRegistrationSite &grs = (*global_registration_site_vector)[i];
if (g >= grs.g_first && g <= grs.g_last)		if (g >= grs.g_first && g <= grs.g_last)
return grs.stack_id;		return grs.stack_id;
}		}
return 0;		return 0;
▲ Show 20 Lines • Show All 154 Lines • Show Last 20 Lines

lib/asan/asan_interface_internal.h

Show First 20 Lines • Show All 85 Lines • ▼ Show 20 Lines	extern "C" {

SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
uptr __asan_region_is_poisoned(uptr beg, uptr size);		uptr __asan_region_is_poisoned(uptr beg, uptr size);

SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
void __asan_describe_address(uptr addr);		void __asan_describe_address(uptr addr);

SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
		int __asan_report_present();
		gliderUnsubmitted Not Done Reply Inline Actions Please add a comment for this family of functions. glider: Please add a comment for this family of functions.

		SANITIZER_INTERFACE_ATTRIBUTE
		uptr __asan_get_report_pc();
		samsonovUnsubmitted Not Done Reply Inline Actions Don't duplicate the comments here. samsonov: Don't duplicate the comments here.
		SANITIZER_INTERFACE_ATTRIBUTE
		uptr __asan_get_report_bp();
		SANITIZER_INTERFACE_ATTRIBUTE
		uptr __asan_get_report_sp();
		SANITIZER_INTERFACE_ATTRIBUTE
		uptr __asan_get_report_address();
		SANITIZER_INTERFACE_ATTRIBUTE
		int __asan_get_report_access_type();
		SANITIZER_INTERFACE_ATTRIBUTE
		uptr __asan_get_report_access_size();
		SANITIZER_INTERFACE_ATTRIBUTE
		const char * __asan_get_report_description();

		SANITIZER_INTERFACE_ATTRIBUTE
		const char * __asan_locate_address(uptr addr, char *name, uptr name_size,
		uptr region_address, uptr region_size);

		SANITIZER_INTERFACE_ATTRIBUTE
uptr __asan_get_alloc_stack(uptr addr, uptr *trace, uptr size,		uptr __asan_get_alloc_stack(uptr addr, uptr *trace, uptr size,
u32 *thread_id);		u32 *thread_id);

SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
uptr __asan_get_free_stack(uptr addr, uptr *trace, uptr size,		uptr __asan_get_free_stack(uptr addr, uptr *trace, uptr size,
u32 *thread_id);		u32 *thread_id);

SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
▲ Show 20 Lines • Show All 55 Lines • Show Last 20 Lines

lib/asan/asan_report.h

	Show All 19 Lines

	struct StackVarDescr {			struct StackVarDescr {
	uptr beg;			uptr beg;
	uptr size;			uptr size;
	const char *name_pos;			const char *name_pos;
	uptr name_len;			uptr name_len;
	};			};

				struct AddressDescription {
				char *name;
				uptr name_size;
				uptr region_address;
				uptr region_size;
				const char *region_kind;
				};

	// The following functions prints address description depending			// The following functions prints address description depending
	// on the memory type (shadow/heap/stack/global).			// on the memory type (shadow/heap/stack/global).
	void DescribeHeapAddress(uptr addr, uptr access_size);			void DescribeHeapAddress(uptr addr, uptr access_size);
	bool DescribeAddressIfGlobal(uptr addr, uptr access_size);			bool DescribeAddressIfGlobal(uptr addr, uptr access_size);
	bool DescribeAddressRelativeToGlobal(uptr addr, uptr access_size,			bool DescribeAddressRelativeToGlobal(uptr addr, uptr access_size,
	const __asan_global &g);			const __asan_global &g);
	bool DescribeAddressIfShadow(uptr addr);			bool IsAddressNearGlobal(uptr addr, const __asan_global &g);
				bool GetInfoForAddressIfGlobal(uptr addr, AddressDescription *descr);
				bool DescribeAddressIfShadow(uptr addr, AddressDescription *descr = nullptr,
				samsonovUnsubmitted Not Done Reply Inline Actions Why not pass AddressDescription here as well? samsonov: Why not pass AddressDescription here as well?
				bool print = true);
	bool ParseFrameDescription(const char *frame_descr,			bool ParseFrameDescription(const char *frame_descr,
	InternalMmapVector<StackVarDescr> *vars);			InternalMmapVector<StackVarDescr> *vars);
	bool DescribeAddressIfStack(uptr addr, uptr access_size);			bool DescribeAddressIfStack(uptr addr, uptr access_size);
	// Determines memory type on its own.			// Determines memory type on its own.
	void DescribeAddress(uptr addr, uptr access_size);			void DescribeAddress(uptr addr, uptr access_size);

