[PATCH] D124057: [asan] Enable detect_stack_use_after_return=1 by default

Tue, 19 Apr 2022 18:36:45 -0700 

vitalybuka created this revision.
vitalybuka added reviewers: eugenis, kda.
Herald added a project: All.
vitalybuka requested review of this revision.
Herald added projects: clang, Sanitizers, LLVM.
Herald added subscribers: llvm-commits, Sanitizers, cfe-commits.

By default -fsanitize=address already compiles with this check,
why not use it. For compartiliby it can be disabled with env 
ASAN_OPTIONS=detect_stack_use_after_return=0.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D124057

Files:
  clang/docs/AddressSanitizer.rst
  compiler-rt/lib/asan/asan_flags.inc
  compiler-rt/lib/asan/tests/asan_interface_test.cpp
  compiler-rt/test/asan/TestCases/Posix/gc-test.cpp
  compiler-rt/test/asan/TestCases/Posix/stack-use-after-return.cpp
  compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp
  compiler-rt/test/asan/TestCases/Windows/stack_use_after_return.cpp
  compiler-rt/test/asan/TestCases/alloca_loop_unpoisoning.cpp
  compiler-rt/test/asan/TestCases/contiguous_container.cpp
  compiler-rt/test/asan/TestCases/handle_noreturn_bug.cpp
  compiler-rt/test/asan/TestCases/heavy_uar_test.cpp
  compiler-rt/test/asan/TestCases/intercept-rethrow-exception.cpp
  compiler-rt/test/asan/TestCases/invalid-pointer-pairs-subtract-success.cpp
  llvm/include/llvm/Transforms/Instrumentation/AddressSanitizerOptions.h


Index: llvm/include/llvm/Transforms/Instrumentation/AddressSanitizerOptions.h
===================================================================
--- llvm/include/llvm/Transforms/Instrumentation/AddressSanitizerOptions.h
+++ llvm/include/llvm/Transforms/Instrumentation/AddressSanitizerOptions.h
@@ -22,8 +22,8 @@
 /// Mode of ASan detect stack use after return
 enum class AsanDetectStackUseAfterReturnMode {
   Never,   ///< Never detect stack use after return.
-  Runtime, ///< Detect stack use after return if runtime flag is enabled
-           ///< (ASAN_OPTIONS=detect_stack_use_after_return=1)
+  Runtime, ///< Detect stack use after return if not disabled runtime with
+           ///< (ASAN_OPTIONS=detect_stack_use_after_return=0).
   Always,  ///< Always detect stack use after return.
   Invalid, ///< Not a valid detect mode.
 };
Index: compiler-rt/test/asan/TestCases/invalid-pointer-pairs-subtract-success.cpp
===================================================================
--- compiler-rt/test/asan/TestCases/invalid-pointer-pairs-subtract-success.cpp
+++ compiler-rt/test/asan/TestCases/invalid-pointer-pairs-subtract-success.cpp
@@ -1,7 +1,7 @@
 // RUN: %clangxx_asan -O0 %s -o %t -mllvm -asan-detect-invalid-pointer-pair
 
 // RUN: %env_asan_opts=detect_invalid_pointer_pairs=2 %run %t
-// RUN: %env_asan_opts=detect_invalid_pointer_pairs=2,detect_stack_use_after_return=1 %run %t
+// RUN: %env_asan_opts=detect_invalid_pointer_pairs=2,detect_stack_use_after_return=0 %run %t
 
 #include <assert.h>
 #include <stdlib.h>
Index: compiler-rt/test/asan/TestCases/intercept-rethrow-exception.cpp
===================================================================
--- compiler-rt/test/asan/TestCases/intercept-rethrow-exception.cpp
+++ compiler-rt/test/asan/TestCases/intercept-rethrow-exception.cpp
@@ -4,7 +4,7 @@
 // REQUIRES: shared_cxxabi
 
 // RUN: %clangxx_asan -fexceptions -O0 %s -o %t
-// RUN: %run %t
+// RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t
 
