diff options
Diffstat (limited to 'lib/asan/asan_allocator.cc')
-rw-r--r-- | lib/asan/asan_allocator.cc | 536 |
1 files changed, 123 insertions, 413 deletions
diff --git a/lib/asan/asan_allocator.cc b/lib/asan/asan_allocator.cc index 352cce00fbee..30dd4ceddd88 100644 --- a/lib/asan/asan_allocator.cc +++ b/lib/asan/asan_allocator.cc @@ -24,21 +24,19 @@ // Once freed, the body of the chunk contains the stack trace of the free call. // //===----------------------------------------------------------------------===// - #include "asan_allocator.h" + +#if ASAN_ALLOCATOR_VERSION == 1 #include "asan_interceptors.h" -#include "asan_interface.h" #include "asan_internal.h" -#include "asan_lock.h" #include "asan_mapping.h" #include "asan_stats.h" +#include "asan_report.h" #include "asan_thread.h" #include "asan_thread_registry.h" +#include "sanitizer/asan_interface.h" #include "sanitizer_common/sanitizer_atomic.h" - -#if defined(_WIN32) && !defined(__clang__) -#include <intrin.h> -#endif +#include "sanitizer_common/sanitizer_mutex.h" namespace __asan { @@ -57,43 +55,7 @@ static const uptr kMallocSizeClassStepLog = 26; static const uptr kMallocSizeClassStep = 1UL << kMallocSizeClassStepLog; static const uptr kMaxAllowedMallocSize = - (__WORDSIZE == 32) ? 3UL << 30 : 8UL << 30; - -static inline bool IsAligned(uptr a, uptr alignment) { - return (a & (alignment - 1)) == 0; -} - -static inline uptr Log2(uptr x) { - CHECK(IsPowerOfTwo(x)); -#if !defined(_WIN32) || defined(__clang__) - return __builtin_ctzl(x); -#elif defined(_WIN64) - unsigned long ret; // NOLINT - _BitScanForward64(&ret, x); - return ret; -#else - unsigned long ret; // NOLINT - _BitScanForward(&ret, x); - return ret; -#endif -} - -static inline uptr RoundUpToPowerOfTwo(uptr size) { - CHECK(size); - if (IsPowerOfTwo(size)) return size; - - unsigned long up; // NOLINT -#if !defined(_WIN32) || defined(__clang__) - up = __WORDSIZE - 1 - __builtin_clzl(size); -#elif defined(_WIN64) - _BitScanReverse64(&up, size); -#else - _BitScanReverse(&up, size); -#endif - CHECK(size < (1ULL << (up + 1))); - CHECK(size > (1ULL << up)); - return 1UL << (up + 1); -} + (SANITIZER_WORDSIZE == 32) ? 3UL << 30 : 8UL << 30; static inline uptr SizeClassToSize(u8 size_class) { CHECK(size_class < kNumberOfSizeClasses); @@ -131,7 +93,7 @@ static void PoisonHeapPartialRightRedzone(uptr mem, uptr size) { } static u8 *MmapNewPagesAndPoisonShadow(uptr size) { - CHECK(IsAligned(size, kPageSize)); + CHECK(IsAligned(size, GetPageSizeCached())); u8 *res = (u8*)MmapOrDie(size, __FUNCTION__); PoisonShadow((uptr)res, size, kAsanHeapLeftRedzoneMagic); if (flags()->debug) { @@ -166,7 +128,8 @@ struct ChunkBase { // Second 8 bytes. uptr alignment_log : 8; - uptr used_size : FIRST_32_SECOND_64(32, 56); // Size requested by the user. + uptr alloc_type : 2; + uptr used_size : FIRST_32_SECOND_64(32, 54); // Size requested by the user. // This field may overlap with the user area and thus should not // be used while the chunk is in CHUNK_ALLOCATED state. @@ -198,50 +161,23 @@ struct AsanChunk: public ChunkBase { if (REDZONE < sizeof(ChunkBase)) return 0; return (REDZONE) / sizeof(u32); } +}; - bool AddrIsInside(uptr addr, uptr access_size, uptr *offset) { - if (addr >= Beg() && (addr + access_size) <= (Beg() + used_size)) { - *offset = addr - Beg(); - return true; - } - return false; - } - - bool AddrIsAtLeft(uptr addr, uptr access_size, uptr *offset) { - if (addr < Beg()) { - *offset = Beg() - addr; - return true; - } - return false; - } +uptr AsanChunkView::Beg() { return chunk_->Beg(); } +uptr AsanChunkView::End() { return Beg() + UsedSize(); } +uptr AsanChunkView::UsedSize() { return chunk_->used_size; } +uptr AsanChunkView::AllocTid() { return chunk_->alloc_tid; } +uptr AsanChunkView::FreeTid() { return chunk_->free_tid; } - bool AddrIsAtRight(uptr addr, uptr access_size, uptr *offset) { - if (addr + access_size >= Beg() + used_size) { - if (addr <= Beg() + used_size) - *offset = 0; - else - *offset = addr - (Beg() + used_size); - return true; - } - return false; - } +void AsanChunkView::GetAllocStack(StackTrace *stack) { + StackTrace::UncompressStack(stack, chunk_->compressed_alloc_stack(), + chunk_->compressed_alloc_stack_size()); +} - void DescribeAddress(uptr addr, uptr access_size) { - uptr offset; - AsanPrintf("%p is located ", (void*)addr); - if (AddrIsInside(addr, access_size, &offset)) { - AsanPrintf("%zu bytes inside of", offset); - } else if (AddrIsAtLeft(addr, access_size, &offset)) { - AsanPrintf("%zu bytes to the left of", offset); - } else if (AddrIsAtRight(addr, access_size, &offset)) { - AsanPrintf("%zu bytes to the right of", offset); - } else { - AsanPrintf(" somewhere around (this is AddressSanitizer bug!)"); - } - AsanPrintf(" %zu-byte region [%p,%p)\n", - used_size, (void*)Beg(), (void*)(Beg() + used_size)); - } -}; +void AsanChunkView::GetFreeStack(StackTrace *stack) { + StackTrace::UncompressStack(stack, chunk_->compressed_free_stack(), + chunk_->compressed_free_stack_size()); +} static AsanChunk *PtrToChunk(uptr ptr) { AsanChunk *m = (AsanChunk*)(ptr - REDZONE); @@ -251,37 +187,15 @@ static AsanChunk *PtrToChunk(uptr ptr) { return m; } - void AsanChunkFifoList::PushList(AsanChunkFifoList *q) { CHECK(q->size() > 0); - if (last_) { - CHECK(first_); - CHECK(!last_->next); - last_->next = q->first_; - last_ = q->last_; - } else { - CHECK(!first_); - last_ = q->last_; - first_ = q->first_; - CHECK(first_); - } - CHECK(last_); - CHECK(!last_->next); size_ += q->size(); + append_back(q); q->clear(); } void AsanChunkFifoList::Push(AsanChunk *n) { - CHECK(n->next == 0); - if (last_) { - CHECK(first_); - CHECK(!last_->next); - last_->next = n; - last_ = n; - } else { - CHECK(!first_); - last_ = first_ = n; - } + push_back(n); size_ += n->Size(); } @@ -290,15 +204,9 @@ void AsanChunkFifoList::Push(AsanChunk *n) { // ago. Not sure if we can or want to do anything with this. AsanChunk *AsanChunkFifoList::Pop() { CHECK(first_); - AsanChunk *res = first_; - first_ = first_->next; - if (first_ == 0) - last_ = 0; - CHECK(size_ >= res->Size()); + AsanChunk *res = front(); size_ -= res->Size(); - if (last_) { - CHECK(!last_->next); - } + pop_front(); return res; } @@ -315,14 +223,13 @@ struct PageGroup { class MallocInfo { public: - explicit MallocInfo(LinkerInitialized x) : mu_(x) { } AsanChunk *AllocateChunks(u8 size_class, uptr n_chunks) { AsanChunk *m = 0; AsanChunk **fl = &free_lists_[size_class]; { - ScopedLock lock(&mu_); + BlockingMutexLock lock(&mu_); for (uptr i = 0; i < n_chunks; i++) { if (!