	void DescribeThread(AsanThreadContext *context);			void DescribeThread(AsanThreadContext *context);

	Show All 38 Lines

lib/asan/asan_report.cc

Show All 25 Lines
namespace __asan {		namespace __asan {

// -------------------- User-specified callbacks ----------------- {{{1		// -------------------- User-specified callbacks ----------------- {{{1
static void (error_report_callback)(const char);		static void (error_report_callback)(const char);
static char *error_message_buffer = 0;		static char *error_message_buffer = 0;
static uptr error_message_buffer_pos = 0;		static uptr error_message_buffer_pos = 0;
static uptr error_message_buffer_size = 0;		static uptr error_message_buffer_size = 0;

		struct ReportData {
		kccUnsubmitted Not Done Reply Inline Actions wrap these into a struct. struct ReportData { uptr foo; uptr bar; }; static ReportData report_data; kcc: wrap these into a struct. struct ReportData { uptr foo; uptr bar; }; static ReportData…
		uptr pc;
		samsonovUnsubmitted Not Done Reply Inline Actions I believe this wouldn't compile on Windows :-/ samsonov: I believe this wouldn't compile on Windows :-/
		kubamracekAuthorUnsubmitted Not Done Reply Inline Actions I don't have a Windows box nearby, would it be because of the member initialization or because of assignment of zero into a bool? kubamracek: I don't have a Windows box nearby, would it be because of the member initialization or because…
		gliderUnsubmitted Not Done Reply Inline Actions IIUC for a non-empty ReportData the value of \|already_happened\| is always true. I suggest to extract it into a separate flag variable to avoid copying this meaningless value when passing ReportData around. glider: IIUC for a non-empty ReportData the value of \|already_happened\| is always true. I suggest to…
		uptr sp;
		uptr bp;
		uptr addr;
		bool is_write;
		uptr access_size;
		const char *description;
		};

		static bool report_happened = false;
		static ReportData report_data = {};

void AppendToErrorMessageBuffer(const char *buffer) {		void AppendToErrorMessageBuffer(const char *buffer) {
if (error_message_buffer) {		if (error_message_buffer) {
uptr length = internal_strlen(buffer);		uptr length = internal_strlen(buffer);
CHECK_GE(error_message_buffer_size, error_message_buffer_pos);		CHECK_GE(error_message_buffer_size, error_message_buffer_pos);
uptr remaining = error_message_buffer_size - error_message_buffer_pos;		uptr remaining = error_message_buffer_size - error_message_buffer_pos;
internal_strncpy(error_message_buffer + error_message_buffer_pos,		internal_strncpy(error_message_buffer + error_message_buffer_pos,
buffer, remaining);		buffer, remaining);
error_message_buffer[error_message_buffer_size - 1] = '\0';		error_message_buffer[error_message_buffer_size - 1] = '\0';
▲ Show 20 Lines • Show All 185 Lines • ▼ Show 20 Lines	static const char MaybeDemangleGlobalName(const char name) {

return should_demangle ? Symbolizer::GetOrInit()->Demangle(name) : name;		return should_demangle ? Symbolizer::GetOrInit()->Demangle(name) : name;
}		}

