This is an archive of the discontinued LLVM Phabricator instance.

Differential D106195

[dfsan] Add wrappers for v*printf functions
ClosedPublic

Authored by gbalats on Jul 16 2021, 2:59 PM.

Details

Reviewers
stephan.yichao.zhao
Commits
rGbf281f364757: [dfsan] Add wrappers for v*printf functions
Summary

Functions vsnprintf, vsprintf and vfprintf commonly occur in DFSan warnings.

Diff Detail

Event Timeline

gbalats requested review of this revision.Jul 16 2021, 2:59 PM
gbalats created this revision.
Herald added a subscriber: Restricted Project. · View Herald TranscriptJul 16 2021, 2:59 PM
Harbormaster completed remote builds in B114604: Diff 359460.Jul 16 2021, 3:34 PM
stephan.yichao.zhao added inline comments.Jul 16 2021, 4:06 PM
compiler-rt/test/dfsan/custom.cpp
1948

We added test cases here to verify these functions' behavior.
Although internally we know it does the same as others, it would still be good to apply some tests. Can reusing sprintf's test code reduce duplicated test code?

stephan.yichao.zhao added a comment.Jul 16 2021, 4:14 PM

vfprintf is actually a potential output point, and can be considered as a sink.

It is like __dfsw_write, and needs a callback so that users can decide whether to take this as a sink.

stephan.yichao.zhao edited the summary of this revision. (Show Details)Jul 16 2021, 4:15 PM
gbalats added inline comments.Jul 16 2021, 4:26 PM
compiler-rt/test/dfsan/custom.cpp
1948

This is what I started with but it ended up either over-complicating the test or adding duplicated code. Do you expect it's ever possible for the implementations of sprintf and vsprintf to diverge?

stephan.yichao.zhao added inline comments.Jul 16 2021, 4:42 PM
compiler-rt/test/dfsan/custom.cpp
1948
int sprintf_ish( char * s, const char * format, ... )
{
  va_list args;
  va_start (args, format);
  int r = vsprintf (s ,format, args);
  va_end (args);
  return r;
}

// When testing vsprintf
#define PRINT sprintf_ish
// When testing sprintf
#define PRINT sprintf

sprintf_ish is like a conversion from ... to va_list.
The existing sprintf test code needs a function like this kind of signature. I am not sure if in C we can define a function pointer with ... argument.
If not, we can replace those sprintf in the current test code by PRINT, and define PRINT differently when testing sprintf and vsprintf.
If function pointer works, then we can carry on a pointer to sprintf_ish.

stephan.yichao.zhao added inline comments.Jul 16 2021, 4:50 PM
compiler-rt/test/dfsan/custom.cpp
1948

re "Do you expect ... to diverge?": I guess no, while testing them mainly protects dfsan_custom.cpp in case anyone changes them in the future.

gbalats marked 2 inline comments as done.Jul 22 2021, 1:25 PM
gbalats added inline comments.
compiler-rt/test/dfsan/custom.cpp
1948

Tried to share the testing code by introducing a function pointer and then passing either s(n)printf or vs(n)printf respectively. However, this seems to hit a DFSan limitation by being unable to handle indirect calls to variable-argument functions:

==57096==FATAL: DataFlowSanitizer: unsupported indirect call to vararg function snprintf

The macro idea would require all the testing code for these functions to be turned into a macro as well so that we can instantiate it twice, which would be very clunky.

stephan.yichao.zhao accepted this revision.EditedJul 22 2021, 1:40 PM

Please remove vfprintf from the change's description or add a TODO in vfprintf about adding a callback to track it as an output point.

This revision is now accepted and ready to land.Jul 22 2021, 1:40 PM
gbalats marked an inline comment as done.Jul 22 2021, 2:48 PM
In D106195#2884750, @stephan.yichao.zhao wrote:

vfprintf is actually a potential output point, and can be considered as a sink.

It is like __dfsw_write, and needs a callback so that users can decide whether to take this as a sink.

Isn't this the same for fprintf then which is also discarded currently?

stephan.yichao.zhao added a comment.Jul 22 2021, 3:01 PM
In D106195#2898145, @gbalats wrote:
In D106195#2884750, @stephan.yichao.zhao wrote:

vfprintf is actually a potential output point, and can be considered as a sink.

It is like __dfsw_write, and needs a callback so that users can decide whether to take this as a sink.

Isn't this the same for fprintf then which is also discarded currently?

If we wanted to track output accurately, maybe fprintf also needs a callback. But this is out of the scope of this change.

