LLDB mainline
InstrumentationRuntimeASan.cpp
Go to the documentation of this file.
1//===-- InstrumentationRuntimeASan.cpp ------------------------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8
10
12#include "lldb/Core/Debugger.h"
13#include "lldb/Core/Module.h"
20#include "lldb/Symbol/Symbol.h"
23#include "lldb/Target/Target.h"
24#include "lldb/Target/Thread.h"
26#include "lldb/Utility/Stream.h"
27
28#include "llvm/ADT/StringSwitch.h"
29
30using namespace lldb;
31using namespace lldb_private;
32
34
35lldb::InstrumentationRuntimeSP
36InstrumentationRuntimeASan::CreateInstance(const lldb::ProcessSP &process_sp) {
37 return InstrumentationRuntimeSP(new InstrumentationRuntimeASan(process_sp));
38}
39
42 GetPluginNameStatic(), "AddressSanitizer instrumentation runtime plugin.",
44}
45
48}
49
52}
53
55
58 // FIXME: This shouldn't include the "dylib" suffix.
59 static RegularExpression regex(
60 llvm::StringRef("libclang_rt.asan_(.*)_dynamic\\.dylib"));
61 return regex;
62}
63
65 const lldb::ModuleSP module_sp) {
66 const Symbol *symbol = module_sp->FindFirstSymbolWithNameAndType(
67 ConstString("__asan_get_alloc_stack"), lldb::eSymbolTypeAny);
68
69 return symbol != nullptr;
70}
71
73extern "C"
74{
75int __asan_report_present();
76void *__asan_get_report_pc();
77void *__asan_get_report_bp();
78void *__asan_get_report_sp();
79void *__asan_get_report_address();
80const char *__asan_get_report_description();
81int __asan_get_report_access_type();
82size_t __asan_get_report_access_size();
83}
84)";
85
87struct {
88 int present;
89 int access_type;
90 void *pc;
91 void *bp;
92 void *sp;
93 void *address;
94 size_t access_size;
95 const char *description;
96} t;
97
98t.present = __asan_report_present();
99t.access_type = __asan_get_report_access_type();
100t.pc = __asan_get_report_pc();
101t.bp = __asan_get_report_bp();
102t.sp = __asan_get_report_sp();
103t.address = __asan_get_report_address();
104t.access_size = __asan_get_report_access_size();
105t.description = __asan_get_report_description();
106t
107)";
108
110 ProcessSP process_sp = GetProcessSP();
111 if (!process_sp)
113
114 ThreadSP thread_sp =
115 process_sp->GetThreadList().GetExpressionExecutionThread();
116 StackFrameSP frame_sp = thread_sp->GetSelectedFrame();
117
118 if (!frame_sp)
120
122 options.SetUnwindOnError(true);
123 options.SetTryAllThreads(true);
124 options.SetStopOthers(true);
125 options.SetIgnoreBreakpoints(true);
126 options.SetTimeout(process_sp->GetUtilityExpressionTimeout());
128 options.SetAutoApplyFixIts(false);
130
131 ValueObjectSP return_value_sp;
132 ExecutionContext exe_ctx;
133 Status eval_error;
134 frame_sp->CalculateExecutionContext(exe_ctx);
137 return_value_sp, eval_error);
138 if (result != eExpressionCompleted) {
139 StreamString ss;
140 ss << "cannot evaluate AddressSanitizer expression:\n";
141 ss << eval_error.AsCString();
143 process_sp->GetTarget().GetDebugger().GetID());
145 }
146
147 int present = return_value_sp->GetValueForExpressionPath(".present")
148 ->GetValueAsUnsigned(0);
149 if (present != 1)
151
152 addr_t pc =
153 return_value_sp->GetValueForExpressionPath(".pc")->GetValueAsUnsigned(0);
154 /* commented out because rdar://problem/18533301
155 addr_t bp =
156 return_value_sp->GetValueForExpressionPath(".bp")->GetValueAsUnsigned(0);
157 addr_t sp =
158 return_value_sp->GetValueForExpressionPath(".sp")->GetValueAsUnsigned(0);
159 */
160 addr_t address = return_value_sp->GetValueForExpressionPath(".address")
161 ->GetValueAsUnsigned(0);
162 addr_t access_type =
