- Revision
- 225320
- Author
- jfbast...@apple.com
- Date
- 2017-11-29 23:53:21 -0800 (Wed, 29 Nov 2017)
Log Message
WTF / bmalloc: don't write to 0xbbadbeef when ASAN is looking
https://bugs.webkit.org/show_bug.cgi?id=180175
Reviewed by Mark Lam.
ASAN knows that 0xbbadbeef is a bbad aaddress, and tells us so
when we write to it, say in an assert. That creates bbad error
reports where ASAN thinks we write to an invalid address, instead
of thinking that we hit an assertion. In some cases, tooling that
use fuzzers aggregate similar issues, and think that we just have
the one bug and not a bunch of different asserts.
Source/bmalloc:
At the same time, bmalloc's version of CRASH just writes to
0xbbadbeef and assumes that's invalid and will crash, which isn't
necessarily true on non-Mac platforms. WTF's version then makes
sure there's a crash, so bmalloc should do the same.
* bmalloc.xcodeproj/project.pbxproj:
* bmalloc/BAssert.h:
* bmalloc/BCompiler.h: Added.
* bmalloc/BPlatform.h:
Source/WTF:
* wtf/Assertions.cpp:
* wtf/Assertions.h:
Modified Paths
Added Paths
Diff
Modified: trunk/Source/WTF/ChangeLog (225319 => 225320)
--- trunk/Source/WTF/ChangeLog 2017-11-30 07:45:55 UTC (rev 225319)
+++ trunk/Source/WTF/ChangeLog 2017-11-30 07:53:21 UTC (rev 225320)
@@ -1,3 +1,20 @@
+2017-11-29 JF Bastien <jfbast...@apple.com>
+
+ WTF / bmalloc: don't write to 0xbbadbeef when ASAN is looking
+ https://bugs.webkit.org/show_bug.cgi?id=180175
+
+ Reviewed by Mark Lam.
+
+ ASAN knows that 0xbbadbeef is a bbad aaddress, and tells us so
+ when we write to it, say in an assert. That creates bbad error
+ reports where ASAN thinks we write to an invalid address, instead
+ of thinking that we hit an assertion. In some cases, tooling that
+ use fuzzers aggregate similar issues, and think that we just have
+ the one bug and not a bunch of different asserts.
+
+ * wtf/Assertions.cpp:
+ * wtf/Assertions.h:
+
2017-11-29 Filip Pizlo <fpi...@apple.com>
GC should support isoheaps
Modified: trunk/Source/WTF/wtf/Assertions.cpp (225319 => 225320)
--- trunk/Source/WTF/wtf/Assertions.cpp 2017-11-30 07:45:55 UTC (rev 225319)
+++ trunk/Source/WTF/wtf/Assertions.cpp 2017-11-30 07:53:21 UTC (rev 225320)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2003, 2006, 2007, 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2003-2017 Apple Inc. All rights reserved.
* Copyright (C) 2007-2009 Torch Mobile, Inc.
* Copyright (C) 2011 University of Szeged. All rights reserved.
*
@@ -267,6 +267,9 @@
globalHook();
WTFReportBacktrace();
+#if ASAN_ENABLED
+ __builtin_trap();
+#else
*(int *)(uintptr_t)0xbbadbeef = 0;
// More reliable, but doesn't say BBADBEEF.
#if COMPILER(GCC_OR_CLANG)
@@ -273,7 +276,8 @@
__builtin_trap();
#else
((void(*)())0)();
-#endif
+#endif // COMPILER(GCC_OR_CLANG)
+#endif // ASAN_ENABLED
}
#else
// We need to keep WTFCrash() around (even on non-debug OS(DARWIN) builds) as a workaround
Modified: trunk/Source/WTF/wtf/Assertions.h (225319 => 225320)
--- trunk/Source/WTF/wtf/Assertions.h 2017-11-30 07:45:55 UTC (rev 225319)
+++ trunk/Source/WTF/wtf/Assertions.h 2017-11-30 07:53:21 UTC (rev 225320)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2003, 2006, 2007, 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2003-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -206,7 +206,9 @@
WTF_EXPORT_PRIVATE bool WTFIsDebuggerAttached();
-#if CPU(X86_64) || CPU(X86)
+#if ASAN_ENABLED
+#define WTFBreakpointTrap() __builtin_trap()
+#elif CPU(X86_64) || CPU(X86)
#define WTFBreakpointTrap() __asm__ volatile ("int3")
#elif CPU(ARM_THUMB2)
#define WTFBreakpointTrap() __asm__ volatile ("bkpt #0")
Modified: trunk/Source/bmalloc/ChangeLog (225319 => 225320)
--- trunk/Source/bmalloc/ChangeLog 2017-11-30 07:45:55 UTC (rev 225319)
+++ trunk/Source/bmalloc/ChangeLog 2017-11-30 07:53:21 UTC (rev 225320)
@@ -1,3 +1,27 @@
+2017-11-29 JF Bastien <jfbast...@apple.com>
+
+ WTF / bmalloc: don't write to 0xbbadbeef when ASAN is looking
+ https://bugs.webkit.org/show_bug.cgi?id=180175
+
+ Reviewed by Mark Lam.
