This is an archive of the discontinued LLVM Phabricator instance.

Differential D70681

[GWP-ASan] Implementation of crash handler API.
AbandonedPublic

Authored by hctim on Nov 25 2019, 10:17 AM.

Details

Reviewers
eugenis
cferris
Summary

Add API for crash handlers to use, so they don't have to rely on the
mass-printed dumpReport() output.

This also moves the method of termination for internally-detected
(INVALID_FREE, DOUBLE_FREE) errors to a SIGSEGV with some internal state saved,
so we can recover the error later, but still pass handling to a crash handler.

Diff Detail

Event Timeline

hctim created this revision.Nov 25 2019, 10:17 AM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptNov 25 2019, 10:17 AM
Herald added subscribers: llvm-commits, Restricted Project, mgorny, srhines. · View Herald Transcript
Harbormaster completed remote builds in B41455: Diff 230927.Nov 25 2019, 10:17 AM
vlad.tsyrklevich added a comment.Dec 3 2019, 1:33 PM

Is there a reason you want the API to be such that you can get the 'error string', 'allocation string', and metadata? The first two seem nice, though not especially useful without out the stack traces. The third seems like it might be exposing internals we don't want to expose and potentially lead to versioning issues. Also how does the crash reporter already knows the error type when calling these functions? I think perhaps it would make sense to have a getCrashReport() API that fills out a struct and perhaps having dumpReportInternal() only use the information from that struct to avoid duplicating work/ensuring all information we use is exposed? I may not be familiar enough with your crash handler case to understand the justification for why it is structured this way.

compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp
222

s/an/as/
s/inacessible/inaccessible/

230

I used to do the same thing as you do here but ended up switching to just setting a global with the bad address and calling __builtin_trap(). You might consider doing the same here as you already set the global and would just need to move the if(pointerIsMine()) in diagnoseErrorInternal() after the check

397

This would be simpler if it returned a const char* instead of writing to a buffer, and then the code below that snprintf()s into dumpReportInternal() would also be simpler and clearer. This would add some code to getErrorString() but I think that's fine.

hctim planned changes to this revision.Dec 4 2019, 11:19 AM
In D70681#1767803, @vlad.tsyrklevich wrote:

The third seems like it might be exposing internals we don't want to expose and potentially lead to versioning issues.

Agreed. Marking proposed as this also only really provides an API for in-process - and I'll need to make some changes.

hctim abandoned this revision.Feb 28 2020, 3:08 PM

Merged in D73557.

Revision Contents

PathSize
compiler-rt/
lib/
gwp_asan/
73 lines
254 lines
platform_specific/
2 lines
tests/
6 lines
356 lines
16 lines
test/
gwp_asan/
2 lines
2 lines
2 lines
2 lines
2 lines
2 lines

Diff 230927

compiler-rt/lib/gwp_asan/guarded_pool_allocator.h

Show First 20 LinesShow All 127 Lines▼ Show 20 Linespublic:
// Returns the size of the allocation at Ptr. // Returns the size of the allocation at Ptr.
size_t getSize(const void *Ptr); size_t getSize(const void *Ptr);
// Returns the largest allocation that is supported by this pool. Any // Returns the largest allocation that is supported by this pool. Any
// allocations larger than this should go to the regular system allocator. // allocations larger than this should go to the regular system allocator.
size_t maximumAllocationSize() const; size_t maximumAllocationSize() const;
// Get the current thread ID, or kInvalidThreadID if failure. Note: This
// implementation is platform-specific.
static uint64_t getThreadID();
// Dumps an error report (including allocation and deallocation stack traces). // Dumps an error report (including allocation and deallocation stack traces).
// An optional error may be provided if the caller knows what the error is // An optional error may be provided if the caller knows what the error is
// ahead of time. This is primarily a helper function to locate the static // ahead of time. This is primarily a helper function to locate the static
// singleton pointer and call the internal version of this function. This // singleton pointer and call the internal version of this function. This
// method is never thread safe, and should only be called when fatal errors // method is never thread safe, and should only be called when fatal errors
// occur. // occur. Calling this function permanently disables the allocator, and so
static void reportError(uintptr_t AccessPtr, Error E = Error::UNKNOWN); // should only be done when reporting a crash.
static void dumpReport(uintptr_t AccessPtr);
// Get the current thread ID, or kInvalidThreadID if failure. Note: This
// implementation is platform-specific. // Return the type of memory error that occurred at `AccessPtr`. This function
static uint64_t getThreadID(); // may return Error::UNKNOWN if the error is non-deducible. This method is
// never thread safe, and should only be called by a crash handler (or other
// stop-the-world process).
static Error diagnoseError(uintptr_t AccessPtr);
// Describe the error `E` that occured at `AccessPtr`, and place the resulting
// string in `Buffer`. This function returns the number of bytes that would
// have been written to `Buffer` (excluding the null terminator) if space was
// available. A return value of `BufferSize` or more indicates that the output
// is truncated. This function returns zero on error (e.g. `AccessPtr` doesn't
// correspond to an allocation by the GPA singleton). This method is never
// thread safe, and should only be called by a crash handler (or other
// stop-the-world process).
static size_t getErrorString(uintptr_t AccessPtr, Error E, char *Buffer,
size_t BufferSize);
// For the provided `AccessPtr` and error `E`, describe the allocation that
// most likely caused it, and place the resulting string in `Buffer`. This
// function returns the number of bytes that would have been written to
// `Buffer` (excluding the null terminator) if space was available. A return
// value of `BufferSize` or more indicates that the output is truncated. This
// function returns zero on error (e.g. `AccessPtr` doesn't correspond to an
// allocation by the GPA singleto). This method is never thread safe, and
// should only be called by a crash handler (or other stop-the-world process).
static size_t getAllocationString(uintptr_t AccessPtr, Error E, char *Buffer,
size_t BufferSize);
// Copy the metadata for the provided allocation from the GPA singleton into
// `*Meta`. This may be used during crashes to get the stack trace and thread
// number of an allocation. This function returns false if the GPA singleton
// doesn't exist (i.e. GWP-ASan wansn't initialised or was disabled), or the
// provided pointer is outside of the GWP-ASan range. This method is never
// thread safe, and should only be called by a crash handler (or other
// stop-the-world process).
static bool getMetadata(uintptr_t Ptr, AllocationMetadata *Meta);
private: private:
static constexpr size_t kInvalidSlotID = SIZE_MAX; static constexpr size_t kInvalidSlotID = SIZE_MAX;
// These functions anonymously map memory or change the permissions of mapped // These functions anonymously map memory or change the permissions of mapped
// memory into this process in a platform-specific way. Pointer and size // memory into this process in a platform-specific way. Pointer and size
// arguments are expected to be page-aligned. These functions will never // arguments are expected to be page-aligned. These functions will never
// return on error, instead electing to kill the calling process on failure. // return on error, instead electing to kill the calling process on failure.
▲ Show 20 LinesShow All 48 Lines▼ Show 20 Linesprivate:
// the allocation and the options provided at init-time. // the allocation and the options provided at init-time.
uintptr_t allocationSlotOffset(size_t AllocationSize) const; uintptr_t allocationSlotOffset(size_t AllocationSize) const;
// Returns the diagnosis for an unknown error. If the diagnosis is not // Returns the diagnosis for an unknown error. If the diagnosis is not
// Error::INVALID_FREE or Error::UNKNOWN, the metadata for the slot // Error::INVALID_FREE or Error::UNKNOWN, the metadata for the slot
// responsible for the error is placed in *Meta. // responsible for the error is placed in *Meta.
Error diagnoseUnknownError(uintptr_t AccessPtr, AllocationMetadata **Meta); Error diagnoseUnknownError(uintptr_t AccessPtr, AllocationMetadata **Meta);
void reportErrorInternal(uintptr_t AccessPtr, Error E); // Internal implementations of interface functions, please see there for more
// information.
void dumpReportInternal(uintptr_t AccessPtr);
size_t getErrorStringInternal(uintptr_t AccessPtr, Error E, char *Buffer,
size_t BufferSize);
size_t getAllocationStringInternal(uintptr_t AccessPtr, Error E, char *Buffer,
size_t BufferSize);
Error diagnoseErrorInternal(uintptr_t AccessPtr);
bool getMetadataInternal(uintptr_t Ptr, AllocationMetadata *Meta);
// Used by INVALID_FREE and DOUBLE_FREE reporting to ensure that the `si_addr`
// field for a SEGV handler is set to the correct address, so that the fault
// can be deduced properly.
void trapOnAddress(uintptr_t Address, Error E);
// Cached page size for this system in bytes. // Cached page size for this system in bytes.
size_t PageSize = 0; size_t PageSize = 0;
// A mutex to protect the guarded slot and metadata pool for this class. // A mutex to protect the guarded slot and metadata pool for this class.
Mutex PoolMutex; Mutex PoolMutex;
// The number of guarded slots that this pool holds. // The number of guarded slots that this pool holds.
size_t MaxSimultaneousAllocations = 0; size_t MaxSimultaneousAllocations = 0;
Show All 27 Linesprivate:
// The adjusted sample rate for allocation sampling. Default *must* be // The adjusted sample rate for allocation sampling. Default *must* be
// nonzero, as dynamic initialisation may call malloc (e.g. from libstdc++) // nonzero, as dynamic initialisation may call malloc (e.g. from libstdc++)
// before GPA::init() is called. This would cause an error in shouldSample(), // before GPA::init() is called. This would cause an error in shouldSample(),
// where we would calculate modulo zero. This value is set UINT32_MAX, as when // where we would calculate modulo zero. This value is set UINT32_MAX, as when
// GWP-ASan is disabled, we wish to never spend wasted cycles recalculating // GWP-ASan is disabled, we wish to never spend wasted cycles recalculating
// the sample rate. // the sample rate.
uint32_t AdjustedSampleRate = UINT32_MAX; uint32_t AdjustedSampleRate = UINT32_MAX;
// The type of an internal failure. For INVALID_FREE and DOUBLE_FREE, these
// errors are detected internally in GWP-ASan. We terminate the process with
// SEGV when these errors occur. We still need to be able to deduce what
// caused the failure after the fact. If an internally-detected error occurs,
// the type of the error will be set to `FailureType`. This can be later
// retrieved by a call to `diagnoseError()`.
Error FailureType = Error::UNKNOWN;
// Pack the thread local variables into a struct to ensure that they're in // Pack the thread local variables into a struct to ensure that they're in
// the same cache line for performance reasons. These are the most touched // the same cache line for performance reasons. These are the most touched
// variables in GWP-ASan. // variables in GWP-ASan.
struct alignas(8) ThreadLocalPackedVariables { struct alignas(8) ThreadLocalPackedVariables {
constexpr ThreadLocalPackedVariables() {} constexpr ThreadLocalPackedVariables() {}
// Thread-local decrementing counter that indicates that a given allocation // Thread-local decrementing counter that indicates that a given allocation
// should be sampled when it reaches zero. // should be sampled when it reaches zero.
uint32_t NextSampleCounter = 0; uint32_t NextSampleCounter = 0;
Show All 12 Lines

compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp

Show All 12 Lines
// RHEL creates the PRIu64 format macro (for printing uint64_t's) only when this // RHEL creates the PRIu64 format macro (for printing uint64_t's) only when this
// macro is defined before including <inttypes.h>. // macro is defined before including <inttypes.h>.
#ifndef __STDC_FORMAT_MACROS #ifndef __STDC_FORMAT_MACROS
#define __STDC_FORMAT_MACROS 1 #define __STDC_FORMAT_MACROS 1
#endif #endif
#include <assert.h> #include <assert.h>
#include <inttypes.h> #include <inttypes.h>
#include <signal.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <time.h> #include <time.h>
using AllocationMetadata = gwp_asan::GuardedPoolAllocator::AllocationMetadata; using AllocationMetadata = gwp_asan::GuardedPoolAllocator::AllocationMetadata;
using Error = gwp_asan::GuardedPoolAllocator::Error; using Error = gwp_asan::GuardedPoolAllocator::Error;
▲ Show 20 LinesShow All 181 Lines▼ Show 20 Linesvoid *GuardedPoolAllocator::allocate(size_t Size) {
// unmapped. // unmapped.
markReadWrite(reinterpret_cast<void *>(getPageAddr(Ptr)), Size); markReadWrite(reinterpret_cast<void *>(getPageAddr(Ptr)), Size);
Meta->RecordAllocation(Ptr, Size, Backtrace); Meta->RecordAllocation(Ptr, Size, Backtrace);
return reinterpret_cast<void *>(Ptr); return reinterpret_cast<void *>(Ptr);
} }
void GuardedPoolAllocator::trapOnAddress(uintptr_t Address, Error E) {
FailureType = E;
// If the page containing the address isn't currently marked an inacessible,
vlad.tsyrklevichUnsubmitted
Not Done
ReplyInline Actions

s/an/as/
s/inacessible/inaccessible/

vlad.tsyrklevich: s/an/as/ s/inacessible/inaccessible/
// do that, so that we can trap on the address provided.
void *Page = reinterpret_cast<void *>(getPageAddr(Address));
markInaccessible(Page, getPlatformPageSize());
// And now trap on the pointer.
char *Ptr = reinterpret_cast<char *>(Address);
volatile char ThisReadShouldSegv = *Ptr;
(void)(ThisReadShouldSegv); // Ignore unused variable warning.
vlad.tsyrklevichUnsubmitted
Not Done
ReplyInline Actions

I used to do the same thing as you do here but ended up switching to just setting a global with the bad address and calling __builtin_trap(). You might consider doing the same here as you already set the global and would just need to move the if(pointerIsMine()) in diagnoseErrorInternal() after the check

