This is an archive of the discontinued LLVM Phabricator instance.

Differential D73557

[GWP-ASan] Crash Handler API.
ClosedPublic

Authored by hctim on Jan 28 2020, 7:30 AM.

Details

Reviewers
cryptoad
eugenis
jfb
Commits
rGa62586846fa9: [GWP-ASan] Crash Handler API.
Summary

Forewarning: This patch looks big in #LOC changed. I promise it's not that bad, it just moves a lot of content from one file to another. I've gone ahead and left inline comments on Phabricator for sections where this has happened.

This patch:

  1. Introduces the crash handler API (crash_handler_api.h).
  2. Moves information required for out-of-process crash handling into an AllocatorState. This is a trivially-copied POD struct that designed to be recovered from a deceased process, and used by the crash handler to create a GWP-ASan report (along with the other trivially-copied Metadata struct).
  3. Implements the crash handler API using the AllocatorState and Metadata.
  4. Adds tests for the crash handler.
  5. Reimplements the (now optionally linked by the supporting allocator) in-process crash handler (i.e. the segv handler) using the new crash handler API.
  6. Minor updates Scudo & Scudo Standalone to fix compatibility.
  7. Changed capitalisation of errors (e.g. /s/Use after free/Use After Free).

Diff Detail

Event Timeline

hctim created this revision.Jan 28 2020, 7:30 AM
Herald added a reviewer: jfb. · View Herald TranscriptJan 28 2020, 7:30 AM
Herald added projects: Restricted Project, Restricted Project. · View Herald Transcript
Herald added subscribers: llvm-commits, Restricted Project, cryptoad, mgorny. · View Herald Transcript
hctim marked 33 inline comments as done.Jan 28 2020, 7:45 AM
hctim added inline comments.
compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp
1

Most of the changes in this file are /s/MyMember/State.MyMember

64–65

No Printf maintained internally any more, so we assert and trap instead.

150

Used to be a member function (GPA::getPageAddr()), but shouldn't be.

255–256

Slight functional change, addrToMetadata used to be implemented differently.

308

Start of implementation of new crash handler functions. All very simple implementation (just find the metadata, and then return data).

416

This code was moved (with some modifications) to crash_handler_posix.cpp.

519

Code here (and below) moved to crash_handler_posix.cpp.

compiler-rt/lib/gwp_asan/guarded_pool_allocator.h
22

This is moved just down below in this file.

79

These functions and members are pulled out of GuardedPoolAllocator.

149

Moved into AllocatorState.

153

Removed in favour of new crash handler API.

194

Installation of segv is now in optional/crash_handler.h.

202

Functions moved into AllocatorState.

213

Functions moved into AllocatorState.

235

Deprecated in favour of new crash handler.

247

Members (and below) moved into AllocatorState.

274

We now don't store a Printf or PrintBacktrace function, as these are the crash handler's responsibility (and GPA no longer is responsible for handling crashes).

compiler-rt/lib/gwp_asan/optional/crash_handler.h
17 ↗(On Diff #240885)

Moved from options.h. Now Printf_t and PrintBacktrace_t are correctly only used by the inbuilt crash handler, and not managed by GPA.

62 ↗(On Diff #240885)

This is now the entry point to install the internal (segv-based) crash handler, and the allocator is responsible for inspecting Options.installSignalHandlers and call this function if true.

The allocator is responsible for providing us with the proper printing/backtrace functions, but we also provide multiple implementations that can be used.

compiler-rt/lib/gwp_asan/optional/crash_handler_posix.cpp
34 ↗(On Diff #240885)

Moved from guarded_pool_allocator.cpp.

60 ↗(On Diff #240885)

Moved from guarded_pool_allocator.cpp.

68 ↗(On Diff #240885)

Moved from guarded_pool_allocator.cpp (with minor modifications to use new API instead of old).

116 ↗(On Diff #240885)

Moved from guarded_pool_allocator.cpp (with minor modifications to use new API instead of old).

135 ↗(On Diff #240885)

Moved from guarded_pool_allocator.cpp (with minor modifications to use new API instead of old).

157 ↗(On Diff #240885)

Moved from guarded_pool_allocator.cpp (with minor modifications to use new API instead of old).

compiler-rt/lib/gwp_asan/options.h
18

Moved to crash_handler_api.h.

hctim added inline comments.Jan 28 2020, 7:45 AM
compiler-rt/lib/gwp_asan/options.h
53

Moved to crash_handler_api.h.

compiler-rt/lib/gwp_asan/platform_specific/guarded_pool_allocator_posix.cpp
39–40

No more Printf in GPA, so assert and trap instread.

94

Moved to crash_handler_posix.cpp.

125

Moved to crash_handler_posix.cpp.

compiler-rt/lib/gwp_asan/tests/crash_handler_api.cpp
2

New tests for the crash handler API.

compiler-rt/lib/scudo/standalone/CMakeLists.txt
118

Note for @cryptoad: This is the libc backtrace and the GWP-ASan internal (segv) crash handler, no dependencies on compiler-rt here :)

compiler-rt/lib/scudo/standalone/combined.h
174

Backtrace function comes from libc. Not sure if this WAI on Fuchsia, but we don't support GWP-ASan there so /shrug/.

Herald added a subscriber: dexonsmith. · View Herald TranscriptJan 28 2020, 7:45 AM
hctim edited the summary of this revision. (Show Details)Jan 28 2020, 7:46 AM
hctim edited reviewers, added: cryptoad, eugenis; removed: jfb.
hctim added subscribers: jfb, pcc.
Herald added a reviewer: jfb. · View Herald TranscriptJan 28 2020, 7:46 AM
merge_guards_bot added a subscriber: merge_guards_bot.Jan 28 2020, 8:07 AM

Unit tests: pass. 62268 tests passed, 0 failed and 827 were skipped.

clang-tidy: fail. clang-tidy found 21 errors and 58 warnings. 0 of them are added as review comments below (why?).

clang-format: fail. Please format your changes with clang-format by running git-clang-format HEAD^ or applying this patch.

Build artifacts: diff.json, clang-tidy.txt, clang-format.patch, CMakeCache.txt, console-log.txt, test-results.xml

Pre-merge checks is in beta. Report issue. Please join beta or enable it for your project.

Harbormaster failed remote builds in B45137: Diff 240885!Jan 28 2020, 8:12 AM
eugenis added inline comments.Jan 28 2020, 6:07 PM
compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp
56–57

If you move backtrace collection (but maybe not compression) to the caller, you can get rid of the ugly passing-by-reference of RecursiveGuard.

64–65

why do you need trap after assert?

Factor out CHECK() implemented (on Android) as set_abort_message() + abort?

compiler-rt/lib/gwp_asan/guarded_pool_allocator.h
71

Tries to stop. Not very hard.
If we really wanted to, we could make the mutex recursive.

159

internally

compiler-rt/lib/gwp_asan/options.inc
33

Would it be better to move this option to scudo then if it is unused?

compiler-rt/lib/gwp_asan/tests/CMakeLists.txt
9

Don't understand the comment. Does this optimization break the code? Why? Where did -O2 go?

compiler-rt/lib/gwp_asan/tests/crash_handler_api.cpp
2

This test makes my head hurt :(
I don't see why it needs to actually send and receive signals to test this API.
Also, the fuzzy match logic seems to be testing an implementation of backtrace. This also seems irrelevant. I'd simply supply a mock backtrace callback.

24

or can just do attribute((optnone))

217

why not IntPtr = &Intptr ?

compiler-rt/lib/scudo/standalone/CMakeLists.txt
25

this can affect scudo performance.

hctim marked 10 inline comments as done.Jan 29 2020, 4:36 PM
hctim added inline comments.
compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp
56–57

Refactored a little here.

64–65

In case of -DNDEBUG.

Done.

compiler-rt/lib/gwp_asan/guarded_pool_allocator.h
71

We need something to set RecursiveGuard = true in the in-process crash handler. The tryLock is mostly there as a best-effort as we might take some time uncompressing traces/getting the access backtrace, and it reduces the chance of our metadata getting corrupted.

Not sure what we could do to stop harder here :(

compiler-rt/lib/gwp_asan/options.inc
33

My assumption is that some new consumer may chose to use the sanitizer_common flag parser (which we include optionally under optional/options_parser.h). In that case, it's nice to have this flag be user-controlled. I'm not super attached to it being here though, LMK.

compiler-rt/lib/gwp_asan/tests/CMakeLists.txt
9

It ensured that call -> jmp optimisation didn't take place, but optnone is a much better sol'n.

compiler-rt/lib/gwp_asan/tests/crash_handler_api.cpp
2

Let me refactor this to not go through the actual allocator + crashing stuff. I refactored this test from some working branch that had wildly different assumptions.

217

Sorry, I don't follow...

compiler-rt/lib/scudo/standalone/CMakeLists.txt
25

@cryptoad

hctim updated this revision to Diff 241318.Jan 29 2020, 4:36 PM
hctim marked 3 inline comments as done.
  • Remove bad assert from debug builds.
  • Comments from @eugenis.
eugenis added inline comments.Jan 29 2020, 5:06 PM
compiler-rt/lib/gwp_asan/tests/crash_handler_api.cpp
217

It looks like the loop above finds any address that GWP-ASan would not recognize in pointerIsMine.
&IntPtr is such an address.

merge_guards_bot added a comment.Jan 29 2020, 5:17 PM

Unit tests: pass. 62268 tests passed, 0 failed and 827 were skipped.

clang-tidy: fail. clang-tidy found 23 errors and 62 warnings. 0 of them are added as review comments below (why?).

clang-format: fail. Please format your changes with clang-format by running git-clang-format HEAD^ or applying this patch.

Build artifacts: diff.json, clang-tidy.txt, clang-format.patch, CMakeCache.txt, console-log.txt, test-results.xml

Pre-merge checks is in beta. Report issue. Please join beta or enable it for your project.

Harbormaster failed remote builds in B45304: Diff 241318!Jan 29 2020, 5:18 PM
hctim updated this revision to Diff 241746.Jan 31 2020, 8:59 AM
  • - Updated crash_handler test, fixed up some const-correctness issues.
hctim marked 6 inline comments as done.Jan 31 2020, 9:00 AM
hctim added inline comments.
compiler-rt/lib/gwp_asan/tests/crash_handler_api.cpp
2

Refactored.

217

Done.

merge_guards_bot added a comment.Jan 31 2020, 9:43 AM

Unit tests: fail. 62267 tests passed, 1 failed and 827 were skipped.

failed: libc++.std/thread/futures/futures_async/async.pass.cpp

clang-tidy: fail. clang-tidy found 23 errors and 51 warnings. 0 of them are added as review comments below (why?).

clang-format: fail. Please format your changes with clang-format by running git-clang-format HEAD^ or applying this patch.

Build artifacts: diff.json, clang-tidy.txt, clang-format.patch, CMakeCache.txt, console-log.txt, test-results.xml

Pre-merge checks is in beta. Report issue. Please join beta or enable it for your project.

Harbormaster failed remote builds in B45463: Diff 241746!Jan 31 2020, 9:49 AM
hctim updated this revision to Diff 241826.Jan 31 2020, 2:54 PM
hctim marked 2 inline comments as done.
Moved functionality out of GPA into common.

Functionality that is common between the GPA and the crash handler
should be factored out. This allows us to link *just* the crash handler
portion of things in a supporting crash handler, rather than all the
rest of the GPA stuff.
merge_guards_bot added a comment.Jan 31 2020, 3:07 PM

Unit tests: pass. 62268 tests passed, 0 failed and 827 were skipped.

clang-tidy: fail. clang-tidy found 28 errors and 52 warnings. 0 of them are added as review comments below (why?).

clang-format: fail. Please format your changes with clang-format by running git-clang-format HEAD^ or applying this patch.

Build artifacts: diff.json, clang-tidy.txt, clang-format.patch, CMakeCache.txt, console-log.txt, test-results.xml

Pre-merge checks is in beta. Report issue. Please join beta or enable it for your project.

Harbormaster failed remote builds in B45490: Diff 241826!Jan 31 2020, 3:12 PM
eugenis added inline comments.Jan 31 2020, 5:22 PM
compiler-rt/lib/gwp_asan/crash_handler.cpp
80

Why not return the metadata pointer and null if it could not be found, and then pass it to all other query functions?

compiler-rt/lib/gwp_asan/optional/segv_handler_posix.cpp
54

We should not kill the process if it had SIGSEGV ignored, and we do not recognize the crash.

hctim marked 4 inline comments as done.Jan 31 2020, 6:43 PM
hctim added inline comments.
compiler-rt/lib/gwp_asan/crash_handler.cpp
80

The crash handler isn't responsible for finding the metadata, as the original process might be dead. We actually need the metadata here to check that the allocation provided has actually been allocated once upon a time.

compiler-rt/lib/gwp_asan/optional/segv_handler_posix.cpp
54

Done.

hctim updated this revision to Diff 241859.Jan 31 2020, 6:44 PM
hctim marked 2 inline comments as done.
  • Crash on SEGV when previous handler ignored iff we are responsible.
merge_guards_bot added a comment.Jan 31 2020, 7:00 PM

Unit tests: pass. 62268 tests passed, 0 failed and 827 were skipped.

clang-tidy: fail. clang-tidy found 28 errors and 52 warnings. 0 of them are added as review comments below (why?).

clang-format: fail. Please format your changes with clang-format by running git-clang-format HEAD^ or applying this patch.

Build artifacts: diff.json, clang-tidy.txt, clang-format.patch, CMakeCache.txt, console-log.txt, test-results.xml

Pre-merge checks is in beta. Report issue. Please join beta or enable it for your project.

Harbormaster failed remote builds in B45506: Diff 241859!Jan 31 2020, 7:03 PM
eugenis added inline comments.Feb 3 2020, 4:18 PM
compiler-rt/lib/gwp_asan/crash_handler.cpp
80

I actually meant instead of

if (Meta->Addr == 0)
    return false;

do

if (Meta->Addr != 0)
  return Meta;

And then pass that pointer to the rest of the API, so they do not need to repeat the look up.

compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp
147–150

if init() does not set the signal handlers, maybe uninit should not remove them.
Also, weak declarations are not very portable.

198

Touch memory in a guard page instead.
This will produce the same type of failure the fault handler is catching, which could be different from raise(SIGSEGV) (which is also posix-only).

compiler-rt/lib/gwp_asan/guarded_pool_allocator.h
13

clang-format plz

compiler-rt/lib/gwp_asan/tests/crash_handler_api.cpp
159

It's usually better to be a bit more explicit in tests and setup the program state in each test case. In this case, I'd need to look ~2 pages up to understand what 0x7001 refers to. The test class could provide metadata setup helpers, and test case could look something like

metadata(0, 0x7000, 0x20, /*allocated*/false);
State.FailureAddress = 0x7001;
State.FailureType = Error::INVALID_FREE;
EXPECT_TRUE(__gwp_asan_error_is_mine(&State));

hctim marked 9 inline comments as done.Feb 5 2020, 8:14 AM
hctim added inline comments.
compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp
147–150

Removed it, and updated the tests elsewhere.

compiler-rt/lib/gwp_asan/tests/crash_handler_api.cpp
159

Great idea, thanks!

compiler-rt/lib/scudo/standalone/CMakeLists.txt
25

Flagged it behind COMPILER_RT_HAS_GWP_ASAN - but still worth assessing for @cryptoad

hctim updated this revision to Diff 242632.Feb 5 2020, 8:14 AM
hctim marked 2 inline comments as done.
  • Addressed eugenis@ comments.
merge_guards_bot added a comment.Feb 5 2020, 8:55 AM

Unit tests: pass. 62268 tests passed, 0 failed and 827 were skipped.

clang-tidy: unknown.

clang-format: unknown.

Build artifacts: CMakeCache.txt, console-log.txt, test-results.xml

Pre-merge checks is in beta. Report issue. Please join beta or enable it for your project.

Harbormaster failed remote builds in B45769: Diff 242632!Feb 5 2020, 8:59 AM
eugenis accepted this revision.Feb 5 2020, 11:01 AM

LGTM with a few nits

compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp
197

Could be simply the first guard page at *GuardPagePool. Does not really matter.

compiler-rt/lib/gwp_asan/tests/harness.h
19

this does not exist

94

Not a big deal, but it makes sense to do these things in the opposite order.

compiler-rt/lib/scudo/standalone/combined.h
12

wrong path

This revision is now accepted and ready to land.Feb 5 2020, 11:01 AM
hctim updated this revision to Diff 242765.Feb 5 2020, 3:24 PM
hctim marked 12 inline comments as done.
  • Update from eugenis comments.
hctim added inline comments.Feb 5 2020, 3:29 PM
compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp
197

Sure. Done.

compiler-rt/lib/gwp_asan/tests/harness.h
19

it does, just under the GWP-ASan root's gwp_asan/optional dir, not gwp_asan/tests/optional/

94

Done (and in Scudo).

compiler-rt/lib/scudo/standalone/combined.h
12

why does my editor hate me so

hctim updated this revision to Diff 242769.Feb 5 2020, 3:31 PM

Rebase onto master in preparation for submit.

Closed by commit rGa62586846fa9: [GWP-ASan] Crash Handler API. (authored by hctim). · Explain WhyFeb 5 2020, 3:41 PM
This revision was automatically updated to reflect the committed changes.
merge_guards_bot added a comment.Feb 5 2020, 4:07 PM

Unit tests: pass. 62268 tests passed, 0 failed and 827 were skipped.

clang-tidy: unknown.

clang-format: unknown.

Build artifacts: CMakeCache.txt, console-log.txt, test-results.xml

Pre-merge checks is in beta. Report issue. Please join beta or enable it for your project.

Harbormaster failed remote builds in B45818: Diff 242765!Feb 5 2020, 4:10 PM
merge_guards_bot added a comment.Feb 5 2020, 4:23 PM

Unit tests: pass. 62519 tests passed, 0 failed and 844 were skipped.

clang-tidy: unknown.

clang-format: unknown.

Build artifacts: CMakeCache.txt, console-log.txt, test-results.xml

Pre-merge checks is in beta. Report issue. Please join beta or enable it for your project.

Harbormaster failed remote builds in B45819: Diff 242769!Feb 5 2020, 4:29 PM
hctim mentioned this in D70681: [GWP-ASan] Implementation of crash handler API..Feb 28 2020, 3:08 PM
hctim mentioned this in D71497: [GWP-ASan] Add in-proc/out-of-proc crash handler interface..

Revision Contents

Diff 242769

compiler-rt/lib/gwp_asan/CMakeLists.txt

add_compiler_rt_component(gwp_asan) add_compiler_rt_component(gwp_asan)
include_directories(..) include_directories(..)
set(GWP_ASAN_SOURCES set(GWP_ASAN_SOURCES
common.cpp
crash_handler.cpp
platform_specific/common_posix.cpp
platform_specific/guarded_pool_allocator_posix.cpp platform_specific/guarded_pool_allocator_posix.cpp
platform_specific/mutex_posix.cpp platform_specific/mutex_posix.cpp
platform_specific/utilities_posix.cpp
guarded_pool_allocator.cpp guarded_pool_allocator.cpp
random.cpp random.cpp
stack_trace_compressor.cpp stack_trace_compressor.cpp
) )
set(GWP_ASAN_HEADERS set(GWP_ASAN_HEADERS
common.h
crash_handler.h
definitions.h definitions.h
guarded_pool_allocator.h guarded_pool_allocator.h
mutex.h mutex.h
options.h options.h
options.inc options.inc
random.h random.h
stack_trace_compressor.h stack_trace_compressor.h
utilities.h
) )
# Ensure that GWP-ASan meets the delegated requirements of some supporting # Ensure that GWP-ASan meets the delegated requirements of some supporting
# allocators. Some supporting allocators (e.g. scudo standalone) cannot use any # allocators. Some supporting allocators (e.g. scudo standalone) cannot use any
# parts of the C++ standard library. # parts of the C++ standard library.
set(GWP_ASAN_CFLAGS ${SANITIZER_COMMON_CFLAGS} -fno-rtti -fno-exceptions set(GWP_ASAN_CFLAGS ${SANITIZER_COMMON_CFLAGS} -fno-rtti -fno-exceptions
-nostdinc++ -pthread) -nostdinc++ -pthread)
append_list_if(COMPILER_RT_HAS_FPIC_FLAG -fPIC GWP_ASAN_CFLAGS) append_list_if(COMPILER_RT_HAS_FPIC_FLAG -fPIC GWP_ASAN_CFLAGS)
Show All 16 Linesset(GWP_ASAN_OPTIONS_PARSER_HEADERS
options.h options.h
options.inc options.inc
) )
set(GWP_ASAN_BACKTRACE_HEADERS set(GWP_ASAN_BACKTRACE_HEADERS
optional/backtrace.h optional/backtrace.h
options.h options.h
options.inc options.inc
) )
set(GWP_ASAN_SEGV_HANDLER_HEADERS
optional/segv_handler.h
options.h)
set(GWP_ASAN_OPTIONS_PARSER_CFLAGS set(GWP_ASAN_OPTIONS_PARSER_CFLAGS
${GWP_ASAN_CFLAGS} ${GWP_ASAN_CFLAGS}
${SANITIZER_COMMON_CFLAGS}) ${SANITIZER_COMMON_CFLAGS})
set(GWP_ASAN_OPTIONS_PARSER_OBJECT_LIBS set(GWP_ASAN_OPTIONS_PARSER_OBJECT_LIBS
RTSanitizerCommon RTSanitizerCommon
RTSanitizerCommonNoLibc) RTSanitizerCommonNoLibc)
Show All 28 Lines add_compiler_rt_object_libraries(RTGwpAsanOptionsParser
CFLAGS ${GWP_ASAN_OPTIONS_PARSER_CFLAGS}) CFLAGS ${GWP_ASAN_OPTIONS_PARSER_CFLAGS})
# As above, build the pre-implemented optional backtrace support libraries. # As above, build the pre-implemented optional backtrace support libraries.
add_compiler_rt_object_libraries(RTGwpAsanBacktraceLibc add_compiler_rt_object_libraries(RTGwpAsanBacktraceLibc
ARCHS ${GWP_ASAN_SUPPORTED_ARCH} ARCHS ${GWP_ASAN_SUPPORTED_ARCH}
SOURCES optional/backtrace_linux_libc.cpp SOURCES optional/backtrace_linux_libc.cpp
ADDITIONAL_HEADERS ${GWP_ASAN_BACKTRACE_HEADERS} ADDITIONAL_HEADERS ${GWP_ASAN_BACKTRACE_HEADERS}
CFLAGS ${GWP_ASAN_CFLAGS}) CFLAGS ${GWP_ASAN_CFLAGS})
add_compiler_rt_object_libraries(RTGwpAsanSegvHandler
ARCHS ${GWP_ASAN_SUPPORTED_ARCH}
SOURCES optional/segv_handler_posix.cpp
ADDITIONAL_HEADERS ${GWP_ASAN_SEGV_HANDLER_HEADERS}
CFLAGS ${GWP_ASAN_CFLAGS})
add_compiler_rt_object_libraries(RTGwpAsanBacktraceSanitizerCommon add_compiler_rt_object_libraries(RTGwpAsanBacktraceSanitizerCommon
ARCHS ${GWP_ASAN_SUPPORTED_ARCH} ARCHS ${GWP_ASAN_SUPPORTED_ARCH}
SOURCES optional/backtrace_sanitizer_common.cpp SOURCES optional/backtrace_sanitizer_common.cpp
ADDITIONAL_HEADERS ${GWP_ASAN_BACKTRACE_HEADERS} ADDITIONAL_HEADERS ${GWP_ASAN_BACKTRACE_HEADERS}
CFLAGS ${GWP_ASAN_CFLAGS} ${SANITIZER_COMMON_CFLAGS}) CFLAGS ${GWP_ASAN_CFLAGS} ${SANITIZER_COMMON_CFLAGS})
endif() endif()
if(COMPILER_RT_INCLUDE_TESTS) if(COMPILER_RT_INCLUDE_TESTS)
add_subdirectory(tests) add_subdirectory(tests)
endif() endif()