(*fl)) { *fl = GetNewChunks(size_class); @@ -340,7 +247,7 @@ class MallocInfo { void SwallowThreadLocalMallocStorage(AsanThreadLocalMallocStorage *x, bool eat_free_lists) { CHECK(flags()->quarantine_size > 0); - ScopedLock lock(&mu_); + BlockingMutexLock lock(&mu_); AsanChunkFifoList *q = &x->quarantine_; if (q->size() > 0) { quarantine_.PushList(q); @@ -364,23 +271,24 @@ class MallocInfo { } void BypassThreadLocalQuarantine(AsanChunk *chunk) { - ScopedLock lock(&mu_); + BlockingMutexLock lock(&mu_); quarantine_.Push(chunk); } - AsanChunk *FindMallocedOrFreed(uptr addr, uptr access_size) { - ScopedLock lock(&mu_); - return FindChunkByAddr(addr); + AsanChunk *FindChunkByAddr(uptr addr) { + BlockingMutexLock lock(&mu_); + return FindChunkByAddrUnlocked(addr); } uptr AllocationSize(uptr ptr) { if (!ptr) return 0; - ScopedLock lock(&mu_); + BlockingMutexLock lock(&mu_); + + // Make sure this is our chunk and |ptr| actually points to the beginning + // of the allocated memory. + AsanChunk *m = FindChunkByAddrUnlocked(ptr); + if (!m || m->Beg() != ptr) return 0; - // first, check if this is our memory - PageGroup *g = FindPageGroupUnlocked(ptr); - if (!g) return 0; - AsanChunk *m = PtrToChunk(ptr); if (m->chunk_state == CHUNK_ALLOCATED) { return m->used_size; } else { @@ -397,7 +305,7 @@ class MallocInfo { } void PrintStatus() { - ScopedLock lock(&mu_); + BlockingMutexLock lock(&mu_); uptr malloced = 0; Printf(" MallocInfo: in quarantine: %zu malloced: %zu; ", @@ -415,7 +323,7 @@ class MallocInfo { } PageGroup *FindPageGroup(uptr addr) { - ScopedLock lock(&mu_); + BlockingMutexLock lock(&mu_); return FindPageGroupUnlocked(addr); } @@ -462,14 +370,14 @@ class MallocInfo { return left_chunk; // Choose based on offset. uptr l_offset = 0, r_offset = 0; - CHECK(left_chunk->AddrIsAtRight(addr, 1, &l_offset)); - CHECK(right_chunk->AddrIsAtLeft(addr, 1, &r_offset)); + CHECK(AsanChunkView(left_chunk).AddrIsAtRight(addr, 1, &l_offset)); + CHECK(AsanChunkView(right_chunk).AddrIsAtLeft(addr, 1, &r_offset)); if (l_offset < r_offset) return left_chunk; return right_chunk; } - AsanChunk *FindChunkByAddr(uptr addr) { + AsanChunk *FindChunkByAddrUnlocked(uptr addr) { PageGroup *g = FindPageGroupUnlocked(addr); if (!g) return 0; CHECK(g->size_of_chunk); @@ -482,17 +390,18 @@ class MallocInfo { m->chunk_state == CHUNK_AVAILABLE || m->chunk_state == CHUNK_QUARANTINE); uptr offset = 0; - if (m->AddrIsInside(addr, 1, &offset)) + AsanChunkView m_view(m); + if (m_view.AddrIsInside(addr, 1, &offset)) return m; - if (m->AddrIsAtRight(addr, 1, &offset)) { + if (m_view.AddrIsAtRight(addr, 1, &offset)) { if (this_chunk_addr == g->last_chunk) // rightmost chunk return m; uptr right_chunk_addr = this_chunk_addr + g->size_of_chunk; CHECK(g->InRange(right_chunk_addr)); return ChooseChunk(addr, m, (AsanChunk*)right_chunk_addr); } else { - CHECK(m->AddrIsAtLeft(addr, 1, &offset)); + CHECK(m_view.AddrIsAtLeft(addr, 1, &offset)); if (this_chunk_addr == g->beg) // leftmost chunk return m; uptr left_chunk_addr = this_chunk_addr - g->size_of_chunk; @@ -533,12 +442,13 @@ class MallocInfo { uptr mmap_size = Max(size, kMinMmapSize); uptr n_chunks = mmap_size / size; CHECK(n_chunks * size == mmap_size); - if (size < kPageSize) { + uptr PageSize = GetPageSizeCached(); + if (size < PageSize) { // Size is small, just poison the last chunk. n_chunks--; } else { // Size is large, allocate an extra page at right and poison it. - mmap_size += kPageSize; + mmap_size += PageSize; } CHECK(n_chunks > 0); u8 *mem = MmapNewPagesAndPoisonShadow(mmap_size); @@ -564,14 +474,14 @@ class MallocInfo { pg->size_of_chunk = size; pg->last_chunk = (uptr)(mem + size * (n_chunks - 1)); int idx = atomic_fetch_add(&n_page_groups_, 1, memory_order_relaxed); - CHECK(idx < (int)ASAN_ARRAY_SIZE(page_groups_)); + CHECK(idx < (int)ARRAY_SIZE(page_groups_)); page_groups_[idx] = pg; return res; } AsanChunk *free_lists_[kNumberOfSizeClasses]; AsanChunkFifoList quarantine_; - AsanLock mu_; + BlockingMutex mu_; PageGroup *page_groups_[kMaxAvailableRam / kMinMmapSize]; atomic_uint32_t n_page_groups_; @@ -584,42 +494,12 @@ void AsanThreadLocalMallocStorage::CommitBack() { malloc_info.SwallowThreadLocalMallocStorage(this, true); } -static void Describe(uptr addr, uptr access_size) { - AsanChunk *m = malloc_info.FindMallocedOrFreed(addr, access_size); - if (!m) return; - m->DescribeAddress(addr, access_size); - CHECK(m->alloc_tid >= 0); - AsanThreadSummary *alloc_thread = - asanThreadRegistry().FindByTid(m->alloc_tid); - AsanStackTrace alloc_stack; - AsanStackTrace::UncompressStack(&alloc_stack, m->compressed_alloc_stack(), - m->compressed_alloc_stack_size()); - AsanThread *t = asanThreadRegistry().GetCurrent(); - CHECK(t); - if (m->free_tid != kInvalidTid) { - AsanThreadSummary *free_thread = - asanThreadRegistry().FindByTid(m->free_tid); - AsanPrintf("freed by thread T%d here:\n", free_thread->tid()); - AsanStackTrace free_stack; - AsanStackTrace::UncompressStack(&free_stack, m->compressed_free_stack(), - m->compressed_free_stack_size()); - free_stack.PrintStack(); - AsanPrintf("previously allocated by thread T%d here:\n", - alloc_thread->tid()); - - alloc_stack.PrintStack(); - t->summary()->Announce(); - free_thread->Announce(); - alloc_thread->Announce(); - } else { - AsanPrintf("allocated by thread T%d here:\n", alloc_thread->tid()); - alloc_stack.PrintStack(); - t->summary()->Announce(); - alloc_thread->Announce(); - } +AsanChunkView FindHeapChunkByAddress(uptr address) { + return AsanChunkView(malloc_info.FindChunkByAddr(address)); } -static u8 *Allocate(uptr alignment, uptr size, AsanStackTrace *stack) { +static u8 *Allocate(uptr alignment, uptr size, StackTrace *stack, + AllocType alloc_type) { __asan_init(); CHECK(stack); if (size == 0) { @@ -676,6 +556,7 @@ static u8 *Allocate(uptr alignment, uptr size, AsanStackTrace *stack) { CHECK(m); CHECK(m->chunk_state == CHUNK_AVAILABLE); m->chunk_state = CHUNK_ALLOCATED; + m->alloc_type = alloc_type; m->next = 0; CHECK(m->Size() == size_to_allocate); uptr addr = (uptr)m + REDZONE; @@ -697,7 +578,7 @@ static u8 *Allocate(uptr alignment, uptr size, AsanStackTrace *stack) { CHECK(m->Beg() == addr); m->alloc_tid = t ? t->tid() : 0; m->free_tid = kInvalidTid; - AsanStackTrace::CompressStack(stack, m->compressed_alloc_stack(), + StackTrace::CompressStack(stack, m->compressed_alloc_stack(), m->compressed_alloc_stack_size()); PoisonShadow(addr, rounded_size, 