Diff 546

asan_intercepted_functions.h

	Show First 20 Lines • Show All 192 Lines • ▼ Show 20 Lines
	typedef void* pthread_workitem_handle_t;			typedef void* pthread_workitem_handle_t;

	typedef void* dispatch_group_t;			typedef void* dispatch_group_t;
	typedef void* dispatch_queue_t;			typedef void* dispatch_queue_t;
	typedef void* dispatch_source_t;			typedef void* dispatch_source_t;
	typedef u64 dispatch_time_t;			typedef u64 dispatch_time_t;
	typedef void (dispatch_function_t)(void block);			typedef void (dispatch_function_t)(void block);
	typedef void* (worker_t)(void block);			typedef void* (worker_t)(void block);
	typedef void* CFStringRef;
	typedef void* CFAllocatorRef;

	DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_async_f,			DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_async_f,
	dispatch_queue_t dq,			dispatch_queue_t dq,
	void *ctxt, dispatch_function_t func);			void *ctxt, dispatch_function_t func);
	DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_sync_f,			DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_sync_f,
	dispatch_queue_t dq,			dispatch_queue_t dq,
	void *ctxt, dispatch_function_t func);			void *ctxt, dispatch_function_t func);
	DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_after_f,			DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_after_f,
	dispatch_time_t when, dispatch_queue_t dq,			dispatch_time_t when, dispatch_queue_t dq,
	void *ctxt, dispatch_function_t func);			void *ctxt, dispatch_function_t func);
	DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_barrier_async_f,			DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_barrier_async_f,
	dispatch_queue_t dq,			dispatch_queue_t dq,
	void *ctxt, dispatch_function_t func);			void *ctxt, dispatch_function_t func);
	DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_group_async_f,			DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_group_async_f,
	dispatch_group_t group, dispatch_queue_t dq,			dispatch_group_t group, dispatch_queue_t dq,
	void *ctxt, dispatch_function_t func);			void *ctxt, dispatch_function_t func);

	DECLARE_FUNCTION_AND_WRAPPER(void, __CFInitialize, void);
	DECLARE_FUNCTION_AND_WRAPPER(CFStringRef, CFStringCreateCopy,
	CFAllocatorRef alloc, CFStringRef str);
	DECLARE_FUNCTION_AND_WRAPPER(void, free, void* ptr);
	#if MAC_INTERPOSE_FUNCTIONS && !defined(MISSING_BLOCKS_SUPPORT)			#if MAC_INTERPOSE_FUNCTIONS && !defined(MISSING_BLOCKS_SUPPORT)
	DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_group_async,			DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_group_async,
	dispatch_group_t dg,			dispatch_group_t dg,
	dispatch_queue_t dq, void (^work)(void));			dispatch_queue_t dq, void (^work)(void));
	DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_async,			DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_async,
	dispatch_queue_t dq, void (^work)(void));			dispatch_queue_t dq, void (^work)(void));
	DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_after,			DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_after,
	dispatch_queue_t dq, void (^work)(void));			dispatch_queue_t dq, void (^work)(void));
	DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_source_set_event_handler,			DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_source_set_event_handler,
	dispatch_source_t ds, void (^work)(void));			dispatch_source_t ds, void (^work)(void));
	DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_source_set_cancel_handler,			DECLARE_FUNCTION_AND_WRAPPER(void, dispatch_source_set_cancel_handler,
	dispatch_source_t ds, void (^work)(void));			dispatch_source_t ds, void (^work)(void));
	#endif // MAC_INTERPOSE_FUNCTIONS			#endif // MAC_INTERPOSE_FUNCTIONS

				typedef void malloc_zone_t;
				typedef size_t vm_size_t;
				samsonovUnsubmitted Not Done Reply Inline Actions Hm, can you use uptr instead of size_t? samsonov: Hm, can you use uptr instead of size_t?
				gliderAuthorUnsubmitted Not Done Reply Inline Actions I think it's generally wrong to rewrite the function prototypes using our typenames. Anyway, Kostya wants this file to be gone soon after my CL, so let us just leave it as is for now. glider: I think it's generally wrong to rewrite the function prototypes using our typenames. Anyway…
				DECLARE_FUNCTION_AND_WRAPPER(malloc_zone_t *, malloc_create_zone,
				vm_size_t start_size, unsigned flags);
				DECLARE_FUNCTION_AND_WRAPPER(malloc_zone_t *, malloc_default_zone, void);
				DECLARE_FUNCTION_AND_WRAPPER(malloc_zone_t *, malloc_default_purgeable_zone, void);
				DECLARE_FUNCTION_AND_WRAPPER(void, malloc_make_purgeable, void *ptr);
				DECLARE_FUNCTION_AND_WRAPPER(int, malloc_make_nonpurgeable, void *ptr);
				DECLARE_FUNCTION_AND_WRAPPER(void, malloc_set_zone_name, malloc_zone_t zone, const char name);
				DECLARE_FUNCTION_AND_WRAPPER(void *, malloc, size_t size);
				DECLARE_FUNCTION_AND_WRAPPER(void, free, void *ptr);
				DECLARE_FUNCTION_AND_WRAPPER(void , realloc, void ptr, size_t size);
				DECLARE_FUNCTION_AND_WRAPPER(void *, calloc, size_t nmemb, size_t size);
				DECLARE_FUNCTION_AND_WRAPPER(void *, valloc, size_t size);
				DECLARE_FUNCTION_AND_WRAPPER(size_t, malloc_good_size, size_t size);
				DECLARE_FUNCTION_AND_WRAPPER(int, posix_memalign, void **memptr, size_t alignment, size_t size);
				DECLARE_FUNCTION_AND_WRAPPER(void, _malloc_fork_prepare, void);
				DECLARE_FUNCTION_AND_WRAPPER(void, _malloc_fork_parent, void);
				DECLARE_FUNCTION_AND_WRAPPER(void, _malloc_fork_child, void);


	#endif // __APPLE__			#endif // __APPLE__
	} // extern "C"			} // extern "C"
	#endif			#endif

