asan_rtl.cc revision 3945c58f9db42671b1a3b865fde5008f09a3a40e
15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)//===-- asan_rtl.cc -------------------------------------------------------===// 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// The LLVM Compiler Infrastructure 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 5c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// This file is distributed under the University of Illinois Open Source 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// License. See LICENSE.TXT for details. 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)//===----------------------------------------------------------------------===// 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// This file is a part of AddressSanitizer, an address sanity checker. 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Main file of the ASan run-time library. 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)//===----------------------------------------------------------------------===// 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "asan_allocator.h" 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "asan_interceptors.h" 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "asan_interface.h" 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "asan_internal.h" 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "asan_lock.h" 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "asan_mapping.h" 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "asan_report.h" 21c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "asan_stack.h" 225e3f23d412006dc4db4e659864679f29341e113fTorne (Richard Coles)#include "asan_stats.h" 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "asan_thread.h" 24eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "asan_thread_registry.h" 2590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#include "sanitizer_common/sanitizer_atomic.h" 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sanitizer_common/sanitizer_flags.h" 2790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#include "sanitizer_common/sanitizer_libc.h" 28c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace __sanitizer { 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)using namespace __asan; 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void Die() { 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static atomic_uint32_t num_calls; 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (atomic_fetch_add(&num_calls, 1, memory_order_relaxed) != 0) { 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Don't die twice - run a busy loop. 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) while (1) { } 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (flags()->sleep_before_dying) { 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Report("Sleeping for %d second(s)\n", flags()->sleep_before_dying); 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SleepForSeconds(flags()->sleep_before_dying); 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (flags()->unmap_shadow_on_exit) 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UnmapOrDie((void*)kLowShadowBeg, kHighShadowEnd - kLowShadowBeg); 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (death_callback) 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) death_callback(); 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (flags()->abort_on_error) 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Abort(); 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Exit(flags()->exitcode); 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SANITIZER_INTERFACE_ATTRIBUTE 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void CheckFailed(const char *file, int line, const char *cond, u64 v1, u64 v2) { 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AsanReport("AddressSanitizer CHECK failed: %s:%d \"%s\" (0x%zx, 0x%zx)\n", 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) file, line, cond, (uptr)v1, (uptr)v2); 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRINT_CURRENT_STACK(); 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ShowStatsAndAbort(); 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace __sanitizer 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace __asan { 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// -------------------------- Flags ------------------------- {{{1 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static const int kMallocContextSize = 30; 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static Flags asan_flags; 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)Flags *flags() { 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return &asan_flags; 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static void ParseFlagsFromString(Flags *f, const char *str) { 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->quarantine_size, "quarantine_size"); 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->symbolize, "symbolize"); 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->verbosity, "verbosity"); 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->redzone, "redzone"); 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(f->redzone >= 16); 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(IsPowerOfTwo(f->redzone)); 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->debug, "debug"); 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->report_globals, "report_globals"); 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->check_initialization_order, "initialization_order"); 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->malloc_context_size, "malloc_context_size"); 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(f->malloc_context_size <= kMallocContextSize); 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->replace_str, "replace_str"); 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->replace_intrin, "replace_intrin"); 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->replace_cfallocator, "replace_cfallocator"); 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->mac_ignore_invalid_free, "mac_ignore_invalid_free"); 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->use_fake_stack, "use_fake_stack"); 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->max_malloc_fill_size, "max_malloc_fill_size"); 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->exitcode, "exitcode"); 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->allow_user_poisoning, "allow_user_poisoning"); 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->sleep_before_dying, "sleep_before_dying"); 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->handle_segv, "handle_segv"); 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->use_sigaltstack, "use_sigaltstack"); 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->check_malloc_usable_size, "check_malloc_usable_size"); 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->unmap_shadow_on_exit, "unmap_shadow_on_exit"); 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->abort_on_error, "abort_on_error"); 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->atexit, "atexit"); 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->disable_core, "disable_core"); 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlag(str, &f->strip_path_prefix, "strip_path_prefix"); 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern "C" { 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SANITIZER_WEAK_ATTRIBUTE 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SANITIZER_INTERFACE_ATTRIBUTE 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char* __asan_default_options() { return ""; } 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // extern "C" 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void InitializeFlags(Flags *f, const char *env) { 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) internal_memset(f, 0, sizeof(*f)); 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->quarantine_size = (ASAN_LOW_MEMORY) ? 