Skip to content

[ASan] Do not instrument catch block parameters on Windows #159618

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
+145 −0
Open

[ASan] Do not instrument catch block parameters on Windows #159618

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
ece2a2b
do not asan-instrument catch parameters on windows
davidmrdavid Sep 18, 2025
bff409d
add basic unit test: catches exception 'inline' and in another frame
davidmrdavid Sep 18, 2025
043848d
apply clang-format on `compiler-rt/test/asan/TestCases/Windows/basic_…
davidmrdavid Sep 18, 2025
2326be0
optimization: disable catch-parameter instrumentation via a linear pa…
davidmrdavid Sep 23, 2025
3497540
Merge branch 'main' into dev/dajusto/dont-asanize-catch-params-on-win…
davidmrdavid Sep 23, 2025
e4551b1
add IR instrumentation unit test with `opt`
davidmrdavid Oct 13, 2025
9b99935
Merge branch 'dev/dajusto/dont-asanize-catch-params-on-windows' of ht…
davidmrdavid Oct 13, 2025
04956f9
Merge branch 'main' into dev/dajusto/dont-asanize-catch-params-on-win…
davidmrdavid Oct 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions compiler-rt/test/asan/TestCases/Windows/basic_exception_handling.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
// RUN: %clangxx_asan %s -o %t
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we have a small lit test instead of the runtime one? Like a simple function with a catchpad instruction, whose argument is an alloca, showing no asan instrumentation is added.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, this should have an IR instrumentation test using opt in addition to this integration test.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noted, I'll look to build that, though it'd be my first time constructing something other than an integration test in this codebase. I should be able to figure out it out, I'll reach out if not.

If there's an example IR test case that I could use for reference, please send it my way. Thanks!

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The localescape.ll test case is a good example of what an IR-only test case looks like, but you'd want to start by taking the C++ from the execution test, feeding it through Clang, emitting LLVM IR (-emit-llvm -S), extracting a single function with a catchpad, and using that as the input. The property we're looking for is that the alloca used by the catchpad remains in the IR.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for the delay here, I've been a bit stuck trying to validate that my .lls shows the right thing.
I'm following up here with the details: #159618 (comment).

Could use assistance, thanks a lot!

// RUN: %run %t | FileCheck %s

// This test tests that declaring a parameter in a catch-block does not produce a false positive
// ASan error on Windows.

// This code is based on the repro in https://github.com/google/sanitizers/issues/749
#include <cstdio>
#include <exception>

void throwInFunction() { throw std::exception("test2"); }

int main() {
// case 1: direct throw
try {
throw std::exception("test1");
} catch (const std::exception &ex) {
puts(ex.what());
// CHECK: test1
}

// case 2: throw in function
try {
throwInFunction();
} catch (const std::exception &ex) {
puts(ex.what());
// CHECK: test2
}

printf("Success!\n");
// CHECK: Success!
return 0;
}
16 changes: 15 additions & 1 deletion llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1397,6 +1397,16 @@ void AddressSanitizer::instrumentMemIntrinsic(MemIntrinsic *MI,
MI->eraseFromParent();
}

// Check if an alloca is a catch block parameter
static bool isCatchParameter(const AllocaInst &AI) {
for (const Use &U : AI.uses()) {
if (isa<CatchPadInst>(U.getUser())) {
return true;
}
}
return false;
}

/// Check if we want (and can) handle this alloca.
bool AddressSanitizer::isInterestingAlloca(const AllocaInst &AI) {
auto [It, Inserted] = ProcessedAllocas.try_emplace(&AI);
Expand All @@ -1417,7 +1427,11 @@ bool AddressSanitizer::isInterestingAlloca(const AllocaInst &AI) {
// swifterror allocas are register promoted by ISel
!AI.isSwiftError() &&
// safe allocas are not interesting
!(SSGI && SSGI->isSafe(AI)));
!(SSGI && SSGI->isSafe(AI)) &&
// Mitigation for https://github.com/google/sanitizers/issues/749
// We don't instrument Windows catch-block parameters to avoid
// interfering with exception handling assumptions.
!(TargetTriple.isOSWindows() && isCatchParameter(AI)));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please do a simple up-front pass over all basic blocks looking for catchpads and build up a set of catchpad parameters, and make this O(1) by testing for set membership.

Allocas may have a very high number of uses, so this seems worth optimizing.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I notice above that isAllocaPromotable is also O(#uses), and that seems bad, honestly :(


It->second = IsInteresting;
return IsInteresting;
Expand Down