 // The current implementation of this functionality requires special
 // combination of libraries that are not used by default on NetBSD
Index: compiler-rt/test/asan/TestCases/heavy_uar_test.cpp
===================================================================
--- compiler-rt/test/asan/TestCases/heavy_uar_test.cpp
+++ compiler-rt/test/asan/TestCases/heavy_uar_test.cpp
@@ -1,5 +1,7 @@
-// RUN: %clangxx_asan -O0 %s -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
-// RUN: %clangxx_asan -O2 %s -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
 // RUN: %clangxx_asan -O0 %s -o %t -fsanitize-address-use-after-return=always && not %run %t 2>&1 | FileCheck %s
 // RUN: %clangxx_asan -O2 %s -o %t -fsanitize-address-use-after-return=always && not %run %t 2>&1 | FileCheck %s
 // XFAIL: windows-msvc
Index: compiler-rt/test/asan/TestCases/handle_noreturn_bug.cpp
===================================================================
--- compiler-rt/test/asan/TestCases/handle_noreturn_bug.cpp
+++ compiler-rt/test/asan/TestCases/handle_noreturn_bug.cpp
@@ -1,9 +1,9 @@
 // Regression test: __asan_handle_no_return should unpoison stack even with poison_heap=0.
 // Fails with debug checks: https://bugs.llvm.org/show_bug.cgi?id=46862
 // XFAIL: !compiler-rt-optimized
-// RUN: %clangxx_asan -O0 %s -o %t && \
-// RUN: %env_asan_opts=poison_heap=1 %run %t && \
-// RUN: %env_asan_opts=poison_heap=0 %run %t
+// RUN: %clangxx_asan -O0 %s -o %t
+// RUN: %env_asan_opts=detect_stack_use_after_return=0:poison_heap=1 %run %t
+// RUN: %env_asan_opts=detect_stack_use_after_return=0:poison_heap=0 %run %t
 
 #include <sanitizer/asan_interface.h>
 
Index: compiler-rt/test/asan/TestCases/contiguous_container.cpp
===================================================================
--- compiler-rt/test/asan/TestCases/contiguous_container.cpp
+++ compiler-rt/test/asan/TestCases/contiguous_container.cpp
@@ -1,4 +1,4 @@
-// RUN: %clangxx_asan -fexceptions -O %s -o %t && %run %t
+// RUN: %clangxx_asan -fexceptions -O %s -o %t && %env_asan_opts=detect_stack_use_after_return=0 %run %t
 //
 // Test __sanitizer_annotate_contiguous_container.
 
Index: compiler-rt/test/asan/TestCases/alloca_loop_unpoisoning.cpp
===================================================================
--- compiler-rt/test/asan/TestCases/alloca_loop_unpoisoning.cpp
+++ compiler-rt/test/asan/TestCases/alloca_loop_unpoisoning.cpp
@@ -1,5 +1,5 @@
 // RUN: %clangxx_asan -O0 -mllvm -asan-instrument-dynamic-allocas %s -o %t
-// RUN: %run %t 2>&1
+// RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t 2>&1
 //
 // REQUIRES: stable-runtime
 
Index: compiler-rt/test/asan/TestCases/Windows/stack_use_after_return.cpp
===================================================================
--- compiler-rt/test/asan/TestCases/Windows/stack_use_after_return.cpp
+++ compiler-rt/test/asan/TestCases/Windows/stack_use_after_return.cpp
@@ -1,5 +1,6 @@
 // RUN: %clang_cl_asan -Od %s -Fe%t
 // RUN: %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
+// RUN: not %run %t 2>&1 | FileCheck %s
 // RUN: %clang_cl_asan -Od %s -Fe%t -fsanitize-address-use-after-return=always
 // RUN: not %run %t 2>&1 | FileCheck %s
 
Index: compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp
===================================================================
--- compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp
+++ compiler-rt/test/asan/TestCases/Posix/unpoison-alternate-stack.cpp
@@ -4,7 +4,7 @@
 // Don't optimize, otherwise the variables which create redzones might be
 // dropped.
 // RUN: %clangxx_asan -fexceptions -O0 %s -o %t -pthread
-// RUN: %run %t
+// RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t
 
