[libcxx-commits] [PATCH] D132092: [2a/3][ASan][libcxx] std::deque annotations
Tacet via Phabricator via libcxx-commits
libcxx-commits at lists.llvm.org
Wed Aug 17 18:19:55 PDT 2022
AdvenamTacet created this revision.
Herald added a project: All.
AdvenamTacet requested review of this revision.
Herald added a project: libc++.
Herald added a subscriber: libcxx-commits.
Herald added a reviewer: libc++.
This commit is a part of patches extending AddressSanitizer
C++ container overflow detection capabilities by adding annotations,
similar to those existing in std::vector, to std::string and
std::deque collections. These changes allow ASan to detect cases
when the instrumented program accesses memory which is internally
allocated by the collection but is still not in-use
(accesses before or after the stored elements for std::deque,
or between the size and capacity bounds for std::string).
Trail of Bits developed this as part of a research project where
we tried to find bugs using the oss-fuzz
(using llvm-14 with our modifications) harnesses.
Now, we want to upstream the llvm-15 port of this work.
That commit adds ASan annotations to std::deque.
Every std::deque chunk (contiguous memory block used by the container)
is annotated separately and API functions from [1a/3]
are used for that purpose.
Regarding performance, the introduced changes only affect cases when
a std::deque object is created or has an element added or removed.
It is similar to std::vector in that aspect.
The commit also adds unit tests for those annotations and
a compiler-rt function,
__sanitizer_verify_de_contiguous_container,
which is used within those tests.
This function can also be used in the future to verify
the sanitization/annotation verification of other
double ended contiguous containers.
Also please note that
the is_de_contiguous_container_asan_correct function
can only verify std::deque objects whose memory is never poisoned
by elements inside.
Therefore it cannot be and is not used within the tests with
a sanitized std::basic_string implementation
(which is added in the next commit in this patch series).
Structure of our patches:
[1a/3][ASan][compiler-rt] API for double ended containers
[1b/3][ASan][compiler-rt] API for annotating objects memory
[2a/3][ASan][libcxx] std::deque annotations
[2b/3][ASan][libcxx] std::basic_string annotations
[3/3][ASan] integration test for std::deque and std::basic_string annotations
1a -> 2a -
\
--> 3
/
1b -> 2b -
If you have any questions, please email:
- advenam.tacet at trailofbits.com
- disconnect3d at trailofbits.com
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D132092
Files:
libcxx/include/deque
libcxx/test/std/containers/sequences/deque/deque.asan/assign.pass.cpp
libcxx/test/std/containers/sequences/deque/deque.asan/clear.pass.cpp
libcxx/test/std/containers/sequences/deque/deque.asan/constructor.pass.cpp
libcxx/test/std/containers/sequences/deque/deque.asan/emplace_constructible.pass.cpp
libcxx/test/std/containers/sequences/deque/deque.asan/erase.pass.cpp
libcxx/test/std/containers/sequences/deque/deque.asan/insert.pass.cpp
libcxx/test/std/containers/sequences/deque/deque.asan/pop_back.pass.cpp
libcxx/test/std/containers/sequences/deque/deque.asan/pop_front.pass.cpp
libcxx/test/std/containers/sequences/deque/deque.asan/push_back.pass.cpp
libcxx/test/std/containers/sequences/deque/deque.asan/push_front.pass.cpp
libcxx/test/std/containers/sequences/deque/deque.asan/resize.pass.cpp
libcxx/test/std/containers/sequences/deque/deque.asan/shrink_to_fit.pass.cpp
libcxx/test/std/containers/sequences/deque/deque.asan/swap.pass.cpp
libcxx/test/support/asan_testing.h
upstream-deque-rev-2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D132092.453498.patch
Type: text/x-patch
Size: 295305 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/libcxx-commits/attachments/20220818/b7f2a09b/attachment-0001.bin>
More information about the libcxx-commits
mailing list