compiler-rt/lib/gwp_asan/common.h

  • This file was added.
//===-- common.h ------------------------------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// This file contains code that is common between the crash handler and the
// GuardedPoolAllocator.
#ifndef GWP_ASAN_COMMON_H_
#define GWP_ASAN_COMMON_H_
#include "gwp_asan/definitions.h"
#include "gwp_asan/options.h"
#include <stddef.h>
#include <stdint.h>
namespace gwp_asan {
enum class Error {
UNKNOWN,
USE_AFTER_FREE,
DOUBLE_FREE,
INVALID_FREE,
BUFFER_OVERFLOW,
BUFFER_UNDERFLOW
};
const char *ErrorToString(const Error &E);
static constexpr uint64_t kInvalidThreadID = UINT64_MAX;
// Get the current thread ID, or kInvalidThreadID if failure. Note: This
// implementation is platform-specific.
uint64_t getThreadID();
// This struct contains all the metadata recorded about a single allocation made
// by GWP-ASan. If `AllocationMetadata.Addr` is zero, the metadata is non-valid.
struct AllocationMetadata {
// The number of bytes used to store a compressed stack frame. On 64-bit
// platforms, assuming a compression ratio of 50%, this should allow us to
// store ~64 frames per trace.
static constexpr size_t kStackFrameStorageBytes = 256;
// Maximum number of stack frames to collect on allocation/deallocation. The
// actual number of collected frames may be less than this as the stack
// frames are compressed into a fixed memory range.
static constexpr size_t kMaxTraceLengthToCollect = 128;
// Records the given allocation metadata into this struct.
void RecordAllocation(uintptr_t Addr, size_t Size);
// Record that this allocation is now deallocated.
void RecordDeallocation();
struct CallSiteInfo {
// Record the current backtrace to this callsite.
void RecordBacktrace(options::Backtrace_t Backtrace);
// The compressed backtrace to the allocation/deallocation.
uint8_t CompressedTrace[kStackFrameStorageBytes];
// The thread ID for this trace, or kInvalidThreadID if not available.
uint64_t ThreadID = kInvalidThreadID;
// The size of the compressed trace (in bytes). Zero indicates that no
// trace was collected.
size_t TraceSize = 0;
};
// The address of this allocation. If zero, the rest of this struct isn't
// valid, as the allocation has never occurred.
uintptr_t Addr = 0;
// Represents the actual size of the allocation.
size_t Size = 0;
CallSiteInfo AllocationTrace;
CallSiteInfo DeallocationTrace;
// Whether this allocation has been deallocated yet.
bool IsDeallocated = false;
};
// This holds the state that's shared between the GWP-ASan allocator and the
// crash handler. This, in conjunction with the Metadata array, forms the entire
// set of information required for understanding a GWP-ASan crash.
struct AllocatorState {
// Returns whether the provided pointer is a current sampled allocation that
// is owned by this pool.
GWP_ASAN_ALWAYS_INLINE bool pointerIsMine(const void *Ptr) const {
uintptr_t P = reinterpret_cast<uintptr_t>(Ptr);
return P < GuardedPagePoolEnd && GuardedPagePool <= P;
}
// Returns the address of the N-th guarded slot.
uintptr_t slotToAddr(size_t N) const;
// Returns the largest allocation that is supported by this pool.
size_t maximumAllocationSize() const;
// Gets the nearest slot to the provided address.
size_t getNearestSlot(uintptr_t Ptr) const;
// Returns whether the provided pointer is a guard page or not. The pointer
// must be within memory owned by this pool, else the result is undefined.
bool isGuardPage(uintptr_t Ptr) const;
// The number of guarded slots that this pool holds.
size_t MaxSimultaneousAllocations = 0;
// Pointer to the pool of guarded slots. Note that this points to the start of
// the pool (which is a guard page), not a pointer to the first guarded page.
uintptr_t GuardedPagePool = 0;
uintptr_t GuardedPagePoolEnd = 0;
// Cached page size for this system in bytes.
size_t PageSize = 0;
// The type and address of an internally-detected failure. For INVALID_FREE
// and DOUBLE_FREE, these errors are detected in GWP-ASan, which will set
// these values and terminate the process.
Error FailureType = Error::UNKNOWN;
uintptr_t FailureAddress = 0;
};
} // namespace gwp_asan
#endif // GWP_ASAN_COMMON_H_

compiler-rt/lib/gwp_asan/common.cpp

  • This file was added.
//===-- common.cpp ----------------------------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "gwp_asan/common.h"
#include "gwp_asan/stack_trace_compressor.h"
#include <assert.h>
using AllocationMetadata = gwp_asan::AllocationMetadata;
using Error = gwp_asan::Error;
namespace gwp_asan {
const char *ErrorToString(const Error &E) {
switch (E) {
case Error::UNKNOWN:
return "Unknown";
case Error::USE_AFTER_FREE:
return "Use After Free";
case Error::DOUBLE_FREE:
return "Double Free";
case Error::INVALID_FREE:
return "Invalid (Wild) Free";
case Error::BUFFER_OVERFLOW:
return "Buffer Overflow";
case Error::BUFFER_UNDERFLOW:
return "Buffer Underflow";
}
__builtin_trap();
}
void AllocationMetadata::RecordAllocation(uintptr_t AllocAddr,
size_t AllocSize) {
Addr = AllocAddr;
Size = AllocSize;
IsDeallocated = false;
AllocationTrace.ThreadID = getThreadID();
DeallocationTrace.TraceSize = 0;
DeallocationTrace.ThreadID = kInvalidThreadID;
}
void AllocationMetadata::RecordDeallocation() {
IsDeallocated = true;
DeallocationTrace.ThreadID = getThreadID();
}
void AllocationMetadata::CallSiteInfo::RecordBacktrace(
options::Backtrace_t Backtrace) {
TraceSize = 0;
if (!Backtrace)
return;
uintptr_t UncompressedBuffer[kMaxTraceLengthToCollect];
size_t BacktraceLength =
Backtrace(UncompressedBuffer, kMaxTraceLengthToCollect);
TraceSize =
compression::pack(UncompressedBuffer, BacktraceLength, CompressedTrace,
AllocationMetadata::kStackFrameStorageBytes);
}
size_t AllocatorState::maximumAllocationSize() const { return PageSize; }
uintptr_t AllocatorState::slotToAddr(size_t N) const {
return GuardedPagePool + (PageSize * (1 + N)) + (maximumAllocationSize() * N);
}
bool AllocatorState::isGuardPage(uintptr_t Ptr) const {
assert(pointerIsMine(reinterpret_cast<void *>(Ptr)));
size_t PageOffsetFromPoolStart = (Ptr - GuardedPagePool) / PageSize;
size_t PagesPerSlot = maximumAllocationSize() / PageSize;
return (PageOffsetFromPoolStart % (PagesPerSlot + 1)) == 0;
}
static size_t addrToSlot(const AllocatorState *State, uintptr_t Ptr) {
size_t ByteOffsetFromPoolStart = Ptr - State->GuardedPagePool;
return ByteOffsetFromPoolStart /
(State->maximumAllocationSize() + State->PageSize);
}
size_t AllocatorState::getNearestSlot(uintptr_t Ptr) const {
if (Ptr <= GuardedPagePool + PageSize)
return 0;
if (Ptr > GuardedPagePoolEnd - PageSize)
return MaxSimultaneousAllocations - 1;
if (!isGuardPage(Ptr))
return addrToSlot(this, Ptr);
if (Ptr % PageSize <= PageSize / 2)
return addrToSlot(this, Ptr - PageSize); // Round down.
return addrToSlot(this, Ptr + PageSize); // Round up.
}
} // namespace gwp_asan

compiler-rt/lib/gwp_asan/crash_handler.h

  • This file was added.
//===-- crash_handler_interface.h -------------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// This file contains interface functions that can be called by an in-process or
// out-of-process crash handler after the process has terminated. Functions in
// this interface are never thread safe. For an in-process crash handler, the
// handler should call GuardedPoolAllocator::disable() to stop any other threads
// from retrieving new GWP-ASan allocations, which may corrupt the metadata.
#ifndef GWP_ASAN_INTERFACE_H_
#define GWP_ASAN_INTERFACE_H_
#include "gwp_asan/common.h"
#ifdef __cplusplus
extern "C" {
#endif
// When a process crashes, there are three possible outcomes:
// 1. The crash is unrelated to GWP-ASan - in which case this function returns
// false.
// 2. The crash is internally detected within GWP-ASan itself (e.g. a
// double-free bug is caught in GuardedPoolAllocator::deallocate(), and
// GWP-ASan will terminate the process). In this case - this function
// returns true.
// 3. The crash is caused by a memory error at `AccessPtr` that's caught by the
// system, but GWP-ASan is responsible for the allocation. In this case -
// the function also returns true.
// This function takes an optional `AccessPtr` parameter. If the pointer that
// was attempted to be accessed is available, you should provide it here. In the
// case of some internally-detected errors, the crash may manifest as an abort
// or trap may or may not have an associated pointer. In these cases, the
// pointer can be obtained by a call to __gwp_asan_get_internal_crash_address.
bool __gwp_asan_error_is_mine(const gwp_asan::AllocatorState *State,
uintptr_t ErrorPtr = 0u);
// Diagnose and return the type of error that occurred at `ErrorPtr`. If
// `ErrorPtr` is unrelated to GWP-ASan, or if the error type cannot be deduced,
// this function returns Error::UNKNOWN.
gwp_asan::Error
__gwp_asan_diagnose_error(const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *Metadata,
uintptr_t ErrorPtr);
// For internally-detected errors (double free, invalid free), this function
// returns the pointer that the error occurred at. If the error is unrelated to
// GWP-ASan, or if the error was caused by a non-internally detected failure,
// this function returns zero.
uintptr_t
__gwp_asan_get_internal_crash_address(const gwp_asan::AllocatorState *State);
// Returns a pointer to the metadata for the allocation that's responsible for
// the crash. This metadata should not be dereferenced directly due to API
// compatibility issues, but should be instead passed to functions below for
// information retrieval. Returns nullptr if there is no metadata available for
// this crash.
const gwp_asan::AllocationMetadata *
__gwp_asan_get_metadata(const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *Metadata,
uintptr_t ErrorPtr);
// +---------------------------------------------------------------------------+
// | Error Information Functions |
// +---------------------------------------------------------------------------+
// Functions below return information about the type of error that was caught by
// GWP-ASan, or information about the allocation that caused the error. These
// functions generally take an `AllocationMeta` argument, which should be
// retrieved via. __gwp_asan_get_metadata.
// Returns the start of the allocation whose metadata is in `AllocationMeta`.
uintptr_t __gwp_asan_get_allocation_address(
const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *AllocationMeta);
// Returns the size of the allocation whose metadata is in `AllocationMeta`
size_t __gwp_asan_get_allocation_size(
const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *AllocationMeta);
// Returns the Thread ID that allocated the memory that caused the error at
// `ErrorPtr`. This function may not be called if __gwp_asan_has_metadata()
// returns false.
uint64_t __gwp_asan_get_allocation_thread_id(
const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *AllocationMeta);
// Retrieve the allocation trace for the allocation whose metadata is in
// `AllocationMeta`, and place it into the provided `Buffer` that has at least
// `BufferLen` elements. This function returns the number of frames that would
// have been written into `Buffer` if the space was available (i.e. however many
// frames were stored by GWP-ASan). A return value greater than `BufferLen`
// indicates that the trace was truncated when storing to `Buffer`.
size_t __gwp_asan_get_allocation_trace(
const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *AllocationMeta, uintptr_t *Buffer,
size_t BufferLen);
// Returns whether the allocation whose metadata is in `AllocationMeta` has been
// deallocated. This function may not be called if __gwp_asan_has_metadata()
// returns false.
bool __gwp_asan_is_deallocated(
const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *AllocationMeta);
// Returns the Thread ID that deallocated the memory whose metadata is in
// `AllocationMeta`. This function may not be called if
// __gwp_asan_is_deallocated() returns false.
uint64_t __gwp_asan_get_deallocation_thread_id(
const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *AllocationMeta);
// Retrieve the deallocation trace for the allocation whose metadata is in
// `AllocationMeta`, and place it into the provided `Buffer` that has at least
// `BufferLen` elements. This function returns the number of frames that would
// have been written into `Buffer` if the space was available (i.e. however many
// frames were stored by GWP-ASan). A return value greater than `BufferLen`
// indicates that the trace was truncated when storing to `Buffer`. This
// function may not be called if __gwp_asan_is_deallocated() returns false.
size_t __gwp_asan_get_deallocation_trace(
const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *AllocationMeta, uintptr_t *Buffer,
size_t BufferLen);
#ifdef __cplusplus
} // extern "C"
#endif
#endif // GWP_ASAN_INTERFACE_H_

compiler-rt/lib/gwp_asan/crash_handler.cpp

  • This file was added.
//===-- crash_handler_interface.cpp -----------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "gwp_asan/common.h"
#include "gwp_asan/stack_trace_compressor.h"
#include <assert.h>
using AllocationMetadata = gwp_asan::AllocationMetadata;
using Error = gwp_asan::Error;
#ifdef __cplusplus
extern "C" {
#endif
bool __gwp_asan_error_is_mine(const gwp_asan::AllocatorState *State,
uintptr_t ErrorPtr) {
assert(State && "State should not be nullptr.");
if (State->FailureType != Error::UNKNOWN && State->FailureAddress != 0)
return true;
return ErrorPtr < State->GuardedPagePoolEnd &&
State->GuardedPagePool <= ErrorPtr;
}
uintptr_t
__gwp_asan_get_internal_crash_address(const gwp_asan::AllocatorState *State) {
return State->FailureAddress;
}
static const AllocationMetadata *
addrToMetadata(const gwp_asan::AllocatorState *State,
const AllocationMetadata *Metadata, uintptr_t Ptr) {
// Note - Similar implementation in guarded_pool_allocator.cpp.
return &Metadata[State->getNearestSlot(Ptr)];
}
gwp_asan::Error
__gwp_asan_diagnose_error(const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *Metadata,
uintptr_t ErrorPtr) {
if (!__gwp_asan_error_is_mine(State, ErrorPtr))
return Error::UNKNOWN;
if (State->FailureType != Error::UNKNOWN)
return State->FailureType;
// Let's try and figure out what the source of this error is.
if (State->isGuardPage(ErrorPtr)) {
size_t Slot = State->getNearestSlot(ErrorPtr);
const AllocationMetadata *SlotMeta =
addrToMetadata(State, Metadata, State->slotToAddr(Slot));
// Ensure that this slot was allocated once upon a time.
if (!SlotMeta->Addr)
return Error::UNKNOWN;
if (SlotMeta->Addr < ErrorPtr)
return Error::BUFFER_OVERFLOW;
return Error::BUFFER_UNDERFLOW;
}
// Access wasn't a guard page, check for use-after-free.
const AllocationMetadata *SlotMeta =
addrToMetadata(State, Metadata, ErrorPtr);
if (SlotMeta->IsDeallocated) {
return Error::USE_AFTER_FREE;
}
// If we have reached here, the error is still unknown.
return Error::UNKNOWN;
}
const gwp_asan::AllocationMetadata *
__gwp_asan_get_metadata(const gwp_asan::AllocatorState *State,
eugenisUnsubmitted
Done
ReplyInline Actions

Why not return the metadata pointer and null if it could not be found, and then pass it to all other query functions?

eugenis: Why not return the metadata pointer and null if it could not be found, and then pass it to all…
hctimAuthorUnsubmitted
Done
ReplyInline Actions

The crash handler isn't responsible for finding the metadata, as the original process might be dead. We actually need the metadata here to check that the allocation provided has actually been allocated once upon a time.

hctim: The crash handler isn't responsible for finding the metadata, as the original process might be…
eugenisUnsubmitted
Done
ReplyInline Actions

I actually meant instead of

if (Meta->Addr == 0)
    return false;

do

if (Meta->Addr != 0)
  return Meta;

And then pass that pointer to the rest of the API, so they do not need to repeat the look up.

eugenis: I actually meant instead of if (Meta->Addr == 0) return false; do if (Meta->Addr !=…
const gwp_asan::AllocationMetadata *Metadata,
uintptr_t ErrorPtr) {
if (!__gwp_asan_error_is_mine(State, ErrorPtr))
return nullptr;
if (ErrorPtr >= State->GuardedPagePoolEnd ||
State->GuardedPagePool > ErrorPtr)
return nullptr;
const AllocationMetadata *Meta = addrToMetadata(State, Metadata, ErrorPtr);
if (Meta->Addr == 0)
return nullptr;
return Meta;
}
uintptr_t __gwp_asan_get_allocation_address(
const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *AllocationMeta) {
return AllocationMeta->Addr;
}
size_t __gwp_asan_get_allocation_size(
const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *AllocationMeta) {
return AllocationMeta->Size;
}
uint64_t __gwp_asan_get_allocation_thread_id(
const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *AllocationMeta) {
return AllocationMeta->AllocationTrace.ThreadID;
}
size_t __gwp_asan_get_allocation_trace(
const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *AllocationMeta, uintptr_t *Buffer,
size_t BufferLen) {
return gwp_asan::compression::unpack(
AllocationMeta->AllocationTrace.CompressedTrace,
AllocationMeta->AllocationTrace.TraceSize, Buffer, BufferLen);
}
bool __gwp_asan_is_deallocated(
const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *AllocationMeta) {
return AllocationMeta->IsDeallocated;
}
uint64_t __gwp_asan_get_deallocation_thread_id(
const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *AllocationMeta) {
return AllocationMeta->DeallocationTrace.ThreadID;
}
size_t __gwp_asan_get_deallocation_trace(
const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *AllocationMeta, uintptr_t *Buffer,
size_t BufferLen) {
return gwp_asan::compression::unpack(
AllocationMeta->DeallocationTrace.CompressedTrace,
AllocationMeta->DeallocationTrace.TraceSize, Buffer, BufferLen);
}
#ifdef __cplusplus
} // extern "C"
#endif

compiler-rt/lib/gwp_asan/guarded_pool_allocator.h

//===-- guarded_pool_allocator.h --------------------------------*- C++ -*-===// //===-- guarded_pool_allocator.h --------------------------------*- C++ -*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef GWP_ASAN_GUARDED_POOL_ALLOCATOR_H_ #ifndef GWP_ASAN_GUARDED_POOL_ALLOCATOR_H_
#define GWP_ASAN_GUARDED_POOL_ALLOCATOR_H_ #define GWP_ASAN_GUARDED_POOL_ALLOCATOR_H_
#include "gwp_asan/common.h"
#include "gwp_asan/definitions.h" #include "gwp_asan/definitions.h"
eugenisUnsubmitted
Done
ReplyInline Actions

clang-format plz

eugenis: clang-format plz
#include "gwp_asan/mutex.h" #include "gwp_asan/mutex.h"
#include "gwp_asan/options.h" #include "gwp_asan/options.h"
#include "gwp_asan/random.h" #include "gwp_asan/random.h"
#include "gwp_asan/stack_trace_compressor.h" #include "gwp_asan/stack_trace_compressor.h"
#include <stddef.h> #include <stddef.h>
#include <stdint.h> #include <stdint.h>
namespace gwp_asan { namespace gwp_asan {
// This class is the primary implementation of the allocator portion of GWP- // This class is the primary implementation of the allocator portion of GWP-
hctimAuthorUnsubmitted
Done
ReplyInline Actions

This is moved just down below in this file.

hctim: This is moved just down below in this file.
// ASan. It is the sole owner of the pool of sequentially allocated guarded // ASan. It is the sole owner of the pool of sequentially allocated guarded
// slots. It should always be treated as a singleton. // slots. It should always be treated as a singleton.
// Functions in the public interface of this class are thread-compatible until // Functions in the public interface of this class are thread-compatible until
// init() is called, at which point they become thread-safe (unless specified // init() is called, at which point they become thread-safe (unless specified
// otherwise). // otherwise).
class GuardedPoolAllocator { class GuardedPoolAllocator {
public: public:
// Name of the GWP-ASan mapping that for `Metadata`. // Name of the GWP-ASan mapping that for `Metadata`.
static constexpr const char *kGwpAsanMetadataName = "GWP-ASan Metadata"; static constexpr const char *kGwpAsanMetadataName = "GWP-ASan Metadata";
static constexpr uint64_t kInvalidThreadID = UINT64_MAX;
enum class Error {
UNKNOWN,
USE_AFTER_FREE,
DOUBLE_FREE,
INVALID_FREE,
BUFFER_OVERFLOW,
BUFFER_UNDERFLOW
};
struct AllocationMetadata {
// The number of bytes used to store a compressed stack frame. On 64-bit
// platforms, assuming a compression ratio of 50%, this should allow us to
// store ~64 frames per trace.
static constexpr size_t kStackFrameStorageBytes = 256;
// Maximum number of stack frames to collect on allocation/deallocation. The
// actual number of collected frames may be less than this as the stack
// frames are compressed into a fixed memory range.
static constexpr size_t kMaxTraceLengthToCollect = 128;
// Records the given allocation metadata into this struct.
void RecordAllocation(uintptr_t Addr, size_t Size,
options::Backtrace_t Backtrace);
// Record that this allocation is now deallocated.
void RecordDeallocation(options::Backtrace_t Backtrace);
struct CallSiteInfo {
// The compressed backtrace to the allocation/deallocation.
uint8_t CompressedTrace[kStackFrameStorageBytes];
// The thread ID for this trace, or kInvalidThreadID if not available.
uint64_t ThreadID = kInvalidThreadID;
// The size of the compressed trace (in bytes). Zero indicates that no
// trace was collected.
size_t TraceSize = 0;
};
// The address of this allocation.
uintptr_t Addr = 0;
// Represents the actual size of the allocation.
size_t Size = 0;
CallSiteInfo AllocationTrace;
CallSiteInfo DeallocationTrace;
// Whether this allocation has been deallocated yet.
bool IsDeallocated = false;
};
// During program startup, we must ensure that memory allocations do not land // During program startup, we must ensure that memory allocations do not land
// in this allocation pool if the allocator decides to runtime-disable // in this allocation pool if the allocator decides to runtime-disable
// GWP-ASan. The constructor value-initialises the class such that if no // GWP-ASan. The constructor value-initialises the class such that if no
// further initialisation takes place, calls to shouldSample() and // further initialisation takes place, calls to shouldSample() and
// pointerIsMine() will return false. // pointerIsMine() will return false.
constexpr GuardedPoolAllocator(){}; constexpr GuardedPoolAllocator(){};
GuardedPoolAllocator(const GuardedPoolAllocator &) = delete; GuardedPoolAllocator(const GuardedPoolAllocator &) = delete;
GuardedPoolAllocator &operator=(const GuardedPoolAllocator &) = delete; GuardedPoolAllocator &operator=(const GuardedPoolAllocator &) = delete;
// Note: This class is expected to be a singleton for the lifetime of the // Note: This class is expected to be a singleton for the lifetime of the
// program. If this object is initialised, it will leak the guarded page pool // program. If this object is initialised, it will leak the guarded page pool
// and metadata allocations during destruction. We can't clean up these areas // and metadata allocations during destruction. We can't clean up these areas
// as this may cause a use-after-free on shutdown. // as this may cause a use-after-free on shutdown.
~GuardedPoolAllocator() = default; ~GuardedPoolAllocator() = default;
// Initialise the rest of the members of this class. Create the allocation // Initialise the rest of the members of this class. Create the allocation
// pool using the provided options. See options.inc for runtime configuration // pool using the provided options. See options.inc for runtime configuration
// options. // options.
void init(const options::Options &Opts); void init(const options::Options &Opts);
void uninitTestOnly(); void uninitTestOnly();
// Functions exported for libmemunreachable's use on Android. disable()
// installs a lock in the allocator that prevents any thread from being able
// to allocate memory, until enable() is called.
void disable(); void disable();
void enable(); void enable();
typedef void (*iterate_callback)(uintptr_t base, size_t size, void *arg); typedef void (*iterate_callback)(uintptr_t base, size_t size, void *arg);
// Execute the callback Cb for every allocation the lies in [Base, Base + Size). // Execute the callback Cb for every allocation the lies in [Base, Base +
// Must be called while the allocator is disabled. The callback can not // Size). Must be called while the allocator is disabled. The callback can not
// allocate. // allocate.
void iterate(void *Base, size_t Size, iterate_callback Cb, void *Arg); void iterate(void *Base, size_t Size, iterate_callback Cb, void *Arg);
// This function is used to signal the allocator to indefinitely stop
// functioning, as a crash has occurred. This stops the allocator from
// servicing any further allocations permanently.
void stop();
eugenisUnsubmitted
Done
ReplyInline Actions

Tries to stop. Not very hard.
If we really wanted to, we could make the mutex recursive.

eugenis: Tries to stop. Not very hard. If we really wanted to, we could make the mutex recursive.
hctimAuthorUnsubmitted
Done
ReplyInline Actions

We need something to set RecursiveGuard = true in the in-process crash handler. The tryLock is mostly there as a best-effort as we might take some time uncompressing traces/getting the access backtrace, and it reduces the chance of our metadata getting corrupted.

