This is an archive of the discontinued LLVM Phabricator instance.

Differential D2553

[asan] Implement delayed activation of AddressSanitizer
ClosedPublic

Authored by eugenis on Jan 15 2014, 4:58 AM.

Details

Reviewers
kcc
glider
dvyukov
samsonov
Summary

This feature is primarily meant for Android. It makes ASan both easier to use and much faster:

  • No need to do setprop for each started application. Instead, a one-time, device-wide setup step is required.
  • Works with -userdebug builds of Android, not just -eng builds.
  • VM is not reloaded from scratch for each ASan process. Instead, zygote is run with ASan runtime (but no instrumented code) in "deactivated" mode, and the first loaded instrumented library "activates" it.

This change adds ASAN_OPTIONS=start_deactivated=1 flag. When present, ASan will start in "deactivated" mode, with no heap poisoning, no quarantine, no stack trace gathering, and minimal redzones. All this features come back when __asan_init is called for the constructor of an instrumented library.

The feature itself is not Android-specific, and this patch includes a Linux test for it.

It is not compatible with flexible shadow mapping.

Diff Detail

Event Timeline

kcc added a comment.Jan 15 2014, 5:12 AM

LGTM modulo use of namespace,
but let others (samsonov and/or glider?) have a look at this CL and at the removal of zero-based shadow.

lib/asan/asan_activation.cc
21

namespace __asan { ?

lib/asan/asan_activation.h
19

doesn't it have to be in __asan namespace?

eugenis added inline comments.Jan 15 2014, 5:22 AM
lib/asan/asan_activation.cc
21

ack

lib/asan/asan_activation.h
19

ack

glider added a comment.Jan 15 2014, 5:31 AM

I'm a bit concerned about changing the flags at activation time while someone else might be reading them.

lib/asan/asan_activation.cc
31

s/asan/ASan here and below.

eugenis added a comment.Jan 15 2014, 5:31 AM

As glider pointed out, we have a "bening" race in flag copy in AsanActivate(). Sounds like we need to do all flag access with atomics to avoid that. :(

glider added a comment.Jan 16 2014, 12:12 AM

I suggest we also change the ASan runtime version with this change.

eugenis added a comment.Jan 16 2014, 12:16 AM

Did you mean the other change (deprecation of flexible mapping / zero-base shadow) ?
This one does not seem to change the ABI in any way.

glider added a comment.Jan 16 2014, 12:18 AM

Yes, sorry. Please disregard my previous comment.

eugenis updated this revision to Unknown Object (????).Jan 16 2014, 4:16 AM

Added namespace and a FIXME for non-atomic flag update.

glider accepted this revision.Jan 16 2014, 4:48 AM

LGTM with nits.

lib/asan/asan_activation.cc
32

So what about proper naming here? ("ASan" vs. "asan")

lib/asan/asan_activation.h
21

2-spaces before the comment here and in other places.

lib/asan/asan_malloc_mac.cc
44

Shall we have a macro for this?

eugenis closed this revision.Jan 16 2014, 5:23 AM

Addressed glider's comments in r199380.

lib/asan/asan_activation.cc
32

done

lib/asan/asan_activation.h
21

done

lib/asan/asan_malloc_mac.cc
44

done

vitalybuka mentioned this in D89607: [asan] Fix stack-use-after-free checks on non-main thread on Fuchsia.Oct 23 2020, 12:31 PM

Revision Contents

PathSize
lib/
asan/
1 line
23 lines
69 lines
12 lines
5 lines
2 lines
2 lines
26 lines
117 lines
lit_tests/
TestCases/
SharedLibs/
7 lines
58 lines

Diff 6491

lib/asan/CMakeLists.txt

# Build for the AddressSanitizer runtime support library. # Build for the AddressSanitizer runtime support library.
set(ASAN_SOURCES set(ASAN_SOURCES
asan_allocator2.cc asan_allocator2.cc
asan_activation.cc
asan_fake_stack.cc asan_fake_stack.cc
asan_globals.cc asan_globals.cc
asan_interceptors.cc asan_interceptors.cc
asan_linux.cc asan_linux.cc
asan_mac.cc asan_mac.cc
asan_malloc_linux.cc asan_malloc_linux.cc
asan_malloc_mac.cc asan_malloc_mac.cc
asan_malloc_win.cc asan_malloc_win.cc
▲ Show 20 LinesShow All 139 LinesShow Last 20 Lines

lib/asan/asan_activation.h

PropertyOld ValueNew Value
svn:eol-stylenullLF
//===-- asan_activation.h ---------------------------------------*- C++ -*-===//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
//
// This file is a part of AddressSanitizer, an address sanity checker.
//
// ASan activation/deactivation logic.
//===----------------------------------------------------------------------===//
#ifndef ASAN_ACTIVATION_H
#define ASAN_ACTIVATION_H
namespace __asan {
void AsanStartDeactivated();
kccUnsubmitted
Not Done
ReplyInline Actions

doesn't it have to be in __asan namespace?

