This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Add AddressSanitizer annotations to std::vector

From: Jonathan Wakely <jwakely at redhat dot com>
To: Yuri Gribov <tetra2005 at gmail dot com>
Cc: libstdc++ at gcc dot gnu dot org, GCC Patches <gcc-patches at gcc dot gnu dot org>, Martin Liška <mliska at suse dot cz>, Jakub Jelinek <jakub at redhat dot com>, Kostya Serebryany <kcc at google dot com>
Date: Wed, 5 Jul 2017 21:24:49 +0100
Subject: Re: [PATCH] Add AddressSanitizer annotations to std::vector
Authentication-results: sourceware.org; auth=none
Authentication-results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=jwakely at redhat dot com
Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 37A438E778
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 37A438E778
References: <20170705190010.GA19143@redhat.com> <CAJOtW+60HhFXJzP+Q-WHgzA16F5XZLCSw42w4eP=hwXRxnHngQ@mail.gmail.com>

On 05/07/17 20:44 +0100, Yuri Gribov wrote:

On Wed, Jul 5, 2017 at 8:00 PM, Jonathan Wakely <jwakely@redhat.com> wrote:

This patch adds AddressSanitizer annotations to std::vector, so that
ASan can detect out-of-bounds accesses to the unused capacity of a
vector. e.g.

 std::vector<int> v(2);
 int* p = v.data();
 v.pop_back();
 return p[1];  // ERROR

This cannot be detected by Debug Mode, but with these annotations ASan
knows that only v.data()[0] is valid and will give an error.

The annotations are only enabled for vector<T, std::allocator<T>> and
only when std::allocator's base class is either malloc_allocator or
new_allocator. For other allocators the memory might not come from the
freestore and so isn't tracked by ASan.


One important issue with enabling this by default is that it may
(will?) break separate sanitization (which is extremely important
feature in practice). If one part of application is sanitized but the
other isn't and some poor std::vector is push_back'ed in latter and
then accessed in former, we'll get a false positive because push_back
wouldn't properly annotate memory.


Good point.

Perhaps hide this under a compilation flag (disabled by default)?


If you define _GLIBCXX_SANITIZE_STD_ALLOCATOR to 0 the annotations are
disabled. To make them disabled by default would need some changes, to
use separate macros for "the std::allocator base class can be
sanitized" and "the user wants std::vector to be sanitized".

I'll do that before committing.

Follow-Ups:
- Re: [PATCH] Add AddressSanitizer annotations to std::vector
  - From: Jonathan Wakely

References:
- [PATCH] Add AddressSanitizer annotations to std::vector
  - From: Jonathan Wakely
- Re: [PATCH] Add AddressSanitizer annotations to std::vector
  - From: Yuri Gribov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]