Not sure what we could do to stop harder here :(

hctim: We need something to set `RecursiveGuard = true` in the in-process crash handler. The `tryLock`…
// Return whether the allocation should be randomly chosen for sampling. // Return whether the allocation should be randomly chosen for sampling.
GWP_ASAN_ALWAYS_INLINE bool shouldSample() { GWP_ASAN_ALWAYS_INLINE bool shouldSample() {
// NextSampleCounter == 0 means we "should regenerate the counter". // NextSampleCounter == 0 means we "should regenerate the counter".
// == 1 means we "should sample this allocation". // == 1 means we "should sample this allocation".
// AdjustedSampleRatePlusOne is designed to intentionally underflow. This // AdjustedSampleRatePlusOne is designed to intentionally underflow. This
// class must be valid when zero-initialised, and we wish to sample as // class must be valid when zero-initialised, and we wish to sample as
// infrequently as possible when this is the case, hence we underflow to // infrequently as possible when this is the case, hence we underflow to
hctimAuthorUnsubmitted
Done
ReplyInline Actions

These functions and members are pulled out of GuardedPoolAllocator.

hctim: These functions and members are pulled out of `GuardedPoolAllocator`.
// UINT32_MAX. // UINT32_MAX.
if (GWP_ASAN_UNLIKELY(ThreadLocals.NextSampleCounter == 0)) if (GWP_ASAN_UNLIKELY(ThreadLocals.NextSampleCounter == 0))
ThreadLocals.NextSampleCounter = ThreadLocals.NextSampleCounter =
(getRandomUnsigned32() % (AdjustedSampleRatePlusOne - 1)) + 1; (getRandomUnsigned32() % (AdjustedSampleRatePlusOne - 1)) + 1;
return GWP_ASAN_UNLIKELY(--ThreadLocals.NextSampleCounter == 0); return GWP_ASAN_UNLIKELY(--ThreadLocals.NextSampleCounter == 0);
} }
// Returns whether the provided pointer is a current sampled allocation that // Returns whether the provided pointer is a current sampled allocation that
// is owned by this pool. // is owned by this pool.
GWP_ASAN_ALWAYS_INLINE bool pointerIsMine(const void *Ptr) const { GWP_ASAN_ALWAYS_INLINE bool pointerIsMine(const void *Ptr) const {
uintptr_t P = reinterpret_cast<uintptr_t>(Ptr); return State.pointerIsMine(Ptr);
return P < GuardedPagePoolEnd && GuardedPagePool <= P;
} }
// Allocate memory in a guarded slot, and return a pointer to the new // Allocate memory in a guarded slot, and return a pointer to the new
// allocation. Returns nullptr if the pool is empty, the requested size is too // allocation. Returns nullptr if the pool is empty, the requested size is too
// large for this pool to handle, or the requested size is zero. // large for this pool to handle, or the requested size is zero.
void *allocate(size_t Size); void *allocate(size_t Size);
// Deallocate memory in a guarded slot. The provided pointer must have been // Deallocate memory in a guarded slot. The provided pointer must have been
// allocated using this pool. This will set the guarded slot as inaccessible. // allocated using this pool. This will set the guarded slot as inaccessible.
void deallocate(void *Ptr); void deallocate(void *Ptr);
// Returns the size of the allocation at Ptr. // Returns the size of the allocation at Ptr.
size_t getSize(const void *Ptr); size_t getSize(const void *Ptr);
// Returns the largest allocation that is supported by this pool. Any // Returns a pointer to the Metadata region, or nullptr if it doesn't exist.
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Moved into AllocatorState.

hctim: Moved into `AllocatorState`.
// allocations larger than this should go to the regular system allocator. const AllocationMetadata *getMetadataRegion() const { return Metadata; }
size_t maximumAllocationSize() const;
// Returns a pointer to the AllocatorState region.
// Dumps an error report (including allocation and deallocation stack traces). const AllocatorState *getAllocatorState() const { return &State; }
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Removed in favour of new crash handler API.

hctim: Removed in favour of new crash handler API.
// An optional error may be provided if the caller knows what the error is
// ahead of time. This is primarily a helper function to locate the static
// singleton pointer and call the internal version of this function. This
// method is never thread safe, and should only be called when fatal errors
// occur.
static void reportError(uintptr_t AccessPtr, Error E = Error::UNKNOWN);
// Get the current thread ID, or kInvalidThreadID if failure. Note: This
// implementation is platform-specific.
static uint64_t getThreadID();
private: private:
// Name of actively-occupied slot mappings. // Name of actively-occupied slot mappings.
static constexpr const char *kGwpAsanAliveSlotName = "GWP-ASan Alive Slot"; static constexpr const char *kGwpAsanAliveSlotName = "GWP-ASan Alive Slot";
// Name of the guard pages. This includes all slots that are not actively in // Name of the guard pages. This includes all slots that are not actively in
// use (i.e. were never used, or have been free()'d).) // use (i.e. were never used, or have been free()'d).)
static constexpr const char *kGwpAsanGuardPageName = "GWP-ASan Guard Page"; static constexpr const char *kGwpAsanGuardPageName = "GWP-ASan Guard Page";
// Name of the mapping for `FreeSlots`. // Name of the mapping for `FreeSlots`.
Show All 14 Linesprivate:
void unmapMemory(void *Ptr, size_t Size, const char *Name) const; void unmapMemory(void *Ptr, size_t Size, const char *Name) const;
void markReadWrite(void *Ptr, size_t Size, const char *Name) const; void markReadWrite(void *Ptr, size_t Size, const char *Name) const;
void markInaccessible(void *Ptr, size_t Size, const char *Name) const; void markInaccessible(void *Ptr, size_t Size, const char *Name) const;
// Get the page size from the platform-specific implementation. Only needs to // Get the page size from the platform-specific implementation. Only needs to
// be called once, and the result should be cached in PageSize in this class. // be called once, and the result should be cached in PageSize in this class.
static size_t getPlatformPageSize(); static size_t getPlatformPageSize();
// Install the SIGSEGV crash handler for printing use-after-free and heap-
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Installation of segv is now in optional/crash_handler.h.

hctim: Installation of segv is now in `optional/crash_handler.h`.
// buffer-{under|over}flow exceptions. This is platform specific as even
// though POSIX and Windows both support registering handlers through
// signal(), we have to use platform-specific signal handlers to obtain the
// address that caused the SIGSEGV exception.
static void installSignalHandlers();
static void uninstallSignalHandlers();
// Returns the index of the slot that this pointer resides in. If the pointer
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Functions moved into AllocatorState.

hctim: Functions moved into `AllocatorState`.
// is not owned by this pool, the result is undefined.
size_t addrToSlot(uintptr_t Ptr) const;
// Returns the address of the N-th guarded slot.
uintptr_t slotToAddr(size_t N) const;
// Returns a pointer to the metadata for the owned pointer. If the pointer is // Returns a pointer to the metadata for the owned pointer. If the pointer is
// not owned by this pool, the result is undefined. // not owned by this pool, the result is undefined.
AllocationMetadata *addrToMetadata(uintptr_t Ptr) const; AllocationMetadata *addrToMetadata(uintptr_t Ptr) const;
// Returns the address of the page that this pointer resides in.
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Functions moved into AllocatorState.

hctim: Functions moved into `AllocatorState`.
uintptr_t getPageAddr(uintptr_t Ptr) const;
// Gets the nearest slot to the provided address.
size_t getNearestSlot(uintptr_t Ptr) const;
// Returns whether the provided pointer is a guard page or not. The pointer
// must be within memory owned by this pool, else the result is undefined.
bool isGuardPage(uintptr_t Ptr) const;
// Reserve a slot for a new guarded allocation. Returns kInvalidSlotID if no // Reserve a slot for a new guarded allocation. Returns kInvalidSlotID if no
// slot is available to be reserved. // slot is available to be reserved.
size_t reserveSlot(); size_t reserveSlot();
// Unreserve the guarded slot. // Unreserve the guarded slot.
void freeSlot(size_t SlotIndex); void freeSlot(size_t SlotIndex);
// Returns the offset (in bytes) between the start of a guarded slot and where // Returns the offset (in bytes) between the start of a guarded slot and where
// the start of the allocation should take place. Determined using the size of // the start of the allocation should take place. Determined using the size of
// the allocation and the options provided at init-time. // the allocation and the options provided at init-time.
uintptr_t allocationSlotOffset(size_t AllocationSize) const; uintptr_t allocationSlotOffset(size_t AllocationSize) const;
// Returns the diagnosis for an unknown error. If the diagnosis is not // Raise a SEGV and set the corresponding fields in the Allocator's State in
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Deprecated in favour of new crash handler.

hctim: Deprecated in favour of new crash handler.
// Error::INVALID_FREE or Error::UNKNOWN, the metadata for the slot // order to tell the crash handler what happened. Used when errors are
// responsible for the error is placed in *Meta. // detected internally (Double Free, Invalid Free).
eugenisUnsubmitted
Done
ReplyInline Actions

internally

eugenis: internally
Error diagnoseUnknownError(uintptr_t AccessPtr, AllocationMetadata **Meta); void trapOnAddress(uintptr_t Address, Error E);
void reportErrorInternal(uintptr_t AccessPtr, Error E);
static GuardedPoolAllocator *getSingleton(); static GuardedPoolAllocator *getSingleton();
// Install a pthread_atfork handler. // Install a pthread_atfork handler.
void installAtFork(); void installAtFork();
// Cached page size for this system in bytes. gwp_asan::AllocatorState State;
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Members (and below) moved into AllocatorState.

hctim: Members (and below) moved into `AllocatorState`.
size_t PageSize = 0;
// A mutex to protect the guarded slot and metadata pool for this class. // A mutex to protect the guarded slot and metadata pool for this class.
Mutex PoolMutex; Mutex PoolMutex;
// The number of guarded slots that this pool holds.
size_t MaxSimultaneousAllocations = 0;
// Record the number allocations that we've sampled. We store this amount so // Record the number allocations that we've sampled. We store this amount so
// that we don't randomly choose to recycle a slot that previously had an // that we don't randomly choose to recycle a slot that previously had an
// allocation before all the slots have been utilised. // allocation before all the slots have been utilised.
size_t NumSampledAllocations = 0; size_t NumSampledAllocations = 0;
// Pointer to the pool of guarded slots. Note that this points to the start of
// the pool (which is a guard page), not a pointer to the first guarded page.
uintptr_t GuardedPagePool = 0;
uintptr_t GuardedPagePoolEnd = 0;
// Pointer to the allocation metadata (allocation/deallocation stack traces), // Pointer to the allocation metadata (allocation/deallocation stack traces),
// if any. // if any.
AllocationMetadata *Metadata = nullptr; AllocationMetadata *Metadata = nullptr;
// Pointer to an array of free slot indexes. // Pointer to an array of free slot indexes.
size_t *FreeSlots = nullptr; size_t *FreeSlots = nullptr;
// The current length of the list of free slots. // The current length of the list of free slots.
size_t FreeSlotsLength = 0; size_t FreeSlotsLength = 0;
// See options.{h, inc} for more information. // See options.{h, inc} for more information.
bool PerfectlyRightAlign = false; bool PerfectlyRightAlign = false;
// Printf function supplied by the implementing allocator. We can't (in // Backtrace function provided by the supporting allocator. See `options.h`
hctimAuthorUnsubmitted
Done
ReplyInline Actions

We now don't store a Printf or PrintBacktrace function, as these are the crash handler's responsibility (and GPA no longer is responsible for handling crashes).

hctim: We now don't store a `Printf` or `PrintBacktrace` function, as these are the crash handler's…
// general) use printf() from the cstdlib as it may malloc(), causing infinite // for more information.
// recursion.
options::Printf_t Printf = nullptr;
options::Backtrace_t Backtrace = nullptr; options::Backtrace_t Backtrace = nullptr;
options::PrintBacktrace_t PrintBacktrace = nullptr;
// The adjusted sample rate for allocation sampling. Default *must* be // The adjusted sample rate for allocation sampling. Default *must* be
// nonzero, as dynamic initialisation may call malloc (e.g. from libstdc++) // nonzero, as dynamic initialisation may call malloc (e.g. from libstdc++)
// before GPA::init() is called. This would cause an error in shouldSample(), // before GPA::init() is called. This would cause an error in shouldSample(),
// where we would calculate modulo zero. This value is set UINT32_MAX, as when // where we would calculate modulo zero. This value is set UINT32_MAX, as when
// GWP-ASan is disabled, we wish to never spend wasted cycles recalculating // GWP-ASan is disabled, we wish to never spend wasted cycles recalculating
// the sample rate. // the sample rate.
uint32_t AdjustedSampleRatePlusOne = 0; uint32_t AdjustedSampleRatePlusOne = 0;
Show All 21 Lines

compiler-rt/lib/gwp_asan/guarded_pool_allocator.cpp

//===-- guarded_pool_allocator.cpp ------------------------------*- C++ -*-===// //===-- guarded_pool_allocator.cpp ------------------------------*- C++ -*-===//
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Most of the changes in this file are /s/MyMember/State.MyMember

hctim: Most of the changes in this file are `/s/MyMember/State.MyMember`
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "gwp_asan/guarded_pool_allocator.h" #include "gwp_asan/guarded_pool_allocator.h"
#include "gwp_asan/options.h" #include "gwp_asan/options.h"
#include "gwp_asan/utilities.h"
#include "optional/segv_handler.h"
// RHEL creates the PRIu64 format macro (for printing uint64_t's) only when this // RHEL creates the PRIu64 format macro (for printing uint64_t's) only when this
// macro is defined before including <inttypes.h>. // macro is defined before including <inttypes.h>.
#ifndef __STDC_FORMAT_MACROS #ifndef __STDC_FORMAT_MACROS
#define __STDC_FORMAT_MACROS 1 #define __STDC_FORMAT_MACROS 1
#endif #endif
#include <assert.h> #include <assert.h>
#include <inttypes.h> #include <inttypes.h>
#include <signal.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <time.h> #include <time.h>
using AllocationMetadata = gwp_asan::GuardedPoolAllocator::AllocationMetadata; using AllocationMetadata = gwp_asan::AllocationMetadata;
using Error = gwp_asan::GuardedPoolAllocator::Error; using Error = gwp_asan::Error;
namespace gwp_asan { namespace gwp_asan {
namespace { namespace {
// Forward declare the pointer to the singleton version of this class. // Forward declare the pointer to the singleton version of this class.
// Instantiated during initialisation, this allows the signal handler // Instantiated during initialisation, this allows the signal handler
// to find this class in order to deduce the root cause of failures. Must not be // to find this class in order to deduce the root cause of failures. Must not be
// referenced by users outside this translation unit, in order to avoid // referenced by users outside this translation unit, in order to avoid
// init-order-fiasco. // init-order-fiasco.
GuardedPoolAllocator *SingletonPtr = nullptr; GuardedPoolAllocator *SingletonPtr = nullptr;
class ScopedBoolean { class ScopedBoolean {
public: public:
ScopedBoolean(bool &B) : Bool(B) { Bool = true; } ScopedBoolean(bool &B) : Bool(B) { Bool = true; }
~ScopedBoolean() { Bool = false; } ~ScopedBoolean() { Bool = false; }
private: private:
bool &Bool; bool &Bool;
}; };
void defaultPrintStackTrace(uintptr_t *Trace, size_t TraceLength,
options::Printf_t Printf) {
if (TraceLength == 0)
Printf(" <unknown (does your allocator support backtracing?)>\n");
for (size_t i = 0; i < TraceLength; ++i) {
Printf(" #%zu 0x%zx in <unknown>\n", i, Trace[i]);
}
Printf("\n");
}
} // anonymous namespace } // anonymous namespace
// Gets the singleton implementation of this class. Thread-compatible until // Gets the singleton implementation of this class. Thread-compatible until
// init() is called, thread-safe afterwards. // init() is called, thread-safe afterwards.
GuardedPoolAllocator *GuardedPoolAllocator::getSingleton() { GuardedPoolAllocator *GuardedPoolAllocator::getSingleton() {
return SingletonPtr; return SingletonPtr;
} }
void GuardedPoolAllocator::AllocationMetadata::RecordAllocation(
uintptr_t AllocAddr, size_t AllocSize, options::Backtrace_t Backtrace) {
Addr = AllocAddr;
Size = AllocSize;
IsDeallocated = false;
// TODO(hctim): Ask the caller to provide the thread ID, so we don't waste
// other thread's time getting the thread ID under lock.
AllocationTrace.ThreadID = getThreadID();
AllocationTrace.TraceSize = 0;
DeallocationTrace.TraceSize = 0;
DeallocationTrace.ThreadID = kInvalidThreadID;
if (Backtrace) {
uintptr_t UncompressedBuffer[kMaxTraceLengthToCollect];
size_t BacktraceLength =
Backtrace(UncompressedBuffer, kMaxTraceLengthToCollect);
AllocationTrace.TraceSize = compression::pack(
UncompressedBuffer, BacktraceLength, AllocationTrace.CompressedTrace,
kStackFrameStorageBytes);
}
}
void GuardedPoolAllocator::AllocationMetadata::RecordDeallocation(
options::Backtrace_t Backtrace) {
IsDeallocated = true;
// Ensure that the unwinder is not called if the recursive flag is set,
// otherwise non-reentrant unwinders may deadlock.
DeallocationTrace.TraceSize = 0;
if (Backtrace && !ThreadLocals.RecursiveGuard) {
ScopedBoolean B(ThreadLocals.RecursiveGuard);
uintptr_t UncompressedBuffer[kMaxTraceLengthToCollect];
size_t BacktraceLength =
Backtrace(UncompressedBuffer, kMaxTraceLengthToCollect);
DeallocationTrace.TraceSize = compression::pack(
UncompressedBuffer, BacktraceLength, DeallocationTrace.CompressedTrace,
kStackFrameStorageBytes);
}
DeallocationTrace.ThreadID = getThreadID();
}
void GuardedPoolAllocator::init(const options::Options &Opts) { void GuardedPoolAllocator::init(const options::Options &Opts) {
eugenisUnsubmitted
Done
ReplyInline Actions

If you move backtrace collection (but maybe not compression) to the caller, you can get rid of the ugly passing-by-reference of RecursiveGuard.

eugenis: If you move backtrace collection (but maybe not compression) to the caller, you can get rid of…
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Refactored a little here.

hctim: Refactored a little here.
// Note: We return from the constructor here if GWP-ASan is not available. // Note: We return from the constructor here if GWP-ASan is not available.
// This will stop heap-allocation of class members, as well as mmap() of the // This will stop heap-allocation of class members, as well as mmap() of the
// guarded slots. // guarded slots.
if (!Opts.Enabled || Opts.SampleRate == 0 || if (!Opts.Enabled || Opts.SampleRate == 0 ||
Opts.MaxSimultaneousAllocations == 0) Opts.MaxSimultaneousAllocations == 0)
return; return;
if (Opts.SampleRate < 0) { Check(Opts.SampleRate >= 0, "GWP-ASan Error: SampleRate is < 0.");
hctimAuthorUnsubmitted
Done
ReplyInline Actions

No Printf maintained internally any more, so we assert and trap instead.

hctim: No `Printf` maintained internally any more, so we assert and trap instead.
eugenisUnsubmitted
Done
ReplyInline Actions

why do you need trap after assert?

Factor out CHECK() implemented (on Android) as set_abort_message() + abort?

eugenis: why do you need trap after assert? Factor out CHECK() implemented (on Android) as…
hctimAuthorUnsubmitted
Done
ReplyInline Actions

In case of -DNDEBUG.

Done.

hctim: In case of `-DNDEBUG`. Done.
Opts.Printf("GWP-ASan Error: SampleRate is < 0.\n"); Check(Opts.SampleRate <= INT32_MAX, "GWP-ASan Error: SampleRate is > 2^31.");
exit(EXIT_FAILURE); Check(Opts.MaxSimultaneousAllocations >= 0,
} "GWP-ASan Error: MaxSimultaneousAllocations is < 0.");
if (Opts.SampleRate > INT32_MAX) {
Opts.Printf("GWP-ASan Error: SampleRate is > 2^31.\n");
exit(EXIT_FAILURE);
}
if (Opts.MaxSimultaneousAllocations < 0) {
Opts.Printf("GWP-ASan Error: MaxSimultaneousAllocations is < 0.\n");
exit(EXIT_FAILURE);
}
SingletonPtr = this; SingletonPtr = this;
Backtrace = Opts.Backtrace;
MaxSimultaneousAllocations = Opts.MaxSimultaneousAllocations; State.MaxSimultaneousAllocations = Opts.MaxSimultaneousAllocations;
PageSize = getPlatformPageSize(); State.PageSize = getPlatformPageSize();
PerfectlyRightAlign = Opts.PerfectlyRightAlign; PerfectlyRightAlign = Opts.PerfectlyRightAlign;
Printf = Opts.Printf;
Backtrace = Opts.Backtrace;
if (Opts.PrintBacktrace)
PrintBacktrace = Opts.PrintBacktrace;
else
PrintBacktrace = defaultPrintStackTrace;
size_t PoolBytesRequired = size_t PoolBytesRequired =
PageSize * (1 + MaxSimultaneousAllocations) + State.PageSize * (1 + State.MaxSimultaneousAllocations) +
MaxSimultaneousAllocations * maximumAllocationSize(); State.MaxSimultaneousAllocations * State.maximumAllocationSize();
void *GuardedPoolMemory = mapMemory(PoolBytesRequired, kGwpAsanGuardPageName); void *GuardedPoolMemory = mapMemory(PoolBytesRequired, kGwpAsanGuardPageName);
size_t BytesRequired = MaxSimultaneousAllocations * sizeof(*Metadata); size_t BytesRequired = State.MaxSimultaneousAllocations * sizeof(*Metadata);
Metadata = reinterpret_cast<AllocationMetadata *>( Metadata = reinterpret_cast<AllocationMetadata *>(
mapMemory(BytesRequired, kGwpAsanMetadataName)); mapMemory(BytesRequired, kGwpAsanMetadataName));
markReadWrite(Metadata, BytesRequired, kGwpAsanMetadataName); markReadWrite(Metadata, BytesRequired, kGwpAsanMetadataName);
// Allocate memory and set up the free pages queue. // Allocate memory and set up the free pages queue.
BytesRequired = MaxSimultaneousAllocations * sizeof(*FreeSlots); BytesRequired = State.MaxSimultaneousAllocations * sizeof(*FreeSlots);
FreeSlots = reinterpret_cast<size_t *>( FreeSlots = reinterpret_cast<size_t *>(
mapMemory(BytesRequired, kGwpAsanFreeSlotsName)); mapMemory(BytesRequired, kGwpAsanFreeSlotsName));
markReadWrite(FreeSlots, BytesRequired, kGwpAsanFreeSlotsName); markReadWrite(FreeSlots, BytesRequired, kGwpAsanFreeSlotsName);
// Multiply the sample rate by 2 to give a good, fast approximation for (1 / // Multiply the sample rate by 2 to give a good, fast approximation for (1 /
// SampleRate) chance of sampling. // SampleRate) chance of sampling.
if (Opts.SampleRate != 1) if (Opts.SampleRate != 1)
AdjustedSampleRatePlusOne = static_cast<uint32_t>(Opts.SampleRate) * 2 + 1; AdjustedSampleRatePlusOne = static_cast<uint32_t>(Opts.SampleRate) * 2 + 1;
else else
AdjustedSampleRatePlusOne = 2; AdjustedSampleRatePlusOne = 2;
ThreadLocals.NextSampleCounter = ThreadLocals.NextSampleCounter =
(getRandomUnsigned32() % (AdjustedSampleRatePlusOne - 1)) + 1; (getRandomUnsigned32() % (AdjustedSampleRatePlusOne - 1)) + 1;
GuardedPagePool = reinterpret_cast<uintptr_t>(GuardedPoolMemory); State.GuardedPagePool = reinterpret_cast<uintptr_t>(GuardedPoolMemory);
GuardedPagePoolEnd = State.GuardedPagePoolEnd =
reinterpret_cast<uintptr_t>(GuardedPoolMemory) + PoolBytesRequired; reinterpret_cast<uintptr_t>(GuardedPoolMemory) + PoolBytesRequired;
// Ensure that signal handlers are installed as late as possible, as the class
// is not thread-safe until init() is finished, and thus a SIGSEGV may cause a
// race to members if received during init().
if (Opts.InstallSignalHandlers)
installSignalHandlers();
if (Opts.InstallForkHandlers) if (Opts.InstallForkHandlers)
installAtFork(); installAtFork();
} }
void GuardedPoolAllocator::disable() { PoolMutex.lock(); } void GuardedPoolAllocator::disable() { PoolMutex.lock(); }
void GuardedPoolAllocator::enable() { PoolMutex.unlock(); } void GuardedPoolAllocator::enable() { PoolMutex.unlock(); }
void GuardedPoolAllocator::iterate(void *Base, size_t Size, iterate_callback Cb, void GuardedPoolAllocator::iterate(void *Base, size_t Size, iterate_callback Cb,
void *Arg) { void *Arg) {
uintptr_t Start = reinterpret_cast<uintptr_t>(Base); uintptr_t Start = reinterpret_cast<uintptr_t>(Base);
for (size_t i = 0; i < MaxSimultaneousAllocations; ++i) { for (size_t i = 0; i < State.MaxSimultaneousAllocations; ++i) {
const AllocationMetadata &Meta = Metadata[i]; const AllocationMetadata &Meta = Metadata[i];
if (Meta.Addr && !Meta.IsDeallocated && Meta.Addr >= Start && if (Meta.Addr && !Meta.IsDeallocated && Meta.Addr >= Start &&
Meta.Addr < Start + Size) Meta.Addr < Start + Size)
Cb(Meta.Addr, Meta.Size, Arg); Cb(Meta.Addr, Meta.Size, Arg);
} }
} }
void GuardedPoolAllocator::uninitTestOnly() { void GuardedPoolAllocator::uninitTestOnly() {
if (GuardedPagePool) { if (State.GuardedPagePool) {
unmapMemory(reinterpret_cast<void *>(GuardedPagePool), unmapMemory(reinterpret_cast<void *>(State.GuardedPagePool),
GuardedPagePoolEnd - GuardedPagePool, kGwpAsanGuardPageName); State.GuardedPagePoolEnd - State.GuardedPagePool,
GuardedPagePool = 0; kGwpAsanGuardPageName);
GuardedPagePoolEnd = 0; State.GuardedPagePool = 0;
State.GuardedPagePoolEnd = 0;
} }
if (Metadata) { if (Metadata) {
unmapMemory(Metadata, MaxSimultaneousAllocations * sizeof(*Metadata), unmapMemory(Metadata, State.MaxSimultaneousAllocations * sizeof(*Metadata),
kGwpAsanMetadataName); kGwpAsanMetadataName);
Metadata = nullptr; Metadata = nullptr;
} }
if (FreeSlots) { if (FreeSlots) {
unmapMemory(FreeSlots, MaxSimultaneousAllocations * sizeof(*FreeSlots), unmapMemory(FreeSlots,
State.MaxSimultaneousAllocations * sizeof(*FreeSlots),
kGwpAsanFreeSlotsName); kGwpAsanFreeSlotsName);
FreeSlots = nullptr; FreeSlots = nullptr;
} }
uninstallSignalHandlers(); }
static uintptr_t getPageAddr(uintptr_t Ptr, uintptr_t PageSize) {
return Ptr & ~(PageSize - 1);
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Used to be a member function (GPA::getPageAddr()), but shouldn't be.

