This is an archive of the discontinued LLVM Phabricator instance.

Differential D216

[ASan] Use dylib interposition to hook memory allocation in the dynamic runtime.
ClosedPublic

Authored by glider on Dec 13 2012, 9:18 AM.

Details

Reviewers
kcc
Summary

This CL drastically simplifies the way we're hooking the memory allocation routines in ASan on Mac by using dylib interposition to replace the main malloc_zone_* functions. This allows us to avoid replacing the default CFAllocator and drop the CF dependency at all.
Committing this patch as is will result in the static runtime being broken, so we probably need to work out the transition plan before switching to the dynamic runtime.

Diff Detail

Event Timeline

samsonov added a comment.Dec 13 2012, 11:00 PM

Cool. Do we have many clients on Mac that would have to hack their specific build systems for the dynamic runtime? I think that if installed Clang would be able to produce working binaries with "clang++ -fsanitize=address a.cc" the change is fine.

minor nits below.

asan_malloc_mac.cc
146 ↗(On Diff #521)

Don't need else after return.

205 ↗(On Diff #521)

Hm? So the code for free_common is just
if (!ptr) return;
GET_STACK_TRACE_FREE;
asan_free(ptr, &stack);
?

368 ↗(On Diff #521)

delete this whole block?

kcc added a comment.Dec 14 2012, 1:12 AM

This is getting rid of mach_override, right? Yay!!
I'd like some Apple folks to review this too, but as long as the tests pass I think
the review may happen post-commit.

asan_malloc_mac.cc
346 ↗(On Diff #521)

note sure I understand this comment and the following line

glider updated this revision to Unknown Object (????).Dec 18 2012, 3:20 AM

Addressed Phabricator comments by Kostya and Alexey and off-list comments by Anna Zaks and Dave Payne

glider added inline comments.Dec 18 2012, 3:25 AM
asan_malloc_mac.cc
146 ↗(On Diff #521)

Fixed.

205 ↗(On Diff #521)

Yes. Fixed.

346 ↗(On Diff #521)

It's just wrong. Removed it.

368 ↗(On Diff #521)

done

glider updated this revision to Unknown Object (????).Dec 18 2012, 4:01 AM

Dummy implementations for malloc_make_purgeable and malloc_make_nonpurgeable (required by Chrome)

samsonov added inline comments.Dec 18 2012, 5:34 AM
asan_intercepted_functions.h
232 ↗(On Diff #539)

Hm, can you use uptr instead of size_t?

asan_malloc_mac.cc
87 ↗(On Diff #539)

Why do you need to allocate/free memory for zone name via ASan allocator (with fetching stack trace for malloc etc.)
Can you use InternalScopedBuffer instead?

109 ↗(On Diff #539)

Remove this (or hide under verbosity?)

149 ↗(On Diff #539)

Can memptr be zero? Or it's fine to segfault in this case?

204 ↗(On Diff #539)

Why? (just curious)

lit_tests/heap-overflow.cc
32 ↗(On Diff #539)

_?wrap_malloc here and below?

tests/CMakeLists.txt
84 ↗(On Diff #539)

Will static runtime work at all after this change? If no, plan to remove rules for building it in /lib/asan/CMakeLists.txt

glider updated this revision to Unknown Object (????).Dec 18 2012, 6:22 AM

More comments from Alexey

asan_intercepted_functions.h
232 ↗(On Diff #539)

I think it's generally wrong to rewrite the function prototypes using our typenames.
Anyway, Kostya wants this file to be gone soon after my CL, so let us just leave it as is for now.

asan_malloc_mac.cc
87 ↗(On Diff #539)

Good catch, thanks! Done.

109 ↗(On Diff #539)

Done

149 ↗(On Diff #539)

Added a check.

204 ↗(On Diff #539)

We needed it because some allocations used to be intercepted incorrectly on Mac, and sometimes invalid free were reported because of the zone mismatch. In such cases we wanted to keep going.
Now everything will be allocated from a single zone, thus no mismatches

lit_tests/heap-overflow.cc
32 ↗(On Diff #539)

Seems to work as is, but good idea anyway.

tests/CMakeLists.txt
84 ↗(On Diff #539)

It won't. There'll be a cleanup CL afterwards.

samsonov added a comment.Dec 18 2012, 8:24 AM

LGTM

asan_malloc_mac.cc
87 ↗(On Diff #540)

Will this work for buflen == 0?

89 ↗(On Diff #540)

We have internal_snprintf

glider updated this revision to Unknown Object (????).Dec 19 2012, 4:29 AM

Addressed two comments from Alexey

asan_malloc_mac.cc
87 ↗(On Diff #540)

Refactored the code so that buflen is always > 0.

89 ↗(On Diff #540)

Done, thanks.

glider updated this revision to Unknown Object (????).Dec 20 2012, 5:43 AM

Merge with the current trunk.
Fix lit_tests/interface_symbols.c

glider added a comment.Dec 20 2012, 5:43 AM

PTAL at the changed interface_symbols.c test.

samsonov added inline comments.Dec 20 2012, 5:57 AM
lit_tests/interface_symbols.c
7 ↗(On Diff #557)

This RUN-lines won't work, simply create platofrm-specific tests in lit_tests/Linux and lit_tests/Darwin

lit_tests/lit.cfg
91 ↗(On Diff #557)

Remove this

glider updated this revision to Unknown Object (????).Dec 20 2012, 6:43 AM

Split interface_symbols.c into two platform-specific tests.

glider updated this revision to Unknown Object (????).Jan 11 2013, 8:03 AM

Update the patch so that it applies against the current compiler-rt.

kcc accepted this revision.Jan 14 2013, 1:21 AM

LGTM

glider updated this revision to Unknown Object (????).Jan 21 2013, 10:00 AM

Merge with the current LLVM trunk. I'm about to finally commit this tomorrow.

samsonov added a comment.Jan 21 2013, 10:55 PM

LGTM

asan_malloc_mac.cc
46 ↗(On Diff #736)

I think lint would advice you to prefer sizeof(asan_zone)

86 ↗(On Diff #736)

I think that internal_snprintf() adds a trailing \0

lit_tests/malloc_delete_mismatch.cc
1 ↗(On Diff #736)

Did you move this file somewhere?

glider added inline comments.Jan 22 2013, 12:44 AM
asan_malloc_mac.cc
46 ↗(On Diff #736)

Done. Although I'm a bit unsure about this since I'm not allocating asan_zone itself.

86 ↗(On Diff #736)

It sure does. Something clicked in my head and made me apply the bug mitigation pattern used for strncpy :)
Thanks for catching this!

lit_tests/malloc_delete_mismatch.cc
1 ↗(On Diff #736)

Yes. Let me upload another diff.

glider updated this revision to Unknown Object (????).Jan 22 2013, 12:45 AM

Fixed Alexey's comments, added the missing files to the patch using arc diff.

glider updated this revision to Unknown Object (????).Jan 22 2013, 12:55 AM

Fix lint warnings.

Eugene.Zelenko closed this revision.Oct 5 2016, 4:37 PM
Eugene.Zelenko added a subscriber: Eugene.Zelenko.

Committed in rL173134.

