This is an archive of the discontinued LLVM Phabricator instance.

Differential D104154

[NFC][sanitizer] Remove calls to __asan_get_current_fake_stack
ClosedPublic

Authored by kda on Jun 11 2021, 2:06 PM.

Details

Reviewers
vitalybuka
Commits
rGc4992bf593a4: [NFC][sanitizer] Remove calls to __asan_get_current_fake_stack
Summary

Unnecessary with -fsanitize-address-use-after-return=never.

for issue: https://github.com/google/sanitizers/issues/1394

Diff Detail

Event Timeline

kda requested review of this revision.Jun 11 2021, 2:06 PM
kda created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptJun 11 2021, 2:06 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Harbormaster completed remote builds in B108897: Diff 351561.Jun 11 2021, 3:06 PM
vitalybuka added a comment.Jun 11 2021, 3:10 PM

I'd prefer we just update __asan_get_current_fake_stack()

kda added a comment.Jun 14 2021, 8:27 AM
In D104154#2814441, @vitalybuka wrote:

I'd prefer we just update __asan_get_current_fake_stack()

Yeah, but all of these would prefer to assume that there is no fake stack.
With =never, there is no fake stack.

vitalybuka added inline comments.Jun 14 2021, 2:15 PM
compiler-rt/test/asan/TestCases/Posix/stack-overflow.cpp
71–72

And you can revert all "// RUN:" lines

compiler-rt/test/asan/TestCases/contiguous_container.cpp
72

why this does not work for fake stake?
do this tests fail with fake stack without __asan_get_current_fake_stack() check?

vitalybuka added inline comments.Jun 14 2021, 2:17 PM
compiler-rt/test/asan/TestCases/Posix/stack-overflow.cpp
78
87
112
vitalybuka added inline comments.Jun 14 2021, 2:18 PM
compiler-rt/test/asan/TestCases/Posix/stack-overflow.cpp
87

probably __builtin_frame_address is fine here as well

112

and here

kda updated this revision to Diff 352298.Jun 15 2021, 5:00 PM
  • remove UAR=never flag from contiguous_container.cpp.
compiler-rt/test/asan/TestCases/Posix/stack-overflow.cpp
71–72

I tried all these and it does not work.
__builtin_frame_address needs a parameter, I provided '0'.
recursive_func(-1): does not compile (cannot convert 'int' to 'char*').

Also, I think that passing -1 to recursive_func, is like passing a max INT, and consequently will always be greater than any value returned by __builtin_frame_address.
The above assert proves nothing.

compiler-rt/test/asan/TestCases/contiguous_container.cpp
72

I don't know why. I thought this looked useless and redundant, as the fake stack is off by default.
The test passes without the __asan_get_current_fake_stack check.

vitalybuka updated this revision to Diff 352315.Jun 15 2021, 6:46 PM

use __builtin_frame_address

vitalybuka retitled this revision from [sanitizer] Replace calls to __asan_get_current_fake_stack with -fsanitize-address-use-after-return=never in tests. (NFC) to [NFC][sanitizer] Remove calls to __asan_get_current_fake_stack.Jun 15 2021, 6:47 PM
vitalybuka edited the summary of this revision. (Show Details)

I've updated the summary, usually shorter title of the git commit looks nicer.

compiler-rt/test/asan/TestCases/Posix/stack-overflow.cpp
71–72

I've updated the patch. Works this way.

compiler-rt/test/asan/TestCases/contiguous_container.cpp
72

I see
these are special cases when Asan bailout by poisoning entire stack (including callers) to make sure exception handler is executed on poisoned stack.
So for regular stack rezones it will remove red-zones around x[].
But we don't need to clear FakeStack, exception handler will just use new FakeFrame, so we can keep redzones in the current FakeStack around x[]

vitalybuka accepted this revision.Jun 15 2021, 6:49 PM
This revision is now accepted and ready to land.Jun 15 2021, 6:49 PM
This revision was landed with ongoing or failed builds.Jun 15 2021, 6:52 PM
Closed by commit rGc4992bf593a4: [NFC][sanitizer] Remove calls to __asan_get_current_fake_stack (authored by kda, committed by vitalybuka). · Explain Why
This revision was automatically updated to reflect the committed changes.
vitalybuka added a commit: rGc4992bf593a4: [NFC][sanitizer] Remove calls to __asan_get_current_fake_stack.
Harbormaster completed remote builds in B109435: Diff 352315.Jun 16 2021, 12:44 AM

Revision Contents

PathSize
compiler-rt/
test/
asan/
TestCases/
Posix/
11 lines
6 lines
8 lines
14 lines

