16 Commits

Author SHA1 Message Date
Tacet
c76045d9bf
[compiler-rt][ASan] Add function copying annotations (#91702)
This PR adds a `__sanitizer_copy_contiguous_container_annotations`
function, which copies annotations from one memory area to another. New
area is annotated in the same way as the old region at the beginning
(within limitations of ASan).

Overlapping case: The function supports overlapping containers, however
no assumptions should be made outside of no false positives in new
buffer area. (It doesn't modify old container annotations where it's not
necessary, false negatives may happen in edge granules of the new
container area.) I don't expect this function to be used with
overlapping buffers, but it's designed to work with them and not result
in incorrect ASan errors (false positives).

If buffers have granularity-aligned distance between them (`old_beg %
granularity == new_beg % granularity`), copying algorithm works faster.
If the distance is not granularity-aligned, annotations are copied byte
after byte.

```cpp
void __sanitizer_copy_contiguous_container_annotations(
    const void *old_storage_beg_p, const void *old_storage_end_p,
    const void *new_storage_beg_p, const void *new_storage_end_p) {
```

This function aims to help with short string annotations and similar
container annotations. Right now we change trait types of
`std::basic_string` when compiling with ASan and this function purpose
is reverting that change as soon as possible.


87f3407856/libcxx/include/string (L738-L751)

The goal is to not change `__trivially_relocatable` when compiling with
ASan. If this function is accepted and upstreamed, the next step is
creating a function like `__memcpy_with_asan` moving memory with ASan.
And then using this function instead of `__builtin__memcpy` while moving
trivially relocatable objects.


11a6799740/libcxx/include/__memory/uninitialized_algorithms.h (L644-L646)

---

I'm thinking if there is a good way to address fact that in a container
the new buffer is usually bigger than the previous one. We may add two
more arguments to the functions to address it (the beginning and the end
of the whole buffer.

Another potential change is removing `new_storage_end_p` as it's
redundant, because we require the same size.

Potential future work is creating a function `__asan_unsafe_memmove`,
which will be basically memmove, but with turned off instrumentation
(therefore it will allow copy data from poisoned area).

---------

Co-authored-by: Vitaly Buka <vitalybuka@google.com>
2024-10-15 13:26:39 +02:00
Fangrui Song
ba66d60b1c
[sanitizer] Replace ALIGNED with alignas
C++11 `alignas` is already used extensively. `alignas` must precede
`static`, so adjust the ordering accordingly.

msan.cpp: Clang 15 doesn't allow `__attribute__((visibility("default"))) alignas(16)`.
Use the order `alignas(16) SANITIZER_INTERFACE_ATTRIBUTE`. Tested with Clang 7.

Pull Request: https://github.com/llvm/llvm-project/pull/98958
2024-07-15 16:12:42 -07:00
Enna1
64790064e8
[asan] Use InternalMmapVectorNoCtor for error_message_buffer, reallocate if needed (#77488)
- Add a param `raw_report` which defaults to false for function
`UnmapOrDie()` like we do for `MmapOrDie()`
- Add a template param `raw_report` which defaults to false for class
`InternalMmapVectorNoCtor`. `raw_report` will be passed to `MmapOrDie()`
and `UnmapOrDie()` when they are called in class
`InternalMmapVectorNoCtor` member functions.
- Use `InternalMmapVectorNoCtor<char, true>` for `error_message_buffer`
and reallocate if needed.
2024-02-19 10:27:54 +08:00
Vitaly Buka
5b7dfa968f
[NFC][sanitizer] Rename InternalScopedString::append to AppendF (#66558)
Prepare to introduce trivial InternalScopedString::Append(const char*).
2023-09-15 17:06:20 -07:00
Advenam Tacet
1c5ad6d2c0 [1a/3][ASan][compiler-rt] API for double ended containers
This revision is a part of a series of patches extending
AddressSanitizer C++ container overflow detection capabilities by adding
annotations, similar to those existing in std::vector, to std::string
and std::deque collections. These changes allow ASan to detect cases
when the instrumented program accesses memory which is internally
allocated by the collection but is still not in-use (accesses before or
after the stored elements for std::deque, or between the size and
capacity bounds for std::string).

The motivation for the research and those changes was a bug, found by
Trail of Bits, in a real code where an out-of-bounds read could happen
as two strings were compared via a std::equals function that took
iter1_begin, iter1_end, iter2_begin iterators (with a custom comparison
function). When object iter1 was longer than iter2, read out-of-bounds
on iter2 could happen. Container sanitization would detect it.

This revision adds a new compiler-rt ASan sanitization API function
sanitizer_annotate_double_ended_contiguous_container necessary to
sanitize/annotate double ended contiguous containers. Note that that
function annotates a single contiguous memory buffer (for example the
std::deque's internal chunk). Such containers have the beginning of
allocated memory block, beginning of the container in-use data, end of
the container's in-use data and the end of the allocated memory block.
This also adds a new API function to verify if a double ended contiguous
container is correctly annotated
(__sanitizer_verify_double_ended_contiguous_container).

Since we do not modify the ASan's shadow memory encoding values, the
capability of sanitizing/annotating a prefix of the internal contiguous
memory buffer is limited – up to SHADOW_GRANULARITY-1 bytes may not be
poisoned before the container's in-use data. This can cause false
negatives (situations when ASan will not detect memory corruption in
those areas).

