This is an archive of the discontinued LLVM Phabricator instance.

Differential D146993

[asan] Allow reallocating uninstrumented pointers on Windows
DraftPublic

Authored by alvinhochun on Mar 27 2023, 11:49 AM.
This is a draft revision that has not yet been submitted for review.

Details

Reviewers
mstorsjo
etienneb
kcc
rnk
Summary

Asan have been ignoring deallocation of uninstrumented pointers since
https://reviews.llvm.org/D25946, but it did not do the same with
reallocation. Sometimes DLLs may reallocate memory allocated before asan
has been initialized, which can cause false asan reports, as stated in
https://github.com/llvm/llvm-project/issues/61685.

This change makes asan reallocation on Windows ignore pointers not
allocated by asan itself in the same way as deallocation does, for the
sake of consistency.

Diff Detail

Event Timeline

alvinhochun created this revision.Mar 27 2023, 11:49 AM
Herald added a project: Restricted Project. · View Herald TranscriptMar 27 2023, 11:49 AM
Herald added a subscriber: Enna1. · View Herald Transcript
Harbormaster completed remote builds in B222077: Diff 508745.Mar 27 2023, 12:14 PM
alvinhochun updated this revision to Diff 509421.Mar 29 2023, 11:02 AM

WIP: Add test and make it work

Harbormaster completed remote builds in B222560: Diff 509421.Mar 29 2023, 11:09 AM
mstorsjo added a comment.Mar 30 2023, 3:51 AM

A couple issues with this patch...

When building for i386, I get the following build errors:

/home/martin/code/llvm-mingw/llvm-project/compiler-rt/lib/asan/asan_malloc_win.cpp:67:1: error: typedef redefinition with different types ('size_t (*)(void *)' (aka 'unsigned int (*)(void *)') vs 'SIZE_T (*)(void *)' (aka 'unsigned long (*)(void *)'))
DEFINE_REAL(size_t, _msize, void *ptr)
^
/home/martin/code/llvm-mingw/llvm-project/compiler-rt/lib/asan/../interception/interception.h:198:24: note: expanded from macro 'DEFINE_REAL'
    typedef ret_type (*FUNC_TYPE(func))(__VA_ARGS__); \
                       ^
/home/martin/code/llvm-mingw/llvm-project/compiler-rt/lib/asan/../interception/interception.h:163:23: note: expanded from macro 'FUNC_TYPE'
# define FUNC_TYPE(x) x##_type
                      ^
<scratch space>:103:1: note: expanded from here
_msize_type
^
/home/martin/code/llvm-mingw/llvm-project/compiler-rt/lib/asan/asan_interceptors.h:137:1: note: previous definition is here
DECLARE_REAL(SIZE_T, _msize, void *ptr)
^
/home/martin/code/llvm-mingw/llvm-project/compiler-rt/lib/asan/../interception/interception.h:166:24: note: expanded from macro 'DECLARE_REAL'
    typedef ret_type (*FUNC_TYPE(func))(__VA_ARGS__); \
                       ^
/home/martin/code/llvm-mingw/llvm-project/compiler-rt/lib/asan/../interception/interception.h:163:23: note: expanded from macro 'FUNC_TYPE'
# define FUNC_TYPE(x) x##_type
                      ^
<scratch space>:45:1: note: expanded from here
_msize_type
^
1 error generated.

When running tests with MSVC, I get the following failure:

$ ":" "RUN: at line 1"
$ "C:/code/llvm-mingw/llvm-project/llvm/build-msvc/./bin/clang.exe" "-g" "-shared" "C:\code\llvm-mingw\llvm-project\compiler-rt\test\asan\TestCases\Windows\dll_heap_allocation_realloc.cpp" "-o" "C:\code\llvm-mingw\llvm-project\llvm\build-msvc\projects\compiler-rt\test\asan\X86_64WindowsDynamicConfig\TestCases\Windows\Output\dll_heap_allocation_realloc.cpp.tmp-1.dll" "-DHEAP_LIBRARY=1" "-Wl,--exclude-all-symbols" "-Wl,--out-implib,C:\code\llvm-mingw\llvm-project\llvm\build-msvc\projects\compiler-rt\test\asan\X86_64WindowsDynamicConfig\TestCases\Windows\Output\dll_heap_allocation_realloc.cpp.tmp-1.dll.a"
# command output:
LINK : warning LNK4044: unrecognized option '/-exclude-all-symbols'; ignored
LINK : warning LNK4044: unrecognized option '/-out-implib'; ignored
LINK : fatal error LNK1104: cannot open file 'C:\code\llvm-mingw\llvm-project\llvm\build-msvc\projects\compiler-rt\test\asan\X86_64WindowsDynamicConfig\TestCases\Windows\Output\dll_heap_allocation_realloc.cpp.tmp-1.dll.a'

