This is an archive of the discontinued LLVM Phabricator instance.

[Sanitizer] Add interceptor for ptsname
AbandonedPublic

Authored by labath on Sep 30 2020, 5:21 AM.

Download Raw Diff

Details

Reviewers

vitalybuka
MaskRay

Summary

Works the same way as the ttyname interceptor.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

labath created this revision.Sep 30 2020, 5:21 AM

Herald added a project: Restricted Project. · View Herald TranscriptSep 30 2020, 5:21 AM

labath requested review of this revision.Sep 30 2020, 5:21 AM

labath added inline comments.Sep 30 2020, 5:23 AM

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc
4904	I'm not sure I understand the difference between COMMON_INTERCEPTOR_INITIALIZE_RANGE and COMMON_INTERCEPTOR_WRITE_RANGE. For example, I would have expected tsan to warn about concurrent usages of ptsname from different threads (and changing this to WRITE_RANGE does achieve that), but maybe there is a reason why these functions use the INITIALIZE macro (?)

Abandoning in favor of D88547 (though I'd still be interested to know the answer to my inline question).

Harbormaster completed remote builds in B73491: Diff 295249.Sep 30 2020, 5:39 AM

In D88559#2303129, @labath wrote:

Abandoning in favor of D88547 (though I'd still be interested to know the answer to my inline question).

My understanding:

COMMON_INTERCEPTOR_INITIALIZE_RANGE is only defined for msan.

asan re-defines COMMON_INTERCEPTOR_WRITE_RANGE (the buffer is specified by the user - the addressability needs to be checked) but not COMMON_INTERCEPTOR_INITIALIZE_RANGE (static storage is known to be *addressable* so there is no need to check addressability).
tsan re-defines COMMON_INTERCEPTOR_WRITE_RANGE (the buffer is specified by the user - the potential data race needs to be checked) but not COMMON_INTERCEPTOR_INITIALIZE_RANGE (data race will not be checked - potential false negatives).

Consider a function that returns a pointer to a static buffer with the contents that are somehow initialized internally with proper synchronization. If the interceptor uses _WRITE, TSan will understand that as a data race because it can not see the internal synchronization. That why _INITIALIZE macro is used by MSan (the memory has somehow been initialized) but not by TSan (there may not have been a store there *right now*).

Another example is strerror which sometimes returns a pointer to static data (always initialized, does not require any sanitizer handling) and sometimes to a freshly allocated thread-local buffer.

In D88559#2304679, @eugenis wrote:

Consider a function that returns a pointer to a static buffer with the contents that are somehow initialized internally with proper synchronization. If the interceptor uses _WRITE, TSan will understand that as a data race because it can not see the internal synchronization. That why _INITIALIZE macro is used by MSan (the memory has somehow been initialized) but not by TSan (there may not have been a store there *right now*).

Another example is strerror which sometimes returns a pointer to static data (always initialized, does not require any sanitizer handling) and sometimes to a freshly allocated thread-local buffer.

Interesting. Thanks for the explanation. So, we're preferring a false negative (not reporting a race in case the function doesn't do anything fancy -- a thing which is pretty hard to do in the ptsname case) over a false positive (reporting a race even if it does). Kind of makes sense. Not sure its the right trade-off for this function, but I don't want to revisit past design decisions.

Revision Contents

Path

Size

compiler-rt/

lib/

sanitizer_common/

sanitizer_common_interceptors.inc

15 lines

sanitizer_platform_interceptors.h

1 line

test/

msan/

Linux/

forkpty.cpp

7 lines

Diff 295249

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 319 Lines • ▼ Show 20 Lines	enum {
CIMT_FILE		CIMT_FILE
} type;		} type;
union {		union {
FileMetadata file;		FileMetadata file;
};		};
};		};