hctim: Used to be a member function (`GPA::getPageAddr()`), but shouldn't be.
eugenisUnsubmitted
Done
ReplyInline Actions

if init() does not set the signal handlers, maybe uninit should not remove them.
Also, weak declarations are not very portable.

eugenis: if init() does not set the signal handlers, maybe uninit should not remove them. Also, weak…
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Removed it, and updated the tests elsewhere.

hctim: Removed it, and updated the tests elsewhere.
} }
void *GuardedPoolAllocator::allocate(size_t Size) { void *GuardedPoolAllocator::allocate(size_t Size) {
// GuardedPagePoolEnd == 0 when GWP-ASan is disabled. If we are disabled, fall // GuardedPagePoolEnd == 0 when GWP-ASan is disabled. If we are disabled, fall
// back to the supporting allocator. // back to the supporting allocator.
if (GuardedPagePoolEnd == 0) if (State.GuardedPagePoolEnd == 0)
return nullptr; return nullptr;
// Protect against recursivity. // Protect against recursivity.
if (ThreadLocals.RecursiveGuard) if (ThreadLocals.RecursiveGuard)
return nullptr; return nullptr;
ScopedBoolean SB(ThreadLocals.RecursiveGuard); ScopedBoolean SB(ThreadLocals.RecursiveGuard);
if (Size == 0 || Size > maximumAllocationSize()) if (Size == 0 || Size > State.maximumAllocationSize())
return nullptr; return nullptr;
size_t Index; size_t Index;
{ {
ScopedLock L(PoolMutex); ScopedLock L(PoolMutex);
Index = reserveSlot(); Index = reserveSlot();
} }
if (Index == kInvalidSlotID) if (Index == kInvalidSlotID)
return nullptr; return nullptr;
uintptr_t Ptr = slotToAddr(Index); uintptr_t Ptr = State.slotToAddr(Index);
Ptr += allocationSlotOffset(Size); Ptr += allocationSlotOffset(Size);
AllocationMetadata *Meta = addrToMetadata(Ptr); AllocationMetadata *Meta = addrToMetadata(Ptr);
// If a slot is multiple pages in size, and the allocation takes up a single // If a slot is multiple pages in size, and the allocation takes up a single
// page, we can improve overflow detection by leaving the unused pages as // page, we can improve overflow detection by leaving the unused pages as
// unmapped. // unmapped.
markReadWrite(reinterpret_cast<void *>(getPageAddr(Ptr)), Size, markReadWrite(reinterpret_cast<void *>(getPageAddr(Ptr, State.PageSize)),
kGwpAsanAliveSlotName); Size, kGwpAsanAliveSlotName);
Meta->RecordAllocation(Ptr, Size, Backtrace); Meta->RecordAllocation(Ptr, Size);
Meta->AllocationTrace.RecordBacktrace(Backtrace);
return reinterpret_cast<void *>(Ptr); return reinterpret_cast<void *>(Ptr);
} }
void GuardedPoolAllocator::trapOnAddress(uintptr_t Address, Error E) {
State.FailureType = E;
State.FailureAddress = Address;
// Raise a SEGV by touching first guard page.
volatile char *p = reinterpret_cast<char*>(State.GuardedPagePool);
eugenisUnsubmitted
Done
ReplyInline Actions

Could be simply the first guard page at *GuardPagePool. Does not really matter.

eugenis: Could be simply the first guard page at *GuardPagePool. Does not really matter.
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Sure. Done.

hctim: Sure. Done.
*p = 0;
eugenisUnsubmitted
Done
ReplyInline Actions

Touch memory in a guard page instead.
This will produce the same type of failure the fault handler is catching, which could be different from raise(SIGSEGV) (which is also posix-only).

eugenis: Touch memory in a guard page instead. This will produce the same type of failure the fault…
__builtin_unreachable();
}
void GuardedPoolAllocator::stop() {
ThreadLocals.RecursiveGuard = true;
PoolMutex.tryLock();
}
void GuardedPoolAllocator::deallocate(void *Ptr) { void GuardedPoolAllocator::deallocate(void *Ptr) {
assert(pointerIsMine(Ptr) && "Pointer is not mine!"); assert(pointerIsMine(Ptr) && "Pointer is not mine!");
uintptr_t UPtr = reinterpret_cast<uintptr_t>(Ptr); uintptr_t UPtr = reinterpret_cast<uintptr_t>(Ptr);
uintptr_t SlotStart = slotToAddr(addrToSlot(UPtr)); size_t Slot = State.getNearestSlot(UPtr);
uintptr_t SlotStart = State.slotToAddr(Slot);
AllocationMetadata *Meta = addrToMetadata(UPtr); AllocationMetadata *Meta = addrToMetadata(UPtr);
if (Meta->Addr != UPtr) { if (Meta->Addr != UPtr) {
reportError(UPtr, Error::INVALID_FREE); // If multiple errors occur at the same time, use the first one.
exit(EXIT_FAILURE); ScopedLock L(PoolMutex);
trapOnAddress(UPtr, Error::INVALID_FREE);
} }
// Intentionally scope the mutex here, so that other threads can access the // Intentionally scope the mutex here, so that other threads can access the
// pool during the expensive markInaccessible() call. // pool during the expensive markInaccessible() call.
{ {
ScopedLock L(PoolMutex); ScopedLock L(PoolMutex);
if (Meta->IsDeallocated) { if (Meta->IsDeallocated) {
reportError(UPtr, Error::DOUBLE_FREE); trapOnAddress(UPtr, Error::DOUBLE_FREE);
exit(EXIT_FAILURE);
} }
// Ensure that the deallocation is recorded before marking the page as // Ensure that the deallocation is recorded before marking the page as
// inaccessible. Otherwise, a racy use-after-free will have inconsistent // inaccessible. Otherwise, a racy use-after-free will have inconsistent
// metadata. // metadata.
Meta->RecordDeallocation(Backtrace); Meta->RecordDeallocation();
// Ensure that the unwinder is not called if the recursive flag is set,
// otherwise non-reentrant unwinders may deadlock.
if (!ThreadLocals.RecursiveGuard) {
ScopedBoolean B(ThreadLocals.RecursiveGuard);
Meta->DeallocationTrace.RecordBacktrace(Backtrace);
}
} }
markInaccessible(reinterpret_cast<void *>(SlotStart), maximumAllocationSize(), markInaccessible(reinterpret_cast<void *>(SlotStart),
kGwpAsanGuardPageName); State.maximumAllocationSize(), kGwpAsanGuardPageName);
// And finally, lock again to release the slot back into the pool. // And finally, lock again to release the slot back into the pool.
ScopedLock L(PoolMutex); ScopedLock L(PoolMutex);
freeSlot(addrToSlot(UPtr)); freeSlot(Slot);
} }
size_t GuardedPoolAllocator::getSize(const void *Ptr) { size_t GuardedPoolAllocator::getSize(const void *Ptr) {
assert(pointerIsMine(Ptr)); assert(pointerIsMine(Ptr));
ScopedLock L(PoolMutex); ScopedLock L(PoolMutex);
AllocationMetadata *Meta = addrToMetadata(reinterpret_cast<uintptr_t>(Ptr)); AllocationMetadata *Meta = addrToMetadata(reinterpret_cast<uintptr_t>(Ptr));
assert(Meta->Addr == reinterpret_cast<uintptr_t>(Ptr)); assert(Meta->Addr == reinterpret_cast<uintptr_t>(Ptr));
return Meta->Size; return Meta->Size;
} }
size_t GuardedPoolAllocator::maximumAllocationSize() const { return PageSize; }
AllocationMetadata *GuardedPoolAllocator::addrToMetadata(uintptr_t Ptr) const { AllocationMetadata *GuardedPoolAllocator::addrToMetadata(uintptr_t Ptr) const {
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Slight functional change, addrToMetadata used to be implemented differently.

hctim: Slight functional change, `addrToMetadata` used to be implemented differently.
return &Metadata[addrToSlot(Ptr)]; return &Metadata[State.getNearestSlot(Ptr)];
}
size_t GuardedPoolAllocator::addrToSlot(uintptr_t Ptr) const {
assert(pointerIsMine(reinterpret_cast<void *>(Ptr)));
size_t ByteOffsetFromPoolStart = Ptr - GuardedPagePool;
return ByteOffsetFromPoolStart / (maximumAllocationSize() + PageSize);
}
uintptr_t GuardedPoolAllocator::slotToAddr(size_t N) const {
return GuardedPagePool + (PageSize * (1 + N)) + (maximumAllocationSize() * N);
}
uintptr_t GuardedPoolAllocator::getPageAddr(uintptr_t Ptr) const {
assert(pointerIsMine(reinterpret_cast<void *>(Ptr)));
return Ptr & ~(static_cast<uintptr_t>(PageSize) - 1);
}
bool GuardedPoolAllocator::isGuardPage(uintptr_t Ptr) const {
assert(pointerIsMine(reinterpret_cast<void *>(Ptr)));
size_t PageOffsetFromPoolStart = (Ptr - GuardedPagePool) / PageSize;
size_t PagesPerSlot = maximumAllocationSize() / PageSize;
return (PageOffsetFromPoolStart % (PagesPerSlot + 1)) == 0;
} }
size_t GuardedPoolAllocator::reserveSlot() { size_t GuardedPoolAllocator::reserveSlot() {
// Avoid potential reuse of a slot before we have made at least a single // Avoid potential reuse of a slot before we have made at least a single
// allocation in each slot. Helps with our use-after-free detection. // allocation in each slot. Helps with our use-after-free detection.
if (NumSampledAllocations < MaxSimultaneousAllocations) if (NumSampledAllocations < State.MaxSimultaneousAllocations)
return NumSampledAllocations++; return NumSampledAllocations++;
if (FreeSlotsLength == 0) if (FreeSlotsLength == 0)
return kInvalidSlotID; return kInvalidSlotID;
size_t ReservedIndex = getRandomUnsigned32() % FreeSlotsLength; size_t ReservedIndex = getRandomUnsigned32() % FreeSlotsLength;
size_t SlotIndex = FreeSlots[ReservedIndex]; size_t SlotIndex = FreeSlots[ReservedIndex];
FreeSlots[ReservedIndex] = FreeSlots[--FreeSlotsLength]; FreeSlots[ReservedIndex] = FreeSlots[--FreeSlotsLength];
return SlotIndex; return SlotIndex;
} }
void GuardedPoolAllocator::freeSlot(size_t SlotIndex) { void GuardedPoolAllocator::freeSlot(size_t SlotIndex) {
assert(FreeSlotsLength < MaxSimultaneousAllocations); assert(FreeSlotsLength < State.MaxSimultaneousAllocations);
FreeSlots[FreeSlotsLength++] = SlotIndex; FreeSlots[FreeSlotsLength++] = SlotIndex;
} }
uintptr_t GuardedPoolAllocator::allocationSlotOffset(size_t Size) const { uintptr_t GuardedPoolAllocator::allocationSlotOffset(size_t Size) const {
assert(Size > 0); assert(Size > 0);
bool ShouldRightAlign = getRandomUnsigned32() % 2 == 0; bool ShouldRightAlign = getRandomUnsigned32() % 2 == 0;
if (!ShouldRightAlign) if (!ShouldRightAlign)
return 0; return 0;
uintptr_t Offset = maximumAllocationSize(); uintptr_t Offset = State.maximumAllocationSize();
if (!PerfectlyRightAlign) { if (!PerfectlyRightAlign) {
if (Size == 3) if (Size == 3)
Size = 4; Size = 4;
else if (Size > 4 && Size <= 8) else if (Size > 4 && Size <= 8)
Size = 8; Size = 8;
else if (Size > 8 && (Size % 16) != 0) else if (Size > 8 && (Size % 16) != 0)
Size += 16 - (Size % 16); Size += 16 - (Size % 16);
} }
Offset -= Size; Offset -= Size;
return Offset; return Offset;
} }
void GuardedPoolAllocator::reportError(uintptr_t AccessPtr, Error E) {
if (SingletonPtr)
SingletonPtr->reportErrorInternal(AccessPtr, E);
}
size_t GuardedPoolAllocator::getNearestSlot(uintptr_t Ptr) const {
if (Ptr <= GuardedPagePool + PageSize)
return 0;
if (Ptr > GuardedPagePoolEnd - PageSize)
return MaxSimultaneousAllocations - 1;
if (!isGuardPage(Ptr))
return addrToSlot(Ptr);
if (Ptr % PageSize <= PageSize / 2)
return addrToSlot(Ptr - PageSize); // Round down.
return addrToSlot(Ptr + PageSize); // Round up.
}
Error GuardedPoolAllocator::diagnoseUnknownError(uintptr_t AccessPtr,
AllocationMetadata **Meta) {
// Let's try and figure out what the source of this error is.
if (isGuardPage(AccessPtr)) {
size_t Slot = getNearestSlot(AccessPtr);
AllocationMetadata *SlotMeta = addrToMetadata(slotToAddr(Slot));
// Ensure that this slot was allocated once upon a time.
if (!SlotMeta->Addr)
return Error::UNKNOWN;
*Meta = SlotMeta;
if (SlotMeta->Addr < AccessPtr)
return Error::BUFFER_OVERFLOW;
return Error::BUFFER_UNDERFLOW;
}
// Access wasn't a guard page, check for use-after-free.
AllocationMetadata *SlotMeta = addrToMetadata(AccessPtr);
if (SlotMeta->IsDeallocated) {
*Meta = SlotMeta;
return Error::USE_AFTER_FREE;
}
// If we have reached here, the error is still unknown. There is no metadata
// available.
*Meta = nullptr;
return Error::UNKNOWN;
}
namespace {
// Prints the provided error and metadata information.
hctimAuthorUnsubmitted
Done
ReplyInline Actions

This code was moved (with some modifications) to crash_handler_posix.cpp.

hctim: This code was moved (with some modifications) to `crash_handler_posix.cpp`.
void printErrorType(Error E, uintptr_t AccessPtr, AllocationMetadata *Meta,
options::Printf_t Printf, uint64_t ThreadID) {
// Print using intermediate strings. Platforms like Android don't like when
// you print multiple times to the same line, as there may be a newline
// appended to a log file automatically per Printf() call.
const char *ErrorString;
switch (E) {
case Error::UNKNOWN:
ErrorString = "GWP-ASan couldn't automatically determine the source of "
"the memory error. It was likely caused by a wild memory "
"access into the GWP-ASan pool. The error occurred";
break;
case Error::USE_AFTER_FREE:
ErrorString = "Use after free";
break;
case Error::DOUBLE_FREE:
ErrorString = "Double free";
break;
case Error::INVALID_FREE:
ErrorString = "Invalid (wild) free";
break;
case Error::BUFFER_OVERFLOW:
ErrorString = "Buffer overflow";
break;
case Error::BUFFER_UNDERFLOW:
ErrorString = "Buffer underflow";
break;
}
constexpr size_t kDescriptionBufferLen = 128;
char DescriptionBuffer[kDescriptionBufferLen];
if (Meta) {
if (E == Error::USE_AFTER_FREE) {
snprintf(DescriptionBuffer, kDescriptionBufferLen,
"(%zu byte%s into a %zu-byte allocation at 0x%zx)",
AccessPtr - Meta->Addr, (AccessPtr - Meta->Addr == 1) ? "" : "s",
Meta->Size, Meta->Addr);
} else if (AccessPtr < Meta->Addr) {
snprintf(DescriptionBuffer, kDescriptionBufferLen,
"(%zu byte%s to the left of a %zu-byte allocation at 0x%zx)",
Meta->Addr - AccessPtr, (Meta->Addr - AccessPtr == 1) ? "" : "s",
Meta->Size, Meta->Addr);
} else if (AccessPtr > Meta->Addr) {
snprintf(DescriptionBuffer, kDescriptionBufferLen,
"(%zu byte%s to the right of a %zu-byte allocation at 0x%zx)",
AccessPtr - Meta->Addr, (AccessPtr - Meta->Addr == 1) ? "" : "s",
Meta->Size, Meta->Addr);
} else {
snprintf(DescriptionBuffer, kDescriptionBufferLen,
"(a %zu-byte allocation)", Meta->Size);
}
}
// Possible number of digits of a 64-bit number: ceil(log10(2^64)) == 20. Add
// a null terminator, and round to the nearest 8-byte boundary.
constexpr size_t kThreadBufferLen = 24;
char ThreadBuffer[kThreadBufferLen];
if (ThreadID == GuardedPoolAllocator::kInvalidThreadID)
snprintf(ThreadBuffer, kThreadBufferLen, "<unknown>");
else
snprintf(ThreadBuffer, kThreadBufferLen, "%" PRIu64, ThreadID);
Printf("%s at 0x%zx %s by thread %s here:\n", ErrorString, AccessPtr,
DescriptionBuffer, ThreadBuffer);
}
void printAllocDeallocTraces(uintptr_t AccessPtr, AllocationMetadata *Meta,
options::Printf_t Printf,
options::PrintBacktrace_t PrintBacktrace) {
assert(Meta != nullptr && "Metadata is non-null for printAllocDeallocTraces");
if (Meta->IsDeallocated) {
if (Meta->DeallocationTrace.ThreadID ==
GuardedPoolAllocator::kInvalidThreadID)
Printf("0x%zx was deallocated by thread <unknown> here:\n", AccessPtr);
else
Printf("0x%zx was deallocated by thread %zu here:\n", AccessPtr,
Meta->DeallocationTrace.ThreadID);
uintptr_t UncompressedTrace[AllocationMetadata::kMaxTraceLengthToCollect];
size_t UncompressedLength = compression::unpack(
Meta->DeallocationTrace.CompressedTrace,
Meta->DeallocationTrace.TraceSize, UncompressedTrace,
AllocationMetadata::kMaxTraceLengthToCollect);
PrintBacktrace(UncompressedTrace, UncompressedLength, Printf);
}
if (Meta->AllocationTrace.ThreadID == GuardedPoolAllocator::kInvalidThreadID)
Printf("0x%zx was allocated by thread <unknown> here:\n", Meta->Addr);
else
Printf("0x%zx was allocated by thread %zu here:\n", Meta->Addr,
Meta->AllocationTrace.ThreadID);
uintptr_t UncompressedTrace[AllocationMetadata::kMaxTraceLengthToCollect];
size_t UncompressedLength = compression::unpack(
Meta->AllocationTrace.CompressedTrace, Meta->AllocationTrace.TraceSize,
UncompressedTrace, AllocationMetadata::kMaxTraceLengthToCollect);
PrintBacktrace(UncompressedTrace, UncompressedLength, Printf);
}
struct ScopedEndOfReportDecorator {
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Code here (and below) moved to crash_handler_posix.cpp.

hctim: Code here (and below) moved to `crash_handler_posix.cpp`.
ScopedEndOfReportDecorator(options::Printf_t Printf) : Printf(Printf) {}
~ScopedEndOfReportDecorator() { Printf("*** End GWP-ASan report ***\n"); }
options::Printf_t Printf;
};
} // anonymous namespace
void GuardedPoolAllocator::reportErrorInternal(uintptr_t AccessPtr, Error E) {
if (!pointerIsMine(reinterpret_cast<void *>(AccessPtr))) {
return;
}
// Attempt to prevent races to re-use the same slot that triggered this error.
// This does not guarantee that there are no races, because another thread can
// take the locks during the time that the signal handler is being called.
PoolMutex.tryLock();
ThreadLocals.RecursiveGuard = true;
Printf("*** GWP-ASan detected a memory error ***\n");
ScopedEndOfReportDecorator Decorator(Printf);
AllocationMetadata *Meta = nullptr;
if (E == Error::UNKNOWN) {
E = diagnoseUnknownError(AccessPtr, &Meta);
} else {
size_t Slot = getNearestSlot(AccessPtr);
Meta = addrToMetadata(slotToAddr(Slot));
// Ensure that this slot has been previously allocated.
if (!Meta->Addr)
Meta = nullptr;
}
// Print the error information.
uint64_t ThreadID = getThreadID();
printErrorType(E, AccessPtr, Meta, Printf, ThreadID);
if (Backtrace) {
static constexpr unsigned kMaximumStackFramesForCrashTrace = 512;
uintptr_t Trace[kMaximumStackFramesForCrashTrace];
size_t TraceLength = Backtrace(Trace, kMaximumStackFramesForCrashTrace);
PrintBacktrace(Trace, TraceLength, Printf);
} else {
Printf(" <unknown (does your allocator support backtracing?)>\n\n");
}
if (Meta)
printAllocDeallocTraces(AccessPtr, Meta, Printf, PrintBacktrace);
}
GWP_ASAN_TLS_INITIAL_EXEC GWP_ASAN_TLS_INITIAL_EXEC
GuardedPoolAllocator::ThreadLocalPackedVariables GuardedPoolAllocator::ThreadLocalPackedVariables
GuardedPoolAllocator::ThreadLocals; GuardedPoolAllocator::ThreadLocals;
} // namespace gwp_asan } // namespace gwp_asan
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Start of implementation of new crash handler functions. All very simple implementation (just find the metadata, and then return data).