Closed by commit rGbf281f364757: [dfsan] Add wrappers for v*printf functions (authored by gbalats). · Explain WhyJul 22 2021, 3:39 PM
This revision was automatically updated to reflect the committed changes.
gbalats added a commit: rGbf281f364757: [dfsan] Add wrappers for v*printf functions.
gbalats added a reverting change: rG228bea6a36cd: Revert D106195 "[dfsan] Add wrappers for v*printf functions".Jul 24 2021, 1:59 AM

Revision Contents

PathSize
compiler-rt/
lib/
dfsan/
43 lines
3 lines
test/
dfsan/
10 lines

Diff 361004

compiler-rt/lib/dfsan/dfsan_custom.cpp

Show First 20 LinesShow All 2,454 Lines▼ Show 20 Linesint __dfso_snprintf(char *str, size_t size, const char *format,
va_list ap; va_list ap;
va_start(ap, ret_origin); va_start(ap, ret_origin);
int ret = format_buffer(str, size, format, va_labels, ret_label, va_origins, int ret = format_buffer(str, size, format, va_labels, ret_label, va_origins,
ret_origin, ap); ret_origin, ap);
va_end(ap); va_end(ap);
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE
int __dfsw_vsprintf(char *str, const char *format, dfsan_label str_label,
dfsan_label format_label, dfsan_label *va_labels,
dfsan_label *ret_label, va_list ap) {
int ret = format_buffer(str, ~0ul, format, va_labels, ret_label, nullptr,
nullptr, ap);
return ret;
}
SANITIZER_INTERFACE_ATTRIBUTE
int __dfso_vsprintf(char *str, const char *format, dfsan_label str_label,
dfsan_label format_label, dfsan_label *va_labels,
dfsan_label *ret_label, dfsan_origin str_origin,
dfsan_origin format_origin, dfsan_origin *va_origins,
dfsan_origin *ret_origin, va_list ap) {
int ret = format_buffer(str, ~0ul, format, va_labels, ret_label, va_origins,
ret_origin, ap);
return ret;
}
SANITIZER_INTERFACE_ATTRIBUTE
int __dfsw_vsnprintf(char *str, size_t size, const char *format,
dfsan_label str_label, dfsan_label size_label,
dfsan_label format_label, dfsan_label *va_labels,
dfsan_label *ret_label, va_list ap) {
int ret = format_buffer(str, size, format, va_labels, ret_label, nullptr,
nullptr, ap);
return ret;
}
SANITIZER_INTERFACE_ATTRIBUTE
int __dfso_vsnprintf(char *str, size_t size, const char *format,
dfsan_label str_label, dfsan_label size_label,
dfsan_label format_label, dfsan_label *va_labels,
dfsan_label *ret_label, dfsan_origin str_origin,
dfsan_origin size_origin, dfsan_origin format_origin,
dfsan_origin *va_origins, dfsan_origin *ret_origin,
va_list ap) {
int ret = format_buffer(str, size, format, va_labels, ret_label, va_origins,
ret_origin, ap);
return ret;
}
static void BeforeFork() { static void BeforeFork() {
StackDepotLockAll(); StackDepotLockAll();
GetChainedOriginDepot()->LockAll(); GetChainedOriginDepot()->LockAll();
} }
static void AfterFork() { static void AfterFork() {
GetChainedOriginDepot()->UnlockAll(); GetChainedOriginDepot()->UnlockAll();
StackDepotUnlockAll(); StackDepotUnlockAll();
Show All 39 Lines

compiler-rt/lib/dfsan/done_abilist.txt

Show First 20 LinesShow All 200 Lines▼ Show 20 Lines
fun:socket=discard fun:socket=discard
fun:strerror=discard fun:strerror=discard
fun:strspn=discard fun:strspn=discard
fun:strcspn=discard fun:strcspn=discard
fun:symlink=discard fun:symlink=discard
fun:syscall=discard fun:syscall=discard
fun:unlink=discard fun:unlink=discard
fun:uselocale=discard fun:uselocale=discard
fun:vfprintf=discard
# Functions that produce output does not depend on the input (need to zero the # Functions that produce output does not depend on the input (need to zero the
# shadow manually). # shadow manually).
fun:_dl_get_tls_static_info=custom fun:_dl_get_tls_static_info=custom
fun:clock_gettime=custom fun:clock_gettime=custom
fun:dlopen=custom fun:dlopen=custom
fun:epoll_wait=custom fun:epoll_wait=custom
fun:fgets=custom fun:fgets=custom
▲ Show 20 LinesShow All 63 Lines▼ Show 20 Lines
fun:sigemptyset=custom fun:sigemptyset=custom
fun:sigaction=custom fun:sigaction=custom
fun:signal=custom fun:signal=custom
fun:gettimeofday=custom fun:gettimeofday=custom
# sprintf-like # sprintf-like
fun:sprintf=custom fun:sprintf=custom
fun:snprintf=custom fun:snprintf=custom
fun:vsprintf=custom
fun:vsnprintf=custom
# TODO: custom # TODO: custom
fun:asprintf=discard fun:asprintf=discard
fun:qsort=discard fun:qsort=discard
# fork # fork
fun:fork=custom fun:fork=custom
▲ Show 20 LinesShow All 159 LinesShow Last 20 Lines