On the other hand, API function interfaces are designed to work even if
this caveat would not exist. Therefore implementations using those
functions will poison every byte correctly, if only ASan (and
compiler-rt) is extended to support it. In other words, if ASan was
modified to support annotating/poisoning of objects lying on addresses
unaligned to SHADOW_GRANULARITY (so e.g. prefixes of those blocks),
which would require changing its shadow memory encoding, this would not
require any changes in the libcxx std::string/deque code which is added
in further commits of this patch series.

If you have any questions, please email:
advenam.tacet@trailofbits.com
disconnect3d@trailofbits.com

Differential Revision: https://reviews.llvm.org/D132090
2022-11-21 16:38:52 -08:00
Dmitry Vyukov
595d340dce sanitizer_common: make internal/external headers compatible
This is a follow up to 4f3f4d672254
("sanitizer_common: fix __sanitizer_get_module_and_offset_for_pc signature mismatch")
which fixes a similar problem for msan build.

I am getting the following error compiling a unit test for code that
uses sanitizer_common headers and googletest transitively includes
sanitizer interface headers:

In file included from third_party/gwp_sanitizers/singlestep_test.cpp:3:
In file included from sanitizer_common/sanitizer_common.h:19:
sanitizer_interface_internal.h:41:5: error: typedef redefinition with different types
('struct __sanitizer_sandbox_arguments' vs 'struct __sanitizer_sandbox_arguments')
  } __sanitizer_sandbox_arguments;
common_interface_defs.h:39:3: note: previous definition is here
} __sanitizer_sandbox_arguments;

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D119546
2022-02-11 19:39:44 +01:00
Kirill Stoimenov
a489d6c5e0 [ASan] Moved __asan_test_only_reported_buggy_pointer to ReportGenericError, which is needed for shared optimzied callback tests.
Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D114486
2021-11-24 09:54:13 -08:00
Martin Liska
629b40dafa Fix -Wformat warnings reported by GCC.
Differential Revision: https://reviews.llvm.org/D113099
2021-11-04 08:51:43 +01:00
Kazuaki Ishizaki
a1e7e401d2 [compiler-rt] NFC: Fix trivial typo
Reviewed By: xgupta

Differential Revision: https://reviews.llvm.org/D77457
2021-09-04 14:12:58 +05:30
Dmitry Vyukov
56debbf52e sanitizers: switch BlockingMutex(LINKER_INITIALIZED) to Mutex
Mutex does not support LINKER_INITIALIZED support.
As preparation to switching BlockingMutex to Mutex,
proactively replace all BlockingMutex(LINKER_INITIALIZED) to Mutex.
All of these are objects with static storage duration and Mutex ctor
is constexpr, so it should be equivalent.

Reviewed By: melver

Differential Revision: https://reviews.llvm.org/D106944
2021-07-28 15:09:34 +02:00
Teresa Johnson
31bc55d602 [sanitizer] Convert PrintModuleMap to DumpProcessMap
As discussed in the review for D87120 (specifically at
https://reviews.llvm.org/D87120#inline-831939), clean up PrintModuleMap
and DumpProcessMap usage differences. The former is only implemented for
Mac OSX, whereas the latter is implemented for all OSes. The former is
called by asan and tsan, and the latter by hwasan and now memprof, under
the same option. Simply rename the PrintModuleMap implementation for Mac
to DumpProcessMap, remove other empty PrintModuleMap implementations,
and convert asan/tsan to new name. The existing posix DumpProcessMap is
disabled for SANITIZER_MAC.

Differential Revision: https://reviews.llvm.org/D89630
2020-10-21 12:46:49 -07:00
Kamil Rytarowski
85e578f53a [compiler-rt] Replace INLINE with inline
This fixes the clash with BSD headers.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D87562
2020-09-17 16:24:20 +02:00
Dan Liew
445b810fbd [ASan] Fix issue where system log buffer was not cleared after reporting an issue.
Summary:
When ASan reports an issue the contents of the system log buffer
(`error_message_buffer`) get flushed to the system log (via
`LogFullErrorReport()`). After this happens the buffer is not cleared
but this is usually fine because the process usually exits soon after
reporting the issue.

However, when ASan runs in `halt_on_error=0` mode execution continues
without clearing the buffer. This leads to problems if more ASan
issues are found and reported.

1. Duplicate ASan reports in the system log. The Nth (start counting from 1)
ASan report  will be duplicated (M - N) times in the system log if M is the
number of ASan issues reported.

2. Lost ASan reports. Given a sufficient
number of reports the buffer will fill up and consequently cannot be appended
to. This means reports can be lost.

The fix here is to reset `error_message_buffer_pos` to 0 which
effectively clears the system log buffer.

A test case is included but unfortunately it is Darwin specific because
querying the system log is an OS specific activity.

rdar://problem/55986279

Reviewers: kubamracek, yln, vitalybuka, kcc, filcab

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D76749
2020-03-26 10:56:17 -07:00
Vitaly Buka
d2af368aee [compiler-rt] Remove some cpplint filters
llvm-svn: 371704
2019-09-12 02:20:36 +00:00
Vitaly Buka
c0fa632236 Remove NOLINTs from compiler-rt
llvm-svn: 371687
2019-09-11 23:19:48 +00:00
Nico Weber
217222abea compiler-rt: Rename .cc file in lib/asan to .cpp
Like r367463, but for asan.

llvm-svn: 367558
2019-08-01 13:43:28 +00:00