163 return_value_sp->GetValueForExpressionPath(".access_type")
164 ->GetValueAsUnsigned(0);
165 addr_t access_size =
166 return_value_sp->GetValueForExpressionPath(".access_size")
167 ->GetValueAsUnsigned(0);
168 addr_t description_ptr =
169 return_value_sp->GetValueForExpressionPath(".description")
170 ->GetValueAsUnsigned(0);
171 std::string description;
173 process_sp->ReadCStringFromMemory(description_ptr, description, error);
174
176 dict->AddStringItem("instrumentation_class", "AddressSanitizer");
177 dict->AddStringItem("stop_type", "fatal_error");
178 dict->AddIntegerItem("pc", pc);
179 /* commented out because rdar://problem/18533301
180 dict->AddIntegerItem("bp", bp);
181 dict->AddIntegerItem("sp", sp);
182 */
183 dict->AddIntegerItem("address", address);
184 dict->AddIntegerItem("access_type", access_type);
185 dict->AddIntegerItem("access_size", access_size);
186 dict->AddStringItem("description", description);
187
188 return StructuredData::ObjectSP(dict);
189}
190
191std::string
193 std::string description = std::string(report->GetAsDictionary()
194 ->GetValueForKey("description")
195 ->GetAsString()
196 ->GetValue());
197 return llvm::StringSwitch<std::string>(description)
198 .Case("heap-use-after-free", "Use of deallocated memory")
199 .Case("heap-buffer-overflow", "Heap buffer overflow")
200 .Case("stack-buffer-underflow", "Stack buffer underflow")
201 .Case("initialization-order-fiasco", "Initialization order problem")
202 .Case("stack-buffer-overflow", "Stack buffer overflow")
203 .Case("stack-use-after-return", "Use of stack memory after return")
204 .Case("use-after-poison", "Use of poisoned memory")
205 .Case("container-overflow", "Container overflow")
206 .Case("stack-use-after-scope", "Use of out-of-scope stack memory")
207 .Case("global-buffer-overflow", "Global buffer overflow")
208 .Case("unknown-crash", "Invalid memory access")
209 .Case("stack-overflow", "Stack space exhausted")
210 .Case("null-deref", "Dereference of null pointer")
211 .Case("wild-jump", "Jump to non-executable address")
212 .Case("wild-addr-write", "Write through wild pointer")
213 .Case("wild-addr-read", "Read from wild pointer")
214 .Case("wild-addr", "Access through wild pointer")
215 .Case("signal", "Deadly signal")
216 .Case("double-free", "Deallocation of freed memory")
217 .Case("new-delete-type-mismatch",
218 "Deallocation size different from allocation size")
219 .Case("bad-free", "Deallocation of non-allocated memory")
220 .Case("alloc-dealloc-mismatch",
221 "Mismatch between allocation and deallocation APIs")
222 .Case("bad-malloc_usable_size", "Invalid argument to malloc_usable_size")
223 .Case("bad-__sanitizer_get_allocated_size",
224 "Invalid argument to __sanitizer_get_allocated_size")
225 .Case("param-overlap",
226 "Call to function disallowing overlapping memory ranges")
227 .Case("negative-size-param", "Negative size used when accessing memory")
228 .Case("bad-__sanitizer_annotate_contiguous_container",
229 "Invalid argument to __sanitizer_annotate_contiguous_container")
230 .Case("odr-violation", "Symbol defined in multiple translation units")
231 .Case(
232 "invalid-pointer-pair",
233 "Comparison or arithmetic on pointers from different memory regions")
234 // for unknown report codes just show the code
235 .Default("AddressSanitizer detected: " + description);
236}
237
239 void *baton, StoppointCallbackContext *context, user_id_t break_id,
240 user_id_t break_loc_id) {
241 assert(baton && "null baton");
242 if (!baton)
243 return false;
244
