This is an archive of the discontinued LLVM Phabricator instance.

Differential D27012

[asan] Provide bug descriptions for all reports (not just ErrorGeneric)
ClosedPublic

Authored by kubamracek on Nov 22 2016, 4:33 PM.

Details

Reviewers
kcc
filcab
rnk
Commits
rG48090f5b8224: [asan] Provide bug descriptions for all reports (not just ErrorGeneric)
rCRT288065: [asan] Provide bug descriptions for all reports (not just ErrorGeneric)
rL288065: [asan] Provide bug descriptions for all reports (not just ErrorGeneric)
Summary

ErrorGeneric report type has a const char *bug_descr, which describes the type of bug that is detected. Most non-generic bugs (e.g. double-free, null pointer dereference) also already have a short keyword used in printed reports (e.g. "double-free", "null-deref"). This patch moves the bug_descr field to ErrorBase and makes sure it's populated by all constructors.

Diff Detail

Repository
rL LLVM

Event Timeline

kubamracek updated this revision to Diff 78971.Nov 22 2016, 4:33 PM
kubamracek retitled this revision from to [asan] Provide bug descriptions for all reports (not just ErrorGeneric).
kubamracek updated this object.
kubamracek added reviewers: kcc, filcab, rnk.
kubamracek set the repository for this revision to rL LLVM.
kubamracek added a project: Restricted Project.
kubamracek added subscribers: llvm-commits, zaks.anna.
kubamracek updated this revision to Diff 78976.Nov 22 2016, 4:38 PM
kubamracek removed rL LLVM as the repository for this revision.
kubamracek updated this revision to Diff 78998.Nov 22 2016, 4:57 PM
rnk edited edge metadata.Nov 23 2016, 10:53 AM

Isn't this somewhat redundant with the buffer in ScarinessScoreBase?

struct ScarinessScoreBase {
  ...
  int score;
  char descr[1024];
};
filcab edited edge metadata.Nov 23 2016, 11:04 AM
In D27012#604558, @rnk wrote:

Isn't this somewhat redundant with the buffer in ScarinessScoreBase?

struct ScarinessScoreBase {
  ...
  int score;
  char descr[1024];
};

I was going to ask the same. And we have more information in the scariness score (e.g: in the param-overlap, and generic errors).
Maybe converting all the scattered bug_descr to use the scariness score would be better?

kubamracek updated this revision to Diff 79133.Nov 23 2016, 11:45 AM
kubamracek edited edge metadata.

Isn't this somewhat redundant with the buffer in ScarinessScoreBase?
Maybe converting all the scattered bug_descr to use the scariness score would be better?

Makes sense. Updating the patch to use the description from scariness.

rnk added a comment.Nov 23 2016, 11:47 AM
In D27012#604582, @filcab wrote:
In D27012#604558, @rnk wrote:

Isn't this somewhat redundant with the buffer in ScarinessScoreBase?

struct ScarinessScoreBase {
  ...
  int score;
  char descr[1024];
};

I was going to ask the same. And we have more information in the scariness score (e.g: in the param-overlap, and generic errors).
Maybe converting all the scattered bug_descr to use the scariness score would be better?

Well, it looks like it's not that redundant. If you look at the logic in ErrorGeneric, you see multiple calls to scariness.Scare, and that's where the complexity arises. I take it back, let's keep this separate.

kubamracek added a comment.Nov 23 2016, 12:04 PM

Well, it looks like it's not that redundant. If you look at the logic in ErrorGeneric, you see multiple calls to scariness.Scare, and that's where the complexity arises. I take it back, let's keep this separate.

ErrorGeneric constructs scariness strings like "8-byte-write-heap-buffer-overflow-far-from-bounds", which is the description of this bug instance, whereas what I'm looking for is a description of a whole class, for the purposes of categorization, e.g. "heap-buffer-overflow", "double-free", "odr-violation" and such. So I slightly agree with you that this is a separate thing from the scariness description, but there's a lot of overlap.

So the previous patch looks good to you?

filcab added a comment.Nov 23 2016, 12:38 PM

If ErrorGeneric is the only special one, why not use the scariness in general, but make that one a special case?
It's already special, so it's not really a big change.

kubamracek added a comment.Nov 23 2016, 1:43 PM
In D27012#604649, @filcab wrote:

If ErrorGeneric is the only special one, why not use the scariness in general, but make that one a special case?
It's already special, so it's not really a big change.

That's what the current patch does.

filcab accepted this revision.Nov 23 2016, 2:53 PM
filcab edited edge metadata.

