diff --git a/compiler-rt/include/sanitizer/common_interface_defs.h b/compiler-rt/include/sanitizer/common_interface_defs.h
--- a/compiler-rt/include/sanitizer/common_interface_defs.h
+++ b/compiler-rt/include/sanitizer/common_interface_defs.h
@@ -159,6 +159,110 @@
const void *old_mid,
const void *new_mid);
+/// Similar to __sanitizer_annotate_contiguous_container.
+///
+/// Annotates the current state of a contiguous container memory,
+/// such as std::deque's single chunk, when the beginning is moved.
+///
+/// A contiguous chunk is a chunk that keeps all of its elements
+/// in a contiguous region of memory. The container owns the region of memory
+/// [storage_beg, storage_end); the memory [container_beg,
+/// container_end) is used to store the current elements, and the memory
+/// [storage_beg, container_beg), [container_end, storage_end) is
+/// reserved for future elements (storage_beg <= container_beg <=
+/// container_end <= storage_end). For example, in std::deque :
+/// - chunk with a frist deques element will have container_beg equal to address
+/// of the first element.
+/// - in every next chunk with elements, true is container_beg ==
+/// storage_beg .
+///
+/// Argument requirements:
+/// During unpoisoning memory of empty container (before first element is
+/// added):
+/// - container_end_p == old_container_beg_p
+/// During poisoning after last element was removed:
+/// - new_container_beg_p == container_end_p
+/// \param storage_beg Beginning of memory region (container may have many
+/// regions).
+/// \param storage_end End of memory region.
+/// \param old_container_beg Old beginning of used
+/// region.
+/// \param old_container_end End of used region.
+/// \param new_container_beg New beginning of used region.
+/// \param new_container_end New end of used region.
+/// Should be satisfied: new_container_end == container_end
+void __sanitizer_annotate_double_ended_contiguous_container_front(
+ const void *storage_beg, const void *storage_end,
+ const void *old_container_beg, const void *old_container_end,
+ const void *new_container_beg, const void *new_container_end);
+/// Similar to
+/// __sanitizer_annotate_double_ended_contiguous_container_front.
+///
+/// Annotates the current state of a contiguous container memory,
+/// such as std::deque's single chunk, when the end is moved.
+///
+/// A contiguous chunk is a chunk that keeps all of its elements
+/// in a contiguous region of memory. The container owns the region of memory
+/// [storage_beg, storage_end); the memory [container_beg,
+/// container_end) is used to store the current elements, and the memory
+/// [storage_beg, container_beg), [container_end, storage_end) is
+/// reserved for future elements (storage_beg <= container_beg <=
+/// container_end <= storage_end).
+///
+/// Argument requirements:
+/// During unpoisoning memory of empty container (before first element is
+/// added):
+/// - container_beg_p == old_container_end_p
+/// During poisoning after last element was removed (empty container case):
+/// - new_container_end_p == container_beg_p
+/// \param storage_beg Beginning of memory region (container may have many
+/// regions).
+/// \param storage_end End of memory region.
+/// \param old_container_beg Old beginning of used
+/// region.
+/// \param old_container_end End of used region.
+/// \param new_container_beg New beginning of used region.
+/// \param new_container_end New end of used region.
+/// Should be satisfied: new_container_beg == container_beg
+void __sanitizer_annotate_double_ended_contiguous_container_back(
+ const void *storage_beg, const void *storage_end, const void *old_container_beg,
+ const void *old_container_end, const void *new_container_beg, const void *new_container_end);
+/// Similar to __sanitizer_annotate_contiguous_container.
+///
+/// Annotates the current state of a contiguous container memory,
+/// such as std::deque's single chunk, when the boundries are moved.
+///
+/// A contiguous chunk is a chunk that keeps all of its elements
+/// in a contiguous region of memory. The container owns the region of memory
+/// [storage_beg, storage_end); the memory [container_beg,
+/// container_end) is used to store the current elements, and the memory
+/// [storage_beg, container_beg), [container_end, storage_end) is
+/// reserved for future elements (storage_beg <= container_beg <=
+/// container_end <= storage_end). For example, in std::deque :
+/// - chunk with a frist deques element will have container_beg equal to address
+/// of the first element.
+/// - in every next chunk with elements, true is container_beg ==
+/// storage_beg .