#if SI_POSIX		#if SI_POSIX
typedef AddrHashMap<CommonInterceptorMetadata, 31051> MetadataHashMap;		typedef AddrHashMap<CommonInterceptorMetadata, 31051> MetadataHashMap;
		Lint: Pre-merge checks Inline Actions clang-tidy: error: no template named 'AddrHashMap'; did you mean '__asan::AddrHashMap'? [clang-diagnostic-error] not useful Lint: Pre-merge checks: clang-tidy: error: no template named 'AddrHashMap'; did you mean '__asan::AddrHashMap'? [clang…

static MetadataHashMap *interceptor_metadata_map;		static MetadataHashMap *interceptor_metadata_map;

UNUSED static void SetInterceptorMetadata(__sanitizer_FILE *addr,		UNUSED static void SetInterceptorMetadata(__sanitizer_FILE *addr,
		Lint: Pre-merge checks Inline Actions clang-tidy: error: variable has incomplete type 'void' [clang-diagnostic-error] not useful clang-tidy: error: use of undeclared identifier 'sanitizer_FILE'; did you mean 'sanitizer_cov'? [clang-diagnostic-error] not useful clang-tidy: error: use of undeclared identifier 'addr' [clang-diagnostic-error] not useful Lint: Pre-merge checks: clang-tidy: error: variable has incomplete type 'void' [clang-diagnostic-error] [[https…
const FileMetadata &file) {		const FileMetadata &file) {
		Lint: Pre-merge checks Inline Actions clang-tidy: error: expected expression [clang-diagnostic-error] not useful clang-tidy: error: expected ';' after top level declarator [clang-diagnostic-error] not useful Lint: Pre-merge checks: clang-tidy: error: expected expression [clang-diagnostic-error] [[https://github.
MetadataHashMap::Handle h(interceptor_metadata_map, (uptr)addr);		MetadataHashMap::Handle h(interceptor_metadata_map, (uptr)addr);
CHECK(h.created());		CHECK(h.created());
h->type = CommonInterceptorMetadata::CIMT_FILE;		h->type = CommonInterceptorMetadata::CIMT_FILE;
h->file = file;		h->file = file;
}		}

UNUSED static const FileMetadata *GetInterceptorMetadata(		UNUSED static const FileMetadata *GetInterceptorMetadata(
__sanitizer_FILE *addr) {		__sanitizer_FILE *addr) {
Show All 11 Lines

UNUSED static void DeleteInterceptorMetadata(void *addr) {		UNUSED static void DeleteInterceptorMetadata(void *addr) {
MetadataHashMap::Handle h(interceptor_metadata_map, (uptr)addr, true);		MetadataHashMap::Handle h(interceptor_metadata_map, (uptr)addr, true);
CHECK(h.exists());		CHECK(h.exists());
}		}
#endif // SI_POSIX		#endif // SI_POSIX