 #include <algorithm>
 #include <cassert>
Index: compiler-rt/test/asan/TestCases/Posix/stack-use-after-return.cpp
===================================================================
--- compiler-rt/test/asan/TestCases/Posix/stack-use-after-return.cpp
+++ compiler-rt/test/asan/TestCases/Posix/stack-use-after-return.cpp
@@ -2,6 +2,7 @@
 // RUN: %clangxx_asan  -O1 %s -pthread -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
 // RUN: %clangxx_asan  -O2 %s -pthread -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
 // RUN: %clangxx_asan  -O3 %s -pthread -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s
+// RUN: not %run %t 2>&1 | FileCheck %s
 // RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t
 // RUN: %clangxx_asan  -O0 %s -pthread -o %t -fsanitize-address-use-after-return=always && not %run %t 2>&1 | FileCheck %s
 // RUN: %clangxx_asan  -O1 %s -pthread -o %t -fsanitize-address-use-after-return=always && not %run %t 2>&1 | FileCheck %s
Index: compiler-rt/test/asan/TestCases/Posix/gc-test.cpp
===================================================================
--- compiler-rt/test/asan/TestCases/Posix/gc-test.cpp
+++ compiler-rt/test/asan/TestCases/Posix/gc-test.cpp
@@ -1,9 +1,11 @@
 // RUN: %clangxx_asan %s -pthread -o %t
 // RUN: %env_asan_opts=detect_stack_use_after_return=1 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1
 // RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK0
+// RUN: %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1
 // RUN: %clangxx_asan -O3 %s -pthread -o %t
 // RUN: %env_asan_opts=detect_stack_use_after_return=1 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1
 // RUN: %env_asan_opts=detect_stack_use_after_return=0 %run %t 2>&1 | FileCheck %s --check-prefix=CHECK0
+// RUN: %run %t 2>&1 | FileCheck %s --check-prefix=CHECK1
 // REQUIRES: stable-runtime
 
 #include <assert.h>
Index: compiler-rt/lib/asan/tests/asan_interface_test.cpp
===================================================================
--- compiler-rt/lib/asan/tests/asan_interface_test.cpp
+++ compiler-rt/lib/asan/tests/asan_interface_test.cpp
@@ -413,6 +413,9 @@
   __asan_poison_memory_region(array, sizeof(array));
   BAD_ACCESS(array, 20);
   __asan_handle_no_return();
+  // Fake stack does not need to be unpoisoned.
+  if (__asan_get_current_fake_stack())
+    return;
   // It unpoisons the whole thread stack.
   GOOD_ACCESS(array, 20);
 }
Index: compiler-rt/lib/asan/asan_flags.inc
===================================================================
--- compiler-rt/lib/asan/asan_flags.inc
+++ compiler-rt/lib/asan/asan_flags.inc
@@ -49,7 +49,7 @@
     "to find more errors.")
 ASAN_FLAG(bool, replace_intrin, true,
           "If set, uses custom wrappers for memset/memcpy/memmove intrinsics.")
-ASAN_FLAG(bool, detect_stack_use_after_return, false,
+ASAN_FLAG(bool, detect_stack_use_after_return, true,
           "Enables stack-use-after-return checking at run-time.")
 ASAN_FLAG(int, min_uar_stack_size_log, 16, // We can't do smaller anyway.
           "Minimum fake stack size log.")
Index: clang/docs/AddressSanitizer.rst
===================================================================
--- clang/docs/AddressSanitizer.rst
+++ clang/docs/AddressSanitizer.rst
@@ -15,7 +15,7 @@
 * Out-of-bounds accesses to heap, stack and globals
 * Use-after-free
 * Use-after-return (clang flag ``-fsanitize-address-use-after-return=(never|runtime|always)`` default: ``runtime``)
-    * Enable ``runtime`` with: ``ASAN_OPTIONS=detect_stack_use_after_return=1``
+    * Disable ``runtime`` with: ``ASAN_OPTIONS=detect_stack_use_after_return=0``
 * Use-after-scope (clang flag ``-fsanitize-address-use-after-scope``)
 * Double-free, invalid free
 * Memory leaks (experimental)
@@ -143,8 +143,8 @@
 AddressSanitizer can optionally detect stack use after return problems.
 This is available by default, or explicitly
 (``-fsanitize-address-use-after-return=runtime``).
-To enable this check at runtime, set the environment variable
-``ASAN_OPTIONS=detect_stack_use_after_return=1``.
+To disable this check at runtime, set the environment variable
+``ASAN_OPTIONS=detect_stack_use_after_return=0``.
 
 Enabling this check (``-fsanitize-address-use-after-return=always``) will
 reduce code size.  The code size may be reduced further by completely
@@ -152,8 +152,8 @@
 
 To summarize: ``-fsanitize-address-use-after-return=<mode>``
   * ``never``: Completely disables detection of UAR errors (reduces code size).
-  * ``runtime``: Adds the code for detection, but must be enabled via the
-    runtime environment (``ASAN_OPTIONS=detect_stack_use_after_return=1``).
+  * ``runtime``: Adds the code for detection, but it can be disable via the
+    runtime environment (``ASAN_OPTIONS=detect_stack_use_after_return=0``).
   * ``always``: Enables detection of UAR errors in all cases. (reduces code
     size, but not as much as ``never``).
 

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to