This is an archive of the discontinued LLVM Phabricator instance.

Differential D10336

Fix tests for new str interceptors
ClosedPublic

Authored by m.guseva on Jun 9 2015, 2:41 AM.

Details

Reviewers
kcc
dvyukov
samsonov
eugenis
Commits
rGef40f0bbff6b: [ASan] Quick-fix tests for new string interceptors. Patch by Maria Guseva.
rCRT239461: [ASan] Quick-fix tests for new string interceptors.
rL239461: [ASan] Quick-fix tests for new string interceptors.
Summary

Due to recent fail of strcspn-2 (http://lab.llvm.org:8011/builders/sanitizer-ppc64-linux1/builds/7321/steps/check-asan%20in%20gcc%20build/logs/stdio) I've modified recently added unit tests for str interceptors to be more deterministic.

Diff Detail

Event Timeline

m.guseva updated this revision to Diff 27365.Jun 9 2015, 2:41 AM
m.guseva retitled this revision from to Fix tests for new str interceptors.
m.guseva updated this object.
m.guseva edited the test plan for this revision. (Show Details)
m.guseva added reviewers: eugenis, dvyukov, samsonov, kcc.
m.guseva added subscribers: ygribov, Unknown Object (MLST).
eugenis accepted this revision.Jun 9 2015, 2:09 PM
eugenis edited edge metadata.

OI would be great if someone investigated the "s3" point in my other comment, but this change alone should make the tests much more stable, so LGTM.

test/asan/TestCases/strcasestr-1.c
21

I missed the original code review, but this "s3" business looks highly suspicious. Firstly, it is not good to rely on the order of variable declarations in the function body, compiler definitely does not promise anything about that. Secondly, if ASan may say that access overflows s3 - I'd treat this as a bug in the tool. Why does it happen? COMMON_INTERCEPTOR_READ_* should point to the first poisoned byte in the memory range, which should be the first byte after the end of s1.

This revision is now accepted and ready to land.Jun 9 2015, 2:09 PM
ygribov added inline comments.Jun 9 2015, 2:18 PM
test/asan/TestCases/strcasestr-1.c
21

I think we do need to put stopping zero byte somehow to ensure that e.g. underlying Glibc's strcasestr always terminates. Any suggestions how to achieve this in a cleaner way? Perhaps set last byte of s1's redzone to 0 in a noinline no_sanitize_address helper function?

Overflow in s3 is strange indeed.

eugenis added inline comments.Jun 9 2015, 2:34 PM
test/asan/TestCases/strcasestr-1.c
21

Maybe just allocate a larger buffer for the string and __asan_poison part of it. The report would just say "wild address" though, without a reference to s1/s2 variables.

ygribov added inline comments.Jun 9 2015, 2:43 PM
test/asan/TestCases/strcasestr-1.c
21

Ah, right. Mash is on vacation so I guess I'll commit what we have meanwhile.

Closed by commit rL239461: [ASan] Quick-fix tests for new string interceptors. (authored by ygribov). · Explain WhyJun 10 2015, 12:20 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
test/
asan/
TestCases/
4 lines
4 lines
4 lines
6 lines
4 lines
4 lines
4 lines
4 lines

Diff 27365

test/asan/TestCases/strcasestr-1.c

Show All 9 Lines
#define _GNU_SOURCE #define _GNU_SOURCE
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>
int main(int argc, char **argv) { int main(int argc, char **argv) {
char *r = 0; char *r = 0;
char s2[] = "c"; char s2[] = "c";
char s1[] = {'a', 'b'}; char s1[] = {'a', 'C'};
char s3 = 0; char s3 = 0;
r = strcasestr(s1, s2); r = strcasestr(s1, s2);
// CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable // CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
eugenisUnsubmitted
Not Done
ReplyInline Actions

I missed the original code review, but this "s3" business looks highly suspicious. Firstly, it is not good to rely on the order of variable declarations in the function body, compiler definitely does not promise anything about that. Secondly, if ASan may say that access overflows s3 - I'd treat this as a bug in the tool. Why does it happen? COMMON_INTERCEPTOR_READ_* should point to the first poisoned byte in the memory range, which should be the first byte after the end of s1.

eugenis: I missed the original code review, but this "s3" business looks highly suspicious. Firstly, it…
ygribovUnsubmitted
Not Done
ReplyInline Actions

I think we do need to put stopping zero byte somehow to ensure that e.g. underlying Glibc's strcasestr always terminates. Any suggestions how to achieve this in a cleaner way? Perhaps set last byte of s1's redzone to 0 in a noinline no_sanitize_address helper function?

Overflow in s3 is strange indeed.

ygribov: I think we do need to put stopping zero byte somehow to ensure that e.g. underlying Glibc's…
eugenisUnsubmitted
Not Done
ReplyInline Actions

Maybe just allocate a larger buffer for the string and __asan_poison part of it. The report would just say "wild address" though, without a reference to s1/s2 variables.

eugenis: Maybe just allocate a larger buffer for the string and __asan_poison part of it. The report…
ygribovUnsubmitted
Not Done
ReplyInline Actions

Ah, right. Mash is on vacation so I guess I'll commit what we have meanwhile.

