Issue 6214052: tsan: detect use-after-free

Issue 6214052: tsan: detect use-after-free (Closed)

Can't Edit
Can't Publish+Mail
Start Review

Created:
12 years, 8 months ago by dvyukov

Modified:
12 years, 8 months ago

Reviewers:
kcc1

CC:
llvm-commits_cs.uiuc.edu

Base URL:
https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/tsan/

Visibility:
Public.

Patch Set 1 #

Total comments: 5

Patch Set 2 : refactor freed bit #

Created: 12 years, 8 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+96 lines, -38 lines)			Patch
M	output_tests/free_race.c	View	1	1 chunk	+8 lines, -1 line	0 comments	Download
A	output_tests/free_race2.c	View	1	1 chunk	+26 lines, -0 lines	0 comments	Download
M	rtl/tsan_clock.h	View	1	2 chunks	+2 lines, -2 lines	0 comments	Download
M	rtl/tsan_clock.cc	View	1	1 chunk	+1 line, -1 line	0 comments	Download
M	rtl/tsan_defs.h	View	1	1 chunk	+2 lines, -1 line	0 comments	Download
M	rtl/tsan_report.h	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	rtl/tsan_report.cc	View	1	1 chunk	+2 lines, -0 lines	0 comments	Download
M	rtl/tsan_rtl.h	View	1	4 chunks	+35 lines, -15 lines	0 comments	Download
M	rtl/tsan_rtl.cc	View		2 chunks	+5 lines, -11 lines	0 comments	Download
M	rtl/tsan_rtl_report.cc	View		4 chunks	+14 lines, -7 lines	0 comments	Download

Messages

Total messages: 5

Expand All Messages | Collapse All Messages

kcc1

Great idea! But I don't like to hide the "freed" bit inside TID. can we ...

12 years, 8 months ago (2012-05-17 10:51:27 UTC) #1

dvyukov

On Thu, May 17, 2012 at 2:51 PM, <kcc@google.com> wrote: > Great idea! > But ...

12 years, 8 months ago (2012-05-17 11:01:04 UTC) #2

kcc1

On Thu, May 17, 2012 at 3:01 PM, Dmitry Vyukov <dvyukov@google.com> wrote: > On Thu, ...

12 years, 8 months ago (2012-05-17 11:15:33 UTC) #3

dvyukov

On 2012/05/17 11:15:33, kcc1 wrote: > On Thu, May 17, 2012 at 3:01 PM, Dmitry ...

12 years, 8 months ago (2012-05-17 12:32:12 UTC) #4

On 2012/05/17 11:15:33, kcc1 wrote:
> On Thu, May 17, 2012 at 3:01 PM, Dmitry Vyukov <mailto:dvyukov@google.com>
wrote:
> 
> > On Thu, May 17, 2012 at 2:51 PM, <mailto:kcc@google.com> wrote:
> >
> >> Great idea!
> >> But I don't like to hide the "freed" bit inside TID.
> >> can we make this bit more explicit?
> >>
> >
> > I think yes. I am not very happy with current variant as well.
> >
> >
> >>
> >>
> >> http://codereview.appspot.com/**6214052/diff/1/output_tests/**
> >>
>
free_race2.c<http://codereview.appspot.com/6214052/diff/1/output_tests/free_race2.c>
> >> File output_tests/free_race2.c (right):
> >>
> >> http://codereview.appspot.com/**6214052/diff/1/output_tests/**
> >>
>
free_race2.c#newcode3<http://codereview.appspot.com/6214052/diff/1/output_tests/free_race2.c#newcode3>
> >> output_tests/free_race2.c:3: void foo(int *mem) {
> >> you will need to disable inlining.
> >> This can be done later once we star running all tests with -O2
> >>
> >
> > Do we actually need to run output tests with -finline?
> >
> 
> We need to eventually run tests with -O2 (which implies inlining).
> Our experience with asan shows that O1 and O2 are very different for this
> kind of tools.
> One of the reasons is that GVN (and load widening) is enabled only at O2.
> One option is to run tests with -O2 -fno-inline, but I would prefer to mark
> functions with noinline explicitly.
> 
> --kcc
> 
> 
> > For functions for which it is irrelevant, it it irrelevant.
> > For functions that require no-inline, we will need to add attributes.
> > What's the point?
> > I would prefer to add __attribute__((always_inline)) to inlining tests,
> > if/when we have any. That will be required anyway, otherwise they will fail
> > with -O0.
> >
> >
> >
> >>
> >>
>
http://codereview.appspot.com/**6214052/diff/1/rtl/tsan_clock.**h%3Chttp://co...>
> >> File rtl/tsan_clock.h (right):
> >>
> >> http://codereview.appspot.com/**6214052/diff/1/rtl/tsan_clock.**
> >>
>
h#newcode75<http://codereview.appspot.com/6214052/diff/1/rtl/tsan_clock.h#newcode75>
> >> rtl/tsan_clock.h:75: u64 clk_[kMaxTid * 2];
> >> Maybe we can use another kSomething?
> >>
> >>
>
http://codereview.appspot.com/**6214052/diff/1/rtl/tsan_defs.h%3Chttp://coder...>
> >> File rtl/tsan_defs.h (right):
> >>
> >> http://codereview.appspot.com/**6214052/diff/1/rtl/tsan_defs.**
> >>
>
h#newcode32<http://codereview.appspot.com/6214052/diff/1/rtl/tsan_defs.h#newcode32>
> >> rtl/tsan_defs.h:32: const int kTidBits = 16;
> >> I don't really like this.
> >> Can we have a separate free-ed bit.
> >> It can bit adjacent to tid so that the rest of the logic works.
> >>
> >>
>
http://codereview.appspot.com/**6214052/diff/1/rtl/tsan_**report.cc%3Chttp://...>
> >> File rtl/tsan_report.cc (right):
> >>
> >> http://codereview.appspot.com/**6214052/diff/1/rtl/tsan_**
> >>
>
report.cc#newcode36<http://codereview.appspot.com/6214052/diff/1/rtl/tsan_report.cc#newcode36>
> >> rtl/tsan_report.cc:36: Printf("use after free");
> >> maybe print "heap-use-after-free" to match asan's output?
> >>
> >
> > Will do.
> >
> >
> >
> >>
> >>
>
http://codereview.appspot.com/**6214052/diff/1/rtl/tsan_rtl.h%3Chttp://codere...>
> >> File rtl/tsan_rtl.h (right):
> >>
> >>
>
http://codereview.appspot.com/**6214052/diff/1/rtl/tsan_rtl.h#**newcode94%3Ch...>
> >> rtl/tsan_rtl.h:94: // will race with it.
> >> Too hackish. I'd prefer a separate bit.
> >>
> >>
>
http://codereview.appspot.com/**6214052/%3Chttp://codereview.appspot.com/6214...>
> >>
> >
> > I am thinking how to refactor the bit.

Done. PTAL.

kcc1

12 years, 8 months ago (2012-05-17 13:02:43 UTC) #5

Looks good! 
Please add comments describing this hack and committ.

Expand All Messages | Collapse All Messages