This is an archive of the discontinued LLVM Phabricator instance.

Differential D28601

[compiler-rt] [Sanitizer Coverage] Use interception to access to sanitizer coverage's functions defined in the main executable (for MT on Windows.)
AbandonedPublic

Authored by mpividori on Jan 12 2017, 1:21 AM.

Details

Reviewers
kcc
zturner
aizatsky
rnk
Summary

When considering MT, asan is implemented as a static library: clang-rt_asan-arch.lib , which is linked to the main executable.

Also, a static library clang-rt_asan_dll_thunk-arch.lib, is linked for dlls. Mainly, it uses interception to get a pointer to asan's functions in the main executable.

In this diff, I update current implementation of the interception in clang-rt_asan_dll_thunk-arch.lib, to consider the special case of weak functions.
First we check if the client has redefined the function in the main executable (for example: __sanitizer_cov_trace_pc_guard). It we can't find it, then we look for the default implementation (__sanitizer_cov_trace_pc_guard__def). The default implementation is always available because clang-rt_asan-arch.lib is linked to the main executable.

After this diff, sanitizer coverage is fixed for MT on Windows. In particular, we could provide a version of libFuzzer for MT.
libFuzzer has its own custom implementation for all sanitizer coverage's weak functions, and they will be considered by all client's instrumented dlls.

Diff Detail

Repository
rL LLVM

Event Timeline

mpividori updated this revision to Diff 84088.Jan 12 2017, 1:21 AM
mpividori retitled this revision from to [compiler-rt] [Sanitizer Coverage] Use interception to access to sanitizer coverage's functions defined in the main executable (for MT on Windows.).
mpividori updated this object.
mpividori added reviewers: kcc, rnk, aizatsky, zturner.
mpividori set the repository for this revision to rL LLVM.
mpividori added a subscriber: llvm-commits.
Herald added subscribers: dberris, kubamracek. · View Herald TranscriptJan 12 2017, 1:21 AM
mpividori abandoned this revision.Jan 25 2017, 4:55 PM

Abandon revision, because this was redesigned in: https://reviews.llvm.org/D29155

