[compiler-rt] r222520 - [asan] Runtime support for asan-instrument-allocas which enables instrumentation of variable-sized dynamic allocas. Patch by Max Ostapenko.
Yury Gribov
y.gribov at samsung.com
Fri Nov 21 02:32:06 PST 2014
Author: ygribov
Date: Fri Nov 21 04:32:05 2014
New Revision: 222520
URL: http://llvm.org/viewvc/llvm-project?rev=222520&view=rev
Log:
[asan] Runtime support for asan-instrument-allocas which enables instrumentation of variable-sized dynamic allocas. Patch by Max Ostapenko.
Reviewed at http://reviews.llvm.org/D6055
Added:
compiler-rt/trunk/test/asan/TestCases/alloca_big_alignment.cc
compiler-rt/trunk/test/asan/TestCases/alloca_detect_custom_size_.cc
compiler-rt/trunk/test/asan/TestCases/alloca_instruments_all_paddings.cc
compiler-rt/trunk/test/asan/TestCases/alloca_overflow_partial.cc
compiler-rt/trunk/test/asan/TestCases/alloca_overflow_right.cc
compiler-rt/trunk/test/asan/TestCases/alloca_safe_access.cc
compiler-rt/trunk/test/asan/TestCases/alloca_underflow_left.cc
Modified:
compiler-rt/trunk/lib/asan/asan_internal.h
compiler-rt/trunk/lib/asan/asan_report.cc
Modified: compiler-rt/trunk/lib/asan/asan_internal.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_internal.h?rev=222520&r1=222519&r2=222520&view=diff
==============================================================================
--- compiler-rt/trunk/lib/asan/asan_internal.h (original)
+++ compiler-rt/trunk/lib/asan/asan_internal.h Fri Nov 21 04:32:05 2014
@@ -136,6 +136,8 @@ const int kAsanGlobalRedzoneMagic = 0xf9
const int kAsanInternalHeapMagic = 0xfe;
const int kAsanArrayCookieMagic = 0xac;
const int kAsanIntraObjectRedzone = 0xbb;
+const int kAsanAllocaLeftMagic = 0xca;
+const int kAsanAllocaRightMagic = 0xcb;
static const uptr kCurrentStackFrameMagic = 0x41B58AB3;
static const uptr kRetiredStackFrameMagic = 0x45E0360E;
Modified: compiler-rt/trunk/lib/asan/asan_report.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_report.cc?rev=222520&r1=222519&r2=222520&view=diff
==============================================================================
--- compiler-rt/trunk/lib/asan/asan_report.cc (original)
+++ compiler-rt/trunk/lib/asan/asan_report.cc Fri Nov 21 04:32:05 2014
@@ -87,6 +87,8 @@ class Decorator: public __sanitizer::San
return Cyan();
case kAsanUserPoisonedMemoryMagic:
case kAsanContiguousContainerOOBMagic:
+ case kAsanAllocaLeftMagic:
+ case kAsanAllocaRightMagic:
return Blue();
case kAsanStackUseAfterScopeMagic:
return Magenta();
@@ -173,6 +175,8 @@ static void PrintLegend(InternalScopedSt
PrintShadowByte(str, " Intra object redzone: ",
kAsanIntraObjectRedzone);
PrintShadowByte(str, " ASan internal: ", kAsanInternalHeapMagic);
+ PrintShadowByte(str, " Left alloca redzone: ", kAsanAllocaLeftMagic);
+ PrintShadowByte(str, " Right alloca redzone: ", kAsanAllocaRightMagic);
}
void MaybeDumpInstructionBytes(uptr pc) {
@@ -982,6 +986,10 @@ void __asan_report_error(uptr pc, uptr b
case kAsanIntraObjectRedzone:
bug_descr = "intra-object-overflow";
break;
+ case kAsanAllocaLeftMagic:
+ case kAsanAllocaRightMagic:
+ bug_descr = "dynamic-stack-buffer-overflow";
+ break;
}
}
Added: compiler-rt/trunk/test/asan/TestCases/alloca_big_alignment.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/alloca_big_alignment.cc?rev=222520&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/alloca_big_alignment.cc (added)
+++ compiler-rt/trunk/test/asan/TestCases/alloca_big_alignment.cc Fri Nov 21 04:32:05 2014
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-allocas %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+//
+
+#include <assert.h>
+
+__attribute__((noinline)) void foo(int index, int len) {
+ volatile char str[len] __attribute__((aligned(128)));
+ assert(!(reinterpret_cast<long>(str) & 127L));
+ str[index] = '1'; // BOOM
+// CHECK: ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+}
+
+int main(int argc, char **argv) {
+ foo(10, 10);
+ return 0;
+}
Added: compiler-rt/trunk/test/asan/TestCases/alloca_detect_custom_size_.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/alloca_detect_custom_size_.cc?rev=222520&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/alloca_detect_custom_size_.cc (added)
+++ compiler-rt/trunk/test/asan/TestCases/alloca_detect_custom_size_.cc Fri Nov 21 04:32:05 2014
@@ -0,0 +1,23 @@
+// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-allocas %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+//
+
+#include <assert.h>
+
+struct A {
+ char a[3];
+ int b[3];
+};
+
+__attribute__((noinline)) void foo(int index, int len) {