// Check if the global is a zero-terminated ASCII string. If so, print it.		// Check if the global is a zero-terminated ASCII string. If so, print it.
static void PrintGlobalNameIfASCII(InternalScopedString *str,		static void PrintGlobalNameIfASCII(InternalScopedString *str,
const __asan_global &g) {		const __asan_global &g) {
for (uptr p = g.beg; p < g.beg + g.size - 1; p++) {		for (uptr p = g.beg; p < g.beg + g.size - 1; p++) {
unsigned char c = (unsigned char)p;		unsigned char c = (unsigned char)p;
		samsonovUnsubmitted Not Done Reply Inline Actions static is not necessary samsonov: static is not necessary
if (c == '\0' \|\| !IsASCII(c)) return;		if (c == '\0' \|\| !IsASCII(c)) return;
}		}
if ((char)(g.beg + g.size - 1) != '\0') return;		if ((char)(g.beg + g.size - 1) != '\0') return;
str->append(" '%s' is ascii string '%s'\n", MaybeDemangleGlobalName(g.name),		str->append(" '%s' is ascii string '%s'\n", MaybeDemangleGlobalName(g.name),
(char *)g.beg);		(char *)g.beg);
}		}

static const char *GlobalFilename(const __asan_global &g) {		static const char *GlobalFilename(const __asan_global &g) {
Show All 13 Lines	static void PrintGlobalLocation(InternalScopedString *str,
if (g.location->line_no)		if (g.location->line_no)
str->append(":%d", g.location->line_no);		str->append(":%d", g.location->line_no);
if (g.location->column_no)		if (g.location->column_no)
str->append(":%d", g.location->column_no);		str->append(":%d", g.location->column_no);
}		}

bool DescribeAddressRelativeToGlobal(uptr addr, uptr size,		bool DescribeAddressRelativeToGlobal(uptr addr, uptr size,
const __asan_global &g) {		const __asan_global &g) {
static const uptr kMinimalDistanceFromAnotherGlobal = 64;		if (!IsAddressNearGlobal(addr, g)) return false;
if (addr <= g.beg - kMinimalDistanceFromAnotherGlobal) return false;
if (addr >= g.beg + g.size_with_redzone) return false;
InternalScopedString str(4096);		InternalScopedString str(4096);
		samsonovUnsubmitted Not Done Reply Inline Actions This clearly belongs to asan_globals.cc samsonov: This clearly belongs to asan_globals.cc
Decorator d;		Decorator d;
str.append("%s", d.Location());		str.append("%s", d.Location());
if (addr < g.beg) {		if (addr < g.beg) {
str.append("%p is located %zd bytes to the left", (void *)addr,		str.append("%p is located %zd bytes to the left", (void *)addr,
g.beg - addr);		g.beg - addr);
} else if (addr + size > g.beg + g.size) {		} else if (addr + size > g.beg + g.size) {
if (addr < g.beg + g.size)		if (addr < g.beg + g.size)
addr = g.beg + g.size;		addr = g.beg + g.size;
str.append("%p is located %zd bytes to the right", (void *)addr,		str.append("%p is located %zd bytes to the right", (void *)addr,
addr - (g.beg + g.size));		addr - (g.beg + g.size));
} else {		} else {
// Can it happen?		// Can it happen?
str.append("%p is located %zd bytes inside", (void *)addr, addr - g.beg);		str.append("%p is located %zd bytes inside", (void *)addr, addr - g.beg);
}		}
str.append(" of global variable '%s' defined in '",		str.append(" of global variable '%s' defined in '",
MaybeDemangleGlobalName(g.name));		MaybeDemangleGlobalName(g.name));
PrintGlobalLocation(&str, g);		PrintGlobalLocation(&str, g);
str.append("' (0x%zx) of size %zu\n", g.beg, g.size);		str.append("' (0x%zx) of size %zu\n", g.beg, g.size);
str.append("%s", d.EndLocation());		str.append("%s", d.EndLocation());
PrintGlobalNameIfASCII(&str, g);		PrintGlobalNameIfASCII(&str, g);
Printf("%s", str.data());		Printf("%s", str.data());
return true;		return true;
}		}