0); if (size < rounded_size) { @@ -710,7 +591,7 @@ static u8 *Allocate(uptr alignment, uptr size, AsanStackTrace *stack) { return (u8*)addr; } -static void Deallocate(u8 *ptr, AsanStackTrace *stack) { +static void Deallocate(u8 *ptr, StackTrace *stack, AllocType alloc_type) { if (!ptr) return; CHECK(stack); @@ -726,24 +607,21 @@ static void Deallocate(u8 *ptr, AsanStackTrace *stack) { memory_order_acq_rel); if (old_chunk_state == CHUNK_QUARANTINE) { - AsanReport("ERROR: AddressSanitizer attempting double-free on %p:\n", ptr); - stack->PrintStack(); - Describe((uptr)ptr, 1); - ShowStatsAndAbort(); + ReportDoubleFree((uptr)ptr, stack); } else if (old_chunk_state != CHUNK_ALLOCATED) { - AsanReport("ERROR: AddressSanitizer attempting free on address " - "which was not malloc()-ed: %p\n", ptr); - stack->PrintStack(); - ShowStatsAndAbort(); + ReportFreeNotMalloced((uptr)ptr, stack); } CHECK(old_chunk_state == CHUNK_ALLOCATED); + if (m->alloc_type != alloc_type && flags()->alloc_dealloc_mismatch) + ReportAllocTypeMismatch((uptr)ptr, stack, + (AllocType)m->alloc_type, (AllocType)alloc_type); // With REDZONE==16 m->next is in the user area, otherwise it should be 0. CHECK(REDZONE <= 16 || !m->next); CHECK(m->free_tid == kInvalidTid); CHECK(m->alloc_tid >= 0); AsanThread *t = asanThreadRegistry().GetCurrent(); m->free_tid = t ? t->tid() : 0; - AsanStackTrace::CompressStack(stack, m->compressed_free_stack(), + StackTrace::CompressStack(stack, m->compressed_free_stack(), m->compressed_free_stack_size()); uptr rounded_size = RoundUpTo(m->used_size, REDZONE); PoisonShadow((uptr)ptr, rounded_size, kAsanHeapFreeMagic); @@ -769,7 +647,7 @@ static void Deallocate(u8 *ptr, AsanStackTrace *stack) { } static u8 *Reallocate(u8 *old_ptr, uptr new_size, - AsanStackTrace *stack) { + StackTrace *stack) { CHECK(old_ptr && new_size); // Statistics. @@ -781,114 +659,112 @@ static u8 *Reallocate(u8 *old_ptr, uptr new_size, CHECK(m->chunk_state == CHUNK_ALLOCATED); uptr old_size = m->used_size; uptr memcpy_size = Min(new_size, old_size); - u8 *new_ptr = Allocate(0, new_size, stack); + u8 *new_ptr = Allocate(0, new_size, stack, FROM_MALLOC); if (new_ptr) { CHECK(REAL(memcpy) != 0); REAL(memcpy)(new_ptr, old_ptr, memcpy_size); - Deallocate(old_ptr, stack); + Deallocate(old_ptr, stack, FROM_MALLOC); } return new_ptr; } } // namespace __asan -// Malloc hooks declaration. -// ASAN_NEW_HOOK(ptr, size) is called immediately after -// allocation of "size" bytes, which returned "ptr". -// ASAN_DELETE_HOOK(ptr) is called immediately before -// deallocation of "ptr". -// If ASAN_NEW_HOOK or ASAN_DELETE_HOOK is defined, user -// program must provide implementation of this hook. -// If macro is undefined, the hook is no-op. -#ifdef ASAN_NEW_HOOK -extern "C" void ASAN_NEW_HOOK(void *ptr, uptr size); -#else -static inline void ASAN_NEW_HOOK(void *ptr, uptr size) { } -#endif - -#ifdef ASAN_DELETE_HOOK -extern "C" void ASAN_DELETE_HOOK(void *ptr); -#else -static inline void ASAN_DELETE_HOOK(void *ptr) { } +#if !SANITIZER_SUPPORTS_WEAK_HOOKS +// Provide default (no-op) implementation of malloc hooks. +extern "C" { +SANITIZER_WEAK_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE +void __asan_malloc_hook(void *ptr, uptr