kcc: doesn't it have to be in __asan namespace?
eugenisAuthorUnsubmitted
Not Done
ReplyInline Actions

ack

eugenis: ack
void AsanActivate();
} // namespace __asan
gliderUnsubmitted
Not Done
ReplyInline Actions

2-spaces before the comment here and in other places.

glider: 2-spaces before the comment here and in other places.
eugenisAuthorUnsubmitted
Not Done
ReplyInline Actions

done

eugenis: done
#endif // ASAN_ACTIVATION_H

lib/asan/asan_activation.cc

PropertyOld ValueNew Value
svn:eol-stylenullLF
//===-- asan_activation.cc --------------------------------------*- C++ -*-===//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
//
// This file is a part of AddressSanitizer, an address sanity checker.
//
// ASan activation/deactivation logic.
//===----------------------------------------------------------------------===//
#include "asan_activation.h"
#include "asan_flags.h"
#include "asan_internal.h"
#include "sanitizer_common/sanitizer_flags.h"
namespace __asan {
kccUnsubmitted
Not Done
ReplyInline Actions

namespace __asan { ?

kcc: namespace __asan { ?
eugenisAuthorUnsubmitted
Not Done
ReplyInline Actions

ack

eugenis: ack
static struct AsanDeactivatedFlags {
int quarantine_size;
int max_redzone;
int poison_heap;
int malloc_context_size;
} asan_deactivated_flags;
static bool asan_is_deactivated;
void AsanStartDeactivated() {
gliderUnsubmitted
Not Done
ReplyInline Actions

s/asan/ASan here and below.

glider: s/asan/ASan here and below.
VReport(1, "Deactivating asan\n");
gliderUnsubmitted
Not Done
ReplyInline Actions

So what about proper naming here? ("ASan" vs. "asan")

glider: So what about proper naming here? ("ASan" vs. "asan")
eugenisAuthorUnsubmitted
Not Done
ReplyInline Actions

done

eugenis: done
// Save flag values.
asan_deactivated_flags.quarantine_size = flags()->quarantine_size;
asan_deactivated_flags.max_redzone = flags()->max_redzone;
asan_deactivated_flags.poison_heap = flags()->poison_heap;
asan_deactivated_flags.malloc_context_size =
common_flags()->malloc_context_size;
flags()->quarantine_size = 0;
flags()->max_redzone = 16;
flags()->poison_heap = false;
common_flags()->malloc_context_size = 0;
asan_is_deactivated = true;
}
void AsanActivate() {
if (!asan_is_deactivated) return;
VReport(1, "Activating asan\n");
// Restore flag values.
// FIXME: this is not atomic, and there may be other threads alive.
flags()->quarantine_size = asan_deactivated_flags.quarantine_size;
flags()->max_redzone = asan_deactivated_flags.max_redzone;
flags()->poison_heap = asan_deactivated_flags.poison_heap;
common_flags()->malloc_context_size =
asan_deactivated_flags.malloc_context_size;
asan_is_deactivated = false;
VReport(
1,
"quarantine_size %d, max_redzone %d, poison_heap %d, malloc_context_size "
"%d\n",
flags()->quarantine_size, flags()->max_redzone, flags()->poison_heap,
common_flags()->malloc_context_size);
}
} // namespace __asan

