[asan] Add unaligned double ended container support

Differential Revision: https://reviews.llvm.org/D138771

[test][asan] Speedup the test

[NFC][asan] Fix typo in names

[test][asan] Double ended version of TestContainer

[test][asan] Simplify a few expressions

[test][asan] Check find_bad_address test

For consistency with future TestDoubleEndedContainer, where calculation
of the expected bad address is complicated.

[test][asan] Deduplicate code

[1a/3][ASan][compiler-rt] API for double ended containers

This revision is a part of a series of patches extending
AddressSanitizer C++ container overflow detection capabilities by adding
annotation

[1a/3][ASan][compiler-rt] API for double ended containers

This revision is a part of a series of patches extending
AddressSanitizer C++ container overflow detection capabilities by adding
annotations, similar to those existing in std::vector, to std::string
and std::deque collections. These changes allow ASan to detect cases
when the instrumented program accesses memory which is internally
allocated by the collection but is still not in-use (accesses before or
after the stored elements for std::deque, or between the size and
capacity bounds for std::string).

The motivation for the research and those changes was a bug, found by
Trail of Bits, in a real code where an out-of-bounds read could happen
as two strings were compared via a std::equals function that took
iter1_begin, iter1_end, iter2_begin iterators (with a custom comparison
function). When object iter1 was longer than iter2, read out-of-bounds
on iter2 could happen. Container sanitization would detect it.

This revision adds a new compiler-rt ASan sanitization API function
sanitizer_annotate_double_ended_contiguous_container necessary to
sanitize/annotate double ended contiguous containers. Note that that
function annotates a single contiguous memory buffer (for example the
std::deque's internal chunk). Such containers have the beginning of
allocated memory block, beginning of the container in-use data, end of
the container's in-use data and the end of the allocated memory block.
This also adds a new API function to verify if a double ended contiguous
container is correctly annotated
(__sanitizer_verify_double_ended_contiguous_container).

Since we do not modify the ASan's shadow memory encoding values, the
capability of sanitizing/annotating a prefix of the internal contiguous
memory buffer is limited – up to SHADOW_GRANULARITY-1 bytes may not be
poisoned before the container's in-use data. This can cause false
negatives (situations when ASan will not detect memory corruption in
those areas).

On the other hand, API function interfaces are designed to work even if
this caveat would not exist. Therefore implementations using those
functions will poison every byte correctly, if only ASan (and
compiler-rt) is extended to support it. In other words, if ASan was
modified to support annotating/poisoning of objects lying on addresses
unaligned to SHADOW_GRANULARITY (so e.g. prefixes of those blocks),
which would require changing its shadow memory encoding, this would not
require any changes in the libcxx std::string/deque code which is added
in further commits of this patch series.

If you have any questions, please email:
advenam.tacet@trailofbits.com
disconnect3d@trailofbits.com

Differential Revision: https://reviews.llvm.org/D132090

show more ...

[test][asan] Limit scope of the var

[test][asan] Rename variables for less confusion

[test][asan] Simplify __sanitizer_verify_contiguous_container test

[test][asan] Simplify loops in test

[test][asan] Simplify test

We don't need to iterate off_end, just need to check a granule after the
end.

[NFC][asan] Rename variables in test

[asan] Simplify the test

[NFC][asan] clang-format the test

[1b/3][ASan][compiler-rt] API for annotating objects memory

This revision is a part of a series of patches extending AddressSanitizer C++ container overflow detection capabilities by adding annotati

[1b/3][ASan][compiler-rt] API for annotating objects memory

This revision is a part of a series of patches extending AddressSanitizer C++ container overflow detection capabilities by adding annotations, similar to those existing in std::vector, to std::string and std::deque collections. These changes allow ASan to detect cases when the instrumented program accesses memory which is internally allocated by the collection but is still not in-use (accesses before or after the stored elements for std::deque, or between the size and capacity bounds for std::string).

The motivation for the research and those changes was a bug, found by Trail of Bits, in a real code where an out-of-bounds read could happen as two strings were compared via a std::equals function that took iter1_begin, iter1_end, iter2_begin iterators (with a custom comparison function). When object iter1 was longer than iter2, read out-of-bounds on iter2 could happen. Container sanitization would detect it.

This revision extends a compiler-rt ASan sanitization API function sanitizer_annotate_contiguous_container used to sanitize/annotate containers like std::vector to support different allocators and situations when granules are shared between objects. Those changes are necessary to support annotating objects' self memory (in contrast to annotating memory allocated by an object) like short std::basic_string (with short string optimization). That also allows use of non-standard memory allocators, as alignment requirement is no longer necessary.

This also updates an API function to verify if a double ended contiguous container is correctly annotated (__sanitizer_verify_contiguous_container).

If you have any questions, please email:
advenam.tacet@trailofbits.com
disconnect3d@trailofbits.com

Reviewed By: #sanitizers, vitalybuka

Differential Revision: https://reviews.llvm.org/D132522

show more ...

[asan] Enable detect_stack_use_after_return=1 by default

By default -fsanitize=address already compiles with this check,
why not use it.
For compatibly it can be disabled with env ASAN_OPTIONS=detec

[asan] Enable detect_stack_use_after_return=1 by default

By default -fsanitize=address already compiles with this check,
why not use it.
For compatibly it can be disabled with env ASAN_OPTIONS=detect_stack_use_after_return=0.

Reviewed By: eugenis, kda, #sanitizers, hans

Differential Revision: https://reviews.llvm.org/D124057

show more ...

[compiler-rt] NFC: Fix trivial typo

Reviewed By: xgupta

Differential Revision: https://reviews.llvm.org/D77457

[NFC][sanitizer] Remove calls to __asan_get_current_fake_stack

Unnecessary with -fsanitize-address-use-after-return=never.

for issue: https://github.com/google/sanitizers/issues/1394

Reviewed By:

[NFC][sanitizer] Remove calls to __asan_get_current_fake_stack

Unnecessary with -fsanitize-address-use-after-return=never.

for issue: https://github.com/google/sanitizers/issues/1394

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D104154

show more ...

compiler-rt: Rename cc files below test/asan to cpp

See r367803 and similar other changes.

llvm-svn: 367887