[
https://issues.apache.org/jira/browse/DISPATCH-2039?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17324431#comment-17324431
]
ASF GitHub Bot commented on DISPATCH-2039:
------------------------------------------
jiridanek opened a new pull request #1135:
URL: https://github.com/apache/qpid-dispatch/pull/1135
This is an alternative approach compared to #1118. From looking at the
(many) errors it produces, it is just as well able to reveal issues
* https://issues.apache.org/jira/browse/DISPATCH-2045
qd_hash_internal_remove_item writes to freed (pooled) memory on router shutdown
* https://issues.apache.org/jira/browse/DISPATCH-2056 AddressSanitizer:
use-after-poison in qdr_connection_set_context during system_tests_http2
It is able to also find the following, that's why I had to put the
no_sanitize attribute there
* https://issues.apache.org/jira/browse/DISPATCH-2060 use-after free in
qd_alloc_deref_safe_ptr if a pool item has been freed due to global_free_list
size limit
The stacktraces produced from malloc/free are much nicer than the ones from
poisoning. The poisoning report is bare-bones, whereas with malloc/free
1. there is a stacktrace for the free call
2. the allocation stack trace is related to this particular use of the pool
item, not simply the trace from when the item was first allocated if now it is
being reused
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Memory pool should be manually poisoned so that ASAN works with it
> ------------------------------------------------------------------
>
> Key: DISPATCH-2039
> URL: https://issues.apache.org/jira/browse/DISPATCH-2039
> Project: Qpid Dispatch
> Issue Type: Wish
> Affects Versions: 1.15.0
> Reporter: Jiri Daněk
> Priority: Minor
>
> From https://github.com/google/sanitizers/wiki/AddressSanitizerManualPoisoning
> bq. A user may poison/unpoison a region of memory manually. Use this feature
> with caution. In many cases good old malloc+free is a better way to find heap
> bugs than using custom allocators with manual poisoning.
> As far as I can tell, it is nowadays not possible to turn off the pool
> allocation and use malloc/free, because the pool mechanism also implements
> the weak pointers and ref counters. That means giving hints to ASAN is the
> only way to discover memory bugs of the type (if what Chuck speculated is
> true) of DISPATCH-2032.
> bq. If you have a custom allocation arena, the typical workflow would be to
> poison the entire arena first, and then unpoison allocated chunks of memory
> leaving poisoned redzones between them. The allocated chunks should start
> with 8-aligned addresses.
> Alternatively, the current memory debugging machinery for the pool could take
> care of it on its own... but using ASAN seems sensible to me.
> http://blog.hostilefork.com/poison-memory-without-asan/
> h3. Nice to have extra features (which won't be implemented at first)
> * redzones, there should be chunks of poison on either end of a returned
> memory, to detect invalid accesses out of bounds; this means deliberate waste
> of memory (I am thinking 3x increase, to make implementation easy)
> * quarantine, returned chunks should be kept in the pool for some time before
> they are returned as new allocations, to catch use-after-free; this policy
> goes against performance considerations
> h3. Open issues
> Is it necessary to lock around the poison macros? I did not understand the
> thread safety note in API comment fully.
> h3. One thought
> Actually, setting a limit on free_list length == 0 would effectively disable
> pool and turn the calls into simple wrappers over malloc/free. It would be
> enough to make this configurable at build time. Then asan should work just
> fine without poison.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