lib/asan/asan_allocator2.cc

Show First 20 LinesShow All 306 Lines▼ Show 20 Lines
void InitializeAllocator() { void InitializeAllocator() {
allocator.Init(); allocator.Init();
quarantine.Init((uptr)flags()->quarantine_size, kMaxThreadLocalQuarantine); quarantine.Init((uptr)flags()->quarantine_size, kMaxThreadLocalQuarantine);
} }
static void *Allocate(uptr size, uptr alignment, StackTrace *stack, static void *Allocate(uptr size, uptr alignment, StackTrace *stack,
AllocType alloc_type, bool can_fill) { AllocType alloc_type, bool can_fill) {
if (!asan_inited) if (!asan_inited)
__asan_init(); AsanInitFromRtl();
Flags &fl = *flags(); Flags &fl = *flags();
CHECK(stack); CHECK(stack);
const uptr min_alignment = SHADOW_GRANULARITY; const uptr min_alignment = SHADOW_GRANULARITY;
if (alignment < min_alignment) if (alignment < min_alignment)
alignment = min_alignment; alignment = min_alignment;
if (size == 0) { if (size == 0) {
// We'd be happy to avoid allocating memory for zero-size requests, but // We'd be happy to avoid allocating memory for zero-size requests, but
// some programs/tests depend on this behavior and assume that malloc would // some programs/tests depend on this behavior and assume that malloc would
Show All 28 Linesstatic void *Allocate(uptr size, uptr alignment, StackTrace *stack,
if (t) { if (t) {
AllocatorCache *cache = GetAllocatorCache(&t->malloc_storage()); AllocatorCache *cache = GetAllocatorCache(&t->malloc_storage());
allocated = allocator.Allocate(cache, needed_size, 8, false); allocated = allocator.Allocate(cache, needed_size, 8, false);
} else { } else {
SpinMutexLock l(&fallback_mutex); SpinMutexLock l(&fallback_mutex);
AllocatorCache *cache = &fallback_allocator_cache; AllocatorCache *cache = &fallback_allocator_cache;
allocated = allocator.Allocate(cache, needed_size, 8, false); allocated = allocator.Allocate(cache, needed_size, 8, false);
} }
if (*(u8 *)MEM_TO_SHADOW((u64)allocated) == 0 && flags()->poison_heap) {
// Heap poisoning is enabled, but the allocator provides an unpoisoned
// chunk. This is possible if flags()->poison_heap was disabled for some
// time, for example, due to flags()->start_disabled.
// Anyway, poison the block before using it for anything else.
uptr allocated_size = allocator.GetActuallyAllocatedSize(allocated);
PoisonShadow((uptr)allocated, allocated_size, kAsanHeapLeftRedzoneMagic);
}
uptr alloc_beg = reinterpret_cast<uptr>(allocated); uptr alloc_beg = reinterpret_cast<uptr>(allocated);
uptr alloc_end = alloc_beg + needed_size; uptr alloc_end = alloc_beg + needed_size;
uptr beg_plus_redzone = alloc_beg + rz_size; uptr beg_plus_redzone = alloc_beg + rz_size;
uptr user_beg = beg_plus_redzone; uptr user_beg = beg_plus_redzone;
if (!IsAligned(user_beg, alignment)) if (!IsAligned(user_beg, alignment))
user_beg = RoundUpTo(user_beg, alignment); user_beg = RoundUpTo(user_beg, alignment);
uptr user_end = user_beg + size; uptr user_end = user_beg + size;
CHECK_LE(user_end, alloc_end); CHECK_LE(user_end, alloc_end);
▲ Show 20 LinesShow All 450 LinesShow Last 20 Lines

lib/asan/asan_flags.h

Show First 20 LinesShow All 109 Lines▼ Show 20 Linesstruct Flags {
// Report errors on malloc/delete, new/free, new/delete[], etc. // Report errors on malloc/delete, new/free, new/delete[], etc.
bool alloc_dealloc_mismatch; bool alloc_dealloc_mismatch;
// If true, assume that memcmp(p1, p2, n) always reads n bytes before // If true, assume that memcmp(p1, p2, n) always reads n bytes before
// comparing p1 and p2. // comparing p1 and p2.
bool strict_memcmp; bool strict_memcmp;
// If true, assume that dynamic initializers can never access globals from // If true, assume that dynamic initializers can never access globals from
// other modules, even if the latter are already initialized. // other modules, even if the latter are already initialized.
bool strict_init_order; bool strict_init_order;
// If true, ASan tweaks a bunch of other flags (quarantine, redzone, heap
// poisoning) to reduce memory consumption as much as possible, and restores
// them to original values when the first instrumented module is loaded into
// the process. This is mainly intended to be used on Android.
bool start_deactivated;
}; };
extern Flags asan_flags_dont_use_directly; extern Flags asan_flags_dont_use_directly;
inline Flags *flags() { inline Flags *flags() {
return &asan_flags_dont_use_directly; return &asan_flags_dont_use_directly;
} }
void InitializeFlags(Flags *f, const char *env); void InitializeFlags(Flags *f, const char *env);
} // namespace __asan } // namespace __asan
#endif // ASAN_FLAGS_H #endif // ASAN_FLAGS_H

lib/asan/asan_interceptors.cc

Show First 20 LinesShow All 67 Lines▼ Show 20 Lines if (RangesOverlap(offset1, length1, offset2, length2)) { \
ReportStringFunctionMemoryRangesOverlap(name, offset1, length1, \ ReportStringFunctionMemoryRangesOverlap(name, offset1, length1, \
offset2, length2, &stack); \ offset2, length2, &stack); \
} \ } \
} while (0) } while (0)
#define ENSURE_ASAN_INITED() do { \ #define ENSURE_ASAN_INITED() do { \
CHECK(!asan_init_is_running); \ CHECK(!asan_init_is_running); \
if (!asan_inited) { \ if (!asan_inited) { \
__asan_init(); \ AsanInitFromRtl(); \
} \ } \
} while (0) } while (0)
static inline uptr MaybeRealStrnlen(const char *s, uptr maxlen) { static inline uptr MaybeRealStrnlen(const char *s, uptr maxlen) {
#if ASAN_INTERCEPT_STRNLEN #if ASAN_INTERCEPT_STRNLEN
if (REAL(strnlen) != 0) { if (REAL(strnlen) != 0) {
return REAL(strnlen)(s, maxlen); return REAL(strnlen)(s, maxlen);
} }
▲ Show 20 LinesShow All 705 LinesShow Last 20 Lines