+///
+/// Argument requirements:
+/// During unpoisoning memory of empty container (before first element is
+/// added):
+/// - old_container_beg_p == old_container_end_p
+/// During poisoning after last element was removed:
+/// - new_container_beg_p == new_container_end_p
+/// \param storage_beg Beginning of memory region (container may have many
+/// regions).
+/// \param storage_end End of memory region.
+/// \param old_container_beg Old beginning of used
+/// region.
+/// \param old_container_end End of used region.
+/// \param new_container_beg New beginning of used region.
+/// \param new_container_end New end of used region.
+void __sanitizer_annotate_double_ended_contiguous_container(
+ const void *storage_beg, const void *storage_end,
+ const void *old_container_beg, const void *old_container_end,
+ const void *new_container_beg, const void *new_container_end);
+
/// Returns true if the contiguous container [beg, end) is properly
/// poisoned.
///
@@ -178,6 +282,30 @@
int __sanitizer_verify_contiguous_container(const void *beg, const void *mid,
const void *end);
+/// Returns true if the double ended contiguous
+/// container [storage_beg, storage_end) is properly poisoned.
+///
+/// Proper poisoning could occur, for example, with
+/// __sanitizer_annotate_double_ended_contiguous_container), that is, if
+/// [storage_beg, container_beg) is not addressable, [container_beg,
+/// container_end) is addressable and [container_end, end) is
+/// unaddressable. Full verification requires O (storage_end -
+/// storage_beg) time; this function tries to avoid such complexity by
+/// touching only parts of the container around storage_beg,
+/// container_beg, container_end, and
+/// storage_end.
+///
+/// \param storage_beg Beginning of memory region (container may have many
+/// regions). \param container_beg Beginning of used region. \param
+/// container_end End of used region. \param storage_end End of memory region.
+///
+/// \returns True if the double-ended contiguous container [storage_beg,
+/// container_beg, container_end, end) is properly
+/// poisoned - only [container_beg; container_end) is addressable.
+int __sanitizer_verify_double_ended_contiguous_container(
+ const void *storage_beg, const void *container_beg,
+ const void *container_end, const void *storage_end);
+
/// Similar to __sanitizer_verify_contiguous_container() but also
/// returns the address of the first improperly poisoned byte.
///
diff --git a/compiler-rt/lib/asan/asan_errors.h b/compiler-rt/lib/asan/asan_errors.h
--- a/compiler-rt/lib/asan/asan_errors.h
+++ b/compiler-rt/lib/asan/asan_errors.h
@@ -331,6 +331,29 @@
void Print();
};
+struct ErrorBadParamsToAnnotateDoubleEndedContiguousContainer : ErrorBase {
+ const BufferedStackTrace *stack;
+ uptr storage_beg, storage_end,
+ old_container_beg, old_container_end,
+ new_container_beg, new_container_end;
+
+ ErrorBadParamsToAnnotateDoubleEndedContiguousContainer() = default; // (*)
+ ErrorBadParamsToAnnotateDoubleEndedContiguousContainer(
+ u32 tid, BufferedStackTrace *stack_, uptr storage_beg_, uptr storage_end_,
+ uptr old_container_beg_, uptr old_container_end_, uptr new_container_beg_, uptr new_container_end_)
+ : ErrorBase(
+ tid, 10,
+ "bad-__sanitizer_annotate_double_ended_contiguous_container_front"),
+ stack(stack_),
+ storage_beg(storage_beg_),
+ storage_end(storage_end_),
+ old_container_beg(old_container_beg_),
+ old_container_end(old_container_end_),
+ new_container_beg(new_container_beg_),
+ new_container_end(new_container_end_) {}
+ void Print();
+};
+
struct ErrorODRViolation : ErrorBase {
__asan_global global1, global2;
u32 stack_id1, stack_id2;
@@ -398,6 +421,7 @@
macro(StringFunctionMemoryRangesOverlap) \
macro(StringFunctionSizeOverflow) \
macro(BadParamsToAnnotateContiguousContainer) \
+ macro(BadParamsToAnnotateDoubleEndedContiguousContainer) \
macro(ODRViolation) \
macro(InvalidPointerPair) \
macro(Generic)
