[v2] Support ASan ODR indicators at compiler side.

Message ID	5829796A.4080602@samsung.com
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of gcc-patches-return-441314-patch=linaro.org@gcc.gnu.org designates 209.132.180.131 as permitted sender) client-ip=209.132.180.131; DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :subject:to:cc:from:message-id:date:mime-version:in-reply-to :content-type:references; q=dns; s=default; b=mlDZ/E8hQcTZV0E7mH lIYwATZ0ZJTbcboy1yJMCIu2OvtsEBzIF7ra+vIvVGocRnmNK7Ku7+KbmmVGOMuc V1iqD+9+JUEw0ZK0EIzyWuSgoOAW8/OV4DqpbUsY02GHq0kKfhxQjVJMiqB307+W lICuHUidetoTCzxgiAexD/slE= Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk Sender: gcc-patches-owner@gcc.gnu.org Subject: [PATCH v2] Support ASan ODR indicators at compiler side. To: Jakub Jelinek <jakub@redhat.com> Cc: GCC Patches <gcc-patches@gcc.gnu.org>, Yuri Gribov <tetra2005@gmail.com> From: Maxim Ostapenko <m.ostapenko@samsung.com> Message-id: <5829796A.4080602@samsung.com> Date: Mon, 14 Nov 2016 11:44:26 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-version: 1.0 In-reply-to: <20161107085233.GD3541@tucnak.redhat.com> Content-type: multipart/mixed; boundary=------------050400060009010701050906 CMS-TYPE: 201P References: <582039C4.4040606@samsung.com> <CGME20161107083119eucas1p25c96348950eded7dd68ae9813db3c2cb@eucas1p2.samsung.com> <58203BD6.7060800@samsung.com> <20161107085233.GD3541@tucnak.redhat.com>

Maxim Ostapenko Nov. 14, 2016, 8:44 a.m. UTC

Hi,

this is the second attempt to support ASan odr indicators in GCC. I've 
fixed issues with several flags (e.g.TREE_ADDRESSABLE) and introduced 
new "asan odr indicator" attribute to distinguish indicators from other 
symbols.
Looks better now?

Tested and ASan bootstrapped on x86_64-unknown-linux-gnu.

-Maxim

Jakub Jelinek Nov. 21, 2016, 11:38 a.m. UTC | #1

On Mon, Nov 14, 2016 at 11:44:26AM +0300, Maxim Ostapenko wrote:
> this is the second attempt to support ASan odr indicators in GCC. I've fixed

> issues with several flags (e.g.TREE_ADDRESSABLE) and introduced new "asan

> odr indicator" attribute to distinguish indicators from other symbols.

> Looks better now?

> 

> Tested and ASan bootstrapped on x86_64-unknown-linux-gnu.

> 

> -Maxim


> config/

> 

> 	* bootstrap-asan.mk: Replace LSAN_OPTIONS=detect_leaks=0 with

> 	ASAN_OPTIONS=detect_leaks=0:use_odr_indicator=1.

> 

> gcc/

> 

> 	* asan.c (asan_global_struct): Refactor.

> 	(create_odr_indicator): New function.

> 	(asan_needs_odr_indicator_p): Likewise.

> 	(is_odr_indicator): Likewise.

> 	(asan_add_global): Introduce odr_indicator_ptr. Pass it into global's

> 	constructor.

> 	(asan_protect_global): Do not protect odr indicators.

> 

> gcc/c-family/

> 

> 	* c-attribs.c (asan odr indicator): New attribute.

> 	(handle_asan_odr_indicator_attribute): New function.

> 

> gcc/testsuite/

> 

> 	* c-c++-common/asan/no-redundant-odr-indicators-1.c: New test.

> 

> diff --git a/config/ChangeLog b/config/ChangeLog

> index 3b0092b..0c75185 100644

> --- a/config/ChangeLog

> +++ b/config/ChangeLog

> @@ -1,3 +1,8 @@

> +2016-11-14  Maxim Ostapenko  <m.ostapenko@samsung.com>

> +

> +	* bootstrap-asan.mk: Replace LSAN_OPTIONS=detect_leaks=0 with

> +	ASAN_OPTIONS=detect_leaks=0:use_odr_indicator=1.

