This is an archive of the discontinued LLVM Phabricator instance.

Differential D31593

[Asan] Introduce the concept of physical shadow memory
AbandonedPublic

Authored by kosarev on Apr 3 2017, 1:47 AM.

Details

Reviewers
kcc
filcab
dvyukov
samsonov
eugenis

Diff Detail

Event Timeline

kosarev created this revision.Apr 3 2017, 1:47 AM
Herald added a subscriber: kubamracek. · View Herald TranscriptApr 3 2017, 1:47 AM
filcab edited edge metadata.Apr 11 2017, 9:38 AM

Please make the commit message descriptive for people doing git blame (or svn blame) later.

lib/asan/asan_mapping.h
208

While you're touching these lines, maybe align them with the ones above by removing the space before define and adding spaces before MEM_TO_VSHADOW?

kosarev updated this revision to Diff 95138.Apr 13 2017, 8:47 AM

Updated as suggested.

kosarev added a comment.Apr 13 2017, 8:48 AM
In D31593#723859, @filcab wrote:

Please make the commit message descriptive for people doing git blame (or svn blame) later.

Right, will do. Thanks for reminding.

kosarev updated this revision to Diff 97234.Apr 30 2017, 7:59 AM

This patch introduces a class of shadow pointers designed to be the interface to physical shadow memory. The idea behind shadow pointers is to encapsulate the physical memory mechanics so that:

  • sequential accesses to the same shadow page do not cause extra virtual-to-physical address translations, thus providing acceptable performance in the MMU-less mode and
  • sanitizer developers are not forced to take care of the organization of physical memory when dealing with shadow accesses.

This patch intentionally includes (not-yet-committed) D31395 so one could apply and test it if necessary. Once generally accepted, I will remove those common parts and update the patch.

Herald added a subscriber: mgorny. · View Herald TranscriptApr 30 2017, 7:59 AM
dvyukov edited edge metadata.May 1 2017, 3:58 AM
In D31593#741845, @kosarev wrote:

This patch introduces a class of shadow pointers designed to be the interface to physical shadow memory. The idea behind shadow pointers is to encapsulate the physical memory mechanics so that:

  • sequential accesses to the same shadow page do not cause extra virtual-to-physical address translations, thus providing acceptable performance in the MMU-less mode and
  • sanitizer developers are not forced to take care of the organization of physical memory when dealing with shadow accesses.

This patch intentionally includes (not-yet-committed) D31395 so one could apply and test it if necessary. Once generally accepted, I will remove those common parts and update the patch.

Previously we discussed an option of mapping continuous shadow for continuous user regions. That would not require any changes to asan/msan/tsan core code.
Until we evaluated that idea and decided that it's completely infeasible, I don't like approach in this patch.

kosarev added a comment.May 2 2017, 9:31 AM

Understood. Will let you know if there are issues with the allocations-intercepting approach. Thanks.

kosarev abandoned this revision.Nov 28 2017, 8:52 AM

Intercepting of allocations worked well for us. Thanks Dmitry.

Revision Contents

PathSize
7 lines
lib/
asan/
7 lines
4 lines
79 lines
4 lines
20 lines
5 lines
tests/
5 lines
test/
asan/
4 lines
2 lines
safestack/
3 lines

Diff 97234

CMakeLists.txt

Show First 20 LinesShow All 84 Lines▼ Show 20 Lineselseif(MSVC)
set(use_cxxabi_default OFF) set(use_cxxabi_default OFF)
else() else()
set(use_cxxabi_default ON) set(use_cxxabi_default ON)
endif() endif()
option(SANITIZER_CAN_USE_CXXABI "Sanitizers can use cxxabi" ${use_cxxabi_default}) option(SANITIZER_CAN_USE_CXXABI "Sanitizers can use cxxabi" ${use_cxxabi_default})
pythonize_bool(SANITIZER_CAN_USE_CXXABI) pythonize_bool(SANITIZER_CAN_USE_CXXABI)
option(SANITIZER_USE_SOFTWARE_MEMORY_MANAGER
"Experimental: Use software memory manager instead of mmap() in sanitizers." OFF)
mark_as_advanced(SANITIZER_USE_SOFTWARE_MEMORY_MANAGER)
pythonize_bool(SANITIZER_USE_SOFTWARE_MEMORY_MANAGER)
#================================ #================================
# Setup Compiler Flags # Setup Compiler Flags
#================================ #================================
if(MSVC) if(MSVC)
# Override any existing /W flags with /W4. This is what LLVM does. Failing to # Override any existing /W flags with /W4. This is what LLVM does. Failing to
# remove other /W[0-4] flags will result in a warning about overriding a # remove other /W[0-4] flags will result in a warning about overriding a
# previous flag. # previous flag.
▲ Show 20 LinesShow All 62 Lines▼ Show 20 Linesif(MSVC)
# However, ASan interceptors run before CRT initialization, which causes the # However, ASan interceptors run before CRT initialization, which causes the
# new thread safe code to crash. Disable this feature for now. # new thread safe code to crash. Disable this feature for now.
if (MSVC_VERSION GREATER 1899 OR "${CMAKE_CXX_COMPILER_ID}" MATCHES "Clang") if (MSVC_VERSION GREATER 1899 OR "${CMAKE_CXX_COMPILER_ID}" MATCHES "Clang")
list(APPEND SANITIZER_COMMON_CFLAGS /Zc:threadSafeInit-) list(APPEND SANITIZER_COMMON_CFLAGS /Zc:threadSafeInit-)
endif() endif()
endif() endif()
append_list_if(COMPILER_RT_DEBUG -DSANITIZER_DEBUG=1 SANITIZER_COMMON_CFLAGS) append_list_if(COMPILER_RT_DEBUG -DSANITIZER_DEBUG=1 SANITIZER_COMMON_CFLAGS)
append_list_if(SANITIZER_USE_SOFTWARE_MEMORY_MANAGER
-DSANITIZER_USE_SOFTWARE_MEMORY_MANAGER=1 SANITIZER_COMMON_CFLAGS)
# Build with optimization, unless we're in debug mode. If we're using MSVC, # Build with optimization, unless we're in debug mode. If we're using MSVC,
# always respect the optimization flags set by CMAKE_BUILD_TYPE instead. # always respect the optimization flags set by CMAKE_BUILD_TYPE instead.
if(NOT COMPILER_RT_DEBUG AND NOT MSVC) if(NOT COMPILER_RT_DEBUG AND NOT MSVC)
list(APPEND SANITIZER_COMMON_CFLAGS -O3) list(APPEND SANITIZER_COMMON_CFLAGS -O3)
endif() endif()
# Determine if we should restrict stack frame sizes. # Determine if we should restrict stack frame sizes.
▲ Show 20 LinesShow All 80 LinesShow Last 20 Lines