lib/asan/asan_internal.h

Show First 20 LinesShow All 61 Lines▼ Show 20 Lines
// to avoid namespace collisions with the user programs. // to avoid namespace collisions with the user programs.
// Seperate namespace also makes it simpler to distinguish the asan run-time // Seperate namespace also makes it simpler to distinguish the asan run-time
// functions from the instrumented user code in a profile. // functions from the instrumented user code in a profile.
namespace __asan { namespace __asan {
class AsanThread; class AsanThread;
using __sanitizer::StackTrace; using __sanitizer::StackTrace;
void AsanInitFromRtl();
// asan_rtl.cc // asan_rtl.cc
void NORETURN ShowStatsAndAbort(); void NORETURN ShowStatsAndAbort();
void ReplaceOperatorsNewAndDelete(); void ReplaceOperatorsNewAndDelete();
// asan_malloc_linux.cc / asan_malloc_mac.cc // asan_malloc_linux.cc / asan_malloc_mac.cc
void ReplaceSystemMalloc(); void ReplaceSystemMalloc();
// asan_linux.cc / asan_mac.cc / asan_win.cc // asan_linux.cc / asan_mac.cc / asan_win.cc
▲ Show 20 LinesShow All 66 LinesShow Last 20 Lines

lib/asan/asan_malloc_mac.cc

Show All 35 Lines
using namespace __asan; // NOLINT using namespace __asan; // NOLINT
// TODO(glider): do we need both zones? // TODO(glider): do we need both zones?
static malloc_zone_t *system_malloc_zone = 0; static malloc_zone_t *system_malloc_zone = 0;
static malloc_zone_t asan_zone; static malloc_zone_t asan_zone;
INTERCEPTOR(malloc_zone_t *, malloc_create_zone, INTERCEPTOR(malloc_zone_t *, malloc_create_zone,
vm_size_t start_size, unsigned zone_flags) { vm_size_t start_size, unsigned zone_flags) {
if (!asan_inited) __asan_init(); if (!asan_inited) AsanInitFromRtl();
gliderUnsubmitted
Not Done
ReplyInline Actions

Shall we have a macro for this?

glider: Shall we have a macro for this?
eugenisAuthorUnsubmitted
Not Done
ReplyInline Actions

