[compiler-rt] 498a4c2 - [HWASan] Print short tags in tag mismatch description.
Matt Morehouse via llvm-commits
llvm-commits at lists.llvm.org
Tue Nov 2 08:01:00 PDT 2021
Author: Matt Morehouse
Date: 2021-11-02T08:00:33-07:00
New Revision: 498a4c2fd76c536077a4c385f31ae511e78ba6ac
URL: https://github.com/llvm/llvm-project/commit/498a4c2fd76c536077a4c385f31ae511e78ba6ac
DIFF: https://github.com/llvm/llvm-project/commit/498a4c2fd76c536077a4c385f31ae511e78ba6ac.diff
LOG: [HWASan] Print short tags in tag mismatch description.
I recently spent some extra time debugging a false positive because I
didn't realize the "real" tag was in the short granule. Adding the
short tag here makes it more obvious that we could be dealing with a
short granule.
Reviewed By: hctim, eugenis
Differential Revision: https://reviews.llvm.org/D112949
Added:
Modified:
compiler-rt/lib/hwasan/hwasan_report.cpp
compiler-rt/test/hwasan/TestCases/heap-buffer-overflow.c
Removed:
################################################################################
diff --git a/compiler-rt/lib/hwasan/hwasan_report.cpp b/compiler-rt/lib/hwasan/hwasan_report.cpp
index d0be6b579b563..0107b8b772a9d 100644
--- a/compiler-rt/lib/hwasan/hwasan_report.cpp
+++ b/compiler-rt/lib/hwasan/hwasan_report.cpp
@@ -702,17 +702,15 @@ void ReportTagMismatch(StackTrace *stack, uptr tagged_addr, uptr access_size,
tag_t mem_tag = *tag_ptr;
Printf("%s", d.Access());
- Printf("%s of size %zu at %p tags: %02x/%02x (ptr/mem) in thread T%zd\n",
- is_store ? "WRITE" : "READ", access_size, untagged_addr, ptr_tag,
- mem_tag, t->unique_id());
if (mem_tag && mem_tag < kShadowAlignment) {
tag_t *granule_ptr = reinterpret_cast<tag_t *>((untagged_addr + offset) &
~(kShadowAlignment - 1));
// If offset is 0, (untagged_addr + offset) is not aligned to granules.
// This is the offset of the leftmost accessed byte within the bad granule.
u8 in_granule_offset = (untagged_addr + offset) & (kShadowAlignment - 1);
+ tag_t short_tag = granule_ptr[kShadowAlignment - 1];
// The first mismatch was a short granule that matched the ptr_tag.
- if (granule_ptr[kShadowAlignment - 1] == ptr_tag) {
+ if (short_tag == ptr_tag) {
// If the access starts after the end of the short granule, then the first
// bad byte is the first byte of the access; otherwise it is the first
// byte past the end of the short granule
@@ -720,6 +718,14 @@ void ReportTagMismatch(StackTrace *stack, uptr tagged_addr, uptr access_size,
offset += mem_tag - in_granule_offset;
}
}
+ Printf(
+ "%s of size %zu at %p tags: %02x/%02x(%02x) (ptr/mem) in thread T%zd\n",
+ is_store ? "WRITE" : "READ", access_size, untagged_addr, ptr_tag,
+ mem_tag, short_tag, t->unique_id());
+ } else {
+ Printf("%s of size %zu at %p tags: %02x/%02x (ptr/mem) in thread T%zd\n",
+ is_store ? "WRITE" : "READ", access_size, untagged_addr, ptr_tag,
+ mem_tag, t->unique_id());
}
if (offset != 0)
Printf("Invalid access starting at offset %zu\n", offset);
diff --git a/compiler-rt/test/hwasan/TestCases/heap-buffer-overflow.c b/compiler-rt/test/hwasan/TestCases/heap-buffer-overflow.c
index db7d444941752..ff52a4bf298c6 100644
--- a/compiler-rt/test/hwasan/TestCases/heap-buffer-overflow.c
+++ b/compiler-rt/test/hwasan/TestCases/heap-buffer-overflow.c
@@ -57,7 +57,7 @@ int main(int argc, char **argv) {
// CHECKM: Cause: heap-buffer-overflow
// CHECKM: is located 0 bytes to the right of 1000000-byte region
//
-// CHECK31: tags: [[TAG:..]]/0e (ptr/mem)
+// CHECK31: tags: [[TAG:..]]/0e([[TAG]]) (ptr/mem)
// CHECK31-NOT: Invalid access starting at offset
// CHECK31: Cause: heap-buffer-overflow
// CHECK31: is located 1 bytes to the right of 30-byte region
More information about the llvm-commits
mailing list