size) { + (void)ptr; + (void)size; +} +SANITIZER_WEAK_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE +void __asan_free_hook(void *ptr) { + (void)ptr; +} +} // extern "C" #endif namespace __asan { -void *asan_memalign(uptr alignment, uptr size, AsanStackTrace *stack) { - void *ptr = (void*)Allocate(alignment, size, stack); - ASAN_NEW_HOOK(ptr, size); +void PrintInternalAllocatorStats() { +} + +SANITIZER_INTERFACE_ATTRIBUTE +void *asan_memalign(uptr alignment, uptr size, StackTrace *stack, + AllocType alloc_type) { + void *ptr = (void*)Allocate(alignment, size, stack, alloc_type); + ASAN_MALLOC_HOOK(ptr, size); return ptr; } -void asan_free(void *ptr, AsanStackTrace *stack) { - ASAN_DELETE_HOOK(ptr); - Deallocate((u8*)ptr, stack); +SANITIZER_INTERFACE_ATTRIBUTE +void asan_free(void *ptr, StackTrace *stack, AllocType alloc_type) { + ASAN_FREE_HOOK(ptr); + Deallocate((u8*)ptr, stack, alloc_type); } -void *asan_malloc(uptr size, AsanStackTrace *stack) { - void *ptr = (void*)Allocate(0, size, stack); - ASAN_NEW_HOOK(ptr, size); +SANITIZER_INTERFACE_ATTRIBUTE +void *asan_malloc(uptr size, StackTrace *stack) { + void *ptr = (void*)Allocate(0, size, stack, FROM_MALLOC); + ASAN_MALLOC_HOOK(ptr, size); return ptr; } -void *asan_calloc(uptr nmemb, uptr size, AsanStackTrace *stack) { - void *ptr = (void*)Allocate(0, nmemb * size, stack); +void *asan_calloc(uptr nmemb, uptr size, StackTrace *stack) { + void *ptr = (void*)Allocate(0, nmemb * size, stack, FROM_MALLOC); if (ptr) REAL(memset)(ptr, 0, nmemb * size); - ASAN_NEW_HOOK(ptr, nmemb * size); + ASAN_MALLOC_HOOK(ptr, size); return ptr; } -void *asan_realloc(void *p, uptr size, AsanStackTrace *stack) { +void *asan_realloc(void *p, uptr size, StackTrace *stack) { if (p == 0) { - void *ptr = (void*)Allocate(0, size, stack); - ASAN_NEW_HOOK(ptr, size); + void *ptr = (void*)Allocate(0, size, stack, FROM_MALLOC); + ASAN_MALLOC_HOOK(ptr, size); return ptr; } else if (size == 0) { - ASAN_DELETE_HOOK(p); - Deallocate((u8*)p, stack); + ASAN_FREE_HOOK(p); + Deallocate((u8*)p, stack, FROM_MALLOC); return 0; } return Reallocate((u8*)p, size, stack); } -void *asan_valloc(uptr size, AsanStackTrace *stack) { - void *ptr = (void*)Allocate(kPageSize, size, stack); - ASAN_NEW_HOOK(ptr, size); +void *asan_valloc(uptr size, StackTrace *stack) { + void *ptr = (void*)Allocate(GetPageSizeCached(), size, stack, FROM_MALLOC); + ASAN_MALLOC_HOOK(ptr, size); return ptr; } -void *asan_pvalloc(uptr size, AsanStackTrace *stack) { - size = RoundUpTo(size, kPageSize); +void *asan_pvalloc(uptr size, StackTrace *stack) { + uptr PageSize = GetPageSizeCached(); + size = RoundUpTo(size, PageSize); if (size == 0) { // pvalloc(0) should allocate one page. - size = kPageSize; + size = PageSize; } - void *ptr = (void*)Allocate(kPageSize, size, stack); - ASAN_NEW_HOOK(ptr, size); + void *ptr = (void*)Allocate(PageSize, size, stack, FROM_MALLOC); + ASAN_MALLOC_HOOK(ptr, size); return ptr; } int asan_posix_memalign(void **memptr, uptr alignment, uptr size, - AsanStackTrace *stack) { - void *ptr = Allocate(alignment, size, stack); + StackTrace *stack) { + void *ptr = Allocate(alignment, size, stack, FROM_MALLOC); CHECK(IsAligned((uptr)ptr, alignment)); - ASAN_NEW_HOOK(ptr, size); + ASAN_MALLOC_HOOK(ptr, size); *memptr = ptr; return 0; } -uptr asan_malloc_usable_size(void *ptr, AsanStackTrace *stack) { +uptr asan_malloc_usable_size(void *ptr, StackTrace *stack) { CHECK(stack); if (ptr == 0) return 0; uptr usable_size = malloc_info.AllocationSize((uptr)ptr); if (flags()->check_malloc_usable_size && (usable_size == 0)) { - AsanReport("ERROR: AddressSanitizer attempting to call " - "malloc_usable_size() for pointer which is " - "not owned: %p\n", ptr); - stack->PrintStack(); - Describe((uptr)ptr, 1); - ShowStatsAndAbort(); + ReportMallocUsableSizeNotOwned((uptr)ptr, stack); } return usable_size; } @@ -897,10 +773,6 @@ uptr asan_mz_size(const void *ptr) { return malloc_info.AllocationSize((uptr)ptr); } -void DescribeHeapAddress(uptr addr, uptr access_size) { - Describe(addr, access_size); -} - void asan_mz_force_lock() { malloc_info.ForceLock(); } @@ -909,170 +781,11 @@ void asan_mz_force_unlock() { malloc_info.ForceUnlock(); } -// ---------------------- Fake stack-------------------- {{{1 -FakeStack::FakeStack() { - CHECK(REAL(memset) != 0); - REAL(memset)(this, 0, sizeof(*this)); -} - -bool FakeStack::AddrIsInSizeClass(uptr addr, uptr size_class) { - uptr mem = allocated_size_classes_[size_class]; - uptr size = ClassMmapSize(size_class); - bool res = mem && addr >= mem && addr < mem + size; - return res; -} - -uptr FakeStack::AddrIsInFakeStack(uptr addr) { - for (uptr i = 0; i < kNumberOfSizeClasses; i++) { - if (AddrIsInSizeClass(addr, i)) return allocated_size_classes_[i]; - } - return 0; -} - -// We may want to compute this during compilation. -inline uptr FakeStack::ComputeSizeClass(uptr alloc_size) { - uptr rounded_size = RoundUpToPowerOfTwo(alloc_size); - uptr log = Log2(rounded_size); - CHECK(alloc_size <= (1UL << log)); - if (!(alloc_size > (1UL << (log-1)))) { - Printf("alloc_size %zu log %zu\n", alloc_size, log); - } - CHECK(alloc_size > (1UL << (log-1))); - uptr res = log < kMinStackFrameSizeLog ? 0 : log - kMinStackFrameSizeLog; - CHECK(res < kNumberOfSizeClasses); - CHECK(ClassSize(res) >= rounded_size); - return res; -} - -void FakeFrameFifo::FifoPush(FakeFrame *node) { - CHECK(node); - node->next = 0; - if (first_ == 0 && last_ == 0) { - first_ = last_ = node; - } else { - CHECK(first_); - CHECK(last_); - last_->next = node; - last_ = node; - } -} - -FakeFrame *FakeFrameFifo::FifoPop() { - CHECK(first_ && last_ && "Exhausted fake stack"); - FakeFrame *res = 0; - if (first_ == last_) { - res = first_; - first_ = last_ = 0; - } else { - res = first_; - first_ = first_->next; - } - return res; -} - -void FakeStack::Init(uptr stack_size) { - stack_size_ = stack_size; - alive_ = true; -} - -void FakeStack::Cleanup() { - alive_ = false; - for (uptr i = 0; i < kNumberOfSizeClasses; i++) { - uptr mem = allocated_size_classes_[i]; - if (mem) { - PoisonShadow(mem, ClassMmapSize(i), 0); - allocated_size_classes_[i] = 0; - UnmapOrDie((void*)mem, ClassMmapSize(i)); - } - } -} - -uptr FakeStack::ClassMmapSize(uptr size_class) { - return RoundUpToPowerOfTwo(stack_size_); -} - -void FakeStack::AllocateOneSizeClass(uptr size_class) { - CHECK(ClassMmapSize(size_class) >= kPageSize); - uptr new_mem = (uptr)MmapOrDie( - ClassMmapSize(size_class), __FUNCTION__); - // Printf("T%d