bool DescribeAddressIfShadow(uptr addr) {		bool DescribeAddressIfShadow(uptr addr, AddressDescription *descr, bool print) {
if (AddrIsInMem(addr))		if (AddrIsInMem(addr))
return false;		return false;
static const char kAddrInShadowReport[] =		const char *area_type = nullptr;
		samsonovUnsubmitted Not Done Reply Inline Actions Can you use the identical strings in the output and in shadow_type variable? That is, make shadow_type equal to "shadow gap", or "high shadow", or "low shadow". samsonov: Can you use the identical strings in the output and in shadow_type variable? That is, make…
		samsonovUnsubmitted Not Done Reply Inline Actions Get rid of this variable - just put this string inside a single Printf call. samsonov: Get rid of this variable - just put this string inside a single Printf call.
"Address %p is located in the %s.\n";		if (AddrIsInShadowGap(addr)) area_type = "shadow gap";
if (AddrIsInShadowGap(addr)) {		else if (AddrIsInHighShadow(addr)) area_type = "high shadow";
Printf(kAddrInShadowReport, addr, "shadow gap area");		else if (AddrIsInLowShadow(addr)) area_type = "low shadow";
		samsonovUnsubmitted Not Done Reply Inline Actions else if samsonov: else if
return true;		if (area_type != nullptr) {
		samsonovUnsubmitted Not Done Reply Inline Actions Consider using internal_strncpy here. samsonov: Consider using internal_strncpy here.
		samsonovUnsubmitted Not Done Reply Inline Actions else if samsonov: else if
}		if (print) {
if (AddrIsInHighShadow(addr)) {		Printf("Address %p is located in the %s area.\n", addr, area_type);
Printf(kAddrInShadowReport, addr, "high shadow area");		} else {
		samsonovUnsubmitted Not Done Reply Inline Actions I guess that if print() is false, output_type should be nonnull. samsonov: I guess that if print() is false, output_type should be nonnull.
return true;		CHECK(descr);
		descr->region_kind = area_type;
}		}
if (AddrIsInLowShadow(addr)) {
Printf(kAddrInShadowReport, addr, "low shadow area");
return true;		return true;
}		}
CHECK(0 && "Address is not in memory and not in shadow?");		CHECK(0 && "Address is not in memory and not in shadow?");
return false;		return false;
}		}

// Return " (thread_name) " or an empty string if the name is empty.		// Return " (thread_name) " or an empty string if the name is empty.
const char ThreadNameWithParenthesis(AsanThreadContext t, char buff[],		const char ThreadNameWithParenthesis(AsanThreadContext t, char buff[],
▲ Show 20 Lines • Show All 261 Lines • ▼ Show 20 Lines
}		}

// -------------------- Different kinds of reports ----------------- {{{1		// -------------------- Different kinds of reports ----------------- {{{1

