This is an archive of the discontinued LLVM Phabricator instance.

[UBsan] Dumping call stacks when reporting bad-cast (-fsanitize=vptr)
Needs ReviewPublic

Authored by byoungyoung on Jul 7 2014, 10:40 AM.

Download Raw Diff

Details

Reviewers

kcc
samsonov
rsmith

Summary

When UBsan reports a bad-casting, this patch additional dumps call stacks in the report. To avoid the online symbolization, ubsan_init() is also added to initialize an empty symbolizer.

Diff Detail

Event Timeline

byoungyoung updated this revision to Diff 11123.Jul 7 2014, 10:40 AM

byoungyoung retitled this revision from to [UBsan] Dumping call stacks when reporting bad-cast (-fsanitize=vptr).

byoungyoung updated this object.

byoungyoung edited the test plan for this revision. (Show Details)

byoungyoung updated this object.Jul 7 2014, 10:43 AM

byoungyoung updated this object.

byoungyoung added reviewers: kcc, rsmith, samsonov.

byoungyoung added a subscriber: Unknown Object (MLST).

Thanks for working on this. I will take a look at it shortly.

Updated the patch including a test case. The environment variable, UBSAN_NO_SYMBOLIZE, is used to selectively turn off the online symbolization.

Once again, sorry for the delay.

lib/ubsan/ubsan_diag.cc
40 ↗	(On Diff #11682)	I'm opposed to this. Instead, you should use the value of "symbolize" flag in sanitizer_common. Probably it's time to introduce UBSAN_OPTIONS similar to another sanitizers. I will take a look at existing code and return with more comments.
lib/ubsan/ubsan_diag.h
29 ↗	(On Diff #11682)	And again, it's better to make use of fast_unwind_on_fatal flag from sanitizer_common.
lib/ubsan/ubsan_handlers_cxx.cc
71	It makes sense to hide this feature under a runtime flag.

samsonov added inline comments.Jul 22 2014, 5:19 PM

lib/ubsan/ubsan_handlers_cxx.cc
38	Required early initialization of UBSan is a separate problem. Let's deal with it later, in subsequent patches.

FYI I'm working on a slightly modified version of this patch. Will update this thread tomorrow.

Revision Contents

Path

Size

lib/

ubsan/

ubsan_handlers_cxx.cc

28 lines

Diff 11123

lib/ubsan/ubsan_handlers_cxx.cc

Context not available.
	#include "ubsan_type_hash.h"	#include "ubsan_type_hash.h"

	#include "sanitizer_common/sanitizer_common.h"	#include "sanitizer_common/sanitizer_common.h"
		#include "sanitizer_common/sanitizer_stacktrace.h"
		#include "sanitizer_common/sanitizer_symbolizer.h"

	using namespace __sanitizer;	using namespace __sanitizer;
	using namespace __ubsan;	using namespace __ubsan;
Context not available.
	extern const char *TypeCheckKinds[];	extern const char *TypeCheckKinds[];
	}	}

		#define MAX_STACK_DUMP_DEPTH 50

		int ubsan_vptr_inited = 0;

		static void DumpCurrentCallStack() {
		StackTrace stack;
		stack.Unwind(MAX_STACK_DUMP_DEPTH, GET_CALLER_PC(), GET_CURRENT_FRAME(), 0, 0, 0, false);
		stack.Print();
		samsonovUnsubmitted Not Done Reply Inline Actions Required early initialization of UBSan is a separate problem. Let's deal with it later, in subsequent patches. samsonov: Required early initialization of UBSan is a separate problem. Let's deal with it later, in…
		}

		static void ubsan_vptr_init() {
		// Initialize symbolizer with an empty string to avoid aggressive online symbolizations.
		Symbolizer::Init();

		// FIXME: ubsan_vptr_init() is not thread safe.
		ubsan_vptr_inited = 1;
		}

	static void HandleDynamicTypeCacheMiss(	static void HandleDynamicTypeCacheMiss(
	DynamicTypeCacheMissData *Data, ValueHandle Pointer, ValueHandle Hash,	DynamicTypeCacheMissData *Data, ValueHandle Pointer, ValueHandle Hash,
	bool Abort) {	bool Abort) {

		// Proactively trying to initialize since UBsan does not interpose any
		// starting functions.
		if (ubsan_vptr_inited == 0)
		ubsan_vptr_init();

	if (checkDynamicType((void*)Pointer, Data->TypeInfo, Hash))	if (checkDynamicType((void*)Pointer, Data->TypeInfo, Hash))
	// Just a cache miss. The type matches after all.	// Just a cache miss. The type matches after all.
	return;	return;
		samsonovUnsubmitted Not Done Reply Inline Actions It makes sense to hide this feature under a runtime flag. samsonov: It makes sense to hide this feature under a runtime flag.
Context not available.
	<< MangledName(DTI.getSubobjectTypeName())	<< MangledName(DTI.getSubobjectTypeName())
	<< Range(Pointer, Pointer + sizeof(uptr), "vptr for %2 base class of %1");	<< Range(Pointer, Pointer + sizeof(uptr), "vptr for %2 base class of %1");

		DumpCurrentCallStack();

	if (Abort)	if (Abort)
	Die();	Die();
	}	}
Context not available.