diff --git a/compiler-rt/lib/asan/asan_errors.cpp b/compiler-rt/lib/asan/asan_errors.cpp
--- a/compiler-rt/lib/asan/asan_errors.cpp
+++ b/compiler-rt/lib/asan/asan_errors.cpp
@@ -334,6 +334,25 @@
ReportErrorSummary(scariness.GetDescription(), stack);
}
+void ErrorBadParamsToAnnotateDoubleEndedContiguousContainer::Print() {
+ Report(
+ "ERROR: AddressSanitizer: bad parameters to "
+ "__sanitizer_annotate_double_ended_contiguous_container:\n"
+ " storage_beg : %p\n"
+ " storage_end : %p\n"
+ " old_container_beg : %p\n"
+ " old_container_end : %p\n"
+ " new_container_beg : %p\n"
+ " new_container_end : %p\n",
+ (void *)storage_beg, (void *)storage_end, (void *)old_container_beg,
+ (void *)old_container_end, (void *)new_container_beg, (void*)new_container_end);
+ uptr granularity = ASAN_SHADOW_GRANULARITY;
+ if (!IsAligned(storage_beg, granularity))
+ Report("ERROR: storage_beg is not aligned by %zu\n", granularity);
+ stack->Print();
+ ReportErrorSummary(scariness.GetDescription(), stack);
+}
+
void ErrorODRViolation::Print() {
Decorator d;
Printf("%s", d.Error());
diff --git a/compiler-rt/lib/asan/asan_poisoning.cpp b/compiler-rt/lib/asan/asan_poisoning.cpp
--- a/compiler-rt/lib/asan/asan_poisoning.cpp
+++ b/compiler-rt/lib/asan/asan_poisoning.cpp
@@ -393,6 +393,186 @@
}
}
+// Annotates front for a double ended contiguous container like std::deque's
+// chunk. It allows detecting buggy accesses to allocated but not used begining
+// or end items of such a container
+void __sanitizer_annotate_double_ended_contiguous_container_front(
+ const void *storage_beg_p, const void *storage_end_p,
+ const void *old_container_beg_p, const void *old_container_end_p,
+ const void *new_container_beg_p, const void *new_container_end_p) {
+ // Unchecked argument requirements:
+ // During unpoisoning memory of empty container (before first element is
+ // added):
+ // - old_container_end_p == old_container_beg_p
+ // During poisoning after last element was removed:
+ // - new_container_beg_p == container_end_p
+ if (!flags()->detect_container_overflow)
+ return;
+ VPrintf(2, "de_contiguous_container (front): %p %p %p %p %p\n", storage_beg_p,
+ storage_end_p, new_container_beg_p, old_container_beg_p,
+ old_container_end_p);
+ uptr storage_beg = reinterpret_cast(storage_beg_p);
+ uptr storage_end = reinterpret_cast(storage_end_p);
+ uptr old_container_beg =
+ reinterpret_cast(old_container_beg_p); // old container beginning
+ uptr old_container_end =
+ reinterpret_cast(old_container_end_p); // container ending
+ uptr new_container_beg =
+ reinterpret_cast(new_container_beg_p); // new container beginning
+ uptr new_container_end =
+ reinterpret_cast(new_container_end_p); // new container ending
+
+ uptr granularity = ASAN_SHADOW_GRANULARITY;
+ if (!((storage_beg <= new_container_beg &&
+ new_container_beg <= storage_end) &&
+ (storage_beg <= old_container_beg &&
+ old_container_beg <= storage_end) &&
+ (old_container_beg <= old_container_end && old_container_end <= storage_end) &&
+ IsAligned(storage_beg, granularity) &&
+ old_container_end_p == new_container_end_p)) {
+ GET_STACK_TRACE_FATAL_HERE;
+ ReportBadParamsToAnnotateDoubleEndedContiguousContainer(
+ storage_beg, storage_end, old_container_beg,
+ old_container_end, new_container_beg, new_container_end, &stack);
+ }
+ CHECK_LE(storage_end - storage_beg,
+ FIRST_32_SECOND_64(1UL << 30, 1ULL << 40)); // Sanity check.
+
+ // There are two situations: we are poisoning or unpoisoning.
+ // WARNING: at the moment we do not poison prefixes of blocks described by one
+ // byte in shadow memory, so we have to unpoison prefixes of blocks with
+ // content. Up to 7 bytes not-in-use may not be poisoned.
+
+ if (new_container_beg < old_container_beg) { // We are unpoisoning
+ uptr a = RoundDownTo(new_container_beg, granularity);
+ uptr c = RoundDownTo(old_container_beg, granularity);
+ // State at the moment is:
+ // [storage_beg, a] is poisoned and should remain like that.