// Use ScopedInErrorReport to run common actions just before and		// Use ScopedInErrorReport to run common actions just before and
// immediately after printing error report.		// immediately after printing error report.
class ScopedInErrorReport {		class ScopedInErrorReport {
public:		public:
ScopedInErrorReport() {		explicit ScopedInErrorReport(ReportData *report = nullptr) {
static atomic_uint32_t num_calls;		static atomic_uint32_t num_calls;
		samsonovUnsubmitted Not Done Reply Inline Actions Just make nullptr default value for report. explicit ScopedInErrorReport(ReportData report = nullptr) {...} samsonov:* Just make nullptr default value for report. explicit ScopedInErrorReport(ReportData *report…
static u32 reporting_thread_tid;		static u32 reporting_thread_tid;
if (atomic_fetch_add(&num_calls, 1, memory_order_relaxed) != 0) {		if (atomic_fetch_add(&num_calls, 1, memory_order_relaxed) != 0) {
// Do not print more than one report, otherwise they will mix up.		// Do not print more than one report, otherwise they will mix up.
// Error reporting functions shouldn't return at this situation, as		// Error reporting functions shouldn't return at this situation, as
// they are defined as no-return.		// they are defined as no-return.
Report("AddressSanitizer: while reporting a bug found another one. "		Report("AddressSanitizer: while reporting a bug found another one. "
"Ignoring.\n");		"Ignoring.\n");
u32 current_tid = GetCurrentTidOrInvalid();		u32 current_tid = GetCurrentTidOrInvalid();
if (current_tid != reporting_thread_tid) {		if (current_tid != reporting_thread_tid) {
// ASan found two bugs in different threads simultaneously. Sleep		// ASan found two bugs in different threads simultaneously. Sleep
// long enough to make sure that the thread which started to print		// long enough to make sure that the thread which started to print
// an error report will finish doing it.		// an error report will finish doing it.
SleepForSeconds(Max(100, flags()->sleep_before_dying + 1));		SleepForSeconds(Max(100, flags()->sleep_before_dying + 1));
}		}
// If we're still not dead for some reason, use raw _exit() instead of		// If we're still not dead for some reason, use raw _exit() instead of
// Die() to bypass any additional checks.		// Die() to bypass any additional checks.
internal__exit(flags()->exitcode);		internal__exit(flags()->exitcode);
}		}
		if (report) report_data = *report;
		report_happened = true;
ASAN_ON_ERROR();		ASAN_ON_ERROR();
// Make sure the registry and sanitizer report mutexes are locked while		// Make sure the registry and sanitizer report mutexes are locked while
// we're printing an error report.		// we're printing an error report.
// We can lock them only here to avoid self-deadlock in case of		// We can lock them only here to avoid self-deadlock in case of
// recursive reports.		// recursive reports.
asanThreadRegistry().Lock();		asanThreadRegistry().Lock();
CommonSanitizerReportMutex.Lock();		CommonSanitizerReportMutex.Lock();
reporting_thread_tid = GetCurrentTidOrInvalid();		reporting_thread_tid = GetCurrentTidOrInvalid();
▲ Show 20 Lines • Show All 304 Lines • ▼ Show 20 Lines

} // namespace __asan		} // namespace __asan

// --------------------------- Interface --------------------- {{{1		// --------------------------- Interface --------------------- {{{1
using namespace __asan; // NOLINT		using namespace __asan; // NOLINT

void __asan_report_error(uptr pc, uptr bp, uptr sp, uptr addr, int is_write,		void __asan_report_error(uptr pc, uptr bp, uptr sp, uptr addr, int is_write,
uptr access_size) {		uptr access_size) {
ScopedInErrorReport in_report;

