[compiler-rt] 4b4437c - [asan] Enable detect_stack_use_after_return=1 by default
Vitaly Buka via llvm-commits
llvm-commits at lists.llvm.org
Fri Apr 22 15:31:52 PDT 2022
Author: Vitaly Buka
Date: 2022-04-22T15:31:43-07:00
New Revision: 4b4437c084e2b8a2643e97e7aef125c438635a4d
URL: https://github.com/llvm/llvm-project/commit/4b4437c084e2b8a2643e97e7aef125c438635a4d
DIFF: https://github.com/llvm/llvm-project/commit/4b4437c084e2b8a2643e97e7aef125c438635a4d.diff
LOG: [asan] Enable detect_stack_use_after_return=1 by default
By default -fsanitize=address already compiles with this check,
why not use it.
For compatibly it can be disabled with env ASAN_OPTIONS=detect_stack_use_after_return=0.
Reviewed By: eugenis, kda, #sanitizers, hans
Differential Revision: https://reviews.llvm.org/D124057
Added:
Modified:
clang/docs/AddressSanitizer.rst
clang/docs/ReleaseNotes.rst
compiler-rt/lib/asan/asan_flags.inc
compiler-rt/lib/asan/tests/asan_interface_test.cpp
compiler-rt/test/asan/TestCases/Posix/gc-test.cpp
compiler-rt/test/asan/TestCases/Posix/stack-use-after-return.cpp
compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp
compiler-rt/test/asan/TestCases/Windows/stack_use_after_return.cpp
compiler-rt/test/asan/TestCases/alloca_loop_unpoisoning.cpp
compiler-rt/test/asan/TestCases/contiguous_container.cpp
compiler-rt/test/asan/TestCases/handle_noreturn_bug.cpp
compiler-rt/test/asan/TestCases/heavy_uar_test.cpp
compiler-rt/test/asan/TestCases/intercept-rethrow-exception.cpp
compiler-rt/test/asan/TestCases/invalid-pointer-pairs-subtract-success.cpp
llvm/include/llvm/Transforms/Instrumentation/AddressSanitizerOptions.h
Removed:
################################################################################
diff --git a/clang/docs/AddressSanitizer.rst b/clang/docs/AddressSanitizer.rst
index fe5f683580a46..ca5c052b615f5 100644
--- a/clang/docs/AddressSanitizer.rst
+++ b/clang/docs/AddressSanitizer.rst
@@ -15,7 +15,7 @@ following types of bugs:
* Out-of-bounds accesses to heap, stack and globals
* Use-after-free
* Use-after-return (clang flag ``-fsanitize-address-use-after-return=(never|runtime|always)`` default: ``runtime``)
- * Enable ``runtime`` with: ``ASAN_OPTIONS=detect_stack_use_after_return=1``
+ * Disable ``runtime`` with: ``ASAN_OPTIONS=detect_stack_use_after_return=0``
* Use-after-scope (clang flag ``-fsanitize-address-use-after-scope``)
* Double-free, invalid free
* Memory leaks (experimental)
@@ -143,8 +143,8 @@ Stack Use After Return (UAR)
AddressSanitizer can optionally detect stack use after return problems.
This is available by default, or explicitly
(``-fsanitize-address-use-after-return=runtime``).
-To enable this check at runtime, set the environment variable
-``ASAN_OPTIONS=detect_stack_use_after_return=1``.
+To disable this check at runtime, set the environment variable
+``ASAN_OPTIONS=detect_stack_use_after_return=0``.
Enabling this check (``-fsanitize-address-use-after-return=always``) will
reduce code size. The code size may be reduced further by completely
@@ -152,8 +152,8 @@ eliminating this check (``-fsanitize-address-use-after-return=never``).
To summarize: ``-fsanitize-address-use-after-return=<mode>``
* ``never``: Completely disables detection of UAR errors (reduces code size).
- * ``runtime``: Adds the code for detection, but must be enabled via the
- runtime environment (``ASAN_OPTIONS=detect_stack_use_after_return=1``).