#if SANITIZER_INTERCEPT_STRLEN		#if SANITIZER_INTERCEPT_STRLEN
INTERCEPTOR(SIZE_T, strlen, const char *s) {		INTERCEPTOR(SIZE_T, strlen, const char *s) {
		Lint: Pre-merge checks Inline Actions clang-tidy: error: unknown type name 'strlen_type'; did you mean 'true_type'? [clang-diagnostic-error] not useful Lint: Pre-merge checks: clang-tidy: error: unknown type name 'strlen_type'; did you mean 'true_type'? [clang-diagnostic…
// Sometimes strlen is called prior to InitializeCommonInterceptors,		// Sometimes strlen is called prior to InitializeCommonInterceptors,
// in which case the REAL(strlen) typically used in		// in which case the REAL(strlen) typically used in
// COMMON_INTERCEPTOR_ENTER will fail. We use internal_strlen here		// COMMON_INTERCEPTOR_ENTER will fail. We use internal_strlen here
// to handle that.		// to handle that.
if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)		if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)
return internal_strlen(s);		return internal_strlen(s);
		Lint: Pre-merge checks Inline Actions clang-tidy: error: use of undeclared identifier 'internal_strlen'; did you mean '__asan::internal_strlen'? [clang-diagnostic-error] not useful Lint: Pre-merge checks: clang-tidy: error: use of undeclared identifier 'internal_strlen'; did you mean '__asan…
void *ctx;		void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strlen, s);		COMMON_INTERCEPTOR_ENTER(ctx, strlen, s);
		Lint: Pre-merge checks Inline Actions clang-tidy: error: use of undeclared identifier 'COMMON_INTERCEPTOR_ENTER' [clang-diagnostic-error] not useful Lint: Pre-merge checks: clang-tidy: error: use of undeclared identifier 'COMMON_INTERCEPTOR_ENTER' [clang-diagnostic…
SIZE_T result = REAL(strlen)(s);		SIZE_T result = REAL(strlen)(s);
		Lint: Pre-merge checks Inline Actions clang-tidy: error: type '__sanitizer::true_type' does not provide a call operator [clang-diagnostic-error] not useful Lint: Pre-merge checks: clang-tidy: error: type '__sanitizer::true_type' does not provide a call operator [clang…
if (common_flags()->intercept_strlen)		if (common_flags()->intercept_strlen)
		Lint: Pre-merge checks Inline Actions clang-tidy: error: use of undeclared identifier 'common_flags'; did you mean '__asan::common_flags'? [clang-diagnostic-error] not useful Lint: Pre-merge checks: clang-tidy: error: use of undeclared identifier 'common_flags'; did you mean '__asan…
COMMON_INTERCEPTOR_READ_RANGE(ctx, s, result + 1);		COMMON_INTERCEPTOR_READ_RANGE(ctx, s, result + 1);
		Lint: Pre-merge checks Inline Actions clang-tidy: error: use of undeclared identifier 'COMMON_INTERCEPTOR_READ_RANGE' [clang-diagnostic-error] not useful Lint: Pre-merge checks: clang-tidy: error: use of undeclared identifier 'COMMON_INTERCEPTOR_READ_RANGE' [clang…
return result;		return result;
}		}
#define INIT_STRLEN COMMON_INTERCEPT_FUNCTION(strlen)		#define INIT_STRLEN COMMON_INTERCEPT_FUNCTION(strlen)
#else		#else
#define INIT_STRLEN		#define INIT_STRLEN
#endif		#endif

#if SANITIZER_INTERCEPT_STRNLEN		#if SANITIZER_INTERCEPT_STRNLEN
INTERCEPTOR(SIZE_T, strnlen, const char *s, SIZE_T maxlen) {		INTERCEPTOR(SIZE_T, strnlen, const char *s, SIZE_T maxlen) {
void *ctx;		void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strnlen, s, maxlen);		COMMON_INTERCEPTOR_ENTER(ctx, strnlen, s, maxlen);
		Lint: Pre-merge checks Inline Actions clang-tidy: error: use of undeclared identifier 'COMMON_INTERCEPTOR_ENTER' [clang-diagnostic-error] not useful Lint: Pre-merge checks: clang-tidy: error: use of undeclared identifier 'COMMON_INTERCEPTOR_ENTER' [clang-diagnostic…
SIZE_T length = REAL(strnlen)(s, maxlen);		SIZE_T length = REAL(strnlen)(s, maxlen);
if (common_flags()->intercept_strlen)		if (common_flags()->intercept_strlen)
		Lint: Pre-merge checks Inline Actions clang-tidy: error: use of undeclared identifier 'common_flags'; did you mean '__asan::common_flags'? [clang-diagnostic-error] not useful Lint: Pre-merge checks: clang-tidy: error: use of undeclared identifier 'common_flags'; did you mean '__asan…
COMMON_INTERCEPTOR_READ_RANGE(ctx, s, Min(length + 1, maxlen));		COMMON_INTERCEPTOR_READ_RANGE(ctx, s, Min(length + 1, maxlen));
		Lint: Pre-merge checks Inline Actions clang-tidy: error: use of undeclared identifier 'COMMON_INTERCEPTOR_READ_RANGE' [clang-diagnostic-error] not useful clang-tidy: error: use of undeclared identifier 'Min'; did you mean '__asan::Min'? [clang-diagnostic-error] not useful Lint: Pre-merge checks: clang-tidy: error: use of undeclared identifier 'COMMON_INTERCEPTOR_READ_RANGE' [clang…
return length;		return length;
}		}
#define INIT_STRNLEN COMMON_INTERCEPT_FUNCTION(strnlen)		#define INIT_STRNLEN COMMON_INTERCEPT_FUNCTION(strnlen)
#else		#else
#define INIT_STRNLEN		#define INIT_STRNLEN
#endif		#endif

