This is an archive of the discontinued LLVM Phabricator instance.

Differential D146815

[ASan][libc++] Annotating std::deque with all allocators
ClosedPublic

Authored by AdvenamTacet on Mar 24 2023, 8:25 AM.

Details

Reviewers
philnik
ldionne
Group Reviewers
Restricted Project
Commits
rG0a35ac6c2e0c: [ASan][libc++] Annotating std::deque with all allocators
Summary

This patch is part of our efforts to support container annotations with (almost) every allocator.
Annotating std::deque with default allocator is implemented in D132092.

Support in ASan API exests since rG1c5ad6d2c01294a0decde43a88e9c27d7437d157.

The motivation for a research and those changes was a bug, found by Trail of Bits, in a real code where an out-of-bounds read could happen as two strings were compared via a std::equals function that took iter1_begin, iter1_end, iter2_begin iterators (with a custom comparison function).
When object iter1 was longer than iter2, read out-of-bounds on iter2 could happen. Container sanitization would detect it.

If you have any questions, please email:

  • advenam.tacet@trailofbits.com
  • disconnect3d@trailofbits.com

Diff Detail

Event Timeline

AdvenamTacet created this revision.Mar 24 2023, 8:25 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 24 2023, 8:25 AM
AdvenamTacet requested review of this revision.Mar 24 2023, 8:25 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 24 2023, 8:25 AM
Herald added a reviewer: Restricted Project. · View Herald Transcript
Herald added a subscriber: libcxx-commits. · View Herald Transcript
Harbormaster completed remote builds in B221600: Diff 508106.Mar 24 2023, 8:26 AM
AdvenamTacet planned changes to this revision.Mar 24 2023, 8:26 AM

I will add tests.

AdvenamTacet added parent revisions: D132092: [2a/3][ASan][libcxx] std::deque annotations, D145628: [ASan][libcxx] A way to turn off annotations for containers with a specific allocator.Mar 24 2023, 8:28 AM
AdvenamTacet mentioned this in D132092: [2a/3][ASan][libcxx] std::deque annotations.Mar 29 2023, 7:43 AM
AdvenamTacet mentioned this in D145628: [ASan][libcxx] A way to turn off annotations for containers with a specific allocator.Apr 1 2023, 5:51 AM
asb mentioned this in D148315: [RISCV] Modify arch string parsing order according to latest riscv spec.Apr 18 2023, 1:46 AM
philnik mentioned this in rG2fa1bec7a20b: [ASan][libcxx] A way to turn off annotations for containers with a specific….May 4 2023, 2:17 PM
philnik mentioned this in rG9a5f28313920: [2a/3][ASan][libcxx] std::deque annotations.May 5 2023, 9:12 AM
philnik mentioned this in rG605b9c76e093: [2a/3][ASan][libcxx] std::deque annotations.May 24 2023, 2:27 PM
AdvenamTacet updated this revision to Diff 526902.May 30 2023, 10:19 PM

This update resolves merge conflicts with new head.

Harbormaster completed remote builds in B235481: Diff 526902.May 31 2023, 2:25 AM
AdvenamTacet updated this revision to Diff 527685.Jun 1 2023, 5:56 PM

This update applies changes to the newest version of D132092.
It also adds tests similar to those in D136765.

I have a problem with local tests.

AdvenamTacet updated this revision to Diff 527714.Jun 1 2023, 8:25 PM

This updates the base commit.

AdvenamTacet added a reviewer: philnik.Jun 1 2023, 9:46 PM
AdvenamTacet added subscribers: vitalybuka, hans.
Harbormaster completed remote builds in B236062: Diff 527714.Jun 1 2023, 10:26 PM
AdvenamTacet updated this revision to Diff 529014.Jun 6 2023, 1:23 PM

Rebase.

Harbormaster completed remote builds in B237051: Diff 529014.Jun 6 2023, 3:15 PM
AdvenamTacet updated this revision to Diff 529489.Jun 7 2023, 8:04 PM

rebase

Harbormaster completed remote builds in B237411: Diff 529489.Jun 7 2023, 9:51 PM
AdvenamTacet updated this revision to Diff 529984.Jun 9 2023, 9:10 AM

rebase

Harbormaster completed remote builds in B237781: Diff 529984.Jun 9 2023, 9:15 AM
philnik added inline comments.Jun 14 2023, 9:27 AM
libcxx/include/deque
981

This needs tests to make sure that custom allocators work and that customizing __asan_annotate_container_with_allocator can be customized to disable annotations.