// Determine the error type.		// Determine the error type.
const char *bug_descr = "unknown-crash";		const char *bug_descr = "unknown-crash";
if (AddrIsInMem(addr)) {		if (AddrIsInMem(addr)) {
u8 shadow_addr = (u8)MemToShadow(addr);		u8 shadow_addr = (u8)MemToShadow(addr);
// If we are accessing 16 bytes, look at the second shadow byte.		// If we are accessing 16 bytes, look at the second shadow byte.
if (*shadow_addr == 0 && access_size > SHADOW_GRANULARITY)		if (*shadow_addr == 0 && access_size > SHADOW_GRANULARITY)
shadow_addr++;		shadow_addr++;
// If we are in the partial right redzone, look at the next shadow byte.		// If we are in the partial right redzone, look at the next shadow byte.
if (shadow_addr > 0 && shadow_addr < 128)		if (shadow_addr > 0 && shadow_addr < 128)
shadow_addr++;		shadow_addr++;
switch (*shadow_addr) {		switch (*shadow_addr) {
		kccUnsubmitted Not Done Reply Inline Actions why did you move this here? kcc: why did you move this here?
		kubamracekAuthorUnsubmitted Not Done Reply Inline Actions Because ScopedInErrorReport's constructor does things where I'd like the report data to already be available. Namely, it calls __asan_on_error, which seems like the only sensible place for a breakpoint before the actual report is printed (I'm using it in the debug_report.cc test case). kubamracek: Because ScopedInErrorReport's constructor does things where I'd like the report data to already…
case kAsanHeapLeftRedzoneMagic:		case kAsanHeapLeftRedzoneMagic:
case kAsanHeapRightRedzoneMagic:		case kAsanHeapRightRedzoneMagic:
case kAsanArrayCookieMagic:		case kAsanArrayCookieMagic:
bug_descr = "heap-buffer-overflow";		bug_descr = "heap-buffer-overflow";
break;		break;
case kAsanHeapFreeMagic:		case kAsanHeapFreeMagic:
bug_descr = "heap-use-after-free";		bug_descr = "heap-use-after-free";
break;		break;
Show All 20 Lines	switch (*shadow_addr) {
case kAsanStackUseAfterScopeMagic:		case kAsanStackUseAfterScopeMagic:
bug_descr = "stack-use-after-scope";		bug_descr = "stack-use-after-scope";
break;		break;
case kAsanGlobalRedzoneMagic:		case kAsanGlobalRedzoneMagic:
bug_descr = "global-buffer-overflow";		bug_descr = "global-buffer-overflow";
break;		break;
}		}
}		}

		ReportData report = { pc, sp, bp, addr, (bool)is_write, access_size,
		samsonovUnsubmitted Not Done Reply Inline Actions Note that report_happened might be set to true even though report_data is not yet initialized. Have you considered setting this flag inside "ScopedInErrorReport constructor? Yes, you will have no report data for other kinds of error reports, but it still seems like the right place for it. You can also pass ReportData into ScopedInErrorReport constructor, to make sure you initialize global "report_data" exactly once, under a lock. samsonov: Note that report_happened might be set to true even though report_data is not yet initialized.
		bug_descr };
		samsonovUnsubmitted Not Done Reply Inline Actions Can you use aggregate assignment here? report_data = { ... }; samsonov: Can you use aggregate assignment here? report_data = { ... };
		ScopedInErrorReport in_report(&report);

Decorator d;		Decorator d;
Printf("%s", d.Warning());		Printf("%s", d.Warning());
Report("ERROR: AddressSanitizer: %s on address "		Report("ERROR: AddressSanitizer: %s on address "
"%p at pc %p bp %p sp %p\n",		"%p at pc %p bp %p sp %p\n",
bug_descr, (void*)addr, pc, bp, sp);		bug_descr, (void*)addr, pc, bp, sp);
Printf("%s", d.EndWarning());		Printf("%s", d.EndWarning());
		gliderUnsubmitted Not Done Reply Inline Actions BTW why this function returns int, not bool? glider: BTW why this function returns int, not bool?
		samsonovUnsubmitted Not Done Reply Inline Actions Why have you moved ScopedInErrorReport here? samsonov: Why have you moved ScopedInErrorReport here?

u32 curr_tid = GetCurrentTidOrInvalid();		u32 curr_tid = GetCurrentTidOrInvalid();
char tname[128];		char tname[128];
Printf("%s%s of size %zu at %p thread T%d%s%s\n",		Printf("%s%s of size %zu at %p thread T%d%s%s\n",
d.Access(),		d.Access(),
access_size ? (is_write ? "WRITE" : "READ") : "ACCESS",		access_size ? (is_write ? "WRITE" : "READ") : "ACCESS",
access_size, (void*)addr, curr_tid,		access_size, (void*)addr, curr_tid,
ThreadNameWithParenthesis(curr_tid, tname, sizeof(tname)),		ThreadNameWithParenthesis(curr_tid, tname, sizeof(tname)),
Show All 19 Lines