Revision Contents

PathSize
lib/
asan/
89 lines

Diff 84088

lib/asan/asan_win_dll_thunk.cc

Show First 20 LinesShow All 41 Lines▼ Show 20 Lines
static uptr getRealProcAddressOrDie(const char *name) { static uptr getRealProcAddressOrDie(const char *name) {
uptr ret = uptr ret =
__interception::InternalGetProcAddress((void *)GetModuleHandleA(0), name); __interception::InternalGetProcAddress((void *)GetModuleHandleA(0), name);
if (!ret) if (!ret)
abort(); abort();
return ret; return ret;
} }
static uptr getRealProcAddress(const char *name) {
return
__interception::InternalGetProcAddress((void *)GetModuleHandleA(0), name);
}
// We need to intercept some functions (e.g. ASan interface, memory allocator -- // We need to intercept some functions (e.g. ASan interface, memory allocator --
// let's call them "hooks") exported by the DLL thunk and forward the hooks to // let's call them "hooks") exported by the DLL thunk and forward the hooks to
// the runtime in the main module. // the runtime in the main module.
// However, we don't want to keep two lists of these hooks. // However, we don't want to keep two lists of these hooks.
// To avoid that, the list of hooks should be defined using the // To avoid that, the list of hooks should be defined using the
// INTERCEPT_WHEN_POSSIBLE macro. Then, all these hooks can be intercepted // INTERCEPT_[OR_DIE|WHEN_POSSIBLE] macros. Then, all these hooks can be
// at once by calling INTERCEPT_HOOKS(). // intercepted at once by calling INTERCEPT_HOOKS().
// Use macro+template magic to automatically generate the list of hooks. // Use macro+template magic to automatically generate the list of hooks.
// Each hook at line LINE defines a template class with a static // Each hook at line LINE defines a template class with a static
// FunctionInterceptor<LINE>::Execute() method intercepting the hook. // FunctionInterceptor<LINE>::Execute() method intercepting the hook.
// The default implementation of FunctionInterceptor<LINE> is to call // The default implementation of FunctionInterceptor<LINE> is to call
// the Execute() method corresponding to the previous line. // the Execute() method corresponding to the previous line.
template<int LINE> template<int LINE>
struct FunctionInterceptor { struct FunctionInterceptor {
static void Execute() { FunctionInterceptor<LINE-1>::Execute(); } static void Execute() { FunctionInterceptor<LINE-1>::Execute(); }
}; };
// There shouldn't be any hooks with negative definition line number. // There shouldn't be any hooks with negative definition line number.
template<> template<>
struct FunctionInterceptor<0> { struct FunctionInterceptor<0> {
static void Execute() {} static void Execute() {}
}; };
#define INTERCEPT_WHEN_POSSIBLE(main_function, dll_function) \ // Override dll_function with main_function from main executable.
#define INTERCEPT_OR_DIE(main_function, dll_function) \
template <> struct FunctionInterceptor<__LINE__> { \ template <> struct FunctionInterceptor<__LINE__> { \
static void Execute() { \ static void Execute() { \
uptr wrapper = getRealProcAddressOrDie(main_function); \ uptr wrapper = getRealProcAddressOrDie(main_function); \
if (!__interception::OverrideFunction((uptr)dll_function, wrapper, 0)) \ if (!__interception::OverrideFunction((uptr)dll_function, wrapper, 0)) \
abort(); \ abort(); \
FunctionInterceptor<__LINE__ - 1>::Execute(); \ FunctionInterceptor<__LINE__ - 1>::Execute(); \
} \ } \
}; };
// Try to override dll_function with main_function from main executable.
// If main_function is not present, override dll_function with default_function.
#define INTERCEPT_WHEN_POSSIBLE(main_function, default_function, dll_function) \
template <> struct FunctionInterceptor<__LINE__> { \
static void Execute() { \
uptr wrapper = getRealProcAddress(#main_function); \
if (! wrapper) \
wrapper = getRealProcAddressOrDie(#default_function); \
if (!__interception::OverrideFunction((uptr)dll_function, wrapper, 0)) \
abort(); \
FunctionInterceptor<__LINE__ - 1>::Execute(); \
