[llvm-commits] [compiler-rt] r168046 - in /compiler-rt/trunk/lib/asan: asan_allocator.cc asan_internal.h asan_report.cc asan_thread.cc
Alexander Potapenko
glider at google.com
Tue Nov 20 06:04:18 PST 2012
s/free/return
On Tue, Nov 20, 2012 at 6:03 PM, Alexander Potapenko <glider at google.com> wrote:
> I guess we must enable use-after-free tests on our bots in order to
> cover this better.
>
> On Tue, Nov 20, 2012 at 1:41 PM, Alexey Samsonov <samsonov at google.com> wrote:
>> This fix is completely wrong: FakeStack::AddrIsInFakeStack(addr)
>> doesn't return a fake stack frame containing "addr", but a pointer to
>> a mapped memory region containing a bunch of fake stack frames of the same
>> size.
>>
>> On Thu, Nov 15, 2012 at 7:45 PM, Kostya Serebryany <kcc at google.com> wrote:
>>>
>>> Thanks!
>>>
>>>
>>> On Thu, Nov 15, 2012 at 7:24 AM, Alexander Potapenko <glider at google.com>
>>> wrote:
>>>>
>>>> Author: glider
>>>> Date: Thu Nov 15 09:24:42 2012
>>>> New Revision: 168046
>>>>
>>>> URL: http://llvm.org/viewvc/llvm-project?rev=168046&view=rev
>>>> Log:
>>>> [ASan] Revert r168040 and r168043 and take a cleaner solution suggested
>>>> by Kostya: return the known frame name for fake stack instead of looking it
>>>> up.
>>>>
>>>> Modified:
>>>> compiler-rt/trunk/lib/asan/asan_allocator.cc
>>>> compiler-rt/trunk/lib/asan/asan_internal.h
>>>> compiler-rt/trunk/lib/asan/asan_report.cc
>>>> compiler-rt/trunk/lib/asan/asan_thread.cc
>>>>
>>>> Modified: compiler-rt/trunk/lib/asan/asan_allocator.cc
>>>> URL:
>>>> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_allocator.cc?rev=168046&r1=168045&r2=168046&view=diff
>>>>
>>>> ==============================================================================
>>>> --- compiler-rt/trunk/lib/asan/asan_allocator.cc (original)
>>>> +++ compiler-rt/trunk/lib/asan/asan_allocator.cc Thu Nov 15 09:24:42 2012
>>>> @@ -998,10 +998,6 @@
>>>> CHECK(fake_frame->descr != 0);
>>>> CHECK(fake_frame->size_minus_one == size - 1);
>>>> PoisonShadow(ptr, size, kAsanStackAfterReturnMagic);
>>>> - CHECK(size >= SHADOW_GRANULARITY);
>>>> - // Poison the leftmost shadow byte with a special value so that we can
>>>> find
>>>> - // the beginning of the fake frame when reporting an error.
>>>> - PoisonShadow(ptr, SHADOW_GRANULARITY, kAsanStackAfterReturnLeftMagic);
>>>> }
>>>>
>>>> } // namespace __asan
>>>>
>>>> Modified: compiler-rt/trunk/lib/asan/asan_internal.h
>>>> URL:
>>>> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_internal.h?rev=168046&r1=168045&r2=168046&view=diff
>>>>
>>>> ==============================================================================
>>>> --- compiler-rt/trunk/lib/asan/asan_internal.h (original)
>>>> +++ compiler-rt/trunk/lib/asan/asan_internal.h Thu Nov 15 09:24:42 2012
>>>> @@ -160,7 +160,6 @@
>>>> const int kAsanStackAfterReturnMagic = 0xf5;
>>>> const int kAsanInitializationOrderMagic = 0xf6;
>>>> const int kAsanUserPoisonedMemoryMagic = 0xf7;
>>>> -const int kAsanStackAfterReturnLeftMagic = 0xf8;
>>>> const int kAsanGlobalRedzoneMagic = 0xf9;
>>>> const int kAsanInternalHeapMagic = 0xfe;
>>>>
>>>>
>>>> Modified: compiler-rt/trunk/lib/asan/asan_report.cc
>>>> URL:
>>>> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_report.cc?rev=168046&r1=168045&r2=168046&view=diff