> +

>  2016-06-21  Trevor Saunders  <tbsaunde+gcc@tbsaunde.org>

>  

>  	* elf.m4: Remove interix support.

> diff --git a/config/bootstrap-asan.mk b/config/bootstrap-asan.mk

> index 70baaf9..e73d4c2 100644

> --- a/config/bootstrap-asan.mk

> +++ b/config/bootstrap-asan.mk

> @@ -1,7 +1,7 @@

>  # This option enables -fsanitize=address for stage2 and stage3.

>  

>  # Suppress LeakSanitizer in bootstrap.

> -export LSAN_OPTIONS="detect_leaks=0"

> +export ASAN_OPTIONS=detect_leaks=0:use_odr_indicator=1

>  

>  STAGE2_CFLAGS += -fsanitize=address

>  STAGE3_CFLAGS += -fsanitize=address

> diff --git a/gcc/ChangeLog b/gcc/ChangeLog

> index a76e3e8..64744b9 100644

> --- a/gcc/ChangeLog

> +++ b/gcc/ChangeLog

> @@ -1,3 +1,13 @@

> +2016-11-14  Maxim Ostapenko  <m.ostapenko@samsung.com>

> +

> +	* asan.c (asan_global_struct): Refactor.

> +	(create_odr_indicator): New function.

> +	(asan_needs_odr_indicator_p): Likewise.

> +	(is_odr_indicator): Likewise.

> +	(asan_add_global): Introduce odr_indicator_ptr. Pass it into global's

> +	constructor.

> +	(asan_protect_global): Do not protect odr indicators.

> +

>  2016-11-09  Kugan Vivekanandarajah  <kuganv@linaro.org>

>  

>  	* ipa-cp.c (ipa_get_jf_pass_through_result): Handle unary expressions.

> diff --git a/gcc/asan.c b/gcc/asan.c

> index 6e93ea3..1191ebe 100644

> --- a/gcc/asan.c

> +++ b/gcc/asan.c

> @@ -1388,6 +1388,16 @@ asan_needs_local_alias (tree decl)

>    return DECL_WEAK (decl) || !targetm.binds_local_p (decl);

>  }

>  

> +/* Return true if DECL, a global var, is an artificial ODR indicator symbol

> +   therefore doesn't need protection.  */

> +

> +static bool

> +is_odr_indicator (tree decl)

> +{

> +  return DECL_ARTIFICIAL (decl)

> +	 && lookup_attribute ("asan odr indicator", DECL_ATTRIBUTES (decl));


Better use
  return (DECL_ARTIFICIAL (decl)
	  && lookup_attribute ("asan odr indicator", DECL_ATTRIBUTES (decl)));
at least emacs users most likely need that.

> -	"__name", "__module_name", "__has_dynamic_init", "__location", "__odr_indicator"};

> -  tree fields[8], ret;

> -  int i;

> +	"__name", "__module_name", "__has_dynamic_init", "__location",

> +	"__odr_indicator"};


Please put space before };.

> +/* Create and return odr indicator symbol for DECL.

> +   TYPE is __asan_global struct type as returned by asan_global_struct.  */

> +

> +static tree

> +create_odr_indicator (tree decl, tree type)

> +{

> +  char sym_name[100], tmp_name[100];

> +  static int lasan_odr_ind_cnt = 0;

> +  tree uptr = TREE_TYPE (DECL_CHAIN (TYPE_FIELDS (type)));

> +

> +  snprintf (tmp_name, sizeof (tmp_name), "__odr_asan_%s_",

> +	    IDENTIFIER_POINTER (DECL_NAME (decl)));

> +  ASM_GENERATE_INTERNAL_LABEL (sym_name, tmp_name, ++lasan_odr_ind_cnt);


This is just weird.  DECL_NAME in theory could be NULL, or can be a symbol
much longer than 100 bytes, at which point you have strlen (tmp_name) == 99
and ASM_GENERATE_INTERNAL_LABEL will just misbehave.
I fail to see why you need tmp_name at all, I'd go just with
  char sym_name[40];
  ASM_GENERATE_INTERNAL_LABEL (sym_name, "LASANODR", ++lasan_odr_ind_cnt);
or so.