AdvenamTacet updated this revision to Diff 531415.Jun 14 2023, 10:29 AM
AdvenamTacet marked an inline comment as done.

This update adds tests for the patch.

  • Test for different allocators.
  • Test confirming that turning off annotations work.
Harbormaster completed remote builds in B238872: Diff 531415.Jun 14 2023, 2:39 PM
AdvenamTacet updated this revision to Diff 533845.Jun 22 2023, 7:07 PM

rebase

Harbormaster completed remote builds in B240682: Diff 533845.Jun 22 2023, 10:41 PM
AdvenamTacet mentioned this in rG10ec9276d400: [2a/3][ASan][libcxx] std::deque annotations.Jun 26 2023, 9:55 PM
ldionne accepted this revision.Jul 17 2023, 3:17 PM
ldionne added a subscriber: ldionne.

LGTM after comments are applied.

libcxx/test/libcxx/containers/sequences/deque/asan_turning_off.pass.cpp
20

Please use <cassert> instead.

<stdlib.h> shouldn't be necessary after my comments below.

29

Let's do new char[8 * 1024] instead (some platforms don't expose std::malloc).

33

And delete[] here.

This revision is now accepted and ready to land.Jul 17 2023, 3:17 PM
AdvenamTacet updated this revision to Diff 541674.Jul 18 2023, 12:28 PM
AdvenamTacet marked 3 inline comments as done.

Rebase and suggested changes.

Thank you @ldionne for the review!

This update:

  • assert.h -> cassert,
  • removes stdlib.h,
  • new char[...] instead of malloc,
  • does rebase,
  • delete[] instead of free.

@philnik is there anything more you want to see in the patch?

Harbormaster completed remote builds in B246313: Diff 541674.Jul 18 2023, 8:19 PM
ldionne added a comment.Jul 19 2023, 6:42 AM

You can try rebasing and re-uploading the patch to see if the issues persist. I think this was a fluke fixed by 1cad87c07aab0e3052ad61953fc30d5155fba336.

AdvenamTacet updated this revision to Diff 542057.Jul 19 2023, 9:03 AM

Rebase

I also don't think the issue is related to the patch.

Harbormaster completed remote builds in B246573: Diff 542057.Jul 19 2023, 9:14 AM
ldionne added a comment.Jul 19 2023, 9:53 AM

IDK why but the build was cancelled, can you ping the CI again? Sorry this is kinda complicated

AdvenamTacet updated this revision to Diff 542236.Jul 19 2023, 4:22 PM

CI rerun and rebase.

@ldionne, no worries, I know it and I will make it work.

Harbormaster completed remote builds in B246708: Diff 542236.Jul 19 2023, 8:43 PM
Closed by commit rG0a35ac6c2e0c: [ASan][libc++] Annotating std::deque with all allocators (authored by AdvenamTacet). · Explain WhyJul 20 2023, 1:17 AM
This revision was automatically updated to reflect the committed changes.
AdvenamTacet added a commit: rG0a35ac6c2e0c: [ASan][libc++] Annotating std::deque with all allocators.
AdvenamTacet mentioned this in D156155: [NFC][libc++] Update comments to reflect changes in ASan.Jul 24 2023, 11:00 AM
AdvenamTacet mentioned this in rG705fb08be1eb: [NFC][libc++] Update comments to reflect changes in ASan.Jul 24 2023, 11:33 AM

Revision Contents

PathSize
libcxx/
include/
5 lines
test/
libcxx/
containers/
sequences/
deque/
17 lines
76 lines