} \
};
// Special case of hooks -- ASan own interface functions. Those are only called // Special case of hooks -- ASan own interface functions. Those are only called
// after __asan_init, thus an empty implementation is sufficient. // after __asan_init, thus an empty implementation is sufficient.
#define INTERFACE_FUNCTION(name) \ #define INTERFACE_FUNCTION(name) \
extern "C" __declspec(noinline) void name() { \ extern "C" __declspec(noinline) void name() { \
volatile int prevent_icf = (__LINE__ << 8); (void)prevent_icf; \ volatile int prevent_icf = (__LINE__ << 8); (void)prevent_icf; \
__debugbreak(); \ __debugbreak(); \
} \ } \
INTERCEPT_WHEN_POSSIBLE(#name, name) INTERCEPT_OR_DIE(#name, name)
// Special case of hooks -- Weak functions, could be redefined in the main
// executable, but that is not necessary, so we shouldn't die if we can not find
// a reference. Instead, when the function is not present in the main executable
// we consider the default impl provided by asan library.
#define INTERFACE_WEAK_FUNCTION(name) \
extern "C" __declspec(noinline) void name() { \
volatile int prevent_icf = (__LINE__ << 8); (void)prevent_icf; \
__debugbreak(); \
} \
INTERCEPT_WHEN_POSSIBLE(name, WEAK_DEF_NAME(name), name)
// INTERCEPT_HOOKS must be used after the last INTERCEPT_WHEN_POSSIBLE. // INTERCEPT_HOOKS must be used after the last INTERCEPT_OR_DIE.
#define INTERCEPT_HOOKS FunctionInterceptor<__LINE__>::Execute #define INTERCEPT_HOOKS FunctionInterceptor<__LINE__>::Execute
// We can't define our own version of strlen etc. because that would lead to // We can't define our own version of strlen etc. because that would lead to
// link-time or even type mismatch errors. Instead, we can declare a function // link-time or even type mismatch errors. Instead, we can declare a function
// just to be able to get its address. Me may miss the first few calls to the // just to be able to get its address. Me may miss the first few calls to the
// functions since it can be called before __asan_init, but that would lead to // functions since it can be called before __asan_init, but that would lead to
// false negatives in the startup code before user's global initializers, which // false negatives in the startup code before user's global initializers, which
// isn't a big deal. // isn't a big deal.
#define INTERCEPT_LIBRARY_FUNCTION(name) \ #define INTERCEPT_LIBRARY_FUNCTION(name) \
extern "C" void name(); \ extern "C" void name(); \
INTERCEPT_WHEN_POSSIBLE(WRAPPER_NAME(name), name) INTERCEPT_OR_DIE(WRAPPER_NAME(name), name)
// Disable compiler warnings that show up if we declare our own version // Disable compiler warnings that show up if we declare our own version
// of a compiler intrinsic (e.g. strlen). // of a compiler intrinsic (e.g. strlen).
#pragma warning(disable: 4391) #pragma warning(disable: 4391)
#pragma warning(disable: 4392) #pragma warning(disable: 4392)
static void InterceptHooks(); static void InterceptHooks();
// }}} // }}}
// ---------- Function wrapping helpers ----------------------------------- {{{1 // ---------- Function wrapping helpers ----------------------------------- {{{1
#define WRAP_V_V(name) \ #define WRAP_V_V(name) \
extern "C" void name() { \ extern "C" void name() { \
typedef decltype(name) *fntype; \ typedef decltype(name) *fntype; \
static fntype fn = (fntype)getRealProcAddressOrDie(#name); \ static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
fn(); \ fn(); \
} \ } \
INTERCEPT_WHEN_POSSIBLE(#name, name); INTERCEPT_OR_DIE(#name, name);
#define WRAP_V_W(name) \ #define WRAP_V_W(name) \
extern "C" void name(void *arg) { \ extern "C" void name(void *arg) { \
typedef decltype(name) *fntype; \ typedef decltype(name) *fntype; \
static fntype fn = (fntype)getRealProcAddressOrDie(#name); \ static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
fn(arg); \ fn(arg); \
} \ } \
INTERCEPT_WHEN_POSSIBLE(#name, name); INTERCEPT_OR_DIE(#name, name);
#define WRAP_V_WW(name) \ #define WRAP_V_WW(name) \