> +  char *asterisk = sym_name;

> +  while ((asterisk = strchr (asterisk, '*')))

> +    *asterisk = '_';


Can't * be just at the beginning?  And other ASM_GENERATE_INTERNAL_LABEL +
build_decl with get_identifier spots in asan.c certainly don't strip any.

> @@ -2335,6 +2397,9 @@ asan_add_global (tree decl, tree type, vec<constructor_elt, va_gc> *v)

>        assemble_alias (refdecl, DECL_ASSEMBLER_NAME (decl));

>      }

>  

> +  tree odr_indicator_ptr = asan_needs_odr_indicator_p (decl)

> +			     ? create_odr_indicator (decl, type)

> +			     : build_int_cst (uptr, 0);


Again for emacs users I think you want () around the whole RHS.

> +/* Handle an "asan odr indicator" attribute; arguments as in

> +   struct attribute_spec.handler.  */

> +

> +static tree

> +handle_asan_odr_indicator_attribute (tree *node, tree name, tree, int,

> +				     bool *no_add_attrs)

> +{

> +  if (!VAR_P (*node))

> +    {

> +      warning (OPT_Wattributes, "%qE attribute ignored", name);

> +      *no_add_attrs = true;

> +    }


Why not just return NULL_TREE and all arguments nameless?
This isn't user accessible attribute, so it shouldn't be misplaced.

	Jakub

Yuri Gribov Nov. 21, 2016, 11:43 a.m. UTC | #2

On Mon, Nov 21, 2016 at 11:38 AM, Jakub Jelinek <jakub@redhat.com> wrote:
> On Mon, Nov 14, 2016 at 11:44:26AM +0300, Maxim Ostapenko wrote:

>> this is the second attempt to support ASan odr indicators in GCC. I've fixed

>> issues with several flags (e.g.TREE_ADDRESSABLE) and introduced new "asan

>> odr indicator" attribute to distinguish indicators from other symbols.

>> Looks better now?

>>

>> Tested and ASan bootstrapped on x86_64-unknown-linux-gnu.

>>

>> -Maxim

>

>> config/

>>

>>       * bootstrap-asan.mk: Replace LSAN_OPTIONS=detect_leaks=0 with

>>       ASAN_OPTIONS=detect_leaks=0:use_odr_indicator=1.

>>

>> gcc/

>>

>>       * asan.c (asan_global_struct): Refactor.

>>       (create_odr_indicator): New function.

>>       (asan_needs_odr_indicator_p): Likewise.

>>       (is_odr_indicator): Likewise.

>>       (asan_add_global): Introduce odr_indicator_ptr. Pass it into global's

>>       constructor.

>>       (asan_protect_global): Do not protect odr indicators.

>>

>> gcc/c-family/

>>

>>       * c-attribs.c (asan odr indicator): New attribute.

>>       (handle_asan_odr_indicator_attribute): New function.

>>

>> gcc/testsuite/

>>

>>       * c-c++-common/asan/no-redundant-odr-indicators-1.c: New test.

>>

>> diff --git a/config/ChangeLog b/config/ChangeLog

>> index 3b0092b..0c75185 100644

>> --- a/config/ChangeLog

>> +++ b/config/ChangeLog

>> @@ -1,3 +1,8 @@

>> +2016-11-14  Maxim Ostapenko  <m.ostapenko@samsung.com>

>> +

>> +     * bootstrap-asan.mk: Replace LSAN_OPTIONS=detect_leaks=0 with

>> +     ASAN_OPTIONS=detect_leaks=0:use_odr_indicator=1.

>> +

>>  2016-06-21  Trevor Saunders  <tbsaunde+gcc@tbsaunde.org>

>>

>>       * elf.m4: Remove interix support.