+ // [a, c] is poisoned as well (may be empty if new_container_beg and
+ // old_container_beg are in the same block) if container is not empty, first
+ // element starts between [c, c+granularity]
+ // because we do not poison prefixes, memory [c, container_end] is not
+ // poisoned and we do not have to touch it.
+ // if container is empty, we have to unpoison memory for elements after c,
+ // so [c, container_end]
+ PoisonShadow(a, c - a, 0);
+ if (old_container_beg == old_container_end &&
+ !IsAligned(old_container_beg,
+ granularity)) // is empty && ends in the middle of a block
+ *(u8 *)MemToShadow(c) = static_cast(old_container_end - c);
+
+ // else: we cannot poison prefix of a block with elements or there is
+ // nothing to poison.
+ } else { // we are poisoning as beginning moved further in memory
+ uptr a = RoundDownTo(old_container_beg, granularity);
+ uptr c = RoundDownTo(new_container_beg, granularity);
+ // State at the moment is:
+ // [storage_beg, a] is poisoned and should remain like that.
+ // [a, c] is not poisoned (may be empty if new_container_beg and
+ // old_container_beg are in the same block) [c, container_end] is not
+ // poisoned If there are remaining elements in the container:
+ // We have to poison [a, c], but because we do not poison prefixes, we
+ // cannot poison memory after c (even that there are not elements of the
+ // container). Up to granularity-1 unused bytes will not be poisoned.
+ // Otherwise:
+ // We have to poison the last byte as well.
+ PoisonShadow(a, c - a, kAsanContiguousContainerOOBMagic);
+ if (new_container_beg == old_container_end &&
+ !IsAligned(new_container_beg,
+ granularity)) // is empty && ends in the middle of a block
+ *(u8 *)MemToShadow(c) = static_cast(kAsanContiguousContainerOOBMagic);
+ }
+}
+
+// Annotates back for a double ended contiguous container like std::deque's
+// chunk. It allows detecting buggy accesses to allocated but not used begining
+// or end items of such a container
+void __sanitizer_annotate_double_ended_contiguous_container_back(
+ const void *storage_beg_p, const void *storage_end_p,
+ const void *old_container_beg_p, const void *old_container_end_p,
+ const void *new_container_end_p, const void *new_container_beg_p) {
+ // Unchecked argument requirements:
+ // During unpoisoning memory of empty container (before first element is
+ // added):
+ // - container_beg_p == old_container_end_p
+ // During poisoning after last element was removed (empty container case):
+ // - new_container_end_p == container_beg_p
+ if (!flags()->detect_container_overflow)
+ return;
+ VPrintf(2, "contiguous_container: %p %p %p %p %p\n", storage_beg_p,
+ storage_end_p, old_container_end_p, new_container_end_p,
+ old_container_beg_p);
+ uptr storage_beg = reinterpret_cast(storage_beg_p);
+ uptr storage_end = reinterpret_cast(storage_end_p);
+ uptr old_container_beg = reinterpret_cast(old_container_beg_p);
+ uptr old_container_end = reinterpret_cast(old_container_end_p);
+ uptr new_container_beg = reinterpret_cast(new_container_beg_p);
+ uptr new_container_end = reinterpret_cast(new_container_end_p);
+
+ uptr granularity = ASAN_SHADOW_GRANULARITY;
+ if (!((storage_beg <= old_container_end &&
+ old_container_end <= storage_end) &&
+ (storage_beg <= new_container_end &&
+ new_container_end <= storage_end) &&
+ (storage_beg <= old_container_beg && old_container_beg <= old_container_end) &&
+ IsAligned(storage_beg, granularity) &&
+ old_container_beg_p == new_container_beg_p)) {
+ GET_STACK_TRACE_FATAL_HERE;
+ ReportBadParamsToAnnotateDoubleEndedContiguousContainer(
+ storage_beg, storage_end, old_container_beg, old_container_end,
+ new_container_beg, new_container_end, &stack);
+ }
+ CHECK_LE(storage_end - storage_beg,
+ FIRST_32_SECOND_64(1UL << 30, 1ULL << 40)); // Sanity check.
+
+ if (old_container_end < new_container_end) { // We are unpoisoning memory
+ uptr a = RoundDownTo(old_container_end, granularity);
+ uptr c = RoundDownTo(new_container_end, granularity);
+ // State at the moment is:
+ // if container_beg < a : [container_beg, a] is correct and we will not be
+ // changing it. else [a, container_beg] cannot be poisoned, so we do not
+ // have to think about it. we have to makr as unpoisoned [a, c]. [c, end] is
+ // correctly poisoned.
