From 6dc4a6045089adc9ec9efbbc07db25c4a21fc0ff Mon Sep 17 00:00:00 2001 From: Martin Liska Date: Mon, 7 Nov 2016 11:23:38 +0100 Subject: Introduce -fsanitize-address-use-after-scope * c-warn.c (warn_for_unused_label): Save all labels used in goto or in &label. * asan.c (enum asan_check_flags): Move the enum to header file. (asan_init_shadow_ptr_types): Make type creation more generic. (shadow_mem_size): New function. (asan_emit_stack_protection): Use newly added ASAN_SHADOW_GRANULARITY. Rewritten stack unpoisoning code. (build_shadow_mem_access): Add new argument return_address. (instrument_derefs): Instrument local variables if use after scope sanitization is enabled. (asan_store_shadow_bytes): New function. (asan_expand_mark_ifn): Likewise. (asan_sanitize_stack_p): Moved from asan_sanitize_stack_p. * asan.h (enum asan_mark_flags): Moved here from asan.c (asan_protect_stack_decl): Protect all declaration that need to live in memory. (asan_sanitize_use_after_scope): New function. (asan_no_sanitize_address_p): Likewise. * cfgexpand.c (partition_stack_vars): Consider asan_sanitize_use_after_scope in condition. (expand_stack_vars): Likewise. * common.opt (-fsanitize-address-use-after-scope): New option. * doc/invoke.texi (use-after-scope-direct-emission-threshold): Explain the parameter. * flag-types.h (enum sanitize_code): Define SANITIZE_USE_AFTER_SCOPE. * gimplify.c (build_asan_poison_call_expr): New function. (asan_poison_variable): Likewise. (gimplify_bind_expr): Generate poisoning/unpoisoning for local variables that have address taken. (gimplify_decl_expr): Likewise. (gimplify_target_expr): Likewise for C++ temporaries. (sort_by_decl_uid): New function. (gimplify_expr): Unpoison all variables for a label we can jump from outside of a scope. (gimplify_switch_expr): Unpoison variables defined in the switch context. (gimplify_function_tree): Clear asan_poisoned_variables. (asan_poison_variables): New function. (warn_switch_unreachable_r): Handle IFN_ASAN_MARK. * internal-fn.c (expand_ASAN_MARK): New function. * internal-fn.def (ASAN_MARK): Declare. * opts.c (finish_options): Handle -fstack-reuse if -fsanitize-address-use-after-scope is enabled. (common_handle_option): Enable address sanitization if -fsanitize-address-use-after-scope is enabled. * params.def (PARAM_USE_AFTER_SCOPE_DIRECT_EMISSION_THRESHOLD): New parameter. * params.h: Likewise. * sancov.c (pass_sanopt::execute): Handle IFN_ASAN_MARK. * sanitizer.def: Define __asan_poison_stack_memory and __asan_unpoison_stack_memory functions. * asan.c (asan_mark_poison_p): New function. (transform_statements): Handle asan_mark_poison_p calls. * gimple.c (nonfreeing_call_p): Handle IFN_ASAN_MARK. From-SVN: r241896 --- gcc/doc/invoke.texi | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'gcc/doc') diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index 089661b..e0afc269 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -10290,6 +10290,10 @@ is greater or equal to this number, use callbacks instead of inline checks. E.g. to disable inline code use @option{--param asan-instrumentation-with-call-threshold=0}. +@item use-after-scope-direct-emission-threshold +If size of a local variables in bytes is smaller of equal to this number, +direct instruction emission is utilized to poison and unpoison local variables. + @item chkp-max-ctor-size Static constructors generated by Pointer Bounds Checker may become very large and significantly increase compile time at optimization level @@ -10500,6 +10504,7 @@ thread-safe code. Enable AddressSanitizer, a fast memory error detector. Memory access instructions are instrumented to detect out-of-bounds and use-after-free bugs. +The option enables @option{-fsanitize-address-use-after-scope}. See @uref{https://github.com/google/sanitizers/wiki/AddressSanitizer} for more details. The run-time behavior can be influenced using the @env{ASAN_OPTIONS} environment variable. When set to @code{help=1}, @@ -10511,6 +10516,7 @@ The option can't be combined with @option{-fsanitize=thread}. @item -fsanitize=kernel-address @opindex fsanitize=kernel-address Enable AddressSanitizer for Linux kernel. +The option enables @option{-fsanitize-address-use-after-scope}. See @uref{https://github.com/google/kasan/wiki} for more details. @item -fsanitize=thread @@ -10710,8 +10716,8 @@ except for @option{-fsanitize=unreachable} and @option{-fsanitize=return}), @option{-fsanitize=float-cast-overflow}, @option{-fsanitize=float-divide-by-zero}, @option{-fsanitize=bounds-strict}, @option{-fsanitize=kernel-address} and @option{-fsanitize=address}. -For these sanitizers error recovery is turned on by default, except @option{-fsanitize=address}, -for which this feature is experimental. +For these sanitizers error recovery is turned on by default, +except @option{-fsanitize=address}, for which this feature is experimental. @option{-fsanitize-recover=all} and @option{-fno-sanitize-recover=all} is also accepted, the former enables recovery for all sanitizers that support it, the latter disables recovery for all sanitizers that support it. @@ -10733,6 +10739,11 @@ Similarly @option{-fno-sanitize-recover} is equivalent to -fno-sanitize-recover=undefined,float-cast-overflow,float-divide-by-zero,bounds-strict @end smallexample +@item -fsanitize-address-use-after-scope +@opindex fsanitize-address-use-after-scope +Enable sanitization of local variables to detect use-after-scope bugs. +The option sets @option{-fstack-reuse} to @samp{none}. + @item -fsanitize-undefined-trap-on-error @opindex fsanitize-undefined-trap-on-error The @option{-fsanitize-undefined-trap-on-error} option instructs the compiler to -- cgit v1.1