lib/asan/asan_allocator.cc

Show First 20 LinesShow All 408 Lines▼ Show 20 Lines if (t) {
SpinMutexLock l(&fallback_mutex); SpinMutexLock l(&fallback_mutex);
AllocatorCache *cache = &fallback_allocator_cache; AllocatorCache *cache = &fallback_allocator_cache;
allocated = allocated =
allocator.Allocate(cache, needed_size, 8, false, check_rss_limit); allocator.Allocate(cache, needed_size, 8, false, check_rss_limit);
} }
if (!allocated) return allocator.ReturnNullOrDieOnOOM(); if (!allocated) return allocator.ReturnNullOrDieOnOOM();
if (*(u8 *)MEM_TO_SHADOW((uptr)allocated) == 0 && CanPoisonMemory()) { if (*shadow_ptr(allocated) == 0 && CanPoisonMemory()) {
// Heap poisoning is enabled, but the allocator provides an unpoisoned // Heap poisoning is enabled, but the allocator provides an unpoisoned
// chunk. This is possible if CanPoisonMemory() was false for some // chunk. This is possible if CanPoisonMemory() was false for some
// time, for example, due to flags()->start_disabled. // time, for example, due to flags()->start_disabled.
// Anyway, poison the block before using it for anything else. // Anyway, poison the block before using it for anything else.
uptr allocated_size = allocator.GetActuallyAllocatedSize(allocated); uptr allocated_size = allocator.GetActuallyAllocatedSize(allocated);
PoisonShadow((uptr)allocated, allocated_size, kAsanHeapLeftRedzoneMagic); PoisonShadow((uptr)allocated, allocated_size, kAsanHeapLeftRedzoneMagic);
} }
Show All 35 Lines void *Allocate(uptr size, uptr alignment, BufferedStackTrace *stack,
uptr size_rounded_down_to_granularity = uptr size_rounded_down_to_granularity =
RoundDownTo(size, SHADOW_GRANULARITY); RoundDownTo(size, SHADOW_GRANULARITY);
// Unpoison the bulk of the memory region. // Unpoison the bulk of the memory region.
if (size_rounded_down_to_granularity) if (size_rounded_down_to_granularity)
PoisonShadow(user_beg, size_rounded_down_to_granularity, 0); PoisonShadow(user_beg, size_rounded_down_to_granularity, 0);
// Deal with the end of the region if size is not aligned to granularity. // Deal with the end of the region if size is not aligned to granularity.
if (size != size_rounded_down_to_granularity && CanPoisonMemory()) { if (size != size_rounded_down_to_granularity && CanPoisonMemory()) {
u8 *shadow = u8 sval = fl.poison_partial ? (size & (SHADOW_GRANULARITY - 1)) : 0;
(u8 *)MemToShadow(user_beg + size_rounded_down_to_granularity); *checked_shadow_ptr(user_beg + size_rounded_down_to_granularity) = sval;
*shadow = fl.poison_partial ? (size & (SHADOW_GRANULARITY - 1)) : 0;
} }
AsanStats &thread_stats = GetCurrentThreadStats(); AsanStats &thread_stats = GetCurrentThreadStats();
thread_stats.mallocs++; thread_stats.mallocs++;
thread_stats.malloced += size; thread_stats.malloced += size;
thread_stats.malloced_redzones += needed_size - size; thread_stats.malloced_redzones += needed_size - size;
if (needed_size > SizeClassMap::kMaxSize) if (needed_size > SizeClassMap::kMaxSize)
thread_stats.malloc_large++; thread_stats.malloc_large++;
▲ Show 20 LinesShow All 517 LinesShow Last 20 Lines