	#endif // ASAN_INTERCEPTED_FUNCTIONS_H			#endif // ASAN_INTERCEPTED_FUNCTIONS_H

asan_mac.cc

Show All 30 Lines
#include <sys/resource.h>		#include <sys/resource.h>
#include <sys/sysctl.h>		#include <sys/sysctl.h>
#include <sys/ucontext.h>		#include <sys/ucontext.h>
#include <fcntl.h>		#include <fcntl.h>
#include <pthread.h>		#include <pthread.h>
#include <stdlib.h> // for free()		#include <stdlib.h> // for free()
#include <unistd.h>		#include <unistd.h>
#include <libkern/OSAtomic.h>		#include <libkern/OSAtomic.h>
#include <CoreFoundation/CFString.h>

namespace __asan {		namespace __asan {

void GetPcSpBp(void context, uptr pc, uptr sp, uptr bp) {		void GetPcSpBp(void context, uptr pc, uptr sp, uptr bp) {
ucontext_t ucontext = (ucontext_t)context;		ucontext_t ucontext = (ucontext_t)context;
# if SANITIZER_WORDSIZE == 64		# if SANITIZER_WORDSIZE == 64
*pc = ucontext->uc_mcontext->__ss.__rip;		*pc = ucontext->uc_mcontext->__ss.__rip;
*bp = ucontext->uc_mcontext->__ss.__rbp;		*bp = ucontext->uc_mcontext->__ss.__rbp;
▲ Show 20 Lines • Show All 78 Lines • ▼ Show 20 Lines	void *AsanDoesNotSupportStaticLinkage() {
return 0;		return 0;
}		}

bool AsanInterceptsSignal(int signum) {		bool AsanInterceptsSignal(int signum) {
return (signum == SIGSEGV \|\| signum == SIGBUS) && flags()->handle_segv;		return (signum == SIGSEGV \|\| signum == SIGBUS) && flags()->handle_segv;
}		}

void AsanPlatformThreadInit() {		void AsanPlatformThreadInit() {
// For the first program thread, we can't replace the allocator before
// __CFInitialize() has been called. If it hasn't, we'll call
// MaybeReplaceCFAllocator() later on this thread.
// For other threads __CFInitialize() has been called before their creation.
// See also asan_malloc_mac.cc.
if (((CFRuntimeBase*)kCFAllocatorSystemDefault)->_cfisa) {
MaybeReplaceCFAllocator();
}
}		}

AsanLock::AsanLock(LinkerInitialized) {		AsanLock::AsanLock(LinkerInitialized) {
// We assume that OS_SPINLOCK_INIT is zero		// We assume that OS_SPINLOCK_INIT is zero
}		}

void AsanLock::Lock() {		void AsanLock::Lock() {
CHECK(sizeof(OSSpinLock) <= sizeof(opaque_storage_));		CHECK(sizeof(OSSpinLock) <= sizeof(opaque_storage_));
▲ Show 20 Lines • Show All 328 Lines • ▼ Show 20 Lines	if (flags()->verbosity >= 2) {
Report("pthread_workqueue_additem_np: %p\n", asan_ctxt);		Report("pthread_workqueue_additem_np: %p\n", asan_ctxt);
PRINT_CURRENT_STACK();		PRINT_CURRENT_STACK();
}		}
return REAL(pthread_workqueue_additem_np)(workq, wrap_workitem_func,		return REAL(pthread_workqueue_additem_np)(workq, wrap_workitem_func,
asan_ctxt, itemhandlep,		asan_ctxt, itemhandlep,
gencountp);		gencountp);
}		}

// See http://opensource.apple.com/source/CF/CF-635.15/CFString.c
int __CFStrIsConstant(CFStringRef str) {
CFRuntimeBase base = (CFRuntimeBase)str;
#if __LP64__
return base->_rc == 0;
#else
return (base->_cfinfo[CF_RC_BITS]) == 0;
#endif
}

INTERCEPTOR(CFStringRef, CFStringCreateCopy, CFAllocatorRef alloc,
CFStringRef str) {
if (__CFStrIsConstant(str)) {
return str;
} else {
return REAL(CFStringCreateCopy)(alloc, str);
}
}

DECLARE_REAL_AND_INTERCEPTOR(void, free, void *ptr)

DECLARE_REAL_AND_INTERCEPTOR(void, __CFInitialize, void)

namespace __asan {		namespace __asan {

void InitializeMacInterceptors() {		void InitializeMacInterceptors() {
CHECK(INTERCEPT_FUNCTION(dispatch_async_f));		CHECK(INTERCEPT_FUNCTION(dispatch_async_f));
CHECK(INTERCEPT_FUNCTION(dispatch_sync_f));		CHECK(INTERCEPT_FUNCTION(dispatch_sync_f));
CHECK(INTERCEPT_FUNCTION(dispatch_after_f));		CHECK(INTERCEPT_FUNCTION(dispatch_after_f));
CHECK(INTERCEPT_FUNCTION(dispatch_barrier_async_f));		CHECK(INTERCEPT_FUNCTION(dispatch_barrier_async_f));
CHECK(INTERCEPT_FUNCTION(dispatch_group_async_f));		CHECK(INTERCEPT_FUNCTION(dispatch_group_async_f));
// We don't need to intercept pthread_workqueue_additem_np() to support the		// We don't need to intercept pthread_workqueue_additem_np() to support the
// libdispatch API, but it helps us to debug the unsupported functions. Let's		// libdispatch API, but it helps us to debug the unsupported functions. Let's
// intercept it only during verbose runs.		// intercept it only during verbose runs.
if (flags()->verbosity >= 2) {		if (flags()->verbosity >= 2) {
CHECK(INTERCEPT_FUNCTION(pthread_workqueue_additem_np));		CHECK(INTERCEPT_FUNCTION(pthread_workqueue_additem_np));
}		}
// Normally CFStringCreateCopy should not copy constant CF strings.
// Replacing the default CFAllocator causes constant strings to be copied
// rather than just returned, which leads to bugs in big applications like
// Chromium and WebKit, see
// http://code.google.com/p/address-sanitizer/issues/detail?id=10
// Until this problem is fixed we need to check that the string is
// non-constant before calling CFStringCreateCopy.
CHECK(INTERCEPT_FUNCTION(CFStringCreateCopy));
// Some of the library functions call free() directly, so we have to
// intercept it.
CHECK(INTERCEPT_FUNCTION(free));
if (flags()->replace_cfallocator) {
CHECK(INTERCEPT_FUNCTION(__CFInitialize));
}
}		}

} // namespace __asan		} // namespace __asan

#endif // __APPLE__		#endif // __APPLE__

asan_malloc_mac.cc

	Show All 32 Lines

	// ---------------------- Replacement functions ---------------- {{{1			// ---------------------- Replacement functions ---------------- {{{1
	using namespace __asan; // NOLINT			using namespace __asan; // NOLINT

