[libcxx-commits] [PATCH] D132522: [1b/3][compiler-rt][ASan] API for annotating objects memory

Tacet via Phabricator via libcxx-commits libcxx-commits at lists.llvm.org
Mon Sep 19 18:44:33 PDT 2022 

AdvenamTacet updated this revision to Diff 461442.
AdvenamTacet added a comment.

Previous push was designed for a different revision. Sorry for it.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D132522/new/

https://reviews.llvm.org/D132522

Files:
  compiler-rt/include/sanitizer/common_interface_defs.h
  compiler-rt/lib/asan/asan_poisoning.cpp
  compiler-rt/lib/sanitizer_common/sanitizer_common_interface.inc
  compiler-rt/lib/sanitizer_common/sanitizer_interface_internal.h


Index: compiler-rt/lib/sanitizer_common/sanitizer_interface_internal.h
===================================================================
--- compiler-rt/lib/sanitizer_common/sanitizer_interface_internal.h
+++ compiler-rt/lib/sanitizer_common/sanitizer_interface_internal.h
@@ -72,6 +72,8 @@
 const void *__sanitizer_contiguous_container_find_bad_address(const void *beg,
                                                               const void *mid,
                                                               const void *end);
+SANITIZER_INTERFACE_ATTRIBUTE
+int __sanitizer_is_annotable(const void *address, const unsigned long);
 
 SANITIZER_INTERFACE_ATTRIBUTE
 int __sanitizer_get_module_and_offset_for_pc(void *pc, char *module_path,
Index: compiler-rt/lib/sanitizer_common/sanitizer_common_interface.inc
===================================================================
--- compiler-rt/lib/sanitizer_common/sanitizer_common_interface.inc
+++ compiler-rt/lib/sanitizer_common/sanitizer_common_interface.inc
@@ -14,6 +14,7 @@
 INTERFACE_FUNCTION(__sanitizer_set_report_path)
 INTERFACE_FUNCTION(__sanitizer_set_report_fd)
 INTERFACE_FUNCTION(__sanitizer_get_report_path)
+INTERFACE_FUNCTION(__sanitizer_is_annotable)
 INTERFACE_FUNCTION(__sanitizer_verify_contiguous_container)
 INTERFACE_WEAK_FUNCTION(__sanitizer_on_print)
 INTERFACE_WEAK_FUNCTION(__sanitizer_report_error_summary)
Index: compiler-rt/lib/asan/asan_poisoning.cpp
===================================================================
--- compiler-rt/lib/asan/asan_poisoning.cpp
+++ compiler-rt/lib/asan/asan_poisoning.cpp
@@ -342,6 +342,31 @@
   PoisonAlignedStackMemory(addr, size, false);
 }
 
+// Simple check if memory inside the object may be poisoned.
+// User has to make sure that poisoning is possible,
+// that function only provides a basic check.
+// Remember that there are situations when you can poison objects
+// memory even when this function returns false, but
+// you have to know programs structure, and it's not adviced
+// in general.
+//
+// Note: this function is irrelevant for objects
+// keeping content in external memory buffer like <c> vector </c>.
+// It is important for cases like <c> std::basic_string </c> with
+// short string optimization (content is kept in objects memory).
+//
+// If this function returns true (one) and object of
+// interest is [a; c), you always can poison [b;c)
+// and keep [a;b) not poisoned for every b in [a; c).
+int __sanitizer_is_annotable(const void *address_p,
+                             const unsigned long size_v) {
+  uptr address = reinterpret_cast<uptr>(address_p);
+  uptr size = static_cast<uptr>(size_v);
+  uptr granularity = ASAN_SHADOW_GRANULARITY;
+
+  return IsAligned(size, granularity) && IsAligned(address, granularity);
+}
+
 void __sanitizer_annotate_contiguous_container(const void *beg_p,
                                                const void *end_p,
                                                const void *old_mid_p,
Index: compiler-rt/include/sanitizer/common_interface_defs.h
===================================================================
--- compiler-rt/include/sanitizer/common_interface_defs.h
+++ compiler-rt/include/sanitizer/common_interface_defs.h
@@ -105,6 +105,33 @@
 // simultaneously.
 int __sanitizer_acquire_crash_state();
 
+/// Returns true (one) if memory inside the object may be poisoned.
+///
+/// Proper poisoning could occur, for example, with
+/// <c>__sanitizer_annotate_contiguous_container</c>.
+/// Memory of the object may be poisoned only if:
+/// - sizeof(obj) % ASAN_GRANULARITY == 0
+/// - &obj % ASAN_GRANULARITY == 0
+///
+/// Note: user is responsible for consideration of how
+/// memory is poisoned inside the object, that function
+/// provides a very basic check.
+///
+/// Note: this function is irrelevant for objects
+/// keeping content in external memory buffer like <c> vector </c>.
+/// It is important for cases like <c> std::basic_string </c> with
+/// short string optimization (content is kept in objects memory).
+///
+/// If this function returns true (one) and object of interest is
+/// [a; c), you always can poison [b;c) and keep [a;b)
+/// not poisoned for every b in [a; c).
+///
+/// \param address  Address of the object <c> &obj </c>
+/// \param size Size of the object <c> sizeof(obj) </c>
+///
+/// \returns True if memory of the object may be poisoned.
+int __sanitizer_is_annotable(const void *address, const unsigned long size);
+
 /// Annotates the current state of a contiguous container, such as
 /// <c>std::vector</c>, <c>std::string</c>, or similar.
 ///


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D132522.461442.patch
Type: text/x-patch
Size: 4615 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/libcxx-commits/attachments/20220920/128598f1/attachment.bin>

More information about the libcxx-commits mailing list