>> diff --git a/config/bootstrap-asan.mk b/config/bootstrap-asan.mk

>> index 70baaf9..e73d4c2 100644

>> --- a/config/bootstrap-asan.mk

>> +++ b/config/bootstrap-asan.mk

>> @@ -1,7 +1,7 @@

>>  # This option enables -fsanitize=address for stage2 and stage3.

>>

>>  # Suppress LeakSanitizer in bootstrap.

>> -export LSAN_OPTIONS="detect_leaks=0"

>> +export ASAN_OPTIONS=detect_leaks=0:use_odr_indicator=1

>>

>>  STAGE2_CFLAGS += -fsanitize=address

>>  STAGE3_CFLAGS += -fsanitize=address

>> diff --git a/gcc/ChangeLog b/gcc/ChangeLog

>> index a76e3e8..64744b9 100644

>> --- a/gcc/ChangeLog

>> +++ b/gcc/ChangeLog

>> @@ -1,3 +1,13 @@

>> +2016-11-14  Maxim Ostapenko  <m.ostapenko@samsung.com>

>> +

>> +     * asan.c (asan_global_struct): Refactor.

>> +     (create_odr_indicator): New function.

>> +     (asan_needs_odr_indicator_p): Likewise.

>> +     (is_odr_indicator): Likewise.

>> +     (asan_add_global): Introduce odr_indicator_ptr. Pass it into global's

>> +     constructor.

>> +     (asan_protect_global): Do not protect odr indicators.

>> +

>>  2016-11-09  Kugan Vivekanandarajah  <kuganv@linaro.org>

>>

>>       * ipa-cp.c (ipa_get_jf_pass_through_result): Handle unary expressions.

>> diff --git a/gcc/asan.c b/gcc/asan.c

>> index 6e93ea3..1191ebe 100644

>> --- a/gcc/asan.c

>> +++ b/gcc/asan.c

>> @@ -1388,6 +1388,16 @@ asan_needs_local_alias (tree decl)

>>    return DECL_WEAK (decl) || !targetm.binds_local_p (decl);

>>  }

>>

>> +/* Return true if DECL, a global var, is an artificial ODR indicator symbol

>> +   therefore doesn't need protection.  */

>> +

>> +static bool

>> +is_odr_indicator (tree decl)

>> +{

>> +  return DECL_ARTIFICIAL (decl)

>> +      && lookup_attribute ("asan odr indicator", DECL_ATTRIBUTES (decl));

>

> Better use

>   return (DECL_ARTIFICIAL (decl)

>           && lookup_attribute ("asan odr indicator", DECL_ATTRIBUTES (decl)));

> at least emacs users most likely need that.

>

>> -     "__name", "__module_name", "__has_dynamic_init", "__location", "__odr_indicator"};

>> -  tree fields[8], ret;

>> -  int i;

>> +     "__name", "__module_name", "__has_dynamic_init", "__location",

>> +     "__odr_indicator"};

>

> Please put space before };.

>

>> +/* Create and return odr indicator symbol for DECL.

>> +   TYPE is __asan_global struct type as returned by asan_global_struct.  */

>> +

>> +static tree

>> +create_odr_indicator (tree decl, tree type)

>> +{

>> +  char sym_name[100], tmp_name[100];

>> +  static int lasan_odr_ind_cnt = 0;

>> +  tree uptr = TREE_TYPE (DECL_CHAIN (TYPE_FIELDS (type)));

>> +

>> +  snprintf (tmp_name, sizeof (tmp_name), "__odr_asan_%s_",

>> +         IDENTIFIER_POINTER (DECL_NAME (decl)));

>> +  ASM_GENERATE_INTERNAL_LABEL (sym_name, tmp_name, ++lasan_odr_ind_cnt);

>

> This is just weird.  DECL_NAME in theory could be NULL, or can be a symbol

> much longer than 100 bytes, at which point you have strlen (tmp_name) == 99

> and ASM_GENERATE_INTERNAL_LABEL will just misbehave.