Ah yes. Sorry about that.
Current patch LGTM!

This revision is now accepted and ready to land.Nov 23 2016, 2:53 PM
kubamracek added a comment.Nov 23 2016, 2:54 PM

Thanks. Reid?

rnk accepted this revision.Nov 28 2016, 9:34 AM
rnk edited edge metadata.

lgtm, I see, ErrorGeneric still does ReportErrorSummary(bug_descr, &stack); Thanks!

Closed by commit rL288065: [asan] Provide bug descriptions for all reports (not just ErrorGeneric) (authored by kuba.brecka). · Explain WhyNov 28 2016, 1:28 PM
This revision was automatically updated to reflect the committed changes.
kubamracek added a comment.Nov 28 2016, 1:29 PM

Thanks for the review!

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
asan/
18 lines
47 lines
12 lines
test/
asan/
TestCases/
32 lines

Diff 79446

compiler-rt/trunk/lib/asan/asan_errors.h

Show First 20 LinesShow All 166 Lines▼ Show 20 Linesstruct ErrorMallocUsableSizeNotOwned : ErrorBase {
// VS2013 doesn't implement unrestricted unions, so we need a trivial default // VS2013 doesn't implement unrestricted unions, so we need a trivial default
// constructor // constructor
ErrorMallocUsableSizeNotOwned() = default; ErrorMallocUsableSizeNotOwned() = default;
ErrorMallocUsableSizeNotOwned(u32 tid, BufferedStackTrace *stack_, uptr addr) ErrorMallocUsableSizeNotOwned(u32 tid, BufferedStackTrace *stack_, uptr addr)
: ErrorBase(tid), : ErrorBase(tid),
stack(stack_), stack(stack_),
addr_description(addr, /*shouldLockThreadRegistry=*/false) { addr_description(addr, /*shouldLockThreadRegistry=*/false) {
scariness.Clear(); scariness.Clear();
scariness.Scare(10, "bad-malloc_usable_size");
} }
void Print(); void Print();
}; };
struct ErrorSanitizerGetAllocatedSizeNotOwned : ErrorBase { struct ErrorSanitizerGetAllocatedSizeNotOwned : ErrorBase {
// ErrorSanitizerGetAllocatedSizeNotOwned doesn't own the stack trace. // ErrorSanitizerGetAllocatedSizeNotOwned doesn't own the stack trace.
const BufferedStackTrace *stack; const BufferedStackTrace *stack;
AddressDescription addr_description; AddressDescription addr_description;
// VS2013 doesn't implement unrestricted unions, so we need a trivial default // VS2013 doesn't implement unrestricted unions, so we need a trivial default
// constructor // constructor
ErrorSanitizerGetAllocatedSizeNotOwned() = default; ErrorSanitizerGetAllocatedSizeNotOwned() = default;
ErrorSanitizerGetAllocatedSizeNotOwned(u32 tid, BufferedStackTrace *stack_, ErrorSanitizerGetAllocatedSizeNotOwned(u32 tid, BufferedStackTrace *stack_,
uptr addr) uptr addr)
: ErrorBase(tid), : ErrorBase(tid),
stack(stack_), stack(stack_),
addr_description(addr, /*shouldLockThreadRegistry=*/false) { addr_description(addr, /*shouldLockThreadRegistry=*/false) {
scariness.Clear(); scariness.Clear();
scariness.Scare(10, "bad-__sanitizer_get_allocated_size");
} }
void Print(); void Print();
}; };
struct ErrorStringFunctionMemoryRangesOverlap : ErrorBase { struct ErrorStringFunctionMemoryRangesOverlap : ErrorBase {
// ErrorStringFunctionMemoryRangesOverlap doesn't own the stack trace. // ErrorStringFunctionMemoryRangesOverlap doesn't own the stack trace.
const BufferedStackTrace *stack; const BufferedStackTrace *stack;
uptr length1, length2; uptr length1, length2;
▲ Show 20 LinesShow All 53 Lines▼ Show 20 Lines ErrorBadParamsToAnnotateContiguousContainer(u32 tid,
BufferedStackTrace *stack_, BufferedStackTrace *stack_,
uptr beg_, uptr end_, uptr beg_, uptr end_,
uptr old_mid_, uptr new_mid_) uptr old_mid_, uptr new_mid_)
: ErrorBase(tid), : ErrorBase(tid),
stack(stack_), stack(stack_),
beg(beg_), beg(beg_),
end(end_), end(end_),
old_mid(old_mid_), old_mid(old_mid_),
new_mid(new_mid_) {} new_mid(new_mid_) {
scariness.Clear();