	// TODO(glider): do we need both zones?			// TODO(glider): do we need both zones?
	static malloc_zone_t *system_malloc_zone = 0;			static malloc_zone_t *system_malloc_zone = 0;
	static malloc_zone_t *system_purgeable_zone = 0;			static malloc_zone_t *system_purgeable_zone = 0;
	static malloc_zone_t asan_zone;			static malloc_zone_t asan_zone;
	CFAllocatorRef cf_asan = 0;

	// _CFRuntimeCreateInstance() checks whether the supplied allocator is			INTERCEPTOR(malloc_zone_t *, malloc_create_zone,
	// kCFAllocatorSystemDefault and, if it is not, stores the allocator reference			vm_size_t start_size, unsigned zone_flags) {
	// at the beginning of the allocated memory and returns the pointer to the			if (!asan_inited) __asan_init();
	// allocated memory plus sizeof(CFAllocatorRef). See			GET_STACK_TRACE_MALLOC;
	// http://www.opensource.apple.com/source/CF/CF-635.21/CFRuntime.c			malloc_zone_t *new_zone =
	// Pointers returned by _CFRuntimeCreateInstance() can then be passed directly			(malloc_zone_t*)asan_malloc(sizeof(malloc_zone_t), &stack);
				samsonovUnsubmitted Not Done Reply Inline Actions I think lint would advice you to prefer sizeof(asan_zone) samsonov: I think lint would advice you to prefer sizeof(asan_zone)
				gliderAuthorUnsubmitted Not Done Reply Inline Actions Done. Although I'm a bit unsure about this since I'm not allocating asan_zone itself. glider: Done. Although I'm a bit unsure about this since I'm not allocating asan_zone itself.
	// to free() or CFAllocatorDeallocate(), which leads to false invalid free			internal_memcpy(new_zone, &asan_zone, sizeof(malloc_zone_t));
	// reports.			new_zone->zone_name = NULL; // The name will be changed anyway.
	// The corresponding rdar bug is http://openradar.appspot.com/radar?id=1796404.			return new_zone;
	void* ALWAYS_INLINE get_saved_cfallocator_ref(void *ptr) {
	if (flags()->replace_cfallocator) {
	// Make sure we're not hitting the previous page. This may be incorrect
	// if ASan's malloc returns an address ending with 0xFF8, which will be
	// then padded to a page boundary with a CFAllocatorRef.
	uptr arith_ptr = (uptr)ptr;
	if ((arith_ptr & 0xFFF) > sizeof(CFAllocatorRef)) {
	CFAllocatorRef *saved =
	(CFAllocatorRef*)(arith_ptr - sizeof(CFAllocatorRef));
	if ((saved == cf_asan) && asan_mz_size(saved)) ptr = (void)saved;
	}
	}
	return ptr;
	}

	// The free() implementation provided by OS X calls malloc_zone_from_ptr()
	// to find the owner of \|ptr\|. If the result is 0, an invalid free() is
	// reported. Our implementation falls back to asan_free() in this case
	// in order to print an ASan-style report.
	//
	// For the objects created by _CFRuntimeCreateInstance a CFAllocatorRef is
	// placed at the beginning of the allocated chunk and the pointer returned by
	// our allocator is off by sizeof(CFAllocatorRef). This pointer can be then
	// passed directly to free(), which will lead to errors.
	// To overcome this we're checking whether \|ptr-sizeof(CFAllocatorRef)\|
	// contains a pointer to our CFAllocator (assuming no other allocator is used).
	// See http://code.google.com/p/address-sanitizer/issues/detail?id=70 for more
	// info.
	INTERCEPTOR(void, free, void *ptr) {
	malloc_zone_t *zone = malloc_zone_from_ptr(ptr);
	if (zone) {
	#if defined(MAC_OS_X_VERSION_10_6) && \
	MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6
	if ((zone->version >= 6) && (zone->free_definite_size)) {
	zone->free_definite_size(zone, ptr, malloc_size(ptr));
	} else {
	malloc_zone_free(zone, ptr);
	}			}
	#else
	malloc_zone_free(zone, ptr);			INTERCEPTOR(malloc_zone_t *, malloc_default_zone, void) {
	#endif			if (!asan_inited) __asan_init();
	} else {			return &asan_zone;
	if (!asan_mz_size(ptr)) ptr = get_saved_cfallocator_ref(ptr);			}

				INTERCEPTOR(malloc_zone_t *, malloc_default_purgeable_zone, void) {
				// FIXME: ASan should support purgeable allocations.
				// https://code.google.com/p/address-sanitizer/issues/detail?id=139
				if (!asan_inited) __asan_init();
				return &asan_zone;
				}

				INTERCEPTOR(void, malloc_make_purgeable, void *ptr) {
				// FIXME: ASan should support purgeable allocations. Ignoring them is fine
				// for now.
				if (!asan_inited) __asan_init();
				}

				INTERCEPTOR(int, malloc_make_nonpurgeable, void *ptr) {
				// FIXME: ASan should support purgeable allocations. Ignoring them is fine
				// for now.
				if (!asan_inited) __asan_init();
				// Must return 0 if the contents were not purged since the last call to
				// malloc_make_purgeable().
				return 0;
				}

				INTERCEPTOR(void, malloc_set_zone_name, malloc_zone_t zone, const char name) {
				if (!asan_inited) __asan_init();
				// Allocate \|strlen("asan-") + 1 + internal_strlen(name)\| bytes.
				size_t buflen = 6 + (name ? internal_strlen(name) : 0 );
				InternalScopedBuffer<char> new_name(buflen);
				if (name && zone->introspect == asan_zone.introspect) {
				internal_snprintf(new_name.data(), buflen, "asan-%s", name);
				samsonovUnsubmitted Not Done Reply Inline Actions Why do you need to allocate/free memory for zone name via ASan allocator (with fetching stack trace for malloc etc.) Can you use InternalScopedBuffer instead? samsonov: Why do you need to allocate/free memory for zone name via ASan allocator (with fetching stack…
				gliderAuthorUnsubmitted Not Done Reply Inline Actions Good catch, thanks! Done. glider: Good catch, thanks! Done.
				new_name.data()[buflen - 1] = '\0';
				samsonovUnsubmitted Not Done Reply Inline Actions Will this work for buflen == 0? samsonov: Will this work for buflen == 0?
				gliderAuthorUnsubmitted Not Done Reply Inline Actions Refactored the code so that buflen is always > 0. glider: Refactored the code so that buflen is always > 0.
				samsonovUnsubmitted Not Done Reply Inline Actions I think that internal_snprintf() adds a trailing \0 samsonov: I think that internal_snprintf() adds a trailing \0
				gliderAuthorUnsubmitted Not Done Reply Inline Actions It sure does. Something clicked in my head and made me apply the bug mitigation pattern used for strncpy :) Thanks for catching this! glider: It sure does. Something clicked in my head and made me apply the bug mitigation pattern used…
				name = new_name.data();
				}
				samsonovUnsubmitted Not Done Reply Inline Actions We have internal_snprintf samsonov: We have internal_snprintf
				gliderAuthorUnsubmitted Not Done Reply Inline Actions Done, thanks. glider: Done, thanks.

