[PATCH] Add AddressSanitizer annotations to std::vector

Thu Jul 6 17:23:00 GMT 2017

On 07/05/2017 10:00 PM, Jonathan Wakely wrote:
> This patch adds AddressSanitizer annotations to std::vector, so that
> ASan can detect out-of-bounds accesses to the unused capacity of a
> vector. e.g.
> 
>   std::vector<int> v(2);
>   int* p = v.data();
>   v.pop_back();
>   return p[1];  // ERROR
> 
> This cannot be detected by Debug Mode, but with these annotations ASan
> knows that only v.data()[0] is valid and will give an error.
> 
> The annotations are only enabled for vector<T, std::allocator<T>> and
> only when std::allocator's base class is either malloc_allocator or
> new_allocator. For other allocators the memory might not come from the
> freestore and so isn't tracked by ASan.
> 
> Something similar has been on the google branches for some time:
> https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=207517
> This patch is a complete rewrite from scratch, because the google code
> was not exception safe. If an exception happened while appending
> elements to a vector, so that the size didn't change, the google code
> did not undo the annotation for the increased size. It also didn't
> annotate before deallocating, to mark the unused capacity as valid
> again.
> 
> We can probably do similar annotations for std::deque, so that
> partially filled pages are annotated. I also have a patch for
> shared_ptr so that objects created by make_shared can be marked as
> invalid after they're destroyed.

Could you share your plans on sanitization of other standard containers?
My particular interest is in std::string which I'm working on now.

Also, will you backport the feature to GCC7 and GCC6?

> 	* config/allocator/malloc_allocator_base.h [__SANITIZE_ADDRESS__]
> 	(_GLIBCXX_SANITIZE_STD_ALLOCATOR): Define.
> 	* config/allocator/new_allocator_base.h [__SANITIZE_ADDRESS__]
> 	(_GLIBCXX_SANITIZE_STD_ALLOCATOR): Define.
> 	* include/bits/stl_vector.h [_GLIBCXX_SANITIZE_STD_ALLOCATOR]
> 	(_Vector_impl::_Asan, _Vector_impl::_Asan::_Reinit)
> 	(_Vector_impl::_Asan::_Grow, _GLIBCXX_ASAN_ANNOTATE_REINIT)
> 	(_GLIBCXX_ASAN_ANNOTATE_GROW, _GLIBCXX_ASAN_ANNOTATE_GREW)
> 	(_GLIBCXX_ASAN_ANNOTATE_SHRINK, _GLIBCXX_ASAN_ANNOTATE_BEFORE_DEALLOC):
> 	Define annotation helper types and macros.
> 	(vector::~vector, vector::push_back, vector::pop_back)
> 	(vector::_M_erase_at_end): Add annotations.
> 	* include/bits/vector.tcc (vector::reserve, vector::emplace_back)
> 	(vector::insert, vector::_M_erase, vector::operator=)
> 	(vector::_M_fill_assign, vector::_M_assign_aux)
> 	(vector::_M_insert_rval, vector::_M_emplace_aux)
> 	(vector::_M_insert_aux, vector::_M_realloc_insert)
> 	(vector::_M_fill_insert, vector::_M_default_append)
> 	(vector::_M_shrink_to_fit, vector::_M_range_insert): Annotate.
> 
> Tested x86_64-linux (using -fsanitize=address, with some local patches
> to the testsuite) and powerpc64le-linux.
> 
> I plan to commit this to trunk tomorrow.
> 