# command stderr:
clang: error: linker command failed with exit code 1104 (use -v to see invocation)

error: command failed with exit status: 0x450
alvinhochun updated this revision to Diff 509653.Mar 30 2023, 6:36 AM

Fix test

Harbormaster completed remote builds in B222737: Diff 509653.Mar 30 2023, 6:42 AM
alvinhochun updated this revision to Diff 510251.Apr 1 2023, 10:49 AM

Fix non-Windows builds and try to "fix" tests for msvc

Harbormaster completed remote builds in B223175: Diff 510251.Apr 1 2023, 11:07 AM

Revision Contents

PathSize
compiler-rt/
lib/
asan/
34 lines
5 lines
13 lines
test/
asan/
TestCases/
Windows/
49 lines

Diff 510251

compiler-rt/lib/asan/asan_allocator.cpp

Show First 20 LinesShow All 708 Lines▼ Show 20 Lines void *Reallocate(void *old_ptr, uptr new_size, BufferedStackTrace *stack) {
AsanChunk *m = reinterpret_cast<AsanChunk *>(chunk_beg); AsanChunk *m = reinterpret_cast<AsanChunk *>(chunk_beg);
AsanStats &thread_stats = GetCurrentThreadStats(); AsanStats &thread_stats = GetCurrentThreadStats();
thread_stats.reallocs++; thread_stats.reallocs++;
thread_stats.realloced += new_size; thread_stats.realloced += new_size;
void *new_ptr = Allocate(new_size, 8, stack, FROM_MALLOC, true); void *new_ptr = Allocate(new_size, 8, stack, FROM_MALLOC, true);
if (new_ptr) { if (new_ptr) {
#if SANITIZER_WINDOWS
// On Windows, uninstrumented DLLs may allocate memory before ASan hooks
// malloc. Don't report an invalid free in this case.
if (!get_allocator().PointerIsMine(old_ptr)) {
if (!IsSystemHeapAddress(p))
ReportFreeNotMalloced(p, stack);
CHECK_NE(REAL(memcpy), nullptr);
CHECK_NE(REAL(_msize), nullptr);
CHECK_NE(REAL(free), nullptr);
uptr memcpy_size = Min(new_size, REAL(_msize)(old_ptr));
REAL(memcpy)(new_ptr, old_ptr, memcpy_size);
REAL(free)(old_ptr);
} else
#endif
{
u8 chunk_state = atomic_load(&m->chunk_state, memory_order_acquire); u8 chunk_state = atomic_load(&m->chunk_state, memory_order_acquire);
if (chunk_state != CHUNK_ALLOCATED) if (chunk_state != CHUNK_ALLOCATED)
ReportInvalidFree(old_ptr, chunk_state, stack); ReportInvalidFree(old_ptr, chunk_state, stack);
CHECK_NE(REAL(memcpy), nullptr); CHECK_NE(REAL(memcpy), nullptr);
uptr memcpy_size = Min(new_size, m->UsedSize()); uptr memcpy_size = Min(new_size, m->UsedSize());
// If realloc() races with free(), we may start copying freed memory. // If realloc() races with free(), we may start copying freed memory.
// However, we will report racy double-free later anyway. // However, we will report racy double-free later anyway.
REAL(memcpy)(new_ptr, old_ptr, memcpy_size); REAL(memcpy)(new_ptr, old_ptr, memcpy_size);
Deallocate(old_ptr, 0, 0, stack, FROM_MALLOC); Deallocate(old_ptr, 0, 0, stack, FROM_MALLOC);
} }
}
return new_ptr; return new_ptr;
} }
void *Calloc(uptr nmemb, uptr size, BufferedStackTrace *stack) { void *Calloc(uptr nmemb, uptr size, BufferedStackTrace *stack) {
if (UNLIKELY(CheckForCallocOverflow(size, nmemb))) { if (UNLIKELY(CheckForCallocOverflow(size, nmemb))) {
if (AllocatorMayReturnNull()) if (AllocatorMayReturnNull())
return nullptr; return nullptr;
ReportCallocOverflow(nmemb, size, stack); ReportCallocOverflow(nmemb, size, stack);
▲ Show 20 LinesShow All 464 LinesShow Last 20 Lines