extern "C" void name(void *arg1, void *arg2) { \ extern "C" void name(void *arg1, void *arg2) { \
typedef decltype(name) *fntype; \ typedef decltype(name) *fntype; \
static fntype fn = (fntype)getRealProcAddressOrDie(#name); \ static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
fn(arg1, arg2); \ fn(arg1, arg2); \
} \ } \
INTERCEPT_WHEN_POSSIBLE(#name, name); INTERCEPT_OR_DIE(#name, name);
#define WRAP_V_WWW(name) \ #define WRAP_V_WWW(name) \
extern "C" void name(void *arg1, void *arg2, void *arg3) { \ extern "C" void name(void *arg1, void *arg2, void *arg3) { \
typedef decltype(name) *fntype; \ typedef decltype(name) *fntype; \
static fntype fn = (fntype)getRealProcAddressOrDie(#name); \ static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
fn(arg1, arg2, arg3); \ fn(arg1, arg2, arg3); \
} \ } \
INTERCEPT_WHEN_POSSIBLE(#name, name); INTERCEPT_OR_DIE(#name, name);
#define WRAP_W_V(name) \ #define WRAP_W_V(name) \
extern "C" void *name() { \ extern "C" void *name() { \
typedef decltype(name) *fntype; \ typedef decltype(name) *fntype; \
static fntype fn = (fntype)getRealProcAddressOrDie(#name); \ static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
return fn(); \ return fn(); \
} \ } \
INTERCEPT_WHEN_POSSIBLE(#name, name); INTERCEPT_OR_DIE(#name, name);
#define WRAP_W_W(name) \ #define WRAP_W_W(name) \
extern "C" void *name(void *arg) { \ extern "C" void *name(void *arg) { \
typedef decltype(name) *fntype; \ typedef decltype(name) *fntype; \
static fntype fn = (fntype)getRealProcAddressOrDie(#name); \ static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
return fn(arg); \ return fn(arg); \
} \ } \
INTERCEPT_WHEN_POSSIBLE(#name, name); INTERCEPT_OR_DIE(#name, name);
#define WRAP_W_WW(name) \ #define WRAP_W_WW(name) \
extern "C" void *name(void *arg1, void *arg2) { \ extern "C" void *name(void *arg1, void *arg2) { \
typedef decltype(name) *fntype; \ typedef decltype(name) *fntype; \
static fntype fn = (fntype)getRealProcAddressOrDie(#name); \ static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
return fn(arg1, arg2); \ return fn(arg1, arg2); \
} \ } \
INTERCEPT_WHEN_POSSIBLE(#name, name); INTERCEPT_OR_DIE(#name, name);
#define WRAP_W_WWW(name) \ #define WRAP_W_WWW(name) \
extern "C" void *name(void *arg1, void *arg2, void *arg3) { \ extern "C" void *name(void *arg1, void *arg2, void *arg3) { \
typedef decltype(name) *fntype; \ typedef decltype(name) *fntype; \
static fntype fn = (fntype)getRealProcAddressOrDie(#name); \ static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
return fn(arg1, arg2, arg3); \ return fn(arg1, arg2, arg3); \
} \ } \
INTERCEPT_WHEN_POSSIBLE(#name, name); INTERCEPT_OR_DIE(#name, name);
#define WRAP_W_WWWW(name) \ #define WRAP_W_WWWW(name) \
extern "C" void *name(void *arg1, void *arg2, void *arg3, void *arg4) { \ extern "C" void *name(void *arg1, void *arg2, void *arg3, void *arg4) { \
typedef decltype(name) *fntype; \ typedef decltype(name) *fntype; \
static fntype fn = (fntype)getRealProcAddressOrDie(#name); \ static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
return fn(arg1, arg2, arg3, arg4); \ return fn(arg1, arg2, arg3, arg4); \
} \ } \
INTERCEPT_WHEN_POSSIBLE(#name, name); INTERCEPT_OR_DIE(#name, name);
#define WRAP_W_WWWWW(name) \ #define WRAP_W_WWWWW(name) \
extern "C" void *name(void *arg1, void *arg2, void *arg3, void *arg4, \ extern "C" void *name(void *arg1, void *arg2, void *arg3, void *arg4, \
void *arg5) { \ void *arg5) { \
typedef decltype(name) *fntype; \ typedef decltype(name) *fntype; \
static fntype fn = (fntype)getRealProcAddressOrDie(#name); \ static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
return fn(arg1, arg2, arg3, arg4, arg5); \ return fn(arg1, arg2, arg3, arg4, arg5); \
} \ } \
INTERCEPT_WHEN_POSSIBLE(#name, name); INTERCEPT_OR_DIE(#name, name);
#define WRAP_W_WWWWWW(name) \ #define WRAP_W_WWWWWW(name) \
extern "C" void *name(void *arg1, void *arg2, void *arg3, void *arg4, \ extern "C" void *name(void *arg1, void *arg2, void *arg3, void *arg4, \