				// Call the system malloc's implementation for both external and our zones,
				// since that appropriately changes VM region protections on the zone.
				REAL(malloc_set_zone_name)(zone, name);
				}

				INTERCEPTOR(void *, malloc, size_t size) {
				if (!asan_inited) __asan_init();
				GET_STACK_TRACE_MALLOC;
				void *res = asan_malloc(size, &stack);
				return res;
				}

				INTERCEPTOR(void, free, void *ptr) {
				if (!asan_inited) __asan_init();
				samsonovUnsubmitted Not Done Reply Inline Actions Remove this (or hide under verbosity?) samsonov: Remove this (or hide under verbosity?)
				gliderAuthorUnsubmitted Not Done Reply Inline Actions Done glider: Done
				if (!ptr) return;
	GET_STACK_TRACE_FREE;			GET_STACK_TRACE_FREE;
	asan_free(ptr, &stack);			asan_free(ptr, &stack);
	}			}

				INTERCEPTOR(void , realloc, void ptr, size_t size) {
				if (!asan_inited) __asan_init();
				GET_STACK_TRACE_MALLOC;
				return asan_realloc(ptr, size, &stack);
	}			}

	// We can't always replace the default CFAllocator with cf_asan right in			INTERCEPTOR(void *, calloc, size_t nmemb, size_t size) {
	// ReplaceSystemMalloc(), because it is sometimes called before			if (!asan_inited) __asan_init();
	// __CFInitialize(), when the default allocator is invalid and replacing it may			GET_STACK_TRACE_MALLOC;
	// crash the program. Instead we wait for the allocator to initialize and jump			return asan_calloc(nmemb, size, &stack);
	// in just after __CFInitialize(). Nobody is going to allocate memory using			}
	// CFAllocators before that, so we won't miss anything.
	//			INTERCEPTOR(void *, valloc, size_t size) {
	// See http://code.google.com/p/address-sanitizer/issues/detail?id=87			if (!asan_inited) __asan_init();
	// and http://opensource.apple.com/source/CF/CF-550.43/CFRuntime.c			GET_STACK_TRACE_MALLOC;
	INTERCEPTOR(void, __CFInitialize, void) {			return asan_memalign(GetPageSizeCached(), size, &stack);
	// If the runtime is built as dynamic library, __CFInitialize wrapper may be			}
	// called before __asan_init.
	#if !MAC_INTERPOSE_FUNCTIONS			INTERCEPTOR(size_t, malloc_good_size, size_t size) {
	CHECK(flags()->replace_cfallocator);			if (!asan_inited) __asan_init();
	CHECK(asan_inited);			return asan_zone.introspect->good_size(&asan_zone, size);
	#endif			}
	REAL(__CFInitialize)();
	if (!cf_asan && asan_inited) MaybeReplaceCFAllocator();			INTERCEPTOR(int, posix_memalign, void **memptr, size_t alignment, size_t size) {
				if (!asan_inited) __asan_init();
				CHECK(memptr);
				GET_STACK_TRACE_MALLOC;
				void *result = asan_memalign(alignment, size, &stack);
				if (result) {
				samsonovUnsubmitted Not Done Reply Inline Actions Can memptr be zero? Or it's fine to segfault in this case? samsonov: Can memptr be zero? Or it's fine to segfault in this case?
				gliderAuthorUnsubmitted Not Done Reply Inline Actions Added a check. glider: Added a check.
				*memptr = result;
				return 0;
				samsonovUnsubmitted Not Done Reply Inline Actions Don't need else after return. samsonov: Don't need else after return.
				gliderAuthorUnsubmitted Not Done Reply Inline Actions Fixed. glider: Fixed.
				}
				return -1;
	}			}

	namespace {			namespace {

	// TODO(glider): the mz_* functions should be united with the Linux wrappers,			// TODO(glider): the mz_* functions should be united with the Linux wrappers,
	// as they are basically copied from there.			// as they are basically copied from there.
	size_t mz_size(malloc_zone_t* zone, const void* ptr) {			size_t mz_size(malloc_zone_t* zone, const void* ptr) {
	return asan_mz_size(ptr);			return asan_mz_size(ptr);
	}			}

	void mz_malloc(malloc_zone_t zone, size_t size) {			void mz_malloc(malloc_zone_t zone, size_t size) {
	if (!asan_inited) {			if (!asan_inited) {
	CHECK(system_malloc_zone);			CHECK(system_malloc_zone);
	return malloc_zone_malloc(system_malloc_zone, size);			return malloc_zone_malloc(system_malloc_zone, size);
	}			}
	GET_STACK_TRACE_MALLOC;			GET_STACK_TRACE_MALLOC;
	return asan_malloc(size, &stack);			return asan_malloc(size, &stack);
	}			}

	void cf_malloc(CFIndex size, CFOptionFlags hint, void info) {
	if (!asan_inited) {
	CHECK(system_malloc_zone);
	return malloc_zone_malloc(system_malloc_zone, size);
	}
	GET_STACK_TRACE_MALLOC;
	return asan_malloc(size, &stack);
	}

	void mz_calloc(malloc_zone_t zone, size_t nmemb, size_t size) {			void mz_calloc(malloc_zone_t zone, size_t nmemb, size_t size) {
	if (!asan_inited) {			if (!asan_inited) {
	// Hack: dlsym calls calloc before REAL(calloc) is retrieved from dlsym.			// Hack: dlsym calls calloc before REAL(calloc) is retrieved from dlsym.
	const size_t kCallocPoolSize = 1024;			const size_t kCallocPoolSize = 1024;
	static uptr calloc_memory_for_dlsym[kCallocPoolSize];			static uptr calloc_memory_for_dlsym[kCallocPoolSize];
	static size_t allocated;			static size_t allocated;
	size_t size_in_words = ((nmemb * size) + kWordSize - 1) / kWordSize;			size_t size_in_words = ((nmemb * size) + kWordSize - 1) / kWordSize;
	void mem = (void)&calloc_memory_for_dlsym[allocated];			void mem = (void)&calloc_memory_for_dlsym[allocated];
	Show All 15 Lines
	}			}