compiler-rt/lib/asan/asan_interceptors.h

Show First 20 LinesShow All 127 Lines▼ Show 20 Lines
DECLARE_REAL(int, memcmp, const void *a1, const void *a2, uptr size) DECLARE_REAL(int, memcmp, const void *a1, const void *a2, uptr size)
DECLARE_REAL(char*, strchr, const char *str, int c) DECLARE_REAL(char*, strchr, const char *str, int c)
DECLARE_REAL(SIZE_T, strlen, const char *s) DECLARE_REAL(SIZE_T, strlen, const char *s)
DECLARE_REAL(char*, strncpy, char *to, const char *from, uptr size) DECLARE_REAL(char*, strncpy, char *to, const char *from, uptr size)
DECLARE_REAL(uptr, strnlen, const char *s, uptr maxlen) DECLARE_REAL(uptr, strnlen, const char *s, uptr maxlen)
DECLARE_REAL(char*, strstr, const char *s1, const char *s2) DECLARE_REAL(char*, strstr, const char *s1, const char *s2)
# if SANITIZER_WINDOWS
DECLARE_REAL(SIZE_T, _msize, void *ptr)
DECLARE_REAL(void, free, void *ptr)
# endif
# if !SANITIZER_APPLE # if !SANITIZER_APPLE
# define ASAN_INTERCEPT_FUNC(name) \ # define ASAN_INTERCEPT_FUNC(name) \
do { \ do { \
if (!INTERCEPT_FUNCTION(name)) \ if (!INTERCEPT_FUNCTION(name)) \
VReport(1, "AddressSanitizer: failed to intercept '%s'\n", #name); \ VReport(1, "AddressSanitizer: failed to intercept '%s'\n", #name); \
} while (0) } while (0)
# define ASAN_INTERCEPT_FUNC_VER(name, ver) \ # define ASAN_INTERCEPT_FUNC_VER(name, ver) \
do { \ do { \
Show All 20 Lines