hctim: Start of implementation of new crash handler functions. All very simple implementation (just…

compiler-rt/lib/gwp_asan/optional/backtrace.h

//===-- backtrace.h ---------------------------------------------*- C++ -*-===// //===-- backtrace.h ---------------------------------------------*- C++ -*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef GWP_ASAN_OPTIONAL_BACKTRACE_H_ #ifndef GWP_ASAN_OPTIONAL_BACKTRACE_H_
#define GWP_ASAN_OPTIONAL_BACKTRACE_H_ #define GWP_ASAN_OPTIONAL_BACKTRACE_H_
#include "gwp_asan/optional/segv_handler.h"
#include "gwp_asan/options.h" #include "gwp_asan/options.h"
namespace gwp_asan { namespace gwp_asan {
namespace options { namespace options {
// Functions to get the platform-specific and implementation-specific backtrace // Functions to get the platform-specific and implementation-specific backtrace
// and backtrace printing functions when RTGwpAsanBacktraceLibc or // and backtrace printing functions when RTGwpAsanBacktraceLibc or
// RTGwpAsanBacktraceSanitizerCommon are linked. Use these functions to get the // RTGwpAsanBacktraceSanitizerCommon are linked. Use these functions to get the
// backtrace function for populating the Options::Backtrace and // backtrace function for populating the Options::Backtrace and
// Options::PrintBacktrace when initialising the GuardedPoolAllocator. Please // Options::PrintBacktrace when initialising the GuardedPoolAllocator. Please
// note any thread-safety descriptions for the implementation of these functions // note any thread-safety descriptions for the implementation of these functions
// that you use. // that you use.
Backtrace_t getBacktraceFunction(); Backtrace_t getBacktraceFunction();
PrintBacktrace_t getPrintBacktraceFunction(); crash_handler::PrintBacktrace_t getPrintBacktraceFunction();
} // namespace options } // namespace options
} // namespace gwp_asan } // namespace gwp_asan
#endif // GWP_ASAN_OPTIONAL_BACKTRACE_H_ #endif // GWP_ASAN_OPTIONAL_BACKTRACE_H_

compiler-rt/lib/gwp_asan/optional/backtrace_linux_libc.cpp

Show All 18 Lines
namespace { namespace {
size_t Backtrace(uintptr_t *TraceBuffer, size_t Size) { size_t Backtrace(uintptr_t *TraceBuffer, size_t Size) {
static_assert(sizeof(uintptr_t) == sizeof(void *), "uintptr_t is not void*"); static_assert(sizeof(uintptr_t) == sizeof(void *), "uintptr_t is not void*");
return backtrace(reinterpret_cast<void **>(TraceBuffer), Size); return backtrace(reinterpret_cast<void **>(TraceBuffer), Size);
} }
static void PrintBacktrace(uintptr_t *Trace, size_t TraceLength, static void PrintBacktrace(uintptr_t *Trace, size_t TraceLength,
gwp_asan::options::Printf_t Printf) { gwp_asan::crash_handler::Printf_t Printf) {
if (TraceLength == 0) { if (TraceLength == 0) {
Printf(" <not found (does your allocator support backtracing?)>\n\n"); Printf(" <not found (does your allocator support backtracing?)>\n\n");
return; return;
} }
char **BacktraceSymbols = char **BacktraceSymbols =
backtrace_symbols(reinterpret_cast<void **>(Trace), TraceLength); backtrace_symbols(reinterpret_cast<void **>(Trace), TraceLength);
for (size_t i = 0; i < TraceLength; ++i) { for (size_t i = 0; i < TraceLength; ++i) {
if (!BacktraceSymbols) if (!BacktraceSymbols)
Printf(" #%zu %p\n", i, Trace[i]); Printf(" #%zu %p\n", i, Trace[i]);
else else
Printf(" #%zu %s\n", i, BacktraceSymbols[i]); Printf(" #%zu %s\n", i, BacktraceSymbols[i]);
} }
Printf("\n"); Printf("\n");
if (BacktraceSymbols) if (BacktraceSymbols)
free(BacktraceSymbols); free(BacktraceSymbols);
} }
} // anonymous namespace } // anonymous namespace
namespace gwp_asan { namespace gwp_asan {
namespace options { namespace options {
Backtrace_t getBacktraceFunction() { return Backtrace; } Backtrace_t getBacktraceFunction() { return Backtrace; }
PrintBacktrace_t getPrintBacktraceFunction() { return PrintBacktrace; } crash_handler::PrintBacktrace_t getPrintBacktraceFunction() {
return PrintBacktrace;
}
} // namespace options } // namespace options
} // namespace gwp_asan } // namespace gwp_asan

compiler-rt/lib/gwp_asan/optional/backtrace_sanitizer_common.cpp

Show All 39 Lines Trace.Unwind((__sanitizer::uptr)__builtin_return_address(0),
/* ucontext */ nullptr, /* ucontext */ nullptr,
/* fast unwind */ true, Size - 1); /* fast unwind */ true, Size - 1);
memcpy(TraceBuffer, Trace.trace, Trace.size * sizeof(uintptr_t)); memcpy(TraceBuffer, Trace.trace, Trace.size * sizeof(uintptr_t));
return Trace.size; return Trace.size;
} }
static void PrintBacktrace(uintptr_t *Trace, size_t TraceLength, static void PrintBacktrace(uintptr_t *Trace, size_t TraceLength,
gwp_asan::options::Printf_t Printf) { gwp_asan::crash_handler::Printf_t Printf) {
__sanitizer::StackTrace StackTrace; __sanitizer::StackTrace StackTrace;
StackTrace.trace = reinterpret_cast<__sanitizer::uptr *>(Trace); StackTrace.trace = reinterpret_cast<__sanitizer::uptr *>(Trace);
StackTrace.size = TraceLength; StackTrace.size = TraceLength;
if (StackTrace.size == 0) { if (StackTrace.size == 0) {
Printf(" <unknown (does your allocator support backtracing?)>\n\n"); Printf(" <unknown (does your allocator support backtracing?)>\n\n");
return; return;
} }
Show All 11 Lines
// Generally, this function will be called during the initialisation of the // Generally, this function will be called during the initialisation of the
// allocator, which is done in a thread-compatible manner. // allocator, which is done in a thread-compatible manner.
Backtrace_t getBacktraceFunction() { Backtrace_t getBacktraceFunction() {
// The unwinder requires the default flags to be set. // The unwinder requires the default flags to be set.
__sanitizer::SetCommonFlagsDefaults(); __sanitizer::SetCommonFlagsDefaults();
__sanitizer::InitializeCommonFlags(); __sanitizer::InitializeCommonFlags();
return Backtrace; return Backtrace;
} }
PrintBacktrace_t getPrintBacktraceFunction() { return PrintBacktrace; } crash_handler::PrintBacktrace_t getPrintBacktraceFunction() {
return PrintBacktrace;
}
} // namespace options } // namespace options
} // namespace gwp_asan } // namespace gwp_asan

compiler-rt/lib/gwp_asan/optional/options_parser.cpp

Show First 20 LinesShow All 77 Lines▼ Show 20 Lines if (o->MaxSimultaneousAllocations <= 0) {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if (o->SampleRate < 1) { if (o->SampleRate < 1) {
__sanitizer::Printf( __sanitizer::Printf(
"GWP-ASan ERROR: SampleRate must be > 0 when GWP-ASan is enabled.\n"); "GWP-ASan ERROR: SampleRate must be > 0 when GWP-ASan is enabled.\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
o->Printf = __sanitizer::Printf;
} }
Options &getOptions() { return *getOptionsInternal(); } Options &getOptions() { return *getOptionsInternal(); }
} // namespace options } // namespace options
} // namespace gwp_asan } // namespace gwp_asan

compiler-rt/lib/gwp_asan/optional/segv_handler.h

  • This file was added.
//===-- crash_handler.h -----------------------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#ifndef GWP_ASAN_OPTIONAL_CRASH_HANDLER_H_
#define GWP_ASAN_OPTIONAL_CRASH_HANDLER_H_
#include "gwp_asan/guarded_pool_allocator.h"
#include "gwp_asan/options.h"
namespace gwp_asan {
namespace crash_handler {
// ================================ Requirements ===============================
// This function must be provided by the supporting allocator only when this
// provided crash handler is used to dump the generic report.
// sanitizer::Printf() function can be simply used here.
// ================================ Description ================================
// This function shall produce output according to a strict subset of the C
// standard library's printf() family. This function must support printing the
// following formats:
// 1. integers: "%([0-9]*)?(z|ll)?{d,u,x,X}"
// 2. pointers: "%p"
// 3. strings: "%[-]([0-9]*)?(\\.\\*)?s"
// 4. chars: "%c"
// This function must be implemented in a signal-safe manner, and thus must not
// malloc().
// =================================== Notes ===================================
// This function has a slightly different signature than the C standard
// library's printf(). Notably, it returns 'void' rather than 'int'.
typedef void (*Printf_t)(const char *Format, ...);
// ================================ Requirements ===============================
// This function is required for the supporting allocator, but one of the three
// provided implementations may be used (RTGwpAsanBacktraceLibc,
// RTGwpAsanBacktraceSanitizerCommon, or BasicPrintBacktraceFunction).
// ================================ Description ================================
// This function shall take the backtrace provided in `TraceBuffer`, and print
// it in a human-readable format using `Print`. Generally, this function shall
// resolve raw pointers to section offsets and print them with the following
// sanitizer-common format:
// " #{frame_number} {pointer} in {function name} ({binary name}+{offset}"
// e.g. " #5 0x420459 in _start (/tmp/uaf+0x420459)"
// This format allows the backtrace to be symbolized offline successfully using
// llvm-symbolizer.
// =================================== Notes ===================================
// This function may directly or indirectly call malloc(), as the
// GuardedPoolAllocator contains a reentrancy barrier to prevent infinite
// recursion. Any allocation made inside this function will be served by the
// supporting allocator, and will not have GWP-ASan protections.
typedef void (*PrintBacktrace_t)(uintptr_t *TraceBuffer, size_t TraceLength,
Printf_t Print);
// Returns a function pointer to a basic PrintBacktrace implementation. This
// implementation simply prints the stack trace in a human readable fashion
// without any symbolization.
PrintBacktrace_t getBasicPrintBacktraceFunction();
// Install the SIGSEGV crash handler for printing use-after-free and heap-
// buffer-{under|over}flow exceptions if the user asked for it. This is platform
// specific as even though POSIX and Windows both support registering handlers
// through signal(), we have to use platform-specific signal handlers to obtain
// the address that caused the SIGSEGV exception. GPA->init() must be called
// before this function.
void installSignalHandlers(gwp_asan::GuardedPoolAllocator *GPA, Printf_t Printf,
PrintBacktrace_t PrintBacktrace,
options::Backtrace_t Backtrace);
void uninstallSignalHandlers();
void dumpReport(uintptr_t ErrorPtr, const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *Metadata,
options::Backtrace_t Backtrace, Printf_t Printf,
PrintBacktrace_t PrintBacktrace);
} // namespace crash_handler
} // namespace gwp_asan
#endif // GWP_ASAN_OPTIONAL_CRASH_HANDLER_H_

compiler-rt/lib/gwp_asan/optional/segv_handler_posix.cpp

  • This file was added.
//===-- crash_handler_posix.cpp ---------------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "gwp_asan/common.h"
#include "gwp_asan/crash_handler.h"
#include "gwp_asan/guarded_pool_allocator.h"
#include "gwp_asan/optional/segv_handler.h"
#include "gwp_asan/options.h"
#include <assert.h>
#include <inttypes.h>
#include <signal.h>
#include <stdio.h>
namespace {
using gwp_asan::AllocationMetadata;
using gwp_asan::Error;
using gwp_asan::GuardedPoolAllocator;
using gwp_asan::crash_handler::PrintBacktrace_t;
using gwp_asan::crash_handler::Printf_t;
using gwp_asan::options::Backtrace_t;
struct sigaction PreviousHandler;
bool SignalHandlerInstalled;
gwp_asan::GuardedPoolAllocator *GPAForSignalHandler;
Printf_t PrintfForSignalHandler;
PrintBacktrace_t PrintBacktraceForSignalHandler;
Backtrace_t BacktraceForSignalHandler;
static void sigSegvHandler(int sig, siginfo_t *info, void *ucontext) {
if (GPAForSignalHandler) {
GPAForSignalHandler->stop();
gwp_asan::crash_handler::dumpReport(
reinterpret_cast<uintptr_t>(info->si_addr),
GPAForSignalHandler->getAllocatorState(),
GPAForSignalHandler->getMetadataRegion(), BacktraceForSignalHandler,
PrintfForSignalHandler, PrintBacktraceForSignalHandler);
}
// Process any previous handlers.
if (PreviousHandler.sa_flags & SA_SIGINFO) {
PreviousHandler.sa_sigaction(sig, info, ucontext);
} else if (PreviousHandler.sa_handler == SIG_DFL) {
// If the previous handler was the default handler, cause a core dump.
signal(SIGSEGV, SIG_DFL);
raise(SIGSEGV);
} else if (PreviousHandler.sa_handler == SIG_IGN) {
// If the previous segv handler was SIGIGN, crash iff we were responsible
eugenisUnsubmitted
Done
ReplyInline Actions

We should not kill the process if it had SIGSEGV ignored, and we do not recognize the crash.

eugenis: We should not kill the process if it had SIGSEGV ignored, and we do not recognize the crash.
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Done.

hctim: Done.
// for the crash.
if (__gwp_asan_error_is_mine(GPAForSignalHandler->getAllocatorState(),
reinterpret_cast<uintptr_t>(info->si_addr))) {
signal(SIGSEGV, SIG_DFL);
raise(SIGSEGV);
}
} else {
PreviousHandler.sa_handler(sig);
}
}
struct ScopedEndOfReportDecorator {
ScopedEndOfReportDecorator(gwp_asan::crash_handler::Printf_t Printf)
: Printf(Printf) {}
~ScopedEndOfReportDecorator() { Printf("*** End GWP-ASan report ***\n"); }
gwp_asan::crash_handler::Printf_t Printf;
};
// Prints the provided error and metadata information.
void printHeader(Error E, uintptr_t AccessPtr,
const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *Metadata,
Printf_t Printf) {
// Print using intermediate strings. Platforms like Android don't like when
// you print multiple times to the same line, as there may be a newline
// appended to a log file automatically per Printf() call.
constexpr size_t kDescriptionBufferLen = 128;
char DescriptionBuffer[kDescriptionBufferLen] = "";
if (E != Error::UNKNOWN && Metadata != nullptr) {
uintptr_t Address =
__gwp_asan_get_allocation_address(State, Metadata);
size_t Size = __gwp_asan_get_allocation_size(State, Metadata);
if (E == Error::USE_AFTER_FREE) {
snprintf(DescriptionBuffer, kDescriptionBufferLen,
"(%zu byte%s into a %zu-byte allocation at 0x%zx) ",
AccessPtr - Address, (AccessPtr - Address == 1) ? "" : "s", Size,
Address);
} else if (AccessPtr < Address) {
snprintf(DescriptionBuffer, kDescriptionBufferLen,
"(%zu byte%s to the left of a %zu-byte allocation at 0x%zx) ",
Address - AccessPtr, (Address - AccessPtr == 1) ? "" : "s", Size,
Address);
} else if (AccessPtr > Address) {
snprintf(DescriptionBuffer, kDescriptionBufferLen,
"(%zu byte%s to the right of a %zu-byte allocation at 0x%zx) ",
AccessPtr - Address, (AccessPtr - Address == 1) ? "" : "s", Size,
Address);
} else {
snprintf(DescriptionBuffer, kDescriptionBufferLen,
"(a %zu-byte allocation) ", Size);
}
}
// Possible number of digits of a 64-bit number: ceil(log10(2^64)) == 20. Add
// a null terminator, and round to the nearest 8-byte boundary.
uint64_t ThreadID = gwp_asan::getThreadID();
constexpr size_t kThreadBufferLen = 24;
char ThreadBuffer[kThreadBufferLen];
if (ThreadID == gwp_asan::kInvalidThreadID)
snprintf(ThreadBuffer, kThreadBufferLen, "<unknown>");
else
snprintf(ThreadBuffer, kThreadBufferLen, "%" PRIu64, ThreadID);
Printf("%s at 0x%zx %sby thread %s here:\n", gwp_asan::ErrorToString(E),
AccessPtr, DescriptionBuffer, ThreadBuffer);
}
void defaultPrintStackTrace(uintptr_t *Trace, size_t TraceLength,
gwp_asan::crash_handler::Printf_t Printf) {
if (TraceLength == 0)
Printf(" <unknown (does your allocator support backtracing?)>\n");
for (size_t i = 0; i < TraceLength; ++i) {
Printf(" #%zu 0x%zx in <unknown>\n", i, Trace[i]);
}
Printf("\n");
}
} // anonymous namespace
namespace gwp_asan {
namespace crash_handler {
PrintBacktrace_t getBasicPrintBacktraceFunction() {
return defaultPrintStackTrace;
}
void installSignalHandlers(gwp_asan::GuardedPoolAllocator *GPA, Printf_t Printf,
PrintBacktrace_t PrintBacktrace,
options::Backtrace_t Backtrace) {
GPAForSignalHandler = GPA;
PrintfForSignalHandler = Printf;
PrintBacktraceForSignalHandler = PrintBacktrace;
BacktraceForSignalHandler = Backtrace;
struct sigaction Action;
Action.sa_sigaction = sigSegvHandler;
Action.sa_flags = SA_SIGINFO;
sigaction(SIGSEGV, &Action, &PreviousHandler);
SignalHandlerInstalled = true;
}
void uninstallSignalHandlers() {
if (SignalHandlerInstalled) {
sigaction(SIGSEGV, &PreviousHandler, nullptr);
SignalHandlerInstalled = false;
}
}
void dumpReport(uintptr_t ErrorPtr, const gwp_asan::AllocatorState *State,
const gwp_asan::AllocationMetadata *Metadata,
options::Backtrace_t Backtrace, Printf_t Printf,
PrintBacktrace_t PrintBacktrace) {
assert(State && "dumpReport missing Allocator State.");
assert(Metadata && "dumpReport missing Metadata.");
assert(Printf && "dumpReport missing Printf.");
if (!__gwp_asan_error_is_mine(State, ErrorPtr))
return;
Printf("*** GWP-ASan detected a memory error ***\n");
ScopedEndOfReportDecorator Decorator(Printf);
uintptr_t InternalErrorPtr = __gwp_asan_get_internal_crash_address(State);
if (InternalErrorPtr != 0u)
ErrorPtr = InternalErrorPtr;
Error E = __gwp_asan_diagnose_error(State, Metadata, ErrorPtr);
if (E == Error::UNKNOWN) {
Printf("GWP-ASan cannot provide any more information about this error. "
"This may occur due to a wild memory access into the GWP-ASan pool, "
"or an overflow/underflow that is > 512B in length.\n");
return;
}
const gwp_asan::AllocationMetadata *AllocMeta =
__gwp_asan_get_metadata(State, Metadata, ErrorPtr);
// Print the error header.
printHeader(E, ErrorPtr, State, AllocMeta, Printf);
// Print the fault backtrace.
static constexpr unsigned kMaximumStackFramesForCrashTrace = 512;
uintptr_t Trace[kMaximumStackFramesForCrashTrace];
size_t TraceLength = Backtrace(Trace, kMaximumStackFramesForCrashTrace);
PrintBacktrace(Trace, TraceLength, Printf);
if (AllocMeta == nullptr)
return;
// Maybe print the deallocation trace.
if (__gwp_asan_is_deallocated(State, AllocMeta)) {
uint64_t ThreadID =
__gwp_asan_get_deallocation_thread_id(State, AllocMeta);
if (ThreadID == kInvalidThreadID)
Printf("0x%zx was deallocated by thread <unknown> here:\n", ErrorPtr);
else
Printf("0x%zx was deallocated by thread %zu here:\n", ErrorPtr, ThreadID);
TraceLength = __gwp_asan_get_deallocation_trace(
State, AllocMeta, Trace, kMaximumStackFramesForCrashTrace);
PrintBacktrace(Trace, TraceLength, Printf);
}
// Print the allocation trace.
uint64_t ThreadID =
__gwp_asan_get_allocation_thread_id(State, AllocMeta);
if (ThreadID == kInvalidThreadID)
Printf("0x%zx was allocated by thread <unknown> here:\n", ErrorPtr);
else
Printf("0x%zx was allocated by thread %zu here:\n", ErrorPtr, ThreadID);
TraceLength = __gwp_asan_get_allocation_trace(
State, AllocMeta, Trace, kMaximumStackFramesForCrashTrace);
PrintBacktrace(Trace, TraceLength, Printf);
}
} // namespace crash_handler
} // namespace gwp_asan

compiler-rt/lib/gwp_asan/options.h

Show All 9 Lines
#define GWP_ASAN_OPTIONS_H_ #define GWP_ASAN_OPTIONS_H_
#include <stddef.h> #include <stddef.h>
#include <stdint.h> #include <stdint.h>
namespace gwp_asan { namespace gwp_asan {
namespace options { namespace options {
// ================================ Requirements =============================== // ================================ Requirements ===============================
// This function is required to be implemented by the supporting allocator. The
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Moved to crash_handler_api.h.

hctim: Moved to `crash_handler_api.h`.
// sanitizer::Printf() function can be simply used here.
// ================================ Description ================================
// This function shall produce output according to a strict subset of the C
// standard library's printf() family. This function must support printing the
// following formats:
// 1. integers: "%([0-9]*)?(z|ll)?{d,u,x,X}"
// 2. pointers: "%p"
// 3. strings: "%[-]([0-9]*)?(\\.\\*)?s"
// 4. chars: "%c"
// This function must be implemented in a signal-safe manner.
// =================================== Notes ===================================
// This function has a slightly different signature than the C standard
// library's printf(). Notably, it returns 'void' rather than 'int'.
typedef void (*Printf_t)(const char *Format, ...);
// ================================ Requirements ===============================
// This function is required to be either implemented by the supporting // This function is required to be either implemented by the supporting
// allocator, or one of the two provided implementations may be used // allocator, or one of the two provided implementations may be used
// (RTGwpAsanBacktraceLibc or RTGwpAsanBacktraceSanitizerCommon). // (RTGwpAsanBacktraceLibc or RTGwpAsanBacktraceSanitizerCommon).
// ================================ Description ================================ // ================================ Description ================================
// This function shall collect the backtrace for the calling thread and place // This function shall collect the backtrace for the calling thread and place
// the result in `TraceBuffer`. This function should elide itself and all frames // the result in `TraceBuffer`. This function should elide itself and all frames
// below itself from `TraceBuffer`, i.e. the caller's frame should be in // below itself from `TraceBuffer`, i.e. the caller's frame should be in
// TraceBuffer[0], and subsequent frames 1..n into TraceBuffer[1..n], where a // TraceBuffer[0], and subsequent frames 1..n into TraceBuffer[1..n], where a
// maximum of `Size` frames are stored. Returns the number of frames stored into // maximum of `Size` frames are stored. Returns the number of frames stored into
// `TraceBuffer`, and zero on failure. If the return value of this function is // `TraceBuffer`, and zero on failure. If the return value of this function is
// equal to `Size`, it may indicate that the backtrace is truncated. // equal to `Size`, it may indicate that the backtrace is truncated.
// =================================== Notes =================================== // =================================== Notes ===================================
// This function may directly or indirectly call malloc(), as the // This function may directly or indirectly call malloc(), as the
// GuardedPoolAllocator contains a reentrancy barrier to prevent infinite // GuardedPoolAllocator contains a reentrancy barrier to prevent infinite
// recursion. Any allocation made inside this function will be served by the // recursion. Any allocation made inside this function will be served by the
// supporting allocator, and will not have GWP-ASan protections. // supporting allocator, and will not have GWP-ASan protections.
typedef size_t (*Backtrace_t)(uintptr_t *TraceBuffer, size_t Size); typedef size_t (*Backtrace_t)(uintptr_t *TraceBuffer, size_t Size);
// ================================ Requirements ===============================
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Moved to crash_handler_api.h.