vlad.tsyrklevich: I used to do the same thing as you do here but ended up switching to just setting a global with…
}
void GuardedPoolAllocator::deallocate(void *Ptr) { void GuardedPoolAllocator::deallocate(void *Ptr) {
assert(pointerIsMine(Ptr) && "Pointer is not mine!"); assert(pointerIsMine(Ptr) && "Pointer is not mine!");
uintptr_t UPtr = reinterpret_cast<uintptr_t>(Ptr); uintptr_t UPtr = reinterpret_cast<uintptr_t>(Ptr);
uintptr_t SlotStart = slotToAddr(addrToSlot(UPtr)); uintptr_t SlotStart = slotToAddr(addrToSlot(UPtr));
AllocationMetadata *Meta = addrToMetadata(UPtr); AllocationMetadata *Meta = addrToMetadata(UPtr);
if (Meta->Addr != UPtr) { if (Meta->Addr != UPtr) {
reportError(UPtr, Error::INVALID_FREE); // If multiple errors occur at the same time, use the first one.
exit(EXIT_FAILURE); ScopedLock L(PoolMutex);
trapOnAddress(UPtr, Error::INVALID_FREE);
} }
// Intentionally scope the mutex here, so that other threads can access the // Intentionally scope the mutex here, so that other threads can access the
// pool during the expensive markInaccessible() call. // pool during the expensive markInaccessible() call.
{ {
ScopedLock L(PoolMutex); ScopedLock L(PoolMutex);
if (Meta->IsDeallocated) { if (Meta->IsDeallocated) {
reportError(UPtr, Error::DOUBLE_FREE); trapOnAddress(UPtr, Error::DOUBLE_FREE);
exit(EXIT_FAILURE);
} }
// Ensure that the deallocation is recorded before marking the page as // Ensure that the deallocation is recorded before marking the page as
// inaccessible. Otherwise, a racy use-after-free will have inconsistent // inaccessible. Otherwise, a racy use-after-free will have inconsistent
// metadata. // metadata.
Meta->RecordDeallocation(Backtrace); Meta->RecordDeallocation(Backtrace);
} }
▲ Show 20 LinesShow All 76 Lines▼ Show 20 Lines else if (Size > 4 && Size <= 8)
Size = 8; Size = 8;
else if (Size > 8 && (Size % 16) != 0) else if (Size > 8 && (Size % 16) != 0)
Size += 16 - (Size % 16); Size += 16 - (Size % 16);
} }
Offset -= Size; Offset -= Size;
return Offset; return Offset;
} }
void GuardedPoolAllocator::reportError(uintptr_t AccessPtr, Error E) { void GuardedPoolAllocator::dumpReport(uintptr_t AccessPtr) {
if (SingletonPtr) if (SingletonPtr)
SingletonPtr->reportErrorInternal(AccessPtr, E); SingletonPtr->dumpReportInternal(AccessPtr);
} }
size_t GuardedPoolAllocator::getNearestSlot(uintptr_t Ptr) const { size_t GuardedPoolAllocator::getNearestSlot(uintptr_t Ptr) const {
if (Ptr <= GuardedPagePool + PageSize) if (Ptr <= GuardedPagePool + PageSize)
return 0; return 0;
if (Ptr > GuardedPagePoolEnd - PageSize) if (Ptr > GuardedPagePoolEnd - PageSize)
return MaxSimultaneousAllocations - 1; return MaxSimultaneousAllocations - 1;
if (!isGuardPage(Ptr)) if (!isGuardPage(Ptr))
return addrToSlot(Ptr); return addrToSlot(Ptr);
if (Ptr % PageSize <= PageSize / 2) if (Ptr % PageSize <= PageSize / 2)
return addrToSlot(Ptr - PageSize); // Round down. return addrToSlot(Ptr - PageSize); // Round down.
return addrToSlot(Ptr + PageSize); // Round up. return addrToSlot(Ptr + PageSize); // Round up.
} }
Error GuardedPoolAllocator::diagnoseUnknownError(uintptr_t AccessPtr, Error GuardedPoolAllocator::diagnoseErrorInternal(uintptr_t AccessPtr) {
AllocationMetadata **Meta) { if (!pointerIsMine(reinterpret_cast<void *>(AccessPtr)))
return Error::UNKNOWN;
if (FailureType != Error::UNKNOWN)
return FailureType;
// Let's try and figure out what the source of this error is. // Let's try and figure out what the source of this error is.
if (isGuardPage(AccessPtr)) { if (isGuardPage(AccessPtr)) {
size_t Slot = getNearestSlot(AccessPtr); size_t Slot = getNearestSlot(AccessPtr);
AllocationMetadata *SlotMeta = addrToMetadata(slotToAddr(Slot)); AllocationMetadata *SlotMeta = addrToMetadata(slotToAddr(Slot));
// Ensure that this slot was allocated once upon a time. // Ensure that this slot was allocated once upon a time.
if (!SlotMeta->Addr) if (!SlotMeta->Addr)
return Error::UNKNOWN; return Error::UNKNOWN;
*Meta = SlotMeta;
if (SlotMeta->Addr < AccessPtr) if (SlotMeta->Addr < AccessPtr)
return Error::BUFFER_OVERFLOW; return Error::BUFFER_OVERFLOW;
return Error::BUFFER_UNDERFLOW; return Error::BUFFER_UNDERFLOW;
} }
// Access wasn't a guard page, check for use-after-free. // Access wasn't a guard page, check for use-after-free.
AllocationMetadata *SlotMeta = addrToMetadata(AccessPtr); AllocationMetadata *SlotMeta = addrToMetadata(AccessPtr);
if (SlotMeta->IsDeallocated) { if (SlotMeta->IsDeallocated) {
*Meta = SlotMeta;
return Error::USE_AFTER_FREE; return Error::USE_AFTER_FREE;
} }
// If we have reached here, the error is still unknown. There is no metadata // If we have reached here, the error is still unknown.
// available.
*Meta = nullptr;
return Error::UNKNOWN; return Error::UNKNOWN;
} }
namespace { namespace {
// Prints the provided error and metadata information. // Stores the stringified error into the provided buffer. Returns the number of
void printErrorType(Error E, uintptr_t AccessPtr, AllocationMetadata *Meta, // bytes that would have been written to the buffer (excluding null terminator)
options::Printf_t Printf, uint64_t ThreadID) { // if it were large enough. A return value of `BufferSize` or greater indicates
// Print using intermediate strings. Platforms like Android don't like when // the result was truncated.
// you print multiple times to the same line, as there may be a newline size_t errorString(Error E, char *Buffer, size_t BufferSize) {
vlad.tsyrklevichUnsubmitted
Not Done
ReplyInline Actions

This would be simpler if it returned a const char* instead of writing to a buffer, and then the code below that snprintf()s into dumpReportInternal() would also be simpler and clearer. This would add some code to getErrorString() but I think that's fine.