+ PoisonShadow(a, c - a, 0);
+ if (!IsAligned(new_container_end,
+ granularity)) // ends in the middle of a block
+ *(u8 *)MemToShadow(c) = static_cast(new_container_end - c);
+ } else { // We are poisoning memory
+ uptr a = RoundDownTo(new_container_end, granularity);
+ // State at the moment is:
+ // [storage_beg, a] is correctly addressable
+ // if container is empty after the removal, then a < container_beg and we
+ // will have to poison memory which is adressable only because we are not
+ // poisoning prefixes.
+ uptr a2 = RoundUpTo(new_container_end, granularity);
+ uptr c2 = RoundUpTo(old_container_end, granularity);
+ PoisonShadow(a2, c2 - a2, kAsanContiguousContainerOOBMagic);
+ if (!IsAligned(new_container_end,
+ granularity)) { // Starts in the middle of the block
+ if (new_container_end == old_container_beg) // empty
+ *(u8 *)MemToShadow(a) = kAsanContiguousContainerOOBMagic;
+ else // not empty
+ *(u8 *)MemToShadow(a) = static_cast(new_container_end - a);
+ }
+ }
+}
+// Annotates a double ended contiguous memory area like std::deque's chunk.
+void __sanitizer_annotate_double_ended_contiguous_container(
+ const void *storage_beg_p, const void *storage_end_p,
+ const void *old_container_beg_p, const void *old_container_end_p,
+ const void *new_container_beg_p, const void *new_container_end_p) {
+ if (old_container_beg_p != new_container_beg_p)
+ __sanitizer_annotate_double_ended_contiguous_container_front(
+ storage_beg_p, storage_end_p,
+ old_container_beg_p, old_container_end_p,
+ new_container_beg_p, new_container_end_p);
+ if (old_container_end_p != new_container_end_p)
+ __sanitizer_annotate_double_ended_contiguous_container_back(
+ storage_beg_p, storage_end_p,
+ old_container_beg_p, old_container_end_p,
+ new_container_beg_p, new_container_end_p);
+}
+
const void *__sanitizer_contiguous_container_find_bad_address(
const void *beg_p, const void *mid_p, const void *end_p) {
if (!flags()->detect_container_overflow)
@@ -402,8 +582,8 @@
uptr mid = reinterpret_cast(mid_p);
CHECK_LE(beg, mid);
CHECK_LE(mid, end);
- // Check some bytes starting from beg, some bytes around mid, and some bytes
- // ending with end.
+ // Check some bytes starting from storage_beg, some bytes around mid, and some
+ // bytes ending with end.
uptr kMaxRangeToCheck = 32;
uptr r1_beg = beg;
uptr r1_end = Min(beg + kMaxRangeToCheck, mid);
@@ -433,6 +613,56 @@
end_p) == nullptr;
}
+int __sanitizer_verify_double_ended_contiguous_container(
+ const void *storage_beg_p, const void *container_beg_p,
+ const void *container_end_p, const void *storage_end_p) {
+ uptr granularity = ASAN_SHADOW_GRANULARITY;
+ // This exists to verify double ended containers.
+ // We assume that such collection's internal memory layout
+ // consists of contiguous blocks:
+ // [a; b) [b; c) [c; d)
+ // where
+ // a - beginning address of contiguous memory block,
+ // b - beginning address of contiguous memory in use
+ // (address of the first element in the block)
+ // c - end address of contiguous memory in use
+ // (address just after the last element in the block)
+ // d - end address of contiguous memory block
+ // [a; b) - poisoned
+ // [b; c) - accessible
+ // [c; d) - poisoned
+ // WARNING: We can't poison [a; b) fully in all cases.
+ // This is because the current shadow memory encoding
+ // does not allow for marking/poisoning that a prefix
+ // of an 8-byte block (or, ASAN_SHADOW_GRANULARITY sized block)
+ // cannot be used by the instrumented program. It only has the
+ // 01, 02, 03, 04, 05, 06, 07 and 00 encodings
+ // for usable/addressable memory
+ // (where 00 means that the whole 8-byte block can be used).
+ //
+ // This means that there are cases where not whole of the [a; b)
+ // region is poisoned and instead only the [a; RoundDown(b))
+ // region is poisoned and we may not detect invalid memory accesses on
+ // [RegionDown(b), b).