scariness.Scare(10, "bad-__sanitizer_annotate_contiguous_container");
}
void Print(); void Print();
}; };
struct ErrorODRViolation : ErrorBase { struct ErrorODRViolation : ErrorBase {
__asan_global global1, global2; __asan_global global1, global2;
u32 stack_id1, stack_id2; u32 stack_id1, stack_id2;
// VS2013 doesn't implement unrestricted unions, so we need a trivial default // VS2013 doesn't implement unrestricted unions, so we need a trivial default
// constructor // constructor
ErrorODRViolation() = default; ErrorODRViolation() = default;
ErrorODRViolation(u32 tid, const __asan_global *g1, u32 stack_id1_, ErrorODRViolation(u32 tid, const __asan_global *g1, u32 stack_id1_,
const __asan_global *g2, u32 stack_id2_) const __asan_global *g2, u32 stack_id2_)
: ErrorBase(tid), : ErrorBase(tid),
global1(*g1), global1(*g1),
global2(*g2), global2(*g2),
stack_id1(stack_id1_), stack_id1(stack_id1_),
stack_id2(stack_id2_) {} stack_id2(stack_id2_) {
scariness.Clear();
scariness.Scare(10, "odr-violation");
}
void Print(); void Print();
}; };
struct ErrorInvalidPointerPair : ErrorBase { struct ErrorInvalidPointerPair : ErrorBase {
uptr pc, bp, sp; uptr pc, bp, sp;
AddressDescription addr1_description; AddressDescription addr1_description;
AddressDescription addr2_description; AddressDescription addr2_description;
// VS2013 doesn't implement unrestricted unions, so we need a trivial default // VS2013 doesn't implement unrestricted unions, so we need a trivial default
// constructor // constructor
ErrorInvalidPointerPair() = default; ErrorInvalidPointerPair() = default;
ErrorInvalidPointerPair(u32 tid, uptr pc_, uptr bp_, uptr sp_, uptr p1, ErrorInvalidPointerPair(u32 tid, uptr pc_, uptr bp_, uptr sp_, uptr p1,
uptr p2) uptr p2)
: ErrorBase(tid), : ErrorBase(tid),
pc(pc_), pc(pc_),
bp(bp_), bp(bp_),
sp(sp_), sp(sp_),
addr1_description(p1, 1, /*shouldLockThreadRegistry=*/false), addr1_description(p1, 1, /*shouldLockThreadRegistry=*/false),
addr2_description(p2, 1, /*shouldLockThreadRegistry=*/false) {} addr2_description(p2, 1, /*shouldLockThreadRegistry=*/false) {
scariness.Clear();
scariness.Scare(10, "invalid-pointer-pair");
}
void Print(); void Print();
}; };
struct ErrorGeneric : ErrorBase { struct ErrorGeneric : ErrorBase {
AddressDescription addr_description; AddressDescription addr_description;
uptr pc, bp, sp; uptr pc, bp, sp;
uptr access_size; uptr access_size;
const char *bug_descr; const char *bug_descr;
▲ Show 20 LinesShow All 41 Lines▼ Show 20 Lines
struct ErrorDescription { struct ErrorDescription {
ErrorKind kind; ErrorKind kind;
// We're using a tagged union because it allows us to have a trivially // We're using a tagged union because it allows us to have a trivially
// copiable type and use the same structures as the public interface. // copiable type and use the same structures as the public interface.
// //
// We can add a wrapper around it to make it "more c++-like", but that would // We can add a wrapper around it to make it "more c++-like", but that would
// add a lot of code and the benefit wouldn't be that big. // add a lot of code and the benefit wouldn't be that big.
union { union {
ErrorBase Base;
ASAN_FOR_EACH_ERROR_KIND(ASAN_ERROR_DESCRIPTION_MEMBER) ASAN_FOR_EACH_ERROR_KIND(ASAN_ERROR_DESCRIPTION_MEMBER)
}; };
ErrorDescription() { internal_memset(this, 0, sizeof(*this)); } ErrorDescription() { internal_memset(this, 0, sizeof(*this)); }
ASAN_FOR_EACH_ERROR_KIND(ASAN_ERROR_DESCRIPTION_CONSTRUCTOR) ASAN_FOR_EACH_ERROR_KIND(ASAN_ERROR_DESCRIPTION_CONSTRUCTOR)
bool IsValid() { return kind != kErrorKindInvalid; } bool IsValid() { return kind != kErrorKindInvalid; }
void Print() { void Print() {
Show All 18 Lines