vlad.tsyrklevich: This would be simpler if it returned a `const char*` instead of writing to a buffer, and then…
// appended to a log file automatically per Printf() call.
const char *ErrorString;
switch (E) { switch (E) {
case Error::UNKNOWN: case Error::UNKNOWN:
ErrorString = "GWP-ASan couldn't automatically determine the source of " return snprintf(Buffer, BufferSize,
"GWP-ASan couldn't automatically determine the source of "
"the memory error. It was likely caused by a wild memory " "the memory error. It was likely caused by a wild memory "
"access into the GWP-ASan pool. The error occurred"; "access into the GWP-ASan pool.");
break; break;
case Error::USE_AFTER_FREE: case Error::USE_AFTER_FREE:
ErrorString = "Use after free"; return snprintf(Buffer, BufferSize, "Use after free");
break; break;
case Error::DOUBLE_FREE: case Error::DOUBLE_FREE:
ErrorString = "Double free"; return snprintf(Buffer, BufferSize, "Double free");
break; break;
case Error::INVALID_FREE: case Error::INVALID_FREE:
ErrorString = "Invalid (wild) free"; return snprintf(Buffer, BufferSize, "Invalid (wild) free");
break; break;
case Error::BUFFER_OVERFLOW: case Error::BUFFER_OVERFLOW:
ErrorString = "Buffer overflow"; return snprintf(Buffer, BufferSize, "Buffer overflow");
break; break;
case Error::BUFFER_UNDERFLOW: case Error::BUFFER_UNDERFLOW:
ErrorString = "Buffer underflow"; return snprintf(Buffer, BufferSize, "Buffer underflow");
break; break;
} }
}
constexpr size_t kDescriptionBufferLen = 128; // Stores the string that describes the relation between `AccessPtr` and `Meta`
char DescriptionBuffer[kDescriptionBufferLen]; // for the given error `E` into the provided buffer. Returns the number of
if (Meta) { // bytes that would have been written to the buffer (excluding null terminator)
// if it were large enough. A return value of `BufferSize` or greater indicates
// the result was truncated.
size_t allocationErrorRelationString(uintptr_t AccessPtr, Error E,
AllocationMetadata *Meta, char *Buffer,
size_t BufferSize) {
assert(Meta &&
"Metadata to allocationErrorRelationString() should be non-null.");
if (E == Error::USE_AFTER_FREE) { if (E == Error::USE_AFTER_FREE) {
snprintf(DescriptionBuffer, kDescriptionBufferLen, return snprintf(
"(%zu byte%s into a %zu-byte allocation at 0x%zx)", Buffer, BufferSize, "%zu byte%s into a %zu-byte allocation at 0x%zx",
AccessPtr - Meta->Addr, (AccessPtr - Meta->Addr == 1) ? "" : "s", AccessPtr - Meta->Addr, (AccessPtr - Meta->Addr == 1) ? "" : "s",
Meta->Size, Meta->Addr); Meta->Size, Meta->Addr);
} else if (AccessPtr < Meta->Addr) { } else if (AccessPtr < Meta->Addr) {
snprintf(DescriptionBuffer, kDescriptionBufferLen, return snprintf(Buffer, BufferSize,
"(%zu byte%s to the left of a %zu-byte allocation at 0x%zx)", "%zu byte%s to the left of a %zu-byte allocation at 0x%zx",
Meta->Addr - AccessPtr, (Meta->Addr - AccessPtr == 1) ? "" : "s", Meta->Addr - AccessPtr,
Meta->Size, Meta->Addr); (Meta->Addr - AccessPtr == 1) ? "" : "s", Meta->Size,
Meta->Addr);
} else if (AccessPtr > Meta->Addr) { } else if (AccessPtr > Meta->Addr) {
snprintf(DescriptionBuffer, kDescriptionBufferLen, return snprintf(Buffer, BufferSize,
"(%zu byte%s to the right of a %zu-byte allocation at 0x%zx)", "%zu byte%s to the right of a %zu-byte allocation at 0x%zx",
AccessPtr - Meta->Addr, (AccessPtr - Meta->Addr == 1) ? "" : "s", AccessPtr - Meta->Addr,
Meta->Size, Meta->Addr); (AccessPtr - Meta->Addr == 1) ? "" : "s", Meta->Size,
} else { Meta->Addr);
snprintf(DescriptionBuffer, kDescriptionBufferLen,
"(a %zu-byte allocation)", Meta->Size);
}
} }
return snprintf(Buffer, BufferSize, "a %zu-byte allocation", Meta->Size);
// Possible number of digits of a 64-bit number: ceil(log10(2^64)) == 20. Add
// a null terminator, and round to the nearest 8-byte boundary.
constexpr size_t kThreadBufferLen = 24;
char ThreadBuffer[kThreadBufferLen];
if (ThreadID == GuardedPoolAllocator::kInvalidThreadID)
snprintf(ThreadBuffer, kThreadBufferLen, "<unknown>");
else
snprintf(ThreadBuffer, kThreadBufferLen, "%" PRIu64, ThreadID);
Printf("%s at 0x%zx %s by thread %s here:\n", ErrorString, AccessPtr,
DescriptionBuffer, ThreadBuffer);
} }
void printAllocDeallocTraces(uintptr_t AccessPtr, AllocationMetadata *Meta, void printAllocDeallocTraces(uintptr_t AccessPtr, AllocationMetadata *Meta,
options::Printf_t Printf, options::Printf_t Printf,
options::PrintBacktrace_t PrintBacktrace) { options::PrintBacktrace_t PrintBacktrace) {
assert(Meta != nullptr && "Metadata is non-null for printAllocDeallocTraces"); assert(Meta != nullptr && "Metadata is non-null for printAllocDeallocTraces");
if (Meta->IsDeallocated) { if (Meta->IsDeallocated) {
Show All 29 Lines
struct ScopedEndOfReportDecorator { struct ScopedEndOfReportDecorator {
ScopedEndOfReportDecorator(options::Printf_t Printf) : Printf(Printf) {} ScopedEndOfReportDecorator(options::Printf_t Printf) : Printf(Printf) {}
~ScopedEndOfReportDecorator() { Printf("*** End GWP-ASan report ***\n"); } ~ScopedEndOfReportDecorator() { Printf("*** End GWP-ASan report ***\n"); }
options::Printf_t Printf; options::Printf_t Printf;
}; };
} // anonymous namespace } // anonymous namespace
void GuardedPoolAllocator::reportErrorInternal(uintptr_t AccessPtr, Error E) { void GuardedPoolAllocator::dumpReportInternal(uintptr_t AccessPtr) {
if (!pointerIsMine(reinterpret_cast<void *>(AccessPtr))) { if (!pointerIsMine(reinterpret_cast<void *>(AccessPtr))) {
return; return;
} }
// Attempt to prevent races to re-use the same slot that triggered this error. // Attempt to prevent races to re-use the same slot that triggered this error.
// This does not guarantee that there are no races, because another thread can // This does not guarantee that there are no races, because another thread can
// take the locks during the time that the signal handler is being called. // take the locks during the time that the signal handler is being called.
PoolMutex.tryLock(); PoolMutex.tryLock();
ThreadLocals.RecursiveGuard = true; ThreadLocals.RecursiveGuard = true;
Printf("*** GWP-ASan detected a memory error ***\n"); Printf("*** GWP-ASan detected a memory error ***\n");
ScopedEndOfReportDecorator Decorator(Printf); ScopedEndOfReportDecorator Decorator(Printf);
AllocationMetadata *Meta = nullptr; AllocationMetadata *Meta = nullptr;
if (E == Error::UNKNOWN) { Error E = diagnoseErrorInternal(AccessPtr);
E = diagnoseUnknownError(AccessPtr, &Meta);
} else { if (E != Error::UNKNOWN) {
size_t Slot = getNearestSlot(AccessPtr); size_t Slot = getNearestSlot(AccessPtr);
Meta = addrToMetadata(slotToAddr(Slot)); Meta = addrToMetadata(slotToAddr(Slot));
// Ensure that this slot has been previously allocated. // Ensure that this slot has been previously allocated.
if (!Meta->Addr) if (!Meta->Addr)
Meta = nullptr; Meta = nullptr;
} }
// Print the error information. // Print the error information. Grab 512B worth of stack space, which should
// be more than enough for the allocation and error details.
constexpr unsigned kBufferSize = 512;
char *Buffer = static_cast<char *>(alloca(kBufferSize));
size_t BytesWritten = errorString(E, Buffer, kBufferSize);
if (BytesWritten > kBufferSize)
BytesWritten = kBufferSize;
if (E == Error::UNKNOWN) {
BytesWritten += snprintf(Buffer + BytesWritten, kBufferSize - BytesWritten,
" The error occurred at 0x%zx (", AccessPtr);
} else {
BytesWritten += snprintf(Buffer + BytesWritten, kBufferSize - BytesWritten,
" at 0x%zx (", AccessPtr);
}
if (BytesWritten > kBufferSize)
BytesWritten = kBufferSize;
if (Meta)
BytesWritten += allocationErrorRelationString(
AccessPtr, E, Meta, Buffer + BytesWritten, kBufferSize - BytesWritten);
if (BytesWritten > kBufferSize)
BytesWritten = kBufferSize;
uint64_t ThreadID = getThreadID(); uint64_t ThreadID = getThreadID();
printErrorType(E, AccessPtr, Meta, Printf, ThreadID); if (ThreadID == GuardedPoolAllocator::kInvalidThreadID)
snprintf(Buffer + BytesWritten, kBufferSize - BytesWritten,
") by thread <unknown> here:");
else
snprintf(Buffer + BytesWritten, kBufferSize - BytesWritten,
") by thread %" PRIu64 " here:", ThreadID);
Printf("%s\n", Buffer);
if (Backtrace) { if (Backtrace) {
static constexpr unsigned kMaximumStackFramesForCrashTrace = 512; static constexpr unsigned kMaximumStackFramesForCrashTrace = 512;
uintptr_t Trace[kMaximumStackFramesForCrashTrace]; uintptr_t Trace[kMaximumStackFramesForCrashTrace];
size_t TraceLength = Backtrace(Trace, kMaximumStackFramesForCrashTrace); size_t TraceLength = Backtrace(Trace, kMaximumStackFramesForCrashTrace);
PrintBacktrace(Trace, TraceLength, Printf); PrintBacktrace(Trace, TraceLength, Printf);
} else { } else {
Printf(" <unknown (does your allocator support backtracing?)>\n\n"); Printf(" <unknown (does your allocator support backtracing?)>\n\n");
} }
if (Meta) if (Meta)
printAllocDeallocTraces(AccessPtr, Meta, Printf, PrintBacktrace); printAllocDeallocTraces(AccessPtr, Meta, Printf, PrintBacktrace);
} }
size_t GuardedPoolAllocator::getErrorString(uintptr_t AccessPtr, Error E,
char *Buffer, size_t BufferSize) {
if (SingletonPtr)
return SingletonPtr->getErrorStringInternal(AccessPtr, E, Buffer,
BufferSize);
return 0;
}
size_t GuardedPoolAllocator::getAllocationString(uintptr_t AccessPtr, Error E,
char *Buffer,
size_t BufferSize) {
if (SingletonPtr)
return SingletonPtr->getAllocationStringInternal(AccessPtr, E, Buffer,
BufferSize);
return 0;
}
Error GuardedPoolAllocator::diagnoseError(uintptr_t AccessPtr) {
if (SingletonPtr)
return SingletonPtr->diagnoseErrorInternal(AccessPtr);
return Error::UNKNOWN;
}
size_t GuardedPoolAllocator::getErrorStringInternal(uintptr_t AccessPtr,
Error E, char *Buffer,
size_t BufferSize) {
if (!pointerIsMine(reinterpret_cast<void *>(AccessPtr)))
return 0;
return errorString(E, Buffer, BufferSize);
}
size_t GuardedPoolAllocator::getAllocationStringInternal(uintptr_t AccessPtr,
Error E, char *Buffer,
size_t BufferSize) {
if (!pointerIsMine(reinterpret_cast<void *>(AccessPtr)))
return 0;
AllocationMetadata *Meta = nullptr;
if (E == Error::UNKNOWN)
return 0;
size_t Slot = getNearestSlot(AccessPtr);
Meta = addrToMetadata(slotToAddr(Slot));
// Ensure that this slot has been previously allocated.
if (!Meta->Addr)
return 0;
return allocationErrorRelationString(AccessPtr, E, Meta, Buffer, BufferSize);
}
bool GuardedPoolAllocator::getMetadataInternal(uintptr_t Ptr,
AllocationMetadata *Meta) {
if (!pointerIsMine(reinterpret_cast<void *>(Ptr)))
return false;
size_t Slot = getNearestSlot(Ptr);
AllocationMetadata *Allocation = addrToMetadata(slotToAddr(Slot));
// Ensure that this slot has been previously allocated.
if (!Allocation->Addr)
return false;
*Meta = *Allocation;
return true;
}
bool GuardedPoolAllocator::getMetadata(uintptr_t Ptr,
AllocationMetadata *Meta) {
if (SingletonPtr)
return SingletonPtr->getMetadataInternal(Ptr, Meta);
return false;
}
TLS_INITIAL_EXEC TLS_INITIAL_EXEC
GuardedPoolAllocator::ThreadLocalPackedVariables GuardedPoolAllocator::ThreadLocalPackedVariables
GuardedPoolAllocator::ThreadLocals; GuardedPoolAllocator::ThreadLocals;
} // namespace gwp_asan } // namespace gwp_asan

