143894 2015-04-17 13:55:14 -0700 Use ASan poisoning to taint moved-out-of Refs 2015-04-17 15:46:53 -0700 1 1 1 Unclassified WebKit Web Template Framework 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 ap ap andersca benjamin cmarcelo commit-queue darin oldest_to_newest 1086403 0 ap 2015-04-17 13:55:14 -0700 It has been suggested that we can taint Refs to check that they are not used after moving out. I'm not sure if we can practically expect to catch any bugs (the pointer is already zeroed out), but this seems easy enough to do, and harmless. Could catch something one day. <rdar://problem/19443723> 1086405 1 251042 ap 2015-04-17 13:56:50 -0700 Created attachment 251042 proposed patch 1086455 2 251042 sam 2015-04-17 15:33:58 -0700 Comment on attachment 251042 proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=251042&action=review > Source/WTF/wtf/Ref.h:38 > +#if ASAN_ENABLED > +extern "C" void __asan_poison_memory_region(void const volatile *addr, size_t size); > +extern "C" void __asan_unpoison_memory_region(void const volatile *addr, size_t size); > +extern "C" bool __asan_address_is_poisoned(void const volatile *addr); > +#endif I think this should probably be in Compiler.h, since it seems like this could be generally useful. Perhaps we should also put it behind some nicer macros / inline functions. 1086456 3 251042 commit-queue 2015-04-17 15:46:47 -0700 Comment on attachment 251042 proposed patch Clearing flags on attachment: 251042 Committed r182977: <http://trac.webkit.org/changeset/182977> 1086457 4 commit-queue 2015-04-17 15:46:53 -0700 All reviewed patches have been landed. Closing bug. 251042 2015-04-17 13:56:50 -0700 2015-04-17 15:46:47 -0700 proposed patch TaintRef.txt text/plain 1739 ap SW5kZXg6IFNvdXJjZS9XVEYvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XVEYvQ2hh bmdlTG9nCShyZXZpc2lvbiAxODI5NjQpCisrKyBTb3VyY2UvV1RGL0NoYW5nZUxvZwkod29ya2lu ZyBjb3B5KQpAQCAtMSwzICsxLDEzIEBACisyMDE1LTA0LTE3ICBBbGV4ZXkgUHJvc2t1cnlha292 ICA8YXBAYXBwbGUuY29tPgorCisgICAgICAgIFVzZSBBU2FuIHBvaXNvbmluZyB0byB0YWludCBt b3ZlZC1vdXQtb2YgUmVmcworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1 Zy5jZ2k/aWQ9MTQzODk0CisgICAgICAgIHJkYXI6Ly9wcm9ibGVtLzE5NDQzNzIzCisKKyAgICAg ICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgKiB3dGYvUmVmLmg6IChX VEY6OlJlZjo6flJlZik6CisKIDIwMTUtMDQtMTYgIFl1c3VrZSBTdXp1a2kgIDx1dGF0YW5lLnRl YUBnbWFpbC5jb20+CiAKICAgICAgICAgW0VTNl0gSW1wbGVtZW50IFN5bWJvbC5mb3IgYW5kIFN5 bWJvbC5rZXlGb3IKSW5kZXg6IFNvdXJjZS9XVEYvd3RmL1JlZi5oCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNv dXJjZS9XVEYvd3RmL1JlZi5oCShyZXZpc2lvbiAxODI5MzkpCisrKyBTb3VyY2UvV1RGL3d0Zi9S ZWYuaAkod29ya2luZyBjb3B5KQpAQCAtMzEsNiArMzEsMTIgQEAKICNpbmNsdWRlIDx3dGYvTm9u Y29weWFibGUuaD4KICNpbmNsdWRlIDx3dGYvU3RkTGliRXh0cmFzLmg+CiAKKyNpZiBBU0FOX0VO QUJMRUQKK2V4dGVybiAiQyIgdm9pZCBfX2FzYW5fcG9pc29uX21lbW9yeV9yZWdpb24odm9pZCBj b25zdCB2b2xhdGlsZSAqYWRkciwgc2l6ZV90IHNpemUpOworZXh0ZXJuICJDIiB2b2lkIF9fYXNh bl91bnBvaXNvbl9tZW1vcnlfcmVnaW9uKHZvaWQgY29uc3Qgdm9sYXRpbGUgKmFkZHIsIHNpemVf dCBzaXplKTsKK2V4dGVybiAiQyIgYm9vbCBfX2FzYW5fYWRkcmVzc19pc19wb2lzb25lZCh2b2lk IGNvbnN0IHZvbGF0aWxlICphZGRyKTsKKyNlbmRpZgorCiBuYW1lc3BhY2UgV1RGIHsKIAogaW5s aW5lIHZvaWQgYWRvcHRlZChjb25zdCB2b2lkKikgeyB9CkBAIC00Miw2ICs0OCwxMCBAQCB0ZW1w bGF0ZTx0eXBlbmFtZSBUPiBjbGFzcyBSZWYgewogcHVibGljOgogICAgIH5SZWYoKQogICAgIHsK KyNpZiBBU0FOX0VOQUJMRUQKKyAgICAgICAgaWYgKF9fYXNhbl9hZGRyZXNzX2lzX3BvaXNvbmVk KHRoaXMpKQorICAgICAgICAgICAgX19hc2FuX3VucG9pc29uX21lbW9yeV9yZWdpb24odGhpcywg c2l6ZW9mKCp0aGlzKSk7CisjZW5kaWYKICAgICAgICAgaWYgKG1fcHRyKQogICAgICAgICAgICAg bV9wdHItPmRlcmVmKCk7CiAgICAgfQpAQCAtMTI2LDcgKzEzNiwxMSBAQCBwdWJsaWM6CiAgICAg ewogICAgICAgICBBU1NFUlQobV9wdHIpOwogCi0gICAgICAgIHJldHVybiAqc3RkOjpleGNoYW5n ZShtX3B0ciwgbnVsbHB0cik7CisgICAgICAgIFQmIHJlc3VsdCA9ICpzdGQ6OmV4Y2hhbmdlKG1f cHRyLCBudWxscHRyKTsKKyNpZiBBU0FOX0VOQUJMRUQKKyAgICAgICAgX19hc2FuX3BvaXNvbl9t ZW1vcnlfcmVnaW9uKHRoaXMsIHNpemVvZigqdGhpcykpOworI2VuZGlmCisgICAgICAgIHJldHVy biByZXN1bHQ7CiAgICAgfQogCiBwcml2YXRlOgo=