compiler-rt/trunk/lib/asan/asan_errors.cc

Show All 20 Lines
#include "sanitizer_common/sanitizer_stackdepot.h" #include "sanitizer_common/sanitizer_stackdepot.h"
namespace __asan { namespace __asan {
void ErrorStackOverflow::Print() { void ErrorStackOverflow::Print() {
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
Report( Report(
"ERROR: AddressSanitizer: stack-overflow on address %p" "ERROR: AddressSanitizer: %s on address %p"
" (pc %p bp %p sp %p T%d)\n", " (pc %p bp %p sp %p T%d)\n", scariness.GetDescription(),
(void *)addr, (void *)pc, (void *)bp, (void *)sp, tid); (void *)addr, (void *)pc, (void *)bp, (void *)sp, tid);
Printf("%s", d.EndWarning()); Printf("%s", d.EndWarning());
scariness.Print(); scariness.Print();
BufferedStackTrace stack; BufferedStackTrace stack;
GetStackTraceWithPcBpAndContext(&stack, kStackTraceMax, pc, bp, context, GetStackTraceWithPcBpAndContext(&stack, kStackTraceMax, pc, bp, context,
common_flags()->fast_unwind_on_fatal); common_flags()->fast_unwind_on_fatal);
stack.Print(); stack.Print();
ReportErrorSummary("stack-overflow", &stack); ReportErrorSummary(scariness.GetDescription(), &stack);
} }
static void MaybeDumpInstructionBytes(uptr pc) { static void MaybeDumpInstructionBytes(uptr pc) {
if (!flags()->dump_instruction_bytes || (pc < GetPageSizeCached())) return; if (!flags()->dump_instruction_bytes || (pc < GetPageSizeCached())) return;
InternalScopedString str(1024); InternalScopedString str(1024);
str.append("First 16 instruction bytes at pc: "); str.append("First 16 instruction bytes at pc: ");
if (IsAccessibleMemoryRange(pc, 16)) { if (IsAccessibleMemoryRange(pc, 16)) {
for (int i = 0; i < 16; ++i) { for (int i = 0; i < 16; ++i) {
▲ Show 20 LinesShow All 41 Lines▼ Show 20 Linesvoid ErrorDeadlySignal::Print() {
ReportErrorSummary(description, &stack); ReportErrorSummary(description, &stack);
} }
void ErrorDoubleFree::Print() { void ErrorDoubleFree::Print() {
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
char tname[128]; char tname[128];
Report( Report(
"ERROR: AddressSanitizer: attempting double-free on %p in " "ERROR: AddressSanitizer: attempting %s on %p in "
"thread T%d%s:\n", "thread T%d%s:\n",
addr_description.addr, tid, scariness.GetDescription(), addr_description.addr, tid,
ThreadNameWithParenthesis(tid, tname, sizeof(tname))); ThreadNameWithParenthesis(tid, tname, sizeof(tname)));
Printf("%s", d.EndWarning()); Printf("%s", d.EndWarning());
scariness.Print(); scariness.Print();
GET_STACK_TRACE_FATAL(second_free_stack->trace[0], GET_STACK_TRACE_FATAL(second_free_stack->trace[0],
second_free_stack->top_frame_bp); second_free_stack->top_frame_bp);
stack.Print(); stack.Print();
addr_description.Print(); addr_description.Print();
ReportErrorSummary("double-free", &stack); ReportErrorSummary(scariness.GetDescription(), &stack);
} }
void ErrorNewDeleteSizeMismatch::Print() { void ErrorNewDeleteSizeMismatch::Print() {
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
char tname[128]; char tname[128];
Report( Report(
"ERROR: AddressSanitizer: new-delete-type-mismatch on %p in thread " "ERROR: AddressSanitizer: %s on %p in thread "
"T%d%s:\n", "T%d%s:\n",
addr_description.addr, tid, scariness.GetDescription(), addr_description.addr, tid,
ThreadNameWithParenthesis(tid, tname, sizeof(tname))); ThreadNameWithParenthesis(tid, tname, sizeof(tname)));
Printf("%s object passed to delete has wrong type:\n", d.EndWarning()); Printf("%s object passed to delete has wrong type:\n", d.EndWarning());
Printf( Printf(
" size of the allocated type: %zd bytes;\n" " size of the allocated type: %zd bytes;\n"