lib/asan/asan_fake_stack.cc

Show All 23 Lines
static const u64 kMagic8 = (kMagic4 << 32) | kMagic4; static const u64 kMagic8 = (kMagic4 << 32) | kMagic4;
static const u64 kAllocaRedzoneSize = 32UL; static const u64 kAllocaRedzoneSize = 32UL;
static const u64 kAllocaRedzoneMask = 31UL; static const u64 kAllocaRedzoneMask = 31UL;
// For small size classes inline PoisonShadow for better performance. // For small size classes inline PoisonShadow for better performance.
ALWAYS_INLINE void SetShadow(uptr ptr, uptr size, uptr class_id, u64 magic) { ALWAYS_INLINE void SetShadow(uptr ptr, uptr size, uptr class_id, u64 magic) {
CHECK_EQ(SHADOW_SCALE, 3); // This code expects SHADOW_SCALE=3. CHECK_EQ(SHADOW_SCALE, 3); // This code expects SHADOW_SCALE=3.
u64 *shadow = reinterpret_cast<u64*>(MemToShadow(ptr)); checked_shadow_ptr shadow(ptr);
if (class_id <= 6) { if (class_id <= 6) {
for (uptr i = 0; i < (((uptr)1) << class_id); i++) { for (uptr i = 0; i < (((uptr)1) << class_id); i++) {
shadow[i] = magic; shadow.at<u64>(i) = magic;
// Make sure this does not become memset. // Make sure this does not become memset.
SanitizerBreakOptimization(nullptr); SanitizerBreakOptimization(nullptr);
} }
} else { } else {
// The size class is too big, it's cheaper to poison only size bytes. // The size class is too big, it's cheaper to poison only size bytes.
PoisonShadow(ptr, size, static_cast<u8>(magic)); PoisonShadow(ptr, size, static_cast<u8>(magic));
} }
} }
▲ Show 20 LinesShow All 240 LinesShow Last 20 Lines

lib/asan/asan_mapping.h

Show First 20 LinesShow All 199 Lines▼ Show 20 Lines
#define kHighMemBeg (MEM_TO_SHADOW(kHighMemEnd) + 1) #define kHighMemBeg (MEM_TO_SHADOW(kHighMemEnd) + 1)
#define kHighShadowBeg MEM_TO_SHADOW(kHighMemBeg) #define kHighShadowBeg MEM_TO_SHADOW(kHighMemBeg)
#define kHighShadowEnd MEM_TO_SHADOW(kHighMemEnd) #define kHighShadowEnd MEM_TO_SHADOW(kHighMemEnd)
# define kMidShadowBeg MEM_TO_SHADOW(kMidMemBeg) # define kMidShadowBeg MEM_TO_SHADOW(kMidMemBeg)
# define kMidShadowEnd MEM_TO_SHADOW(kMidMemEnd) # define kMidShadowEnd MEM_TO_SHADOW(kMidMemEnd)
filcabUnsubmitted
Not Done
ReplyInline Actions

While you're touching these lines, maybe align them with the ones above by removing the space before define and adding spaces before MEM_TO_VSHADOW?