+
+ ASAN knows that 0xbbadbeef is a bbad aaddress, and tells us so
+ when we write to it, say in an assert. That creates bbad error
+ reports where ASAN thinks we write to an invalid address, instead
+ of thinking that we hit an assertion. In some cases, tooling that
+ use fuzzers aggregate similar issues, and think that we just have
+ the one bug and not a bunch of different asserts.
+
+ At the same time, bmalloc's version of CRASH just writes to
+ 0xbbadbeef and assumes that's invalid and will crash, which isn't
+ necessarily true on non-Mac platforms. WTF's version then makes
+ sure there's a crash, so bmalloc should do the same.
+
+ * bmalloc.xcodeproj/project.pbxproj:
+ * bmalloc/BAssert.h:
+ * bmalloc/BCompiler.h: Added.
+ * bmalloc/BPlatform.h:
+
2017-11-27 Filip Pizlo <fpi...@apple.com>
Don't crash in forEachEntry when DebugHeap is enabled.
Modified: trunk/Source/bmalloc/bmalloc/BAssert.h (225319 => 225320)
--- trunk/Source/bmalloc/bmalloc/BAssert.h 2017-11-30 07:45:55 UTC (rev 225319)
+++ trunk/Source/bmalloc/bmalloc/BAssert.h 2017-11-30 07:53:21 UTC (rev 225320)
@@ -34,7 +34,9 @@
#if defined(NDEBUG) && BOS(DARWIN)
-#if BCPU(X86_64) || BCPU(X86)
+#if BASAN_ENABLED
+#define BBreakpointTrap() __builtin_trap()
+#elif BCPU(X86_64) || BCPU(X86)
#define BBreakpointTrap() __asm__ volatile ("int3")
#elif BCPU(ARM_THUMB2)
#define BBreakpointTrap() __asm__ volatile ("bkpt #0")
@@ -54,9 +56,22 @@
#else // not defined(NDEBUG) && BOS(DARWIN)
+#if BASAN_ENABLED
+#define BCRASH() __builtin_trap()
+#else
+
+#if defined(__GNUC__) // GCC or Clang
#define BCRASH() do { \
*(int*)0xbbadbeef = 0; \
+ __builtin_trap(); \
} while (0)
+#else
+#define BCRASH() do { \
+ *(int*)0xbbadbeef = 0; \
+ ((void(*)())0)(); \
+} while (0)
+#endif // defined(__GNUC__)
+#endif // BASAN_ENABLED
#endif // defined(NDEBUG) && BOS(DARWIN)
Added: trunk/Source/bmalloc/bmalloc/BCompiler.h (0 => 225320)
--- trunk/Source/bmalloc/bmalloc/BCompiler.h (rev 0)
+++ trunk/Source/bmalloc/bmalloc/BCompiler.h 2017-11-30 07:53:21 UTC (rev 225320)
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+/* BCOMPILER_HAS_CLANG_FEATURE() - whether the compiler supports a particular language or library feature. */
+/* http://clang.llvm.org/docs/LanguageExtensions.html#has-feature-and-has-extension */
+#ifdef __has_feature
+#define BCOMPILER_HAS_CLANG_FEATURE(x) __has_feature(x)
+#else
+#define BCOMPILER_HAS_CLANG_FEATURE(x) 0
+#endif
+
+#define BASAN_ENABLED BCOMPILER_HAS_CLANG_FEATURE(address_sanitizer)
+
Modified: trunk/Source/bmalloc/bmalloc/BPlatform.h (225319 => 225320)
--- trunk/Source/bmalloc/bmalloc/BPlatform.h 2017-11-30 07:45:55 UTC (rev 225319)
+++ trunk/Source/bmalloc/bmalloc/BPlatform.h 2017-11-30 07:53:21 UTC (rev 225320)
@@ -25,6 +25,8 @@
#pragma once
+#include "BCompiler.h"
+
#ifdef __APPLE__
#include <Availability.h>
#include <AvailabilityMacros.h>
Modified: trunk/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj (225319 => 225320)
--- trunk/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj 2017-11-30 07:45:55 UTC (rev 225319)