+ * ``runtime``: Adds the code for detection, but it can be disable via the
+ runtime environment (``ASAN_OPTIONS=detect_stack_use_after_return=0``).
* ``always``: Enables detection of UAR errors in all cases. (reduces code
size, but not as much as ``never``).
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 8560ab921ef9f..066a0e1977324 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -173,7 +173,8 @@ Non-comprehensive list of changes in this release
- Improve the dump format, dump both bitwidth(if its a bitfield) and field value.
- Remove anonymous tag locations.
- Beautify dump format, add indent for nested struct and struct members.
-- Previously disabled sanitizer options now enabled by default
+- Previously disabled sanitizer options now enabled by default:
+ - ASAN_OPTIONS=detect_stack_use_after_return=1.
- MSAN_OPTIONS=poison_in_dtor=1.
New Compiler Flags
diff --git a/compiler-rt/lib/asan/asan_flags.inc b/compiler-rt/lib/asan/asan_flags.inc
index 514b225c40731..31d4b3a6f3cc5 100644
--- a/compiler-rt/lib/asan/asan_flags.inc
+++ b/compiler-rt/lib/asan/asan_flags.inc
@@ -49,7 +49,7 @@ ASAN_FLAG(
"to find more errors.")
ASAN_FLAG(bool, replace_intrin, true,
"If set, uses custom wrappers for memset/memcpy/memmove intrinsics.")
-ASAN_FLAG(bool, detect_stack_use_after_return, false,
+ASAN_FLAG(bool, detect_stack_use_after_return, true,
"Enables stack-use-after-return checking at run-time.")
ASAN_FLAG(int, min_uar_stack_size_log, 16, // We can't do smaller anyway.
"Minimum fake stack size log.")
diff --git a/compiler-rt/lib/asan/tests/asan_interface_test.cpp b/compiler-rt/lib/asan/tests/asan_interface_test.cpp
index 6ea04191d789b..021ebfb04b002 100644
--- a/compiler-rt/lib/asan/tests/asan_interface_test.cpp
+++ b/compiler-rt/lib/asan/tests/asan_interface_test.cpp
@@ -413,6 +413,9 @@ TEST(AddressSanitizerInterface, HandleNoReturnTest) {
__asan_poison_memory_region(array, sizeof(array));
BAD_ACCESS(array, 20);
__asan_handle_no_return();
+ // Fake stack does not need to be unpoisoned.
+ if (__asan_get_current_fake_stack())
+ return;
// It unpoisons the whole thread stack.
GOOD_ACCESS(array, 20);
}
diff --git a/compiler-rt/test/asan/TestCases/Posix/gc-test.cpp b/compiler-rt/test/asan/TestCases/Posix/gc-test.cpp
index 56d8c398fc75b..8567630f36b35 100644
--- a/compiler-rt/test/asan/TestCases/Posix/gc-test.cpp
+++ b/compiler-rt/test/asan/TestCases/Posix/gc-test.cpp
@@ -1,9 +1,11 @@
// RUN: %clangxx_asan %s -pthread -o %t
// RUN: %env_asan_opts=detect_stack_use_after_return=1 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1
// RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK0
+// RUN: %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1
// RUN: %clangxx_asan -O3 %s -pthread -o %t
// RUN: %env_asan_opts=detect_stack_use_after_return=1 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1
// RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK0
+// RUN: %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1
// REQUIRES: stable-runtime
#include <assert.h>
diff --git a/compiler-rt/test/asan/TestCases/Posix/stack-use-after-return.cpp b/compiler-rt/test/asan/TestCases/Posix/stack-use-after-return.cpp
index d13b6187a8c87..c252151159937 100644
--- a/compiler-rt/test/asan/TestCases/Posix/stack-use-after-return.cpp
+++ b/compiler-rt/test/asan/TestCases/Posix/stack-use-after-return.cpp
@@ -2,6 +2,7 @@
// RUN: %clangxx_asan -O1 %s -pthread -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
// RUN: %clangxx_asan -O2 %s -pthread -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
// RUN: %clangxx_asan -O3 %s -pthread -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
+// RUN: not %run %t 2>&1 | FileCheck %s
// RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t
// RUN: %clangxx_asan -O0 %s -pthread -o %t -fsanitize-address-use-after-return=always && not %run %t 2>&1 | FileCheck %s
// RUN: %clangxx_asan -O1 %s -pthread -o %t -fsanitize-address-use-after-return=always && not %run %t 2>&1 | FileCheck %s
diff --git a/compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp b/compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp
index 1a8b951590930..593114bdf2e8d 100644
--- a/compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp
+++ b/compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp
@@ -4,7 +4,7 @@
// Don't optimize, otherwise the variables which create redzones might be
// dropped.