> I fail to see why you need tmp_name at all, I'd go just with

>   char sym_name[40];

>   ASM_GENERATE_INTERNAL_LABEL (sym_name, "LASANODR", ++lasan_odr_ind_cnt);

> or so.


Given that feature is quite new and hasn't been tested too much (it's
off by default in Clang), having a descriptive name may aid with
debugging bug reports.

>> +  char *asterisk = sym_name;

>> +  while ((asterisk = strchr (asterisk, '*')))

>> +    *asterisk = '_';

>

> Can't * be just at the beginning?  And other ASM_GENERATE_INTERNAL_LABEL +

> build_decl with get_identifier spots in asan.c certainly don't strip any.

>

>> @@ -2335,6 +2397,9 @@ asan_add_global (tree decl, tree type, vec<constructor_elt, va_gc> *v)

>>        assemble_alias (refdecl, DECL_ASSEMBLER_NAME (decl));

>>      }

>>

>> +  tree odr_indicator_ptr = asan_needs_odr_indicator_p (decl)

>> +                          ? create_odr_indicator (decl, type)

>> +                          : build_int_cst (uptr, 0);

>

> Again for emacs users I think you want () around the whole RHS.

>

>> +/* Handle an "asan odr indicator" attribute; arguments as in

>> +   struct attribute_spec.handler.  */

>> +

>> +static tree

>> +handle_asan_odr_indicator_attribute (tree *node, tree name, tree, int,

>> +                                  bool *no_add_attrs)

>> +{

>> +  if (!VAR_P (*node))

>> +    {

>> +      warning (OPT_Wattributes, "%qE attribute ignored", name);

>> +      *no_add_attrs = true;

>> +    }

>

> Why not just return NULL_TREE and all arguments nameless?

> This isn't user accessible attribute, so it shouldn't be misplaced.

>

>         Jakub

Jakub Jelinek Nov. 21, 2016, 11:50 a.m. UTC | #3

On Mon, Nov 21, 2016 at 11:43:56AM +0000, Yuri Gribov wrote:
> > This is just weird.  DECL_NAME in theory could be NULL, or can be a symbol

> > much longer than 100 bytes, at which point you have strlen (tmp_name) == 99

> > and ASM_GENERATE_INTERNAL_LABEL will just misbehave.

> > I fail to see why you need tmp_name at all, I'd go just with

> >   char sym_name[40];

> >   ASM_GENERATE_INTERNAL_LABEL (sym_name, "LASANODR", ++lasan_odr_ind_cnt);

> > or so.

> 

> Given that feature is quite new and hasn't been tested too much (it's

> off by default in Clang), having a descriptive name may aid with

> debugging bug reports.

What would those symbols help with in debugging bug reports?
You need to have a source reproducer anyway, then anybody can try it
himself.  Even from just pure *.s file, you can look up where the
.LASANODR1234 is used and from there find the corresponding symbol.
Plus, as I said, with 95 chars or longer symbols (approx.) you get a buffer
overflow.  We don't use descriptive symbols in other internal asan, dwarf2
etc. labels.

	Jakub

Yuri Gribov Nov. 21, 2016, 12:09 p.m. UTC | #4

On Mon, Nov 21, 2016 at 11:50 AM, Jakub Jelinek <jakub@redhat.com> wrote:
> On Mon, Nov 21, 2016 at 11:43:56AM +0000, Yuri Gribov wrote:

>> > This is just weird.  DECL_NAME in theory could be NULL, or can be a symbol

>> > much longer than 100 bytes, at which point you have strlen (tmp_name) == 99

>> > and ASM_GENERATE_INTERNAL_LABEL will just misbehave.

>> > I fail to see why you need tmp_name at all, I'd go just with

>> >   char sym_name[40];

>> >   ASM_GENERATE_INTERNAL_LABEL (sym_name, "LASANODR", ++lasan_odr_ind_cnt);

>> > or so.

>>

>> Given that feature is quite new and hasn't been tested too much (it's

>> off by default in Clang), having a descriptive name may aid with

>> debugging bug reports.