+++ trunk/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj 2017-11-30 07:53:21 UTC (rev 225320)
@@ -133,6 +133,7 @@
4426E2831C839547008EB042 /* BSoftLinking.h in Headers */ = {isa = PBXBuildFile; fileRef = 4426E2821C839547008EB042 /* BSoftLinking.h */; };
6599C5CC1EC3F15900A2F7BB /* AvailableMemory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 6599C5CA1EC3F15900A2F7BB /* AvailableMemory.cpp */; };
6599C5CD1EC3F15900A2F7BB /* AvailableMemory.h in Headers */ = {isa = PBXBuildFile; fileRef = 6599C5CB1EC3F15900A2F7BB /* AvailableMemory.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ AD0934331FCF406D00E85EB5 /* BCompiler.h in Headers */ = {isa = PBXBuildFile; fileRef = AD0934321FCF405000E85EB5 /* BCompiler.h */; settings = {ATTRIBUTES = (Private, ); }; };
/* End PBXBuildFile section */
/* Begin PBXContainerItemProxy section */
@@ -289,6 +290,7 @@
4426E2821C839547008EB042 /* BSoftLinking.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = BSoftLinking.h; path = bmalloc/darwin/BSoftLinking.h; sourceTree = "<group>"; };
6599C5CA1EC3F15900A2F7BB /* AvailableMemory.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = AvailableMemory.cpp; path = bmalloc/AvailableMemory.cpp; sourceTree = "<group>"; };
6599C5CB1EC3F15900A2F7BB /* AvailableMemory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AvailableMemory.h; path = bmalloc/AvailableMemory.h; sourceTree = "<group>"; };
+ AD0934321FCF405000E85EB5 /* BCompiler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = BCompiler.h; path = bmalloc/BCompiler.h; sourceTree = "<group>"; };
/* End PBXFileReference section */
/* Begin PBXFrameworksBuildPhase section */
@@ -495,18 +497,19 @@
14D9DB4F17F2868900EAAB79 /* stdlib */ = {
isa = PBXGroup;
children = (
- 4408F2961C9896C40012EC64 /* darwin */,
1421A87718EE462A00B4DD68 /* Algorithm.h */,
6599C5CA1EC3F15900A2F7BB /* AvailableMemory.cpp */,
6599C5CB1EC3F15900A2F7BB /* AvailableMemory.h */,
1413E468189EEDE400546D68 /* BAssert.h */,
+ AD0934321FCF405000E85EB5 /* BCompiler.h */,
0F5BF1721F23C5710029D91D /* BExport.h */,
1413E460189DCE1E00546D68 /* BInline.h */,
+ 0F7EB84A1F9541C600F1ABCB /* Bits.h */,
0F7EB84B1F9541C600F1ABCB /* BMalloced.h */,
14C919C818FCC59F0028DB43 /* BPlatform.h */,
- 0F7EB84A1F9541C600F1ABCB /* Bits.h */,
0F74B93D1F89713E00B935D3 /* CryptoRandom.cpp */,
0F74B93C1F89713E00B935D3 /* CryptoRandom.h */,
+ 4408F2961C9896C40012EC64 /* darwin */,
14D9DB4517F2447100EAAB79 /* FixedVector.h */,
0FD557321F7EDB7B00B1F0A3 /* HeapKind.cpp */,
0F5BF1461F22A8B10029D91D /* HeapKind.h */,
@@ -621,6 +624,7 @@
0F7EB8391F9541B000F1ABCB /* DeferredTrigger.h in Headers */,
14DD789018F48CEB00950702 /* Sizes.h in Headers */,
0F7EB8411F9541B000F1ABCB /* IsoConfig.h in Headers */,
+ AD0934331FCF406D00E85EB5 /* BCompiler.h in Headers */,
0F7EB8311F9541B000F1ABCB /* IsoPageInlines.h in Headers */,
14DD78BC18F48D6B00950702 /* SmallLine.h in Headers */,
0F7EB82B1F9541B000F1ABCB /* IsoPageTrigger.h in Headers */,