compiler-rt/lib/asan/asan_malloc_win.cpp

Show First 20 LinesShow All 58 Lines▼ Show 20 Lines
// so we have to intercept them before they are called for the first time. // so we have to intercept them before they are called for the first time.
#if ASAN_DYNAMIC #if ASAN_DYNAMIC
# define ALLOCATION_FUNCTION_ATTRIBUTE # define ALLOCATION_FUNCTION_ATTRIBUTE
#else #else
# define ALLOCATION_FUNCTION_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE # define ALLOCATION_FUNCTION_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
#endif #endif
DEFINE_REAL(SIZE_T, _msize, void *ptr)
DEFINE_REAL(void, free, void *ptr)
extern "C" { extern "C" {
ALLOCATION_FUNCTION_ATTRIBUTE ALLOCATION_FUNCTION_ATTRIBUTE
size_t _msize(void *ptr) { size_t _msize(void *ptr) {
GET_CURRENT_PC_BP_SP; GET_CURRENT_PC_BP_SP;
(void)sp; (void)sp;
return asan_malloc_usable_size(ptr, pc, bp); return asan_malloc_usable_size(ptr, pc, bp);
} }
▲ Show 20 LinesShow All 134 Lines▼ Show 20 LinesINTERCEPTOR_WINAPI(size_t, HeapSize, HANDLE hHeap, DWORD dwFlags,
// If the RTL allocators are hooked we need to check whether the ASAN // If the RTL allocators are hooked we need to check whether the ASAN
// allocator owns the pointer we're about to use. Allocations occur before // allocator owns the pointer we're about to use. Allocations occur before
// interception takes place, so if it is not owned by the RTL heap we can // interception takes place, so if it is not owned by the RTL heap we can
// pass it to the ASAN heap for inspection. // pass it to the ASAN heap for inspection.
if (flags()->windows_hook_rtl_allocators) { if (flags()->windows_hook_rtl_allocators) {
if (!asan_inited || OWNED_BY_RTL(hHeap, lpMem)) if (!asan_inited || OWNED_BY_RTL(hHeap, lpMem))
return REAL(HeapSize)(hHeap, dwFlags, lpMem); return REAL(HeapSize)(hHeap, dwFlags, lpMem);
} else { } else {
if (!__sanitizer_get_ownership(lpMem))
return REAL(HeapSize)(hHeap, dwFlags, lpMem);
CHECK(dwFlags == 0 && "unsupported heap flags"); CHECK(dwFlags == 0 && "unsupported heap flags");
} }
GET_CURRENT_PC_BP_SP; GET_CURRENT_PC_BP_SP;
(void)sp; (void)sp;
return asan_malloc_usable_size(lpMem, pc, bp); return asan_malloc_usable_size(lpMem, pc, bp);
} }
INTERCEPTOR_WINAPI(LPVOID, HeapAlloc, HANDLE hHeap, DWORD dwFlags, INTERCEPTOR_WINAPI(LPVOID, HeapAlloc, HANDLE hHeap, DWORD dwFlags,
▲ Show 20 LinesShow All 249 Lines▼ Show 20 LinesINTERCEPTOR_WINAPI(void*, RtlReAllocateHeap, HANDLE HeapHandle, DWORD Flags,
return SharedReAlloc(REAL(RtlReAllocateHeap), REAL(RtlSizeHeap), return SharedReAlloc(REAL(RtlReAllocateHeap), REAL(RtlSizeHeap),
REAL(RtlFreeHeap), REAL(RtlAllocateHeap), HeapHandle, REAL(RtlFreeHeap), REAL(RtlAllocateHeap), HeapHandle,
Flags, BaseAddress, Size); Flags, BaseAddress, Size);
} }
namespace __asan { namespace __asan {
static void TryToOverrideFunction(const char *fname, uptr new_func) { static void TryToOverrideFunction(const char *fname, uptr new_func, uptr *orig_old_func = 0) {
// Failure here is not fatal. The CRT may not be present, and different CRT // Failure here is not fatal. The CRT may not be present, and different CRT
// versions use different symbols. // versions use different symbols.
if (!__interception::OverrideFunction(fname, new_func)) if (!__interception::OverrideFunction(fname, new_func, orig_old_func))
VPrintf(2, "Failed to override function %s\n", fname); VPrintf(2, "Failed to override function %s\n", fname);
} }
void ReplaceSystemMalloc() { void ReplaceSystemMalloc() {
#if defined(ASAN_DYNAMIC) #if defined(ASAN_DYNAMIC)
TryToOverrideFunction("free", (uptr)free); TryToOverrideFunction("free", (uptr)free, (uptr *)&REAL(free));
TryToOverrideFunction("_free_base", (uptr)free); TryToOverrideFunction("_free_base", (uptr)free);
TryToOverrideFunction("malloc", (uptr)malloc); TryToOverrideFunction("malloc", (uptr)malloc);
TryToOverrideFunction("_malloc_base", (uptr)malloc); TryToOverrideFunction("_malloc_base", (uptr)malloc);
TryToOverrideFunction("_malloc_crt", (uptr)malloc); TryToOverrideFunction("_malloc_crt", (uptr)malloc);
TryToOverrideFunction("calloc", (uptr)calloc); TryToOverrideFunction("calloc", (uptr)calloc);
TryToOverrideFunction("_calloc_base", (uptr)calloc); TryToOverrideFunction("_calloc_base", (uptr)calloc);
TryToOverrideFunction("_calloc_crt", (uptr)calloc); TryToOverrideFunction("_calloc_crt", (uptr)calloc);
TryToOverrideFunction("realloc", (uptr)realloc); TryToOverrideFunction("realloc", (uptr)realloc);
TryToOverrideFunction("_realloc_base", (uptr)realloc); TryToOverrideFunction("_realloc_base", (uptr)realloc);
TryToOverrideFunction("_realloc_crt", (uptr)realloc); TryToOverrideFunction("_realloc_crt", (uptr)realloc);
TryToOverrideFunction("_recalloc", (uptr)_recalloc); TryToOverrideFunction("_recalloc", (uptr)_recalloc);
TryToOverrideFunction("_recalloc_base", (uptr)_recalloc); TryToOverrideFunction("_recalloc_base", (uptr)_recalloc);
TryToOverrideFunction("_recalloc_crt", (uptr)_recalloc); TryToOverrideFunction("_recalloc_crt", (uptr)_recalloc);
TryToOverrideFunction("_msize", (uptr)_msize); TryToOverrideFunction("_msize", (uptr)_msize, (uptr *)&REAL(_msize));
TryToOverrideFunction("_msize_base", (uptr)_msize); TryToOverrideFunction("_msize_base", (uptr)_msize);
TryToOverrideFunction("_expand", (uptr)_expand); TryToOverrideFunction("_expand", (uptr)_expand);
TryToOverrideFunction("_expand_base", (uptr)_expand); TryToOverrideFunction("_expand_base", (uptr)_expand);
if (flags()->windows_hook_rtl_allocators) { if (flags()->windows_hook_rtl_allocators) {
INTERCEPT_FUNCTION(HeapSize); INTERCEPT_FUNCTION(HeapSize);
INTERCEPT_FUNCTION(HeapFree); INTERCEPT_FUNCTION(HeapFree);
INTERCEPT_FUNCTION(HeapReAlloc); INTERCEPT_FUNCTION(HeapReAlloc);
Show All 38 Lines