Diff 542361

libcxx/include/deque

Show First 20 LinesShow All 452 Lines▼ Show 20 Linestemplate <class _ValueType, class _Pointer, class _Reference, class _MapPointer,
class _DiffType, _DiffType _BlockSize> class _DiffType, _DiffType _BlockSize>
const _DiffType __deque_iterator<_ValueType, _Pointer, _Reference, _MapPointer, const _DiffType __deque_iterator<_ValueType, _Pointer, _Reference, _MapPointer,
_DiffType, _BlockSize>::__block_size = _DiffType, _BlockSize>::__block_size =
__deque_block_size<_ValueType, _DiffType>::value; __deque_block_size<_ValueType, _DiffType>::value;
template <class _Tp, class _Allocator /*= allocator<_Tp>*/> template <class _Tp, class _Allocator /*= allocator<_Tp>*/>
class _LIBCPP_TEMPLATE_VIS deque class _LIBCPP_TEMPLATE_VIS deque
{ {
private:
using __default_allocator_type = allocator<_Tp>;
public: public:
// types: // types:
using value_type = _Tp; using value_type = _Tp;
static_assert((is_same<typename _Allocator::value_type, value_type>::value), static_assert((is_same<typename _Allocator::value_type, value_type>::value),
"Allocator::value_type must be same type as value_type"); "Allocator::value_type must be same type as value_type");
▲ Show 20 LinesShow All 504 Lines▼ Show 20 Lines#if !defined(_LIBCPP_HAS_NO_ASAN) && _LIBCPP_CLANG_VER >= 1600
// TODO LLVM18: Remove the special-casing // TODO LLVM18: Remove the special-casing
_LIBCPP_HIDE_FROM_ABI void __annotate_double_ended_contiguous_container( _LIBCPP_HIDE_FROM_ABI void __annotate_double_ended_contiguous_container(
const void* __beg, const void* __beg,
const void* __end, const void* __end,
const void* __old_con_beg, const void* __old_con_beg,
const void* __old_con_end, const void* __old_con_end,
const void* __new_con_beg, const void* __new_con_beg,
const void* __new_con_end) const { const void* __new_con_end) const {
if (__beg && is_same<allocator_type, __default_allocator_type>::value) if (__beg != nullptr && __asan_annotate_container_with_allocator<_Allocator>::value)
philnikUnsubmitted
Done
ReplyInline Actions

This needs tests to make sure that custom allocators work and that customizing __asan_annotate_container_with_allocator can be customized to disable annotations.

philnik: This needs tests to make sure that custom allocators work and that customizing…
__sanitizer_annotate_double_ended_contiguous_container( __sanitizer_annotate_double_ended_contiguous_container(
__beg, __end, __old_con_beg, __old_con_end, __new_con_beg, __new_con_end); __beg, __end, __old_con_beg, __old_con_end, __new_con_beg, __new_con_end);
} }
#else #else
_LIBCPP_HIDE_FROM_ABI void __annotate_double_ended_contiguous_container( _LIBCPP_HIDE_FROM_ABI void __annotate_double_ended_contiguous_container(
const void*, const void*, const void*, const void*, const void*, const void*) const _NOEXCEPT {} const void*, const void*, const void*, const void*, const void*, const void*) const _NOEXCEPT {}
#endif // !defined(_LIBCPP_HAS_NO_ASAN) && _LIBCPP_CLANG_VER >= 1600 #endif // !defined(_LIBCPP_HAS_NO_ASAN) && _LIBCPP_CLANG_VER >= 1600
▲ Show 20 LinesShow All 2,012 LinesShow Last 20 Lines