done

eugenis: done
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
uptr page_size = GetPageSizeCached(); uptr page_size = GetPageSizeCached();
uptr allocated_size = RoundUpTo(sizeof(asan_zone), page_size); uptr allocated_size = RoundUpTo(sizeof(asan_zone), page_size);
malloc_zone_t *new_zone = malloc_zone_t *new_zone =
(malloc_zone_t*)asan_memalign(page_size, allocated_size, (malloc_zone_t*)asan_memalign(page_size, allocated_size,
&stack, FROM_MALLOC); &stack, FROM_MALLOC);
internal_memcpy(new_zone, &asan_zone, sizeof(asan_zone)); internal_memcpy(new_zone, &asan_zone, sizeof(asan_zone));
new_zone->zone_name = NULL; // The name will be changed anyway. new_zone->zone_name = NULL; // The name will be changed anyway.
if (GetMacosVersion() >= MACOS_VERSION_LION) { if (GetMacosVersion() >= MACOS_VERSION_LION) {
// Prevent the client app from overwriting the zone contents. // Prevent the client app from overwriting the zone contents.
// Library functions that need to modify the zone will set PROT_WRITE on it. // Library functions that need to modify the zone will set PROT_WRITE on it.
// This matches the behavior of malloc_create_zone() on OSX 10.7 and higher. // This matches the behavior of malloc_create_zone() on OSX 10.7 and higher.
mprotect(new_zone, allocated_size, PROT_READ); mprotect(new_zone, allocated_size, PROT_READ);
} }
return new_zone; return new_zone;
} }
INTERCEPTOR(malloc_zone_t *, malloc_default_zone, void) { INTERCEPTOR(malloc_zone_t *, malloc_default_zone, void) {
if (!asan_inited) __asan_init(); if (!asan_inited) AsanInitFromRtl();
return &asan_zone; return &asan_zone;
} }
INTERCEPTOR(malloc_zone_t *, malloc_default_purgeable_zone, void) { INTERCEPTOR(malloc_zone_t *, malloc_default_purgeable_zone, void) {
// FIXME: ASan should support purgeable allocations. // FIXME: ASan should support purgeable allocations.
// https://code.google.com/p/address-sanitizer/issues/detail?id=139 // https://code.google.com/p/address-sanitizer/issues/detail?id=139
if (!asan_inited) __asan_init(); if (!asan_inited) AsanInitFromRtl();
return &asan_zone; return &asan_zone;
} }
INTERCEPTOR(void, malloc_make_purgeable, void *ptr) { INTERCEPTOR(void, malloc_make_purgeable, void *ptr) {
// FIXME: ASan should support purgeable allocations. Ignoring them is fine // FIXME: ASan should support purgeable allocations. Ignoring them is fine
// for now. // for now.
if (!asan_inited) __asan_init(); if (!asan_inited) AsanInitFromRtl();
} }
INTERCEPTOR(int, malloc_make_nonpurgeable, void *ptr) { INTERCEPTOR(int, malloc_make_nonpurgeable, void *ptr) {
// FIXME: ASan should support purgeable allocations. Ignoring them is fine // FIXME: ASan should support purgeable allocations. Ignoring them is fine
// for now. // for now.
if (!asan_inited) __asan_init(); if (!asan_inited) AsanInitFromRtl();
// Must return 0 if the contents were not purged since the last call to // Must return 0 if the contents were not purged since the last call to
// malloc_make_purgeable(). // malloc_make_purgeable().
return 0; return 0;
} }
INTERCEPTOR(void, malloc_set_zone_name, malloc_zone_t *zone, const char *name) { INTERCEPTOR(void, malloc_set_zone_name, malloc_zone_t *zone, const char *name) {
if (!asan_inited) __asan_init(); if (!asan_inited) AsanInitFromRtl();
// Allocate |strlen("asan-") + 1 + internal_strlen(name)| bytes. // Allocate |strlen("asan-") + 1 + internal_strlen(name)| bytes.
size_t buflen = 6 + (name ? internal_strlen(name) : 0); size_t buflen = 6 + (name ? internal_strlen(name) : 0);
InternalScopedBuffer<char> new_name(buflen); InternalScopedBuffer<char> new_name(buflen);
if (name && zone->introspect == asan_zone.introspect) { if (name && zone->introspect == asan_zone.introspect) {
internal_snprintf(new_name.data(), buflen, "asan-%s", name); internal_snprintf(new_name.data(), buflen, "asan-%s", name);
name = new_name.data(); name = new_name.data();
} }
// Call the system malloc's implementation for both external and our zones, // Call the system malloc's implementation for both external and our zones,
// since that appropriately changes VM region protections on the zone. // since that appropriately changes VM region protections on the zone.
REAL(malloc_set_zone_name)(zone, name); REAL(malloc_set_zone_name)(zone, name);
} }
INTERCEPTOR(void *, malloc, size_t size) { INTERCEPTOR(void *, malloc, size_t size) {
if (!asan_inited) __asan_init(); if (!asan_inited) AsanInitFromRtl();
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
void *res = asan_malloc(size, &stack); void *res = asan_malloc(size, &stack);
return res; return res;
} }
INTERCEPTOR(void, free, void *ptr) { INTERCEPTOR(void, free, void *ptr) {
if (!asan_inited) __asan_init(); if (!asan_inited) AsanInitFromRtl();
if (!ptr) return; if (!ptr) return;
GET_STACK_TRACE_FREE; GET_STACK_TRACE_FREE;
asan_free(ptr, &stack, FROM_MALLOC); asan_free(ptr, &stack, FROM_MALLOC);
} }
INTERCEPTOR(void *, realloc, void *ptr, size_t size) { INTERCEPTOR(void *, realloc, void *ptr, size_t size) {
if (!asan_inited) __asan_init(); if (!asan_inited) AsanInitFromRtl();
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
return asan_realloc(ptr, size, &stack); return asan_realloc(ptr, size, &stack);
} }
INTERCEPTOR(void *, calloc, size_t nmemb, size_t size) { INTERCEPTOR(void *, calloc, size_t nmemb, size_t size) {
if (!asan_inited) __asan_init(); if (!asan_inited) AsanInitFromRtl();
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
return asan_calloc(nmemb, size, &stack); return asan_calloc(nmemb, size, &stack);
} }
INTERCEPTOR(void *, valloc, size_t size) { INTERCEPTOR(void *, valloc, size_t size) {
if (!asan_inited) __asan_init(); if (!asan_inited) AsanInitFromRtl();
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
return asan_memalign(GetPageSizeCached(), size, &stack, FROM_MALLOC); return asan_memalign(GetPageSizeCached(), size, &stack, FROM_MALLOC);
} }
INTERCEPTOR(size_t, malloc_good_size, size_t size) { INTERCEPTOR(size_t, malloc_good_size, size_t size) {
if (!asan_inited) __asan_init(); if (!asan_inited) AsanInitFromRtl();
return asan_zone.introspect->good_size(&asan_zone, size); return asan_zone.introspect->good_size(&asan_zone, size);
} }
INTERCEPTOR(int, posix_memalign, void **memptr, size_t alignment, size_t size) { INTERCEPTOR(int, posix_memalign, void **memptr, size_t alignment, size_t size) {
if (!asan_inited) __asan_init(); if (!asan_inited) AsanInitFromRtl();
CHECK(memptr); CHECK(memptr);
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
void *result = asan_memalign(alignment, size, &stack, FROM_MALLOC); void *result = asan_memalign(alignment, size, &stack, FROM_MALLOC);
if (result) { if (result) {
*memptr = result; *memptr = result;
return 0; return 0;
} }
return -1; return -1;
▲ Show 20 LinesShow All 209 LinesShow Last 20 Lines