Revision Contents

Diff 741

lib/asan/CMakeLists.txt

Show First 20 LinesShow All 59 Lines▼ Show 20 Linesif(APPLE)
add_compiler_rt_osx_static_runtime(clang_rt.asan_osx add_compiler_rt_osx_static_runtime(clang_rt.asan_osx
ARCH ${ASAN_SUPPORTED_ARCH} ARCH ${ASAN_SUPPORTED_ARCH}
SOURCES ${ASAN_SOURCES} SOURCES ${ASAN_SOURCES}
$<TARGET_OBJECTS:RTInterception.osx> $<TARGET_OBJECTS:RTInterception.osx>
$<TARGET_OBJECTS:RTSanitizerCommon.osx> $<TARGET_OBJECTS:RTSanitizerCommon.osx>
CFLAGS ${ASAN_CFLAGS} CFLAGS ${ASAN_CFLAGS}
DEFS ${ASAN_COMMON_DEFINITIONS}) DEFS ${ASAN_COMMON_DEFINITIONS})
list(APPEND ASAN_RUNTIME_LIBRARIES clang_rt.asan_osx) list(APPEND ASAN_RUNTIME_LIBRARIES clang_rt.asan_osx)
add_compiler_rt_osx_dynamic_runtime(clang_rt.asan_osx_dynamic
ARCH ${ASAN_SUPPORTED_ARCH}
SOURCES ${ASAN_DYLIB_SOURCES}
$<TARGET_OBJECTS:RTInterception.osx>
$<TARGET_OBJECTS:RTSanitizerCommon.osx>
CFLAGS ${ASAN_CFLAGS}
DEFS ${ASAN_DYLIB_DEFINITIONS}
# Dynamic lookup is needed because shadow scale and offset are
# provided by the instrumented modules.
LINKFLAGS "-framework Foundation"
"-undefined dynamic_lookup")
list(APPEND ASAN_RUNTIME_LIBRARIES clang_rt.asan_osx_dynamic)
elseif(ANDROID) elseif(ANDROID)
add_library(clang_rt.asan-arm-android SHARED add_library(clang_rt.asan-arm-android SHARED
${ASAN_SOURCES} ${ASAN_SOURCES}
$<TARGET_OBJECTS:RTInterception.arm.android> $<TARGET_OBJECTS:RTInterception.arm.android>
$<TARGET_OBJECTS:RTSanitizerCommon.arm.android> $<TARGET_OBJECTS:RTSanitizerCommon.arm.android>
) )
set_target_compile_flags(clang_rt.asan-arm-android set_target_compile_flags(clang_rt.asan-arm-android
${ASAN_CFLAGS}) ${ASAN_CFLAGS})
Show All 9 Lines add_compiler_rt_static_runtime(clang_rt.asan-${arch} ${arch}
$<TARGET_OBJECTS:RTInterception.${arch}> $<TARGET_OBJECTS:RTInterception.${arch}>
$<TARGET_OBJECTS:RTSanitizerCommon.${arch}> $<TARGET_OBJECTS:RTSanitizerCommon.${arch}>
CFLAGS ${ASAN_CFLAGS} CFLAGS ${ASAN_CFLAGS}
DEFS ${ASAN_COMMON_DEFINITIONS}) DEFS ${ASAN_COMMON_DEFINITIONS})
list(APPEND ASAN_RUNTIME_LIBRARIES clang_rt.asan-${arch}) list(APPEND ASAN_RUNTIME_LIBRARIES clang_rt.asan-${arch})
endforeach() endforeach()
endif() endif()
set(ASAN_DYNAMIC_RUNTIME_LIBRARIES)
if(APPLE)
# Build universal binary on APPLE.
add_compiler_rt_osx_dynamic_runtime(clang_rt.asan_osx_dynamic
ARCH ${ASAN_SUPPORTED_ARCH}
SOURCES ${ASAN_DYLIB_SOURCES}
$<TARGET_OBJECTS:RTInterception.osx>
$<TARGET_OBJECTS:RTSanitizerCommon.osx>
CFLAGS ${ASAN_CFLAGS}
DEFS ${ASAN_DYLIB_DEFINITIONS}
# Dynamic lookup is needed because shadow scale and offset are
# provided by the instrumented modules.
LINKFLAGS "-framework Foundation"
"-undefined dynamic_lookup")
list(APPEND ASAN_DYNAMIC_RUNTIME_LIBRARIES clang_rt.asan_osx_dynamic)
endif()
if(LLVM_INCLUDE_TESTS) if(LLVM_INCLUDE_TESTS)
add_subdirectory(tests) add_subdirectory(tests)
endif() endif()
add_subdirectory(lit_tests) add_subdirectory(lit_tests)