compiler-rt/test/asan/TestCases/Windows/dll_heap_allocation_realloc.cpp

  • This file was added.
// RUN: %clangxx -g -shared %s -o %t-1.dll -DHEAP_LIBRARY=1 -Wl,--exclude-all-symbols -Wl,--out-implib,%t-1.dll.a \
// RUN: || %clang_cl -LD %s -Fe%t-1.dll -DHEAP_LIBRARY=1 -MD
// RUN: %clangxx_asan -shared %s -o %t-2.dll -DHEAP_LIBRARY=2 -Wl,--exclude-all-symbols -Wl,--out-implib,%t-2.dll.a \
// RUN: || %clang_cl -LD %s -Fe%t-2.dll -DHEAP_LIBRARY=2 -fsanitize=address -MD
// RUN: %clangxx -g %s %t-1.dll.a %t-2.dll.a -o %t \
// RUN: || %clang_cl %s %t-1.lib %t-2.lib -Fe%t -MT
// RUN: %run %t 2>&1 | FileCheck %s
// Check that ASan does not fail when realloc-ing allocations that occurred
// within an uninstrumented DLL.
#if HEAP_LIBRARY == 1
# include <stdlib.h>
# include <windows.h>
__declspec(dllexport) int *myglobal = [] {
auto *p = reinterpret_cast<int *>(malloc(sizeof(int)));
*p = 42;
return p;
}();
BOOL WINAPI DllMain(PVOID h, DWORD reason, PVOID reserved) { return TRUE; }
#elif HEAP_LIBRARY == 2
# include <windows.h>
// This export is only to force linking of the DLL.
__declspec(dllexport) int g_heap_library_2 = 0;
BOOL WINAPI DllMain(PVOID h, DWORD reason, PVOID reserved) { return TRUE; }
#else
# include <stdio.h>
# include <stdlib.h>
__declspec(dllimport) extern int *myglobal;
__declspec(dllimport) int g_heap_library_2;
int main(int argc, char **argv) {
g_heap_library_2++;
myglobal = reinterpret_cast<int *>(realloc(myglobal, sizeof(int) * 2));
printf("myglobal: %d\n", *myglobal);
return 0;
}
#endif
// CHECK-NOT: ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed
// CHECK: myglobal: 42