Revert "[NFC][hwasan] Store shadow bytes early (#66682)"

vitalybuka · vitalybuka · commit 6d9857167a5f · 2023-09-20T22:14:28.000-07:00
InvalidFreeReport prints invalid ptr/mem. This reverts commit 7641c22.
diff --git a/compiler-rt/lib/hwasan/hwasan_report.cpp b/compiler-rt/lib/hwasan/hwasan_report.cpp
@@ -25,7 +25,6 @@
 #include "sanitizer_common/sanitizer_array_ref.h"
 #include "sanitizer_common/sanitizer_common.h"
 #include "sanitizer_common/sanitizer_flags.h"
-#include "sanitizer_common/sanitizer_internal_defs.h"
 #include "sanitizer_common/sanitizer_mutex.h"
 #include "sanitizer_common/sanitizer_report_decorator.h"
 #include "sanitizer_common/sanitizer_stackdepot.h"
@@ -322,61 +321,56 @@ static uptr GetGlobalSizeFromDescriptor(uptr ptr) {
 
 void ReportStats() {}
 
-template <typename PrintTag>
-static void PrintTagInfoAroundAddr(uptr addr, uptr num_rows,
-                                   InternalScopedString &s,
-                                   PrintTag print_tag) {
+static void PrintTagInfoAroundAddr(tag_t *tag_ptr, uptr num_rows,
+                                   void (*print_tag)(InternalScopedString &s,
+                                                     tag_t *tag)) {
   const uptr row_len = 16;  // better be power of two.
-  uptr center_row_beg = RoundDownTo(addr, row_len);
-  uptr beg_row = center_row_beg - row_len * (num_rows / 2);
-  uptr end_row = center_row_beg + row_len * ((num_rows + 1) / 2);
-  for (uptr row = beg_row; row < end_row; row += row_len) {
+  tag_t *center_row_beg = reinterpret_cast<tag_t *>(
+      RoundDownTo(reinterpret_cast<uptr>(tag_ptr), row_len));
+  tag_t *beg_row = center_row_beg - row_len * (num_rows / 2);
+  tag_t *end_row = center_row_beg + row_len * ((num_rows + 1) / 2);
+  InternalScopedString s;
+  for (tag_t *row = beg_row; row < end_row; row += row_len) {
     s.Append(row == center_row_beg ? "=>" : "  ");
-    s.AppendF("%p:", (void *)ShadowToMem(row));
+    s.AppendF("%p:", (void *)ShadowToMem(reinterpret_cast<uptr>(row)));
     for (uptr i = 0; i < row_len; i++) {
-      s.Append(row + i == addr ? "[" : " ");
-      print_tag(s, row + i);
-      s.Append(row + i == addr ? "]" : " ");
+      s.Append(row + i == tag_ptr ? "[" : " ");
+      print_tag(s, &row[i]);
+      s.Append(row + i == tag_ptr ? "]" : " ");
     }
     s.AppendF("\n");
   }
+  Printf("%s", s.data());
 }
 
-template <typename GetTag, typename GetShortTag>
-static void PrintTagsAroundAddr(uptr addr, GetTag get_tag,
-                                GetShortTag get_short_tag) {
-  InternalScopedString s;
-  addr = MemToShadow(addr);
-  s.AppendF(
+static void PrintTagsAroundAddr(tag_t *tag_ptr) {
+  Printf(
       "Memory tags around the buggy address (one tag corresponds to %zd "
       "bytes):\n",
       kShadowAlignment);
-  PrintTagInfoAroundAddr(addr, 17, s,
-                         [&](InternalScopedString &s, uptr tag_addr) {
-                           tag_t tag = get_tag(tag_addr);
-                           s.AppendF("%02x", tag);
-                         });
+  PrintTagInfoAroundAddr(tag_ptr, 17, [](InternalScopedString &s, tag_t *tag) {
+    s.AppendF("%02x", *tag);
+  });
 
-  s.AppendF(
+  Printf(
       "Tags for short granules around the buggy address (one tag corresponds "
       "to %zd bytes):\n",
       kShadowAlignment);
-  PrintTagInfoAroundAddr(addr, 3, s,
-                         [&](InternalScopedString &s, uptr tag_addr) {
-                           tag_t tag = get_tag(tag_addr);
-                           if (tag >= 1 && tag <= kShadowAlignment) {
-                             tag_t short_tag = get_short_tag(tag_addr);
-                             s.AppendF("%02x", short_tag);
-                           } else {
-                             s.AppendF("..");
-                           }
-                         });
-  s.AppendF(
+  PrintTagInfoAroundAddr(tag_ptr, 3, [](InternalScopedString &s, tag_t *tag) {
+    uptr granule_addr = ShadowToMem(reinterpret_cast<uptr>(tag));
+    if (*tag >= 1 && *tag <= kShadowAlignment &&
+        IsAccessibleMemoryRange(granule_addr, kShadowAlignment)) {
+      s.AppendF("%02x",
+                *reinterpret_cast<u8 *>(granule_addr + kShadowAlignment - 1));
+    } else {
+      s.AppendF("..");
+    }
+  });
+  Printf(
       "See "
       "https://clang.llvm.org/docs/"
       "HardwareAssistedAddressSanitizerDesign.html#short-granules for a "
       "description of short granule tags\n");
-  Printf("%s", s.data());
 }
 
 static uptr GetTopPc(const StackTrace *stack) {
@@ -396,8 +390,7 @@ class BaseReport {
         ptr_tag(GetTagFromPointer(tagged_addr)),
         heap(CopyHeapChunk()),
         allocations(CopyAllocations()),
-        candidate(FindBufferOverflowCandidate()),
-        shadow(CopyShadow()) {}
+        candidate(FindBufferOverflowCandidate()) {}
 
  protected:
   struct OverflowCandidate {
@@ -435,15 +428,6 @@ class BaseReport {
     bool is_allocated = false;
   };
 