lib/asan/asan_intercepted_functions.h

Show First 20 LinesShow All 210 Lines▼ Show 20 Lines
typedef void* pthread_workitem_handle_t; typedef void* pthread_workitem_handle_t;
typedef void* dispatch_group_t; typedef void* dispatch_group_t;
typedef void* dispatch_queue_t; typedef void* dispatch_queue_t;
typedef void* dispatch_source_t; typedef void* dispatch_source_t;
typedef u64 dispatch_time_t; typedef u64 dispatch_time_t;
typedef void (*dispatch_function_t)(void *block); typedef void (*dispatch_function_t)(void *block);
typedef void* (*worker_t)(void *block); typedef void* (*worker_t)(void *block);
typedef void* CFStringRef;
typedef void* CFAllocatorRef;
DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_async_f, DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_async_f,
dispatch_queue_t dq, dispatch_queue_t dq,
void *ctxt, dispatch_function_t func); void *ctxt, dispatch_function_t func);
DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_sync_f, DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_sync_f,
dispatch_queue_t dq, dispatch_queue_t dq,
void *ctxt, dispatch_function_t func); void *ctxt, dispatch_function_t func);
DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_after_f, DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_after_f,
dispatch_time_t when, dispatch_queue_t dq, dispatch_time_t when, dispatch_queue_t dq,
void *ctxt, dispatch_function_t func); void *ctxt, dispatch_function_t func);
DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_barrier_async_f, DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_barrier_async_f,
dispatch_queue_t dq, dispatch_queue_t dq,
void *ctxt, dispatch_function_t func); void *ctxt, dispatch_function_t func);
DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_group_async_f, DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_group_async_f,
dispatch_group_t group, dispatch_queue_t dq, dispatch_group_t group, dispatch_queue_t dq,
void *ctxt, dispatch_function_t func); void *ctxt, dispatch_function_t func);
DECLARE_FUNCTION_AND_WRAPPER(void, __CFInitialize, void);
DECLARE_FUNCTION_AND_WRAPPER(CFStringRef, CFStringCreateCopy,
CFAllocatorRef alloc, CFStringRef str);
DECLARE_FUNCTION_AND_WRAPPER(void, free, void* ptr);
# if MAC_INTERPOSE_FUNCTIONS && !defined(MISSING_BLOCKS_SUPPORT) # if MAC_INTERPOSE_FUNCTIONS && !defined(MISSING_BLOCKS_SUPPORT)
DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_group_async, DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_group_async,
dispatch_group_t dg, dispatch_group_t dg,
dispatch_queue_t dq, void (^work)(void)); dispatch_queue_t dq, void (^work)(void));
DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_async, DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_async,
dispatch_queue_t dq, void (^work)(void)); dispatch_queue_t dq, void (^work)(void));
DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_after, DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_after,
dispatch_queue_t dq, void (^work)(void)); dispatch_queue_t dq, void (^work)(void));
DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_source_set_event_handler, DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_source_set_event_handler,
dispatch_source_t ds, void (^work)(void)); dispatch_source_t ds, void (^work)(void));
DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_source_set_cancel_handler, DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_source_set_cancel_handler,
dispatch_source_t ds, void (^work)(void)); dispatch_source_t ds, void (^work)(void));
# endif // MAC_INTERPOSE_FUNCTIONS # endif // MAC_INTERPOSE_FUNCTIONS
typedef void malloc_zone_t;
typedef size_t vm_size_t;
DECLARE_FUNCTION_AND_WRAPPER(malloc_zone_t *, malloc_create_zone,
vm_size_t start_size, unsigned flags);
DECLARE_FUNCTION_AND_WRAPPER(malloc_zone_t *, malloc_default_zone, void);
DECLARE_FUNCTION_AND_WRAPPER(
malloc_zone_t *, malloc_default_purgeable_zone, void);
DECLARE_FUNCTION_AND_WRAPPER(void, malloc_make_purgeable, void *ptr);
DECLARE_FUNCTION_AND_WRAPPER(int, malloc_make_nonpurgeable, void *ptr);
DECLARE_FUNCTION_AND_WRAPPER(void, malloc_set_zone_name,
malloc_zone_t *zone, const char *name);
DECLARE_FUNCTION_AND_WRAPPER(void *, malloc, size_t size);
DECLARE_FUNCTION_AND_WRAPPER(void, free, void *ptr);
DECLARE_FUNCTION_AND_WRAPPER(void *, realloc, void *ptr, size_t size);
DECLARE_FUNCTION_AND_WRAPPER(void *, calloc, size_t nmemb, size_t size);
DECLARE_FUNCTION_AND_WRAPPER(void *, valloc, size_t size);
DECLARE_FUNCTION_AND_WRAPPER(size_t, malloc_good_size, size_t size);
DECLARE_FUNCTION_AND_WRAPPER(int, posix_memalign,
void **memptr, size_t alignment, size_t size);
DECLARE_FUNCTION_AND_WRAPPER(void, _malloc_fork_prepare, void);
DECLARE_FUNCTION_AND_WRAPPER(void, _malloc_fork_parent, void);
DECLARE_FUNCTION_AND_WRAPPER(void, _malloc_fork_child, void);
# endif // __APPLE__ # endif // __APPLE__
} // extern "C" } // extern "C"
#endif // defined(__APPLE__) || (defined(_WIN32) && !defined(_DLL)) #endif // defined(__APPLE__) || (defined(_WIN32) && !defined(_DLL))
#endif // ASAN_INTERCEPTED_FUNCTIONS_H #endif // ASAN_INTERCEPTED_FUNCTIONS_H

lib/asan/asan_mac.cc

Show All 30 Lines
#include <sys/resource.h> #include <sys/resource.h>
#include <sys/sysctl.h> #include <sys/sysctl.h>
#include <sys/ucontext.h> #include <sys/ucontext.h>
#include <fcntl.h> #include <fcntl.h>
#include <pthread.h> #include <pthread.h>
#include <stdlib.h> // for free() #include <stdlib.h> // for free()
#include <unistd.h> #include <unistd.h>
#include <libkern/OSAtomic.h> #include <libkern/OSAtomic.h>
#include <CoreFoundation/CFString.h>
namespace __asan { namespace __asan {
void GetPcSpBp(void *context, uptr *pc, uptr *sp, uptr *bp) { void GetPcSpBp(void *context, uptr *pc, uptr *sp, uptr *bp) {
ucontext_t *ucontext = (ucontext_t*)context; ucontext_t *ucontext = (ucontext_t*)context;
# if SANITIZER_WORDSIZE == 64 # if SANITIZER_WORDSIZE == 64
*pc = ucontext->uc_mcontext->__ss.__rip; *pc = ucontext->uc_mcontext->__ss.__rip;
*bp = ucontext->uc_mcontext->__ss.__rbp; *bp = ucontext->uc_mcontext->__ss.__rbp;
▲ Show 20 LinesShow All 78 Lines▼ Show 20 Linesvoid *AsanDoesNotSupportStaticLinkage() {
return 0; return 0;
} }
bool AsanInterceptsSignal(int signum) { bool AsanInterceptsSignal(int signum) {
return (signum == SIGSEGV || signum == SIGBUS) && flags()->handle_segv; return (signum == SIGSEGV || signum == SIGBUS) && flags()->handle_segv;
} }
void AsanPlatformThreadInit() { void AsanPlatformThreadInit() {
// For the first program thread, we can't replace the allocator before
// __CFInitialize() has been called. If it hasn't, we'll call
// MaybeReplaceCFAllocator() later on this thread.
// For other threads __CFInitialize() has been called before their creation.
// See also asan_malloc_mac.cc.
if (((CFRuntimeBase*)kCFAllocatorSystemDefault)->_cfisa) {
MaybeReplaceCFAllocator();
}
} }
void GetStackTrace(StackTrace *stack, uptr max_s, uptr pc, uptr bp, bool fast) { void GetStackTrace(StackTrace *stack, uptr max_s, uptr pc, uptr bp, bool fast) {
(void)fast; (void)fast;
stack->size = 0; stack->size = 0;
stack->trace[0] = pc; stack->trace[0] = pc;
if ((max_s) > 1) { if ((max_s) > 1) {
stack->max_size = max_s; stack->max_size = max_s;
▲ Show 20 LinesShow All 269 Lines▼ Show 20 Lines
INTERCEPTOR(void, dispatch_source_set_event_handler, INTERCEPTOR(void, dispatch_source_set_event_handler,
dispatch_source_t ds, void(^work)(void)) { dispatch_source_t ds, void(^work)(void)) {
GET_ASAN_BLOCK(work); GET_ASAN_BLOCK(work);
REAL(dispatch_source_set_event_handler)(ds, asan_block); REAL(dispatch_source_set_event_handler)(ds, asan_block);
} }
#endif #endif
// See http://opensource.apple.com/source/CF/CF-635.15/CFString.c
int __CFStrIsConstant(CFStringRef str) {
CFRuntimeBase *base = (CFRuntimeBase*)str;
#if __LP64__
return base->_rc == 0;
#else
return (base->_cfinfo[CF_RC_BITS]) == 0;
#endif
}
INTERCEPTOR(CFStringRef, CFStringCreateCopy, CFAllocatorRef alloc,
CFStringRef str) {
if (__CFStrIsConstant(str)) {
return str;
} else {
return REAL(CFStringCreateCopy)(alloc, str);
}
}
DECLARE_REAL_AND_INTERCEPTOR(void, free, void *ptr)
DECLARE_REAL_AND_INTERCEPTOR(void, __CFInitialize, void)
namespace __asan { namespace __asan {
void InitializeMacInterceptors() { void InitializeMacInterceptors() {
CHECK(INTERCEPT_FUNCTION(dispatch_async_f)); CHECK(INTERCEPT_FUNCTION(dispatch_async_f));
CHECK(INTERCEPT_FUNCTION(dispatch_sync_f)); CHECK(INTERCEPT_FUNCTION(dispatch_sync_f));
CHECK(INTERCEPT_FUNCTION(dispatch_after_f)); CHECK(INTERCEPT_FUNCTION(dispatch_after_f));
CHECK(INTERCEPT_FUNCTION(dispatch_barrier_async_f)); CHECK(INTERCEPT_FUNCTION(dispatch_barrier_async_f));
CHECK(INTERCEPT_FUNCTION(dispatch_group_async_f)); CHECK(INTERCEPT_FUNCTION(dispatch_group_async_f));
// Normally CFStringCreateCopy should not copy constant CF strings.
// Replacing the default CFAllocator causes constant strings to be copied
// rather than just returned, which leads to bugs in big applications like
// Chromium and WebKit, see
// http://code.google.com/p/address-sanitizer/issues/detail?id=10
// Until this problem is fixed we need to check that the string is
// non-constant before calling CFStringCreateCopy.
CHECK(INTERCEPT_FUNCTION(CFStringCreateCopy));
// Some of the library functions call free() directly, so we have to
// intercept it.
CHECK(INTERCEPT_FUNCTION(free));
if (flags()->replace_cfallocator) {
CHECK(INTERCEPT_FUNCTION(__CFInitialize));
}
} }
} // namespace __asan } // namespace __asan
#endif // __APPLE__ #endif // __APPLE__