1UL << 24 : 1UL << 28; 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->symbolize = false; 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->verbosity = 0; 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->redzone = (ASAN_LOW_MEMORY) ? 64 : 128; 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->debug = false; 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->report_globals = 1; 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->check_initialization_order = true; 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->malloc_context_size = kMallocContextSize; 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->replace_str = true; 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->replace_intrin = true; 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->replace_cfallocator = true; 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->mac_ignore_invalid_free = false; 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->use_fake_stack = true; 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->max_malloc_fill_size = 0; 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->exitcode = ASAN_DEFAULT_FAILURE_EXITCODE; 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->allow_user_poisoning = true; 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->sleep_before_dying = 0; 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->handle_segv = ASAN_NEEDS_SEGV; 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->use_sigaltstack = false; 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->check_malloc_usable_size = true; 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->unmap_shadow_on_exit = false; 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->abort_on_error = false; 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->atexit = false; 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->disable_core = (__WORDSIZE == 64); 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) f->strip_path_prefix = ""; 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Override from user-specified string. 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlagsFromString(f, __asan_default_options()); 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (flags()->verbosity) { 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Report("Using the defaults from __asan_default_options: %s\n", 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) __asan_default_options()); 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Override from command line. 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ParseFlagsFromString(f, env); 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// -------------------------- Globals --------------------- {{{1 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int asan_inited; 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool asan_init_is_running; 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void (*death_callback)(void); 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// -------------------------- Misc ---------------- {{{1 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void ShowStatsAndAbort() { 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) __asan_print_accumulated_stats(); 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Die(); 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// ---------------------- mmap -------------------- {{{1 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Reserve memory range [beg, end]. 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static void ReserveShadowMemoryRange(uptr beg, uptr end) { 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK((beg % kPageSize) == 0); 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(((end + 1) % kPageSize) == 0); 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uptr size = end - beg + 1; 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *res = MmapFixedNoReserve(beg, size); 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(res == (void*)beg && "ReserveShadowMemoryRange failed"); 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// ---------------------- LowLevelAllocator ------------- {{{1 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void *LowLevelAllocator::Allocate(uptr size) { 1745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK((size & (size - 1)) == 0 && "size must be a power of two"); 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (allocated_end_ - allocated_current_ < (sptr)size) { 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uptr size_to_allocate = Max(size, kPageSize); 1775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) allocated_current_ = 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (char*)MmapOrDie(size_to_allocate, __FUNCTION__); 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) allocated_end_ = allocated_current_ + size_to_allocate; 1805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PoisonShadow((uptr)allocated_current_, size_to_allocate, 1815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) kAsanInternalHeapMagic); 1825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(allocated_end_ - allocated_current_ >= (sptr)size); 1845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *res = allocated_current_; 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) allocated_current_ += size; 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return res; 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// -------------------------- Run-time entry ------------------- {{{1 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// exported functions 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define ASAN_REPORT_ERROR(type, is_write, size) \ 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern "C" NOINLINE INTERFACE_ATTRIBUTE \ 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void __asan_report_ ## type ## size(uptr addr); \ 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void __asan_report_ ## type ## size(uptr addr) { \ 1955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) GET_CALLER_PC_BP_SP; \ 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) __asan_report_error(pc, bp, sp, addr, is_write, size); \ 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ASAN_REPORT_ERROR(load, false, 1) 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ASAN_REPORT_ERROR(load, false, 2) 2015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ASAN_REPORT_ERROR(load, false, 4) 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ASAN_REPORT_ERROR(load, false, 8) 2035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ASAN_REPORT_ERROR(load, false, 16) 2045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ASAN_REPORT_ERROR(store, true, 1) 2055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ASAN_REPORT_ERROR(store, true, 2) 2065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ASAN_REPORT_ERROR(store, true, 4) 2075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ASAN_REPORT_ERROR(store, true, 8) 2085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ASAN_REPORT_ERROR(store, true, 16) 2095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Force the linker to keep the symbols for various ASan interface functions. 