Skip to content

[Support] Bugprone usage of __has_feature(address_sanitizer) in Allocator #83566

Open
@Dinistro

Description

@Dinistro

tl;dr:
llvm/Support/Allocator.h transitively uses __has_feature(address_sanitizer) to decide if it uses __msan_* and __asan_* markers and if it should allocate a red zone. This is very problematic when this header is pulled into an LLVM compilation unit but is also made available through some LLVM template to down-stream users.

Extended bug explanation

We observe an ASAN crash in the following setup:
We build LLVM + MLIR without sanitizers enabled, but have a downstream project that we build with ASAN. Due to relying on MLIR's StorageUniquer, which is a templated implementation in a header, we pull in a copy of BumpPtrAllocatorImpl::Allocate. This function changes behavior, depending on ASAN being enabled or not:

#if LLVM_ADDRESS_SANITIZER_BUILD
// Add trailing bytes as a "red zone" under ASan.
SizeToAllocate += RedZoneSize;
#endif

Additionally, this code contains multiple __msan_* and __asan_* usages.

Unfortunately, other parts of MLIR's StorageUniquer are implemented in a .cpp file, which result in it being compiled without ASAN. This is problematic, due the a non-ASAN build replacing all __msan_* and __asan_* functions with empty macros.

#if __has_feature(address_sanitizer) || defined(__SANITIZE_ADDRESS__)
# define LLVM_ADDRESS_SANITIZER_BUILD 1
#if __has_include(<sanitizer/asan_interface.h>)
# include <sanitizer/asan_interface.h>
#else
// These declarations exist to support ASan with MSVC. If MSVC eventually ships
// asan_interface.h in their headers, then we can remove this.
#ifdef __cplusplus
extern "C" {
#endif
void __asan_poison_memory_region(void const volatile *addr, size_t size);
void __asan_unpoison_memory_region(void const volatile *addr, size_t size);
#ifdef __cplusplus
} // extern "C"
#endif
#endif
#else
# define LLVM_ADDRESS_SANITIZER_BUILD 0
# define __asan_poison_memory_region(p, size)
# define __asan_unpoison_memory_region(p, size)
#endif

Therefore, some of the poison marking is compiled in, while unpoison markings are omitted. This can therefore lead to ASAN violations that are very tricky to hunt down.

CC @ibookstein

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

bugIndicates an unexpected problem or unintended behaviorllvm:supportmlir:coreMLIR Core Infrastructure

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions