From f3f7543e88d1e0939dd69bdb5ebb0ce995e55582 Mon Sep 17 00:00:00 2001 From: Paddy McDonald Date: Thu, 13 Mar 2025 17:36:29 -0700 Subject: [PATCH 1/3] [Darwin][ASan][Test] Create a noinlined wrapper function for reliable suppression in test. CFStringCreateWithBytes may not always appear on stack due to optimizations. Create a wrapper function for the purposes of testing suppression files that will always appear on stack for test stability. Also necessary to disable leaks to pass on Apple Silicon. rdar://144800068 --- .../TestCases/Darwin/suppressions-sandbox.cpp | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/compiler-rt/test/asan/TestCases/Darwin/suppressions-sandbox.cpp b/compiler-rt/test/asan/TestCases/Darwin/suppressions-sandbox.cpp index 966f21346e4fe..417edb6a8ce5c 100644 --- a/compiler-rt/test/asan/TestCases/Darwin/suppressions-sandbox.cpp +++ b/compiler-rt/test/asan/TestCases/Darwin/suppressions-sandbox.cpp @@ -3,8 +3,8 @@ // RUN: not %run %t 2>&1 | FileCheck --check-prefix=CHECK-CRASH %s // Check that suppressing a function name works within a no-fork sandbox -// RUN: echo "interceptor_via_fun:CFStringCreateWithBytes" > %t.supp -// RUN: %env_asan_opts=suppressions='"%t.supp"' \ +// RUN: echo "interceptor_via_fun:createCFString" > %t.supp +// RUN: %env_asan_opts=suppressions='"%t.supp"':verbosity=1:detect_leaks=0 \ // RUN: sandbox-exec -p '(version 1)(allow default)(deny process-fork)' \ // RUN: %run %t 2>&1 | FileCheck --check-prefix=CHECK-IGNORE %s @@ -13,12 +13,17 @@ #include +// Use a noinline + disable_tail_calls wrapper function to suppress to stabilize test. +__attribute__((noinline, disable_tail_calls)) CFStringRef +createCFString(const unsigned char *bytes, CFIndex length) { + return CFStringCreateWithBytes(kCFAllocatorDefault, bytes, length, + kCFStringEncodingUTF8, FALSE); +} + int main() { char *a = (char *)malloc(6); strcpy(a, "hello"); - CFStringRef str = - CFStringCreateWithBytes(kCFAllocatorDefault, (unsigned char *)a, 10, - kCFStringEncodingUTF8, FALSE); // BOOM + CFStringRef str = createCFString((unsigned char *)a, 10); // BOOM fprintf(stderr, "Ignored.\n"); free(a); CFRelease(str); From fcf1cfab99dc52c7ced3ee04eca30db80be06910 Mon Sep 17 00:00:00 2001 From: Paddy McDonald Date: Fri, 14 Mar 2025 13:04:24 -0700 Subject: [PATCH 2/3] Update compiler-rt/test/asan/TestCases/Darwin/suppressions-sandbox.cpp Co-authored-by: Julian Lettner --- .../test/asan/TestCases/Darwin/suppressions-sandbox.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/compiler-rt/test/asan/TestCases/Darwin/suppressions-sandbox.cpp b/compiler-rt/test/asan/TestCases/Darwin/suppressions-sandbox.cpp index 417edb6a8ce5c..78a8d88205841 100644 --- a/compiler-rt/test/asan/TestCases/Darwin/suppressions-sandbox.cpp +++ b/compiler-rt/test/asan/TestCases/Darwin/suppressions-sandbox.cpp @@ -13,7 +13,8 @@ #include -// Use a noinline + disable_tail_calls wrapper function to suppress to stabilize test. +// Disable optimizations to ensure that this function appears on the stack trace so our +// configured suppressions `interceptor_via_fun:createCFString` can take effect. __attribute__((noinline, disable_tail_calls)) CFStringRef createCFString(const unsigned char *bytes, CFIndex length) { return CFStringCreateWithBytes(kCFAllocatorDefault, bytes, length, From 24b609a59166223d2c1c60e1fcd723845823a915 Mon Sep 17 00:00:00 2001 From: Paddy McDonald Date: Fri, 14 Mar 2025 13:11:48 -0700 Subject: [PATCH 3/3] Update compiler-rt/test/asan/TestCases/Darwin/suppressions-sandbox.cpp Co-authored-by: Julian Lettner --- compiler-rt/test/asan/TestCases/Darwin/suppressions-sandbox.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compiler-rt/test/asan/TestCases/Darwin/suppressions-sandbox.cpp b/compiler-rt/test/asan/TestCases/Darwin/suppressions-sandbox.cpp index 78a8d88205841..be0a2b1aec516 100644 --- a/compiler-rt/test/asan/TestCases/Darwin/suppressions-sandbox.cpp +++ b/compiler-rt/test/asan/TestCases/Darwin/suppressions-sandbox.cpp @@ -4,7 +4,7 @@ // Check that suppressing a function name works within a no-fork sandbox // RUN: echo "interceptor_via_fun:createCFString" > %t.supp -// RUN: %env_asan_opts=suppressions='"%t.supp"':verbosity=1:detect_leaks=0 \ +// RUN: %env_asan_opts=suppressions='"%t.supp"' \ // RUN: sandbox-exec -p '(version 1)(allow default)(deny process-fork)' \ // RUN: %run %t 2>&1 | FileCheck --check-prefix=CHECK-IGNORE %s