lib/asan/asan_malloc_mac.cc

Show All 30 Lines
// Similar code is used in Google Perftools, // Similar code is used in Google Perftools,
// http://code.google.com/p/google-perftools. // http://code.google.com/p/google-perftools.
// ---------------------- Replacement functions ---------------- {{{1 // ---------------------- Replacement functions ---------------- {{{1
using namespace __asan; // NOLINT using namespace __asan; // NOLINT
// TODO(glider): do we need both zones? // TODO(glider): do we need both zones?
static malloc_zone_t *system_malloc_zone = 0; static malloc_zone_t *system_malloc_zone = 0;
static malloc_zone_t *system_purgeable_zone = 0;
static malloc_zone_t asan_zone; static malloc_zone_t asan_zone;
CFAllocatorRef cf_asan = 0;
// _CFRuntimeCreateInstance() checks whether the supplied allocator is INTERCEPTOR(malloc_zone_t *, malloc_create_zone,
// kCFAllocatorSystemDefault and, if it is not, stores the allocator reference vm_size_t start_size, unsigned zone_flags) {
// at the beginning of the allocated memory and returns the pointer to the if (!asan_inited) __asan_init();
// allocated memory plus sizeof(CFAllocatorRef). See GET_STACK_TRACE_MALLOC;
// http://www.opensource.apple.com/source/CF/CF-635.21/CFRuntime.c malloc_zone_t *new_zone =
// Pointers returned by _CFRuntimeCreateInstance() can then be passed directly (malloc_zone_t*)asan_malloc(sizeof(asan_zone), &stack);
// to free() or CFAllocatorDeallocate(), which leads to false invalid free internal_memcpy(new_zone, &asan_zone, sizeof(asan_zone));
// reports. new_zone->zone_name = NULL; // The name will be changed anyway.
// The corresponding rdar bug is http://openradar.appspot.com/radar?id=1796404. return new_zone;
void* ALWAYS_INLINE get_saved_cfallocator_ref(void *ptr) {
if (flags()->replace_cfallocator) {
// Make sure we're not hitting the previous page. This may be incorrect
// if ASan's malloc returns an address ending with 0xFF8, which will be
// then padded to a page boundary with a CFAllocatorRef.
uptr arith_ptr = (uptr)ptr;
if ((arith_ptr & 0xFFF) > sizeof(CFAllocatorRef)) {
CFAllocatorRef *saved =
(CFAllocatorRef*)(arith_ptr - sizeof(CFAllocatorRef));
if ((*saved == cf_asan) && asan_mz_size(saved)) ptr = (void*)saved;
}
}
return ptr;
}
// The free() implementation provided by OS X calls malloc_zone_from_ptr()
// to find the owner of |ptr|. If the result is 0, an invalid free() is
// reported. Our implementation falls back to asan_free() in this case
// in order to print an ASan-style report.
//
// For the objects created by _CFRuntimeCreateInstance a CFAllocatorRef is
// placed at the beginning of the allocated chunk and the pointer returned by
// our allocator is off by sizeof(CFAllocatorRef). This pointer can be then
// passed directly to free(), which will lead to errors.
// To overcome this we're checking whether |ptr-sizeof(CFAllocatorRef)|
// contains a pointer to our CFAllocator (assuming no other allocator is used).
// See http://code.google.com/p/address-sanitizer/issues/detail?id=70 for more
// info.
INTERCEPTOR(void, free, void *ptr) {
malloc_zone_t *zone = malloc_zone_from_ptr(ptr);
if (zone) {
#if defined(MAC_OS_X_VERSION_10_6) && \
MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6
if ((zone->version >= 6) && (zone->free_definite_size)) {
zone->free_definite_size(zone, ptr, malloc_size(ptr));
} else {
malloc_zone_free(zone, ptr);
} }
#else
malloc_zone_free(zone, ptr); INTERCEPTOR(malloc_zone_t *, malloc_default_zone, void) {
#endif if (!asan_inited) __asan_init();
} else { return &asan_zone;
if (!asan_mz_size(ptr)) ptr = get_saved_cfallocator_ref(ptr); }
INTERCEPTOR(malloc_zone_t *, malloc_default_purgeable_zone, void) {
// FIXME: ASan should support purgeable allocations.
// https://code.google.com/p/address-sanitizer/issues/detail?id=139
if (!asan_inited) __asan_init();
return &asan_zone;
}
INTERCEPTOR(void, malloc_make_purgeable, void *ptr) {
// FIXME: ASan should support purgeable allocations. Ignoring them is fine
// for now.
if (!asan_inited) __asan_init();
}
INTERCEPTOR(int, malloc_make_nonpurgeable, void *ptr) {
// FIXME: ASan should support purgeable allocations. Ignoring them is fine
// for now.
if (!asan_inited) __asan_init();
// Must return 0 if the contents were not purged since the last call to
// malloc_make_purgeable().
return 0;
}
INTERCEPTOR(void, malloc_set_zone_name, malloc_zone_t *zone, const char *name) {
if (!asan_inited) __asan_init();
// Allocate |strlen("asan-") + 1 + internal_strlen(name)| bytes.
size_t buflen = 6 + (name ? internal_strlen(name) : 0);
InternalScopedBuffer<char> new_name(buflen);
if (name && zone->introspect == asan_zone.introspect) {
internal_snprintf(new_name.data(), buflen, "asan-%s", name);
name = new_name.data();
}
// Call the system malloc's implementation for both external and our zones,
// since that appropriately changes VM region protections on the zone.
REAL(malloc_set_zone_name)(zone, name);
}
INTERCEPTOR(void *, malloc, size_t size) {
if (!asan_inited) __asan_init();
GET_STACK_TRACE_MALLOC;
void *res = asan_malloc(size, &stack);
return res;
}
INTERCEPTOR(void, free, void *ptr) {
if (!asan_inited) __asan_init();
if (!ptr) return;
GET_STACK_TRACE_FREE; GET_STACK_TRACE_FREE;
asan_free(ptr, &stack, FROM_MALLOC); asan_free(ptr, &stack, FROM_MALLOC);
} }
INTERCEPTOR(void *, realloc, void *ptr, size_t size) {
if (!asan_inited) __asan_init();
GET_STACK_TRACE_MALLOC;
return asan_realloc(ptr, size, &stack);
} }
// We can't always replace the default CFAllocator with cf_asan right in INTERCEPTOR(void *, calloc, size_t nmemb, size_t size) {
// ReplaceSystemMalloc(), because it is sometimes called before if (!asan_inited) __asan_init();
// __CFInitialize(), when the default allocator is invalid and replacing it may GET_STACK_TRACE_MALLOC;