" size of the deallocated type: %zd bytes.\n", " size of the deallocated type: %zd bytes.\n",
addr_description.chunk_access.chunk_size, delete_size); addr_description.chunk_access.chunk_size, delete_size);
CHECK_GT(free_stack->size, 0); CHECK_GT(free_stack->size, 0);
scariness.Print(); scariness.Print();
GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp); GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp);
stack.Print(); stack.Print();
addr_description.Print(); addr_description.Print();
ReportErrorSummary("new-delete-type-mismatch", &stack); ReportErrorSummary(scariness.GetDescription(), &stack);
Report( Report(
"HINT: if you don't care about these errors you may set " "HINT: if you don't care about these errors you may set "
"ASAN_OPTIONS=new_delete_type_mismatch=0\n"); "ASAN_OPTIONS=new_delete_type_mismatch=0\n");
} }
void ErrorFreeNotMalloced::Print() { void ErrorFreeNotMalloced::Print() {
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
char tname[128]; char tname[128];
Report( Report(
"ERROR: AddressSanitizer: attempting free on address " "ERROR: AddressSanitizer: attempting free on address "
"which was not malloc()-ed: %p in thread T%d%s\n", "which was not malloc()-ed: %p in thread T%d%s\n",
addr_description.Address(), tid, addr_description.Address(), tid,
ThreadNameWithParenthesis(tid, tname, sizeof(tname))); ThreadNameWithParenthesis(tid, tname, sizeof(tname)));
Printf("%s", d.EndWarning()); Printf("%s", d.EndWarning());
CHECK_GT(free_stack->size, 0); CHECK_GT(free_stack->size, 0);
scariness.Print(); scariness.Print();
GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp); GET_STACK_TRACE_FATAL(free_stack->trace[0], free_stack->top_frame_bp);
stack.Print(); stack.Print();
addr_description.Print(); addr_description.Print();
ReportErrorSummary("bad-free", &stack); ReportErrorSummary(scariness.GetDescription(), &stack);
} }
void ErrorAllocTypeMismatch::Print() { void ErrorAllocTypeMismatch::Print() {
static const char *alloc_names[] = {"INVALID", "malloc", "operator new", static const char *alloc_names[] = {"INVALID", "malloc", "operator new",
"operator new []"}; "operator new []"};
static const char *dealloc_names[] = {"INVALID", "free", "operator delete", static const char *dealloc_names[] = {"INVALID", "free", "operator delete",
"operator delete []"}; "operator delete []"};
CHECK_NE(alloc_type, dealloc_type); CHECK_NE(alloc_type, dealloc_type);
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
Report("ERROR: AddressSanitizer: alloc-dealloc-mismatch (%s vs %s) on %p\n", Report("ERROR: AddressSanitizer: %s (%s vs %s) on %p\n",
scariness.GetDescription(),
alloc_names[alloc_type], dealloc_names[dealloc_type], alloc_names[alloc_type], dealloc_names[dealloc_type],
addr_description.addr); addr_description.addr);
Printf("%s", d.EndWarning()); Printf("%s", d.EndWarning());
CHECK_GT(dealloc_stack->size, 0); CHECK_GT(dealloc_stack->size, 0);
scariness.Print(); scariness.Print();
GET_STACK_TRACE_FATAL(dealloc_stack->trace[0], dealloc_stack->top_frame_bp); GET_STACK_TRACE_FATAL(dealloc_stack->trace[0], dealloc_stack->top_frame_bp);
stack.Print(); stack.Print();
addr_description.Print(); addr_description.Print();
ReportErrorSummary("alloc-dealloc-mismatch", &stack); ReportErrorSummary(scariness.GetDescription(), &stack);
Report( Report(
"HINT: if you don't care about these errors you may set " "HINT: if you don't care about these errors you may set "
"ASAN_OPTIONS=alloc_dealloc_mismatch=0\n"); "ASAN_OPTIONS=alloc_dealloc_mismatch=0\n");
} }
void ErrorMallocUsableSizeNotOwned::Print() { void ErrorMallocUsableSizeNotOwned::Print() {
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
Report( Report(
