Go to file
Vitaly Buka 781ef03e10 [asan] Intercept std::rethrow_exception indirectly
Summary:
Fixes Bug 32434
See https://bugs.llvm.org/show_bug.cgi?id=32434

Short summary:
std::rethrow_exception does not use __cxa_throw to rethrow the exception, so if
it is called from uninstrumented code, it will leave the stack poisoned. This
can lead to false positives.

Long description:

For functions which don't return normally (e.g. via exceptions), asan needs to
unpoison the entire stack. It is not known before a call to such a function
where execution will continue, some function which don't contain cleanup code
like destructors might be skipped. After stack unwinding, execution might
continue in uninstrumented code.

If the stack has been poisoned before such a function is called, but the stack
is unwound during the unconventional return, then zombie redzones (entries) for
no longer existing stack variables can remain in the shadow memory. Normally,
this is avoided by asan generating a call to asan_handle_no_return before all
functions marked as [[noreturn]]. This asan_handle_no_return unpoisons the
entire stack. Since these [[noreturn]] functions can be called from
uninstrumented code, asan also introduces interceptor functions which call
asan_handle_no_return before running the original [[noreturn]] function;
for example, cxa_throw is intercepted.

If a [[noreturn]] function is called from uninstrumented code (so the stack is
left poisoned) and additionally, execution continues in uninstrumented code, new
stack variables might be introduced and overlap with the stack variables
which have been removed during stack unwinding. Since the redzones are not
cleared nor overwritten by uninstrumented code, they remain but now contain
invalid data.

Now, if the redzones are checked against the new stack variables, false
positive reports can occur. This can happen for example by the uninstrumented
code calling an intercepted function such as memcpy, or an instrumented
function.

Intercepting std::rethrow_exception directly is not easily possible since it
depends on the C++ standard library implementation (e.g. libcxx vs libstdc++)
and the mangled name it produces for this function. As a rather simple
workaround, we're intercepting _Unwind_RaiseException for libstdc++. For
libcxxabi, we can intercept the ABI function __cxa_rethrow_primary_exception.

Patch by Robert Schneider.

Reviewers: kcc, eugenis, alekseyshl, vitalybuka

Reviewed By: vitalybuka

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D42644

llvm-svn: 326132
2018-02-26 21:40:19 +00:00
clang Revert "[analyzer] Quickfix: do not overflow in calculating offset in RegionManager" 2018-02-26 21:32:57 +00:00
clang-tools-extra Fix for LLVM r326109 2018-02-26 20:21:30 +00:00
compiler-rt [asan] Intercept std::rethrow_exception indirectly 2018-02-26 21:40:19 +00:00
debuginfo-tests [Darwin] Specify DWARF 2/4 when running apple accelerator tests. 2018-02-26 20:56:45 +00:00
libclc utils: Adapt to llvm r325155 2018-02-23 07:37:03 +00:00
libcxx [libcxx] [test] Fix MSVC warnings and errors. 2018-02-26 20:47:46 +00:00
libcxxabi [demangler] Support for exception specifications on function types. 2018-02-14 01:08:20 +00:00
libunwind [cmake] [libunwind] LLVM_FOUND isn't always set, so just test if 2018-01-27 19:31:44 +00:00
lld Re-land: "[Support] Replace HashString with djbHash." 2018-02-26 15:16:42 +00:00
lldb Partial fix for TestConflictingSymbol.py on Windows 2018-02-26 21:22:39 +00:00
llgo irgen: Create functions instead of global variables for builtin hash and equal algorithms. 2017-06-04 22:11:28 +00:00
llvm [DebugInfo] Remove target-specific instructions in test 2018-02-26 21:21:19 +00:00
openmp [OMPT] Fix parallel_data in implicit barrier-end 2018-02-23 16:46:25 +00:00
parallel-libs [Axccel] Remove -Wno-missing-braces in build 2016-12-19 21:34:07 +00:00
polly isl: "isl_schedule_get_map: handle trees with divergent filter node parameters" 2018-02-26 09:26:41 +00:00
README.md Add an svn project to contain the files that appear at the root of the 2017-10-19 21:09:49 +00:00

README.md

Low Level Virtual Machine (LLVM)

This directory and its subdirectories contain source code for LLVM, a toolkit for the construction of highly optimized compilers, optimizers, and runtime environments.