compiler-rt/lib/gwp_asan/platform_specific/guarded_pool_allocator_posix.cpp

Show First 20 LinesShow All 54 Lines▼ Show 20 Lines
size_t GuardedPoolAllocator::getPlatformPageSize() { size_t GuardedPoolAllocator::getPlatformPageSize() {
return sysconf(_SC_PAGESIZE); return sysconf(_SC_PAGESIZE);
} }
struct sigaction PreviousHandler; struct sigaction PreviousHandler;
static void sigSegvHandler(int sig, siginfo_t *info, void *ucontext) { static void sigSegvHandler(int sig, siginfo_t *info, void *ucontext) {
gwp_asan::GuardedPoolAllocator::reportError( gwp_asan::GuardedPoolAllocator::dumpReport(
reinterpret_cast<uintptr_t>(info->si_addr)); reinterpret_cast<uintptr_t>(info->si_addr));
// Process any previous handlers. // Process any previous handlers.
if (PreviousHandler.sa_flags & SA_SIGINFO) { if (PreviousHandler.sa_flags & SA_SIGINFO) {
PreviousHandler.sa_sigaction(sig, info, ucontext); PreviousHandler.sa_sigaction(sig, info, ucontext);
} else if (PreviousHandler.sa_handler == SIG_IGN || } else if (PreviousHandler.sa_handler == SIG_IGN ||
PreviousHandler.sa_handler == SIG_DFL) { PreviousHandler.sa_handler == SIG_DFL) {
// If the previous handler was the default handler, or was ignoring this // If the previous handler was the default handler, or was ignoring this
Show All 25 Lines

compiler-rt/lib/gwp_asan/tests/CMakeLists.txt

include(CompilerRTCompile) include(CompilerRTCompile)
set(GWP_ASAN_UNITTEST_CFLAGS set(GWP_ASAN_UNITTEST_CFLAGS
${COMPILER_RT_UNITTEST_CFLAGS} ${COMPILER_RT_UNITTEST_CFLAGS}
${COMPILER_RT_GTEST_CFLAGS} ${COMPILER_RT_GTEST_CFLAGS}
-I${COMPILER_RT_SOURCE_DIR}/lib/ -I${COMPILER_RT_SOURCE_DIR}/lib/
-O2 -g
-g) -fno-optimize-sibling-calls # Used in crash_handler_api.cpp (GetAllocation())
)
file(GLOB GWP_ASAN_HEADERS ../*.h) file(GLOB GWP_ASAN_HEADERS ../*.h)
set(GWP_ASAN_UNITTESTS set(GWP_ASAN_UNITTESTS
optional/printf_sanitizer_common.cpp optional/printf_sanitizer_common.cpp
alignment.cpp alignment.cpp
backtrace.cpp backtrace.cpp
basic.cpp basic.cpp
compression.cpp compression.cpp
crash_handler_api.cpp
driver.cpp driver.cpp
mutex_test.cpp mutex_test.cpp
slot_reuse.cpp slot_reuse.cpp
thread_contention.cpp) thread_contention.cpp)
set(GWP_ASAN_UNIT_TEST_HEADERS set(GWP_ASAN_UNIT_TEST_HEADERS
${GWP_ASAN_HEADERS} ${GWP_ASAN_HEADERS}
harness.h) harness.h)
▲ Show 20 LinesShow All 41 LinesShow Last 20 Lines