lib/asan/asan_rtl.cc

//===-- asan_rtl.cc -------------------------------------------------------===// //===-- asan_rtl.cc -------------------------------------------------------===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// This file is a part of AddressSanitizer, an address sanity checker. // This file is a part of AddressSanitizer, an address sanity checker.
// //
// Main file of the ASan run-time library. // Main file of the ASan run-time library.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "asan_activation.h"
#include "asan_allocator.h" #include "asan_allocator.h"
#include "asan_interceptors.h" #include "asan_interceptors.h"
#include "asan_interface_internal.h" #include "asan_interface_internal.h"
#include "asan_internal.h" #include "asan_internal.h"
#include "asan_mapping.h" #include "asan_mapping.h"
#include "asan_poisoning.h" #include "asan_poisoning.h"
#include "asan_report.h" #include "asan_report.h"
#include "asan_stack.h" #include "asan_stack.h"
▲ Show 20 LinesShow All 111 Lines▼ Show 20 Linesstatic void ParseFlagsFromString(Flags *f, const char *str) {
ParseFlag(str, &f->disable_core, "disable_core"); ParseFlag(str, &f->disable_core, "disable_core");
ParseFlag(str, &f->allow_reexec, "allow_reexec"); ParseFlag(str, &f->allow_reexec, "allow_reexec");
ParseFlag(str, &f->print_full_thread_history, "print_full_thread_history"); ParseFlag(str, &f->print_full_thread_history, "print_full_thread_history");
ParseFlag(str, &f->poison_heap, "poison_heap"); ParseFlag(str, &f->poison_heap, "poison_heap");
ParseFlag(str, &f->poison_partial, "poison_partial"); ParseFlag(str, &f->poison_partial, "poison_partial");
ParseFlag(str, &f->alloc_dealloc_mismatch, "alloc_dealloc_mismatch"); ParseFlag(str, &f->alloc_dealloc_mismatch, "alloc_dealloc_mismatch");
ParseFlag(str, &f->strict_memcmp, "strict_memcmp"); ParseFlag(str, &f->strict_memcmp, "strict_memcmp");
ParseFlag(str, &f->strict_init_order, "strict_init_order"); ParseFlag(str, &f->strict_init_order, "strict_init_order");
ParseFlag(str, &f->start_deactivated, "start_deactivated");
} }
void InitializeFlags(Flags *f, const char *env) { void InitializeFlags(Flags *f, const char *env) {
CommonFlags *cf = common_flags(); CommonFlags *cf = common_flags();
SetCommonFlagsDefaults(cf); SetCommonFlagsDefaults(cf);
cf->external_symbolizer_path = GetEnv("ASAN_SYMBOLIZER_PATH"); cf->external_symbolizer_path = GetEnv("ASAN_SYMBOLIZER_PATH");
cf->malloc_context_size = kDefaultMallocContextSize; cf->malloc_context_size = kDefaultMallocContextSize;
Show All 31 Linesvoid InitializeFlags(Flags *f, const char *env) {
f->print_full_thread_history = true; f->print_full_thread_history = true;
f->poison_heap = true; f->poison_heap = true;
f->poison_partial = true; f->poison_partial = true;
// Turn off alloc/dealloc mismatch checker on Mac and Windows for now. // Turn off alloc/dealloc mismatch checker on Mac and Windows for now.
// TODO(glider,timurrrr): Fix known issues and enable this back. // TODO(glider,timurrrr): Fix known issues and enable this back.
f->alloc_dealloc_mismatch = (SANITIZER_MAC == 0) && (SANITIZER_WINDOWS == 0); f->alloc_dealloc_mismatch = (SANITIZER_MAC == 0) && (SANITIZER_WINDOWS == 0);
f->strict_memcmp = true; f->strict_memcmp = true;
f->strict_init_order = false; f->strict_init_order = false;
f->start_deactivated = false;
// Override from compile definition. // Override from compile definition.
ParseFlagsFromString(f, MaybeUseAsanDefaultOptionsCompileDefiniton()); ParseFlagsFromString(f, MaybeUseAsanDefaultOptionsCompileDefiniton());
// Override from user-specified string. // Override from user-specified string.
ParseFlagsFromString(f, MaybeCallAsanDefaultOptions()); ParseFlagsFromString(f, MaybeCallAsanDefaultOptions());
VReport(1, "Using the defaults from __asan_default_options: %s\n", VReport(1, "Using the defaults from __asan_default_options: %s\n",
MaybeCallAsanDefaultOptions()); MaybeCallAsanDefaultOptions());
▲ Show 20 LinesShow All 196 Lines▼ Show 20 Linesstatic void PrintAddressSpaceLayout() {
Printf("SHADOW_OFFSET: %zx\n", (uptr)SHADOW_OFFSET); Printf("SHADOW_OFFSET: %zx\n", (uptr)SHADOW_OFFSET);
CHECK(SHADOW_SCALE >= 3 && SHADOW_SCALE <= 7); CHECK(SHADOW_SCALE >= 3 && SHADOW_SCALE <= 7);
if (kMidMemBeg) if (kMidMemBeg)
CHECK(kMidShadowBeg > kLowShadowEnd && CHECK(kMidShadowBeg > kLowShadowEnd &&
kMidMemBeg > kMidShadowEnd && kMidMemBeg > kMidShadowEnd &&
kHighShadowBeg > kMidMemEnd); kHighShadowBeg > kMidMemEnd);
} }
} // namespace __asan static void AsanInitInternal() {
// ---------------------- Interface ---------------- {{{1
using namespace __asan; // NOLINT
#if !SANITIZER_SUPPORTS_WEAK_HOOKS
extern "C" {
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
const char* __asan_default_options() { return ""; }
} // extern "C"
#endif
