[llvm-commits] [compiler-rt] r160620 - in /compiler-rt/trunk/lib/asan: asan_interceptors.cc asan_mapping.h asan_rtl.cc tests/asan_noinst_test.cc

Alexander Potapenko glider at google.com
Mon Jul 23 01:22:28 PDT 2012 

Author: glider
Date: Mon Jul 23 03:22:27 2012
New Revision: 160620

URL: http://llvm.org/viewvc/llvm-project?rev=160620&view=rev
Log:
For wild addresses in the shadow or shadow gap areas print an error message instead of crashing on a check.
Add AddressSanitizer.MemsetWildAddressTest that makes sure a proper error message is printed.

Modified:
    compiler-rt/trunk/lib/asan/asan_interceptors.cc
    compiler-rt/trunk/lib/asan/asan_mapping.h
    compiler-rt/trunk/lib/asan/asan_rtl.cc
    compiler-rt/trunk/lib/asan/tests/asan_noinst_test.cc

Modified: compiler-rt/trunk/lib/asan/asan_interceptors.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_interceptors.cc?rev=160620&r1=160619&r2=160620&view=diff
==============================================================================
--- compiler-rt/trunk/lib/asan/asan_interceptors.cc (original)
+++ compiler-rt/trunk/lib/asan/asan_interceptors.cc Mon Jul 23 03:22:27 2012
@@ -115,7 +115,7 @@
 // Instruments read/write access to a single byte in memory.
 // On error calls __asan_report_error, which aborts the program.
 #define ACCESS_ADDRESS(address, isWrite)   do {         \
-  if (AddressIsPoisoned(address)) {                     \
+  if (!AddrIsInMem(address) || AddressIsPoisoned(address)) {                \
     GET_CURRENT_PC_BP_SP;                               \
     __asan_report_error(pc, bp, sp, address, isWrite, /* access_size */ 1); \
   } \

Modified: compiler-rt/trunk/lib/asan/asan_mapping.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_mapping.h?rev=160620&r1=160619&r2=160620&view=diff
==============================================================================
--- compiler-rt/trunk/lib/asan/asan_mapping.h (original)
+++ compiler-rt/trunk/lib/asan/asan_mapping.h Mon Jul 23 03:22:27 2012
@@ -97,6 +97,10 @@
   return AddrIsInLowShadow(a) || AddrIsInHighShadow(a);
 }
 
+static inline bool AddrIsInShadowGap(uptr a) {
+  return a >= kShadowGapBeg && a <= kShadowGapEnd;
+}
+
 static inline bool AddrIsAlignedByGranularity(uptr a) {
   return (a & (SHADOW_GRANULARITY - 1)) == 0;
 }

Modified: compiler-rt/trunk/lib/asan/asan_rtl.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_rtl.cc?rev=160620&r1=160619&r2=160620&view=diff
==============================================================================
--- compiler-rt/trunk/lib/asan/asan_rtl.cc (original)
+++ compiler-rt/trunk/lib/asan/asan_rtl.cc Mon Jul 23 03:22:27 2012
@@ -257,7 +257,35 @@
   return true;
 }
 
+static bool DescribeAddrIfShadow(uptr addr) {
+  if (AddrIsInMem(addr))
+    return false;
+  static const char kAddrInShadowReport[] =
+      "Address %p is located in the %s.\n";
+  if (AddrIsInShadowGap(addr)) {
+    AsanPrintf(kAddrInShadowReport, addr, "shadow gap area");
+    return true;
+  }
+  if (AddrIsInHighShadow(addr)) {
+    AsanPrintf(kAddrInShadowReport, addr, "high shadow area");
+    return true;
+  }
+  if (AddrIsInLowShadow(addr)) {
+    AsanPrintf(kAddrInShadowReport, addr, "low shadow area");
+    return true;
+  }
+
+  CHECK(0);  // Unreachable.
+  return false;
+}
+
 static NOINLINE void DescribeAddress(uptr addr, uptr access_size) {
+  // Check if this is shadow or shadow gap.
+  if (DescribeAddrIfShadow(addr))
+    return;
+
+  CHECK(AddrIsInMem(addr));
+
   // Check if this is a global.
   if (DescribeAddrIfGlobal(addr))
     return;
@@ -426,27 +454,27 @@
   GET_STACK_TRACE_WITH_PC_AND_BP(kStackTraceMax, pc, bp);
   stack.PrintStack();
 
-  CHECK(AddrIsInMem(addr));
-
   DescribeAddress(addr, access_size);
 
