[PATCH] Add AddressSanitizer annotations to std::vector
Jonathan Wakely
jwakely@redhat.com
Fri Jul 21 16:07:00 GMT 2017
On 05/07/17 21:24 +0100, Jonathan Wakely wrote:
>On 05/07/17 20:44 +0100, Yuri Gribov wrote:
>>On Wed, Jul 5, 2017 at 8:00 PM, Jonathan Wakely <jwakely@redhat.com> wrote:
>>>This patch adds AddressSanitizer annotations to std::vector, so that
>>>ASan can detect out-of-bounds accesses to the unused capacity of a
>>>vector. e.g.
>>>
>>> std::vector<int> v(2);
>>> int* p = v.data();
>>> v.pop_back();
>>> return p[1]; // ERROR
>>>
>>>This cannot be detected by Debug Mode, but with these annotations ASan
>>>knows that only v.data()[0] is valid and will give an error.
>>>
>>>The annotations are only enabled for vector<T, std::allocator<T>> and
>>>only when std::allocator's base class is either malloc_allocator or
>>>new_allocator. For other allocators the memory might not come from the
>>>freestore and so isn't tracked by ASan.
>>
>>One important issue with enabling this by default is that it may
>>(will?) break separate sanitization (which is extremely important
>>feature in practice). If one part of application is sanitized but the
>>other isn't and some poor std::vector is push_back'ed in latter and
>>then accessed in former, we'll get a false positive because push_back
>>wouldn't properly annotate memory.
>
>Good point.
>
>>Perhaps hide this under a compilation flag (disabled by default)?
>
>If you define _GLIBCXX_SANITIZE_STD_ALLOCATOR to 0 the annotations are
>disabled. To make them disabled by default would need some changes, to
>use separate macros for "the std::allocator base class can be
>sanitized" and "the user wants std::vector to be sanitized".
>
>I'll do that before committing.
Here's what I've committed. std::vector<T, std::allocator<T>>
operations are not annotated unless
_GLIBCXX_SANITIZE_VECTOR is defined.
Tested powerpc64le-linux and x86_64-linux, committed to trunk.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch.txt
Type: text/x-patch
Size: 19837 bytes
Desc: not available
URL: <http://gcc.gnu.org/pipermail/gcc-patches/attachments/20170721/08828c71/attachment.bin>
More information about the Gcc-patches
mailing list