int NOINLINE __asan_set_error_exit_code(int exit_code) {
int old = flags()->exitcode;
flags()->exitcode = exit_code;
return old;
}
void NOINLINE __asan_handle_no_return() {
int local_stack;
AsanThread *curr_thread = GetCurrentThread();
CHECK(curr_thread);
uptr PageSize = GetPageSizeCached();
uptr top = curr_thread->stack_top();
uptr bottom = ((uptr)&local_stack - PageSize) & ~(PageSize-1);
static const uptr kMaxExpectedCleanupSize = 64 << 20; // 64M
if (top - bottom > kMaxExpectedCleanupSize) {
static bool reported_warning = false;
if (reported_warning)
return;
reported_warning = true;
Report("WARNING: ASan is ignoring requested __asan_handle_no_return: "
"stack top: %p; bottom %p; size: %p (%zd)\n"
"False positive error reports may follow\n"
"For details see "
"http://code.google.com/p/address-sanitizer/issues/detail?id=189\n",
top, bottom, top - bottom, top - bottom);
return;
}
PoisonShadow(bottom, top - bottom, 0);
if (curr_thread->has_fake_stack())
curr_thread->fake_stack()->HandleNoReturn();
}
void NOINLINE __asan_set_death_callback(void (*callback)(void)) {
death_callback = callback;
}
void __asan_init() {
if (asan_inited) return; if (asan_inited) return;
SanitizerToolName = "AddressSanitizer"; SanitizerToolName = "AddressSanitizer";
CHECK(!asan_init_is_running && "ASan init calls itself!"); CHECK(!asan_init_is_running && "ASan init calls itself!");
asan_init_is_running = true; asan_init_is_running = true;
InitializeHighMemEnd(); InitializeHighMemEnd();
// Make sure we are not statically linked. // Make sure we are not statically linked.
AsanDoesNotSupportStaticLinkage(); AsanDoesNotSupportStaticLinkage();
Show All 11 Linesstatic void AsanInitInternal() {
__asan_option_detect_stack_use_after_return = __asan_option_detect_stack_use_after_return =
flags()->detect_stack_use_after_return; flags()->detect_stack_use_after_return;
CHECK_LE(flags()->min_uar_stack_size_log, flags()->max_uar_stack_size_log); CHECK_LE(flags()->min_uar_stack_size_log, flags()->max_uar_stack_size_log);
if (options) { if (options) {
VReport(1, "Parsed ASAN_OPTIONS: %s\n", options); VReport(1, "Parsed ASAN_OPTIONS: %s\n", options);
} }
if (flags()->start_deactivated)
AsanStartDeactivated();
// Re-exec ourselves if we need to set additional env or command line args. // Re-exec ourselves if we need to set additional env or command line args.
MaybeReexec(); MaybeReexec();
// Setup internal allocator callback. // Setup internal allocator callback.
SetLowLevelAllocateCallback(OnLowLevelAllocate); SetLowLevelAllocateCallback(OnLowLevelAllocate);
InitializeAsanInterceptors(); InitializeAsanInterceptors();
▲ Show 20 LinesShow All 86 Lines▼ Show 20 Lines#if CAN_SANITIZE_LEAKS
__lsan::InitCommonLsan(); __lsan::InitCommonLsan();
if (common_flags()->detect_leaks && common_flags()->leak_check_at_exit) { if (common_flags()->detect_leaks && common_flags()->leak_check_at_exit) {
Atexit(__lsan::DoLeakCheck); Atexit(__lsan::DoLeakCheck);
} }
#endif // CAN_SANITIZE_LEAKS #endif // CAN_SANITIZE_LEAKS
VReport(1, "AddressSanitizer Init done\n"); VReport(1, "AddressSanitizer Init done\n");
} }
// Initialize as requested from some part of ASan runtime library (interceptors,
// allocator, etc).
void AsanInitFromRtl() {
AsanInitInternal();
}
} // namespace __asan
// ---------------------- Interface ---------------- {{{1
using namespace __asan; // NOLINT
#if !SANITIZER_SUPPORTS_WEAK_HOOKS
extern "C" {
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
const char* __asan_default_options() { return ""; }
} // extern "C"
#endif
int NOINLINE __asan_set_error_exit_code(int exit_code) {
int old = flags()->exitcode;
flags()->exitcode = exit_code;
return old;
}
void NOINLINE __asan_handle_no_return() {
int local_stack;
AsanThread *curr_thread = GetCurrentThread();
CHECK(curr_thread);
uptr PageSize = GetPageSizeCached();
uptr top = curr_thread->stack_top();
uptr bottom = ((uptr)&local_stack - PageSize) & ~(PageSize-1);
static const uptr kMaxExpectedCleanupSize = 64 << 20; // 64M
if (top - bottom > kMaxExpectedCleanupSize) {
static bool reported_warning = false;
if (reported_warning)
return;
reported_warning = true;
Report("WARNING: ASan is ignoring requested __asan_handle_no_return: "
"stack top: %p; bottom %p; size: %p (%zd)\n"
"False positive error reports may follow\n"
"For details see "
"http://code.google.com/p/address-sanitizer/issues/detail?id=189\n",
top, bottom, top - bottom, top - bottom);
return;
}
PoisonShadow(bottom, top - bottom, 0);
if (curr_thread->has_fake_stack())
curr_thread->fake_stack()->HandleNoReturn();
}
void NOINLINE __asan_set_death_callback(void (*callback)(void)) {
death_callback = callback;
}
// Initialize as requested from instrumented application code.
// We use this call as a trigger to wake up ASan from deactivated state.
void __asan_init() {
AsanActivate();
AsanInitInternal();
}