	#define GET_ZONE_FOR_PTR(ptr) \			#define GET_ZONE_FOR_PTR(ptr) \
	malloc_zone_t *zone_ptr = malloc_zone_from_ptr(ptr); \			malloc_zone_t *zone_ptr = malloc_zone_from_ptr(ptr); \
	const char *zone_name = (zone_ptr == 0) ? 0 : zone_ptr->zone_name			const char *zone_name = (zone_ptr == 0) ? 0 : zone_ptr->zone_name

	void ALWAYS_INLINE free_common(void context, void ptr) {			void ALWAYS_INLINE free_common(void context, void ptr) {
	if (!ptr) return;			if (!ptr) return;
	if (asan_mz_size(ptr)) {
	GET_STACK_TRACE_FREE;
	asan_free(ptr, &stack);
	} else {
	// If the pointer does not belong to any of the zones, use one of the
	// fallback methods to free memory.
	malloc_zone_t *zone_ptr = malloc_zone_from_ptr(ptr);
	if (zone_ptr == system_purgeable_zone) {
	// allocations from malloc_default_purgeable_zone() done before
	// __asan_init() may be occasionally freed via free_common().
	// see http://code.google.com/p/address-sanitizer/issues/detail?id=99.
	malloc_zone_free(zone_ptr, ptr);
	} else {
	// If the memory chunk pointer was moved to store additional
	// CFAllocatorRef, fix it back.
	ptr = get_saved_cfallocator_ref(ptr);
	GET_STACK_TRACE_FREE;			GET_STACK_TRACE_FREE;
				// FIXME: need to retire this flag.
				samsonovUnsubmitted Not Done Reply Inline Actions Why? (just curious) samsonov: Why? (just curious)
				gliderAuthorUnsubmitted Not Done Reply Inline Actions We needed it because some allocations used to be intercepted incorrectly on Mac, and sometimes invalid free were reported because of the zone mismatch. In such cases we wanted to keep going. Now everything will be allocated from a single zone, thus no mismatches glider: We needed it because some allocations used to be intercepted incorrectly on Mac, and sometimes…
	if (!flags()->mac_ignore_invalid_free) {			if (!flags()->mac_ignore_invalid_free) {
	asan_free(ptr, &stack);			asan_free(ptr, &stack);
	} else {			} else {
	GET_ZONE_FOR_PTR(ptr);			GET_ZONE_FOR_PTR(ptr);
	WarnMacFreeUnallocated((uptr)ptr, (uptr)zone_ptr, zone_name, &stack);			WarnMacFreeUnallocated((uptr)ptr, (uptr)zone_ptr, zone_name, &stack);
	return;			return;
				samsonovUnsubmitted Not Done Reply Inline Actions Hm? So the code for free_common is just if (!ptr) return; GET_STACK_TRACE_FREE; asan_free(ptr, &stack); ? samsonov: Hm? So the code for free_common is just if (!ptr) return; GET_STACK_TRACE_FREE; asan_free(ptr…
				gliderAuthorUnsubmitted Not Done Reply Inline Actions Yes. Fixed. glider: Yes. Fixed.
	}			}
	}			}
	}
	}

	// TODO(glider): the allocation callbacks need to be refactored.			// TODO(glider): the allocation callbacks need to be refactored.
	void mz_free(malloc_zone_t zone, void ptr) {			void mz_free(malloc_zone_t zone, void ptr) {
	free_common(zone, ptr);			free_common(zone, ptr);
	}			}

	void cf_free(void ptr, void info) {
	free_common(info, ptr);
	}

	void mz_realloc(malloc_zone_t zone, void *ptr, size_t size) {			void mz_realloc(malloc_zone_t zone, void *ptr, size_t size) {
	if (!ptr) {			if (!ptr) {
	GET_STACK_TRACE_MALLOC;			GET_STACK_TRACE_MALLOC;
	return asan_malloc(size, &stack);			return asan_malloc(size, &stack);
	} else {			} else {
	if (asan_mz_size(ptr)) {			if (asan_mz_size(ptr)) {
	GET_STACK_TRACE_MALLOC;			GET_STACK_TRACE_MALLOC;
	return asan_realloc(ptr, size, &stack);			return asan_realloc(ptr, size, &stack);
	} else {			} else {
	// We can't recover from reallocating an unknown address, because			// We can't recover from reallocating an unknown address, because
	// this would require reading at most \|size\| bytes from			// this would require reading at most \|size\| bytes from
	// potentially unaccessible memory.			// potentially unaccessible memory.
	GET_STACK_TRACE_FREE;			GET_STACK_TRACE_FREE;
	GET_ZONE_FOR_PTR(ptr);			GET_ZONE_FOR_PTR(ptr);
	ReportMacMzReallocUnknown((uptr)ptr, (uptr)zone_ptr, zone_name, &stack);			ReportMacMzReallocUnknown((uptr)ptr, (uptr)zone_ptr, zone_name, &stack);
	}			}
	}			}
	}			}

	void cf_realloc(void ptr, CFIndex size, CFOptionFlags hint, void *info) {
	if (!ptr) {
	GET_STACK_TRACE_MALLOC;
	return asan_malloc(size, &stack);
	} else {
	if (asan_mz_size(ptr)) {
	GET_STACK_TRACE_MALLOC;
	return asan_realloc(ptr, size, &stack);
	} else {
	// We can't recover from reallocating an unknown address, because
	// this would require reading at most \|size\| bytes from
	// potentially unaccessible memory.
	GET_STACK_TRACE_FREE;
	GET_ZONE_FOR_PTR(ptr);
	ReportMacCfReallocUnknown((uptr)ptr, (uptr)zone_ptr, zone_name, &stack);
	}
	}
	}

	void mz_destroy(malloc_zone_t* zone) {			void mz_destroy(malloc_zone_t* zone) {
	// A no-op -- we will not be destroyed!			// A no-op -- we will not be destroyed!
	Printf("mz_destroy() called -- ignoring\n");			Report("mz_destroy() called -- ignoring\n");
	}			}