Diff 352317

compiler-rt/test/asan/TestCases/Posix/stack-overflow.cpp

Show All 25 Lines
#include <sys/resource.h> #include <sys/resource.h>
#include <sanitizer/asan_interface.h> #include <sanitizer/asan_interface.h>
const int BS = 1024; const int BS = 1024;
volatile char x; volatile char x;
volatile int y = 1; volatile int y = 1;
volatile int z0, z1, z2, z3, z4, z5, z6, z7, z8, z9, z10, z11, z12, z13; volatile int z0, z1, z2, z3, z4, z5, z6, z7, z8, z9, z10, z11, z12, z13;
void recursive_func(char *p) { void recursive_func(uintptr_t parent_frame_address) {
#if defined(SMALL_FRAME) #if defined(SMALL_FRAME)
char *buf = 0; char *buf = 0;
#elif defined(SAVE_ALL_THE_REGISTERS) #elif defined(SAVE_ALL_THE_REGISTERS)
char *buf = 0; char *buf = 0;
int t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11, t12, t13; int t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11, t12, t13;
t0 = z0; t0 = z0;
t1 = z1; t1 = z1;
t2 = z2; t2 = z2;
Show All 20 Lines#elif defined(SAVE_ALL_THE_REGISTERS)
z8 = t8; z8 = t8;
z9 = t9; z9 = t9;
z10 = t10; z10 = t10;
z11 = t11; z11 = t11;
z12 = t12; z12 = t12;
z13 = t13; z13 = t13;
#else #else
char buf[BS]; char buf[BS];
// Check that the stack grows in the righ direction, unless we use fake stack. // Check that the stack grows in the righ direction, unless we use fake stack.
if (p && !__asan_get_current_fake_stack()) assert(parent_frame_address > (uintptr_t)__builtin_frame_address(0));
vitalybukaUnsubmitted
Not Done
ReplyInline Actions
// Check that the stack grows in the righ direction, unless we use fake stack.
- if (p)
- assert(p - buf >= BS);
+ assert(p > __builtin_frame_address())
buf[rand() % BS] = 1;

And you can revert all "// RUN:" lines

vitalybuka: And you can revert all "// RUN:" lines
kdaAuthorUnsubmitted
Done
ReplyInline Actions

I tried all these and it does not work.
__builtin_frame_address needs a parameter, I provided '0'.
recursive_func(-1): does not compile (cannot convert 'int' to 'char*').

Also, I think that passing -1 to recursive_func, is like passing a max INT, and consequently will always be greater than any value returned by __builtin_frame_address.
The above assert proves nothing.

kda: I tried all these and it does not work. __builtin_frame_address needs a parameter, I provided…
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

I've updated the patch. Works this way.

vitalybuka: I've updated the patch. Works this way.
assert(p - buf >= BS);
buf[rand() % BS] = 1; buf[rand() % BS] = 1;
buf[rand() % BS] = 2; buf[rand() % BS] = 2;
x = buf[rand() % BS]; x = buf[rand() % BS];
#endif #endif
if (y) if (y)
recursive_func(buf); recursive_func((uintptr_t)__builtin_frame_address(0));
vitalybukaUnsubmitted
Not Done
ReplyInline Actions
if (y)
- recursive_func(buf);
+ recursive_func(__builtin_frame_address());
x = 1; // prevent tail call optimization
vitalybuka:
x = 1; // prevent tail call optimization x = 1; // prevent tail call optimization
// CHECK: {{stack-overflow on address 0x.* \(pc 0x.* bp 0x.* sp 0x.* T.*\)}} // CHECK: {{stack-overflow on address 0x.* \(pc 0x.* bp 0x.* sp 0x.* T.*\)}}
// If stack overflow happens during function prologue, stack trace may be // If stack overflow happens during function prologue, stack trace may be
// corrupted. Unwind tables are not always 100% exact there. // corrupted. Unwind tables are not always 100% exact there.
// For this reason, we don't do any further checks. // For this reason, we don't do any further checks.
} }
void *ThreadFn(void* unused) { void *ThreadFn(void* unused) {
recursive_func(0); recursive_func((uintptr_t)__builtin_frame_address(0));
vitalybukaUnsubmitted
Not Done
ReplyInline Actions
void *ThreadFn(void* unused) {
- recursive_func(0);
+ recursive_func(-1);
return 0;
vitalybuka:
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

