This is an archive of the discontinued LLVM Phabricator instance.

Differential D145482

[ASan] Remove sanity checks during annotation of contiguous container
ClosedPublic

Authored by AdvenamTacet on Mar 7 2023, 2:21 AM.

Details

Reviewers
vitalybuka
Commits
rG0b2c0dc63faa: [ASan] Remove sanity checks during annotation of contiguous container
Summary

This revision removes sanity checks in
__sanitizer_annotate_contiguous_container.
(Changed them to DCHECK_EQ.)
Those checks may be problematic, if someone manually unpoisoned memory block.
Manual unpoisoning may be used if part of the program is not
instrumented.

Those checks are helpful while confirming correctness of ASan annotations
implementation.

Originally suggested here: https://reviews.llvm.org/D136765#4174546

Diff Detail

Event Timeline

AdvenamTacet created this revision.Mar 7 2023, 2:21 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 7 2023, 2:21 AM
Herald added a subscriber: Enna1. · View Herald Transcript
AdvenamTacet requested review of this revision.Mar 7 2023, 2:21 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 7 2023, 2:21 AM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Harbormaster completed remote builds in B217823: Diff 502966.Mar 7 2023, 2:54 AM
vitalybuka accepted this revision.Mar 7 2023, 6:46 PM
vitalybuka added inline comments.
compiler-rt/lib/asan/asan_poisoning.cpp
454

DCHECK?

This revision is now accepted and ready to land.Mar 7 2023, 6:46 PM
vitalybuka added inline comments.Mar 7 2023, 6:48 PM
compiler-rt/lib/asan/asan_poisoning.cpp
454

DCHECK?

Another option could be full repainting of the container.

AdvenamTacet retitled this revision from Remove sanity checks during annotation of contiguous container to [ASan] Remove sanity checks during annotation of contiguous container.Mar 10 2023, 3:30 AM
AdvenamTacet updated this revision to Diff 504082.Mar 10 2023, 3:33 AM

Changed to DCHECK.

AdvenamTacet marked an inline comment as done.Mar 10 2023, 3:33 AM
AdvenamTacet added inline comments.Mar 10 2023, 3:44 AM
compiler-rt/lib/asan/asan_poisoning.cpp
454

DCHECK is for sure good when writing annotations for libc++ containers. Repainting (if that check fails) may be a nice option as well, but I don't have a strong opinion.

Harbormaster completed remote builds in B218635: Diff 504082.Mar 10 2023, 3:57 AM
AdvenamTacet edited the summary of this revision. (Show Details)Mar 20 2023, 11:08 AM

@vitalybuka could you land that revision as I don't have commiter rights?

AdvenamTacet marked an inline comment as done.May 3 2023, 8:25 PM
AdvenamTacet added inline comments.
compiler-rt/lib/asan/asan_poisoning.cpp
454

Repainting may have terrible performance in some cases, so it would require some way to turn it off. After looking at it closer, I don't really like it Yes, in 95% of cases it's ok solution, but if someone was able to unpoison memory area, should be able to poison as well. Let's not force it.

AdvenamTacet edited the summary of this revision. (Show Details)Jun 26 2023, 6:59 PM
AdvenamTacet updated this revision to Diff 534817.Jun 26 2023, 7:03 PM
AdvenamTacet edited the summary of this revision. (Show Details)

Rebase.

Harbormaster completed remote builds in B241361: Diff 534817.Jun 26 2023, 7:31 PM
Closed by commit rG0b2c0dc63faa: [ASan] Remove sanity checks during annotation of contiguous container (authored by AdvenamTacet). · Explain WhyJun 26 2023, 9:07 PM
This revision was automatically updated to reflect the committed changes.
AdvenamTacet added a commit: rG0b2c0dc63faa: [ASan] Remove sanity checks during annotation of contiguous container.

Revision Contents

PathSize
compiler-rt/
lib/
asan/
6 lines

Diff 534826

compiler-rt/lib/asan/asan_poisoning.cpp

Show First 20 LinesShow All 443 Lines▼ Show 20 Linesvoid __sanitizer_annotate_contiguous_container(const void *beg_p,
// uptr d2 = RoundUpTo(old_mid, granularity); // uptr d2 = RoundUpTo(old_mid, granularity);
// Currently we should be in this state: // Currently we should be in this state:
// [a, d1) is good, [d2, c) is bad, [d1, d2) is partially good. // [a, d1) is good, [d2, c) is bad, [d1, d2) is partially good.
// Make a quick sanity check that we are indeed in this state. // Make a quick sanity check that we are indeed in this state.
// //
// FIXME: Two of these three checks are disabled until we fix // FIXME: Two of these three checks are disabled until we fix
// https://github.com/google/sanitizers/issues/258. // https://github.com/google/sanitizers/issues/258.
// if (d1 != d2) // if (d1 != d2)
// CHECK_EQ(*(u8*)MemToShadow(d1), old_mid - d1); // DCHECK_EQ(*(u8*)MemToShadow(d1), old_mid - d1);
if (a + granularity <= d1) if (a + granularity <= d1)
CHECK_EQ(*(u8 *)MemToShadow(a), 0); DCHECK_EQ(*(u8 *)MemToShadow(a), 0);
vitalybukaUnsubmitted
Done
ReplyInline Actions

DCHECK?

vitalybuka: DCHECK?
vitalybukaUnsubmitted
Done
ReplyInline Actions

DCHECK?

Another option could be full repainting of the container.

vitalybuka: > DCHECK? Another option could be full repainting of the container.
AdvenamTacetAuthorUnsubmitted
Done
ReplyInline Actions

DCHECK is for sure good when writing annotations for libc++ containers. Repainting (if that check fails) may be a nice option as well, but I don't have a strong opinion.

AdvenamTacet: `DCHECK` is for sure good when writing annotations for libc++ containers. Repainting (if that…
AdvenamTacetAuthorUnsubmitted
Done
ReplyInline Actions

Repainting may have terrible performance in some cases, so it would require some way to turn it off. After looking at it closer, I don't really like it Yes, in 95% of cases it's ok solution, but if someone was able to unpoison memory area, should be able to poison as well. Let's not force it.

AdvenamTacet: Repainting may have terrible performance in some cases, so it would require some way to turn it…
// if (d2 + granularity <= c && c <= end) // if (d2 + granularity <= c && c <= end)
// CHECK_EQ(*(u8 *)MemToShadow(c - granularity), // DCHECK_EQ(*(u8 *)MemToShadow(c - granularity),
// kAsanContiguousContainerOOBMagic); // kAsanContiguousContainerOOBMagic);
uptr b1 = RoundDownTo(new_end, granularity); uptr b1 = RoundDownTo(new_end, granularity);
uptr b2 = RoundUpTo(new_end, granularity); uptr b2 = RoundUpTo(new_end, granularity);
// New state: // New state:
// [a, b1) is good, [b2, c) is bad, [b1, b2) is partially good. // [a, b1) is good, [b2, c) is bad, [b1, b2) is partially good.
if (b1 > a) if (b1 > a)
PoisonShadow(a, b1 - a, 0); PoisonShadow(a, b1 - a, 0);
▲ Show 20 LinesShow All 221 LinesShow Last 20 Lines