	// from AvailabilityMacros.h			// from AvailabilityMacros.h
	#if defined(MAC_OS_X_VERSION_10_6) && \			#if defined(MAC_OS_X_VERSION_10_6) && \
	MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6			MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6
	void mz_memalign(malloc_zone_t zone, size_t align, size_t size) {			void mz_memalign(malloc_zone_t zone, size_t align, size_t size) {
	if (!asan_inited) {			if (!asan_inited) {
	CHECK(system_malloc_zone);			CHECK(system_malloc_zone);
	return malloc_zone_memalign(system_malloc_zone, align, size);			return malloc_zone_memalign(system_malloc_zone, align, size);
	}			}
	▲ Show 20 Lines • Show All 55 Lines • ▼ Show 20 Lines
	boolean_t mi_zone_locked(malloc_zone_t *zone) {			boolean_t mi_zone_locked(malloc_zone_t *zone) {
	// UNIMPLEMENTED();			// UNIMPLEMENTED();
	return false;			return false;
	}			}
	#endif			#endif

	} // unnamed namespace			} // unnamed namespace

	extern int __CFRuntimeClassTableSize;

	namespace __asan {			namespace __asan {
	void MaybeReplaceCFAllocator() {
	static CFAllocatorContext asan_context = {
	/version/ 0, /info/ &asan_zone,
	/retain/ 0, /release/ 0,
	/copyDescription/0,
	/allocate/ &cf_malloc,
	/reallocate/ &cf_realloc,
	/deallocate/ &cf_free,
	/preferredSize/ 0 };
	if (!cf_asan)
	cf_asan = CFAllocatorCreate(kCFAllocatorUseContext, &asan_context);
	if (flags()->replace_cfallocator && CFAllocatorGetDefault() != cf_asan)
	CFAllocatorSetDefault(cf_asan);
	}

	void ReplaceSystemMalloc() {			void ReplaceSystemMalloc() {
	static malloc_introspection_t asan_introspection;			static malloc_introspection_t asan_introspection;
	// Ok to use internal_memset, these places are not performance-critical.			// Ok to use internal_memset, these places are not performance-critical.
	internal_memset(&asan_introspection, 0, sizeof(asan_introspection));			internal_memset(&asan_introspection, 0, sizeof(asan_introspection));

	asan_introspection.enumerator = &mi_enumerator;			asan_introspection.enumerator = &mi_enumerator;
	asan_introspection.good_size = &mi_good_size;			asan_introspection.good_size = &mi_good_size;
	asan_introspection.check = &mi_check;			asan_introspection.check = &mi_check;
	asan_introspection.print = &mi_print;			asan_introspection.print = &mi_print;
	asan_introspection.log = &mi_log;			asan_introspection.log = &mi_log;
	asan_introspection.force_lock = &mi_force_lock;			asan_introspection.force_lock = &mi_force_lock;
	asan_introspection.force_unlock = &mi_force_unlock;			asan_introspection.force_unlock = &mi_force_unlock;
	asan_introspection.statistics = &mi_statistics;			asan_introspection.statistics = &mi_statistics;

	internal_memset(&asan_zone, 0, sizeof(malloc_zone_t));			internal_memset(&asan_zone, 0, sizeof(malloc_zone_t));

	// Start with a version 4 zone which is used for OS X 10.4 and 10.5.			// Start with a version 4 zone which is used for OS X 10.4 and 10.5.
	asan_zone.version = 4;			asan_zone.version = 4;
	asan_zone.zone_name = "asan";			asan_zone.zone_name = "asan";
				kccUnsubmitted Not Done Reply Inline Actions note sure I understand this comment and the following line kcc: note sure I understand this comment and the following line
				gliderAuthorUnsubmitted Not Done Reply Inline Actions It's just wrong. Removed it. glider: It's just wrong. Removed it.
	asan_zone.size = &mz_size;			asan_zone.size = &mz_size;
	asan_zone.malloc = &mz_malloc;			asan_zone.malloc = &mz_malloc;
	asan_zone.calloc = &mz_calloc;			asan_zone.calloc = &mz_calloc;
	asan_zone.valloc = &mz_valloc;			asan_zone.valloc = &mz_valloc;
	asan_zone.free = &mz_free;			asan_zone.free = &mz_free;
	asan_zone.realloc = &mz_realloc;			asan_zone.realloc = &mz_realloc;
	asan_zone.destroy = &mz_destroy;			asan_zone.destroy = &mz_destroy;
	asan_zone.batch_malloc = 0;			asan_zone.batch_malloc = 0;
	asan_zone.batch_free = 0;			asan_zone.batch_free = 0;
	asan_zone.introspect = &asan_introspection;			asan_zone.introspect = &asan_introspection;

	// from AvailabilityMacros.h			// from AvailabilityMacros.h
	#if defined(MAC_OS_X_VERSION_10_6) && \			#if defined(MAC_OS_X_VERSION_10_6) && \
	MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6			MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6
	// Switch to version 6 on OSX 10.6 to support memalign.			// Switch to version 6 on OSX 10.6 to support memalign.
	asan_zone.version = 6;			asan_zone.version = 6;
	asan_zone.free_definite_size = 0;			asan_zone.free_definite_size = 0;
	asan_zone.memalign = &mz_memalign;			asan_zone.memalign = &mz_memalign;
	asan_introspection.zone_locked = &mi_zone_locked;			asan_introspection.zone_locked = &mi_zone_locked;

	// Request the default purgable zone to force its creation. The
	// current default zone is registered with the purgable zone for
	// doing tiny and small allocs. Sadly, it assumes that the default
	// zone is the szone implementation from OS X and will crash if it
	// isn't. By creating the zone now, this will be true and changing
	// the default zone won't cause a problem. (OS X 10.6 and higher.)
	system_purgeable_zone = malloc_default_purgeable_zone();
	#endif			#endif
				samsonovUnsubmitted Not Done Reply Inline Actions delete this whole block? samsonov: delete this whole block?
				gliderAuthorUnsubmitted Not Done Reply Inline Actions done glider: done

