Page MenuHomePhabricator

[compiler-rt] [Sanitizer Coverage] Use interception to access to sanitizer coverage's strong functions defined in the main executable (for MD on Windows.)
AbandonedPublic

Authored by mpividori on Jan 12 2017, 12:58 AM.

Details

Summary

When considering MD, asan is implemented as an external dll: clang-rt_asan_dynamic-arch.dll
We provide default implementation for sanitizer coverage's weak functions like: __sanitizer_cov_trace_pc_guard, __sanitizer_cov_trace_cmp , etc, imported from asan dll as: __sanitizer_cov_trace_pc_guard__dll, __sanitizer_cov_trace_cmp__dll , etc.

But clients can redefine and export a new definition in the main executable, like:

extern "C" __declspec(dllexport) void __sanitizer_cov_trace_pc_guard(u32* guard) {
  // Different implementation provided by the client.
}

However, other client's dlls, will continue using the default implementation imported from asan dll: __sanitizer_cov_trace_pc_guard__dll.

So, with the implementation in this diff, when asan dll is initialized, it will check if the main executable exports the definition of some weak function (for example __sanitizer_cov_trace_pc_guard). If it finds that function, then it will override the default function in the dll (__sanitizer_cov_trace_pc_guard__dll) with that pointer. So, all the client's dlls with instrumentation that import __sanitizer_cov_trace_pc_guard__dll() from asan dll, will be using the function provided by the main executable.

After this diff, sanitizer coverage is fixed for MD on Windows. In particular libFuzzer can provide custom implementation for all sanitizer coverage's weak functions, and they will be considered by asan dll.

Diff Detail

Event Timeline

mpividori updated this revision to Diff 84084.Jan 12 2017, 12:58 AM
mpividori retitled this revision from to [compiler-rt] [Sanitizer Coverage] Use interception to access to sanitizer coverage's strong functions defined in the main executable (for MD on Windows.).
mpividori updated this object.
mpividori added reviewers: kcc, rnk, aizatsky, zturner.
mpividori set the repository for this revision to rL LLVM.
mpividori added a subscriber: llvm-commits.
rnk added inline comments.Jan 17 2017, 1:14 PM
lib/asan/asan_win_coverage_interception.cc
55 ↗(On Diff #84084)

I think we may wish to have a .def file that includes the full list of weak sanitizer coverage callbacks to avoid this repetition.

@rnk I considered that, but I thought this would be simpler, although we repeat some declarations.

mpividori updated this revision to Diff 85469.Jan 23 2017, 3:22 PM
mpividori edited the summary of this revision. (Show Details)
kubamracek added inline comments.Jan 23 2017, 3:27 PM
lib/asan/CMakeLists.txt
81

Add asan_win_weak_interception.cc to ASAN_SOURCES instead.

lib/asan/asan_win_weak_interception.cc
15

Can you use the same ifdef'ing scheme as asan_win.cc is using, i.e.:

#include "sanitizer_common/sanitizer_platform.h"
#if SANITIZER_WINDOWS

?

mpividori added inline comments.Jan 23 2017, 3:29 PM
lib/asan/CMakeLists.txt
81

@kubamracek I can't because this is only for the dynamic version of asan (dll).

lib/asan/asan_win_weak_interception.cc
15

@kubamracek Ok, you are right. Thanks.

kubamracek added inline comments.Jan 23 2017, 3:30 PM
lib/asan/CMakeLists.txt
81

Then either define something like ASAN_DYNAMIC_SOURCES or use #if ASAN_DYNAMIC in the source file itself. This certainly doesn't belong here.

mpividori abandoned this revision.Jan 25 2017, 9:39 PM

Abandon revision, because this was redesigned in: https://reviews.llvm.org/D29168