hctim: Moved to `crash_handler_api.h`.
// This function is optional for the supporting allocator, but one of the two
// provided implementations may be used (RTGwpAsanBacktraceLibc or
// RTGwpAsanBacktraceSanitizerCommon). If not provided, a default implementation
// is used which prints the raw pointers only.
// ================================ Description ================================
// This function shall take the backtrace provided in `TraceBuffer`, and print
// it in a human-readable format using `Print`. Generally, this function shall
// resolve raw pointers to section offsets and print them with the following
// sanitizer-common format:
// " #{frame_number} {pointer} in {function name} ({binary name}+{offset}"
// e.g. " #5 0x420459 in _start (/tmp/uaf+0x420459)"
// This format allows the backtrace to be symbolized offline successfully using
// llvm-symbolizer.
// =================================== Notes ===================================
// This function may directly or indirectly call malloc(), as the
// GuardedPoolAllocator contains a reentrancy barrier to prevent infinite
// recursion. Any allocation made inside this function will be served by the
// supporting allocator, and will not have GWP-ASan protections.
typedef void (*PrintBacktrace_t)(uintptr_t *TraceBuffer, size_t TraceLength,
Printf_t Print);
struct Options { struct Options {
Printf_t Printf = nullptr;
Backtrace_t Backtrace = nullptr; Backtrace_t Backtrace = nullptr;
PrintBacktrace_t PrintBacktrace = nullptr;
// Read the options from the included definitions file. // Read the options from the included definitions file.
#define GWP_ASAN_OPTION(Type, Name, DefaultValue, Description) \ #define GWP_ASAN_OPTION(Type, Name, DefaultValue, Description) \
Type Name = DefaultValue; Type Name = DefaultValue;
#include "gwp_asan/options.inc" #include "gwp_asan/options.inc"
#undef GWP_ASAN_OPTION #undef GWP_ASAN_OPTION
void setDefaults() { void setDefaults() {
#define GWP_ASAN_OPTION(Type, Name, DefaultValue, Description) \ #define GWP_ASAN_OPTION(Type, Name, DefaultValue, Description) \
Name = DefaultValue; Name = DefaultValue;
#include "gwp_asan/options.inc" #include "gwp_asan/options.inc"
#undef GWP_ASAN_OPTION #undef GWP_ASAN_OPTION
Printf = nullptr;
Backtrace = nullptr; Backtrace = nullptr;
PrintBacktrace = nullptr;
} }
}; };
} // namespace options } // namespace options
} // namespace gwp_asan } // namespace gwp_asan
#endif // GWP_ASAN_OPTIONS_H_ #endif // GWP_ASAN_OPTIONS_H_

compiler-rt/lib/gwp_asan/options.inc

Show All 24 LinesGWP_ASAN_OPTION(int, MaxSimultaneousAllocations, 16,
"Number of simultaneously-guarded allocations available in the " "Number of simultaneously-guarded allocations available in the "
"pool. Defaults to 16.") "pool. Defaults to 16.")
GWP_ASAN_OPTION(int, SampleRate, 5000, GWP_ASAN_OPTION(int, SampleRate, 5000,
"The probability (1 / SampleRate) that an allocation is " "The probability (1 / SampleRate) that an allocation is "
"selected for GWP-ASan sampling. Default is 5000. Sample rates " "selected for GWP-ASan sampling. Default is 5000. Sample rates "
"up to (2^31 - 1) are supported.") "up to (2^31 - 1) are supported.")
// Developer note - This option is not actually processed by GWP-ASan itself. It
eugenisUnsubmitted
Done
ReplyInline Actions

Would it be better to move this option to scudo then if it is unused?

eugenis: Would it be better to move this option to scudo then if it is unused?
hctimAuthorUnsubmitted
Done
ReplyInline Actions

My assumption is that some new consumer may chose to use the sanitizer_common flag parser (which we include optionally under optional/options_parser.h). In that case, it's nice to have this flag be user-controlled. I'm not super attached to it being here though, LMK.

hctim: My assumption is that some new consumer may chose to use the sanitizer_common flag parser…
// is included here so that a user can specify whether they want signal handlers
// or not. The supporting allocator should inspect this value to see whether
// signal handlers need to be installed, and then use
// crash_handler::installSignalHandlers() in order to install the handlers. Note
// that in order to support signal handlers, you will need to link against the
// optional crash_handler component.
GWP_ASAN_OPTION( GWP_ASAN_OPTION(
bool, InstallSignalHandlers, true, bool, InstallSignalHandlers, true,
"Install GWP-ASan signal handlers for SIGSEGV during dynamic loading. This " "Install GWP-ASan signal handlers for SIGSEGV during dynamic loading. This "
"allows better error reports by providing stack traces for allocation and " "allows better error reports by providing stack traces for allocation and "
"deallocation when reporting a memory error. GWP-ASan's signal handler " "deallocation when reporting a memory error. GWP-ASan's signal handler "
"will forward the signal to any previously-installed handler, and user " "will forward the signal to any previously-installed handler, and user "
"programs that install further signal handlers should make sure they do " "programs that install further signal handlers should make sure they do "
"the same. Note, if the previously installed SIGSEGV handler is SIG_IGN, " "the same. Note, if the previously installed SIGSEGV handler is SIG_IGN, "
"we terminate the process after dumping the error report.") "we terminate the process after dumping the error report.")
GWP_ASAN_OPTION(bool, InstallForkHandlers, true, GWP_ASAN_OPTION(bool, InstallForkHandlers, true,
"Install GWP-ASan atfork handlers to acquire internal locks " "Install GWP-ASan atfork handlers to acquire internal locks "
"before fork and release them after.") "before fork and release them after.")

compiler-rt/lib/gwp_asan/platform_specific/common_posix.cpp

  • This file was added.
//===-- common_posix.cpp ---------------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "gwp_asan/common.h"
namespace gwp_asan {
uint64_t getThreadID() {
#ifdef SYS_gettid
return syscall(SYS_gettid);
#else
return kInvalidThreadID;
#endif
}
} // namespace gwp_asan

compiler-rt/lib/gwp_asan/platform_specific/guarded_pool_allocator_posix.cpp

//===-- guarded_pool_allocator_posix.cpp ------------------------*- C++ -*-===// //===-- guarded_pool_allocator_posix.cpp ------------------------*- C++ -*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "gwp_asan/guarded_pool_allocator.h" #include "gwp_asan/guarded_pool_allocator.h"
#include "gwp_asan/utilities.h"
#include <assert.h>
#include <errno.h> #include <errno.h>
#include <signal.h> #include <signal.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <sys/mman.h> #include <sys/mman.h>
#include <sys/syscall.h> #include <sys/syscall.h>
#include <sys/types.h> #include <sys/types.h>
#include <unistd.h> #include <unistd.h>
Show All 10 Lines
#endif // ANDROID #endif // ANDROID
// Anonymous mapping names are only supported on Android. // Anonymous mapping names are only supported on Android.
return; return;
} }
namespace gwp_asan { namespace gwp_asan {
void *GuardedPoolAllocator::mapMemory(size_t Size, const char *Name) const { void *GuardedPoolAllocator::mapMemory(size_t Size, const char *Name) const {
void *Ptr = void *Ptr =
mmap(nullptr, Size, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); mmap(nullptr, Size, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
Check(Ptr != MAP_FAILED, "Failed to map guarded pool allocator memory");
hctimAuthorUnsubmitted
Done
ReplyInline Actions

No more Printf in GPA, so assert and trap instread.

hctim: No more `Printf` in GPA, so assert and trap instread.
if (Ptr == MAP_FAILED) {
Printf("Failed to map guarded pool allocator memory, errno: %d\n", errno);
Printf(" mmap(nullptr, %zu, ...) failed.\n", Size);
exit(EXIT_FAILURE);
}
MaybeSetMappingName(Ptr, Size, Name); MaybeSetMappingName(Ptr, Size, Name);
return Ptr; return Ptr;
} }
void GuardedPoolAllocator::unmapMemory(void *Ptr, size_t Size, void GuardedPoolAllocator::unmapMemory(void *Ptr, size_t Size,
const char *Name) const { const char *Name) const {
int Res = munmap(Ptr, Size); Check(munmap(Ptr, Size) == 0,
"Failed to unmap guarded pool allocator memory.");
if (Res != 0) {
Printf("Failed to unmap guarded pool allocator memory, errno: %d\n", errno);
Printf(" unmmap(%p, %zu, ...) failed.\n", Ptr, Size);
exit(EXIT_FAILURE);
}
MaybeSetMappingName(Ptr, Size, Name); MaybeSetMappingName(Ptr, Size, Name);
} }
void GuardedPoolAllocator::markReadWrite(void *Ptr, size_t Size, void GuardedPoolAllocator::markReadWrite(void *Ptr, size_t Size,
const char *Name) const { const char *Name) const {
if (mprotect(Ptr, Size, PROT_READ | PROT_WRITE) != 0) { Check(mprotect(Ptr, Size, PROT_READ | PROT_WRITE) == 0,
Printf("Failed to set guarded pool allocator memory at as RW, errno: %d\n", "Failed to set guarded pool allocator memory at as RW.");
errno);
Printf(" mprotect(%p, %zu, RW) failed.\n", Ptr, Size);
exit(EXIT_FAILURE);
}
MaybeSetMappingName(Ptr, Size, Name); MaybeSetMappingName(Ptr, Size, Name);
} }
void GuardedPoolAllocator::markInaccessible(void *Ptr, size_t Size, void GuardedPoolAllocator::markInaccessible(void *Ptr, size_t Size,
const char *Name) const { const char *Name) const {
// mmap() a PROT_NONE page over the address to release it to the system, if // mmap() a PROT_NONE page over the address to release it to the system, if
// we used mprotect() here the system would count pages in the quarantine // we used mprotect() here the system would count pages in the quarantine
// against the RSS. // against the RSS.
if (mmap(Ptr, Size, PROT_NONE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, -1, Check(mmap(Ptr, Size, PROT_NONE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, -1,
0) == MAP_FAILED) { 0) != MAP_FAILED,
Printf("Failed to set guarded pool allocator memory as inaccessible, " "Failed to set guarded pool allocator memory as inaccessible.");
"errno: %d\n",
errno);
Printf(" mmap(%p, %zu, NONE, ...) failed.\n", Ptr, Size);
exit(EXIT_FAILURE);
}
MaybeSetMappingName(Ptr, Size, Name); MaybeSetMappingName(Ptr, Size, Name);
} }
size_t GuardedPoolAllocator::getPlatformPageSize() { size_t GuardedPoolAllocator::getPlatformPageSize() {
return sysconf(_SC_PAGESIZE); return sysconf(_SC_PAGESIZE);
} }
struct sigaction PreviousHandler;
bool SignalHandlerInstalled;
static void sigSegvHandler(int sig, siginfo_t *info, void *ucontext) {
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Moved to crash_handler_posix.cpp.

hctim: Moved to `crash_handler_posix.cpp`.
gwp_asan::GuardedPoolAllocator::reportError(
reinterpret_cast<uintptr_t>(info->si_addr));
// Process any previous handlers.
if (PreviousHandler.sa_flags & SA_SIGINFO) {
PreviousHandler.sa_sigaction(sig, info, ucontext);
} else if (PreviousHandler.sa_handler == SIG_IGN ||
PreviousHandler.sa_handler == SIG_DFL) {
// If the previous handler was the default handler, or was ignoring this
// signal, install the default handler and re-raise the signal in order to
// get a core dump and terminate this process.
signal(SIGSEGV, SIG_DFL);
raise(SIGSEGV);
} else {
PreviousHandler.sa_handler(sig);
}
}
void GuardedPoolAllocator::installAtFork() { void GuardedPoolAllocator::installAtFork() {
auto Disable = []() { auto Disable = []() {
if (auto *S = getSingleton()) if (auto *S = getSingleton())
S->disable(); S->disable();
}; };
auto Enable = []() { auto Enable = []() {
if (auto *S = getSingleton()) if (auto *S = getSingleton())
S->enable(); S->enable();
}; };
pthread_atfork(Disable, Enable, Enable); pthread_atfork(Disable, Enable, Enable);
} }
void GuardedPoolAllocator::installSignalHandlers() {
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Moved to crash_handler_posix.cpp.

hctim: Moved to `crash_handler_posix.cpp`.
struct sigaction Action;
Action.sa_sigaction = sigSegvHandler;
Action.sa_flags = SA_SIGINFO;
sigaction(SIGSEGV, &Action, &PreviousHandler);
SignalHandlerInstalled = true;
}
void GuardedPoolAllocator::uninstallSignalHandlers() {
if (SignalHandlerInstalled) {
sigaction(SIGSEGV, &PreviousHandler, nullptr);
SignalHandlerInstalled = false;
}
}
uint64_t GuardedPoolAllocator::getThreadID() {
#ifdef SYS_gettid
return syscall(SYS_gettid);
#else
return kInvalidThreadID;
#endif
}
} // namespace gwp_asan } // namespace gwp_asan

compiler-rt/lib/gwp_asan/platform_specific/utilities_posix.cpp

  • This file was added.
//===-- utilities_posix.cpp -------------------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "gwp_asan/utilities.h"
#ifdef ANDROID
#include <android/set_abort_message.h>
#include <stdlib.h>
#else // ANDROID
#include <stdio.h>
#endif
namespace gwp_asan {
#ifdef ANDROID
void Check(bool Condition, const char *Message) {
if (Condition)
return;
android_set_abort_message(Message);
abort();
}
#else // ANDROID
void Check(bool Condition, const char *Message) {
if (Condition)
return;
fprintf(stderr, "%s", Message);
__builtin_trap();
}
#endif // ANDROID
} // namespace gwp_asan

compiler-rt/lib/gwp_asan/random.cpp

//===-- random.cpp ----------------------------------------------*- C++ -*-===// //===-- random.cpp ----------------------------------------------*- C++ -*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "gwp_asan/random.h" #include "gwp_asan/random.h"
#include "gwp_asan/guarded_pool_allocator.h" #include "gwp_asan/common.h"
#include <time.h> #include <time.h>
namespace gwp_asan { namespace gwp_asan {
uint32_t getRandomUnsigned32() { uint32_t getRandomUnsigned32() {
thread_local uint32_t RandomState = thread_local uint32_t RandomState = time(nullptr) + getThreadID();
time(nullptr) + GuardedPoolAllocator::getThreadID();
RandomState ^= RandomState << 13; RandomState ^= RandomState << 13;
RandomState ^= RandomState >> 17; RandomState ^= RandomState >> 17;
RandomState ^= RandomState << 5; RandomState ^= RandomState << 5;
return RandomState; return RandomState;
} }
} // namespace gwp_asan } // namespace gwp_asan

compiler-rt/lib/gwp_asan/tests/CMakeLists.txt

include(CompilerRTCompile) include(CompilerRTCompile)
set(GWP_ASAN_UNITTEST_CFLAGS set(GWP_ASAN_UNITTEST_CFLAGS
${COMPILER_RT_UNITTEST_CFLAGS} ${COMPILER_RT_UNITTEST_CFLAGS}
${COMPILER_RT_GTEST_CFLAGS} ${COMPILER_RT_GTEST_CFLAGS}
-I${COMPILER_RT_SOURCE_DIR}/lib/ -I${COMPILER_RT_SOURCE_DIR}/lib/
-O2 -O2
-g) -g)
eugenisUnsubmitted
Done
ReplyInline Actions

Don't understand the comment. Does this optimization break the code? Why? Where did -O2 go?

eugenis: Don't understand the comment. Does this optimization break the code? Why? Where did -O2 go?
hctimAuthorUnsubmitted
Done
ReplyInline Actions

It ensured that call -> jmp optimisation didn't take place, but optnone is a much better sol'n.

hctim: It ensured that `call -> jmp` optimisation didn't take place, but `optnone` is a much better…
file(GLOB GWP_ASAN_HEADERS ../*.h) file(GLOB GWP_ASAN_HEADERS ../*.h)
set(GWP_ASAN_UNITTESTS set(GWP_ASAN_UNITTESTS
optional/printf_sanitizer_common.cpp optional/printf_sanitizer_common.cpp
alignment.cpp alignment.cpp
backtrace.cpp backtrace.cpp
basic.cpp basic.cpp
compression.cpp compression.cpp
iterate.cpp iterate.cpp
crash_handler_api.cpp
driver.cpp driver.cpp
mutex_test.cpp mutex_test.cpp
slot_reuse.cpp slot_reuse.cpp
thread_contention.cpp thread_contention.cpp
harness.cpp harness.cpp
enable_disable.cpp enable_disable.cpp
late_init.cpp) late_init.cpp)
Show All 14 Linesif(COMPILER_RT_DEFAULT_TARGET_ARCH IN_LIST GWP_ASAN_SUPPORTED_ARCH)
# GWP-ASan unit tests are only run on the host machine. # GWP-ASan unit tests are only run on the host machine.
set(arch ${COMPILER_RT_DEFAULT_TARGET_ARCH}) set(arch ${COMPILER_RT_DEFAULT_TARGET_ARCH})
set(GWP_ASAN_TEST_RUNTIME RTGwpAsanTest.${arch}) set(GWP_ASAN_TEST_RUNTIME RTGwpAsanTest.${arch})
set(GWP_ASAN_TEST_RUNTIME_OBJECTS set(GWP_ASAN_TEST_RUNTIME_OBJECTS
$<TARGET_OBJECTS:RTGwpAsan.${arch}> $<TARGET_OBJECTS:RTGwpAsan.${arch}>
$<TARGET_OBJECTS:RTGwpAsanBacktraceSanitizerCommon.${arch}> $<TARGET_OBJECTS:RTGwpAsanBacktraceSanitizerCommon.${arch}>
$<TARGET_OBJECTS:RTGwpAsanSegvHandler.${arch}>
$<TARGET_OBJECTS:RTSanitizerCommon.${arch}> $<TARGET_OBJECTS:RTSanitizerCommon.${arch}>
$<TARGET_OBJECTS:RTSanitizerCommonLibc.${arch}> $<TARGET_OBJECTS:RTSanitizerCommonLibc.${arch}>
$<TARGET_OBJECTS:RTSanitizerCommonSymbolizer.${arch}>) $<TARGET_OBJECTS:RTSanitizerCommonSymbolizer.${arch}>)
add_library(${GWP_ASAN_TEST_RUNTIME} STATIC add_library(${GWP_ASAN_TEST_RUNTIME} STATIC
${GWP_ASAN_TEST_RUNTIME_OBJECTS}) ${GWP_ASAN_TEST_RUNTIME_OBJECTS})
set_target_properties(${GWP_ASAN_TEST_RUNTIME} PROPERTIES set_target_properties(${GWP_ASAN_TEST_RUNTIME} PROPERTIES
Show All 14 Lines

compiler-rt/lib/gwp_asan/tests/backtrace.cpp

//===-- backtrace.cpp -------------------------------------------*- C++ -*-===// //===-- backtrace.cpp -------------------------------------------*- C++ -*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include <string> #include <string>
#include "gwp_asan/tests/harness.h" #include "gwp_asan/tests/harness.h"
TEST_F(BacktraceGuardedPoolAllocator, DoubleFree) { TEST_F(BacktraceGuardedPoolAllocator, DoubleFree) {
void *Ptr = GPA.allocate(1); void *Ptr = GPA.allocate(1);
GPA.deallocate(Ptr); GPA.deallocate(Ptr);
std::string DeathRegex = "Double free.*"; std::string DeathRegex = "Double Free.*";
DeathRegex.append("backtrace\\.cpp:25.*"); DeathRegex.append("backtrace\\.cpp:25.*");
DeathRegex.append("was deallocated.*"); DeathRegex.append("was deallocated.*");
DeathRegex.append("backtrace\\.cpp:15.*"); DeathRegex.append("backtrace\\.cpp:15.*");
DeathRegex.append("was allocated.*"); DeathRegex.append("was allocated.*");
DeathRegex.append("backtrace\\.cpp:14.*"); DeathRegex.append("backtrace\\.cpp:14.*");
ASSERT_DEATH(GPA.deallocate(Ptr), DeathRegex); ASSERT_DEATH(GPA.deallocate(Ptr), DeathRegex);
} }
TEST_F(BacktraceGuardedPoolAllocator, UseAfterFree) { TEST_F(BacktraceGuardedPoolAllocator, UseAfterFree) {
char *Ptr = static_cast<char *>(GPA.allocate(1)); char *Ptr = static_cast<char *>(GPA.allocate(1));
GPA.deallocate(Ptr); GPA.deallocate(Ptr);
std::string DeathRegex = "Use after free.*"; std::string DeathRegex = "Use After Free.*";
DeathRegex.append("backtrace\\.cpp:40.*"); DeathRegex.append("backtrace\\.cpp:40.*");
DeathRegex.append("was deallocated.*"); DeathRegex.append("was deallocated.*");
DeathRegex.append("backtrace\\.cpp:30.*"); DeathRegex.append("backtrace\\.cpp:30.*");
DeathRegex.append("was allocated.*"); DeathRegex.append("was allocated.*");
DeathRegex.append("backtrace\\.cpp:29.*"); DeathRegex.append("backtrace\\.cpp:29.*");
ASSERT_DEATH({ *Ptr = 7; }, DeathRegex); ASSERT_DEATH({ *Ptr = 7; }, DeathRegex);
} }

compiler-rt/lib/gwp_asan/tests/basic.cpp

Show All 18 Lines
TEST_F(DefaultGuardedPoolAllocator, NullptrIsNotMine) { TEST_F(DefaultGuardedPoolAllocator, NullptrIsNotMine) {
EXPECT_FALSE(GPA.pointerIsMine(nullptr)); EXPECT_FALSE(GPA.pointerIsMine(nullptr));
} }
TEST_F(CustomGuardedPoolAllocator, SizedAllocations) { TEST_F(CustomGuardedPoolAllocator, SizedAllocations) {
InitNumSlots(1); InitNumSlots(1);
std::size_t MaxAllocSize = GPA.maximumAllocationSize(); std::size_t MaxAllocSize = GPA.getAllocatorState()->maximumAllocationSize();
EXPECT_TRUE(MaxAllocSize > 0); EXPECT_TRUE(MaxAllocSize > 0);
for (unsigned AllocSize = 1; AllocSize <= MaxAllocSize; AllocSize <<= 1) { for (unsigned AllocSize = 1; AllocSize <= MaxAllocSize; AllocSize <<= 1) {
void *Ptr = GPA.allocate(AllocSize); void *Ptr = GPA.allocate(AllocSize);
EXPECT_NE(nullptr, Ptr); EXPECT_NE(nullptr, Ptr);
EXPECT_TRUE(GPA.pointerIsMine(Ptr)); EXPECT_TRUE(GPA.pointerIsMine(Ptr));
EXPECT_EQ(AllocSize, GPA.getSize(Ptr)); EXPECT_EQ(AllocSize, GPA.getSize(Ptr));
GPA.deallocate(Ptr); GPA.deallocate(Ptr);
} }
} }
TEST_F(DefaultGuardedPoolAllocator, TooLargeAllocation) { TEST_F(DefaultGuardedPoolAllocator, TooLargeAllocation) {
EXPECT_EQ(nullptr, GPA.allocate(GPA.maximumAllocationSize() + 1)); EXPECT_EQ(nullptr,
GPA.allocate(GPA.getAllocatorState()->maximumAllocationSize() + 1));
} }
TEST_F(CustomGuardedPoolAllocator, AllocAllSlots) { TEST_F(CustomGuardedPoolAllocator, AllocAllSlots) {
constexpr unsigned kNumSlots = 128; constexpr unsigned kNumSlots = 128;
InitNumSlots(kNumSlots); InitNumSlots(kNumSlots);
void *Ptrs[kNumSlots]; void *Ptrs[kNumSlots];
for (unsigned i = 0; i < kNumSlots; ++i) { for (unsigned i = 0; i < kNumSlots; ++i) {
Ptrs[i] = GPA.allocate(1); Ptrs[i] = GPA.allocate(1);
Show All 12 Lines

compiler-rt/lib/gwp_asan/tests/crash_handler_api.cpp

  • This file was added.
//===-- crash_handler_api.cpp -----------------------------------*- C++ -*-===//
//
hctimAuthorUnsubmitted
Done
ReplyInline Actions

New tests for the crash handler API.

hctim: New tests for the crash handler API.
eugenisUnsubmitted
Done
ReplyInline Actions

This test makes my head hurt :(
I don't see why it needs to actually send and receive signals to test this API.
Also, the fuzzy match logic seems to be testing an implementation of backtrace. This also seems irrelevant. I'd simply supply a mock backtrace callback.

eugenis: This test makes my head hurt :( I don't see why it needs to actually send and receive signals…
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Let me refactor this to not go through the actual allocator + crashing stuff. I refactored this test from some working branch that had wildly different assumptions.