filcab: While you're touching these lines, maybe align them with the ones above by removing the space…
// With the zero shadow base we can not actually map pages starting from 0. // With the zero shadow base we can not actually map pages starting from 0.
// This constant is somewhat arbitrary. // This constant is somewhat arbitrary.
#define kZeroBaseShadowStart 0 #define kZeroBaseShadowStart 0
#define kZeroBaseMaxShadowStart (1 << 18) #define kZeroBaseMaxShadowStart (1 << 18)
#define kShadowGapBeg (kLowShadowEnd ? kLowShadowEnd + 1 \ #define kShadowGapBeg (kLowShadowEnd ? kLowShadowEnd + 1 \
: kZeroBaseShadowStart) : kZeroBaseShadowStart)
#define kShadowGapEnd ((kMidMemBeg ? kMidShadowBeg : kHighShadowBeg) - 1) #define kShadowGapEnd ((kMidMemBeg ? kMidShadowBeg : kHighShadowBeg) - 1)
Show All 13 Lines
#endif #endif
// If 1, all shadow boundaries are constants. // If 1, all shadow boundaries are constants.
// Don't set to 1 other than for testing. // Don't set to 1 other than for testing.
#define ASAN_FIXED_MAPPING 0 #define ASAN_FIXED_MAPPING 0
namespace __asan { namespace __asan {
#if SANITIZER_USE_SOFTWARE_MEMORY_MANAGER
static const unsigned page_size_scale = 16; // 64K bytes.
static const unsigned page_size = 1u << page_size_scale;
static const unsigned page_size_mask = page_size - 1;
static const uptr non_existent_vpage_no = ~static_cast<uptr>(0);
// Return offset within shadow page.
#define PAGE_OFFSET(vp) (static_cast<uptr>((vp)) & page_size_mask)
// Return virtual page number by given virtual address.
#define VPTR_TO_VPAGE(vp) (static_cast<uptr>((vp)) >> page_size_scale)
#endif // SANITIZER_USE_SOFTWARE_MEMORY_MANAGER
// Pointers of this class provide access to physical shadow memory.
class shadow_ptr {
public:
explicit shadow_ptr(uptr mem)
: value(MEM_TO_SHADOW(mem))
#if SANITIZER_USE_SOFTWARE_MEMORY_MANAGER
, last_vpage_hit(non_existent_vpage_no), page(nullptr)
#endif
{}
explicit shadow_ptr(void *mem)
: shadow_ptr(reinterpret_cast<uptr>(mem))
{}
u8 &access(uptr p) {
#if SANITIZER_USE_SOFTWARE_MEMORY_MANAGER
uptr vpage = VPTR_TO_VPAGE(p);
if (vpage != last_vpage_hit) {
// TODO(ikosarev): Get a pointer to the physical page here.
page = reinterpret_cast<u8*>(p) - PAGE_OFFSET(p);
last_vpage_hit = vpage;
}
return page[PAGE_OFFSET(p)];
#else
return *reinterpret_cast<u8*>(p);
#endif
}
u8 &operator * () { return access(value); }
template<typename cell_type>
cell_type &ref() {
return reinterpret_cast<cell_type&>(access(value));
}
template<typename cell_type>
cell_type &at(uptr index) {
uptr p = value + sizeof(cell_type) * index;
return reinterpret_cast<cell_type&>(access(p));
}
shadow_ptr &operator ++() {
++value;
return *this;
}
private:
uptr value;
#if SANITIZER_USE_SOFTWARE_MEMORY_MANAGER
uptr last_vpage_hit;
u8 *page;
#endif
};
extern uptr AsanMappingProfile[]; extern uptr AsanMappingProfile[];
#if ASAN_FIXED_MAPPING #if ASAN_FIXED_MAPPING
// Fixed mapping for 64-bit Linux. Mostly used for performance comparison // Fixed mapping for 64-bit Linux. Mostly used for performance comparison
// with non-fixed mapping. As of r175253 (Feb 2013) the performance // with non-fixed mapping. As of r175253 (Feb 2013) the performance
// difference between fixed and non-fixed mapping is below the noise level. // difference between fixed and non-fixed mapping is below the noise level.
static uptr kHighMemEnd = 0x7fffffffffffULL; static uptr kHighMemEnd = 0x7fffffffffffULL;
static uptr kMidMemBeg = 0x3000000000ULL; static uptr kMidMemBeg = 0x3000000000ULL;
▲ Show 20 LinesShow All 44 Lines▼ Show 20 Lines
} }
static inline uptr MemToShadow(uptr p) { static inline uptr MemToShadow(uptr p) {
PROFILE_ASAN_MAPPING(); PROFILE_ASAN_MAPPING();
CHECK(AddrIsInMem(p)); CHECK(AddrIsInMem(p));
return MEM_TO_SHADOW(p); return MEM_TO_SHADOW(p);
} }
class checked_shadow_ptr : public shadow_ptr {
public:
explicit checked_shadow_ptr(uptr mem) : shadow_ptr(mem) {
PROFILE_ASAN_MAPPING();
CHECK(AddrIsInMem(mem));
}
};
static inline bool AddrIsInHighShadow(uptr a) { static inline bool AddrIsInHighShadow(uptr a) {
PROFILE_ASAN_MAPPING(); PROFILE_ASAN_MAPPING();
return a >= kHighShadowBeg && a <= kHighMemEnd; return a >= kHighShadowBeg && a <= kHighMemEnd;
} }
static inline bool AddrIsInMidShadow(uptr a) { static inline bool AddrIsInMidShadow(uptr a) {
PROFILE_ASAN_MAPPING(); PROFILE_ASAN_MAPPING();
return kMidMemBeg && a >= kMidShadowBeg && a <= kMidMemEnd; return kMidMemBeg && a >= kMidShadowBeg && a <= kMidMemEnd;
} }
static inline bool AddrIsInShadow(uptr a) { static inline bool AddrIsInShadow(uptr a) {
PROFILE_ASAN_MAPPING(); PROFILE_ASAN_MAPPING();
return AddrIsInLowShadow(a) || AddrIsInMidShadow(a) || AddrIsInHighShadow(a); return AddrIsInLowShadow(a) || AddrIsInMidShadow(a) || AddrIsInHighShadow(a);
} }
static inline bool AddrIsAlignedByGranularity(uptr a) { static inline bool AddrIsAlignedByGranularity(uptr a) {
PROFILE_ASAN_MAPPING(); PROFILE_ASAN_MAPPING();
return (a & (SHADOW_GRANULARITY - 1)) == 0; return (a & (SHADOW_GRANULARITY - 1)) == 0;
} }
static inline bool AddressIsPoisoned(uptr a) { static inline bool AddressIsPoisoned(uptr a) {
PROFILE_ASAN_MAPPING(); PROFILE_ASAN_MAPPING();
const uptr kAccessSize = 1; const uptr kAccessSize = 1;
u8 *shadow_address = (u8*)MEM_TO_SHADOW(a); s8 shadow_value = *shadow_ptr(a);
s8 shadow_value = *shadow_address;
if (shadow_value) { if (shadow_value) {
u8 last_accessed_byte = (a & (SHADOW_GRANULARITY - 1)) u8 last_accessed_byte = (a & (SHADOW_GRANULARITY - 1))
+ kAccessSize - 1; + kAccessSize - 1;
return (last_accessed_byte >= shadow_value); return (last_accessed_byte >= shadow_value);
} }
return false; return false;
} }
// Must be after all calls to PROFILE_ASAN_MAPPING(). // Must be after all calls to PROFILE_ASAN_MAPPING().
static const uptr kAsanMappingProfileSize = __LINE__; static const uptr kAsanMappingProfileSize = __LINE__;
} // namespace __asan } // namespace __asan
#endif // ASAN_MAPPING_H #endif // ASAN_MAPPING_H