"ERROR: AddressSanitizer: attempting to call malloc_usable_size() for " "ERROR: AddressSanitizer: attempting to call malloc_usable_size() for "
"pointer which is not owned: %p\n", "pointer which is not owned: %p\n",
addr_description.Address()); addr_description.Address());
Printf("%s", d.EndWarning()); Printf("%s", d.EndWarning());
stack->Print(); stack->Print();
addr_description.Print(); addr_description.Print();
ReportErrorSummary("bad-malloc_usable_size", stack); ReportErrorSummary(scariness.GetDescription(), stack);
} }
void ErrorSanitizerGetAllocatedSizeNotOwned::Print() { void ErrorSanitizerGetAllocatedSizeNotOwned::Print() {
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
Report( Report(
"ERROR: AddressSanitizer: attempting to call " "ERROR: AddressSanitizer: attempting to call "
"__sanitizer_get_allocated_size() for pointer which is not owned: %p\n", "__sanitizer_get_allocated_size() for pointer which is not owned: %p\n",
addr_description.Address()); addr_description.Address());
Printf("%s", d.EndWarning()); Printf("%s", d.EndWarning());
stack->Print(); stack->Print();
addr_description.Print(); addr_description.Print();
ReportErrorSummary("bad-__sanitizer_get_allocated_size", stack); ReportErrorSummary(scariness.GetDescription(), stack);
} }
void ErrorStringFunctionMemoryRangesOverlap::Print() { void ErrorStringFunctionMemoryRangesOverlap::Print() {
Decorator d; Decorator d;
char bug_type[100]; char bug_type[100];
internal_snprintf(bug_type, sizeof(bug_type), "%s-param-overlap", function); internal_snprintf(bug_type, sizeof(bug_type), "%s-param-overlap", function);
Printf("%s", d.Warning()); Printf("%s", d.Warning());
Report( Report(
"ERROR: AddressSanitizer: %s: memory ranges [%p,%p) and [%p, %p) " "ERROR: AddressSanitizer: %s: memory ranges [%p,%p) and [%p, %p) "
"overlap\n", "overlap\n",
bug_type, addr1_description.Address(), bug_type, addr1_description.Address(),
addr1_description.Address() + length1, addr2_description.Address(), addr1_description.Address() + length1, addr2_description.Address(),
addr2_description.Address() + length2); addr2_description.Address() + length2);
Printf("%s", d.EndWarning()); Printf("%s", d.EndWarning());
scariness.Print(); scariness.Print();
stack->Print(); stack->Print();
addr1_description.Print(); addr1_description.Print();
addr2_description.Print(); addr2_description.Print();
ReportErrorSummary(bug_type, stack); ReportErrorSummary(bug_type, stack);
} }
void ErrorStringFunctionSizeOverflow::Print() { void ErrorStringFunctionSizeOverflow::Print() {
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
const char *bug_type = "negative-size-param"; Report("ERROR: AddressSanitizer: %s: (size=%zd)\n",
Report("ERROR: AddressSanitizer: %s: (size=%zd)\n", bug_type, size); scariness.GetDescription(), size);
Printf("%s", d.EndWarning()); Printf("%s", d.EndWarning());
scariness.Print(); scariness.Print();
stack->Print(); stack->Print();
addr_description.Print(); addr_description.Print();
ReportErrorSummary(bug_type, stack); ReportErrorSummary(scariness.GetDescription(), stack);
} }
void ErrorBadParamsToAnnotateContiguousContainer::Print() { void ErrorBadParamsToAnnotateContiguousContainer::Print() {
Report( Report(
"ERROR: AddressSanitizer: bad parameters to " "ERROR: AddressSanitizer: bad parameters to "
"__sanitizer_annotate_contiguous_container:\n" "__sanitizer_annotate_contiguous_container:\n"
" beg : %p\n" " beg : %p\n"
" end : %p\n" " end : %p\n"
" old_mid : %p\n" " old_mid : %p\n"
" new_mid : %p\n", " new_mid : %p\n",
beg, end, old_mid, new_mid); beg, end, old_mid, new_mid);
uptr granularity = SHADOW_GRANULARITY; uptr granularity = SHADOW_GRANULARITY;
if (!IsAligned(beg, granularity)) if (!IsAligned(beg, granularity))
Report("ERROR: beg is not aligned by %d\n", granularity); Report("ERROR: beg is not aligned by %d\n", granularity);
stack->Print(); stack->Print();
ReportErrorSummary("bad-__sanitizer_annotate_contiguous_container", stack); ReportErrorSummary(scariness.GetDescription(), stack);
} }
void ErrorODRViolation::Print() { void ErrorODRViolation::Print() {
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
Report("ERROR: AddressSanitizer: odr-violation (%p):\n", global1.beg); Report("ERROR: AddressSanitizer: %s (%p):\n", scariness.GetDescription(),
global1.beg);
Printf("%s", d.EndWarning()); Printf("%s", d.EndWarning());
InternalScopedString g1_loc(256), g2_loc(256); InternalScopedString g1_loc(256), g2_loc(256);
PrintGlobalLocation(&g1_loc, global1); PrintGlobalLocation(&g1_loc, global1);
PrintGlobalLocation(&g2_loc, global2); PrintGlobalLocation(&g2_loc, global2);
Printf(" [1] size=%zd '%s' %s\n", global1.size, Printf(" [1] size=%zd '%s' %s\n", global1.size,
MaybeDemangleGlobalName(global1.name), g1_loc.data()); MaybeDemangleGlobalName(global1.name), g1_loc.data());
Printf(" [2] size=%zd '%s' %s\n", global2.size, Printf(" [2] size=%zd '%s' %s\n", global2.size,
MaybeDemangleGlobalName(global2.name), g2_loc.data()); MaybeDemangleGlobalName(global2.name), g2_loc.data());
if (stack_id1 && stack_id2) { if (stack_id1 && stack_id2) {
Printf("These globals were registered at these points:\n"); Printf("These globals were registered at these points:\n");
Printf(" [1]:\n"); Printf(" [1]:\n");
StackDepotGet(stack_id1).Print(); StackDepotGet(stack_id1).Print();
Printf(" [2]:\n"); Printf(" [2]:\n");
StackDepotGet(stack_id2).Print(); StackDepotGet(stack_id2).Print();
} }
Report( Report(
"HINT: if you don't care about these errors you may set " "HINT: if you don't care about these errors you may set "
"ASAN_OPTIONS=detect_odr_violation=0\n"); "ASAN_OPTIONS=detect_odr_violation=0\n");
InternalScopedString error_msg(256); InternalScopedString error_msg(256);
error_msg.append("odr-violation: global '%s' at %s", error_msg.append("%s: global '%s' at %s", scariness.GetDescription(),
MaybeDemangleGlobalName(global1.name), g1_loc.data()); MaybeDemangleGlobalName(global1.name), g1_loc.data());
ReportErrorSummary(error_msg.data()); ReportErrorSummary(error_msg.data());
} }
void ErrorInvalidPointerPair::Print() { void ErrorInvalidPointerPair::Print() {
const char *bug_type = "invalid-pointer-pair";
Decorator d; Decorator d;
Printf("%s", d.Warning()); Printf("%s", d.Warning());
Report("ERROR: AddressSanitizer: invalid-pointer-pair: %p %p\n", Report("ERROR: AddressSanitizer: %s: %p %p\n", scariness.GetDescription(),
addr1_description.Address(), addr2_description.Address()); addr1_description.Address(), addr2_description.Address());
Printf("%s", d.EndWarning()); Printf("%s", d.EndWarning());
GET_STACK_TRACE_FATAL(pc, bp); GET_STACK_TRACE_FATAL(pc, bp);
stack.Print(); stack.Print();
addr1_description.Print(); addr1_description.Print();
addr2_description.Print(); addr2_description.Print();
ReportErrorSummary(bug_type, &stack); ReportErrorSummary(scariness.GetDescription(), &stack);
} }
static bool AdjacentShadowValuesAreFullyPoisoned(u8 *s) { static bool AdjacentShadowValuesAreFullyPoisoned(u8 *s) {
return s[-1] > 127 && s[1] > 127; return s[-1] > 127 && s[1] > 127;
} }
ErrorGeneric::ErrorGeneric(u32 tid, uptr pc_, uptr bp_, uptr sp_, uptr addr, ErrorGeneric::ErrorGeneric(u32 tid, uptr pc_, uptr bp_, uptr sp_, uptr addr,
bool is_write_, uptr access_size_) bool is_write_, uptr access_size_)
▲ Show 20 LinesShow All 207 LinesShow Last 20 Lines