void __asan_describe_address(uptr addr) {		void __asan_describe_address(uptr addr) {
// Thread registry must be locked while we're describing an address.		// Thread registry must be locked while we're describing an address.
asanThreadRegistry().Lock();		asanThreadRegistry().Lock();
DescribeAddress(addr, 1);		DescribeAddress(addr, 1);
asanThreadRegistry().Unlock();		asanThreadRegistry().Unlock();
}		}

		int __asan_report_present() {
		return report_happened ? 1 : 0;
		}

		uptr __asan_get_report_pc() {
		return report_data.pc;
		}

		uptr __asan_get_report_bp() {
		return report_data.bp;
		}

		uptr __asan_get_report_sp() {
		return report_data.sp;
		}

		uptr __asan_get_report_address() {
		return report_data.addr;
		}

		int __asan_get_report_access_type() {
		return report_data.is_write ? 1 : 0;
		}

		uptr __asan_get_report_access_size() {
		return report_data.access_size;
		samsonovUnsubmitted Not Done Reply Inline Actions Any specific reason to not expose report_data structure layout in the interface header? This pack of functions doesn't look nice. samsonov: Any specific reason to not expose report_data structure layout in the interface header? This…
		}

		const char *__asan_get_report_description() {
		return report_data.description;
		}

extern "C" {		extern "C" {
SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
void __sanitizer_ptr_sub(void a, void b) {		void __sanitizer_ptr_sub(void a, void b) {
CheckForInvalidPointerPair(a, b);		CheckForInvalidPointerPair(a, b);
}		}
SANITIZER_INTERFACE_ATTRIBUTE		SANITIZER_INTERFACE_ATTRIBUTE
void __sanitizer_ptr_cmp(void a, void b) {		void __sanitizer_ptr_cmp(void a, void b) {
CheckForInvalidPointerPair(a, b);		CheckForInvalidPointerPair(a, b);
Show All 9 Lines

test/asan/TestCases/debug_locate.cc

				// Checks the ASan memory address type debugging API, makes sure it returns
				// the correct memory type for heap, stack, global and shadow addresses and
				// that it correctly finds out which region (and name and size) the address
				// belongs to.
				// RUN: %clangxx_asan -O0 %s -o %t && %run %t 2>&1

				#include <assert.h>
				#include <sanitizer/asan_interface.h>
				#include <stdio.h>
				gliderUnsubmitted Not Done Reply Inline Actions Please fix the includes order. glider: Please fix the includes order.
				#include <stdlib.h>
				#include <string.h>

				int global_var;

				int main() {
				int local_var;
				char heap_ptr = (char )malloc(10);

				char name[100];
				void *region_address;
				size_t region_size;
				const char *type;

				type = __asan_locate_address(&global_var, name, 100,
				&region_address, &region_size);
				assert(0 == strcmp(name, "global_var"));
				assert(0 == strcmp(type, "global"));
				assert(region_address == &global_var);
				assert(region_size == sizeof(global_var));

				type = __asan_locate_address((char *)(&global_var)+1, name, 100,
				&region_address, &region_size);
				samsonovUnsubmitted Not Done Reply Inline Actions You can just use asserts instead of CHECK-lines here. It doesn't look like this test needs FileCheck. assert(0 == strcmp(type, "global")); samsonov: You can just use asserts instead of CHECK-lines here. It doesn't look like this test needs…
				assert(0 == strcmp(name, "global_var"));
				assert(0 == strcmp(type, "global"));
				assert(region_address == &global_var);
				assert(region_size == sizeof(global_var));

				type = __asan_locate_address(&local_var, name, 100,
				&region_address, &region_size);
				assert(0 == strcmp(name, "local_var"));
				assert(0 == strcmp(type, "stack"));
				assert(region_address == &local_var);
				assert(region_size == sizeof(local_var));