lib/asan/asan_poisoning.h

Show First 20 LinesShow All 67 Lines▼ Show 20 Lines if (value ||
} }
} }
} }
ALWAYS_INLINE void FastPoisonShadowPartialRightRedzone( ALWAYS_INLINE void FastPoisonShadowPartialRightRedzone(
uptr aligned_addr, uptr size, uptr redzone_size, u8 value) { uptr aligned_addr, uptr size, uptr redzone_size, u8 value) {
DCHECK(CanPoisonMemory()); DCHECK(CanPoisonMemory());
bool poison_partial = flags()->poison_partial; bool poison_partial = flags()->poison_partial;
u8 *shadow = (u8*)MEM_TO_SHADOW(aligned_addr); shadow_ptr shadow(aligned_addr);
for (uptr i = 0; i < redzone_size; i += SHADOW_GRANULARITY, shadow++) { for (uptr i = 0; i < redzone_size; i += SHADOW_GRANULARITY, ++shadow) {
if (i + SHADOW_GRANULARITY <= size) { if (i + SHADOW_GRANULARITY <= size) {
*shadow = 0; // fully addressable *shadow = 0; // fully addressable
} else if (i >= size) { } else if (i >= size) {
*shadow = (SHADOW_GRANULARITY == 128) ? 0xff : value; // unaddressable *shadow = (SHADOW_GRANULARITY == 128) ? 0xff : value; // unaddressable
} else { } else {
// first size-i bytes are addressable // first size-i bytes are addressable
*shadow = poison_partial ? static_cast<u8>(size - i) : 0; *shadow = poison_partial ? static_cast<u8>(size - i) : 0;
} }
} }
} }
// Calls __sanitizer::ReleaseMemoryPagesToOS() on // Calls __sanitizer::ReleaseMemoryPagesToOS() on
// [MemToShadow(p), MemToShadow(p+size)]. // [MemToShadow(p), MemToShadow(p+size)].
void FlushUnneededASanShadowMemory(uptr p, uptr size); void FlushUnneededASanShadowMemory(uptr p, uptr size);
} // namespace __asan } // namespace __asan

