[libcxx-commits] [PATCH] D136765: [ASan][libcxx] Annotating std::vector with all allocators
Nikolas Klauser via Phabricator via libcxx-commits
libcxx-commits at lists.llvm.org
Mon Feb 27 07:31:17 PST 2023
philnik added a comment.
In D136765#4155262 <https://reviews.llvm.org/D136765#4155262>, @hans wrote:
> I'm afraid we did hit an issue with this in Chromium, but I think it points to a more fundamental problem with these annotations rather than this patch.
>
> The issue is that we have some code using an arena allocator to allocate a bunch of objects, including vectors and their backing memory. Then instead of tracking the lifetimes of those objects, the arena is cleared, and the memory recycled for next time. That means the vector destructors don't run, so some memory is left in the arena with container annotations, causing errors when it's reused.
>
> I've created a reproducer at https://bugs.chromium.org/p/chromium/issues/detail?id=1419798#c5
>
> This could have happened before this patch too, if the user overloaded the global operator new and delete for example.
>
> The question is what to do about it. I don't think there's an easy way for the allocator to remove the container annotations when recycling the memory?
I think it's pretty clear that what you are doing is UB, so IMO we want to catch this generally. I don't think there is an easy way to unpoison the memory other than running the destructors. We could add an escape hatch through the allocator traits, but that would of course mean that you don't get the additional coverage for that allocator.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D136765/new/
https://reviews.llvm.org/D136765
More information about the libcxx-commits
mailing list