	// Register the ASan zone. At this point, it will not be the			// Register the ASan zone.
	// default zone.
	malloc_zone_register(&asan_zone);			malloc_zone_register(&asan_zone);

	// Unregister and reregister the default zone. Unregistering swaps
	// the specified zone with the last one registered which for the
	// default zone makes the more recently registered zone the default
	// zone. The default zone is then re-registered to ensure that
	// allocations made from it earlier will be handled correctly.
	// Things are not guaranteed to work that way, but it's how they work now.
	system_malloc_zone = malloc_default_zone();
	malloc_zone_unregister(system_malloc_zone);
	malloc_zone_register(system_malloc_zone);
	// Make sure the default allocator was replaced.
	CHECK(malloc_default_zone() == &asan_zone);

	// If __CFInitialize() hasn't been called yet, cf_asan will be created and
	// installed as the default allocator after __CFInitialize() finishes (see
	// the interceptor for __CFInitialize() above). Otherwise install cf_asan
	// right now. On both Snow Leopard and Lion __CFInitialize() calls
	// __CFAllocatorInitialize(), which initializes the _base._cfisa field of
	// the default allocators we check here.
	if (((CFRuntimeBase*)kCFAllocatorSystemDefault)->_cfisa) {
	MaybeReplaceCFAllocator();
	}
	}			}
	} // namespace __asan			} // namespace __asan

	#endif // __APPLE__			#endif // __APPLE__

dynamic/asan_interceptors_dynamic.cc

Show First 20 Lines • Show All 95 Lines • ▼ Show 20 Lines	#ifndef MISSING_BLOCKS_SUPPORT
INTERPOSE_FUNCTION(dispatch_async),		INTERPOSE_FUNCTION(dispatch_async),
INTERPOSE_FUNCTION(dispatch_after),		INTERPOSE_FUNCTION(dispatch_after),
INTERPOSE_FUNCTION(dispatch_source_set_event_handler),		INTERPOSE_FUNCTION(dispatch_source_set_event_handler),
INTERPOSE_FUNCTION(dispatch_source_set_cancel_handler),		INTERPOSE_FUNCTION(dispatch_source_set_cancel_handler),
#endif		#endif
INTERPOSE_FUNCTION(signal),		INTERPOSE_FUNCTION(signal),
INTERPOSE_FUNCTION(sigaction),		INTERPOSE_FUNCTION(sigaction),

INTERPOSE_FUNCTION(__CFInitialize),		INTERPOSE_FUNCTION(malloc_create_zone),
INTERPOSE_FUNCTION(CFStringCreateCopy),		INTERPOSE_FUNCTION(malloc_default_zone),
		INTERPOSE_FUNCTION(malloc_default_purgeable_zone),
		INTERPOSE_FUNCTION(malloc_make_purgeable),
		INTERPOSE_FUNCTION(malloc_make_nonpurgeable),
		INTERPOSE_FUNCTION(malloc_set_zone_name),
		INTERPOSE_FUNCTION(malloc),
INTERPOSE_FUNCTION(free),		INTERPOSE_FUNCTION(free),
		INTERPOSE_FUNCTION(realloc),
		INTERPOSE_FUNCTION(calloc),
		INTERPOSE_FUNCTION(valloc),
		INTERPOSE_FUNCTION(malloc_good_size),
		INTERPOSE_FUNCTION(posix_memalign),
};		};

} // namespace __asan		} // namespace __asan

#endif // __APPLE__		#endif // __APPLE__

lit_tests/heap-overflow.cc

Show All 23 Lines	int main(int argc, char **argv) {
// CHECK: {{READ of size 1 at 0x.* thread T0}}		// CHECK: {{READ of size 1 at 0x.* thread T0}}
// CHECK: {{ #0 0x.* in _?main .*heap-overflow.cc:23}}		// CHECK: {{ #0 0x.* in _?main .*heap-overflow.cc:23}}
// CHECK: {{0x.* is located 0 bytes to the right of 10-byte region}}		// CHECK: {{0x.* is located 0 bytes to the right of 10-byte region}}
// CHECK: {{allocated by thread T0 here:}}		// CHECK: {{allocated by thread T0 here:}}

// CHECK-Linux: {{ #0 0x.* in .*malloc}}		// CHECK-Linux: {{ #0 0x.* in .*malloc}}
// CHECK-Linux: {{ #1 0x.* in main .*heap-overflow.cc:21}}		// CHECK-Linux: {{ #1 0x.* in main .*heap-overflow.cc:21}}

// CHECK-Darwin: {{ #0 0x.* in .mz_malloc.}}		// CHECK-Darwin: {{ #0 0x.* in _?wrap_malloc.*}}
// CHECK-Darwin: {{ #1 0x.* in malloc_zone_malloc.*}}		// CHECK-Darwin: {{ #1 0x.* in _?main .*heap-overflow.cc:21}}
		samsonovUnsubmitted Not Done Reply Inline Actions _?wrap_malloc here and below? samsonov: _?wrap_malloc here and below?
		gliderAuthorUnsubmitted Not Done Reply Inline Actions Seems to work as is, but good idea anyway. glider: Seems to work as is, but good idea anyway.
// CHECK-Darwin: {{ #2 0x.* in malloc.*}}
// CHECK-Darwin: {{ #3 0x.* in _?main .*heap-overflow.cc:21}}
free(x);		free(x);
return res;		return res;
}		}

lit_tests/strncpy-overflow.cc

Show All 26 Lines	int main(int argc, char **argv) {
// CHECK-Darwin: {{ #0 0x.* in _?wrap_strncpy}}		// CHECK-Darwin: {{ #0 0x.* in _?wrap_strncpy}}
// CHECK: {{ #1 0x.* in _?main .*strncpy-overflow.cc:24}}		// CHECK: {{ #1 0x.* in _?main .*strncpy-overflow.cc:24}}
// CHECK: {{0x.* is located 0 bytes to the right of 9-byte region}}		// CHECK: {{0x.* is located 0 bytes to the right of 9-byte region}}
// CHECK: {{allocated by thread T0 here:}}		// CHECK: {{allocated by thread T0 here:}}

// CHECK-Linux: {{ #0 0x.* in .*malloc}}		// CHECK-Linux: {{ #0 0x.* in .*malloc}}
// CHECK-Linux: {{ #1 0x.* in main .*strncpy-overflow.cc:23}}		// CHECK-Linux: {{ #1 0x.* in main .*strncpy-overflow.cc:23}}