lib/asan/asan_poisoning.cc

Show First 20 LinesShow All 75 Lines▼ Show 20 Lines Printf("__asan_%spoison_intra_object_redzone [%p,%p) %zd\n",
poison ? "" : "un", ptr, end, size); poison ? "" : "un", ptr, end, size);
if (Verbosity() >= 2) if (Verbosity() >= 2)
PRINT_CURRENT_STACK(); PRINT_CURRENT_STACK();
} }
CHECK(size); CHECK(size);
CHECK_LE(size, 4096); CHECK_LE(size, 4096);
CHECK(IsAligned(end, SHADOW_GRANULARITY)); CHECK(IsAligned(end, SHADOW_GRANULARITY));
if (!IsAligned(ptr, SHADOW_GRANULARITY)) { if (!IsAligned(ptr, SHADOW_GRANULARITY)) {
*(u8 *)MemToShadow(ptr) = u8 sval = poison ? static_cast<u8>(ptr % SHADOW_GRANULARITY) : 0;
poison ? static_cast<u8>(ptr % SHADOW_GRANULARITY) : 0; *checked_shadow_ptr(ptr) = sval;
ptr |= SHADOW_GRANULARITY - 1; ptr |= SHADOW_GRANULARITY - 1;
ptr++; ptr++;
} }
for (; ptr < end; ptr += SHADOW_GRANULARITY) for (; ptr < end; ptr += SHADOW_GRANULARITY)
*(u8*)MemToShadow(ptr) = poison ? kAsanIntraObjectRedzone : 0; *checked_shadow_ptr(ptr) = poison ? kAsanIntraObjectRedzone : 0;
} }
} // namespace __asan } // namespace __asan
// ---------------------- Interface ---------------- {{{1 // ---------------------- Interface ---------------- {{{1
using namespace __asan; // NOLINT using namespace __asan; // NOLINT
// Current implementation of __asan_(un)poison_memory_region doesn't check // Current implementation of __asan_(un)poison_memory_region doesn't check
▲ Show 20 LinesShow All 156 Lines▼ Show 20 Linesvoid __sanitizer_unaligned_store64(uu64 *p, u64 x) {
CHECK_SMALL_REGION(p, sizeof(*p), true); CHECK_SMALL_REGION(p, sizeof(*p), true);
*p = x; *p = x;
} }
extern "C" SANITIZER_INTERFACE_ATTRIBUTE extern "C" SANITIZER_INTERFACE_ATTRIBUTE
void __asan_poison_cxx_array_cookie(uptr p) { void __asan_poison_cxx_array_cookie(uptr p) {
if (SANITIZER_WORDSIZE != 64) return; if (SANITIZER_WORDSIZE != 64) return;
if (!flags()->poison_array_cookie) return; if (!flags()->poison_array_cookie) return;
uptr s = MEM_TO_SHADOW(p); *shadow_ptr(p) = kAsanArrayCookieMagic;
*reinterpret_cast<u8*>(s) = kAsanArrayCookieMagic;
} }
extern "C" SANITIZER_INTERFACE_ATTRIBUTE extern "C" SANITIZER_INTERFACE_ATTRIBUTE
uptr __asan_load_cxx_array_cookie(uptr *p) { uptr __asan_load_cxx_array_cookie(uptr *p) {
if (SANITIZER_WORDSIZE != 64) return *p; if (SANITIZER_WORDSIZE != 64) return *p;
if (!flags()->poison_array_cookie) return *p; if (!flags()->poison_array_cookie) return *p;
uptr s = MEM_TO_SHADOW(reinterpret_cast<uptr>(p)); u8 sval = *shadow_ptr(p);
u8 sval = *reinterpret_cast<u8*>(s);
if (sval == kAsanArrayCookieMagic) return *p; if (sval == kAsanArrayCookieMagic) return *p;
// If sval is not kAsanArrayCookieMagic it can only be freed memory, // If sval is not kAsanArrayCookieMagic it can only be freed memory,
// which means that we are going to get double-free. So, return 0 to avoid // which means that we are going to get double-free. So, return 0 to avoid
// infinite loop of destructors. We don't want to report a double-free here // infinite loop of destructors. We don't want to report a double-free here
// though, so print a warning just in case. // though, so print a warning just in case.
// CHECK_EQ(sval, kAsanHeapFreeMagic); // CHECK_EQ(sval, kAsanHeapFreeMagic);
if (sval == kAsanHeapFreeMagic) { if (sval == kAsanHeapFreeMagic) {
Report("AddressSanitizer: loaded array cookie from free-d memory; " Report("AddressSanitizer: loaded array cookie from free-d memory; "
▲ Show 20 LinesShow All 91 Lines▼ Show 20 Linesvoid __sanitizer_annotate_contiguous_container(const void *beg_p,
// uptr d2 = RoundUpTo(old_mid, granularity); // uptr d2 = RoundUpTo(old_mid, granularity);
// Currently we should be in this state: // Currently we should be in this state:
// [a, d1) is good, [d2, c) is bad, [d1, d2) is partially good. // [a, d1) is good, [d2, c) is bad, [d1, d2) is partially good.
// Make a quick sanity check that we are indeed in this state. // Make a quick sanity check that we are indeed in this state.
// //
// FIXME: Two of these three checks are disabled until we fix // FIXME: Two of these three checks are disabled until we fix
// https://github.com/google/sanitizers/issues/258. // https://github.com/google/sanitizers/issues/258.
// if (d1 != d2) // if (d1 != d2)
// CHECK_EQ(*(u8*)MemToShadow(d1), old_mid - d1); // CHECK_EQ(*checked_shadow_ptr(d1), old_mid - d1);
if (a + granularity <= d1) if (a + granularity <= d1)
CHECK_EQ(*(u8*)MemToShadow(a), 0); CHECK_EQ(*checked_shadow_ptr(a), 0);
// if (d2 + granularity <= c && c <= end) // if (d2 + granularity <= c && c <= end)
// CHECK_EQ(*(u8 *)MemToShadow(c - granularity), // CHECK_EQ(*checked_shadow_ptr(c - granularity),
// kAsanContiguousContainerOOBMagic); // kAsanContiguousContainerOOBMagic);
uptr b1 = RoundDownTo(new_mid, granularity); uptr b1 = RoundDownTo(new_mid, granularity);
uptr b2 = RoundUpTo(new_mid, granularity); uptr b2 = RoundUpTo(new_mid, granularity);
// New state: // New state:
// [a, b1) is good, [b2, c) is bad, [b1, b2) is partially good. // [a, b1) is good, [b2, c) is bad, [b1, b2) is partially good.
PoisonShadow(a, b1 - a, 0); PoisonShadow(a, b1 - a, 0);
PoisonShadow(b2, c - b2, kAsanContiguousContainerOOBMagic); PoisonShadow(b2, c - b2, kAsanContiguousContainerOOBMagic);
if (b1 != b2) { if (b1 != b2) {
CHECK_EQ(b2 - b1, granularity); CHECK_EQ(b2 - b1, granularity);
*(u8*)MemToShadow(b1) = static_cast<u8>(new_mid - b1); *checked_shadow_ptr(b1) = static_cast<u8>(new_mid - b1);
} }
} }
const void *__sanitizer_contiguous_container_find_bad_address( const void *__sanitizer_contiguous_container_find_bad_address(
const void *beg_p, const void *mid_p, const void *end_p) { const void *beg_p, const void *mid_p, const void *end_p) {
if (!flags()->detect_container_overflow) if (!flags()->detect_container_overflow)
return nullptr; return nullptr;
uptr beg = reinterpret_cast<uptr>(beg_p); uptr beg = reinterpret_cast<uptr>(beg_p);
▲ Show 20 LinesShow All 52 LinesShow Last 20 Lines

