Re: [PATCH] Add AddressSanitizer annotations to std::vector

[Jonathan Wakely <jwakely at redhat dot com>]

On 06/07/17 20:23 +0300, Ivan Baravy wrote:
> On 07/05/2017 10:00 PM, Jonathan Wakely wrote:
> > This patch adds AddressSanitizer annotations to std::vector, so that
> > ASan can detect out-of-bounds accesses to the unused capacity of a
> > vector. e.g.
> >
> >   std::vector<int> v(2);
> >   int* p = v.data();
> >   v.pop_back();
> >   return p[1];  // ERROR
> >
> > This cannot be detected by Debug Mode, but with these annotations ASan
> > knows that only v.data()[0] is valid and will give an error.
> >
> > The annotations are only enabled for vector<T, std::allocator<T>> and
> > only when std::allocator's base class is either malloc_allocator or
> > new_allocator. For other allocators the memory might not come from the
> > freestore and so isn't tracked by ASan.
> >
> > Something similar has been on the google branches for some time:
> > https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=207517
> > This patch is a complete rewrite from scratch, because the google code
> > was not exception safe. If an exception happened while appending
> > elements to a vector, so that the size didn't change, the google code
> > did not undo the annotation for the increased size. It also didn't
> > annotate before deallocating, to mark the unused capacity as valid
> > again.
> >
> > We can probably do similar annotations for std::deque, so that
> > partially filled pages are annotated. I also have a patch for
> > shared_ptr so that objects created by make_shared can be marked as
> > invalid after they're destroyed.
>
> Could you share your plans on sanitization of other standard containers?
> My particular interest is in std::string which I'm working on now.

I might make similar changes to std::deque, but not immediately. I
have no plans to do anything with std::string (because you said you're
working on it).

> Also, will you backport the feature to GCC7 and GCC6?

No, probably not.

> > 	* config/allocator/malloc_allocator_base.h [__SANITIZE_ADDRESS__]
> > 	(_GLIBCXX_SANITIZE_STD_ALLOCATOR): Define.
> > 	* config/allocator/new_allocator_base.h [__SANITIZE_ADDRESS__]
> > 	(_GLIBCXX_SANITIZE_STD_ALLOCATOR): Define.
> > 	* include/bits/stl_vector.h [_GLIBCXX_SANITIZE_STD_ALLOCATOR]
> > 	(_Vector_impl::_Asan, _Vector_impl::_Asan::_Reinit)
> > 	(_Vector_impl::_Asan::_Grow, _GLIBCXX_ASAN_ANNOTATE_REINIT)
> > 	(_GLIBCXX_ASAN_ANNOTATE_GROW, _GLIBCXX_ASAN_ANNOTATE_GREW)
> > 	(_GLIBCXX_ASAN_ANNOTATE_SHRINK, _GLIBCXX_ASAN_ANNOTATE_BEFORE_DEALLOC):
> > 	Define annotation helper types and macros.
> > 	(vector::~vector, vector::push_back, vector::pop_back)
> > 	(vector::_M_erase_at_end): Add annotations.
> > 	* include/bits/vector.tcc (vector::reserve, vector::emplace_back)
> > 	(vector::insert, vector::_M_erase, vector::operator=)
> > 	(vector::_M_fill_assign, vector::_M_assign_aux)
> > 	(vector::_M_insert_rval, vector::_M_emplace_aux)
> > 	(vector::_M_insert_aux, vector::_M_realloc_insert)
> > 	(vector::_M_fill_insert, vector::_M_default_append)
> > 	(vector::_M_shrink_to_fit, vector::_M_range_insert): Annotate.
> >
> > Tested x86_64-linux (using -fsanitize=address, with some local patches
> > to the testsuite) and powerpc64le-linux.
> >
> > I plan to commit this to trunk tomorrow.