>

> What would those symbols help with in debugging bug reports?

> You need to have a source reproducer anyway, then anybody can try it

> himself.


Well, in case of some weird symbol error at startup we can at least
understand which library/symbol to blame.

> Even from just pure *.s file, you can look up where the

> .LASANODR1234 is used and from there find the corresponding symbol.

> Plus, as I said, with 95 chars or longer symbols (approx.) you get a buffer

> overflow.  We don't use descriptive symbols in other internal asan, dwarf2

> etc. labels.


Note that indicators need to have default visibility so simple scheme
like this will cause runtime collisions.

-Iurii

Jakub Jelinek Nov. 21, 2016, 12:17 p.m. UTC | #5

On Mon, Nov 21, 2016 at 12:09:30PM +0000, Yuri Gribov wrote:
> On Mon, Nov 21, 2016 at 11:50 AM, Jakub Jelinek <jakub@redhat.com> wrote:

> > On Mon, Nov 21, 2016 at 11:43:56AM +0000, Yuri Gribov wrote:

> >> > This is just weird.  DECL_NAME in theory could be NULL, or can be a symbol

> >> > much longer than 100 bytes, at which point you have strlen (tmp_name) == 99

> >> > and ASM_GENERATE_INTERNAL_LABEL will just misbehave.

> >> > I fail to see why you need tmp_name at all, I'd go just with

> >> >   char sym_name[40];

> >> >   ASM_GENERATE_INTERNAL_LABEL (sym_name, "LASANODR", ++lasan_odr_ind_cnt);

> >> > or so.

> >>

> >> Given that feature is quite new and hasn't been tested too much (it's

> >> off by default in Clang), having a descriptive name may aid with

> >> debugging bug reports.

> >

> > What would those symbols help with in debugging bug reports?

> > You need to have a source reproducer anyway, then anybody can try it

> > himself.

> 

> Well, in case of some weird symbol error at startup we can at least

> understand which library/symbol to blame.

> 

> > Even from just pure *.s file, you can look up where the

> > .LASANODR1234 is used and from there find the corresponding symbol.

> > Plus, as I said, with 95 chars or longer symbols (approx.) you get a buffer

> > overflow.  We don't use descriptive symbols in other internal asan, dwarf2

> > etc. labels.

> 

> Note that indicators need to have default visibility so simple scheme

> like this will cause runtime collisions.


But then why do you use ASM_GENERATE_INTERNAL_LABEL?  That is for internal
labels.  If the indicators are visible outside of TUs, then their mangling
is an ABI thing.  In that case you shouldn't add any kind of counter
to them, but you should use something like __asan_odr.<name> or something
similar, and if . is not supported in symbol names, use $ instead and if
neither, then just disable the odr indicators.

Or how exactly are these odr indicators supposed to work?

	Jakub

Maxim Ostapenko Nov. 21, 2016, 12:19 p.m. UTC | #6

On 21/11/16 15:17, Jakub Jelinek wrote:
> On Mon, Nov 21, 2016 at 12:09:30PM +0000, Yuri Gribov wrote:

>> On Mon, Nov 21, 2016 at 11:50 AM, Jakub Jelinek <jakub@redhat.com> wrote:

>>> On Mon, Nov 21, 2016 at 11:43:56AM +0000, Yuri Gribov wrote:

>>>>> This is just weird.  DECL_NAME in theory could be NULL, or can be a symbol

>>>>> much longer than 100 bytes, at which point you have strlen (tmp_name) == 99

>>>>> and ASM_GENERATE_INTERNAL_LABEL will just misbehave.

>>>>> I fail to see why you need tmp_name at all, I'd go just with

>>>>>    char sym_name[40];

>>>>>    ASM_GENERATE_INTERNAL_LABEL (sym_name, "LASANODR", ++lasan_odr_ind_cnt);

>>>>> or so.

>>>> Given that feature is quite new and hasn't been tested too much (it's

>>>> off by default in Clang), having a descriptive name may aid with

>>>> debugging bug reports.