lib/asan/lit_tests/TestCases/SharedLibs/start-deactivated-so.cc

PropertyOld ValueNew Value
svn:eol-stylenullLF
#include <stdio.h>
#include <stdlib.h>
extern "C" void do_another_bad_thing() {
char *volatile p = (char *)malloc(100);
printf("%hhx\n", p[105]);
}

lib/asan/lit_tests/TestCases/start-deactivated.cc

PropertyOld ValueNew Value
svn:eol-stylenullLF
// Test for ASAN_OPTIONS=start_deactivated=1 mode.
// Main executable is uninstrumented, but linked to ASan runtime. The shared
// library is instrumented. Memory errors before dlopen are not detected.
// RUN: %clangxx_asan -O0 %p/SharedLibs/start-deactivated-so.cc \
// RUN: -fPIC -shared -o %t-so.so
// RUN: %clangxx -O0 %s -c -o %t.o
// RUN: %clangxx_asan -O0 %t.o -o %t
// RUN: ASAN_OPTIONS=start_deactivated=1 not %t 2>&1 | FileCheck %s
#include <dlfcn.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <string>
#include "sanitizer/asan_interface.h"
void test_malloc_shadow() {
char *p = (char *)malloc(100);
char *q = (char *)__asan_region_is_poisoned(p + 95, 8);
fprintf(stderr, "=%zd=\n", q ? q - (p + 95) : -1);
free(p);
}
typedef void (*Fn)();
int main(int argc, char *argv[]) {
test_malloc_shadow();
// CHECK: =-1=
std::string path = std::string(argv[0]) + "-so.so";
void *dso = dlopen(path.c_str(), RTLD_NOW);
if (!dso) {
fprintf(stderr, "dlopen failed: %s\n", dlerror());
return 1;
}
test_malloc_shadow();
// CHECK: =5=
void *fn = dlsym(dso, "do_another_bad_thing");
if (!fn) {
fprintf(stderr, "dlsym failed: %s\n", dlerror());
return 1;
}
((Fn)fn)();
// CHECK: AddressSanitizer: heap-buffer-overflow
// CHECK: READ of size 1
// CHECK: {{#0 .* in do_another_bad_thing}}
// CHECK: is located 5 bytes to the right of 100-byte region
// CHECK: in do_another_bad_thing
return 0;
}