This is an archive of the discontinued LLVM Phabricator instance.

Differential D69208

[asan] Provide an interface to update an allocation stack trace.
ClosedPublic

Authored by eugenis on Oct 18 2019, 5:21 PM.

Details

Reviewers
pcc
kcc
irogers
Commits
rG13e04607f75b: [asan] Provide an interface to update an allocation stack trace.
Summary

Sometimes an allocation stack trace is not very informative. Provide a
way to replace it with a stack trace of the user's choice.

Diff Detail

Event Timeline

eugenis created this revision.Oct 18 2019, 5:21 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptOct 18 2019, 5:21 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Harbormaster completed remote builds in B39814: Diff 225722.Oct 18 2019, 5:29 PM
irogers added a subscriber: irogers.Oct 19 2019, 2:25 PM
dvyukov added a reviewer: irogers.Oct 21 2019, 12:46 AM
dvyukov added a subscriber: dvyukov.
dvyukov added a comment.Oct 21 2019, 12:49 AM

FWIW for kernel sanitizers we want an ability to memorize few _additional_ stacks per heap object:
https://bugzilla.kernel.org/show_bug.cgi?id=198437
That's very useful for any kind of asynchronous processing environments that involves tasks, callbacks, thread pools, etc (read - almost all large C/C++ software today) because allocation/free stack may be meaningless and/or other stacks may be crucially important.

kcc added inline comments.Oct 21 2019, 11:01 AM
compiler-rt/include/sanitizer/asan_interface.h
320

Add some explanation of when it is going to be successful.
Also, what about threads?
This API is racey

eugenis marked an inline comment as done.Oct 21 2019, 11:36 AM
eugenis added inline comments.
compiler-rt/include/sanitizer/asan_interface.h
320

Racey, as in someone could be deallocating this memory on another thread?
This API should be used in a situation when this is possible, of course.
It's exactly the same as malloc_usable_size().

kcc added inline comments.Oct 21 2019, 12:44 PM
compiler-rt/include/sanitizer/asan_interface.h
320

malloc_usable_size() only reads the data.
__asan_update_allocation writes the data, so if two threads try to simultaneously call this function, we'll have a race on alloc_context_id

BTW, the name "asan_update_allocation" doesn't seem to reflect the action.
Maybe "asan_update_allocation_context"?

eugenis updated this revision to Diff 226732.Oct 28 2019, 12:55 PM

Use atomic to update the allocation stack.
Rename the function.

Herald added a subscriber: jfb. · View Herald TranscriptOct 28 2019, 12:55 PM
Harbormaster completed remote builds in B40151: Diff 226732.Oct 28 2019, 12:55 PM
eugenis marked an inline comment as done.Oct 28 2019, 12:59 PM
In D69208#1716241, @dvyukov wrote:

FWIW for kernel sanitizers we want an ability to memorize few _additional_ stacks per heap object:
https://bugzilla.kernel.org/show_bug.cgi?id=198437
That's very useful for any kind of asynchronous processing environments that involves tasks, callbacks, thread pools, etc (read - almost all large C/C++ software today) because allocation/free stack may be meaningless and/or other stacks may be crucially important.

Agreed. We don't have space in the chunk header to fit any additional stack traces for free though. And the kernel has its own runtime implementation anyway.

compiler-rt/include/sanitizer/asan_interface.h
320

OK, I made the store atomic. It could still race with deallocation, but the same is true for malloc_usable_size.

Changed the name to asan_update_allocation_context

eugenis added a comment.Oct 28 2019, 1:04 PM

Btw, we can implement this really nicely in MSan with origin tracking.
And if we really wanted, we could pull the chained origin stack depot code to sanitizer_common and use it in asan for the extra stack traces.
But this sounds like a lot of work for a fringe feature.

kcc accepted this revision.Oct 30 2019, 4:26 PM

LGTM

This revision is now accepted and ready to land.Oct 30 2019, 4:26 PM
Closed by commit rG13e04607f75b: [asan] Provide an interface to update an allocation stack trace. (authored by eugenis). · Explain WhyOct 31 2019, 1:55 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
compiler-rt/
include/
sanitizer/
4 lines
lib/
asan/
15 lines
1 line
2 lines
test/
asan/
TestCases/
19 lines