void *arg5, void *arg6) { \ void *arg5, void *arg6) { \
typedef decltype(name) *fntype; \ typedef decltype(name) *fntype; \
static fntype fn = (fntype)getRealProcAddressOrDie(#name); \ static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
return fn(arg1, arg2, arg3, arg4, arg5, arg6); \ return fn(arg1, arg2, arg3, arg4, arg5, arg6); \
} \ } \
INTERCEPT_WHEN_POSSIBLE(#name, name); INTERCEPT_OR_DIE(#name, name);
// }}} // }}}
// ----------------- ASan own interface functions -------------------- // ----------------- ASan own interface functions --------------------
// Don't use the INTERFACE_FUNCTION machinery for this function as we actually // Don't use the INTERFACE_FUNCTION machinery for this function as we actually
// want to call it in the __asan_init interceptor. // want to call it in the __asan_init interceptor.
WRAP_W_V(__asan_should_detect_stack_use_after_return) WRAP_W_V(__asan_should_detect_stack_use_after_return)
WRAP_W_V(__asan_get_shadow_memory_dynamic_address) WRAP_W_V(__asan_get_shadow_memory_dynamic_address)
▲ Show 20 LinesShow All 116 Lines▼ Show 20 Lines
INTERFACE_FUNCTION(__sanitizer_cov_dump) INTERFACE_FUNCTION(__sanitizer_cov_dump)
INTERFACE_FUNCTION(__sanitizer_dump_coverage) INTERFACE_FUNCTION(__sanitizer_dump_coverage)
INTERFACE_FUNCTION(__sanitizer_dump_trace_pc_guard_coverage) INTERFACE_FUNCTION(__sanitizer_dump_trace_pc_guard_coverage)
INTERFACE_FUNCTION(__sanitizer_cov_indir_call16) INTERFACE_FUNCTION(__sanitizer_cov_indir_call16)
INTERFACE_FUNCTION(__sanitizer_cov_init) INTERFACE_FUNCTION(__sanitizer_cov_init)
INTERFACE_FUNCTION(__sanitizer_cov_module_init) INTERFACE_FUNCTION(__sanitizer_cov_module_init)
INTERFACE_FUNCTION(__sanitizer_cov_trace_basic_block) INTERFACE_FUNCTION(__sanitizer_cov_trace_basic_block)
INTERFACE_FUNCTION(__sanitizer_cov_trace_func_enter) INTERFACE_FUNCTION(__sanitizer_cov_trace_func_enter)
INTERFACE_FUNCTION(__sanitizer_cov_trace_cmp) INTERFACE_WEAK_FUNCTION(__sanitizer_cov_trace_cmp)
INTERFACE_FUNCTION(__sanitizer_cov_trace_cmp1) INTERFACE_WEAK_FUNCTION(__sanitizer_cov_trace_cmp1)
INTERFACE_FUNCTION(__sanitizer_cov_trace_cmp2) INTERFACE_WEAK_FUNCTION(__sanitizer_cov_trace_cmp2)
INTERFACE_FUNCTION(__sanitizer_cov_trace_cmp4) INTERFACE_WEAK_FUNCTION(__sanitizer_cov_trace_cmp4)
INTERFACE_FUNCTION(__sanitizer_cov_trace_cmp8) INTERFACE_WEAK_FUNCTION(__sanitizer_cov_trace_cmp8)
INTERFACE_FUNCTION(__sanitizer_cov_trace_switch) INTERFACE_WEAK_FUNCTION(__sanitizer_cov_trace_switch)
INTERFACE_FUNCTION(__sanitizer_cov_trace_div4) INTERFACE_WEAK_FUNCTION(__sanitizer_cov_trace_div4)
INTERFACE_FUNCTION(__sanitizer_cov_trace_div8) INTERFACE_WEAK_FUNCTION(__sanitizer_cov_trace_div8)
INTERFACE_FUNCTION(__sanitizer_cov_trace_gep) INTERFACE_WEAK_FUNCTION(__sanitizer_cov_trace_gep)
INTERFACE_FUNCTION(__sanitizer_cov_trace_pc_indir) INTERFACE_WEAK_FUNCTION(__sanitizer_cov_trace_pc_indir)
INTERFACE_FUNCTION(__sanitizer_cov_trace_pc_guard) INTERFACE_WEAK_FUNCTION(__sanitizer_cov_trace_pc_guard)
INTERFACE_FUNCTION(__sanitizer_cov_trace_pc_guard_init) INTERFACE_WEAK_FUNCTION(__sanitizer_cov_trace_pc_guard_init)
INTERFACE_FUNCTION(__sanitizer_cov_with_check) INTERFACE_FUNCTION(__sanitizer_cov_with_check)
INTERFACE_FUNCTION(__sanitizer_get_allocated_size) INTERFACE_FUNCTION(__sanitizer_get_allocated_size)
INTERFACE_FUNCTION(__sanitizer_get_coverage_guards) INTERFACE_FUNCTION(__sanitizer_get_coverage_guards)
INTERFACE_FUNCTION(__sanitizer_get_current_allocated_bytes) INTERFACE_FUNCTION(__sanitizer_get_current_allocated_bytes)
INTERFACE_FUNCTION(__sanitizer_get_estimated_allocated_size) INTERFACE_FUNCTION(__sanitizer_get_estimated_allocated_size)
INTERFACE_FUNCTION(__sanitizer_get_free_bytes) INTERFACE_FUNCTION(__sanitizer_get_free_bytes)
INTERFACE_FUNCTION(__sanitizer_get_heap_size) INTERFACE_FUNCTION(__sanitizer_get_heap_size)
INTERFACE_FUNCTION(__sanitizer_get_ownership) INTERFACE_FUNCTION(__sanitizer_get_ownership)
▲ Show 20 LinesShow All 138 LinesShow Last 20 Lines