-  struct Shadow {
-    uptr addr = 0;
-    tag_t tags[512] = {};
-    tag_t short_tags[ARRAY_SIZE(tags)] = {};
-  };
-
-  Shadow CopyShadow() const;
-  tag_t GetTagCopy(uptr addr) const;
-  tag_t GetShortTagCopy(uptr addr) const;
   HeapChunk CopyHeapChunk() const;
   Allocations CopyAllocations();
   OverflowCandidate FindBufferOverflowCandidate() const;
@@ -463,49 +447,8 @@ class BaseReport {
   const HeapChunk heap;
   const Allocations allocations;
   const OverflowCandidate candidate;
-
-  const Shadow shadow;
 };
 
-BaseReport::Shadow BaseReport::CopyShadow() const {
-  Shadow result;
-  if (!MemIsApp(untagged_addr))
-    return result;
-
-  result.addr = MemToShadow(untagged_addr) - ARRAY_SIZE(result.tags) / 2;
-  for (uptr i = 0; i < ARRAY_SIZE(result.tags); ++i) {
-    uptr tag_addr = result.addr + i;
-    if (!MemIsShadow(tag_addr))
-      continue;
-    result.tags[i] = *reinterpret_cast<tag_t *>(tag_addr);
-    uptr granule_addr = ShadowToMem(tag_addr);
-    if (1 <= result.tags[i] && result.tags[i] <= kShadowAlignment &&
-        IsAccessibleMemoryRange(granule_addr, kShadowAlignment)) {
-      result.short_tags[i] =
-          *reinterpret_cast<tag_t *>(granule_addr + kShadowAlignment - 1);
-    }
-  }
-  return result;
-}
-
-tag_t BaseReport::GetTagCopy(uptr addr) const {
-  if (addr < shadow.addr)
-    return 0;
-  uptr idx = addr - shadow.addr;
-  if (idx >= ARRAY_SIZE(shadow.tags))
-    return 0;
-  return shadow.tags[idx];
-}
-
-tag_t BaseReport::GetShortTagCopy(uptr addr) const {
-  if (addr < shadow.addr)
-    return 0;
-  uptr idx = addr - shadow.addr;
-  if (idx >= ARRAY_SIZE(shadow.short_tags))
-    return 0;
-  return shadow.short_tags[idx];
-}
-
 BaseReport::HeapChunk BaseReport::CopyHeapChunk() const {
   HeapChunk result = {};
   if (MemIsShadow(untagged_addr))
@@ -778,6 +721,15 @@ class InvalidFreeReport : public BaseReport {
 };
 
 InvalidFreeReport::~InvalidFreeReport() {
+  tag_t *tag_ptr = nullptr;
+  tag_t mem_tag = 0;
+  if (MemIsApp(untagged_addr)) {
+    tag_ptr = reinterpret_cast<tag_t *>(MemToShadow(untagged_addr));
+    if (MemIsShadow(reinterpret_cast<uptr>(tag_ptr)))
+      mem_tag = *tag_ptr;
+    else
+      tag_ptr = nullptr;
+  }
   Decorator d;
   Printf("%s", d.Error());
   uptr pc = GetTopPc(stack);
@@ -791,19 +743,16 @@ InvalidFreeReport::~InvalidFreeReport() {
            SanitizerToolName, bug_type, untagged_addr, pc);
   }
   Printf("%s", d.Access());
-  if (shadow.addr)
-    Printf("tags: %02x/%02x (ptr/mem)\n", ptr_tag, GetTagCopy(untagged_addr));
+  if (tag_ptr)
+    Printf("tags: %02x/%02x (ptr/mem)\n", ptr_tag, mem_tag);
   Printf("%s", d.Default());
 
   stack->Print();
 
   PrintAddressDescription();
 
-  if (shadow.addr) {
-    PrintTagsAroundAddr(
-        untagged_addr, [&](uptr addr) { return GetTagCopy(addr); },
-        [&](uptr addr) { return GetShortTagCopy(addr); });
-  }
+  if (tag_ptr)
+    PrintTagsAroundAddr(tag_ptr);
 
   MaybePrintAndroidHelpUrl();
   ReportErrorSummary(bug_type, stack);
@@ -885,9 +834,8 @@ TailOverwrittenReport::~TailOverwrittenReport() {
   Printf("%s", s.data());
   GetCurrentThread()->Announce();
 
-  PrintTagsAroundAddr(
-      untagged_addr, [&](uptr addr) { return GetTagCopy(addr); },
-      [&](uptr addr) { return GetShortTagCopy(addr); });
+  tag_t *tag_ptr = reinterpret_cast<tag_t*>(MemToShadow(untagged_addr));
+  PrintTagsAroundAddr(tag_ptr);
 
   MaybePrintAndroidHelpUrl();
   ReportErrorSummary(bug_type, stack);
@@ -964,9 +912,7 @@ TagMismatchReport::~TagMismatchReport() {
   PrintAddressDescription();
   t->Announce();
 
-  PrintTagsAroundAddr(
-      untagged_addr + offset, [&](uptr addr) { return GetTagCopy(addr); },
-      [&](uptr addr) { return GetShortTagCopy(addr); });
+  PrintTagsAroundAddr(tag_ptr);
 
   if (registers_frame)
     ReportRegisters(registers_frame, pc);