>>>>
>>>> ==============================================================================
>>>> --- compiler-rt/trunk/lib/asan/asan_report.cc (original)
>>>> +++ compiler-rt/trunk/lib/asan/asan_report.cc Thu Nov 15 09:24:42 2012
>>>> @@ -450,7 +450,6 @@
>>>> bug_descr = "stack-buffer-overflow";
>>>> break;
>>>> case kAsanStackAfterReturnMagic:
>>>> - case kAsanStackAfterReturnLeftMagic:
>>>> bug_descr = "stack-use-after-return";
>>>> break;
>>>> case kAsanUserPoisonedMemoryMagic:
>>>>
>>>> Modified: compiler-rt/trunk/lib/asan/asan_thread.cc
>>>> URL:
>>>> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_thread.cc?rev=168046&r1=168045&r2=168046&view=diff
>>>>
>>>> ==============================================================================
>>>> --- compiler-rt/trunk/lib/asan/asan_thread.cc (original)
>>>> +++ compiler-rt/trunk/lib/asan/asan_thread.cc Thu Nov 15 09:24:42 2012
>>>> @@ -118,41 +118,35 @@
>>>>
>>>> const char *AsanThread::GetFrameNameByAddr(uptr addr, uptr *offset) {
>>>> uptr bottom = 0;
>>>> - bool is_fake_stack = false;
>>>> if (AddrIsInStack(addr)) {
>>>> bottom = stack_bottom();
>>>> } else {
>>>> bottom = fake_stack().AddrIsInFakeStack(addr);
>>>> CHECK(bottom);
>>>> - is_fake_stack = true;
>>>> + *offset = addr - bottom;
>>>> + return (const char *)((uptr*)bottom)[1];
>>>> }
>>>> uptr aligned_addr = addr & ~(__WORDSIZE/8 - 1); // align addr.
>>>> u8 *shadow_ptr = (u8*)MemToShadow(aligned_addr);
>>>> u8 *shadow_bottom = (u8*)MemToShadow(bottom);
>>>>
>>>> while (shadow_ptr >= shadow_bottom &&
>>>> - *shadow_ptr != kAsanStackLeftRedzoneMagic &&
>>>> - *shadow_ptr != kAsanStackAfterReturnLeftMagic) {
>>>> + *shadow_ptr != kAsanStackLeftRedzoneMagic) {
>>>> shadow_ptr--;
>>>> }
>>>>
>>>> while (shadow_ptr >= shadow_bottom &&
>>>> - (*shadow_ptr == kAsanStackLeftRedzoneMagic ||
>>>> - *shadow_ptr == kAsanStackAfterReturnLeftMagic)) {
>>>> + *shadow_ptr == kAsanStackLeftRedzoneMagic) {
>>>> shadow_ptr--;
>>>> }
>>>>
>>>> if (shadow_ptr < shadow_bottom) {
>>>> - // If we're one byte below the fake stack bottom, we've found the
>>>> frame.
>>>> - if (!is_fake_stack || (*shadow_bottom !=
>>>> kAsanStackAfterReturnLeftMagic)) {
>>>> - *offset = 0;
>>>> - return "UNKNOWN";
>>>> - }
>>>> + *offset = 0;
>>>> + return "UNKNOWN";
>>>> }
>>>>
>>>> uptr* ptr = (uptr*)SHADOW_TO_MEM((uptr)(shadow_ptr + 1));
>>>> - CHECK((ptr[0] == kCurrentStackFrameMagic) ||
>>>> - (is_fake_stack && ptr[0] == kRetiredStackFrameMagic));
>>>> + CHECK(ptr[0] == kCurrentStackFrameMagic);
>>>> *offset = addr - (uptr)ptr;
>>>> return (const char*)ptr[1];
>>>> }
>>>>
>>>>
>>>> _______________________________________________
>>>> llvm-commits mailing list
>>>> llvm-commits at cs.uiuc.edu
>>>> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>>>
>>>
>>>
>>> _______________________________________________
>>> llvm-commits mailing list
>>> llvm-commits at cs.uiuc.edu
>>> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>>>
>>
>>
>>
>> --
>> Alexey Samsonov, MSK
>>
>
>
>
> --
> Alexander Potapenko
> Software Engineer
> Google Moscow
--
Alexander Potapenko
Software Engineer
Google Moscow
More information about the llvm-commits
mailing list