lib/asan/asan_rtl.cc

Show First 20 LinesShow All 154 Lines▼ Show 20 Linesvoid __asan_report_ ## type ## _n_noabort(uptr addr, uptr size) { \
GET_CALLER_PC_BP_SP; \ GET_CALLER_PC_BP_SP; \
ReportGenericError(pc, bp, sp, addr, is_write, size, 0, false); \ ReportGenericError(pc, bp, sp, addr, is_write, size, 0, false); \
} \ } \
ASAN_REPORT_ERROR_N(load, false) ASAN_REPORT_ERROR_N(load, false)
ASAN_REPORT_ERROR_N(store, true) ASAN_REPORT_ERROR_N(store, true)
#define ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, exp_arg, fatal) \ #define ASAN_MEMORY_ACCESS_CALLBACK_BODY(type, is_write, size, exp_arg, fatal) \
uptr sp = MEM_TO_SHADOW(addr); \ shadow_ptr sp(addr); \
uptr s = size <= SHADOW_GRANULARITY ? *reinterpret_cast<u8 *>(sp) \ uptr s = size <= SHADOW_GRANULARITY ? sp.ref<u8>() : sp.ref<u16>(); \
: *reinterpret_cast<u16 *>(sp); \
if (UNLIKELY(s)) { \ if (UNLIKELY(s)) { \
if (UNLIKELY(size >= SHADOW_GRANULARITY || \ if (UNLIKELY(size >= SHADOW_GRANULARITY || \
((s8)((addr & (SHADOW_GRANULARITY - 1)) + size - 1)) >= \ ((s8)((addr & (SHADOW_GRANULARITY - 1)) + size - 1)) >= \
(s8)s)) { \ (s8)s)) { \
if (__asan_test_only_reported_buggy_pointer) { \ if (__asan_test_only_reported_buggy_pointer) { \
*__asan_test_only_reported_buggy_pointer = addr; \ *__asan_test_only_reported_buggy_pointer = addr; \
} else { \ } else { \
GET_CALLER_PC_BP_SP; \ GET_CALLER_PC_BP_SP; \
▲ Show 20 LinesShow All 523 LinesShow Last 20 Lines

lib/asan/tests/CMakeLists.txt

Show First 20 LinesShow All 322 Lines▼ Show 20 Lines
endmacro() endmacro()
if(COMPILER_RT_CAN_EXECUTE_TESTS AND NOT ANDROID) if(COMPILER_RT_CAN_EXECUTE_TESTS AND NOT ANDROID)
set(ASAN_TEST_ARCH ${ASAN_SUPPORTED_ARCH}) set(ASAN_TEST_ARCH ${ASAN_SUPPORTED_ARCH})
if(APPLE) if(APPLE)
darwin_filter_host_archs(ASAN_SUPPORTED_ARCH ASAN_TEST_ARCH) darwin_filter_host_archs(ASAN_SUPPORTED_ARCH ASAN_TEST_ARCH)
endif() endif()
foreach(arch ${ASAN_TEST_ARCH}) foreach(arch ${ASAN_TEST_ARCH})
# The software memory manager requires out-of-line instrumentation.
if(NOT SANITIZER_USE_SOFTWARE_MEMORY_MANAGER)
add_asan_tests_for_arch_and_kind(${arch} "-inline") add_asan_tests_for_arch_and_kind(${arch} "-inline")
endif()
add_asan_tests_for_arch_and_kind(${arch} "-with-calls" add_asan_tests_for_arch_and_kind(${arch} "-with-calls"
-mllvm -asan-instrumentation-with-call-threshold=0) -mllvm -asan-instrumentation-with-call-threshold=0)
endforeach() endforeach()
endif() endif()
if(ANDROID) if(ANDROID)
foreach(arch ${ASAN_SUPPORTED_ARCH}) foreach(arch ${ASAN_SUPPORTED_ARCH})
# Test w/o ASan instrumentation. Link it with ASan statically. # Test w/o ASan instrumentation. Link it with ASan statically.
Show All 28 Lines