Diff 226732

compiler-rt/include/sanitizer/asan_interface.h

Show First 20 LinesShow All 309 Lines▼ Show 20 Lines
/// Performs shadow memory cleanup of the current thread's stack before a /// Performs shadow memory cleanup of the current thread's stack before a
/// function marked with the <c>[[noreturn]]</c> attribute is called. /// function marked with the <c>[[noreturn]]</c> attribute is called.
/// ///
/// To avoid false positives on the stack, must be called before no-return /// To avoid false positives on the stack, must be called before no-return
/// functions like <c>_exit()</c> and <c>execl()</c>. /// functions like <c>_exit()</c> and <c>execl()</c>.
void __asan_handle_no_return(void); void __asan_handle_no_return(void);
/// Update allocation stack trace for the given allocation to the current stack
/// trace. Returns 1 if successfull, 0 if not.
int __asan_update_allocation_context(void* addr);
kccUnsubmitted
Not Done
ReplyInline Actions

Add some explanation of when it is going to be successful.
Also, what about threads?
This API is racey

kcc: Add some explanation of when it is going to be successful. Also, what about threads? This API…
eugenisAuthorUnsubmitted
Done
ReplyInline Actions

Racey, as in someone could be deallocating this memory on another thread?
This API should be used in a situation when this is possible, of course.
It's exactly the same as malloc_usable_size().

eugenis: Racey, as in someone could be deallocating this memory on another thread? This API should be…
kccUnsubmitted
Not Done
ReplyInline Actions

malloc_usable_size() only reads the data.
__asan_update_allocation writes the data, so if two threads try to simultaneously call this function, we'll have a race on alloc_context_id

BTW, the name "asan_update_allocation" doesn't seem to reflect the action.
Maybe "asan_update_allocation_context"?

kcc: malloc_usable_size() only reads the data. __asan_update_allocation writes the data, so if two…
eugenisAuthorUnsubmitted
Done
ReplyInline Actions

OK, I made the store atomic. It could still race with deallocation, but the same is true for malloc_usable_size.

Changed the name to asan_update_allocation_context

eugenis: OK, I made the store atomic. It could still race with deallocation, but the same is true for…
#ifdef __cplusplus #ifdef __cplusplus
} // extern "C" } // extern "C"
#endif #endif
#endif // SANITIZER_ASAN_INTERFACE_H #endif // SANITIZER_ASAN_INTERFACE_H

compiler-rt/lib/asan/asan_allocator.cpp

Show First 20 LinesShow All 388 Lines▼ Show 20 Lines AsanChunk *ChooseChunk(uptr addr, AsanChunk *left_chunk,
sptr l_offset = 0, r_offset = 0; sptr l_offset = 0, r_offset = 0;
CHECK(AsanChunkView(left_chunk).AddrIsAtRight(addr, 1, &l_offset)); CHECK(AsanChunkView(left_chunk).AddrIsAtRight(addr, 1, &l_offset));
CHECK(AsanChunkView(right_chunk).AddrIsAtLeft(addr, 1, &r_offset)); CHECK(AsanChunkView(right_chunk).AddrIsAtLeft(addr, 1, &r_offset));
if (l_offset < r_offset) if (l_offset < r_offset)
return left_chunk; return left_chunk;
return right_chunk; return right_chunk;
} }
bool UpdateAllocationStack(uptr addr, BufferedStackTrace *stack) {
AsanChunk *m = GetAsanChunkByAddr(addr);
if (!m) return false;
if (m->chunk_state != CHUNK_ALLOCATED) return false;
if (m->Beg() != addr) return false;
atomic_store((atomic_uint32_t *)&m->alloc_context_id, StackDepotPut(*stack),
memory_order_relaxed);
return true;
}
// -------------------- Allocation/Deallocation routines --------------- // -------------------- Allocation/Deallocation routines ---------------
void *Allocate(uptr size, uptr alignment, BufferedStackTrace *stack, void *Allocate(uptr size, uptr alignment, BufferedStackTrace *stack,
AllocType alloc_type, bool can_fill) { AllocType alloc_type, bool can_fill) {
if (UNLIKELY(!asan_inited)) if (UNLIKELY(!asan_inited))
AsanInitFromRtl(); AsanInitFromRtl();
if (RssLimitExceeded()) { if (RssLimitExceeded()) {
if (AllocatorMayReturnNull()) if (AllocatorMayReturnNull())
return nullptr; return nullptr;
▲ Show 20 LinesShow All 695 Lines▼ Show 20 Linesuptr __sanitizer_get_allocated_size(const void *p) {
return allocated_size; return allocated_size;
} }
void __sanitizer_purge_allocator() { void __sanitizer_purge_allocator() {
GET_STACK_TRACE_MALLOC; GET_STACK_TRACE_MALLOC;
instance.Purge(&stack); instance.Purge(&stack);
} }
int __asan_update_allocation_context(void* addr) {
GET_STACK_TRACE_MALLOC;
return instance.UpdateAllocationStack((uptr)addr, &stack);
}
#if !SANITIZER_SUPPORTS_WEAK_HOOKS #if !SANITIZER_SUPPORTS_WEAK_HOOKS
// Provide default (no-op) implementation of malloc hooks. // Provide default (no-op) implementation of malloc hooks.
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_malloc_hook, SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_malloc_hook,
void *ptr, uptr size) { void *ptr, uptr size) {
(void)ptr; (void)ptr;
(void)size; (void)size;
} }
SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_free_hook, void *ptr) { SANITIZER_INTERFACE_WEAK_DEF(void, __sanitizer_free_hook, void *ptr) {
(void)ptr; (void)ptr;
} }
#endif #endif