// CHECK-Darwin: {{ #0 0x.* in .mz_malloc.}}		// CHECK-Darwin: {{ #0 0x.* in _?wrap_malloc.*}}
// CHECK-Darwin: {{ #1 0x.* in malloc_zone_malloc.*}}		// CHECK-Darwin: {{ #1 0x.* in _?main .*strncpy-overflow.cc:23}}
// CHECK-Darwin: {{ #2 0x.* in malloc.*}}
// CHECK-Darwin: {{ #3 0x.* in _?main .*strncpy-overflow.cc:23}}
return short_buffer[8];		return short_buffer[8];
}		}

lit_tests/use-after-free.cc

Show All 24 Lines	int main() {
// CHECK: {{READ of size 1 at 0x.* thread T0}}		// CHECK: {{READ of size 1 at 0x.* thread T0}}
// CHECK: {{ #0 0x.* in _?main .*use-after-free.cc:22}}		// CHECK: {{ #0 0x.* in _?main .*use-after-free.cc:22}}
// CHECK: {{0x.* is located 5 bytes inside of 10-byte region .0x.,0x.}}		// CHECK: {{0x.* is located 5 bytes inside of 10-byte region .0x.,0x.}}
// CHECK: {{freed by thread T0 here:}}		// CHECK: {{freed by thread T0 here:}}

// CHECK-Linux: {{ #0 0x.* in .*free}}		// CHECK-Linux: {{ #0 0x.* in .*free}}
// CHECK-Linux: {{ #1 0x.* in main .*use-after-free.cc:21}}		// CHECK-Linux: {{ #1 0x.* in main .*use-after-free.cc:21}}

// CHECK-Darwin: {{ #0 0x.* in .free_common.}}		// CHECK-Darwin: {{ #0 0x.* in _?wrap_free}}
// CHECK-Darwin: {{ #1 0x.* in .mz_free.}}		// CHECK-Darwin: {{ #1 0x.* in _?main .*use-after-free.cc:21}}
// We override free() on Darwin, thus no malloc_zone_free
// CHECK-Darwin: {{ #2 0x.* in _?wrap_free}}
// CHECK-Darwin: {{ #3 0x.* in _?main .*use-after-free.cc:21}}

// CHECK: {{previously allocated by thread T0 here:}}		// CHECK: {{previously allocated by thread T0 here:}}

// CHECK-Linux: {{ #0 0x.* in .*malloc}}		// CHECK-Linux: {{ #0 0x.* in .*malloc}}
// CHECK-Linux: {{ #1 0x.* in main .*use-after-free.cc:20}}		// CHECK-Linux: {{ #1 0x.* in main .*use-after-free.cc:20}}

// CHECK-Darwin: {{ #0 0x.* in .mz_malloc.}}		// CHECK-Darwin: {{ #0 0x.* in _?wrap_malloc.*}}
// CHECK-Darwin: {{ #1 0x.* in malloc_zone_malloc.*}}		// CHECK-Darwin: {{ #1 0x.* in _?main .*use-after-free.cc:20}}
// CHECK-Darwin: {{ #2 0x.* in malloc.*}}
// CHECK-Darwin: {{ #3 0x.* in _?main .*use-after-free.cc:20}}
}		}

tests/CMakeLists.txt

	Show First 20 Lines • Show All 75 Lines • ▼ Show 20 Lines
	)			)

	function(add_asan_test testsuite testname)			function(add_asan_test testsuite testname)
	add_unittest(${testsuite} ${testname} ${ARGN})			add_unittest(${testsuite} ${testname} ${ARGN})
	if (APPLE)			if (APPLE)
	# Darwin-specific linker flags.			# Darwin-specific linker flags.
	set_property(TARGET ${testname} APPEND PROPERTY			set_property(TARGET ${testname} APPEND PROPERTY
	LINK_FLAGS "-framework Foundation")			LINK_FLAGS "-framework Foundation")
	target_link_libraries(${testname} clang_rt.asan_osx)			target_link_libraries(${testname} clang_rt.asan_osx_dynamic)
				samsonovUnsubmitted Not Done Reply Inline Actions Will static runtime work at all after this change? If no, plan to remove rules for building it in /lib/asan/CMakeLists.txt samsonov: Will static runtime work at all after this change? If no, plan to remove rules for building it…
				gliderAuthorUnsubmitted Not Done Reply Inline Actions It won't. There'll be a cleanup CL afterwards. glider: It won't. There'll be a cleanup CL afterwards.
	elseif (ANDROID)			elseif (ANDROID)
	target_link_libraries(${testname} clang_rt.asan-arm-android)			target_link_libraries(${testname} clang_rt.asan-arm-android)
	elseif (UNIX)			elseif (UNIX)
	# Linux-specific linker flags.			# Linux-specific linker flags.
	set_property(TARGET ${testname} APPEND PROPERTY			set_property(TARGET ${testname} APPEND PROPERTY
	LINK_FLAGS "-lpthread -ldl -rdynamic")			LINK_FLAGS "-lpthread -ldl -rdynamic")
	if(LLVM_BUILD_32_BITS)			if(LLVM_BUILD_32_BITS)
	target_link_libraries(${testname} clang_rt.asan-i386)			target_link_libraries(${testname} clang_rt.asan-i386)
	▲ Show 20 Lines • Show All 85 Lines • Show Last 20 Lines

This is an archive of the discontinued LLVM Phabricator instance.

[ASan] Use dylib interposition to hook memory allocation in the dynamic runtime.
ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 546

asan_intercepted_functions.h

asan_mac.cc

asan_malloc_mac.cc

dynamic/asan_interceptors_dynamic.cc

lit_tests/heap-overflow.cc

lit_tests/strncpy-overflow.cc

lit_tests/use-after-free.cc

tests/CMakeLists.txt

This is an archive of the discontinued LLVM Phabricator instance.

[ASan] Use dylib interposition to hook memory allocation in the dynamic runtime.ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 546

asan_intercepted_functions.h

asan_mac.cc

asan_malloc_mac.cc

dynamic/asan_interceptors_dynamic.cc

lit_tests/heap-overflow.cc

lit_tests/strncpy-overflow.cc

lit_tests/use-after-free.cc

tests/CMakeLists.txt

[ASan] Use dylib interposition to hook memory allocation in the dynamic runtime.
ClosedPublic