245 InstrumentationRuntimeASan *const instance =
246 static_cast<InstrumentationRuntimeASan *>(baton);
247
248 ProcessSP process_sp = instance->GetProcessSP();
249
250 if (process_sp->GetModIDRef().IsLastResumeForUserExpression())
251 return false;
252
253 StructuredData::ObjectSP report = instance->RetrieveReportData();
254 std::string description;
255 if (report) {
256 description = instance->FormatDescription(report);
257 }
258 // Make sure this is the right process
259 if (process_sp && process_sp == context->exe_ctx_ref.GetProcessSP()) {
260 ThreadSP thread_sp = context->exe_ctx_ref.GetThreadSP();
261 if (thread_sp)
262 thread_sp->SetStopInfo(InstrumentationRuntimeStopInfo::
263 CreateStopReasonWithInstrumentationData(
264 *thread_sp, description, report));
265
266 StreamFileSP stream_sp(
267 process_sp->GetTarget().GetDebugger().GetOutputStreamSP());
268 if (stream_sp) {
269 stream_sp->Printf("AddressSanitizer report breakpoint hit. Use 'thread "
270 "info -s' to get extended information about the "
271 "report.\n");
272 }
273 return true; // Return true to stop the target
274 } else
275 return false; // Let target run
276}
277
279 if (IsActive())
280 return;
281
282 ProcessSP process_sp = GetProcessSP();
283 if (!process_sp)
284 return;
285
286 ConstString symbol_name("_ZN6__asanL7AsanDieEv");
287 const Symbol *symbol = GetRuntimeModuleSP()->FindFirstSymbolWithNameAndType(
288 symbol_name, eSymbolTypeCode);
289
290 if (symbol == nullptr)
291 return;
292
293 if (!symbol->ValueIsAddress() || !symbol->GetAddressRef().IsValid())
294 return;
295
296 Target &target = process_sp->GetTarget();
297 addr_t symbol_address = symbol->GetAddressRef().GetOpcodeLoadAddress(&target);
298
299 if (symbol_address == LLDB_INVALID_ADDRESS)
300 return;
301
302 const bool internal = true;
303 const bool hardware = false;
304 const bool sync = false;
305 Breakpoint *breakpoint =
306 process_sp->GetTarget()
307 .CreateBreakpoint(symbol_address, internal, hardware)
308 .get();
310 sync);
311 breakpoint->SetBreakpointKind("address-sanitizer-report");
312 SetBreakpointID(breakpoint->GetID());
313
314 SetActive(true);
315}
316
319 ProcessSP process_sp = GetProcessSP();
320 if (process_sp) {
321 process_sp->GetTarget().RemoveBreakpointByID(GetBreakpointID());
323 }
324 }
325 SetActive(false);
326}
static llvm::raw_ostream & error(Stream &strm)
const char * address_sanitizer_retrieve_report_data_command
const char * address_sanitizer_retrieve_report_data_prefix
#define LLDB_PLUGIN_DEFINE(PluginName)
Definition: PluginManager.h:31
lldb::addr_t GetOpcodeLoadAddress(Target *target, AddressClass addr_class=AddressClass::eInvalid) const
Get the load address as an opcode load address.
Definition: Address.cpp:368
bool IsValid() const
Check if the object state is valid.
Definition: Address.h:345
General Outline: A breakpoint has four main parts, a filter, a resolver, the list of breakpoint locat...
Definition: Breakpoint.h:81
void SetBreakpointKind(const char *kind)
Set the "kind" description for a breakpoint.
Definition: Breakpoint.h:453
Target & GetTarget()
Accessor for the breakpoint Target.
Definition: Breakpoint.h:464
void SetCallback(BreakpointHitCallback callback, void *baton, bool is_synchronous=false)
Set the callback action invoked when the breakpoint is hit.
Definition: Breakpoint.cpp:418
A uniqued constant string class.
Definition: ConstString.h:39
static void ReportWarning(std::string message, std::optional< lldb::user_id_t > debugger_id=std::nullopt, std::once_flag *once=nullptr)
Report warning events.