#if SANITIZER_INTERCEPT_STRNDUP		#if SANITIZER_INTERCEPT_STRNDUP
INTERCEPTOR(char, strndup, const char s, uptr size) {		INTERCEPTOR(char, strndup, const char s, uptr size) {
		Lint: Pre-merge checks Inline Actions clang-tidy: error: unknown type name 'uptr' [clang-diagnostic-error] not useful Lint: Pre-merge checks: clang-tidy: error: unknown type name 'uptr' [clang-diagnostic-error] [[https://github.
void *ctx;		void *ctx;
COMMON_INTERCEPTOR_STRNDUP_IMPL(ctx, s, size);		COMMON_INTERCEPTOR_STRNDUP_IMPL(ctx, s, size);
}		}
#define INIT_STRNDUP COMMON_INTERCEPT_FUNCTION(strndup)		#define INIT_STRNDUP COMMON_INTERCEPT_FUNCTION(strndup)
#else		#else
#define INIT_STRNDUP		#define INIT_STRNDUP
#endif // SANITIZER_INTERCEPT_STRNDUP		#endif // SANITIZER_INTERCEPT_STRNDUP

▲ Show 20 Lines • Show All 4,486 Lines • ▼ Show 20 Lines	if (res == 0)
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, name, REAL(strlen)(name) + 1);		COMMON_INTERCEPTOR_WRITE_RANGE(ctx, name, REAL(strlen)(name) + 1);
return res;		return res;
}		}
#define INIT_TTYNAME_R COMMON_INTERCEPT_FUNCTION(ttyname_r);		#define INIT_TTYNAME_R COMMON_INTERCEPT_FUNCTION(ttyname_r);
#else		#else
#define INIT_TTYNAME_R		#define INIT_TTYNAME_R
#endif		#endif

		#if SANITIZER_INTERCEPT_PTSNAME
		INTERCEPTOR(char *, ptsname, int fd) {
		void *ctx;
		COMMON_INTERCEPTOR_ENTER(ctx, ptsname, fd);
		char *res = REAL(ptsname)(fd);
		if (res != nullptr)
		COMMON_INTERCEPTOR_INITIALIZE_RANGE(res, REAL(strlen)(res) + 1);
		labathAuthorUnsubmitted Done Reply Inline Actions I'm not sure I understand the difference between COMMON_INTERCEPTOR_INITIALIZE_RANGE and COMMON_INTERCEPTOR_WRITE_RANGE. For example, I would have expected tsan to warn about concurrent usages of ptsname from different threads (and changing this to WRITE_RANGE does achieve that), but maybe there is a reason why these functions use the INITIALIZE macro (?) labath: I'm not sure I understand the difference between COMMON_INTERCEPTOR_INITIALIZE_RANGE and…
		return res;
		}
		#define INIT_PTSNAME COMMON_INTERCEPT_FUNCTION(ptsname);
		#else
		#define INIT_PTSNAME
		#endif