compiler-rt/lib/gwp_asan/tests/crash_handler_api.cpp

  • This file was added.
//===-- crash_handler_api.cpp -----------------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include <memory>
#include <setjmp.h>
#include <string>
#include <vector>
#include "gwp_asan/guarded_pool_allocator.h"
#include "gwp_asan/tests/harness.h"
using Error = gwp_asan::GuardedPoolAllocator::Error;
using GuardedPoolAllocator = gwp_asan::GuardedPoolAllocator;
using AllocationMetadata = gwp_asan::GuardedPoolAllocator::AllocationMetadata;
// We also disable sibling call optimisations in the build file to ensure that
// the call inside this function doesn't get optimised to a jump.
__attribute__((noinline)) void *GetAllocation(GuardedPoolAllocator *GPA,
size_t Size) {
return GPA->allocate(Size);
}
__attribute__((noinline)) void GetAllocation_End() {}
// We also disable sibling call optimisations in the build file to ensure that
// the call inside this function doesn't get optimised to a jump.
__attribute__((noinline)) void DoDeallocate(GuardedPoolAllocator *GPA,
void *Ptr) {
GPA->deallocate(Ptr);
}
__attribute__((noinline)) void DoDeallocate_End() {}
// It's impossible to determine the exact location of the call instruction
// within a C++ function - so we allow our frames to occur in a range. If the
// frame lies between [Start - End] (inclusive), we determine the frame to be
// found.
struct FrameRange {
FrameRange(uintptr_t Start, uintptr_t End) : Start(Start), End(End) {}
uintptr_t Start;
uintptr_t End;
};
// A null value (or zero), in general means "don't check this value".
struct ExpectedAPIResult {
Error ErrorType;
// There is no null value for `ErrorType`, so indicate whether we want to
// check this value or not.
bool CheckErrorType = false;
const char *ErrorNeedle = nullptr;
const char *AllocationNeedle = nullptr;
// Results from the AllocationMetadata.
bool HasValidMetadata = true;
uintptr_t AllocationAddress = 0;
size_t AllocationSize = 0;
// Required frames below should be in order (but can be non-adjacent). If the
// required frames are [A, B], then the following matches will succeed:
// - [A, B]
// - [X, Y, A, B]
// - [A, B, X, Y]
// - [X, A, Y, B]
// - [A, A, B, A]
// and the following will fail:
// - [B, A]
// - [X, B, Y, A]
std::vector<FrameRange> RequiredAllocationFrames;
std::vector<FrameRange> RequiredDeallocationFrames;
bool IsDeallocated;
bool CheckIsDeallocated = false;
};
// Create an ExpectedAPIResult that has the correct required
// allocation/deallocation frames for use with `GetAllocate()` and
// `DoDeallocate()`. Place the allocated pointer in `*Ptr`.
ExpectedAPIResult createTest(GuardedPoolAllocator *GPA, size_t Size, Error E,
void **Ptr, bool WillBeDeallocated) {
ExpectedAPIResult Result;
Result.ErrorType = E;
Result.CheckErrorType = true;
*Ptr = GetAllocation(GPA, Size);
EXPECT_NE(*Ptr, nullptr);
Result.AllocationAddress = reinterpret_cast<uintptr_t>(*Ptr);
Result.AllocationSize = Size;
Result.RequiredAllocationFrames = {
FrameRange(reinterpret_cast<uintptr_t>(&GetAllocation),
reinterpret_cast<uintptr_t>(&GetAllocation_End))};
if (WillBeDeallocated) {
Result.RequiredDeallocationFrames = {
FrameRange(reinterpret_cast<uintptr_t>(&DoDeallocate),
reinterpret_cast<uintptr_t>(&DoDeallocate_End))};
Result.IsDeallocated = true;
Result.CheckIsDeallocated = true;
} else {
Result.IsDeallocated = false;
Result.CheckIsDeallocated = true;
}
return Result;
}
void CheckFrames(const std::vector<FrameRange> &Frames,
uint8_t *CompressedTrace, size_t CompressedTraceSize) {
uintptr_t *Buffer = static_cast<uintptr_t *>(
alloca(AllocationMetadata::kMaxTraceLengthToCollect * sizeof(uintptr_t)));
size_t NumUncompressedFrames = gwp_asan::compression::unpack(
CompressedTrace, CompressedTraceSize, Buffer,
AllocationMetadata::kMaxTraceLengthToCollect);
EXPECT_GE(NumUncompressedFrames, Frames.size());
size_t FramesMatched = 0;
for (size_t i = 0; i < NumUncompressedFrames && FramesMatched < Frames.size();
++i) {
if (Buffer[i] >= Frames[FramesMatched].Start &&
Buffer[i] <= Frames[FramesMatched].End)
++FramesMatched;
}
EXPECT_EQ(FramesMatched, Frames.size());
}
ExpectedAPIResult *ExpectedResult = nullptr;
sigjmp_buf SigJumpBuf;
bool CrashHandlerExecuted;
void CheckExpectedResult(uintptr_t FaultAddress) {
assert(ExpectedResult && "ExpectedAPIResult should be non-null");
CrashHandlerExecuted = true;
Error Err = GuardedPoolAllocator::diagnoseError(FaultAddress);
if (ExpectedResult->CheckErrorType)
EXPECT_EQ(ExpectedResult->ErrorType, Err);
constexpr unsigned kBufferSize = 0x1000;
char *Buffer = static_cast<char *>(alloca(kBufferSize));
if (ExpectedResult->ErrorNeedle) {
EXPECT_NE(0u, GuardedPoolAllocator::getErrorString(FaultAddress, Err,
Buffer, kBufferSize));
EXPECT_NE(nullptr, strstr(Buffer, ExpectedResult->ErrorNeedle))
<< "Expected ErrorNeedle not found: \"" << ExpectedResult->ErrorNeedle
<< "\" in string: \"" << Buffer << "\"";
}
if (ExpectedResult->AllocationNeedle) {
EXPECT_NE(0u, GuardedPoolAllocator::getAllocationString(
FaultAddress, Err, Buffer, kBufferSize));
EXPECT_NE(nullptr, strstr(Buffer, ExpectedResult->AllocationNeedle))
<< "Expected AllocationNeedle not found: \""
<< ExpectedResult->AllocationNeedle << "\" in string: \"" << Buffer
<< "\"";
}
AllocationMetadata Meta;
EXPECT_EQ(ExpectedResult->HasValidMetadata,
GuardedPoolAllocator::getMetadata(FaultAddress, &Meta));
if (!ExpectedResult->HasValidMetadata)
return;
if (ExpectedResult->AllocationAddress)
EXPECT_EQ(Meta.Addr, ExpectedResult->AllocationAddress);
if (ExpectedResult->AllocationSize)
EXPECT_EQ(Meta.Size, ExpectedResult->AllocationSize);
if (!ExpectedResult->RequiredAllocationFrames.empty())
CheckFrames(ExpectedResult->RequiredAllocationFrames,
Meta.AllocationTrace.CompressedTrace,
Meta.AllocationTrace.TraceSize);
if (!ExpectedResult->RequiredDeallocationFrames.empty())