probably __builtin_frame_address is fine here as well

vitalybuka: probably __builtin_frame_address is fine here as well
return 0; return 0;
} }
void LimitStackAndReexec(int argc, char **argv) { void LimitStackAndReexec(int argc, char **argv) {
struct rlimit rlim; struct rlimit rlim;
int res = getrlimit(RLIMIT_STACK, &rlim); int res = getrlimit(RLIMIT_STACK, &rlim);
assert(res == 0); assert(res == 0);
if (rlim.rlim_cur == RLIM_INFINITY) { if (rlim.rlim_cur == RLIM_INFINITY) {
rlim.rlim_cur = 256 * 1024; rlim.rlim_cur = 256 * 1024;
res = setrlimit(RLIMIT_STACK, &rlim); res = setrlimit(RLIMIT_STACK, &rlim);
assert(res == 0); assert(res == 0);
execv(argv[0], argv); execv(argv[0], argv);
assert(0 && "unreachable"); assert(0 && "unreachable");
} }
} }
int main(int argc, char **argv) { int main(int argc, char **argv) {
LimitStackAndReexec(argc, argv); LimitStackAndReexec(argc, argv);
#ifdef THREAD #ifdef THREAD
pthread_t t; pthread_t t;
pthread_create(&t, 0, ThreadFn, 0); pthread_create(&t, 0, ThreadFn, 0);
pthread_join(t, 0); pthread_join(t, 0);
#else #else
recursive_func(0); recursive_func((uintptr_t)__builtin_frame_address(0));
vitalybukaUnsubmitted
Not Done
ReplyInline Actions
#else
- recursive_func(0);
+ recursive_func(-1);
#endif
vitalybuka:
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

and here

vitalybuka: and here
#endif #endif
return 0; return 0;
} }

compiler-rt/test/asan/TestCases/contiguous_container.cpp

Show First 20 LinesShow All 59 Lines▼ Show 20 Lines
void TestThrow() { void TestThrow() {
char x[32]; char x[32];
__sanitizer_annotate_contiguous_container(x, x + 32, x + 32, x + 14); __sanitizer_annotate_contiguous_container(x, x + 32, x + 32, x + 14);
assert(!__asan_address_is_poisoned(x + 13)); assert(!__asan_address_is_poisoned(x + 13));
assert(__asan_address_is_poisoned(x + 14)); assert(__asan_address_is_poisoned(x + 14));
ThrowAndCatch(); ThrowAndCatch();
assert(!__asan_address_is_poisoned(x + 13)); assert(!__asan_address_is_poisoned(x + 13));
// FIXME: invert the assertion below once we fix
// https://code.google.com/p/address-sanitizer/issues/detail?id=258
// This assertion works only w/o UAR.
if (!__asan_get_current_fake_stack())
assert(!__asan_address_is_poisoned(x + 14)); assert(!__asan_address_is_poisoned(x + 14));
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

why this does not work for fake stake?
do this tests fail with fake stack without __asan_get_current_fake_stack() check?

vitalybuka: why this does not work for fake stake? do this tests fail with fake stack without…
kdaAuthorUnsubmitted
Done
ReplyInline Actions

I don't know why. I thought this looked useless and redundant, as the fake stack is off by default.
The test passes without the __asan_get_current_fake_stack check.

kda: I don't know why. I thought this looked useless and redundant, as the fake stack is off by…
vitalybukaUnsubmitted
Not Done
ReplyInline Actions

I see
these are special cases when Asan bailout by poisoning entire stack (including callers) to make sure exception handler is executed on poisoned stack.
So for regular stack rezones it will remove red-zones around x[].
But we don't need to clear FakeStack, exception handler will just use new FakeFrame, so we can keep redzones in the current FakeStack around x[]

vitalybuka: I see these are special cases when Asan bailout by poisoning entire stack (including callers)…
__sanitizer_annotate_contiguous_container(x, x + 32, x + 14, x + 32); __sanitizer_annotate_contiguous_container(x, x + 32, x + 14, x + 32);
assert(!__asan_address_is_poisoned(x + 13)); assert(!__asan_address_is_poisoned(x + 13));
assert(!__asan_address_is_poisoned(x + 14)); assert(!__asan_address_is_poisoned(x + 14));
} }
int main(int argc, char **argv) { int main(int argc, char **argv) {
int n = argc == 1 ? 128 : atoi(argv[1]); int n = argc == 1 ? 128 : atoi(argv[1]);
for (int i = 0; i <= n; i++) for (int i = 0; i <= n; i++)
TestContainer(i); TestContainer(i);
TestThrow(); TestThrow();
} }