+ // This is an inherent design limitation of how AddressSanitizer granularity
+ // and shadow memory encoding works at the moment.
+
+ // If empty, storage_beg_p == container_beg_p == container_end_p
+
+ const void *a = storage_beg_p;
+ // We do not suport poisoning prefixes of blocks, so
+ // memory in the first block with data in us,
+ // just before container beginning cannot be poisoned, as described above.
+ const void *b = reinterpret_cast(
+ RoundDownTo(reinterpret_cast(container_beg_p), granularity));
+ const void *c = container_end_p;
+ const void *d = storage_end_p;
+ return (__sanitizer_contiguous_container_find_bad_address(a, a, b) ==
+ nullptr) &&
+ (__sanitizer_contiguous_container_find_bad_address(b, c, d) ==
+ nullptr);
+}
+
extern "C" SANITIZER_INTERFACE_ATTRIBUTE
void __asan_poison_intra_object_redzone(uptr ptr, uptr size) {
AsanPoisonOrUnpoisonIntraObjectRedzone(ptr, size, true);
diff --git a/compiler-rt/lib/asan/asan_report.h b/compiler-rt/lib/asan/asan_report.h
--- a/compiler-rt/lib/asan/asan_report.h
+++ b/compiler-rt/lib/asan/asan_report.h
@@ -83,6 +83,10 @@
void ReportBadParamsToAnnotateContiguousContainer(uptr beg, uptr end,
uptr old_mid, uptr new_mid,
BufferedStackTrace *stack);
+void ReportBadParamsToAnnotateDoubleEndedContiguousContainer(
+ uptr storage_beg, uptr storage_end, uptr old_container_beg,
+ uptr old_container_end, uptr new_container_beg, uptr new_container_end,
+ BufferedStackTrace *stack);
void ReportODRViolation(const __asan_global *g1, u32 stack_id1,
const __asan_global *g2, u32 stack_id2);
diff --git a/compiler-rt/lib/asan/asan_report.cpp b/compiler-rt/lib/asan/asan_report.cpp
--- a/compiler-rt/lib/asan/asan_report.cpp
+++ b/compiler-rt/lib/asan/asan_report.cpp
@@ -354,6 +354,17 @@
in_report.ReportError(error);
}
+void ReportBadParamsToAnnotateDoubleEndedContiguousContainer(
+ uptr storage_beg, uptr storage_end, uptr old_container_beg,
+ uptr old_container_end, uptr new_container_beg, uptr new_container_end,
+ BufferedStackTrace *stack) {
+ ScopedInErrorReport in_report;
+ ErrorBadParamsToAnnotateDoubleEndedContiguousContainer error(
+ GetCurrentTidOrInvalid(), stack, storage_beg, storage_end,
+ old_container_beg, old_container_end, new_container_beg, new_container_end);
+ in_report.ReportError(error);
+}
+
void ReportODRViolation(const __asan_global *g1, u32 stack_id1,
const __asan_global *g2, u32 stack_id2) {
ScopedInErrorReport in_report;
diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_common_interface.inc b/compiler-rt/lib/sanitizer_common/sanitizer_common_interface.inc
--- a/compiler-rt/lib/sanitizer_common/sanitizer_common_interface.inc
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_common_interface.inc
@@ -9,12 +9,14 @@
//===----------------------------------------------------------------------===//
INTERFACE_FUNCTION(__sanitizer_acquire_crash_state)
INTERFACE_FUNCTION(__sanitizer_annotate_contiguous_container)
+INTERFACE_FUNCTION(__sanitizer_annotate_double_ended_contiguous_container)
INTERFACE_FUNCTION(__sanitizer_contiguous_container_find_bad_address)
INTERFACE_FUNCTION(__sanitizer_set_death_callback)
INTERFACE_FUNCTION(__sanitizer_set_report_path)
INTERFACE_FUNCTION(__sanitizer_set_report_fd)
INTERFACE_FUNCTION(__sanitizer_get_report_path)
INTERFACE_FUNCTION(__sanitizer_verify_contiguous_container)
+INTERFACE_FUNCTION(__sanitizer_verify_double_ended_contiguous_container)
INTERFACE_WEAK_FUNCTION(__sanitizer_on_print)
INTERFACE_WEAK_FUNCTION(__sanitizer_report_error_summary)
INTERFACE_WEAK_FUNCTION(__sanitizer_sandbox_on_notify)
diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_interface_internal.h b/compiler-rt/lib/sanitizer_common/sanitizer_interface_internal.h