compiler-rt/lib/asan/asan_interface.inc

Show First 20 LinesShow All 158 Lines▼ Show 20 Lines
INTERFACE_FUNCTION(__sanitizer_ptr_sub) INTERFACE_FUNCTION(__sanitizer_ptr_sub)
INTERFACE_FUNCTION(__sanitizer_start_switch_fiber) INTERFACE_FUNCTION(__sanitizer_start_switch_fiber)
INTERFACE_FUNCTION(__sanitizer_unaligned_load16) INTERFACE_FUNCTION(__sanitizer_unaligned_load16)
INTERFACE_FUNCTION(__sanitizer_unaligned_load32) INTERFACE_FUNCTION(__sanitizer_unaligned_load32)
INTERFACE_FUNCTION(__sanitizer_unaligned_load64) INTERFACE_FUNCTION(__sanitizer_unaligned_load64)
INTERFACE_FUNCTION(__sanitizer_unaligned_store16) INTERFACE_FUNCTION(__sanitizer_unaligned_store16)
INTERFACE_FUNCTION(__sanitizer_unaligned_store32) INTERFACE_FUNCTION(__sanitizer_unaligned_store32)
INTERFACE_FUNCTION(__sanitizer_unaligned_store64) INTERFACE_FUNCTION(__sanitizer_unaligned_store64)
INTERFACE_FUNCTION(__asan_update_allocation_context)
INTERFACE_WEAK_FUNCTION(__asan_default_options) INTERFACE_WEAK_FUNCTION(__asan_default_options)
INTERFACE_WEAK_FUNCTION(__asan_default_suppressions) INTERFACE_WEAK_FUNCTION(__asan_default_suppressions)
INTERFACE_WEAK_FUNCTION(__asan_on_error) INTERFACE_WEAK_FUNCTION(__asan_on_error)

compiler-rt/lib/asan/asan_interface_internal.h

Show First 20 LinesShow All 245 Lines▼ Show 20 Linesextern "C" {
void __asan_alloca_poison(uptr addr, uptr size); void __asan_alloca_poison(uptr addr, uptr size);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
void __asan_allocas_unpoison(uptr top, uptr bottom); void __asan_allocas_unpoison(uptr top, uptr bottom);
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_WEAK_ATTRIBUTE
const char* __asan_default_suppressions(); const char* __asan_default_suppressions();
SANITIZER_INTERFACE_ATTRIBUTE void __asan_handle_vfork(void *sp); SANITIZER_INTERFACE_ATTRIBUTE void __asan_handle_vfork(void *sp);
SANITIZER_INTERFACE_ATTRIBUTE int __asan_update_allocation_context(void* addr);
} // extern "C" } // extern "C"
#endif // ASAN_INTERFACE_INTERNAL_H #endif // ASAN_INTERFACE_INTERNAL_H

compiler-rt/test/asan/TestCases/asan_update_allocation.cpp

  • This file was added.
// RUN: %clangxx_asan -O0 -DSIZE=10 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
// RUN: %clangxx_asan -O0 -DSIZE=10000000 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-%os --check-prefix=CHECK
// REQUIRES: stable-runtime
#include <stdlib.h>
#include <sanitizer/asan_interface.h>
void UPDATE(void *p) {
__asan_update_allocation_context(p);
}
int main() {
char *x = (char*)malloc(SIZE * sizeof(char));
UPDATE(x);
free(x);
return x[5];
// CHECK: {{.*ERROR: AddressSanitizer: heap-use-after-free on address}}
// CHECK: UPDATE
}