				type = __asan_locate_address((char *)(&local_var)+1, name, 100,
				&region_address, &region_size);
				assert(0 == strcmp(name, "local_var"));
				assert(0 == strcmp(type, "stack"));
				assert(region_address == &local_var);
				assert(region_size == sizeof(local_var));

				type = __asan_locate_address(heap_ptr, name, 100,
				&region_address, &region_size);
				assert(0 == strcmp(type, "heap"));
				assert(region_address == heap_ptr);
				assert(10 == region_size);

				type = __asan_locate_address(heap_ptr+1, name, 100,
				&region_address, &region_size);
				assert(0 == strcmp(type, "heap"));
				assert(region_address == heap_ptr);
				assert(10 == region_size);

				size_t shadow_scale;
				size_t shadow_offset;
				__asan_get_shadow_mapping(&shadow_scale, &shadow_offset);

				intptr_t shadow_ptr = (((intptr_t)heap_ptr) >> shadow_scale) + shadow_offset;
				type = __asan_locate_address((void *)shadow_ptr, NULL, 0, NULL, NULL);
				assert((0 == strcmp(type, "high shadow")) \|\| 0 == strcmp(type, "low shadow"));

				intptr_t shadow_gap = (shadow_ptr >> shadow_scale) + shadow_offset;
				type = __asan_locate_address((void *)shadow_gap, NULL, 0, NULL, NULL);
				assert(0 == strcmp(type, "shadow gap"));

				return 0;
				}

test/asan/TestCases/debug_report.cc

				// Checks that the ASan debugging API for getting report information
				// returns correct values.
				// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 \| FileCheck %s

				#include <sanitizer/asan_interface.h>
				#include <stdio.h>
				#include <stdlib.h>
				gliderUnsubmitted Not Done Reply Inline Actions Please mind the order of includes. glider: Please mind the order of includes.

				int main() {
				char heap_ptr = (char )malloc(10);
				free(heap_ptr);
				int present = __asan_report_present();
				fprintf(stderr, "%s\n", (present == 0) ? "no report" : "");
				// CHECK: no report
				heap_ptr[0] = 'A'; // BOOM
				return 0;
				}
				gliderUnsubmitted Not Done Reply Inline Actions nit: too much vertical whitespace in this function. glider: nit: too much vertical whitespace in this function.

				void __asan_on_error() {
				int present = __asan_report_present();
				void *pc = __asan_get_report_pc();
				void *bp = __asan_get_report_bp();
				void *sp = __asan_get_report_sp();
				void *addr = __asan_get_report_address();
				int is_write = __asan_get_report_access_type();
				size_t access_size = __asan_get_report_access_size();
				const char *description = __asan_get_report_description();

				fprintf(stderr, "%s\n", (present == 1) ? "report" : "");
				// CHECK: report
				fprintf(stderr, "pc: %p\n", pc);
				// CHECK: pc: 0x[[PC:[0-9a-f]+]]
				fprintf(stderr, "bp: %p\n", bp);
				// CHECK: bp: 0x[[BP:[0-9a-f]+]]
				fprintf(stderr, "sp: %p\n", sp);
				// CHECK: sp: 0x[[SP:[0-9a-f]+]]
				fprintf(stderr, "addr: %p\n", addr);
				// CHECK: addr: 0x[[ADDR:[0-9a-f]+]]
				fprintf(stderr, "type: %s\n", (is_write ? "write" : "read"));
				// CHECK: type: write
				fprintf(stderr, "access_size: %ld\n", access_size);
				// CHECK: access_size: 1
				fprintf(stderr, "description: %s\n", description);
				// CHECK: description: heap-use-after-free
				}

				// CHECK: AddressSanitizer: heap-use-after-free on address {{0x0}}[[ADDR]] at pc {{0x0}}[[PC]] bp {{0x0}}[[BP]] sp {{0x0}}[[SP]]
				// CHECK: WRITE of size 1 at {{0x0*}}[[ADDR]] thread T0