test/asan/lit.cfg

Show First 20 LinesShow All 76 Lines▼ Show 20 Lines
target_cxxflags = config.cxx_mode_flags + target_cflags target_cxxflags = config.cxx_mode_flags + target_cflags
clang_asan_static_cflags = (["-fsanitize=address", clang_asan_static_cflags = (["-fsanitize=address",
"-mno-omit-leaf-frame-pointer", "-mno-omit-leaf-frame-pointer",
"-fno-omit-frame-pointer", "-fno-omit-frame-pointer",
"-fno-optimize-sibling-calls"] + "-fno-optimize-sibling-calls"] +
config.debug_info_flags + target_cflags) config.debug_info_flags + target_cflags)
if config.target_arch == 's390x': if config.target_arch == 's390x':
clang_asan_static_cflags.append("-mbackchain") clang_asan_static_cflags.append("-mbackchain")
if config.use_software_memory_manager:
clang_asan_static_cflags.extend(
["-mllvm", "-asan-instrumentation-with-call-threshold=0"])
clang_asan_static_cxxflags = config.cxx_mode_flags + clang_asan_static_cflags clang_asan_static_cxxflags = config.cxx_mode_flags + clang_asan_static_cflags
asan_dynamic_flags = [] asan_dynamic_flags = []
if config.asan_dynamic: if config.asan_dynamic:
asan_dynamic_flags = ["-shared-libasan"] asan_dynamic_flags = ["-shared-libasan"]
# On Windows, we need to simulate "clang-cl /MD" on the clang driver side. # On Windows, we need to simulate "clang-cl /MD" on the clang driver side.
if platform.system() == 'Windows': if platform.system() == 'Windows':
asan_dynamic_flags += ["-D_MT", "-D_DLL", "-Wl,-nodefaultlib:libcmt,-defaultlib:msvcrt,-defaultlib:oldnames"] asan_dynamic_flags += ["-D_MT", "-D_DLL", "-Wl,-nodefaultlib:libcmt,-defaultlib:msvcrt,-defaultlib:oldnames"]
▲ Show 20 LinesShow All 166 LinesShow Last 20 Lines

test/lit.common.configured.in

Show All 26 Lines
set_default("emulator", "@COMPILER_RT_EMULATOR@") set_default("emulator", "@COMPILER_RT_EMULATOR@")
set_default("ios", False) set_default("ios", False)
set_default("iossim", False) set_default("iossim", False)
set_default("sanitizer_can_use_cxxabi", @SANITIZER_CAN_USE_CXXABI_PYBOOL@) set_default("sanitizer_can_use_cxxabi", @SANITIZER_CAN_USE_CXXABI_PYBOOL@)
set_default("has_lld", @COMPILER_RT_HAS_LLD_PYBOOL@) set_default("has_lld", @COMPILER_RT_HAS_LLD_PYBOOL@)
set_default("can_symbolize", @CAN_SYMBOLIZE@) set_default("can_symbolize", @CAN_SYMBOLIZE@)
set_default("use_lld", False) set_default("use_lld", False)
set_default("use_thinlto", False) set_default("use_thinlto", False)
set_default("use_software_memory_manager",
"@SANITIZER_USE_SOFTWARE_MEMORY_MANAGER_PYBOOL@")
config.available_features.add('target-is-%s' % config.target_arch) config.available_features.add('target-is-%s' % config.target_arch)
# LLVM tools dir can be passed in lit parameters, so try to # LLVM tools dir can be passed in lit parameters, so try to
# apply substitution. # apply substitution.
try: try:
config.llvm_tools_dir = config.llvm_tools_dir % lit_config.params config.llvm_tools_dir = config.llvm_tools_dir % lit_config.params
except KeyError as e: except KeyError as e:
key, = e.args key, = e.args
lit_config.fatal("unable to find %r parameter, use '--param=%s=VALUE'" % (key, key)) lit_config.fatal("unable to find %r parameter, use '--param=%s=VALUE'" % (key, key))
# Setup attributes common for all compiler-rt projects. # Setup attributes common for all compiler-rt projects.
lit_config.load_config(config, "@COMPILER_RT_SOURCE_DIR@/test/lit.common.cfg") lit_config.load_config(config, "@COMPILER_RT_SOURCE_DIR@/test/lit.common.cfg")

test/safestack/canary.c

// RUN: %clang_safestack -fno-stack-protector -D_FORTIFY_SOURCE=0 -g %s -o %t.nossp // RUN: %clang_safestack -fno-stack-protector -D_FORTIFY_SOURCE=0 -g %s -o %t.nossp
// RUN: %run %t.nossp 2>&1 | FileCheck --check-prefix=NOSSP %s // RUN: %run %t.nossp 2>&1 | FileCheck --check-prefix=NOSSP %s
// RUN: %clang_safestack -fstack-protector-all -D_FORTIFY_SOURCE=0 -g %s -o %t.ssp // RUN: %clang_safestack -fstack-protector-all -D_FORTIFY_SOURCE=0 -g %s -o %t.ssp
// RUN: not --crash %run %t.ssp 2>&1 | FileCheck -check-prefix=SSP %s // RUN: env LIBC_FATAL_STDERR_=1 not --crash %run %t.ssp 2>&1 | \
// RUN: FileCheck -check-prefix=SSP %s
// Test stack canaries on the unsafe stack. // Test stack canaries on the unsafe stack.
// REQUIRES: stable-runtime // REQUIRES: stable-runtime
#include <assert.h> #include <assert.h>
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
Show All 24 Lines