compiler-rt/test/asan/TestCases/longjmp.cpp

// RUN: %clangxx_asan -O %s -o %t && %run %t // RUN: %clangxx_asan -fsanitize-address-use-after-return=never -O %s -o %t && %run %t
#include <assert.h> #include <assert.h>
#include <setjmp.h> #include <setjmp.h>
#include <stdio.h> #include <stdio.h>
#include <sanitizer/asan_interface.h> #include <sanitizer/asan_interface.h>
static jmp_buf buf; static jmp_buf buf;
int main() { int main() {
char x[32]; char x[32];
fprintf(stderr, "\nTestLongJmp\n"); fprintf(stderr, "\nTestLongJmp\n");
fprintf(stderr, "Before: %p poisoned: %d\n", &x, fprintf(stderr, "Before: %p poisoned: %d\n", &x,
__asan_address_is_poisoned(x + 32)); __asan_address_is_poisoned(x + 32));
assert(__asan_address_is_poisoned(x + 32)); assert(__asan_address_is_poisoned(x + 32));
if (0 == setjmp(buf)) if (0 == setjmp(buf))
longjmp(buf, 1); longjmp(buf, 1);
fprintf(stderr, "After: %p poisoned: %d\n", &x, fprintf(stderr, "After: %p poisoned: %d\n", &x,
__asan_address_is_poisoned(x + 32)); __asan_address_is_poisoned(x + 32));
// FIXME: Invert this assertion once we fix
// https://code.google.com/p/address-sanitizer/issues/detail?id=258
// This assertion works only w/o UAR.
if (!__asan_get_current_fake_stack())
assert(!__asan_address_is_poisoned(x + 32)); assert(!__asan_address_is_poisoned(x + 32));
} }

compiler-rt/test/asan/TestCases/throw_catch.cpp

// RUN: %clangxx_asan -O %s -o %t && %run %t // RUN: %clangxx_asan -fsanitize-address-use-after-return=never -O %s -o %t && %run %t
#include <assert.h> #include <assert.h>
#include <stdio.h> #include <stdio.h>
#include <sanitizer/asan_interface.h> #include <sanitizer/asan_interface.h>
__attribute__((noinline)) __attribute__((noinline))
void Throw() { void Throw() {
int local; int local;
Show All 15 Lines
void TestThrow() { void TestThrow() {
char x[32]; char x[32];
fprintf(stderr, "Before: %p poisoned: %d\n", &x, fprintf(stderr, "Before: %p poisoned: %d\n", &x,
__asan_address_is_poisoned(x + 32)); __asan_address_is_poisoned(x + 32));
assert(__asan_address_is_poisoned(x + 32)); assert(__asan_address_is_poisoned(x + 32));
ThrowAndCatch(); ThrowAndCatch();
fprintf(stderr, "After: %p poisoned: %d\n", &x, fprintf(stderr, "After: %p poisoned: %d\n", &x,
__asan_address_is_poisoned(x + 32)); __asan_address_is_poisoned(x + 32));
// FIXME: Invert this assertion once we fix
// https://code.google.com/p/address-sanitizer/issues/detail?id=258
// This assertion works only w/o UAR.
if (!__asan_get_current_fake_stack())
assert(!__asan_address_is_poisoned(x + 32)); assert(!__asan_address_is_poisoned(x + 32));
} }
__attribute__((noinline)) __attribute__((noinline))
void TestThrowInline() { void TestThrowInline() {
char x[32]; char x[32];
fprintf(stderr, "Before: %p poisoned: %d\n", &x, fprintf(stderr, "Before: %p poisoned: %d\n", &x,
__asan_address_is_poisoned(x + 32)); __asan_address_is_poisoned(x + 32));
assert(__asan_address_is_poisoned(x + 32)); assert(__asan_address_is_poisoned(x + 32));
try { try {
Throw(); Throw();
} catch(...) { } catch(...) {
fprintf(stderr, "Catch\n"); fprintf(stderr, "Catch\n");
} }
fprintf(stderr, "After: %p poisoned: %d\n", &x, fprintf(stderr, "After: %p poisoned: %d\n", &x,
__asan_address_is_poisoned(x + 32)); __asan_address_is_poisoned(x + 32));
// FIXME: Invert this assertion once we fix
// https://code.google.com/p/address-sanitizer/issues/detail?id=258
// This assertion works only w/o UAR.
if (!__asan_get_current_fake_stack())
assert(!__asan_address_is_poisoned(x + 32)); assert(!__asan_address_is_poisoned(x + 32));
} }
int main(int argc, char **argv) { int main(int argc, char **argv) {
TestThrowInline(); TestThrowInline();
TestThrow(); TestThrow();
} }