CheckFrames(ExpectedResult->RequiredDeallocationFrames,
Meta.DeallocationTrace.CompressedTrace,
Meta.DeallocationTrace.TraceSize);
if (ExpectedResult->CheckIsDeallocated)
EXPECT_EQ(Meta.IsDeallocated, ExpectedResult->IsDeallocated);
}
void segvHandler(int sig, siginfo_t *info, void *ucontext) {
CheckExpectedResult(reinterpret_cast<uintptr_t>(info->si_addr));
siglongjmp(SigJumpBuf, 1);
}
void CheckAPIOnCrash(ExpectedAPIResult *APIResult) {
CrashHandlerExecuted = false;
ExpectedResult = APIResult;
struct sigaction Action;
Action.sa_sigaction = segvHandler;
Action.sa_flags = SA_SIGINFO;
sigaction(SIGSEGV, &Action, nullptr);
}
TEST_F(NoSignalHandlerGuardedPoolAllocator, UnknownErrorIfNotAllocated) {
constexpr unsigned kBufferSize = 0x10;
char Buffer[kBufferSize];
void *Ptr = malloc(1);
while (GPA.pointerIsMine(Ptr)) {
free(Ptr);
Ptr = malloc(1);
}
uintptr_t IntPtr = reinterpret_cast<uintptr_t>(Ptr);
EXPECT_EQ(Error::UNKNOWN, GuardedPoolAllocator::diagnoseError(0));
EXPECT_EQ(Error::UNKNOWN, GuardedPoolAllocator::diagnoseError(IntPtr));
EXPECT_EQ(0u, GuardedPoolAllocator::getErrorString(0, Error::UNKNOWN, Buffer,
kBufferSize));
EXPECT_EQ(0u, GuardedPoolAllocator::getErrorString(IntPtr, Error::UNKNOWN,
Buffer, kBufferSize));
EXPECT_EQ(0u, GuardedPoolAllocator::getAllocationString(
IntPtr, Error::UNKNOWN, Buffer, kBufferSize));
EXPECT_EQ(0u, GuardedPoolAllocator::getAllocationString(
IntPtr, Error::UNKNOWN, Buffer, kBufferSize));
AllocationMetadata Meta;
EXPECT_FALSE(GuardedPoolAllocator::getMetadata(IntPtr, &Meta));
EXPECT_FALSE(GuardedPoolAllocator::getMetadata(IntPtr, &Meta));
}
TEST_F(NoSignalHandlerGuardedPoolAllocator, DoubleFree) {
void *Ptr;
ExpectedAPIResult ExpectedResult = createTest(
&GPA, 1, Error::DOUBLE_FREE, &Ptr, /* WillBeDeallocated */ true);
ExpectedResult.ErrorNeedle = "Double free";
ExpectedResult.AllocationNeedle = "a 1-byte allocation";
CheckAPIOnCrash(&ExpectedResult);
DoDeallocate(&GPA, Ptr);
if (!sigsetjmp(SigJumpBuf, 1))
DoDeallocate(&GPA, Ptr);
EXPECT_TRUE(CrashHandlerExecuted);
}
TEST_F(NoSignalHandlerGuardedPoolAllocator, InvalidFreeCheckAlign) {
void *Ptr;
ExpectedAPIResult ExpectedResult = createTest(
&GPA, 1, Error::INVALID_FREE, &Ptr, /* WillBeDeallocated */ false);
ExpectedResult.ErrorNeedle = "Invalid (wild) free";
ExpectedResult.AllocationNeedle = "1 byte to the";
CheckAPIOnCrash(&ExpectedResult);
if (!sigsetjmp(SigJumpBuf, 1))
DoDeallocate(&GPA, static_cast<char *>(Ptr) + 1);
EXPECT_TRUE(CrashHandlerExecuted);
}
TEST_F(NoSignalHandlerGuardedPoolAllocator, InvalidFreeCheckSize) {
void *Ptr;
ExpectedAPIResult ExpectedResult = createTest(
&GPA, 1, Error::INVALID_FREE, &Ptr, /* WillBeDeallocated */ false);
ExpectedResult.AllocationNeedle = "of a 1-byte allocation";
CheckAPIOnCrash(&ExpectedResult);
if (!sigsetjmp(SigJumpBuf, 1))
DoDeallocate(&GPA, static_cast<char *>(Ptr) + 1);
EXPECT_TRUE(CrashHandlerExecuted);
}
TEST_F(NoSignalHandlerGuardedPoolAllocator, UseAfterFree) {
void *Ptr;
ExpectedAPIResult ExpectedResult = createTest(
&GPA, 1, Error::USE_AFTER_FREE, &Ptr, /* WillBeDeallocated */ true);
ExpectedResult.ErrorNeedle = "Use after free";
CheckAPIOnCrash(&ExpectedResult);
DoDeallocate(&GPA, Ptr);
if (!sigsetjmp(SigJumpBuf, 1))
*(static_cast<char *>(Ptr)) = 0;
EXPECT_TRUE(CrashHandlerExecuted);
}
constexpr unsigned kMaximumAlignmentPadding = 16;
TEST_F(NoSignalHandlerGuardedPoolAllocator, BufferOverflow) {
void *Ptr;
constexpr unsigned kAllocationSize = 10;
ExpectedAPIResult ExpectedResult =
createTest(&GPA, kAllocationSize, Error::BUFFER_OVERFLOW, &Ptr,
/* WillBeDeallocated */ false);
uintptr_t IntPtr = reinterpret_cast<uintptr_t>(Ptr);
// Keep trying until we have a right-aligned allocation.
while (IntPtr % GPA.maximumAllocationSize() < kMaximumAlignmentPadding) {
GPA.deallocate(Ptr);
Ptr = GetAllocation(&GPA, kAllocationSize);
EXPECT_NE(Ptr, nullptr);
IntPtr = reinterpret_cast<uintptr_t>(Ptr);
ExpectedResult.AllocationAddress = IntPtr;
}
ExpectedResult.ErrorNeedle = "Buffer overflow";
ExpectedResult.AllocationNeedle =
"bytes to the right of a 10-byte allocation";
CheckAPIOnCrash(&ExpectedResult);
if (!sigsetjmp(SigJumpBuf, 1))
*(static_cast<char *>(Ptr) + kMaximumAlignmentPadding) = 0;
EXPECT_TRUE(CrashHandlerExecuted);
}
TEST_F(NoSignalHandlerGuardedPoolAllocator, BufferUnderflow) {
void *Ptr;
constexpr unsigned kAllocationSize = 10;
ExpectedAPIResult ExpectedResult =
createTest(&GPA, kAllocationSize, Error::BUFFER_UNDERFLOW, &Ptr,
/* WillBeDeallocated */ false);
uintptr_t IntPtr = reinterpret_cast<uintptr_t>(Ptr);
// Keep trying until we have a left-aligned allocation.
while (IntPtr % GPA.maximumAllocationSize() > kMaximumAlignmentPadding) {
GPA.deallocate(Ptr);
Ptr = GetAllocation(&GPA, kAllocationSize);
EXPECT_NE(Ptr, nullptr);
IntPtr = reinterpret_cast<uintptr_t>(Ptr);
ExpectedResult.AllocationAddress = IntPtr;
}
ExpectedResult.ErrorNeedle = "Buffer underflow";
ExpectedResult.AllocationNeedle = "bytes to the left of a 10-byte allocation";
CheckAPIOnCrash(&ExpectedResult);
if (!sigsetjmp(SigJumpBuf, 1))
*(static_cast<char *>(Ptr) - kMaximumAlignmentPadding) = 0;
EXPECT_TRUE(CrashHandlerExecuted);
}
// Simulate an internal error (or a hardware failure) where the touched
// allocation doesn't correspond to an allocation.
TEST_F(NoSignalHandlerGuardedPoolAllocator, UnknownInternalError) {
void *Ptr = GPA.allocate(1);
ExpectedAPIResult ExpectedResult;
ExpectedResult.ErrorType = Error::UNKNOWN;
ExpectedResult.CheckErrorType = true;
ExpectedResult.HasValidMetadata = false;
ExpectedResult.ErrorNeedle =
"GWP-ASan couldn't automatically determine the source of the memory "
"error. It was likely caused by a wild memory access into the GWP-ASan "
"pool.";
CheckAPIOnCrash(&ExpectedResult);
if (!sigsetjmp(SigJumpBuf, 1))
*(static_cast<char *>(Ptr) + GPA.maximumAllocationSize() * 2) = 0;
EXPECT_TRUE(CrashHandlerExecuted);
}