// RUN: %clangxx_asan -fexceptions -O0 %s -o %t -pthread
-// RUN: %run %t
+// RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t
#include <algorithm>
#include <cassert>
diff --git a/compiler-rt/test/asan/TestCases/Windows/stack_use_after_return.cpp b/compiler-rt/test/asan/TestCases/Windows/stack_use_after_return.cpp
index c180bc9d152f1..0c9c413393ea3 100644
--- a/compiler-rt/test/asan/TestCases/Windows/stack_use_after_return.cpp
+++ b/compiler-rt/test/asan/TestCases/Windows/stack_use_after_return.cpp
@@ -1,5 +1,6 @@
// RUN: %clang_cl_asan -Od %s -Fe%t
// RUN: %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
+// RUN: not %run %t 2>&1 | FileCheck %s
// RUN: %clang_cl_asan -Od %s -Fe%t -fsanitize-address-use-after-return=always
// RUN: not %run %t 2>&1 | FileCheck %s
diff --git a/compiler-rt/test/asan/TestCases/alloca_loop_unpoisoning.cpp b/compiler-rt/test/asan/TestCases/alloca_loop_unpoisoning.cpp
index a3d7ca1dc4c2a..af6ca2163195a 100644
--- a/compiler-rt/test/asan/TestCases/alloca_loop_unpoisoning.cpp
+++ b/compiler-rt/test/asan/TestCases/alloca_loop_unpoisoning.cpp
@@ -1,5 +1,5 @@
// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-dynamic-allocas %s -o %t
-// RUN: %run %t 2>&1
+// RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t 2>&1
//
// REQUIRES: stable-runtime
diff --git a/compiler-rt/test/asan/TestCases/contiguous_container.cpp b/compiler-rt/test/asan/TestCases/contiguous_container.cpp
index 27ceecfe166bd..a813424d36ced 100644
--- a/compiler-rt/test/asan/TestCases/contiguous_container.cpp
+++ b/compiler-rt/test/asan/TestCases/contiguous_container.cpp
@@ -1,4 +1,4 @@
-// RUN: %clangxx_asan -fexceptions -O %s -o %t && %run %t
+// RUN: %clangxx_asan -fexceptions -O %s -o %t && %env_asan_opts=detect_stack_use_after_return=0 %run %t
//
// Test __sanitizer_annotate_contiguous_container.
diff --git a/compiler-rt/test/asan/TestCases/handle_noreturn_bug.cpp b/compiler-rt/test/asan/TestCases/handle_noreturn_bug.cpp
index 1639ad7d0859b..a4d3530bb70c8 100644
--- a/compiler-rt/test/asan/TestCases/handle_noreturn_bug.cpp
+++ b/compiler-rt/test/asan/TestCases/handle_noreturn_bug.cpp
@@ -1,9 +1,9 @@
// Regression test: __asan_handle_no_return should unpoison stack even with poison_heap=0.