2115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// We want to keep those in the executable in order to let the instrumented 2125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// dynamic libraries access the symbol even if it is not used by the executable 2135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// itself. This should help if the build system is removing dead code at link 2145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// time. 2155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static NOINLINE void force_interface_symbols() { 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) volatile int fake_condition = 0; // prevent dead condition elimination. 2175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // __asan_report_* functions are noreturn, so we need a switch to prevent 2185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the compiler from removing any of them. 2195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (fake_condition) { 2205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 1: __asan_report_load1(0); break; 221eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch case 2: __asan_report_load2(0); break; 222eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch case 3: __asan_report_load4(0); break; 223eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch case 4: __asan_report_load8(0); break; 224eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch case 5: __asan_report_load16(0); break; 2255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 6: __asan_report_store1(0); break; 2265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 7: __asan_report_store2(0); break; 2275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 8: __asan_report_store4(0); break; 2285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 9: __asan_report_store8(0); break; 2295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 10: __asan_report_store16(0); break; 2305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 11: __asan_register_global(0, 0, 0); break; 2315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 12: __asan_register_globals(0, 0); break; 2325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 13: __asan_unregister_globals(0, 0); break; 2335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 14: __asan_set_death_callback(0); break; 2345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 15: __asan_set_error_report_callback(0); break; 2355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 16: __asan_handle_no_return(); break; 2365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 17: __asan_address_is_poisoned(0); break; 2375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 18: __asan_get_allocated_size(0); break; 2385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 19: __asan_get_current_allocated_bytes(); break; 2395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 20: __asan_get_estimated_allocated_size(0); break; 2405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 21: __asan_get_free_bytes(); break; 2415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 22: __asan_get_heap_size(); break; 2425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 23: __asan_get_ownership(0); break; 2435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 24: __asan_get_unmapped_bytes(); break; 2445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 25: __asan_poison_memory_region(0, 0); break; 2455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 26: __asan_unpoison_memory_region(0, 0); break; 2465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 27: __asan_set_error_exit_code(0); break; 2475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 28: __asan_stack_free(0, 0, 0); break; 2485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 29: __asan_stack_malloc(0, 0); break; 2495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 30: __asan_set_on_error_callback(0); break; 2505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 31: __asan_default_options(); break; 2515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static void asan_atexit() { 2555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AsanPrintf("AddressSanitizer exit stats:\n"); 2565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) __asan_print_accumulated_stats(); 2575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace __asan 2605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// ---------------------- Interface ---------------- {{{1 2625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)using namespace __asan; // NOLINT 2635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int NOINLINE __asan_set_error_exit_code(int exit_code) { 2655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int old = flags()->exitcode; 2665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) flags()->exitcode = exit_code; 2675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return old; 2685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void NOINLINE __asan_handle_no_return() { 2715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int local_stack; 2725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AsanThread *curr_thread = asanThreadRegistry().GetCurrent(); 2735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(curr_thread); 2745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uptr top = curr_thread->stack_top(); 2755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uptr bottom = ((uptr)&local_stack - kPageSize) & ~(kPageSize-1); 2765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PoisonShadow(bottom, top - bottom, 0); 2775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void NOINLINE __asan_set_death_callback(void (*callback)(void)) { 2805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) death_callback = callback; 2815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void __asan_init() { 2845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (asan_inited) return; 2855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) asan_init_is_running = true; 2865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Make sure we are not statically linked. 2885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AsanDoesNotSupportStaticLinkage(); 2895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Initialize flags. 