compiler-rt/lib/gwp_asan/tests/harness.h

Show First 20 LinesShow All 75 Lines▼ Show 20 Lines BacktraceGuardedPoolAllocator() {
Opts.PrintBacktrace = gwp_asan::options::getPrintBacktraceFunction(); Opts.PrintBacktrace = gwp_asan::options::getPrintBacktraceFunction();
GPA.init(Opts); GPA.init(Opts);
} }
protected: protected:
gwp_asan::GuardedPoolAllocator GPA; gwp_asan::GuardedPoolAllocator GPA;
}; };
class NoSignalHandlerGuardedPoolAllocator : public ::testing::Test {
public:
NoSignalHandlerGuardedPoolAllocator() {
gwp_asan::options::Options Opts;
Opts.setDefaults();
Opts.InstallSignalHandlers = false;
Opts.Printf = gwp_asan::test::getPrintfFunction();
Opts.Backtrace = gwp_asan::options::getBacktraceFunction();
GPA.init(Opts);
}
protected:
gwp_asan::GuardedPoolAllocator GPA;
};
#endif // GWP_ASAN_TESTS_HARNESS_H_ #endif // GWP_ASAN_TESTS_HARNESS_H_

compiler-rt/test/gwp_asan/double_delete.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t // RUN: %clangxx_gwp_asan %s -o %t
// RUN: not %run %t 2>&1 | FileCheck %s // RUN: %expect_crash %run %t 2>&1 | FileCheck %s
// CHECK: GWP-ASan detected a memory error // CHECK: GWP-ASan detected a memory error
// CHECK: Double free at 0x{{[a-f0-9]+}} (a 1-byte allocation) // CHECK: Double free at 0x{{[a-f0-9]+}} (a 1-byte allocation)
#include <cstdlib> #include <cstdlib>
int main() { int main() {
char *Ptr = new char; char *Ptr = new char;
delete Ptr; delete Ptr;
delete Ptr; delete Ptr;
return 0; return 0;
} }

compiler-rt/test/gwp_asan/double_deletea.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t // RUN: %clangxx_gwp_asan %s -o %t
// RUN: not %run %t 2>&1 | FileCheck %s // RUN: %expect_crash %run %t 2>&1 | FileCheck %s
// CHECK: GWP-ASan detected a memory error // CHECK: GWP-ASan detected a memory error
// CHECK: Double free at 0x{{[a-f0-9]+}} (a 50-byte allocation) // CHECK: Double free at 0x{{[a-f0-9]+}} (a 50-byte allocation)
#include <cstdlib> #include <cstdlib>
int main() { int main() {
char *Ptr = new char[50]; char *Ptr = new char[50];
delete[] Ptr; delete[] Ptr;
delete[] Ptr; delete[] Ptr;
return 0; return 0;
} }

compiler-rt/test/gwp_asan/double_free.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t // RUN: %clangxx_gwp_asan %s -o %t
// RUN: not %run %t 2>&1 | FileCheck %s // RUN: %expect_crash %run %t 2>&1 | FileCheck %s
#include <cstdlib> #include <cstdlib>
int main() { int main() {
// CHECK: GWP-ASan detected a memory error // CHECK: GWP-ASan detected a memory error
// CHECK: Double free at 0x{{[a-f0-9]+}} (a 10-byte allocation) // CHECK: Double free at 0x{{[a-f0-9]+}} (a 10-byte allocation)
void *Ptr = malloc(10); void *Ptr = malloc(10);
free(Ptr); free(Ptr);
free(Ptr); free(Ptr);
return 0; return 0;
} }

compiler-rt/test/gwp_asan/invalid_free_left.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t // RUN: %clangxx_gwp_asan %s -o %t
// RUN: not %run %t 2>&1 | FileCheck %s // RUN: %expect_crash %run %t 2>&1 | FileCheck %s
// CHECK: GWP-ASan detected a memory error // CHECK: GWP-ASan detected a memory error
// CHECK: Invalid (wild) free at 0x{{[a-f0-9]+}} (1 byte to the left of a // CHECK: Invalid (wild) free at 0x{{[a-f0-9]+}} (1 byte to the left of a
// CHECK-SAME: 1-byte allocation // CHECK-SAME: 1-byte allocation
#include <cstdlib> #include <cstdlib>
int main() { int main() {
char *Ptr = char *Ptr =
reinterpret_cast<char *>(malloc(1)); reinterpret_cast<char *>(malloc(1));
free(Ptr - 1); free(Ptr - 1);
return 0; return 0;
} }

compiler-rt/test/gwp_asan/invalid_free_right.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t // RUN: %clangxx_gwp_asan %s -o %t
// RUN: not %run %t 2>&1 | FileCheck %s // RUN: %expect_crash %run %t 2>&1 | FileCheck %s
// CHECK: GWP-ASan detected a memory error // CHECK: GWP-ASan detected a memory error
// CHECK: Invalid (wild) free at 0x{{[a-f0-9]+}} (1 byte to the right of a // CHECK: Invalid (wild) free at 0x{{[a-f0-9]+}} (1 byte to the right of a
// CHECK-SAME: 1-byte allocation // CHECK-SAME: 1-byte allocation
#include <cstdlib> #include <cstdlib>
int main() { int main() {
char *Ptr = char *Ptr =
reinterpret_cast<char *>(malloc(1)); reinterpret_cast<char *>(malloc(1));
free(Ptr + 1); free(Ptr + 1);
return 0; return 0;
} }

compiler-rt/test/gwp_asan/realloc.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t -DTEST_MALLOC // RUN: %clangxx_gwp_asan %s -o %t -DTEST_MALLOC
// RUN: not %run %t 2>&1 | FileCheck %s --check-prefix CHECK-MALLOC // RUN: %expect_crash %run %t 2>&1 | FileCheck %s --check-prefix CHECK-MALLOC
// Check both C++98 and C. // Check both C++98 and C.
// RUN: %clangxx_gwp_asan -std=c++98 %s -o %t -DTEST_FREE // RUN: %clangxx_gwp_asan -std=c++98 %s -o %t -DTEST_FREE
// RUN: %expect_crash %run %t 2>&1 | FileCheck %s --check-prefix CHECK-FREE // RUN: %expect_crash %run %t 2>&1 | FileCheck %s --check-prefix CHECK-FREE
// RUN: cp %s %t.c && %clang_gwp_asan %t.c -o %t -DTEST_FREE // RUN: cp %s %t.c && %clang_gwp_asan %t.c -o %t -DTEST_FREE
// RUN: %expect_crash %run %t 2>&1 | FileCheck %s --check-prefix CHECK-FREE // RUN: %expect_crash %run %t 2>&1 | FileCheck %s --check-prefix CHECK-FREE
// Ensure GWP-ASan stub implementation of realloc() in Scudo works to-spec. In // Ensure GWP-ASan stub implementation of realloc() in Scudo works to-spec. In
Show All 33 Lines