libcxx/test/libcxx/containers/sequences/deque/asan.pass.cpp

Show All 25 Lines
void do_exit() { void do_exit() {
exit(0); exit(0);
} }
int main(int, char**) int main(int, char**)
{ {
{ {
typedef cpp17_input_iterator<int*> MyInputIter; typedef cpp17_input_iterator<int*> MyInputIter;
// Sould not trigger ASan. // Should not trigger ASan.
std::deque<int> v; std::deque<int> v;
int i[] = {42}; int i[] = {42};
v.insert(v.begin(), MyInputIter(i), MyInputIter(i + 1)); v.insert(v.begin(), MyInputIter(i), MyInputIter(i + 1));
assert(v[0] == 42); assert(v[0] == 42);
assert(is_double_ended_contiguous_container_asan_correct(v)); assert(is_double_ended_contiguous_container_asan_correct(v));
} }
{
typedef int T;
typedef std::deque<T, min_allocator<T> > C;
const T t[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9};
C c(std::begin(t), std::end(t));
assert(is_double_ended_contiguous_container_asan_correct(c));
}
{
typedef char T;
typedef std::deque<T, safe_allocator<T> > C;
const T t[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9'};
C c(std::begin(t), std::end(t));
c.pop_front();
assert(is_double_ended_contiguous_container_asan_correct(c));
}
__sanitizer_set_death_callback(do_exit); __sanitizer_set_death_callback(do_exit);
{ {
typedef int T; typedef int T;
typedef std::deque<T> C; typedef std::deque<T> C;
const T t[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9}; const T t[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9};
C c(std::begin(t), std::end(t)); C c(std::begin(t), std::end(t));
assert(is_double_ended_contiguous_container_asan_correct(c)); assert(is_double_ended_contiguous_container_asan_correct(c));
T* ptr = &c[0]; T* ptr = &c[0];
for(size_t i = 0; i < (8 + sizeof(T) - 1)/sizeof(T); ++i) for(size_t i = 0; i < (8 + sizeof(T) - 1)/sizeof(T); ++i)
c.pop_front(); c.pop_front();
*ptr = 1; *ptr = 1;
volatile T foo = c[c.size()]; // should trigger ASAN. Use volatile to prevent being optimized away. volatile T foo = c[c.size()]; // should trigger ASAN. Use volatile to prevent being optimized away.
assert(false); // if we got here, ASAN didn't trigger assert(false); // if we got here, ASAN didn't trigger
((void)foo); ((void)foo);
} }
} }

libcxx/test/libcxx/containers/sequences/deque/asan_turning_off.pass.cpp

  • This file was added.
//===----------------------------------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// UNSUPPORTED: c++03
// <deque>
// Test based on: https://bugs.chromium.org/p/chromium/issues/detail?id=1419798#c5
// Some allocators during deallocation may not call destructors and just reuse memory.
// In those situations, one may want to deactivate annotations for a specific allocator.
// It's possible with __asan_annotate_container_with_allocator template class.
// This test confirms that those allocators work after turning off annotations.
#include <cassert>
#include <deque>
ldionneUnsubmitted
Done
ReplyInline Actions

Please use <cassert> instead.

<stdlib.h> shouldn't be necessary after my comments below.

ldionne: Please use `<cassert>` instead. `<stdlib.h>` shouldn't be necessary after my comments below.
#include <new>
struct reuse_allocator {
static size_t const N = 100;
reuse_allocator() {
for (size_t i = 0; i < N; ++i)
__buffers[i] = new char[8 * 1024];
}
~reuse_allocator() {
ldionneUnsubmitted
Done
ReplyInline Actions

Let's do new char[8 * 1024] instead (some platforms don't expose std::malloc).

ldionne: Let's do `new char[8 * 1024]` instead (some platforms don't expose `std::malloc`).
for (size_t i = 0; i < N; ++i)
delete[] (char*)__buffers[i];
}
void* alloc() {
ldionneUnsubmitted
Done
ReplyInline Actions

And delete[] here.

ldionne: And `delete[]` here.
assert(__next_id < N);
return __buffers[__next_id++];
}
void reset() { __next_id = 0; }
void* __buffers[N];
size_t __next_id = 0;
} reuse_buffers;
template <typename T>
struct user_allocator {
using value_type = T;
user_allocator() = default;
template <class U>
user_allocator(user_allocator<U>) {}
friend bool operator==(user_allocator, user_allocator) { return true; }
friend bool operator!=(user_allocator x, user_allocator y) { return !(x == y); }
T* allocate(size_t) { return (T*)reuse_buffers.alloc(); }
void deallocate(T*, size_t) noexcept {}
};
#ifdef _LIBCPP_HAS_ASAN_CONTAINER_ANNOTATIONS_FOR_ALL_ALLOCATORS
template <class T>
struct std::__asan_annotate_container_with_allocator<user_allocator<T>> : false_type {};
#endif
int main(int, char**) {
using D = std::deque<int, user_allocator<int>>;
{
D* d = new (reuse_buffers.alloc()) D();
for (int i = 0; i < 100; i++)
d->push_back(i);
}
reuse_buffers.reset();
{
D d;
for (int i = 0; i < 1000; i++)
d.push_back(i);
}
return 0;
}