2915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char *options = GetEnv("ASAN_OPTIONS"); 2925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) InitializeFlags(flags(), options); 2935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (flags()->verbosity && options) { 2955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Report("Parsed ASAN_OPTIONS: %s\n", options); 2965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (flags()->atexit) { 2995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Atexit(asan_atexit); 3005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // interceptors 3035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) InitializeAsanInterceptors(); 3045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReplaceSystemMalloc(); 3065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReplaceOperatorsNewAndDelete(); 3075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (flags()->verbosity) { 3095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Printf("|| `[%p, %p]` || HighMem ||\n", 3105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (void*)kHighMemBeg, (void*)kHighMemEnd); 3115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Printf("|| `[%p, %p]` || HighShadow ||\n", 3125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (void*)kHighShadowBeg, (void*)kHighShadowEnd); 3135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Printf("|| `[%p, %p]` || ShadowGap ||\n", 3145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (void*)kShadowGapBeg, (void*)kShadowGapEnd); 3155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Printf("|| `[%p, %p]` || LowShadow ||\n", 3165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (void*)kLowShadowBeg, (void*)kLowShadowEnd); 3175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Printf("|| `[%p, %p]` || LowMem ||\n", 3185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (void*)kLowMemBeg, (void*)kLowMemEnd); 3195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Printf("MemToShadow(shadow): %p %p %p %p\n", 3205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (void*)MEM_TO_SHADOW(kLowShadowBeg), 3215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (void*)MEM_TO_SHADOW(kLowShadowEnd), 3225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (void*)MEM_TO_SHADOW(kHighShadowBeg), 3235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (void*)MEM_TO_SHADOW(kHighShadowEnd)); 3245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Printf("red_zone=%zu\n", (uptr)flags()->redzone); 3255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Printf("malloc_context_size=%zu\n", (uptr)flags()->malloc_context_size); 3265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Printf("SHADOW_SCALE: %zx\n", (uptr)SHADOW_SCALE); 3285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Printf("SHADOW_GRANULARITY: %zx\n", (uptr)SHADOW_GRANULARITY); 3295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Printf("SHADOW_OFFSET: %zx\n", (uptr)SHADOW_OFFSET); 3305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(SHADOW_SCALE >= 3 && SHADOW_SCALE <= 7); 3315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (flags()->disable_core) { 3345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DisableCoreDumper(); 3355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uptr shadow_start = kLowShadowBeg; 3385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (kLowShadowBeg > 0) shadow_start -= kMmapGranularity; 3395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) uptr shadow_end = kHighShadowEnd; 3405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (MemoryRangeIsAvailable(shadow_start, shadow_end)) { 3415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (kLowShadowBeg != kLowShadowEnd) { 3425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // mmap the low shadow plus at least one page. 3435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReserveShadowMemoryRange(kLowShadowBeg - kMmapGranularity, kLowShadowEnd); 3445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // mmap the high shadow. 3465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ReserveShadowMemoryRange(kHighShadowBeg, kHighShadowEnd); 3475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // protect the gap 3485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void *prot = Mprotect(kShadowGapBeg, kShadowGapEnd - kShadowGapBeg + 1); 3495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(prot == (void*)kShadowGapBeg); 3505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 3515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Report("Shadow memory range interleaves with an existing memory mapping. " 3525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "ASan cannot proceed correctly. ABORTING.\n"); 3535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DumpProcessMap(); 3545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Die(); 3555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) InstallSignalHandlers(); 3585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // On Linux AsanThread::ThreadStart() calls malloc() that's why asan_inited 3605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // should be set to 1 prior to initializing the threads. 3615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) asan_inited = 1; 3625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) asan_init_is_running = false; 3635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) asanThreadRegistry().Init(); 3655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) asanThreadRegistry().GetMain()->ThreadStart(); 3665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) force_interface_symbols(); // no-op. 3675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (flags()->verbosity) { 3695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Report("AddressSanitizer Init done\n"); 3705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(ASAN_USE_PREINIT_ARRAY) 3745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // On Linux, we force __asan_init to be called before anyone else 3755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // by placing it into .preinit_array section. 3765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // FIXME: do we have anything like this on Mac? 3775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) __attribute__((section(".preinit_array"))) 3785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) typeof(__asan_init) *__asan_preinit =__asan_init; 3795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#elif defined(_WIN32) && defined(_DLL) 3805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // On Windows, when using dynamic CRT (/MD), we can put a pointer 3815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // to __asan_init into the global list of C initializers. 3825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // See crt0dat.c in the CRT sources for the details. 3835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) #pragma section(".CRT$XIB", long, read) // NOLINT 3845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) __declspec(allocate(".CRT$XIB")) void (*__asan_preinit)() = __asan_init; 3855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 3865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)