[PATCH] D23616: [asan] Add __asan_memset_real to allow poisoning shadow directly from instrumented code

Vitaly Buka via llvm-commits llvm-commits at lists.llvm.org
Thu Aug 18 10:33:57 PDT 2016


Thanks.
Done: https://reviews.llvm.org/D23676

On Thu, Aug 18, 2016 at 5:46 AM Filipe Cabecinhas <
filcab+llvm.phabricator at gmail.com> wrote:

> Hi Vitaly,
>
> Can you add a test for this?
>
> Something like this would probably work:
> ////////////////////////////////////////////
> // RUN: %run %t 0x00 | FileCheck %s -check-prefix=X00
> // RUN: %run %t 0xf1 | FileCheck %s -check-prefix=XF1
> // RUN: %run %t 0xf2 | FileCheck %s -check-prefix=XF2
> // RUN: %run %t 0xf3 | FileCheck %s -check-prefix=XF3
> // RUN: %run %t 0xf5 | FileCheck %s -check-prefix=XF5
> // RUN: %run %t 0xf8 | FileCheck %s -check-prefix=XF8
>
> #include <assert.h>
> #include <stdlib.h>
> #include <stddef.h>
> #include <sanitizer/asan_interface.h>
>
> size_t shadow_offset;
> size_t shadow_scale;
> #define MEM_TO_SHADOW(addr) ((addr >> shadow_scale) + shadow_offset)
>
> extern "C" {
> void __asan_set_shadow_00(size_t addr, size_t size);
> void __asan_set_shadow_f1(size_t addr, size_t size);
> void __asan_set_shadow_f2(size_t addr, size_t size);
> void __asan_set_shadow_f3(size_t addr, size_t size);
> void __asan_set_shadow_f5(size_t addr, size_t size);
> void __asan_set_shadow_f8(size_t addr, size_t size);
> }
>
> char f(char *a) {
>   return *a;
> }
>
> long g(long arg) {
>   char arr[1] __attribute__((aligned(8)));
>   size_t iarr = (size_t)arr;
>
>   switch (arg) {
> #define CASE(xx) case 0x##xx: \
>                    __asan_set_shadow_##xx(MEM_TO_SHADOW(iarr), 1); \
>                    return *arr;
>       // X00-NOT: AddressSanitizer
>       CASE(00);
>       // XF1: AddressSanitizer: stack-buffer-underflow
>       // XF1: [f1]
>       CASE(f1);
>       // XF2: AddressSanitizer: stack-buffer-overflow
>       // XF2: [f2]
>       CASE(f2);
>       // XF3: AddressSanitizer: stack-buffer-overflow
>       // XF3: [f3]
>       CASE(f3);
>       // XF5: AddressSanitizer: stack-use-after-return
>       // XF5: [f5]
>       CASE(f5);
>       // XF8: AddressSanitizer: stack-use-after-scope
>       // XF8: [f8]
>       CASE(f8);
> #undef CASE
>   }
>   assert(false);
> }
>
> int main(int argc, char **argv) {
>   assert(argc > 1);
>   __asan_get_shadow_mapping(&shadow_scale, &shadow_offset);
>
>
>   long arg = strtol(argv[1], nullptr, 16);
>   g(arg);
>   puts("Done"); // Otherwise we get: FileCheck error: '-' is empty
>   return 0;
> }
> ////////////////////////////////////////////
>
> That way, you end up testing that the shadow address does get
> poisoned/unpoisoned with the value you want.
>
> Thank you,
>
>  Filipe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160818/6ceeb376/attachment.html>


More information about the llvm-commits mailing list