// crash the program. Instead we wait for the allocator to initialize and jump return asan_calloc(nmemb, size, &stack);
// in just after __CFInitialize(). Nobody is going to allocate memory using }
// CFAllocators before that, so we won't miss anything.
// INTERCEPTOR(void *, valloc, size_t size) {
// See http://code.google.com/p/address-sanitizer/issues/detail?id=87 if (!asan_inited) __asan_init();
// and http://opensource.apple.com/source/CF/CF-550.43/CFRuntime.c GET_STACK_TRACE_MALLOC;
INTERCEPTOR(void, __CFInitialize, void) { return asan_memalign(GetPageSizeCached(), size, &stack, FROM_MALLOC);
// If the runtime is built as dynamic library, __CFInitialize wrapper may be }
// called before __asan_init.
#if !MAC_INTERPOSE_FUNCTIONS INTERCEPTOR(size_t, malloc_good_size, size_t size) {
CHECK(flags()->replace_cfallocator); if (!asan_inited) __asan_init();
CHECK(asan_inited); return asan_zone.introspect->good_size(&asan_zone, size);
#endif }
REAL(__CFInitialize)();
if (!cf_asan && asan_inited) MaybeReplaceCFAllocator(); INTERCEPTOR(int, posix_memalign, void **memptr, size_t alignment, size_t size) {
if (!asan_inited) __asan_init();
CHECK(memptr);
GET_STACK_TRACE_MALLOC;
void *result = asan_memalign(alignment, size, &stack, FROM_MALLOC);
if (result) {
*memptr = result;
return 0;
}
return -1;
} }
namespace { namespace {
// TODO(glider): the mz_* functions should be united with the Linux wrappers, // TODO(glider): the mz_* functions should be united with the Linux wrappers,
// as they are basically copied from there. // as they are basically copied from there.
size_t mz_size(malloc_zone_t* zone, const void* ptr) { size_t mz_size(malloc_zone_t* zone, const void* ptr) {
return asan_mz_size(ptr); return asan_mz_size(ptr);
} }
void *mz_malloc(malloc_zone_t *zone, size_t size) { void *mz_malloc(malloc_zone_t *zone, size_t size) {
if (!asan_inited) { if (!asan_inited) {
CHECK(system_malloc_zone); CHECK(system_malloc_zone);
return malloc_zone_malloc(system_malloc_zone, size); return malloc_zone_malloc(system_malloc_zone, size);
} }
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
return asan_malloc(size, &stack); return asan_malloc(size, &stack);
} }
void *cf_malloc(CFIndex size, CFOptionFlags hint, void *info) {
if (!asan_inited) {
CHECK(system_malloc_zone);
return malloc_zone_malloc(system_malloc_zone, size);
}
GET_STACK_TRACE_MALLOC;
return asan_malloc(size, &stack);
}
void *mz_calloc(malloc_zone_t *zone, size_t nmemb, size_t size) { void *mz_calloc(malloc_zone_t *zone, size_t nmemb, size_t size) {
if (!asan_inited) { if (!asan_inited) {
// Hack: dlsym calls calloc before REAL(calloc) is retrieved from dlsym. // Hack: dlsym calls calloc before REAL(calloc) is retrieved from dlsym.
const size_t kCallocPoolSize = 1024; const size_t kCallocPoolSize = 1024;
static uptr calloc_memory_for_dlsym[kCallocPoolSize]; static uptr calloc_memory_for_dlsym[kCallocPoolSize];
static size_t allocated; static size_t allocated;
size_t size_in_words = ((nmemb * size) + kWordSize - 1) / kWordSize; size_t size_in_words = ((nmemb * size) + kWordSize - 1) / kWordSize;
void *mem = (void*)&calloc_memory_for_dlsym[allocated]; void *mem = (void*)&calloc_memory_for_dlsym[allocated];
Show All 15 Lines
} }
#define GET_ZONE_FOR_PTR(ptr) \ #define GET_ZONE_FOR_PTR(ptr) \
malloc_zone_t *zone_ptr = malloc_zone_from_ptr(ptr); \ malloc_zone_t *zone_ptr = malloc_zone_from_ptr(ptr); \
const char *zone_name = (zone_ptr == 0) ? 0 : zone_ptr->zone_name const char *zone_name = (zone_ptr == 0) ? 0 : zone_ptr->zone_name
void ALWAYS_INLINE free_common(void *context, void *ptr) { void ALWAYS_INLINE free_common(void *context, void *ptr) {
if (!ptr) return; if (!ptr) return;
if (asan_mz_size(ptr)) {
GET_STACK_TRACE_FREE;
asan_free(ptr, &stack, FROM_MALLOC);
} else {
// If the pointer does not belong to any of the zones, use one of the
// fallback methods to free memory.
malloc_zone_t *zone_ptr = malloc_zone_from_ptr(ptr);
if (zone_ptr == system_purgeable_zone) {
// allocations from malloc_default_purgeable_zone() done before
// __asan_init() may be occasionally freed via free_common().
// see http://code.google.com/p/address-sanitizer/issues/detail?id=99.
malloc_zone_free(zone_ptr, ptr);
} else {
// If the memory chunk pointer was moved to store additional
// CFAllocatorRef, fix it back.
ptr = get_saved_cfallocator_ref(ptr);
GET_STACK_TRACE_FREE; GET_STACK_TRACE_FREE;
// FIXME: need to retire this flag.
if (!flags()->mac_ignore_invalid_free) { if (!flags()->mac_ignore_invalid_free) {
asan_free(ptr, &stack, FROM_MALLOC); asan_free(ptr, &stack, FROM_MALLOC);
} else { } else {
GET_ZONE_FOR_PTR(ptr); GET_ZONE_FOR_PTR(ptr);
WarnMacFreeUnallocated((uptr)ptr, (uptr)zone_ptr, zone_name, &stack); WarnMacFreeUnallocated((uptr)ptr, (uptr)zone_ptr, zone_name, &stack);
return; return;
} }
} }
}
}
// TODO(glider): the allocation callbacks need to be refactored. // TODO(glider): the allocation callbacks need to be refactored.
void mz_free(malloc_zone_t *zone, void *ptr) { void mz_free(malloc_zone_t *zone, void *ptr) {
free_common(zone, ptr); free_common(zone, ptr);
} }
void cf_free(void *ptr, void *info) {
free_common(info, ptr);
}
void *mz_realloc(malloc_zone_t *zone, void *ptr, size_t size) { void *mz_realloc(malloc_zone_t *zone, void *ptr, size_t size) {
if (!ptr) { if (!ptr) {
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
return asan_malloc(size, &stack); return asan_malloc(size, &stack);
} else { } else {
if (asan_mz_size(ptr)) { if (asan_mz_size(ptr)) {
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
return asan_realloc(ptr, size, &stack); return asan_realloc(ptr, size, &stack);
} else { } else {
// We can't recover from reallocating an unknown address, because // We can't recover from reallocating an unknown address, because
