New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSan use-after-destroy does not poison objects with implicit destructors #596

Open
nmusgrave opened this Issue Sep 3, 2015 · 5 comments

Comments

Projects
None yet
5 participants
@nmusgrave

nmusgrave commented Sep 3, 2015

During code generation, no destructor exists to emit a destructor body for, so no members are poisoned. In order to do, a destructor must be generated for this object.

The creation of implicit destructors occurs during semantic analysis (clang/sema/). However, this step has no access to command line options.

Either semantic analysis must have access to the command line options, to check for msan and emit the required destructor, or another approach must be taken.

@eugenis

This comment has been minimized.

Show comment
Hide comment
@eugenis

eugenis Sep 3, 2015

You probably meant with trivial implicit destructors.

eugenis commented Sep 3, 2015

You probably meant with trivial implicit destructors.

@kcc

This comment has been minimized.

Show comment
Hide comment
@kcc

kcc Sep 3, 2015

Contributor

Is there a test case?
Please add one to the test suite (it will fail now) and mention it here.

Contributor

kcc commented Sep 3, 2015

Is there a test case?
Please add one to the test suite (it will fail now) and mention it here.

@eugenis

This comment has been minimized.

Show comment
Hide comment
@eugenis

eugenis Sep 3, 2015

Another possible approach would be to track the place(s) in CodeGen where a destructor call for an object is be emitted, and, if the object has no destructor, call the poisoning function directly.

eugenis commented Sep 3, 2015

Another possible approach would be to track the place(s) in CodeGen where a destructor call for an object is be emitted, and, if the object has no destructor, call the poisoning function directly.

@nmusgrave

This comment has been minimized.

Show comment
Hide comment
@nmusgrave

nmusgrave Sep 5, 2015

Test case in clang/test/CodeGenCXX/sanitize-dtor-generated.cpp fails currently.

nmusgrave commented Sep 5, 2015

Test case in clang/test/CodeGenCXX/sanitize-dtor-generated.cpp fails currently.

llvm-mirror pushed a commit to llvm-mirror/clang that referenced this issue Sep 8, 2015

Naomi Musgrave
Failing test highlighting no poisoning if dtor undeclared.
Summary:
If class or struct has not declared a destructor,
no destructor is emitted, and members are not poisoned
after destruction. This case highlights bug in current
implementation of use-after-dtor poisoning (detailed
in google/sanitizers#596).

Reviewers: eugenis, kcc

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D12616

Only check simplest object for existence of sanitizing callback.

Rename test.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@247025 91177308-0d34-0410-b5e6-96231b3b80d8

chapuni pushed a commit to llvm-project/llvm-project that referenced this issue Sep 8, 2015

Naomi Musgrave
Failing test highlighting no poisoning if dtor undeclared.
Summary:
If class or struct has not declared a destructor,
no destructor is emitted, and members are not poisoned
after destruction. This case highlights bug in current
implementation of use-after-dtor poisoning (detailed
in google/sanitizers#596).

Reviewers: eugenis, kcc

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D12616

Only check simplest object for existence of sanitizing callback.

Rename test.

chapuni pushed a commit to llvm-project/llvm-project-submodule that referenced this issue Sep 8, 2015

Naomi Musgrave
Failing test highlighting no poisoning if dtor undeclared.
Summary:
If class or struct has not declared a destructor,
no destructor is emitted, and members are not poisoned
after destruction. This case highlights bug in current
implementation of use-after-dtor poisoning (detailed
in google/sanitizers#596).

Reviewers: eugenis, kcc

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D12616

Only check simplest object for existence of sanitizing callback.

Rename test.

spurious pushed a commit to spurious/clang-mirror that referenced this issue Sep 8, 2015

nmusgrave
Failing test highlighting no poisoning if dtor undeclared.
Summary:
If class or struct has not declared a destructor,
no destructor is emitted, and members are not poisoned
after destruction. This case highlights bug in current
implementation of use-after-dtor poisoning (detailed
in google/sanitizers#596).

Reviewers: eugenis, kcc

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D12616

Only check simplest object for existence of sanitizing callback.

Rename test.

git-svn-id: http://llvm.org/svn/llvm-project/cfe/trunk@247025 91177308-0d34-0410-b5e6-96231b3b80d8

chapuni pushed a commit to llvm-project/llvm-project that referenced this issue Sep 8, 2015

Naomi Musgrave
Failing test highlighting no poisoning when destructor not declared.
Summary:
When destructor for a class is not declared, no destructor
is emitted, and members are not poisoned. Test case exhibits this
current bug in use-after-dtor implementation (detailed in
google/sanitizers#596).

Reviewers: eugenis, kcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D12617

Rename test files.

chapuni pushed a commit to llvm-project/compiler-rt that referenced this issue Sep 8, 2015

Naomi Musgrave
Failing test highlighting no poisoning when destructor not declared.
Summary:
When destructor for a class is not declared, no destructor
is emitted, and members are not poisoned. Test case exhibits this
current bug in use-after-dtor implementation (detailed in
google/sanitizers#596).

Reviewers: eugenis, kcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D12617

Rename test files.

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@247091 91177308-0d34-0410-b5e6-96231b3b80d8

chapuni pushed a commit to llvm-project/llvm-project-submodule that referenced this issue Sep 8, 2015

Naomi Musgrave
Failing test highlighting no poisoning when destructor not declared.
Summary:
When destructor for a class is not declared, no destructor
is emitted, and members are not poisoned. Test case exhibits this
current bug in use-after-dtor implementation (detailed in
google/sanitizers#596).

Reviewers: eugenis, kcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D12617

Rename test files.

3bueckle pushed a commit to 3bueckle/CS3041 that referenced this issue Oct 12, 2015

nmusgrave
Failing test highlighting no poisoning if dtor undeclared.
Summary:
If class or struct has not declared a destructor,
no destructor is emitted, and members are not poisoned
after destruction. This case highlights bug in current
implementation of use-after-dtor poisoning (detailed
in google/sanitizers#596).

Reviewers: eugenis, kcc

Subscribers: cfe-commits

Differential Revision: http://reviews.llvm.org/D12616

Only check simplest object for existence of sanitizing callback.

Rename test.
@morehouse

This comment has been minimized.

Show comment
Hide comment
@morehouse

morehouse Jun 7, 2018

Member

Do we really want to poison trivially-destructable objects? AFAIK, they are the preferred (safe) way to avoid destruction-order issues among globals.

Among other things, use-after-dtor of trivially-destructable globals is allowed by Google's style guide.

Member

morehouse commented Jun 7, 2018

Do we really want to poison trivially-destructable objects? AFAIK, they are the preferred (safe) way to avoid destruction-order issues among globals.

Among other things, use-after-dtor of trivially-destructable globals is allowed by Google's style guide.

@morehouse morehouse self-assigned this Jun 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment