This is an archive of the discontinued LLVM Phabricator instance.

Differential D27061

[asan] Avoid redundant poisoning checks in __sanitizer_contiguous_container_find_bad_address
ClosedPublic

Authored by i.baravy on Nov 23 2016, 11:02 AM.

Details

Reviewers
kcc
vitalybuka
eugenis
Commits
rGd13634016677: [asan] Avoid redundant poisoning checks in…
rCRT288234: [asan] Avoid redundant poisoning checks in…
rL288234: [asan] Avoid redundant poisoning checks in…
Summary

__sanitizer_contiguous_container_find_bad_address computes three regions of a container to check for poisoning: begin, middle, end. The issue is that in current design the first region can be significantly larger than kMaxRangeToCheck.

Proposed patch fixes a typo to calculate the first region properly.

Diff Detail

Repository
rL LLVM

Event Timeline

i.baravy updated this revision to Diff 79111.Nov 23 2016, 11:02 AM
i.baravy retitled this revision from to [asan] Avoid duplicate and redundant poisoning checks in __sanitizer_contiguous_container_find_bad_address.
i.baravy updated this object.
i.baravy added reviewers: kcc, eugenis.
i.baravy set the repository for this revision to rL LLVM.
i.baravy added a project: Restricted Project.
i.baravy added subscribers: m.ostapenko, llvm-commits.
Herald added a subscriber: kubamracek. · View Herald TranscriptNov 23 2016, 11:02 AM
i.baravy updated this object.Nov 23 2016, 11:13 AM
i.baravy updated this object.
vitalybuka added a subscriber: vitalybuka.Nov 23 2016, 11:18 AM

Could you please also update some test to cover new behavior?

lib/asan/asan_poisoning.cc
423 ↗(On Diff #79111)

Could you please combine these
for (uptr i = r2_beg; i < mid; i++)
for (uptr i = mid; i < r2_end; i++)

into
for (uptr i = r2_beg; i < r2_end; i++)

vitalybuka added a reviewer: vitalybuka.Nov 23 2016, 11:18 AM
i.baravy updated this revision to Diff 79131.Nov 23 2016, 11:30 AM

Merge cycles for adjacent regions.

eugenis added inline comments.Nov 23 2016, 2:05 PM
lib/asan/asan_poisoning.cc
423 ↗(On Diff #79111)

But these loops check for opposite conditions. Now it is simply wrong: bytes after mid must be poisoned.

vitalybuka added inline comments.Nov 23 2016, 2:25 PM
lib/asan/asan_poisoning.cc
423 ↗(On Diff #79111)

Oh, I didn't notice this, please undo this part.

m.ostapenko added inline comments.Nov 24 2016, 12:31 AM
lib/asan/asan_poisoning.cc
416 ↗(On Diff #79131)

Why do you need all these changes (416, 417, 418)? If I read the code correctly, originally ASan checks bytes around beg, mid and end. What's incorrect here? Overlapping of memory ranges isn't a big deal here IMHO.

i.baravy updated this revision to Diff 79196.Nov 24 2016, 1:57 AM
i.baravy updated this object.
i.baravy marked an inline comment as done.

Revert merging cycles.

i.baravy marked 3 inline comments as done.Nov 24 2016, 2:00 AM

Thank you for the review, guys!

Vitaly,
could you suggest a test to update, please? I have no idea how to test this typo.

i.baravy retitled this revision from [asan] Avoid duplicate and redundant poisoning checks in __sanitizer_contiguous_container_find_bad_address to [asan] Avoid redundant poisoning checks in __sanitizer_contiguous_container_find_bad_address.Nov 24 2016, 2:02 AM
filcab added a subscriber: filcab.Nov 24 2016, 2:45 AM
In D27061#605225, @i.baravy wrote:

Thank you for the review, guys!

Vitaly,
could you suggest a test to update, please? I have no idea how to test this typo.

I'm unsure you can easily test this since, due to the CHECK_LE(mid, end); (and no overflow), we know that end + kMaxRangeToCheck is bigger than mid, so we'll always get mid.
Maybe you can test it by having more than 64 bytes between beg and mid, and poisoning the 33rd byte. That way you know the check shouldn't be able to figure it out and you can check for lack of error (which is what should happen).
Of course, you'd need to add comments explaining you're testing that exact case, and any change to kMaxRangeToCheck would need a change in the test.

eugenis edited edge metadata.Nov 28 2016, 1:07 PM
In D27061#605247, @filcab wrote:
In D27061#605225, @i.baravy wrote:

Thank you for the review, guys!

Vitaly,
could you suggest a test to update, please? I have no idea how to test this typo.

I'm unsure you can easily test this since, due to the CHECK_LE(mid, end); (and no overflow), we know that end + kMaxRangeToCheck is bigger than mid, so we'll always get mid.
Maybe you can test it by having more than 64 bytes between beg and mid, and poisoning the 33rd byte. That way you know the check shouldn't be able to figure it out and you can check for lack of error (which is what should happen).
Of course, you'd need to add comments explaining you're testing that exact case, and any change to kMaxRangeToCheck would need a change in the test.

I don't think such test adds any value. I'm fine w/o any test changes.

lib/asan/asan_poisoning.cc
416 ↗(On Diff #79131)

Well, with this change we get the same result with less work, so why not?

vitalybuka accepted this revision.Nov 28 2016, 4:13 PM
vitalybuka edited edge metadata.
This revision is now accepted and ready to land.Nov 28 2016, 4:13 PM
Closed by commit rL288234: [asan] Avoid redundant poisoning checks in… (authored by chefmax). · Explain WhyNov 30 2016, 1:21 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
asan/
2 lines

Diff 79709

compiler-rt/trunk/lib/asan/asan_poisoning.cc

Show First 20 LinesShow All 406 Lines▼ Show 20 Linesconst void *__sanitizer_contiguous_container_find_bad_address(
uptr end = reinterpret_cast<uptr>(end_p); uptr end = reinterpret_cast<uptr>(end_p);
uptr mid = reinterpret_cast<uptr>(mid_p); uptr mid = reinterpret_cast<uptr>(mid_p);
CHECK_LE(beg, mid); CHECK_LE(beg, mid);
CHECK_LE(mid, end); CHECK_LE(mid, end);
// Check some bytes starting from beg, some bytes around mid, and some bytes // Check some bytes starting from beg, some bytes around mid, and some bytes
// ending with end. // ending with end.
uptr kMaxRangeToCheck = 32; uptr kMaxRangeToCheck = 32;
uptr r1_beg = beg; uptr r1_beg = beg;
uptr r1_end = Min(end + kMaxRangeToCheck, mid); uptr r1_end = Min(beg + kMaxRangeToCheck, mid);
uptr r2_beg = Max(beg, mid - kMaxRangeToCheck); uptr r2_beg = Max(beg, mid - kMaxRangeToCheck);
uptr r2_end = Min(end, mid + kMaxRangeToCheck); uptr r2_end = Min(end, mid + kMaxRangeToCheck);
uptr r3_beg = Max(end - kMaxRangeToCheck, mid); uptr r3_beg = Max(end - kMaxRangeToCheck, mid);
uptr r3_end = end; uptr r3_end = end;
for (uptr i = r1_beg; i < r1_end; i++) for (uptr i = r1_beg; i < r1_end; i++)
if (AddressIsPoisoned(i)) if (AddressIsPoisoned(i))
return reinterpret_cast<const void *>(i); return reinterpret_cast<const void *>(i);
for (uptr i = r2_beg; i < mid; i++) for (uptr i = r2_beg; i < mid; i++)
Show All 35 Lines