// this would require reading at most |size| bytes from // this would require reading at most |size| bytes from
// potentially unaccessible memory. // potentially unaccessible memory.
GET_STACK_TRACE_FREE; GET_STACK_TRACE_FREE;
GET_ZONE_FOR_PTR(ptr); GET_ZONE_FOR_PTR(ptr);
ReportMacMzReallocUnknown((uptr)ptr, (uptr)zone_ptr, zone_name, &stack); ReportMacMzReallocUnknown((uptr)ptr, (uptr)zone_ptr, zone_name, &stack);
} }
} }
} }
void *cf_realloc(void *ptr, CFIndex size, CFOptionFlags hint, void *info) {
if (!ptr) {
GET_STACK_TRACE_MALLOC;
return asan_malloc(size, &stack);
} else {
if (asan_mz_size(ptr)) {
GET_STACK_TRACE_MALLOC;
return asan_realloc(ptr, size, &stack);
} else {
// We can't recover from reallocating an unknown address, because
// this would require reading at most |size| bytes from
// potentially unaccessible memory.
GET_STACK_TRACE_FREE;
GET_ZONE_FOR_PTR(ptr);
ReportMacCfReallocUnknown((uptr)ptr, (uptr)zone_ptr, zone_name, &stack);
}
}
}
void mz_destroy(malloc_zone_t* zone) { void mz_destroy(malloc_zone_t* zone) {
// A no-op -- we will not be destroyed! // A no-op -- we will not be destroyed!
Printf("mz_destroy() called -- ignoring\n"); Report("mz_destroy() called -- ignoring\n");
} }
// from AvailabilityMacros.h // from AvailabilityMacros.h
#if defined(MAC_OS_X_VERSION_10_6) && \ #if defined(MAC_OS_X_VERSION_10_6) && \
MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6 MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6
void *mz_memalign(malloc_zone_t *zone, size_t align, size_t size) { void *mz_memalign(malloc_zone_t *zone, size_t align, size_t size) {
if (!asan_inited) { if (!asan_inited) {
CHECK(system_malloc_zone); CHECK(system_malloc_zone);
return malloc_zone_memalign(system_malloc_zone, align, size); return malloc_zone_memalign(system_malloc_zone, align, size);
} }
▲ Show 20 LinesShow All 55 Lines▼ Show 20 Lines
boolean_t mi_zone_locked(malloc_zone_t *zone) { boolean_t mi_zone_locked(malloc_zone_t *zone) {
// UNIMPLEMENTED(); // UNIMPLEMENTED();
return false; return false;
} }
#endif #endif
} // unnamed namespace } // unnamed namespace
extern int __CFRuntimeClassTableSize;
namespace __asan { namespace __asan {
void MaybeReplaceCFAllocator() {
static CFAllocatorContext asan_context = {
/*version*/ 0, /*info*/ &asan_zone,
/*retain*/ 0, /*release*/ 0,
/*copyDescription*/0,
/*allocate*/ &cf_malloc,
/*reallocate*/ &cf_realloc,
/*deallocate*/ &cf_free,
/*preferredSize*/ 0 };
if (!cf_asan)
cf_asan = CFAllocatorCreate(kCFAllocatorUseContext, &asan_context);
if (flags()->replace_cfallocator && CFAllocatorGetDefault() != cf_asan)
CFAllocatorSetDefault(cf_asan);
}
void ReplaceSystemMalloc() { void ReplaceSystemMalloc() {
static malloc_introspection_t asan_introspection; static malloc_introspection_t asan_introspection;
// Ok to use internal_memset, these places are not performance-critical. // Ok to use internal_memset, these places are not performance-critical.
internal_memset(&asan_introspection, 0, sizeof(asan_introspection)); internal_memset(&asan_introspection, 0, sizeof(asan_introspection));
asan_introspection.enumerator = &mi_enumerator; asan_introspection.enumerator = &mi_enumerator;
asan_introspection.good_size = &mi_good_size; asan_introspection.good_size = &mi_good_size;
Show All 23 Linesvoid ReplaceSystemMalloc() {
// from AvailabilityMacros.h // from AvailabilityMacros.h
#if defined(MAC_OS_X_VERSION_10_6) && \ #if defined(MAC_OS_X_VERSION_10_6) && \
MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6 MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6
// Switch to version 6 on OSX 10.6 to support memalign. // Switch to version 6 on OSX 10.6 to support memalign.
asan_zone.version = 6; asan_zone.version = 6;
asan_zone.free_definite_size = 0; asan_zone.free_definite_size = 0;
asan_zone.memalign = &mz_memalign; asan_zone.memalign = &mz_memalign;
asan_introspection.zone_locked = &mi_zone_locked; asan_introspection.zone_locked = &mi_zone_locked;
// Request the default purgable zone to force its creation. The
// current default zone is registered with the purgable zone for
// doing tiny and small allocs. Sadly, it assumes that the default
// zone is the szone implementation from OS X and will crash if it
// isn't. By creating the zone now, this will be true and changing
// the default zone won't cause a problem. (OS X 10.6 and higher.)
system_purgeable_zone = malloc_default_purgeable_zone();
#endif #endif
// Register the ASan zone. At this point, it will not be the // Register the ASan zone.
// default zone.
malloc_zone_register(&asan_zone); malloc_zone_register(&asan_zone);
// Unregister and reregister the default zone. Unregistering swaps
// the specified zone with the last one registered which for the
// default zone makes the more recently registered zone the default
// zone. The default zone is then re-registered to ensure that
// allocations made from it earlier will be handled correctly.
// Things are not guaranteed to work that way, but it's how they work now.
system_malloc_zone = malloc_default_zone();
malloc_zone_unregister(system_malloc_zone);
malloc_zone_register(system_malloc_zone);
// Make sure the default allocator was replaced.
CHECK(malloc_default_zone() == &asan_zone);
// If __CFInitialize() hasn't been called yet, cf_asan will be created and
// installed as the default allocator after __CFInitialize() finishes (see
// the interceptor for __CFInitialize() above). Otherwise install cf_asan
// right now. On both Snow Leopard and Lion __CFInitialize() calls
// __CFAllocatorInitialize(), which initializes the _base._cfisa field of
// the default allocators we check here.
if (((CFRuntimeBase*)kCFAllocatorSystemDefault)->_cfisa) {
MaybeReplaceCFAllocator();
}
} }
} // namespace __asan } // namespace __asan
#endif // __APPLE__ #endif // __APPLE__

lib/asan/dynamic/asan_interceptors_dynamic.cc

Show First 20 LinesShow All 95 Lines▼ Show 20 Lines#ifndef MISSING_BLOCKS_SUPPORT
INTERPOSE_FUNCTION(dispatch_async), INTERPOSE_FUNCTION(dispatch_async),
INTERPOSE_FUNCTION(dispatch_after), INTERPOSE_FUNCTION(dispatch_after),
INTERPOSE_FUNCTION(dispatch_source_set_event_handler), INTERPOSE_FUNCTION(dispatch_source_set_event_handler),
INTERPOSE_FUNCTION(dispatch_source_set_cancel_handler), INTERPOSE_FUNCTION(dispatch_source_set_cancel_handler),
#endif #endif
INTERPOSE_FUNCTION(signal), INTERPOSE_FUNCTION(signal),
INTERPOSE_FUNCTION(sigaction), INTERPOSE_FUNCTION(sigaction),
INTERPOSE_FUNCTION(__CFInitialize), INTERPOSE_FUNCTION(malloc_create_zone),
INTERPOSE_FUNCTION(CFStringCreateCopy), INTERPOSE_FUNCTION(malloc_default_zone),
INTERPOSE_FUNCTION(malloc_default_purgeable_zone),
INTERPOSE_FUNCTION(malloc_make_purgeable),
INTERPOSE_FUNCTION(malloc_make_nonpurgeable),
INTERPOSE_FUNCTION(malloc_set_zone_name),
INTERPOSE_FUNCTION(malloc),
INTERPOSE_FUNCTION(free), INTERPOSE_FUNCTION(free),
INTERPOSE_FUNCTION(realloc),
INTERPOSE_FUNCTION(calloc),
INTERPOSE_FUNCTION(valloc),
INTERPOSE_FUNCTION(malloc_good_size),
INTERPOSE_FUNCTION(posix_memalign),
}; };
} // namespace __asan } // namespace __asan
#endif // __APPLE__ #endif // __APPLE__

lib/asan/lit_tests/Darwin/

  • This directory was added.

lib/asan/lit_tests/Darwin/interface_symbols_darwin.c

  • This file was added.
PropertyOld ValueNew Value
svn:eol-stylenullLF
// Check the presense of interface symbols in the ASan runtime dylib.
// If you're changing this file, please also change
// ../Linux/interface_symbols.c
// RUN: %clang -fsanitize=address -dead_strip -O2 %s -o %t.exe
// RUN: rm -f %t.symbols %t.interface
// RUN: nm `otool -L %t.exe | grep "asan_osx_dynamic.dylib" | \
// RUN: tr -d '\011' | \
// RUN: sed "s/.dylib.*/.dylib/"` \
// RUN: | grep " T " | sed "s/.* T //" \
// RUN: | grep "__asan_" | sed "s/___asan_/__asan_/" \
// RUN: | grep -v "__asan_malloc_hook" \
// RUN: | grep -v "__asan_free_hook" \
// RUN: | grep -v "__asan_symbolize" \
// RUN: | grep -v "__asan_default_options" \
// RUN: | grep -v "__asan_on_error" > %t.symbols
// RUN: cat %p/../../../../include/sanitizer/asan_interface.h \
// RUN: | sed "s/\/\/.*//" | sed "s/typedef.*//" \
// RUN: | grep -v "OPTIONAL" \
// RUN: | grep "__asan_.*(" | sed "s/.* __asan_/__asan_/;s/(.*//" \
// RUN: > %t.interface
// RUN: echo __asan_report_load1 >> %t.interface
// RUN: echo __asan_report_load2 >> %t.interface
// RUN: echo __asan_report_load4 >> %t.interface
// RUN: echo __asan_report_load8 >> %t.interface
// RUN: echo __asan_report_load16 >> %t.interface
// RUN: echo __asan_report_store1 >> %t.interface
// RUN: echo __asan_report_store2 >> %t.interface
// RUN: echo __asan_report_store4 >> %t.interface
// RUN: echo __asan_report_store8 >> %t.interface
// RUN: echo __asan_report_store16 >> %t.interface
// RUN: cat %t.interface | sort -u | diff %t.symbols -
int main() { return 0; }

lib/asan/lit_tests/Darwin/lit.local.cfg

  • This file was added.
def getRoot(config):
if not config.parent:
return config
return getRoot(config.parent)
root = getRoot(config)
if root.host_os not in ['Darwin']:
config.unsupported = True

lib/asan/lit_tests/Linux/malloc_delete_mismatch.cc

  • This file was moved from lib/asan/lit_tests/malloc_delete_mismatch.cc.
// Check that we detect malloc/delete mismatch only if the approptiate flag // Check that we detect malloc/delete mismatch only if the approptiate flag
// is set. // is set.
// RUN: %clangxx_asan -g %s -o %t 2>&1 // RUN: %clangxx_asan -g %s -o %t 2>&1
// RUN: ASAN_OPTIONS=alloc_dealloc_mismatch=1 %t 2>&1 | \ // RUN: ASAN_OPTIONS=alloc_dealloc_mismatch=1 %t 2>&1 | \
// RUN: %symbolize | FileCheck %s // RUN: %symbolize | FileCheck %s
// No error here. // No error here.
// RUN: ASAN_OPTIONS=alloc_dealloc_mismatch=0 %t // RUN: ASAN_OPTIONS=alloc_dealloc_mismatch=0 %t
#include <stdlib.h> #include <stdlib.h>
static volatile char *x; static volatile char *x;
int main() { int main() {
x = (char*)malloc(10); x = (char*)malloc(10);
x[0] = 0; x[0] = 0;
delete x; delete x;
} }
// CHECK: ERROR: AddressSanitizer: alloc-dealloc-mismatch (malloc vs operator delete) on 0x // CHECK: ERROR: AddressSanitizer: alloc-dealloc-mismatch (malloc vs operator delete) on 0x
// CHECK-NEXT: #0{{.*}}operator delete // CHECK-NEXT: #0{{.*}}operator delete
// CHECK: #{{.*}}main // CHECK: #{{.*}}main
// CHECK: is located 0 bytes inside of 10-byte region // CHECK: is located 0 bytes inside of 10-byte region
// CHECK-NEXT: allocated by thread T0 here: // CHECK-NEXT: allocated by thread T0 here:
// CHECK-NEXT: #0{{.*}}malloc // CHECK-NEXT: #0{{.*}}malloc
// CHECK: #{{.*}}main // CHECK: #{{.*}}main
// CHECK: HINT: {{.*}} you may set ASAN_OPTIONS=alloc_dealloc_mismatch=0 // CHECK: HINT: {{.*}} you may set ASAN_OPTIONS=alloc_dealloc_mismatch=0