--- a/compiler-rt/lib/sanitizer_common/sanitizer_interface_internal.h
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_interface_internal.h
@@ -72,11 +72,20 @@
const void *__sanitizer_contiguous_container_find_bad_address(const void *beg,
const void *mid,
const void *end);
+SANITIZER_INTERFACE_ATTRIBUTE
+void __sanitizer_annotate_double_ended_contiguous_container(
+ const void *storage_beg, const void *storage_end,
+ const void *old_container_beg, const void *old_container_end,
+ const void *new_container_beg, const void *new_container_end);
SANITIZER_INTERFACE_ATTRIBUTE
int __sanitizer_get_module_and_offset_for_pc(void *pc, char *module_path,
__sanitizer::uptr module_path_len,
void **pc_offset);
+SANITIZER_INTERFACE_ATTRIBUTE
+int __sanitizer_verify_double_ended_contiguous_container(
+ const void *storage_beg, const void *container_beg,
+ const void *container_end, const void *storage_end);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE void
__sanitizer_cov_trace_cmp();
diff --git a/compiler-rt/test/asan/TestCases/contiguous_container.cpp b/compiler-rt/test/asan/TestCases/contiguous_container.cpp
--- a/compiler-rt/test/asan/TestCases/contiguous_container.cpp
+++ b/compiler-rt/test/asan/TestCases/contiguous_container.cpp
@@ -47,6 +47,51 @@
delete[] beg;
}
+#if _LIBCPP_CLANG_VER >= 16000
+// Define ASAN_SHADOW_GRANULARITY if granularity is different
+# ifndef ASAN_SHADOW_GRANULARITY
+# define ASAN_SHADOW_GRANULARITY 8
+# endif
+
+void TestDoubleEndedContainer(size_t capacity) {
+ char *beg = new char[capacity];
+ char *end = beg + capacity;
+ char *con_beg = beg;
+ char *con_end = beg + capacity;
+ char *old_con_beg = 0;
+ char *old_con_end = 0;
+ const size_t granularity = ASAN_SHADOW_GRANULARITY;
+
+ for (int i = 0; i < 10000; i++) {
+ size_t size = rand() % (capacity + 1);
+ size_t skipped = rand() % (capacity - size + 1);
+ assert(size <= capacity);
+ old_con_beg = con_beg;
+ old_con_end = con_end;
+ con_beg = beg + skipped;
+ con_end = con_beg + size;
+
+ __sanitizer_annotate_double_ended_contiguous_container(
+ beg, end, old_con_beg, old_con_end, con_beg, con_end);
+ for (size_t idx = 0; idx < granularity * (skipped / granularity); idx++)
+ assert(__asan_address_is_poisoned(beg + idx));
+ for (size_t idx = 0; idx < size; idx++)
+ assert(!__asan_address_is_poisoned(beg + skipped + idx));
+ for (size_t idx = skipped + size; idx < capacity; idx++)
+ assert(__asan_address_is_poisoned(beg + idx));
+
+ assert(__sanitizer_verify_double_ended_contiguous_container(beg, con_beg,
+ con_end, end));
+ }
+
+ // Don't forget to unpoison the whole thing before destroying/reallocating.
+ __sanitizer_annotate_contiguous_container(beg, end, mid, end);
+ for (size_t idx = 0; idx < capacity; idx++)
+ assert(!__asan_address_is_poisoned(beg + idx));
+ delete[] beg;
+}
+#endif // _LIBCPP_CLANG_VER >= 16000
+
__attribute__((noinline))
void Throw() { throw 1; }
diff --git a/libcxx/include/__config b/libcxx/include/__config
--- a/libcxx/include/__config
+++ b/libcxx/include/__config
@@ -880,6 +880,10 @@
# ifndef _LIBCPP_HAS_NO_ASAN
extern "C" _LIBCPP_FUNC_VIS void
__sanitizer_annotate_contiguous_container(const void*, const void*, const void*, const void*);
+extern "C" _LIBCPP_FUNC_VIS void __sanitizer_annotate_double_ended_contiguous_container(
+ const void*, const void*, const void*, const void*, const void*, const void*);
+extern "C" _LIBCPP_FUNC_VIS int
+__sanitizer_verify_double_ended_contiguous_container(const void*, const void*, const void*, const void*);
# endif
// Try to find out if RTTI is disabled.