ygribov: Ah, right. Mash is on vacation so I guess I'll commit what we have meanwhile.
assert(r == 0); assert(r == s1 + 1);
return 0; return 0;
} }

test/asan/TestCases/strcspn-1.c

// Test string s1 overflow in strcspn function // Test string s1 overflow in strcspn function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s // RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strspn asan option // Test intercept_strspn asan option
// RUN: ASAN_OPTIONS=intercept_strspn=false %run %t 2>&1 // RUN: ASAN_OPTIONS=intercept_strspn=false %run %t 2>&1
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>
int main(int argc, char **argv) { int main(int argc, char **argv) {
size_t r; size_t r;
char s2[] = "ab"; char s2[] = "ab";
char s1[] = {'c', 'd'}; char s1[] = {'c', 'a'};
char s3 = 0; char s3 = 0;
r = strcspn(s1, s2); r = strcspn(s1, s2);
// CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable // CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r >= sizeof(s1)); assert(r == 1);
return 0; return 0;
} }

test/asan/TestCases/strcspn-2.c

// Test stopset overflow in strcspn function // Test stopset overflow in strcspn function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s // RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strcspn asan option // Test intercept_strcspn asan option
// RUN: ASAN_OPTIONS=intercept_strspn=false %run %t 2>&1 // RUN: ASAN_OPTIONS=intercept_strspn=false %run %t 2>&1
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>
int main(int argc, char **argv) { int main(int argc, char **argv) {
size_t r; size_t r;
char s1[] = "ab"; char s1[] = "ab";
char s2[] = {'c', 'd'}; char s2[] = {'a'};
char s3 = 0; char s3 = 0;
r = strcspn(s1, s2); r = strcspn(s1, s2);
// CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable // CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == sizeof(s1) - 1); assert(r == 0);
return 0; return 0;
} }

test/asan/TestCases/strpbrk-1.c

// Test string s1 overflow in strpbrk function // Test string s1 overflow in strpbrk function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s // RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strpbrk asan option // Test intercept_strpbrk asan option
// RUN: ASAN_OPTIONS=intercept_strpbrk=false %run %t 2>&1 // RUN: ASAN_OPTIONS=intercept_strpbrk=false %run %t 2>&1
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>
int main(int argc, char **argv) { int main(int argc, char **argv) {
char *r; char *r;
char s2[] = "ab"; char s2[] = "ab";
char s1[] = {'c', 'd'}; char s1[] = {'c', 'a'};
char s3[] = "a"; char s3 = 0;
r = strpbrk(s1, s2); r = strpbrk(s1, s2);
// CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable // CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r <= s3); assert(r == s1 + 1);
return 0; return 0;
} }

test/asan/TestCases/strpbrk-2.c

// Test stopset overflow in strpbrk function // Test stopset overflow in strpbrk function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s // RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strpbrk asan option // Test intercept_strpbrk asan option
// RUN: ASAN_OPTIONS=intercept_strpbrk=false %run %t 2>&1 // RUN: ASAN_OPTIONS=intercept_strpbrk=false %run %t 2>&1
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>
int main(int argc, char **argv) { int main(int argc, char **argv) {
char *r; char *r;
char s1[] = "a"; char s1[] = "c";
char s2[] = {'b', 'c'}; char s2[] = {'b', 'c'};
char s3 = 0; char s3 = 0;
r = strpbrk(s1, s2); r = strpbrk(s1, s2);
// CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable // CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == (r ? s1 : 0)); assert(r == s1);
return 0; return 0;
} }

test/asan/TestCases/strspn-1.c

// Test string s1 overflow in strspn function // Test string s1 overflow in strspn function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s // RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strspn asan option // Test intercept_strspn asan option
// RUN: ASAN_OPTIONS=intercept_strspn=false %run %t 2>&1 // RUN: ASAN_OPTIONS=intercept_strspn=false %run %t 2>&1
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>
int main(int argc, char **argv) { int main(int argc, char **argv) {
size_t r; size_t r;
char s2[] = "ab"; char s2[] = "ab";
char s1[] = {'a', 'a'}; char s1[] = {'a', 'c'};
char s3 = 0; char s3 = 0;
r = strspn(s1, s2); r = strspn(s1, s2);
// CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable // CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r >= sizeof(s1)); assert(r == 1);
return 0; return 0;
} }

test/asan/TestCases/strspn-2.c

// Test stopset overflow in strspn function // Test stopset overflow in strspn function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s // RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strspn asan option // Test intercept_strspn asan option
// RUN: ASAN_OPTIONS=intercept_strspn=false %run %t 2>&1 // RUN: ASAN_OPTIONS=intercept_strspn=false %run %t 2>&1
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>
int main(int argc, char **argv) { int main(int argc, char **argv) {
size_t r; size_t r;
char s1[] = "cc"; char s1[] = "bbc";
char s2[] = {'a', 'b'}; char s2[] = {'a', 'b'};
char s3 = 0; char s3 = 0;
r = strspn(s1, s2); r = strspn(s1, s2);
// CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable // CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 0); assert(r >= 2);
return 0; return 0;
} }

test/asan/TestCases/strstr-1.c

// Test haystack overflow in strstr function // Test haystack overflow in strstr function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s // RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strstr asan option // Test intercept_strstr asan option
// Disable other interceptors because strlen may be called inside strstr // Disable other interceptors because strlen may be called inside strstr
// RUN: ASAN_OPTIONS=intercept_strstr=false:replace_str=false %run %t 2>&1 // RUN: ASAN_OPTIONS=intercept_strstr=false:replace_str=false %run %t 2>&1
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>
int main(int argc, char **argv) { int main(int argc, char **argv) {
char *r = 0; char *r = 0;
char s2[] = "c"; char s2[] = "c";
char s1[] = {'a', 'b'}; char s1[] = {'a', 'c'};
char s3 = 0; char s3 = 0;
r = strstr(s1, s2); r = strstr(s1, s2);
// CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable // CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 0); assert(r == s1 + 1);
return 0; return 0;
} }