search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
28.68k stars 11.86k forks source link

pthread interceptors for ASAN/MSAN #107881

Open ccotter opened 1 month ago

ccotter commented 1 month ago

Common pthread APIs like pthread_mutex_lock do not seem to have ASAN or MSAN interceptors. The following program is not caught by ASAN, though it is caught by TSAN with a ThreadSanitizer: heap-use-after-free diagnostic.

ASAN and MSAN intercept other libc names and check for the validity of the input parameters. Are the pthread APIs intentionally left out , or should they be added to sanitizer_common_interceptors.inc to catch such errors.

#include <pthread.h>

int main() {
  pthread_mutex_t* m = new pthread_mutex_t;
  delete m;
  pthread_mutex_lock(m); // No ASAN or MSAN diagnostic. TSAN catches this with heap-use-after-free.
  return 0;
}

Stack use after free are not caught by any of the sanitizers.

#include <pthread.h>

int main() {
  pthread_mutex_t* m;
  {
    pthread_mutex_t mtx;
    m = &mtx;
  }
  pthread_mutex_lock(m); // ASAN/MSAN hang on my system (but do not give any sanitizer diagnostic). The TSAN program runs without any error.
  return 0;
}
ccotter commented 1 month ago

@vitalybuka thoughts on adding ASAN/MSAN (via sanitizer_common_interceptors) interceptors for pthread APIs like pthread_mutex_lock?

vitalybuka commented 1 month ago

LGTM if expect number of detection is significant. Interceptors have performance and maintenance cost.

ccotter commented 1 month ago

Thanks! I'll see what APIs make most sense to include.

The other motive would be to tie into https://discourse.llvm.org/t/rfc-tsan-implementing-a-fuzz-scheduler-for-tsan/80969/4