// Fails with debug checks: https://bugs.llvm.org/show_bug.cgi?id=46862
// XFAIL: !compiler-rt-optimized
-// RUN: %clangxx_asan -O0 %s -o %t && \
-// RUN: %env_asan_opts=poison_heap=1 %run %t && \
-// RUN: %env_asan_opts=poison_heap=0 %run %t
+// RUN: %clangxx_asan -O0 %s -o %t
+// RUN: %env_asan_opts=detect_stack_use_after_return=0:poison_heap=1 %run %t
+// RUN: %env_asan_opts=detect_stack_use_after_return=0:poison_heap=0 %run %t
#include <sanitizer/asan_interface.h>
diff --git a/compiler-rt/test/asan/TestCases/heavy_uar_test.cpp b/compiler-rt/test/asan/TestCases/heavy_uar_test.cpp
index 68eab14a916ae..571b25966ea9f 100644
--- a/compiler-rt/test/asan/TestCases/heavy_uar_test.cpp
+++ b/compiler-rt/test/asan/TestCases/heavy_uar_test.cpp
@@ -1,5 +1,7 @@
-// RUN: %clangxx_asan -O0 %s -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
-// RUN: %clangxx_asan -O2 %s -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
// RUN: %clangxx_asan -O0 %s -o %t -fsanitize-address-use-after-return=always && not %run %t 2>&1 | FileCheck %s
// RUN: %clangxx_asan -O2 %s -o %t -fsanitize-address-use-after-return=always && not %run %t 2>&1 | FileCheck %s
// XFAIL: windows-msvc
diff --git a/compiler-rt/test/asan/TestCases/intercept-rethrow-exception.cpp b/compiler-rt/test/asan/TestCases/intercept-rethrow-exception.cpp
index b7272ad71bf52..a07d7a213b6b5 100644
--- a/compiler-rt/test/asan/TestCases/intercept-rethrow-exception.cpp
+++ b/compiler-rt/test/asan/TestCases/intercept-rethrow-exception.cpp
@@ -4,7 +4,7 @@
// REQUIRES: shared_cxxabi
// RUN: %clangxx_asan -fexceptions -O0 %s -o %t
-// RUN: %run %t
+// RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t
// The current implementation of this functionality requires special
// combination of libraries that are not used by default on NetBSD
diff --git a/compiler-rt/test/asan/TestCases/invalid-pointer-pairs-subtract-success.cpp b/compiler-rt/test/asan/TestCases/invalid-pointer-pairs-subtract-success.cpp
index 79714c7b90059..6c464cd67129c 100644
--- a/compiler-rt/test/asan/TestCases/invalid-pointer-pairs-subtract-success.cpp
+++ b/compiler-rt/test/asan/TestCases/invalid-pointer-pairs-subtract-success.cpp
@@ -1,7 +1,7 @@
// RUN: %clangxx_asan -O0 %s -o %t -mllvm -asan-detect-invalid-pointer-pair
// RUN: %env_asan_opts=detect_invalid_pointer_pairs=2 %run %t
-// RUN: %env_asan_opts=detect_invalid_pointer_pairs=2,detect_stack_use_after_return=1 %run %t
+// RUN: %env_asan_opts=detect_invalid_pointer_pairs=2,detect_stack_use_after_return=0 %run %t
#include <assert.h>
#include <stdlib.h>
diff --git a/llvm/include/llvm/Transforms/Instrumentation/AddressSanitizerOptions.h b/llvm/include/llvm/Transforms/Instrumentation/AddressSanitizerOptions.h
index 107f5af3eebaa..187aaedb60004 100644
--- a/llvm/include/llvm/Transforms/Instrumentation/AddressSanitizerOptions.h
+++ b/llvm/include/llvm/Transforms/Instrumentation/AddressSanitizerOptions.h
@@ -22,8 +22,8 @@ enum class AsanDtorKind {
/// Mode of ASan detect stack use after return
enum class AsanDetectStackUseAfterReturnMode {
Never, ///< Never detect stack use after return.
- Runtime, ///< Detect stack use after return if runtime flag is enabled
- ///< (ASAN_OPTIONS=detect_stack_use_after_return=1)
+ Runtime, ///< Detect stack use after return if not disabled runtime with
+ ///< (ASAN_OPTIONS=detect_stack_use_after_return=0).
Always, ///< Always detect stack use after return.
Invalid, ///< Not a valid detect mode.
};
More information about the llvm-commits
mailing list