#if SANITIZER_INTERCEPT_TEMPNAM		#if SANITIZER_INTERCEPT_TEMPNAM
INTERCEPTOR(char , tempnam, char dir, char *pfx) {		INTERCEPTOR(char , tempnam, char dir, char *pfx) {
void *ctx;		void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, tempnam, dir, pfx);		COMMON_INTERCEPTOR_ENTER(ctx, tempnam, dir, pfx);
if (dir) COMMON_INTERCEPTOR_READ_RANGE(ctx, dir, REAL(strlen)(dir) + 1);		if (dir) COMMON_INTERCEPTOR_READ_RANGE(ctx, dir, REAL(strlen)(dir) + 1);
if (pfx) COMMON_INTERCEPTOR_READ_RANGE(ctx, pfx, REAL(strlen)(pfx) + 1);		if (pfx) COMMON_INTERCEPTOR_READ_RANGE(ctx, pfx, REAL(strlen)(pfx) + 1);
char *res = REAL(tempnam)(dir, pfx);		char *res = REAL(tempnam)(dir, pfx);
if (res) COMMON_INTERCEPTOR_INITIALIZE_RANGE(res, REAL(strlen)(res) + 1);		if (res) COMMON_INTERCEPTOR_INITIALIZE_RANGE(res, REAL(strlen)(res) + 1);
▲ Show 20 Lines • Show All 5,257 Lines • ▼ Show 20 Lines	#endif
INIT_PTHREAD_RWLOCKATTR_GETKIND_NP;		INIT_PTHREAD_RWLOCKATTR_GETKIND_NP;
INIT_PTHREAD_CONDATTR_GETPSHARED;		INIT_PTHREAD_CONDATTR_GETPSHARED;
INIT_PTHREAD_CONDATTR_GETCLOCK;		INIT_PTHREAD_CONDATTR_GETCLOCK;
INIT_PTHREAD_BARRIERATTR_GETPSHARED;		INIT_PTHREAD_BARRIERATTR_GETPSHARED;
INIT_TMPNAM;		INIT_TMPNAM;
INIT_TMPNAM_R;		INIT_TMPNAM_R;
INIT_TTYNAME;		INIT_TTYNAME;
INIT_TTYNAME_R;		INIT_TTYNAME_R;
		INIT_PTSNAME;
INIT_TEMPNAM;		INIT_TEMPNAM;
INIT_PTHREAD_SETNAME_NP;		INIT_PTHREAD_SETNAME_NP;
INIT_PTHREAD_GETNAME_NP;		INIT_PTHREAD_GETNAME_NP;
INIT_SINCOS;		INIT_SINCOS;
INIT_REMQUO;		INIT_REMQUO;
INIT_REMQUOL;		INIT_REMQUOL;
INIT_LGAMMA;		INIT_LGAMMA;
INIT_LGAMMAL;		INIT_LGAMMAL;
▲ Show 20 Lines • Show All 127 Lines • Show Last 20 Lines