-  uptr shadow_addr = MemToShadow(addr);
-  AsanReport("ABORTING\n");
-  __asan_print_accumulated_stats();
-  AsanPrintf("Shadow byte and word:\n");
-  AsanPrintf("  %p: %x\n", (void*)shadow_addr, *(unsigned char*)shadow_addr);
-  uptr aligned_shadow = shadow_addr & ~(kWordSize - 1);
-  PrintBytes("  ", (uptr*)(aligned_shadow));
-  AsanPrintf("More shadow bytes:\n");
-  PrintBytes("  ", (uptr*)(aligned_shadow-4*kWordSize));
-  PrintBytes("  ", (uptr*)(aligned_shadow-3*kWordSize));
-  PrintBytes("  ", (uptr*)(aligned_shadow-2*kWordSize));
-  PrintBytes("  ", (uptr*)(aligned_shadow-1*kWordSize));
-  PrintBytes("=>", (uptr*)(aligned_shadow+0*kWordSize));
-  PrintBytes("  ", (uptr*)(aligned_shadow+1*kWordSize));
-  PrintBytes("  ", (uptr*)(aligned_shadow+2*kWordSize));
-  PrintBytes("  ", (uptr*)(aligned_shadow+3*kWordSize));
-  PrintBytes("  ", (uptr*)(aligned_shadow+4*kWordSize));
+  if (AddrIsInMem(addr)) {
+    uptr shadow_addr = MemToShadow(addr);
+    AsanReport("ABORTING\n");
+    __asan_print_accumulated_stats();
+    AsanPrintf("Shadow byte and word:\n");
+    AsanPrintf("  %p: %x\n", (void*)shadow_addr, *(unsigned char*)shadow_addr);
+    uptr aligned_shadow = shadow_addr & ~(kWordSize - 1);
+    PrintBytes("  ", (uptr*)(aligned_shadow));
+    AsanPrintf("More shadow bytes:\n");
+    PrintBytes("  ", (uptr*)(aligned_shadow-4*kWordSize));
+    PrintBytes("  ", (uptr*)(aligned_shadow-3*kWordSize));
+    PrintBytes("  ", (uptr*)(aligned_shadow-2*kWordSize));
+    PrintBytes("  ", (uptr*)(aligned_shadow-1*kWordSize));
+    PrintBytes("=>", (uptr*)(aligned_shadow+0*kWordSize));
+    PrintBytes("  ", (uptr*)(aligned_shadow+1*kWordSize));
+    PrintBytes("  ", (uptr*)(aligned_shadow+2*kWordSize));
+    PrintBytes("  ", (uptr*)(aligned_shadow+3*kWordSize));
+    PrintBytes("  ", (uptr*)(aligned_shadow+4*kWordSize));
+  }
   if (error_report_callback) {
     error_report_callback(error_message_buffer);
   }

Modified: compiler-rt/trunk/lib/asan/tests/asan_noinst_test.cc
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/tests/asan_noinst_test.cc?rev=160620&r1=160619&r2=160620&view=diff
==============================================================================
--- compiler-rt/trunk/lib/asan/tests/asan_noinst_test.cc (original)
+++ compiler-rt/trunk/lib/asan/tests/asan_noinst_test.cc Mon Jul 23 03:22:27 2012
@@ -21,8 +21,9 @@
 #include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <vector>
+#include <string.h>  // for memset()
 #include <algorithm>
+#include <vector>
 #include "gtest/gtest.h"
 
 // Simple stand-alone pseudorandom number generator.
@@ -328,6 +329,18 @@
   }
 }
 
+TEST(AddressSanitizer, MemsetWildAddressTest) {
+  typedef void*(*memset_p)(void*, int, size_t);
+  // Prevent inlining of memset().
+  volatile memset_p libc_memset = (memset_p)memset;
+  EXPECT_DEATH(libc_memset((void*)(kLowShadowBeg + kPageSize), 0, 100),
+               "unknown-crash.*low shadow");
+  EXPECT_DEATH(libc_memset((void*)(kShadowGapBeg + kPageSize), 0, 100),
+               "unknown-crash.*shadow gap");
+  EXPECT_DEATH(libc_memset((void*)(kHighShadowBeg + kPageSize), 0, 100),
+               "unknown-crash.*high shadow");
+}
+
 TEST(AddressSanitizerInterface, GetEstimatedAllocatedSize) {
   EXPECT_EQ(1U, __asan_get_estimated_allocated_size(0));
   const size_t sizes[] = { 1, 30, 1<<30 };

More information about the llvm-commits mailing list