+ volatile struct A str[len] __attribute__((aligned(32)));
+ assert(!(reinterpret_cast<long>(str) & 31L));
+ str[index].a[0] = '1'; // BOOM
+// CHECK: ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+}
+
+int main(int argc, char **argv) {
+ foo(10, 10);
+ return 0;
+}
Added: compiler-rt/trunk/test/asan/TestCases/alloca_instruments_all_paddings.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/alloca_instruments_all_paddings.cc?rev=222520&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/alloca_instruments_all_paddings.cc (added)
+++ compiler-rt/trunk/test/asan/TestCases/alloca_instruments_all_paddings.cc Fri Nov 21 04:32:05 2014
@@ -0,0 +1,23 @@
+// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-allocas %s -o %t
+// RUN: %run %t 2>&1
+//
+
+#include "sanitizer/asan_interface.h"
+#include <assert.h>
+
+__attribute__((noinline)) void foo(int index, int len) {
+ volatile char str[len] __attribute__((aligned(32)));
+ assert(!(reinterpret_cast<long>(str) & 31L));
+ char *q = (char *)__asan_region_is_poisoned((char *)str, 64);
+ assert(q && ((q - str) == index));
+}
+
+int main(int argc, char **argv) {
+ for (int i = 1; i < 33; ++i)
+ foo(i, i);
+
+ for (int i = 1; i < 33; ++i)
+ foo(i, i);
+
+ return 0;
+}
Added: compiler-rt/trunk/test/asan/TestCases/alloca_overflow_partial.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/alloca_overflow_partial.cc?rev=222520&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/alloca_overflow_partial.cc (added)
+++ compiler-rt/trunk/test/asan/TestCases/alloca_overflow_partial.cc Fri Nov 21 04:32:05 2014
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-allocas %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+//
+
+#include <assert.h>
+
+__attribute__((noinline)) void foo(int index, int len) {
+ volatile char str[len] __attribute__((aligned(32)));
+ assert(!(reinterpret_cast<long>(str) & 31L));
+ str[index] = '1'; // BOOM
+// CHECK: ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+}
+
+int main(int argc, char **argv) {
+ foo(10, 10);
+ return 0;
+}
Added: compiler-rt/trunk/test/asan/TestCases/alloca_overflow_right.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/alloca_overflow_right.cc?rev=222520&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/alloca_overflow_right.cc (added)
+++ compiler-rt/trunk/test/asan/TestCases/alloca_overflow_right.cc Fri Nov 21 04:32:05 2014
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-allocas %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+//
+
+#include <assert.h>
+
+__attribute__((noinline)) void foo(int index, int len) {
+ volatile char str[len] __attribute__((aligned(32)));
+ assert(!(reinterpret_cast<long>(str) & 31L));
+ str[index] = '1'; // BOOM
+// CHECK: ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+}
+
+int main(int argc, char **argv) {
+ foo(33, 10);
+ return 0;
+}
Added: compiler-rt/trunk/test/asan/TestCases/alloca_safe_access.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/alloca_safe_access.cc?rev=222520&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/alloca_safe_access.cc (added)
+++ compiler-rt/trunk/test/asan/TestCases/alloca_safe_access.cc Fri Nov 21 04:32:05 2014
@@ -0,0 +1,17 @@
+// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-allocas %s -o %t
+// RUN: %run %t 2>&1
+//
+
+#include <assert.h>
+
+__attribute__((noinline)) void foo(int index, int len) {
+ volatile char str[len] __attribute__((aligned(32)));
+ assert(!(reinterpret_cast<long>(str) & 31L));
+ str[index] = '1';
+}
+
+int main(int argc, char **argv) {
+ foo(4, 5);
+ foo(39, 40);
+ return 0;
+}
Added: compiler-rt/trunk/test/asan/TestCases/alloca_underflow_left.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/alloca_underflow_left.cc?rev=222520&view=auto
==============================================================================
--- compiler-rt/trunk/test/asan/TestCases/alloca_underflow_left.cc (added)
+++ compiler-rt/trunk/test/asan/TestCases/alloca_underflow_left.cc Fri Nov 21 04:32:05 2014
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-allocas %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s
+//
+
+#include <assert.h>
+
+__attribute__((noinline)) void foo(int index, int len) {
+ volatile char str[len] __attribute__((aligned(32)));
+ assert(!(reinterpret_cast<long>(str) & 31L));
+ str[index] = '1'; // BOOM
+// CHECK: ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+}
+
+int main(int argc, char **argv) {
+ foo(-1, 10);
+ return 0;
+}
More information about the llvm-commits
mailing list