compiler-rt/lib/sanitizer_common/sanitizer_platform_interceptors.h

Show First 20 Lines • Show All 380 Lines • ▼ Show 20 Lines	#define SANITIZER_INTERCEPT_PTHREAD_CONDATTR_GETCLOCK \
(SI_LINUX_NOT_ANDROID \|\| SI_SOLARIS)		(SI_LINUX_NOT_ANDROID \|\| SI_SOLARIS)
#define SANITIZER_INTERCEPT_PTHREAD_BARRIERATTR_GETPSHARED \		#define SANITIZER_INTERCEPT_PTHREAD_BARRIERATTR_GETPSHARED \
(SI_LINUX_NOT_ANDROID && !SI_NETBSD && !SI_OPENBSD)		(SI_LINUX_NOT_ANDROID && !SI_NETBSD && !SI_OPENBSD)
#define SANITIZER_INTERCEPT_THR_EXIT SI_FREEBSD		#define SANITIZER_INTERCEPT_THR_EXIT SI_FREEBSD
#define SANITIZER_INTERCEPT_TMPNAM SI_POSIX		#define SANITIZER_INTERCEPT_TMPNAM SI_POSIX
#define SANITIZER_INTERCEPT_TMPNAM_R SI_LINUX_NOT_ANDROID \|\| SI_SOLARIS		#define SANITIZER_INTERCEPT_TMPNAM_R SI_LINUX_NOT_ANDROID \|\| SI_SOLARIS
#define SANITIZER_INTERCEPT_TTYNAME SI_POSIX		#define SANITIZER_INTERCEPT_TTYNAME SI_POSIX
#define SANITIZER_INTERCEPT_TTYNAME_R SI_POSIX		#define SANITIZER_INTERCEPT_TTYNAME_R SI_POSIX
		#define SANITIZER_INTERCEPT_PTSNAME SI_POSIX
#define SANITIZER_INTERCEPT_TEMPNAM SI_POSIX		#define SANITIZER_INTERCEPT_TEMPNAM SI_POSIX
#define SANITIZER_INTERCEPT_SINCOS SI_LINUX \|\| SI_SOLARIS		#define SANITIZER_INTERCEPT_SINCOS SI_LINUX \|\| SI_SOLARIS
#define SANITIZER_INTERCEPT_REMQUO SI_POSIX		#define SANITIZER_INTERCEPT_REMQUO SI_POSIX
#define SANITIZER_INTERCEPT_REMQUOL (SI_POSIX && !SI_NETBSD)		#define SANITIZER_INTERCEPT_REMQUOL (SI_POSIX && !SI_NETBSD)
#define SANITIZER_INTERCEPT_LGAMMA SI_POSIX		#define SANITIZER_INTERCEPT_LGAMMA SI_POSIX
#define SANITIZER_INTERCEPT_LGAMMAL (SI_POSIX && !SI_NETBSD)		#define SANITIZER_INTERCEPT_LGAMMAL (SI_POSIX && !SI_NETBSD)
#define SANITIZER_INTERCEPT_LGAMMA_R (SI_FREEBSD \|\| SI_LINUX \|\| SI_SOLARIS)		#define SANITIZER_INTERCEPT_LGAMMA_R (SI_FREEBSD \|\| SI_LINUX \|\| SI_SOLARIS)
#define SANITIZER_INTERCEPT_LGAMMAL_R SI_LINUX_NOT_ANDROID \|\| SI_SOLARIS		#define SANITIZER_INTERCEPT_LGAMMAL_R SI_LINUX_NOT_ANDROID \|\| SI_SOLARIS
▲ Show 20 Lines • Show All 215 Lines • Show Last 20 Lines

compiler-rt/test/msan/Linux/forkpty.cpp

	// RUN: %clangxx_msan -O0 -g %s -lutil -o %t && %run %t			// RUN: %clangxx_msan -O0 -g %s -lutil -o %t && %run %t

	#include <assert.h>			#include <assert.h>
				#include <cstring>
	#include <pty.h>			#include <pty.h>
				#include <stdlib.h>
	#include <unistd.h>			#include <unistd.h>
	#include <cstring>

	#include <sanitizer/msan_interface.h>			#include <sanitizer/msan_interface.h>

	int			int
	main (int argc, char** argv)			main (int argc, char** argv)
	{			{
	int parent, worker;			int parent, worker;
	openpty(&parent, &worker, NULL, NULL, NULL);			openpty(&parent, &worker, NULL, NULL, NULL);
	assert(__msan_test_shadow(&parent, sizeof(parent)) == -1);			assert(__msan_test_shadow(&parent, sizeof(parent)) == -1);
	assert(__msan_test_shadow(&worker, sizeof(worker)) == -1);			assert(__msan_test_shadow(&worker, sizeof(worker)) == -1);

	char name[255];			char name[255];
	ttyname_r(parent, name, sizeof(name));			ttyname_r(parent, name, sizeof(name));
	assert(__msan_test_shadow(name, strlen(name) + 1) == -1);			assert(__msan_test_shadow(name, strlen(name) + 1) == -1);

	char *name_p = ttyname(parent);			char *name_p = ttyname(parent);
	assert(__msan_test_shadow(name_p, strlen(name_p) + 1) == -1);			assert(__msan_test_shadow(name_p, strlen(name_p) + 1) == -1);

				char *ptsname_p = ptsname(parent);
				assert(ptsname_p != nullptr);
				assert(__msan_test_shadow(ptsname_p, strlen(ptsname_p) + 1) == -1);

	int parent2;			int parent2;
	forkpty(&parent2, NULL, NULL, NULL);			forkpty(&parent2, NULL, NULL, NULL);
	assert(__msan_test_shadow(&parent2, sizeof(parent2)) == -1);			assert(__msan_test_shadow(&parent2, sizeof(parent2)) == -1);
	}			}