hctim: Let me refactor this to not go through the actual allocator + crashing stuff. I refactored this…
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Refactored.

hctim: Refactored.
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "gwp_asan/crash_handler.h"
#include "gwp_asan/guarded_pool_allocator.h"
#include "gwp_asan/stack_trace_compressor.h"
#include "gwp_asan/tests/harness.h"
using Error = gwp_asan::Error;
using GuardedPoolAllocator = gwp_asan::GuardedPoolAllocator;
using AllocationMetadata = gwp_asan::AllocationMetadata;
using AllocatorState = gwp_asan::AllocatorState;
class CrashHandlerAPITest : public ::testing::Test {
public:
void SetUp() override { setupState(); }
protected:
size_t metadata(uintptr_t Addr, uintptr_t Size, bool IsDeallocated) {
eugenisUnsubmitted
Done
ReplyInline Actions

or can just do attribute((optnone))

eugenis: or can just do __attribute__((optnone))
// Should only be allocating the 0x3000, 0x5000, 0x7000, 0x9000 pages.
EXPECT_GE(Addr, 0x3000u);
EXPECT_LT(Addr, 0xa000u);
size_t Slot = State.getNearestSlot(Addr);
Metadata[Slot].Addr = Addr;
Metadata[Slot].Size = Size;
Metadata[Slot].IsDeallocated = IsDeallocated;
Metadata[Slot].AllocationTrace.ThreadID = 123;
Metadata[Slot].DeallocationTrace.ThreadID = 321;
setupBacktraces(&Metadata[Slot]);
return Slot;
}
void setupState() {
State.GuardedPagePool = 0x2000;
State.GuardedPagePoolEnd = 0xb000;
State.MaxSimultaneousAllocations = 4; // 0x3000, 0x5000, 0x7000, 0x9000.
State.PageSize = 0x1000;
}
void setupBacktraces(AllocationMetadata *Meta) {
Meta->AllocationTrace.TraceSize = gwp_asan::compression::pack(
BacktraceConstants, kNumBacktraceConstants,
Meta->AllocationTrace.CompressedTrace,
AllocationMetadata::kStackFrameStorageBytes);
if (Meta->IsDeallocated)
Meta->DeallocationTrace.TraceSize = gwp_asan::compression::pack(
BacktraceConstants, kNumBacktraceConstants,
Meta->DeallocationTrace.CompressedTrace,
AllocationMetadata::kStackFrameStorageBytes);
}
void checkBacktrace(const AllocationMetadata *Meta, bool IsDeallocated) {
uintptr_t Buffer[kNumBacktraceConstants];
size_t NumBacktraceConstants = kNumBacktraceConstants;
EXPECT_EQ(NumBacktraceConstants,
__gwp_asan_get_allocation_trace(&State, Meta, Buffer,
kNumBacktraceConstants));
for (size_t i = 0; i < kNumBacktraceConstants; ++i)
EXPECT_EQ(Buffer[i], BacktraceConstants[i]);
if (IsDeallocated) {
EXPECT_EQ(NumBacktraceConstants,
__gwp_asan_get_deallocation_trace(&State, Meta, Buffer,
kNumBacktraceConstants));
for (size_t i = 0; i < kNumBacktraceConstants; ++i)
EXPECT_EQ(Buffer[i], BacktraceConstants[i]);
}
}
void checkMetadata(size_t Index, uintptr_t ErrorPtr) {
const AllocationMetadata *Meta =
__gwp_asan_get_metadata(&State, Metadata, ErrorPtr);
EXPECT_NE(nullptr, Meta);
EXPECT_EQ(Metadata[Index].Addr,
__gwp_asan_get_allocation_address(&State, Meta));
EXPECT_EQ(Metadata[Index].Size,
__gwp_asan_get_allocation_size(&State, Meta));
EXPECT_EQ(Metadata[Index].AllocationTrace.ThreadID,
__gwp_asan_get_allocation_thread_id(&State, Meta));
bool IsDeallocated = __gwp_asan_is_deallocated(&State, Meta);
EXPECT_EQ(Metadata[Index].IsDeallocated, IsDeallocated);
checkBacktrace(Meta, IsDeallocated);
if (!IsDeallocated)
return;
EXPECT_EQ(Metadata[Index].DeallocationTrace.ThreadID,
__gwp_asan_get_deallocation_thread_id(&State, Meta));
}
static constexpr size_t kNumBacktraceConstants = 4;
static uintptr_t BacktraceConstants[kNumBacktraceConstants];
AllocatorState State = {};
AllocationMetadata Metadata[4] = {};
};
uintptr_t CrashHandlerAPITest::BacktraceConstants[kNumBacktraceConstants] = {
0xdeadbeef, 0xdeadc0de, 0xbadc0ffee, 0xcafef00d};
TEST_F(CrashHandlerAPITest, PointerNotMine) {
uintptr_t UnknownPtr = reinterpret_cast<uintptr_t>(&State);
EXPECT_FALSE(__gwp_asan_error_is_mine(&State, 0));
EXPECT_FALSE(__gwp_asan_error_is_mine(&State, UnknownPtr));
EXPECT_EQ(Error::UNKNOWN, __gwp_asan_diagnose_error(&State, Metadata, 0));
EXPECT_EQ(Error::UNKNOWN,
__gwp_asan_diagnose_error(&State, Metadata, UnknownPtr));
EXPECT_EQ(nullptr, __gwp_asan_get_metadata(&State, Metadata, 0));
EXPECT_EQ(nullptr, __gwp_asan_get_metadata(&State, Metadata, UnknownPtr));
}
TEST_F(CrashHandlerAPITest, PointerNotAllocated) {
uintptr_t FailureAddress = 0x9000;
EXPECT_TRUE(__gwp_asan_error_is_mine(&State, FailureAddress));
EXPECT_EQ(Error::UNKNOWN,
__gwp_asan_diagnose_error(&State, Metadata, FailureAddress));
EXPECT_EQ(0u, __gwp_asan_get_internal_crash_address(&State));
EXPECT_EQ(nullptr, __gwp_asan_get_metadata(&State, Metadata, FailureAddress));
}
TEST_F(CrashHandlerAPITest, DoubleFree) {
size_t Index =
metadata(/* Addr */ 0x7000, /* Size */ 0x20, /* IsDeallocated */ true);
uintptr_t FailureAddress = 0x7000;
State.FailureType = Error::DOUBLE_FREE;
State.FailureAddress = FailureAddress;
EXPECT_TRUE(__gwp_asan_error_is_mine(&State));
EXPECT_EQ(Error::DOUBLE_FREE,
__gwp_asan_diagnose_error(&State, Metadata, 0x0));
EXPECT_EQ(FailureAddress, __gwp_asan_get_internal_crash_address(&State));
checkMetadata(Index, FailureAddress);
}
TEST_F(CrashHandlerAPITest, InvalidFree) {
size_t Index =
metadata(/* Addr */ 0x7000, /* Size */ 0x20, /* IsDeallocated */ false);
uintptr_t FailureAddress = 0x7001;
State.FailureType = Error::INVALID_FREE;
State.FailureAddress = FailureAddress;
EXPECT_TRUE(__gwp_asan_error_is_mine(&State));
EXPECT_EQ(Error::INVALID_FREE,
__gwp_asan_diagnose_error(&State, Metadata, 0x0));
eugenisUnsubmitted
Done
ReplyInline Actions

It's usually better to be a bit more explicit in tests and setup the program state in each test case. In this case, I'd need to look ~2 pages up to understand what 0x7001 refers to. The test class could provide metadata setup helpers, and test case could look something like

metadata(0, 0x7000, 0x20, /*allocated*/false);
State.FailureAddress = 0x7001;
State.FailureType = Error::INVALID_FREE;
EXPECT_TRUE(__gwp_asan_error_is_mine(&State));

eugenis: It's usually better to be a bit more explicit in tests and setup the program state in each test…
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Great idea, thanks!

hctim: Great idea, thanks!
EXPECT_EQ(FailureAddress, __gwp_asan_get_internal_crash_address(&State));
checkMetadata(Index, FailureAddress);
}
TEST_F(CrashHandlerAPITest, InvalidFreeNoMetadata) {
uintptr_t FailureAddress = 0x7001;
State.FailureType = Error::INVALID_FREE;
State.FailureAddress = FailureAddress;
EXPECT_TRUE(__gwp_asan_error_is_mine(&State));
EXPECT_EQ(Error::INVALID_FREE,
__gwp_asan_diagnose_error(&State, Metadata, 0x0));
EXPECT_EQ(FailureAddress, __gwp_asan_get_internal_crash_address(&State));
EXPECT_EQ(nullptr, __gwp_asan_get_metadata(&State, Metadata, FailureAddress));
}
TEST_F(CrashHandlerAPITest, UseAfterFree) {
size_t Index =
metadata(/* Addr */ 0x7000, /* Size */ 0x20, /* IsDeallocated */ true);
uintptr_t FailureAddress = 0x7001;
EXPECT_TRUE(__gwp_asan_error_is_mine(&State, FailureAddress));
EXPECT_EQ(Error::USE_AFTER_FREE,
__gwp_asan_diagnose_error(&State, Metadata, FailureAddress));
EXPECT_EQ(0u, __gwp_asan_get_internal_crash_address(&State));
checkMetadata(Index, FailureAddress);
}
TEST_F(CrashHandlerAPITest, BufferOverflow) {
size_t Index =
metadata(/* Addr */ 0x5f00, /* Size */ 0x100, /* IsDeallocated */ false);
uintptr_t FailureAddress = 0x6000;
EXPECT_TRUE(__gwp_asan_error_is_mine(&State, FailureAddress));
EXPECT_EQ(Error::BUFFER_OVERFLOW,
__gwp_asan_diagnose_error(&State, Metadata, FailureAddress));
EXPECT_EQ(0u, __gwp_asan_get_internal_crash_address(&State));
checkMetadata(Index, FailureAddress);
}
TEST_F(CrashHandlerAPITest, BufferUnderflow) {
size_t Index =
metadata(/* Addr */ 0x3000, /* Size */ 0x10, /* IsDeallocated*/ false);
uintptr_t FailureAddress = 0x2fff;
EXPECT_TRUE(__gwp_asan_error_is_mine(&State, FailureAddress));
EXPECT_EQ(Error::BUFFER_UNDERFLOW,
__gwp_asan_diagnose_error(&State, Metadata, FailureAddress));
EXPECT_EQ(0u, __gwp_asan_get_internal_crash_address(&State));
checkMetadata(Index, FailureAddress);
}
eugenisUnsubmitted
Done
ReplyInline Actions

why not IntPtr = &Intptr ?

eugenis: why not IntPtr = &Intptr ?
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Sorry, I don't follow...

hctim: Sorry, I don't follow...
eugenisUnsubmitted
Done
ReplyInline Actions

It looks like the loop above finds any address that GWP-ASan would not recognize in pointerIsMine.
&IntPtr is such an address.

eugenis: It looks like the loop above finds any address that GWP-ASan would not recognize in…
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Done.

hctim: Done.

compiler-rt/lib/gwp_asan/tests/harness.h

Show All 10 Lines
#include <stdarg.h> #include <stdarg.h>
#include "gtest/gtest.h" #include "gtest/gtest.h"
#include "gwp_asan/guarded_pool_allocator.h" #include "gwp_asan/guarded_pool_allocator.h"
#include "gwp_asan/optional/backtrace.h" #include "gwp_asan/optional/backtrace.h"
#include "gwp_asan/options.h" #include "gwp_asan/options.h"
#include "gwp_asan/optional/segv_handler.h"
eugenisUnsubmitted
Done
ReplyInline Actions

this does not exist

eugenis: this does not exist
hctimAuthorUnsubmitted
Done
ReplyInline Actions

it does, just under the GWP-ASan root's gwp_asan/optional dir, not gwp_asan/tests/optional/

hctim: it does, just under the GWP-ASan root's `gwp_asan/optional` dir, not `gwp_asan/tests/optional/`
namespace gwp_asan { namespace gwp_asan {
namespace test { namespace test {
// This printf-function getter allows other platforms (e.g. Android) to define // This printf-function getter allows other platforms (e.g. Android) to define
// their own signal-safe Printf function. In LLVM, we use // their own signal-safe Printf function. In LLVM, we use
// `optional/printf_sanitizer_common.cpp` which supplies the __sanitizer::Printf // `optional/printf_sanitizer_common.cpp` which supplies the __sanitizer::Printf
// for this purpose. // for this purpose.
options::Printf_t getPrintfFunction(); crash_handler::Printf_t getPrintfFunction();
// First call returns true, all the following calls return false. // First call returns true, all the following calls return false.
bool OnlyOnce(); bool OnlyOnce();
}; // namespace test }; // namespace test
}; // namespace gwp_asan }; // namespace gwp_asan
class DefaultGuardedPoolAllocator : public ::testing::Test { class DefaultGuardedPoolAllocator : public ::testing::Test {
public: public:
void SetUp() override { void SetUp() override {
gwp_asan::options::Options Opts; gwp_asan::options::Options Opts;
Opts.setDefaults(); Opts.setDefaults();
MaxSimultaneousAllocations = Opts.MaxSimultaneousAllocations; MaxSimultaneousAllocations = Opts.MaxSimultaneousAllocations;
Opts.Printf = gwp_asan::test::getPrintfFunction();
Opts.InstallForkHandlers = gwp_asan::test::OnlyOnce(); Opts.InstallForkHandlers = gwp_asan::test::OnlyOnce();
GPA.init(Opts); GPA.init(Opts);
} }
void TearDown() override { GPA.uninitTestOnly(); } void TearDown() override { GPA.uninitTestOnly(); }
protected: protected:
gwp_asan::GuardedPoolAllocator GPA; gwp_asan::GuardedPoolAllocator GPA;
decltype(gwp_asan::options::Options::MaxSimultaneousAllocations) decltype(gwp_asan::options::Options::MaxSimultaneousAllocations)
MaxSimultaneousAllocations; MaxSimultaneousAllocations;
}; };
class CustomGuardedPoolAllocator : public ::testing::Test { class CustomGuardedPoolAllocator : public ::testing::Test {
public: public:
void void
InitNumSlots(decltype(gwp_asan::options::Options::MaxSimultaneousAllocations) InitNumSlots(decltype(gwp_asan::options::Options::MaxSimultaneousAllocations)
MaxSimultaneousAllocationsArg) { MaxSimultaneousAllocationsArg) {
gwp_asan::options::Options Opts; gwp_asan::options::Options Opts;
Opts.setDefaults(); Opts.setDefaults();
Opts.MaxSimultaneousAllocations = MaxSimultaneousAllocationsArg; Opts.MaxSimultaneousAllocations = MaxSimultaneousAllocationsArg;
MaxSimultaneousAllocations = MaxSimultaneousAllocationsArg; MaxSimultaneousAllocations = MaxSimultaneousAllocationsArg;
Opts.Printf = gwp_asan::test::getPrintfFunction();
Opts.InstallForkHandlers = gwp_asan::test::OnlyOnce(); Opts.InstallForkHandlers = gwp_asan::test::OnlyOnce();
GPA.init(Opts); GPA.init(Opts);
} }
void TearDown() override { GPA.uninitTestOnly(); } void TearDown() override { GPA.uninitTestOnly(); }
protected: protected:
gwp_asan::GuardedPoolAllocator GPA; gwp_asan::GuardedPoolAllocator GPA;
decltype(gwp_asan::options::Options::MaxSimultaneousAllocations) decltype(gwp_asan::options::Options::MaxSimultaneousAllocations)
MaxSimultaneousAllocations; MaxSimultaneousAllocations;
}; };
class BacktraceGuardedPoolAllocator : public ::testing::Test { class BacktraceGuardedPoolAllocator : public ::testing::Test {
public: public:
void SetUp() override { void SetUp() override {
gwp_asan::options::Options Opts; gwp_asan::options::Options Opts;
Opts.setDefaults(); Opts.setDefaults();
Opts.Printf = gwp_asan::test::getPrintfFunction();
Opts.Backtrace = gwp_asan::options::getBacktraceFunction(); Opts.Backtrace = gwp_asan::options::getBacktraceFunction();
Opts.PrintBacktrace = gwp_asan::options::getPrintBacktraceFunction();
Opts.InstallForkHandlers = gwp_asan::test::OnlyOnce(); Opts.InstallForkHandlers = gwp_asan::test::OnlyOnce();
GPA.init(Opts); GPA.init(Opts);
gwp_asan::crash_handler::installSignalHandlers(
&GPA, gwp_asan::test::getPrintfFunction(),
gwp_asan::options::getPrintBacktraceFunction(), Opts.Backtrace);
} }
void TearDown() override { GPA.uninitTestOnly(); } void TearDown() override {
GPA.uninitTestOnly();
gwp_asan::crash_handler::uninstallSignalHandlers();
eugenisUnsubmitted
Done
ReplyInline Actions

Not a big deal, but it makes sense to do these things in the opposite order.

eugenis: Not a big deal, but it makes sense to do these things in the opposite order.
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Done (and in Scudo).

hctim: Done (and in Scudo).
}
protected: protected:
gwp_asan::GuardedPoolAllocator GPA; gwp_asan::GuardedPoolAllocator GPA;
}; };
#endif // GWP_ASAN_TESTS_HARNESS_H_ #endif // GWP_ASAN_TESTS_HARNESS_H_

compiler-rt/lib/gwp_asan/tests/optional/printf_sanitizer_common.cpp

//===-- printf_sanitizer_common.cpp -----------------------------*- C++ -*-===// //===-- printf_sanitizer_common.cpp -----------------------------*- C++ -*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "gwp_asan/optional/segv_handler.h"
#include "sanitizer_common/sanitizer_common.h" #include "sanitizer_common/sanitizer_common.h"
#include "gwp_asan/options.h"
namespace gwp_asan { namespace gwp_asan {
namespace test { namespace test {
// This printf-function getter allows other platforms (e.g. Android) to define // This printf-function getter allows other platforms (e.g. Android) to define
// their own signal-safe Printf function. In LLVM, we use // their own signal-safe Printf function. In LLVM, we use
// `optional/printf_sanitizer_common.cpp` which supplies the __sanitizer::Printf // `optional/printf_sanitizer_common.cpp` which supplies the __sanitizer::Printf
// for this purpose. // for this purpose.
options::Printf_t getPrintfFunction() { crash_handler::Printf_t getPrintfFunction() { return __sanitizer::Printf; }
return __sanitizer::Printf;
}
}; // namespace test }; // namespace test
}; // namespace gwp_asan }; // namespace gwp_asan

compiler-rt/lib/gwp_asan/tests/thread_contention.cpp

Show All 18 Linesvoid asyncTask(gwp_asan::GuardedPoolAllocator *GPA,
std::atomic<bool> *StartingGun, unsigned NumIterations) { std::atomic<bool> *StartingGun, unsigned NumIterations) {
while (!*StartingGun) { while (!*StartingGun) {
// Wait for starting gun. // Wait for starting gun.
} }
// Get ourselves a new allocation. // Get ourselves a new allocation.
for (unsigned i = 0; i < NumIterations; ++i) { for (unsigned i = 0; i < NumIterations; ++i) {
volatile char *Ptr = reinterpret_cast<volatile char *>( volatile char *Ptr = reinterpret_cast<volatile char *>(
GPA->allocate(GPA->maximumAllocationSize())); GPA->allocate(GPA->getAllocatorState()->maximumAllocationSize()));
// Do any other threads have access to this page? // Do any other threads have access to this page?
EXPECT_EQ(*Ptr, 0); EXPECT_EQ(*Ptr, 0);
// Mark the page as from malloc. Wait to see if another thread also takes // Mark the page as from malloc. Wait to see if another thread also takes
// this page. // this page.
*Ptr = 'A'; *Ptr = 'A';
std::this_thread::sleep_for(std::chrono::nanoseconds(10000)); std::this_thread::sleep_for(std::chrono::nanoseconds(10000));
Show All 34 Lines

compiler-rt/lib/gwp_asan/utilities.h

  • This file was added.
//===-- utilities.h ---------------------------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "gwp_asan/definitions.h"
namespace gwp_asan {
// Checks that `Condition` is true, otherwise fails in a platform-specific way
// with `Message`.
void Check(bool Condition, const char *Message);
} // namespace gwp_asan

compiler-rt/lib/scudo/CMakeLists.txt

Show All 32 Linesset(SCUDO_MINIMAL_OBJECT_LIBS
RTSanitizerCommonLibc RTSanitizerCommonLibc
RTInterception) RTInterception)
if (COMPILER_RT_HAS_GWP_ASAN) if (COMPILER_RT_HAS_GWP_ASAN)
# Currently, Scudo uses the GwpAsan flag parser. This backs onto the flag # Currently, Scudo uses the GwpAsan flag parser. This backs onto the flag
# parsing mechanism of sanitizer_common. Once Scudo has its own flag parsing, # parsing mechanism of sanitizer_common. Once Scudo has its own flag parsing,
# and parses GwpAsan options, you can remove this dependency. # and parses GwpAsan options, you can remove this dependency.
list(APPEND SCUDO_MINIMAL_OBJECT_LIBS RTGwpAsan RTGwpAsanOptionsParser list(APPEND SCUDO_MINIMAL_OBJECT_LIBS RTGwpAsan RTGwpAsanOptionsParser
RTGwpAsanBacktraceLibc) RTGwpAsanBacktraceLibc
RTGwpAsanSegvHandler)
list(APPEND SCUDO_CFLAGS -DGWP_ASAN_HOOKS) list(APPEND SCUDO_CFLAGS -DGWP_ASAN_HOOKS)
endif() endif()
set(SCUDO_OBJECT_LIBS ${SCUDO_MINIMAL_OBJECT_LIBS}) set(SCUDO_OBJECT_LIBS ${SCUDO_MINIMAL_OBJECT_LIBS})
set(SCUDO_DYNAMIC_LIBS ${SCUDO_MINIMAL_DYNAMIC_LIBS}) set(SCUDO_DYNAMIC_LIBS ${SCUDO_MINIMAL_DYNAMIC_LIBS})
if (FUCHSIA) if (FUCHSIA)
list(APPEND SCUDO_CFLAGS -nostdinc++) list(APPEND SCUDO_CFLAGS -nostdinc++)
▲ Show 20 LinesShow All 105 LinesShow Last 20 Lines

compiler-rt/lib/scudo/scudo_allocator.cpp

Show First 20 LinesShow All 668 Lines▼ Show 20 Lines
} }
void initScudo() { void initScudo() {
Instance.init(); Instance.init();
#ifdef GWP_ASAN_HOOKS #ifdef GWP_ASAN_HOOKS
gwp_asan::options::initOptions(); gwp_asan::options::initOptions();
gwp_asan::options::Options &Opts = gwp_asan::options::getOptions(); gwp_asan::options::Options &Opts = gwp_asan::options::getOptions();
Opts.Backtrace = gwp_asan::options::getBacktraceFunction(); Opts.Backtrace = gwp_asan::options::getBacktraceFunction();
Opts.PrintBacktrace = gwp_asan::options::getPrintBacktraceFunction();
GuardedAlloc.init(Opts); GuardedAlloc.init(Opts);
if (Opts.InstallSignalHandlers)
gwp_asan::crash_handler::installSignalHandlers(
&GuardedAlloc, __sanitizer::Printf,
gwp_asan::options::getPrintBacktraceFunction(), Opts.Backtrace);
#endif // GWP_ASAN_HOOKS #endif // GWP_ASAN_HOOKS
} }
void ScudoTSD::init() { void ScudoTSD::init() {
getBackend().initCache(&Cache); getBackend().initCache(&Cache);
memset(QuarantineCachePlaceHolder, 0, sizeof(QuarantineCachePlaceHolder)); memset(QuarantineCachePlaceHolder, 0, sizeof(QuarantineCachePlaceHolder));
} }
▲ Show 20 LinesShow All 134 LinesShow Last 20 Lines

compiler-rt/lib/scudo/standalone/CMakeLists.txt

Show All 13 Lines
# Remove -stdlib= which is unused when passing -nostdinc++. # Remove -stdlib= which is unused when passing -nostdinc++.
string(REGEX REPLACE "-stdlib=[a-zA-Z+]*" "" CMAKE_CXX_FLAGS ${CMAKE_CXX_FLAGS}) string(REGEX REPLACE "-stdlib=[a-zA-Z+]*" "" CMAKE_CXX_FLAGS ${CMAKE_CXX_FLAGS})
append_list_if(COMPILER_RT_HAS_FFREESTANDING_FLAG -ffreestanding SCUDO_CFLAGS) append_list_if(COMPILER_RT_HAS_FFREESTANDING_FLAG -ffreestanding SCUDO_CFLAGS)
append_list_if(COMPILER_RT_HAS_FVISIBILITY_HIDDEN_FLAG -fvisibility=hidden SCUDO_CFLAGS) append_list_if(COMPILER_RT_HAS_FVISIBILITY_HIDDEN_FLAG -fvisibility=hidden SCUDO_CFLAGS)
if (COMPILER_RT_HAS_GWP_ASAN)
append_list_if(COMPILER_RT_HAS_OMIT_FRAME_POINTER_FLAG -fno-omit-frame-pointer
SCUDO_CFLAGS)
append_list_if(COMPILER_RT_HAS_OMIT_FRAME_POINTER_FLAG
eugenisUnsubmitted
Done
ReplyInline Actions

this can affect scudo performance.

