This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
lib/sanitizer_common/
-
sanitizer_common/
-
sanitizer_win_dll_thunk.h

Differential D30219

[compiler-rt][asan] Fix incorrect macro preventing ICF with MSVC
ClosedPublic

Authored by etienneb on Feb 21 2017, 11:18 AM.

Download Raw Diff

Details

Reviewers

rnk

Commits

rG0eec53cb4152: [compiler-rt][asan] Fix incorrect macro preventing ICF with MSVC
rCRT295761: [compiler-rt][asan] Fix incorrect macro preventing ICF with MSVC
rL295761: [compiler-rt][asan] Fix incorrect macro preventing ICF with MSVC

Summary

The DLL thunks are stubs added to an instrumented DLL to redirect ASAN API calls
to the real ones in the main executable. These thunks must contain dummy
code before __asan_init got called. Unfortunately, MSVC linker is doing ICF and is
merging functions with the same body.

In our case, this two ASAN thunks were incorrectly merged:

asan_interface.inc:16
INTERFACE_FUNCTION(__asan_before_dynamic_init)

sanitizer_common_interface.inc:16
INTERFACE_FUNCTION(__sanitizer_verify_contiguous_container)

The same thunk got patched twice. After the second patching, calls to
__asan_before_dynamic_init are redirected to __sanitizer_verify_contiguous_container
and trigger a DCHECK on incorrect operands/

The problem was caused by the macro that is only using LINE to prevent
collapsing code.

#define INTERCEPT_SANITIZER_FUNCTION(name)
  extern "C" __declspec(noinline) void name() {
  volatile int prevent_icf = (__LINE__ << 8); (void)prevent_icf;

The current patch is adding COUNTER which is safer than LINE.

Also, to precent ICF (guarantee that code is different), we are using a unique attribute:

the name of the function

Diff Detail

Build Status

Buildable 4154
Build 4154: arc lint + arc unit

Event Timeline

etienneb created this revision.Feb 21 2017, 11:18 AM

Herald added subscribers: dberris, kubamracek. · View Herald TranscriptFeb 21 2017, 11:18 AM

Harbormaster completed remote builds in B4154: Diff 89251.Feb 21 2017, 11:18 AM

etienneb edited the summary of this revision. (Show Details)Feb 21 2017, 11:21 AM

etienneb edited the summary of this revision. (Show Details)Feb 21 2017, 11:25 AM

etienneb edited the summary of this revision. (Show Details)

lgtm

My best other idea is to try to make the functions self-recursive, but I don't think that's enough.

This revision is now accepted and ready to land.Feb 21 2017, 11:28 AM

My other idea was to provide raw bytes and emit them into the code section.

char think[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0xCC, 0xCC, 0xCC 0xCC, ... 0xCC };

Now, we rely on the compiler to produce a function that we are able to patch instead of hardcoding a function we can patch.
But still, we need to prevent ICF.

Nice, counter macro is better.

If we want raw bytes I'd use an assembler file.

etienneb closed this revision.Feb 21 2017, 12:16 PM

Revision Contents

Path

Size

lib/

sanitizer_common/

sanitizer_win_dll_thunk.h

12 lines

Diff 89251

lib/sanitizer_common/sanitizer_win_dll_thunk.h

Show First 20 Lines • Show All 47 Lines • ▼ Show 20 Lines	#define INTERCEPT_WHEN_POSSIBLE(main_function, default_function, dll_function) \
__declspec(allocate(".DLLTH$M")) int (*__dll_thunk_##dll_function)() = \		__declspec(allocate(".DLLTH$M")) int (*__dll_thunk_##dll_function)() = \
intercept_##dll_function;		intercept_##dll_function;

// -------------------- Function interception macros ------------------------ //		// -------------------- Function interception macros ------------------------ //
// Special case of hooks -- ASan own interface functions. Those are only called		// Special case of hooks -- ASan own interface functions. Those are only called
// after __asan_init, thus an empty implementation is sufficient.		// after __asan_init, thus an empty implementation is sufficient.
#define INTERCEPT_SANITIZER_FUNCTION(name) \		#define INTERCEPT_SANITIZER_FUNCTION(name) \
extern "C" __declspec(noinline) void name() { \		extern "C" __declspec(noinline) void name() { \
volatile int prevent_icf = (__LINE__ << 8); (void)prevent_icf; \		volatile int prevent_icf = (__LINE__ << 8) ^ __COUNTER__; \
		static const char function_name[] = #name; \
		for (const char* ptr = &function_name[0]; *ptr; ++ptr) \
		prevent_icf ^= *ptr; \
		(void)prevent_icf; \
__debugbreak(); \		__debugbreak(); \
} \		} \
INTERCEPT_OR_DIE(#name, name)		INTERCEPT_OR_DIE(#name, name)

// Special case of hooks -- Weak functions, could be redefined in the main		// Special case of hooks -- Weak functions, could be redefined in the main
// executable, but that is not necessary, so we shouldn't die if we can not find		// executable, but that is not necessary, so we shouldn't die if we can not find
// a reference. Instead, when the function is not present in the main executable		// a reference. Instead, when the function is not present in the main executable
// we consider the default impl provided by asan library.		// we consider the default impl provided by asan library.
#define INTERCEPT_SANITIZER_WEAK_FUNCTION(name) \		#define INTERCEPT_SANITIZER_WEAK_FUNCTION(name) \
extern "C" __declspec(noinline) void name() { \		extern "C" __declspec(noinline) void name() { \
volatile int prevent_icf = (__LINE__ << 8); (void)prevent_icf; \		volatile int prevent_icf = (__LINE__ << 8) ^ __COUNTER__; \
		static const char function_name[] = #name; \
		for (const char* ptr = &function_name[0]; *ptr; ++ptr) \
		prevent_icf ^= *ptr; \
		(void)prevent_icf; \
__debugbreak(); \		__debugbreak(); \
} \		} \
INTERCEPT_WHEN_POSSIBLE(#name, STRINGIFY(WEAK_EXPORT_NAME(name)), name)		INTERCEPT_WHEN_POSSIBLE(#name, STRINGIFY(WEAK_EXPORT_NAME(name)), name)

// We can't define our own version of strlen etc. because that would lead to		// We can't define our own version of strlen etc. because that would lead to
// link-time or even type mismatch errors. Instead, we can declare a function		// link-time or even type mismatch errors. Instead, we can declare a function
// just to be able to get its address. Me may miss the first few calls to the		// just to be able to get its address. Me may miss the first few calls to the
// functions since it can be called before __dll_thunk_init, but that would lead		// functions since it can be called before __dll_thunk_init, but that would lead
▲ Show 20 Lines • Show All 99 Lines • Show Last 20 Lines