compiler-rt/test/dfsan/custom.cpp

Show First 20 LinesShow All 1,933 Lines▼ Show 20 Lines#endif
ASSERT_INIT_ORIGINS(buf + 7, 2, s_o); ASSERT_INIT_ORIGINS(buf + 7, 2, s_o);
ASSERT_READ_LABEL(buf + 9, 4, 0); ASSERT_READ_LABEL(buf + 9, 4, 0);
ASSERT_READ_LABEL(buf + 13, 4, i_label); ASSERT_READ_LABEL(buf + 13, 4, i_label);
ASSERT_INIT_ORIGINS(buf + 13, 4, y_o); ASSERT_INIT_ORIGINS(buf + 13, 4, y_o);
ASSERT_READ_LABEL(buf + 17, 2, 0); ASSERT_READ_LABEL(buf + 17, 2, 0);
ASSERT_LABEL(r, 0); ASSERT_LABEL(r, 0);
} }
// This is essentially the same as sprintf with the only difference that it
// uses a va_list instead of varargs. This empty function is here to appease
// the check-wrappers script.
void test_vsprintf() {}
// Same here, but for snprintf.
void test_vsnprintf() {}
stephan.yichao.zhaoUnsubmitted
Not Done
ReplyInline Actions

We added test cases here to verify these functions' behavior.
Although internally we know it does the same as others, it would still be good to apply some tests. Can reusing sprintf's test code reduce duplicated test code?

stephan.yichao.zhao: We added test cases here to verify these functions' behavior. Although internally we know it…
gbalatsAuthorUnsubmitted
Done
ReplyInline Actions

This is what I started with but it ended up either over-complicating the test or adding duplicated code. Do you expect it's ever possible for the implementations of sprintf and vsprintf to diverge?

gbalats: This is what I started with but it ended up either over-complicating the test or adding…
stephan.yichao.zhaoUnsubmitted
Done
ReplyInline Actions
int sprintf_ish( char * s, const char * format, ... )
{
  va_list args;
  va_start (args, format);
  int r = vsprintf (s ,format, args);
  va_end (args);
  return r;
}

// When testing vsprintf
#define PRINT sprintf_ish
// When testing sprintf
#define PRINT sprintf

sprintf_ish is like a conversion from ... to va_list.
The existing sprintf test code needs a function like this kind of signature. I am not sure if in C we can define a function pointer with ... argument.
If not, we can replace those sprintf in the current test code by PRINT, and define PRINT differently when testing sprintf and vsprintf.
If function pointer works, then we can carry on a pointer to sprintf_ish.

stephan.yichao.zhao: ``` int sprintf_ish( char * s, const char * format, ... ) { va_list args; va_start (args…
gbalatsAuthorUnsubmitted
Done
ReplyInline Actions

Tried to share the testing code by introducing a function pointer and then passing either s(n)printf or vs(n)printf respectively. However, this seems to hit a DFSan limitation by being unable to handle indirect calls to variable-argument functions:

==57096==FATAL: DataFlowSanitizer: unsupported indirect call to vararg function snprintf

The macro idea would require all the testing code for these functions to be turned into a macro as well so that we can instantiate it twice, which would be very clunky.

gbalats: Tried to share the testing code by introducing a function pointer and then passing either `s…
stephan.yichao.zhaoUnsubmitted
Done
ReplyInline Actions

re "Do you expect ... to diverge?": I guess no, while testing them mainly protects dfsan_custom.cpp in case anyone changes them in the future.

stephan.yichao.zhao: re "Do you expect ... to diverge?": I guess no, while testing them mainly protects dfsan_custom.
// Tested by a seperate source file. This empty function is here to appease the // Tested by a seperate source file. This empty function is here to appease the
// check-wrappers script. // check-wrappers script.
void test_fork() {} void test_fork() {}
int main(void) { int main(void) {
i_label = 1; i_label = 1;
j_label = 2; j_label = 2;
k_label = 4; k_label = 4;
▲ Show 20 LinesShow All 64 Lines▼ Show 20 Linesint main(void) {
test_strrchr(); test_strrchr();
test_strstr(); test_strstr();
test_strtod(); test_strtod();
test_strtol(); test_strtol();
test_strtoll(); test_strtoll();
test_strtoul(); test_strtoul();
test_strtoull(); test_strtoull();
test_time(); test_time();
test_vsprintf();
test_vsnprintf();
test_write(); test_write();
} }