eugenis: this can affect scudo performance.
hctimAuthorUnsubmitted
Done
ReplyInline Actions

@cryptoad

hctim: @cryptoad
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Flagged it behind COMPILER_RT_HAS_GWP_ASAN - but still worth assessing for @cryptoad

hctim: Flagged it behind `COMPILER_RT_HAS_GWP_ASAN` - but still worth assessing for @cryptoad
-mno-omit-leaf-frame-pointer SCUDO_CFLAGS)
endif() # COMPILER_RT_HAS_GWP_ASAN
if(COMPILER_RT_DEBUG) if(COMPILER_RT_DEBUG)
list(APPEND SCUDO_CFLAGS -O0) list(APPEND SCUDO_CFLAGS -O0)
else() else()
list(APPEND SCUDO_CFLAGS -O3) list(APPEND SCUDO_CFLAGS -O3)
endif() endif()
set(SCUDO_LINK_FLAGS) set(SCUDO_LINK_FLAGS)
▲ Show 20 LinesShow All 72 Lines▼ Show 20 Lines
set(SCUDO_SOURCES_CXX_WRAPPERS set(SCUDO_SOURCES_CXX_WRAPPERS
wrappers_cpp.cpp wrappers_cpp.cpp
) )
set(SCUDO_OBJECT_LIBS) set(SCUDO_OBJECT_LIBS)
if (COMPILER_RT_HAS_GWP_ASAN) if (COMPILER_RT_HAS_GWP_ASAN)
list(APPEND SCUDO_OBJECT_LIBS RTGwpAsan) list(APPEND SCUDO_OBJECT_LIBS
RTGwpAsan RTGwpAsanBacktraceLibc RTGwpAsanSegvHandler)
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Note for @cryptoad: This is the libc backtrace and the GWP-ASan internal (segv) crash handler, no dependencies on compiler-rt here :)

hctim: Note for @cryptoad: This is the libc backtrace and the GWP-ASan internal (segv) crash handler…
list(APPEND SCUDO_CFLAGS -DGWP_ASAN_HOOKS) list(APPEND SCUDO_CFLAGS -DGWP_ASAN_HOOKS)
endif() endif()
if(COMPILER_RT_HAS_SCUDO_STANDALONE) if(COMPILER_RT_HAS_SCUDO_STANDALONE)
add_compiler_rt_object_libraries(RTScudoStandalone add_compiler_rt_object_libraries(RTScudoStandalone
ARCHS ${SCUDO_STANDALONE_SUPPORTED_ARCH} ARCHS ${SCUDO_STANDALONE_SUPPORTED_ARCH}
SOURCES ${SCUDO_SOURCES} SOURCES ${SCUDO_SOURCES}
ADDITIONAL_HEADERS ${SCUDO_HEADERS} ADDITIONAL_HEADERS ${SCUDO_HEADERS}
Show All 34 Lines

compiler-rt/lib/scudo/standalone/combined.h

//===-- combined.h ----------------------------------------------*- C++ -*-===// //===-- combined.h ----------------------------------------------*- C++ -*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef SCUDO_COMBINED_H_ #ifndef SCUDO_COMBINED_H_
#define SCUDO_COMBINED_H_ #define SCUDO_COMBINED_H_
#include "chunk.h" #include "chunk.h"
eugenisUnsubmitted
Done
ReplyInline Actions

wrong path

eugenis: wrong path
hctimAuthorUnsubmitted
Done
ReplyInline Actions

why does my editor hate me so

hctim: why does my editor hate me so
#include "common.h" #include "common.h"
#include "flags.h" #include "flags.h"
#include "flags_parser.h" #include "flags_parser.h"
#include "interface.h" #include "interface.h"
#include "local_cache.h" #include "local_cache.h"
#include "memtag.h" #include "memtag.h"
#include "quarantine.h" #include "quarantine.h"
#include "report.h" #include "report.h"
#include "secondary.h" #include "secondary.h"
#include "string_utils.h" #include "string_utils.h"
#include "tsd.h" #include "tsd.h"
#ifdef GWP_ASAN_HOOKS #ifdef GWP_ASAN_HOOKS
#include "gwp_asan/guarded_pool_allocator.h" #include "gwp_asan/guarded_pool_allocator.h"
#include "gwp_asan/optional/backtrace.h"
#include "gwp_asan/optional/segv_handler.h"
#endif // GWP_ASAN_HOOKS #endif // GWP_ASAN_HOOKS
extern "C" inline void EmptyCallback() {} extern "C" inline void EmptyCallback() {}
namespace scudo { namespace scudo {
template <class Params, void (*PostInitCallback)(void) = EmptyCallback> template <class Params, void (*PostInitCallback)(void) = EmptyCallback>
class Allocator { class Allocator {
▲ Show 20 LinesShow All 129 Lines▼ Show 20 Lines#ifdef GWP_ASAN_HOOKS
Opt.MaxSimultaneousAllocations = Opt.MaxSimultaneousAllocations =
getFlags()->GWP_ASAN_MaxSimultaneousAllocations; getFlags()->GWP_ASAN_MaxSimultaneousAllocations;
Opt.SampleRate = getFlags()->GWP_ASAN_SampleRate; Opt.SampleRate = getFlags()->GWP_ASAN_SampleRate;
Opt.InstallSignalHandlers = getFlags()->GWP_ASAN_InstallSignalHandlers; Opt.InstallSignalHandlers = getFlags()->GWP_ASAN_InstallSignalHandlers;
// Embedded GWP-ASan is locked through the Scudo atfork handler (via // Embedded GWP-ASan is locked through the Scudo atfork handler (via
// Allocator::disable calling GWPASan.disable). Disable GWP-ASan's atfork // Allocator::disable calling GWPASan.disable). Disable GWP-ASan's atfork
// handler. // handler.
Opt.InstallForkHandlers = false; Opt.InstallForkHandlers = false;
Opt.Printf = Printf; Opt.Backtrace = gwp_asan::options::getBacktraceFunction();
hctimAuthorUnsubmitted
Done
ReplyInline Actions

Backtrace function comes from libc. Not sure if this WAI on Fuchsia, but we don't support GWP-ASan there so /shrug/.

hctim: Backtrace function comes from libc. Not sure if this WAI on Fuchsia, but we don't support GWP…
GuardedAlloc.init(Opt); GuardedAlloc.init(Opt);
if (Opt.InstallSignalHandlers)
gwp_asan::crash_handler::installSignalHandlers(
&GuardedAlloc, Printf, gwp_asan::options::getPrintBacktraceFunction(),
Opt.Backtrace);
#endif // GWP_ASAN_HOOKS #endif // GWP_ASAN_HOOKS
} }
void reset() { memset(this, 0, sizeof(*this)); } void reset() { memset(this, 0, sizeof(*this)); }
void unmapTestOnly() { void unmapTestOnly() {
TSDRegistry.unmapTestOnly(); TSDRegistry.unmapTestOnly();
Primary.unmapTestOnly(); Primary.unmapTestOnly();
#ifdef GWP_ASAN_HOOKS #ifdef GWP_ASAN_HOOKS
if (getFlags()->GWP_ASAN_InstallSignalHandlers)
gwp_asan::crash_handler::uninstallSignalHandlers();
GuardedAlloc.uninitTestOnly(); GuardedAlloc.uninitTestOnly();
#endif // GWP_ASAN_HOOKS #endif // GWP_ASAN_HOOKS
} }
TSDRegistryT *getTSDRegistry() { return &TSDRegistry; } TSDRegistryT *getTSDRegistry() { return &TSDRegistry; }
// The Cache must be provided zero-initialized. // The Cache must be provided zero-initialized.
void initCache(CacheT *Cache) { void initCache(CacheT *Cache) {
▲ Show 20 LinesShow All 622 LinesShow Last 20 Lines

compiler-rt/lib/scudo/standalone/tests/CMakeLists.txt

Show All 37 Lines
set(SCUDO_TEST_HEADERS) set(SCUDO_TEST_HEADERS)
foreach (header ${SCUDO_HEADERS}) foreach (header ${SCUDO_HEADERS})
list(APPEND SCUDO_TEST_HEADERS ${CMAKE_CURRENT_SOURCE_DIR}/../${header}) list(APPEND SCUDO_TEST_HEADERS ${CMAKE_CURRENT_SOURCE_DIR}/../${header})
endforeach() endforeach()
macro(add_scudo_unittest testname) macro(add_scudo_unittest testname)
cmake_parse_arguments(TEST "" "" "SOURCES;ADDITIONAL_RTOBJECTS" ${ARGN}) cmake_parse_arguments(TEST "" "" "SOURCES;ADDITIONAL_RTOBJECTS" ${ARGN})
if (COMPILER_RT_HAS_GWP_ASAN) if (COMPILER_RT_HAS_GWP_ASAN)
list(APPEND TEST_ADDITIONAL_RTOBJECTS RTGwpAsan) list(APPEND TEST_ADDITIONAL_RTOBJECTS
RTGwpAsan RTGwpAsanBacktraceLibc RTGwpAsanSegvHandler)
endif() endif()
if(COMPILER_RT_HAS_SCUDO_STANDALONE) if(COMPILER_RT_HAS_SCUDO_STANDALONE)
foreach(arch ${SCUDO_TEST_ARCH}) foreach(arch ${SCUDO_TEST_ARCH})
# Additional runtime objects get added along RTScudoStandalone # Additional runtime objects get added along RTScudoStandalone
set(SCUDO_TEST_RTOBJECTS $<TARGET_OBJECTS:RTScudoStandalone.${arch}>) set(SCUDO_TEST_RTOBJECTS $<TARGET_OBJECTS:RTScudoStandalone.${arch}>)
foreach(rtobject ${TEST_ADDITIONAL_RTOBJECTS}) foreach(rtobject ${TEST_ADDITIONAL_RTOBJECTS})
list(APPEND SCUDO_TEST_RTOBJECTS $<TARGET_OBJECTS:${rtobject}.${arch}>) list(APPEND SCUDO_TEST_RTOBJECTS $<TARGET_OBJECTS:${rtobject}.${arch}>)
▲ Show 20 LinesShow All 60 LinesShow Last 20 Lines

compiler-rt/test/gwp_asan/double_delete.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t // RUN: %clangxx_gwp_asan %s -o %t
// RUN: not %run %t 2>&1 | FileCheck %s // RUN: %expect_crash %run %t 2>&1 | FileCheck %s
// CHECK: GWP-ASan detected a memory error // CHECK: GWP-ASan detected a memory error
// CHECK: Double free at 0x{{[a-f0-9]+}} (a 1-byte allocation) // CHECK: Double Free at 0x{{[a-f0-9]+}} (a 1-byte allocation)
#include <cstdlib> #include <cstdlib>
int main() { int main() {
char *Ptr = new char; char *Ptr = new char;
delete Ptr; delete Ptr;
delete Ptr; delete Ptr;
return 0; return 0;
} }

compiler-rt/test/gwp_asan/double_deletea.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t // RUN: %clangxx_gwp_asan %s -o %t
// RUN: not %run %t 2>&1 | FileCheck %s // RUN: %expect_crash %run %t 2>&1 | FileCheck %s
// CHECK: GWP-ASan detected a memory error // CHECK: GWP-ASan detected a memory error
// CHECK: Double free at 0x{{[a-f0-9]+}} (a 50-byte allocation) // CHECK: Double Free at 0x{{[a-f0-9]+}} (a 50-byte allocation)
#include <cstdlib> #include <cstdlib>
int main() { int main() {
char *Ptr = new char[50]; char *Ptr = new char[50];
delete[] Ptr; delete[] Ptr;
delete[] Ptr; delete[] Ptr;
return 0; return 0;
} }

compiler-rt/test/gwp_asan/double_free.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t // RUN: %clangxx_gwp_asan %s -o %t
// RUN: not %run %t 2>&1 | FileCheck %s // RUN: %expect_crash %run %t 2>&1 | FileCheck %s
#include <cstdlib> #include <cstdlib>
int main() { int main() {
// CHECK: GWP-ASan detected a memory error // CHECK: GWP-ASan detected a memory error
// CHECK: Double free at 0x{{[a-f0-9]+}} (a 10-byte allocation) // CHECK: Double Free at 0x{{[a-f0-9]+}} (a 10-byte allocation)
void *Ptr = malloc(10); void *Ptr = malloc(10);
free(Ptr); free(Ptr);
free(Ptr); free(Ptr);
return 0; return 0;
} }

compiler-rt/test/gwp_asan/heap_buffer_overflow.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t // RUN: %clangxx_gwp_asan %s -o %t
// RUN: %expect_crash %run %t 2>&1 | FileCheck %s // RUN: %expect_crash %run %t 2>&1 | FileCheck %s
// CHECK: GWP-ASan detected a memory error // CHECK: GWP-ASan detected a memory error
// CHECK: Buffer overflow at 0x{{[a-f0-9]+}} ({{[1-9][0-9]*}} bytes to the right // CHECK: Buffer Overflow at 0x{{[a-f0-9]+}} ({{[1-9][0-9]*}} bytes to the right
// CHECK-SAME: of a {{[1-9][0-9]*}}-byte allocation // CHECK-SAME: of a {{[1-9][0-9]*}}-byte allocation
#include <cstdlib> #include <cstdlib>
#include "page_size.h" #include "page_size.h"
int main() { int main() {
char *Ptr = char *Ptr =
reinterpret_cast<char *>(malloc(pageSize())); reinterpret_cast<char *>(malloc(pageSize()));
volatile char x = *(Ptr + pageSize()); volatile char x = *(Ptr + pageSize());
return 0; return 0;
} }

compiler-rt/test/gwp_asan/heap_buffer_underflow.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t // RUN: %clangxx_gwp_asan %s -o %t
// RUN: %expect_crash %run %t 2>&1 | FileCheck %s // RUN: %expect_crash %run %t 2>&1 | FileCheck %s
// CHECK: GWP-ASan detected a memory error // CHECK: GWP-ASan detected a memory error
// CHECK: Buffer underflow at 0x{{[a-f0-9]+}} (1 byte to the left // CHECK: Buffer Underflow at 0x{{[a-f0-9]+}} (1 byte to the left
// CHECK-SAME: of a {{[1-9][0-9]*}}-byte allocation // CHECK-SAME: of a {{[1-9][0-9]*}}-byte allocation
#include <cstdlib> #include <cstdlib>
#include "page_size.h" #include "page_size.h"
int main() { int main() {
char *Ptr = char *Ptr =
reinterpret_cast<char *>(malloc(pageSize())); reinterpret_cast<char *>(malloc(pageSize()));
volatile char x = *(Ptr - 1); volatile char x = *(Ptr - 1);
return 0; return 0;
} }

compiler-rt/test/gwp_asan/invalid_free_left.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t // RUN: %clangxx_gwp_asan %s -o %t
// RUN: not %run %t 2>&1 | FileCheck %s // RUN: %expect_crash %run %t 2>&1 | FileCheck %s
// CHECK: GWP-ASan detected a memory error // CHECK: GWP-ASan detected a memory error
// CHECK: Invalid (wild) free at 0x{{[a-f0-9]+}} (1 byte to the left of a // CHECK: Invalid (Wild) Free at 0x{{[a-f0-9]+}} (1 byte to the left of a
// CHECK-SAME: 1-byte allocation // CHECK-SAME: 1-byte allocation
#include <cstdlib> #include <cstdlib>
int main() { int main() {
char *Ptr = char *Ptr =
reinterpret_cast<char *>(malloc(1)); reinterpret_cast<char *>(malloc(1));
free(Ptr - 1); free(Ptr - 1);
return 0; return 0;
} }

compiler-rt/test/gwp_asan/invalid_free_right.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t // RUN: %clangxx_gwp_asan %s -o %t
// RUN: not %run %t 2>&1 | FileCheck %s // RUN: %expect_crash %run %t 2>&1 | FileCheck %s
// CHECK: GWP-ASan detected a memory error // CHECK: GWP-ASan detected a memory error
// CHECK: Invalid (wild) free at 0x{{[a-f0-9]+}} (1 byte to the right of a // CHECK: Invalid (Wild) Free at 0x{{[a-f0-9]+}} (1 byte to the right of a
// CHECK-SAME: 1-byte allocation // CHECK-SAME: 1-byte allocation
#include <cstdlib> #include <cstdlib>
int main() { int main() {
char *Ptr = char *Ptr =
reinterpret_cast<char *>(malloc(1)); reinterpret_cast<char *>(malloc(1));
free(Ptr + 1); free(Ptr + 1);
return 0; return 0;
} }

compiler-rt/test/gwp_asan/realloc.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t -DTEST_MALLOC // RUN: %clangxx_gwp_asan %s -o %t -DTEST_MALLOC
// RUN: not %run %t 2>&1 | FileCheck %s --check-prefix CHECK-MALLOC // RUN: %expect_crash %run %t 2>&1 | FileCheck %s --check-prefix CHECK-MALLOC
// Check both C++98 and C. // Check both C++98 and C.
// RUN: %clangxx_gwp_asan -std=c++98 %s -o %t -DTEST_FREE // RUN: %clangxx_gwp_asan -std=c++98 %s -o %t -DTEST_FREE
// RUN: %expect_crash %run %t 2>&1 | FileCheck %s --check-prefix CHECK-FREE // RUN: %expect_crash %run %t 2>&1 | FileCheck %s --check-prefix CHECK-FREE
// RUN: cp %s %t.c && %clang_gwp_asan %t.c -o %t -DTEST_FREE // RUN: cp %s %t.c && %clang_gwp_asan %t.c -o %t -DTEST_FREE
// RUN: %expect_crash %run %t 2>&1 | FileCheck %s --check-prefix CHECK-FREE // RUN: %expect_crash %run %t 2>&1 | FileCheck %s --check-prefix CHECK-FREE
// Ensure GWP-ASan stub implementation of realloc() in Scudo works to-spec. In // Ensure GWP-ASan stub implementation of realloc() in Scudo works to-spec. In
// particular, the behaviour regarding realloc of size zero is interesting, as // particular, the behaviour regarding realloc of size zero is interesting, as
// it's defined as free(). // it's defined as free().
#include <stdlib.h> #include <stdlib.h>
int main() { int main() {
#if defined(TEST_MALLOC) #if defined(TEST_MALLOC)
// realloc(nullptr, size) is equivalent to malloc(size). // realloc(nullptr, size) is equivalent to malloc(size).
char *Ptr = reinterpret_cast<char *>(realloc(nullptr, 1)); char *Ptr = reinterpret_cast<char *>(realloc(nullptr, 1));
*Ptr = 0; *Ptr = 0;
// Trigger an INVALID_FREE to the right. // Trigger an INVALID_FREE to the right.
free(Ptr + 1); free(Ptr + 1);
// CHECK-MALLOC: GWP-ASan detected a memory error // CHECK-MALLOC: GWP-ASan detected a memory error
// CHECK-MALLOC: Invalid (wild) free at 0x{{[a-f0-9]+}} (1 byte to the right // CHECK-MALLOC: Invalid (Wild) Free at 0x{{[a-f0-9]+}} (1 byte to the right
// CHECK-MALLOC-SAME: of a 1-byte allocation // CHECK-MALLOC-SAME: of a 1-byte allocation
#elif defined(TEST_FREE) #elif defined(TEST_FREE)
char *Ptr = (char *) malloc(1); char *Ptr = (char *) malloc(1);
// realloc(ptr, 0) is equivalent to free(ptr) and must return nullptr. Note // realloc(ptr, 0) is equivalent to free(ptr) and must return nullptr. Note
// that this is only the specification in C++98 and C. // that this is only the specification in C++98 and C.
if (realloc(Ptr, 0) != NULL) { if (realloc(Ptr, 0) != NULL) {
} }
// Trigger a USE_AFTER_FREE. // Trigger a USE_AFTER_FREE.
*Ptr = 0; *Ptr = 0;
// CHECK-FREE: GWP-ASan detected a memory error // CHECK-FREE: GWP-ASan detected a memory error
// CHECK-FREE: Use after free at 0x{{[a-f0-9]+}} (0 bytes into a 1-byte // CHECK-FREE: Use After Free at 0x{{[a-f0-9]+}} (0 bytes into a 1-byte
// CHECK-FREE-SAME: allocation // CHECK-FREE-SAME: allocation
#endif #endif
return 0; return 0;
} }

compiler-rt/test/gwp_asan/use_after_delete.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t // RUN: %clangxx_gwp_asan %s -o %t
// RUN: %expect_crash %run %t 2>&1 | FileCheck %s // RUN: %expect_crash %run %t 2>&1 | FileCheck %s
// CHECK: GWP-ASan detected a memory error // CHECK: GWP-ASan detected a memory error
// CHECK: Use after free at 0x{{[a-f0-9]+}} (0 bytes into a 1-byte allocation // CHECK: Use After Free at 0x{{[a-f0-9]+}} (0 bytes into a 1-byte allocation
#include <cstdlib> #include <cstdlib>
int main() { int main() {
char *Ptr = new char; char *Ptr = new char;
*Ptr = 0x0; *Ptr = 0x0;
delete Ptr; delete Ptr;
volatile char x = *Ptr; volatile char x = *Ptr;
return 0; return 0;
} }

compiler-rt/test/gwp_asan/use_after_deletea.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t // RUN: %clangxx_gwp_asan %s -o %t
// RUN: %expect_crash %run %t 2>&1 | FileCheck %s // RUN: %expect_crash %run %t 2>&1 | FileCheck %s
// CHECK: GWP-ASan detected a memory error // CHECK: GWP-ASan detected a memory error
// CHECK: Use after free at 0x{{[a-f0-9]+}} (0 bytes into a 10-byte allocation // CHECK: Use After Free at 0x{{[a-f0-9]+}} (0 bytes into a 10-byte allocation
#include <cstdlib> #include <cstdlib>
int main() { int main() {
char *Ptr = new char[10]; char *Ptr = new char[10];
for (unsigned i = 0; i < 10; ++i) { for (unsigned i = 0; i < 10; ++i) {
*(Ptr + i) = 0x0; *(Ptr + i) = 0x0;
} }
delete[] Ptr; delete[] Ptr;
volatile char x = *Ptr; volatile char x = *Ptr;
return 0; return 0;
} }

compiler-rt/test/gwp_asan/use_after_free.cpp

// REQUIRES: gwp_asan // REQUIRES: gwp_asan
// RUN: %clangxx_gwp_asan %s -o %t // RUN: %clangxx_gwp_asan %s -o %t
// RUN: %expect_crash %run %t 2>&1 | FileCheck %s // RUN: %expect_crash %run %t 2>&1 | FileCheck %s
// CHECK: GWP-ASan detected a memory error // CHECK: GWP-ASan detected a memory error
// CHECK: Use after free at 0x{{[a-f0-9]+}} (0 bytes into a 10-byte allocation // CHECK: Use After Free at 0x{{[a-f0-9]+}} (0 bytes into a 10-byte allocation
#include <cstdlib> #include <cstdlib>
int main() { int main() {
char *Ptr = reinterpret_cast<char *>(malloc(10)); char *Ptr = reinterpret_cast<char *>(malloc(10));
for (unsigned i = 0; i < 10; ++i) { for (unsigned i = 0; i < 10; ++i) {
*(Ptr + i) = 0x0; *(Ptr + i) = 0x0;
} }
free(Ptr); free(Ptr);
volatile char x = *Ptr; volatile char x = *Ptr;
return 0; return 0;
} }