Definition: Debugger.cpp:1460
void SetLanguage(lldb::LanguageType language)
Definition: Target.h:305
void SetUnwindOnError(bool unwind=false)
Definition: Target.h:324
void SetPrefix(const char *prefix)
Definition: Target.h:313
void SetTryAllThreads(bool try_others=true)
Definition: Target.h:357
void SetTimeout(const Timeout< std::micro > &timeout)
Definition: Target.h:345
void SetStopOthers(bool stop_others=true)
Definition: Target.h:361
void SetIgnoreBreakpoints(bool ignore=false)
Definition: Target.h:328
lldb::ThreadSP GetThreadSP() const
Get accessor that creates a strong reference from the weak thread reference contained in this object.
lldb::ProcessSP GetProcessSP() const
Get accessor that creates a strong reference from the weak process reference contained in this object...
"lldb/Target/ExecutionContext.h" A class that contains an execution context.
static lldb::InstrumentationRuntimeType GetTypeStatic()
static bool NotifyBreakpointHit(void *baton, StoppointCallbackContext *context, lldb::user_id_t break_id, lldb::user_id_t break_loc_id)
void Activate() override
Register a breakpoint in the runtime library and perform any other necessary initialization.
static lldb::InstrumentationRuntimeSP CreateInstance(const lldb::ProcessSP &process_sp)
std::string FormatDescription(StructuredData::ObjectSP report)
const RegularExpression & GetPatternForRuntimeLibrary() override
Return a regular expression which can be used to identify a valid version of the runtime library.
bool CheckIfRuntimeIsValid(const lldb::ModuleSP module_sp) override
Check whether module_sp corresponds to a valid runtime library.
static bool RegisterPlugin(llvm::StringRef name, llvm::StringRef description, ABICreateInstance create_callback)
static bool UnregisterPlugin(ABICreateInstance create_callback)
An error handling class.
Definition: Status.h:44
const char * AsCString(const char *default_error_str="unknown error") const
Get the error string associated with the current error.
Definition: Status.cpp:130
General Outline: When we hit a breakpoint we need to package up whatever information is needed to eva...
lldb::break_id_t GetID() const
Definition: Stoppoint.cpp:22
llvm::StringRef GetString() const
void AddIntegerItem(llvm::StringRef key, uint64_t value)
void AddStringItem(llvm::StringRef key, llvm::StringRef value)
std::shared_ptr< Object > ObjectSP
bool ValueIsAddress() const
Definition: Symbol.cpp:167
Address & GetAddressRef()
Definition: Symbol.h:71
lldb::BreakpointSP CreateBreakpoint(const FileSpecList *containingModules, const FileSpec &file, uint32_t line_no, uint32_t column, lldb::addr_t offset, LazyBool check_inlines, LazyBool skip_prologue, bool internal, bool request_hardware, LazyBool move_to_nearest_code)
Definition: Target.cpp:352
static lldb::ExpressionResults Evaluate(ExecutionContext &exe_ctx, const EvaluateExpressionOptions &options, llvm::StringRef expr_cstr, llvm::StringRef expr_prefix, lldb::ValueObjectSP &result_valobj_sp, Status &error, std::string *fixed_expression=nullptr, ValueObject *ctx_obj=nullptr)
Evaluate one expression in the scratch context of the target passed in the exe_ctx and return its res...
#define LLDB_INVALID_BREAK_ID
Definition: lldb-defines.h:37
#define LLDB_INVALID_ADDRESS
Definition: lldb-defines.h:74
A class that represents a running process on the host machine.
Definition: SBAttachInfo.h:14
Definition: SBAddress.h:15
@ eLanguageTypeObjC_plus_plus
Objective-C++.
ExpressionResults
The results of expression evaluation.
@ eExpressionCompleted
InstrumentationRuntimeType
@ eInstrumentationRuntimeTypeAddressSanitizer
uint64_t user_id_t
Definition: lldb-types.h:80
uint64_t addr_t
Definition: lldb-types.h:79