new_mem[%zu]: %p-%p mmap %zu\n", - // asanThreadRegistry().GetCurrent()->tid(), - // size_class, new_mem, new_mem + ClassMmapSize(size_class), - // ClassMmapSize(size_class)); - uptr i; - for (i = 0; i < ClassMmapSize(size_class); - i += ClassSize(size_class)) { - size_classes_[size_class].FifoPush((FakeFrame*)(new_mem + i)); - } - CHECK(i == ClassMmapSize(size_class)); - allocated_size_classes_[size_class] = new_mem; -} - -uptr FakeStack::AllocateStack(uptr size, uptr real_stack) { - if (!alive_) return real_stack; - CHECK(size <= kMaxStackMallocSize && size > 1); - uptr size_class = ComputeSizeClass(size); - if (!allocated_size_classes_[size_class]) { - AllocateOneSizeClass(size_class); - } - FakeFrame *fake_frame = size_classes_[size_class].FifoPop(); - CHECK(fake_frame); - fake_frame->size_minus_one = size - 1; - fake_frame->real_stack = real_stack; - while (FakeFrame *top = call_stack_.top()) { - if (top->real_stack > real_stack) break; - call_stack_.LifoPop(); - DeallocateFrame(top); - } - call_stack_.LifoPush(fake_frame); - uptr ptr = (uptr)fake_frame; - PoisonShadow(ptr, size, 0); - return ptr; -} - -void FakeStack::DeallocateFrame(FakeFrame *fake_frame) { - CHECK(alive_); - uptr size = fake_frame->size_minus_one + 1; - uptr size_class = ComputeSizeClass(size); - CHECK(allocated_size_classes_[size_class]); - uptr ptr = (uptr)fake_frame; - CHECK(AddrIsInSizeClass(ptr, size_class)); - CHECK(AddrIsInSizeClass(ptr + size - 1, size_class)); - size_classes_[size_class].FifoPush(fake_frame); -} - -void FakeStack::OnFree(uptr ptr, uptr size, uptr real_stack) { - FakeFrame *fake_frame = (FakeFrame*)ptr; - CHECK(fake_frame->magic = kRetiredStackFrameMagic); - CHECK(fake_frame->descr != 0); - CHECK(fake_frame->size_minus_one == size - 1); - PoisonShadow(ptr, size, kAsanStackAfterReturnMagic); -} - } // namespace __asan // ---------------------- Interface ---------------- {{{1 using namespace __asan; // NOLINT -uptr __asan_stack_malloc(uptr size, uptr real_stack) { - if (!flags()->use_fake_stack) return real_stack; - AsanThread *t = asanThreadRegistry().GetCurrent(); - if (!t) { - // TSD is gone, use the real stack. - return real_stack; - } - uptr ptr = t->fake_stack().AllocateStack(size, real_stack); - // Printf("__asan_stack_malloc %p %zu %p\n", ptr, size, real_stack); - return ptr; -} - -void __asan_stack_free(uptr ptr, uptr size, uptr real_stack) { - if (!flags()->use_fake_stack) return; - if (ptr != real_stack) { - FakeStack::OnFree(ptr, size, real_stack); - } -} - // ASan allocator doesn't reserve extra bytes, so normally we would // just return "size". uptr __asan_get_estimated_allocated_size(uptr size) { @@ -1089,12 +802,9 @@ uptr __asan_get_allocated_size(const void *p) { uptr allocated_size = malloc_info.AllocationSize((uptr)p); // Die if p is not malloced or if it is already freed. if (allocated_size == 0) { - AsanReport("ERROR: AddressSanitizer attempting to call " - "__asan_get_allocated_size() for pointer which is " - "not owned: %p\n", p); - PRINT_CURRENT_STACK(); - Describe((uptr)p, 1); - ShowStatsAndAbort(); + GET_STACK_TRACE_FATAL_HERE; + ReportAsanGetAllocatedSizeNotOwned((uptr)p, &stack); } return allocated_size; } +#endif // ASAN_ALLOCATOR_VERSION |