lib/asan/lit_tests/heap-overflow.cc

Show All 23 Linesint main(int argc, char **argv) {
// CHECK: {{READ of size 1 at 0x.* thread T0}} // CHECK: {{READ of size 1 at 0x.* thread T0}}
// CHECK: {{ #0 0x.* in _?main .*heap-overflow.cc:}}[[@LINE-2]] // CHECK: {{ #0 0x.* in _?main .*heap-overflow.cc:}}[[@LINE-2]]
// CHECK: {{0x.* is located 0 bytes to the right of 10-byte region}} // CHECK: {{0x.* is located 0 bytes to the right of 10-byte region}}
// CHECK: {{allocated by thread T0 here:}} // CHECK: {{allocated by thread T0 here:}}
// CHECK-Linux: {{ #0 0x.* in .*malloc}} // CHECK-Linux: {{ #0 0x.* in .*malloc}}
// CHECK-Linux: {{ #1 0x.* in main .*heap-overflow.cc:21}} // CHECK-Linux: {{ #1 0x.* in main .*heap-overflow.cc:21}}
// CHECK-Darwin: {{ #0 0x.* in .*mz_malloc.*}} // CHECK-Darwin: {{ #0 0x.* in _?wrap_malloc.*}}
// CHECK-Darwin: {{ #1 0x.* in malloc_zone_malloc.*}} // CHECK-Darwin: {{ #1 0x.* in _?main .*heap-overflow.cc:21}}
// CHECK-Darwin: {{ #2 0x.* in malloc.*}}
// CHECK-Darwin: {{ #3 0x.* in _?main .*heap-overflow.cc:21}}
free(x); free(x);
return res; return res;
} }

lib/asan/lit_tests/large_func_test.cc

Show First 20 LinesShow All 50 Lines▼ Show 20 Lines
} }
int main(int argc, char **argv) { int main(int argc, char **argv) {
int *x = new int[100]; int *x = new int[100];
LargeFunction(x, argc - 1); LargeFunction(x, argc - 1);
// CHECK: {{ #1 0x.* in _?main .*large_func_test.cc:}}[[@LINE-1]] // CHECK: {{ #1 0x.* in _?main .*large_func_test.cc:}}[[@LINE-1]]
// CHECK: {{0x.* is located 44 bytes to the right of 400-byte region}} // CHECK: {{0x.* is located 44 bytes to the right of 400-byte region}}
// CHECK: {{allocated by thread T0 here:}} // CHECK: {{allocated by thread T0 here:}}
// CHECK: {{ #0 0x.* in operator new.*}} // CHECK-Linux: {{ #0 0x.* in operator new.*}}
// CHECK: {{ #1 0x.* in _?main .*large_func_test.cc:}}[[@LINE-6]] // CHECK-Linux: {{ #1 0x.* in _?main .*large_func_test.cc:}}[[@LINE-6]]
// CHECK-Darwin: {{ #0 0x.* in _?wrap_malloc.*}}
// CHECK-Darwin: {{ #1 0x.* in operator new.*}}
// CHECK-Darwin: {{ #2 0x.* in operator new\[\].*}}
// CHECK-Darwin: {{ #3 0x.* in _?main .*large_func_test.cc:}}[[@LINE-11]]
delete x; delete x;
} }

lib/asan/lit_tests/malloc_delete_mismatch.cc

  • This file was moved to lib/asan/lit_tests/Linux/malloc_delete_mismatch.cc.

lib/asan/lit_tests/strncpy-overflow.cc

Show All 26 Linesint main(int argc, char **argv) {
// CHECK-Darwin: {{ #0 0x.* in _?wrap_strncpy}} // CHECK-Darwin: {{ #0 0x.* in _?wrap_strncpy}}
// CHECK: {{ #1 0x.* in _?main .*strncpy-overflow.cc:}}[[@LINE-4]] // CHECK: {{ #1 0x.* in _?main .*strncpy-overflow.cc:}}[[@LINE-4]]
// CHECK: {{0x.* is located 0 bytes to the right of 9-byte region}} // CHECK: {{0x.* is located 0 bytes to the right of 9-byte region}}
// CHECK: {{allocated by thread T0 here:}} // CHECK: {{allocated by thread T0 here:}}
// CHECK-Linux: {{ #0 0x.* in .*malloc}} // CHECK-Linux: {{ #0 0x.* in .*malloc}}
// CHECK-Linux: {{ #1 0x.* in main .*strncpy-overflow.cc:}}[[@LINE-10]] // CHECK-Linux: {{ #1 0x.* in main .*strncpy-overflow.cc:}}[[@LINE-10]]
// CHECK-Darwin: {{ #0 0x.* in .*mz_malloc.*}} // CHECK-Darwin: {{ #0 0x.* in _?wrap_malloc.*}}
// CHECK-Darwin: {{ #1 0x.* in malloc_zone_malloc.*}} // CHECK-Darwin: {{ #1 0x.* in _?main .*strncpy-overflow.cc:}}[[@LINE-13]]
// CHECK-Darwin: {{ #2 0x.* in malloc.*}}
// CHECK-Darwin: {{ #3 0x.* in _?main .*strncpy-overflow.cc:}}[[@LINE-15]]
return short_buffer[8]; return short_buffer[8];
} }

lib/asan/lit_tests/use-after-free.cc

Show All 24 Linesint main() {
// CHECK: {{READ of size 1 at 0x.* thread T0}} // CHECK: {{READ of size 1 at 0x.* thread T0}}
// CHECK: {{ #0 0x.* in _?main .*use-after-free.cc:22}} // CHECK: {{ #0 0x.* in _?main .*use-after-free.cc:22}}
// CHECK: {{0x.* is located 5 bytes inside of 10-byte region .0x.*,0x.*}} // CHECK: {{0x.* is located 5 bytes inside of 10-byte region .0x.*,0x.*}}
// CHECK: {{freed by thread T0 here:}} // CHECK: {{freed by thread T0 here:}}
// CHECK-Linux: {{ #0 0x.* in .*free}} // CHECK-Linux: {{ #0 0x.* in .*free}}
// CHECK-Linux: {{ #1 0x.* in main .*use-after-free.cc:21}} // CHECK-Linux: {{ #1 0x.* in main .*use-after-free.cc:21}}
// CHECK-Darwin: {{ #0 0x.* in .*free_common.*}} // CHECK-Darwin: {{ #0 0x.* in _?wrap_free}}
// CHECK-Darwin: {{ #1 0x.* in .*mz_free.*}} // CHECK-Darwin: {{ #1 0x.* in _?main .*use-after-free.cc:21}}
// We override free() on Darwin, thus no malloc_zone_free
// CHECK-Darwin: {{ #2 0x.* in _?wrap_free}}
// CHECK-Darwin: {{ #3 0x.* in _?main .*use-after-free.cc:21}}
// CHECK: {{previously allocated by thread T0 here:}} // CHECK: {{previously allocated by thread T0 here:}}
// CHECK-Linux: {{ #0 0x.* in .*malloc}} // CHECK-Linux: {{ #0 0x.* in .*malloc}}
// CHECK-Linux: {{ #1 0x.* in main .*use-after-free.cc:20}} // CHECK-Linux: {{ #1 0x.* in main .*use-after-free.cc:20}}
// CHECK-Darwin: {{ #0 0x.* in .*mz_malloc.*}} // CHECK-Darwin: {{ #0 0x.* in _?wrap_malloc.*}}
// CHECK-Darwin: {{ #1 0x.* in malloc_zone_malloc.*}} // CHECK-Darwin: {{ #1 0x.* in _?main .*use-after-free.cc:20}}
// CHECK-Darwin: {{ #2 0x.* in malloc.*}}
// CHECK-Darwin: {{ #3 0x.* in _?main .*use-after-free.cc:20}}
} }
lib/asan/lit_tests/Darwin/interface_symbols_darwin.c