compiler-rt/trunk/lib/asan/asan_report.cc

Show First 20 LinesShow All 421 Lines▼ Show 20 Lines
void __asan_describe_address(uptr addr) { void __asan_describe_address(uptr addr) {
// Thread registry must be locked while we're describing an address. // Thread registry must be locked while we're describing an address.
asanThreadRegistry().Lock(); asanThreadRegistry().Lock();
PrintAddressDescription(addr, 1, ""); PrintAddressDescription(addr, 1, "");
asanThreadRegistry().Unlock(); asanThreadRegistry().Unlock();
} }
int __asan_report_present() { int __asan_report_present() {
return ScopedInErrorReport::CurrentError().kind == kErrorKindGeneric; return ScopedInErrorReport::CurrentError().kind != kErrorKindInvalid;
} }
uptr __asan_get_report_pc() { uptr __asan_get_report_pc() {
if (ScopedInErrorReport::CurrentError().kind == kErrorKindGeneric) if (ScopedInErrorReport::CurrentError().kind == kErrorKindGeneric)
return ScopedInErrorReport::CurrentError().Generic.pc; return ScopedInErrorReport::CurrentError().Generic.pc;
return 0; return 0;
} }
uptr __asan_get_report_bp() { uptr __asan_get_report_bp() {
if (ScopedInErrorReport::CurrentError().kind == kErrorKindGeneric) if (ScopedInErrorReport::CurrentError().kind == kErrorKindGeneric)
return ScopedInErrorReport::CurrentError().Generic.bp; return ScopedInErrorReport::CurrentError().Generic.bp;
return 0; return 0;
} }
uptr __asan_get_report_sp() { uptr __asan_get_report_sp() {
if (ScopedInErrorReport::CurrentError().kind == kErrorKindGeneric) if (ScopedInErrorReport::CurrentError().kind == kErrorKindGeneric)
return ScopedInErrorReport::CurrentError().Generic.sp; return ScopedInErrorReport::CurrentError().Generic.sp;
return 0; return 0;
} }
uptr __asan_get_report_address() { uptr __asan_get_report_address() {
if (ScopedInErrorReport::CurrentError().kind == kErrorKindGeneric) ErrorDescription &err = ScopedInErrorReport::CurrentError();
return ScopedInErrorReport::CurrentError() if (err.kind == kErrorKindGeneric)
.Generic.addr_description.Address(); return err.Generic.addr_description.Address();
else if (err.kind == kErrorKindDoubleFree)
return err.DoubleFree.addr_description.addr;
return 0; return 0;
} }
int __asan_get_report_access_type() { int __asan_get_report_access_type() {
if (ScopedInErrorReport::CurrentError().kind == kErrorKindGeneric) if (ScopedInErrorReport::CurrentError().kind == kErrorKindGeneric)
return ScopedInErrorReport::CurrentError().Generic.is_write; return ScopedInErrorReport::CurrentError().Generic.is_write;
return 0; return 0;
} }
uptr __asan_get_report_access_size() { uptr __asan_get_report_access_size() {
if (ScopedInErrorReport::CurrentError().kind == kErrorKindGeneric) if (ScopedInErrorReport::CurrentError().kind == kErrorKindGeneric)
return ScopedInErrorReport::CurrentError().Generic.access_size; return ScopedInErrorReport::CurrentError().Generic.access_size;
return 0; return 0;
} }
const char *__asan_get_report_description() { const char *__asan_get_report_description() {
if (ScopedInErrorReport::CurrentError().kind == kErrorKindGeneric) if (ScopedInErrorReport::CurrentError().kind == kErrorKindGeneric)
return ScopedInErrorReport::CurrentError().Generic.bug_descr; return ScopedInErrorReport::CurrentError().Generic.bug_descr;
return nullptr; return ScopedInErrorReport::CurrentError().Base.scariness.GetDescription();
} }
extern "C" { extern "C" {
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __sanitizer_ptr_sub(void *a, void *b) { void __sanitizer_ptr_sub(void *a, void *b) {
CheckForInvalidPointerPair(a, b); CheckForInvalidPointerPair(a, b);
} }
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
Show All 11 Lines

compiler-rt/trunk/test/asan/TestCases/debug_double_free.cc

// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
#include <sanitizer/asan_interface.h>
#include <stdio.h>
#include <stdlib.h>
char *heap_ptr;
int main() {
heap_ptr = (char *)malloc(10);
fprintf(stderr, "heap_ptr: %p\n", heap_ptr);
// CHECK: heap_ptr: 0x[[ADDR:[0-9a-f]+]]
free(heap_ptr);
free(heap_ptr); // BOOM
return 0;
}
void __asan_on_error() {
int present = __asan_report_present();
void *addr = __asan_get_report_address();
const char *description = __asan_get_report_description();
fprintf(stderr, "%s\n", (present == 1) ? "report present" : "");
// CHECK: report present
fprintf(stderr, "addr: %p\n", addr);
// CHECK: addr: {{0x0*}}[[ADDR]]
fprintf(stderr, "description: %s\n", description);
// CHECK: description: double-free
}
// CHECK: AddressSanitizer: attempting double-free on {{0x0*}}[[ADDR]] in thread T0