[llvm-commits] [compiler-rt] r168046 - in /compiler-rt/trunk/lib/asan: asan_allocator.cc asan_internal.h asan_report.cc asan_thread.cc
Alexander Potapenko
glider at google.com
Tue Nov 20 06:03:25 PST 2012
I guess we must enable use-after-free tests on our bots in order to
cover this better.
On Tue, Nov 20, 2012 at 1:41 PM, Alexey Samsonov <samsonov at google.com> wrote:
> This fix is completely wrong: FakeStack::AddrIsInFakeStack(addr)
> doesn't return a fake stack frame containing "addr", but a pointer to
> a mapped memory region containing a bunch of fake stack frames of the same
> size.
>
> On Thu, Nov 15, 2012 at 7:45 PM, Kostya Serebryany <kcc at google.com> wrote:
>>
>> Thanks!
>>
>>
>> On Thu, Nov 15, 2012 at 7:24 AM, Alexander Potapenko <glider at google.com>
>> wrote:
>>>
>>> Author: glider
>>> Date: Thu Nov 15 09:24:42 2012
>>> New Revision: 168046
>>>
>>> URL: http://llvm.org/viewvc/llvm-project?rev=168046&view=rev
>>> Log:
>>> [ASan] Revert r168040 and r168043 and take a cleaner solution suggested
>>> by Kostya: return the known frame name for fake stack instead of looking it
>>> up.
>>>
>>> Modified:
>>> compiler-rt/trunk/lib/asan/asan_allocator.cc
>>> compiler-rt/trunk/lib/asan/asan_internal.h
>>> compiler-rt/trunk/lib/asan/asan_report.cc
>>> compiler-rt/trunk/lib/asan/asan_thread.cc
>>>
>>> Modified: compiler-rt/trunk/lib/asan/asan_allocator.cc
>>> URL:
>>> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_allocator.cc?rev=168046&r1=168045&r2=168046&view=diff
>>>
>>> ==============================================================================
>>> --- compiler-rt/trunk/lib/asan/asan_allocator.cc (original)
>>> +++ compiler-rt/trunk/lib/asan/asan_allocator.cc Thu Nov 15 09:24:42 2012
>>> @@ -998,10 +998,6 @@
>>> CHECK(fake_frame->descr != 0);
>>> CHECK(fake_frame->size_minus_one == size - 1);
>>> PoisonShadow(ptr, size, kAsanStackAfterReturnMagic);
>>> - CHECK(size >= SHADOW_GRANULARITY);
>>> - // Poison the leftmost shadow byte with a special value so that we can
>>> find
>>> - // the beginning of the fake frame when reporting an error.
>>> - PoisonShadow(ptr, SHADOW_GRANULARITY, kAsanStackAfterReturnLeftMagic);
>>> }
>>>
>>> } // namespace __asan
>>>
>>> Modified: compiler-rt/trunk/lib/asan/asan_internal.h
>>> URL:
>>> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_internal.h?rev=168046&r1=168045&r2=168046&view=diff
>>>
>>> ==============================================================================
>>> --- compiler-rt/trunk/lib/asan/asan_internal.h (original)
>>> +++ compiler-rt/trunk/lib/asan/asan_internal.h Thu Nov 15 09:24:42 2012
>>> @@ -160,7 +160,6 @@
>>> const int kAsanStackAfterReturnMagic = 0xf5;
>>> const int kAsanInitializationOrderMagic = 0xf6;
>>> const int kAsanUserPoisonedMemoryMagic = 0xf7;
>>> -const int kAsanStackAfterReturnLeftMagic = 0xf8;
>>> const int kAsanGlobalRedzoneMagic = 0xf9;
>>> const int kAsanInternalHeapMagic = 0xfe;
>>>
>>>
>>> Modified: compiler-rt/trunk/lib/asan/asan_report.cc
>>> URL:
>>> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_report.cc?rev=168046&r1=168045&r2=168046&view=diff
>>>
>>> ==============================================================================
>>> --- compiler-rt/trunk/lib/asan/asan_report.cc (original)
>>> +++ compiler-rt/trunk/lib/asan/asan_report.cc Thu Nov 15 09:24:42 2012
>>> @@ -450,7 +450,6 @@
>>> bug_descr = "stack-buffer-overflow";
>>> break;
>>> case kAsanStackAfterReturnMagic:
>>> - case kAsanStackAfterReturnLeftMagic:
>>> bug_descr = "stack-use-after-return";
>>> break;
>>> case kAsanUserPoisonedMemoryMagic:
>>>
>>> Modified: compiler-rt/trunk/lib/asan/asan_thread.cc
>>> URL:
>>> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_thread.cc?rev=168046&r1=168045&r2=168046&view=diff
>>>
>>> ==============================================================================
>>> --- compiler-rt/trunk/lib/asan/asan_thread.cc (original)
>>> +++ compiler-rt/trunk/lib/asan/asan_thread.cc Thu Nov 15 09:24:42 2012
>>> @@ -118,41 +118,35 @@
>>>
>>> const char *AsanThread::GetFrameNameByAddr(uptr addr, uptr *offset) {
>>> uptr bottom = 0;
>>> - bool is_fake_stack = false;
>>> if (AddrIsInStack(addr)) {
>>> bottom = stack_bottom();
>>> } else {
>>> bottom = fake_stack().AddrIsInFakeStack(addr);
>>> CHECK(bottom);
>>> - is_fake_stack = true;
>>> + *offset = addr - bottom;
>>> + return (const char *)((uptr*)bottom)[1];
>>> }
>>> uptr aligned_addr = addr & ~(__WORDSIZE/8 - 1); // align addr.
>>> u8 *shadow_ptr = (u8*)MemToShadow(aligned_addr);
>>> u8 *shadow_bottom = (u8*)MemToShadow(bottom);
>>>
>>> while (shadow_ptr >= shadow_bottom &&
>>> - *shadow_ptr != kAsanStackLeftRedzoneMagic &&
>>> - *shadow_ptr != kAsanStackAfterReturnLeftMagic) {
>>> + *shadow_ptr != kAsanStackLeftRedzoneMagic) {
>>> shadow_ptr--;
>>> }
>>>
>>> while (shadow_ptr >= shadow_bottom &&
>>> - (*shadow_ptr == kAsanStackLeftRedzoneMagic ||
>>> - *shadow_ptr == kAsanStackAfterReturnLeftMagic)) {
>>> + *shadow_ptr == kAsanStackLeftRedzoneMagic) {
>>> shadow_ptr--;
>>> }
>>>
>>> if (shadow_ptr < shadow_bottom) {
>>> - // If we're one byte below the fake stack bottom, we've found the
>>> frame.
>>> - if (!is_fake_stack || (*shadow_bottom !=
>>> kAsanStackAfterReturnLeftMagic)) {
>>> - *offset = 0;
>>> - return "UNKNOWN";
>>> - }
>>> + *offset = 0;
>>> + return "UNKNOWN";
>>> }
>>>
>>> uptr* ptr = (uptr*)SHADOW_TO_MEM((uptr)(shadow_ptr + 1));
>>> - CHECK((ptr[0] == kCurrentStackFrameMagic) ||
>>> - (is_fake_stack && ptr[0] == kRetiredStackFrameMagic));
>>> + CHECK(ptr[0] == kCurrentStackFrameMagic);
>>> *offset = addr - (uptr)ptr;
>>> return (const char*)ptr[1];
>>> }
>>>
>>>
>>> _______________________________________________
>>> llvm-commits mailing list
>>> llvm-commits at cs.uiuc.edu
>>> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>>
>>
>>
>> _______________________________________________
>> llvm-commits mailing list
>> llvm-commits at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>>
>
>
>
> --
> Alexey Samsonov, MSK
>
--
Alexander Potapenko
Software Engineer
Google Moscow
More information about the llvm-commits
mailing list