>>> What would those symbols help with in debugging bug reports?

>>> You need to have a source reproducer anyway, then anybody can try it

>>> himself.

>> Well, in case of some weird symbol error at startup we can at least

>> understand which library/symbol to blame.

>>

>>> Even from just pure *.s file, you can look up where the

>>> .LASANODR1234 is used and from there find the corresponding symbol.

>>> Plus, as I said, with 95 chars or longer symbols (approx.) you get a buffer

>>> overflow.  We don't use descriptive symbols in other internal asan, dwarf2

>>> etc. labels.

>> Note that indicators need to have default visibility so simple scheme

>> like this will cause runtime collisions.

> But then why do you use ASM_GENERATE_INTERNAL_LABEL?  That is for internal

> labels.  If the indicators are visible outside of TUs, then their mangling

> is an ABI thing.  In that case you shouldn't add any kind of counter

> to them, but you should use something like __asan_odr.<name> or something

> similar, and if . is not supported in symbol names, use $ instead and if

> neither, then just disable the odr indicators.

>

> Or how exactly are these odr indicators supposed to work?


Yes, you just caught an error, __asan_odr.<name> is right thing to do 
here. I'm sorry about this.

>

> 	Jakub

>

>

>

Maxim Ostapenko Nov. 21, 2016, 12:43 p.m. UTC | #7

On 21/11/16 15:17, Jakub Jelinek wrote:
> On Mon, Nov 21, 2016 at 12:09:30PM +0000, Yuri Gribov wrote:

>> On Mon, Nov 21, 2016 at 11:50 AM, Jakub Jelinek <jakub@redhat.com> wrote:

>>> On Mon, Nov 21, 2016 at 11:43:56AM +0000, Yuri Gribov wrote:

>>>>> This is just weird.  DECL_NAME in theory could be NULL, or can be a symbol

>>>>> much longer than 100 bytes, at which point you have strlen (tmp_name) == 99

>>>>> and ASM_GENERATE_INTERNAL_LABEL will just misbehave.

>>>>> I fail to see why you need tmp_name at all, I'd go just with

>>>>>    char sym_name[40];

>>>>>    ASM_GENERATE_INTERNAL_LABEL (sym_name, "LASANODR", ++lasan_odr_ind_cnt);

>>>>> or so.

>>>> Given that feature is quite new and hasn't been tested too much (it's

>>>> off by default in Clang), having a descriptive name may aid with

>>>> debugging bug reports.

>>> What would those symbols help with in debugging bug reports?

>>> You need to have a source reproducer anyway, then anybody can try it

>>> himself.

>> Well, in case of some weird symbol error at startup we can at least

>> understand which library/symbol to blame.

>>

>>> Even from just pure *.s file, you can look up where the

>>> .LASANODR1234 is used and from there find the corresponding symbol.

>>> Plus, as I said, with 95 chars or longer symbols (approx.) you get a buffer

>>> overflow.  We don't use descriptive symbols in other internal asan, dwarf2

>>> etc. labels.

>> Note that indicators need to have default visibility so simple scheme

>> like this will cause runtime collisions.

> But then why do you use ASM_GENERATE_INTERNAL_LABEL?  That is for internal

> labels.  If the indicators are visible outside of TUs, then their mangling

> is an ABI thing.  In that case you shouldn't add any kind of counter

> to them, but you should use something like __asan_odr.<name> or something

> similar, and if . is not supported in symbol names, use $ instead and if

> neither, then just disable the odr indicators.

>

> Or how exactly are these odr indicators supposed to work?


Odr indicators act as visible "delegates" of protected by ASan globals 
(their private aliases actually). We introduce them to catch cross-dso 
symbols clashing at runtime.
Of course, some people intentionally use ELF interposition and ASan 
would generate false alarm there, but a) we can use suppressions to 
avoid false alarms here and b) I believe in most cases such an alarm 
would indicate a real bug in user's code.

-Maxim

>

> 	Jakub

>

>

>

[v2] Support ASan ODR indicators at compiler side.

Commit Message

Comments

Patch