Description:asan crash asm interpreter.

Issue:https://gitee.com/openharmony/arkcompiler_ets_runtime/issues/I5K0YK?from=project-issue Signed-off-by: yingguofeng@huawei.com <yingguofeng@huawei.com> Change-Id: Id3b6022c79669cbc647dc005ad2fa34d334d9dae
2024-11-23 10:09:54 +00:00 · 2022-08-04 16:52:20 +08:00 · 2022-08-04 16:52:20 +08:00 · 63dd9ddde6
commit 63dd9ddde6
parent 5d0da2114d
10 changed files with 73 additions and 20 deletions
--- a/BUILD.gn
+++ b/BUILD.gn
@ -254,6 +254,10 @@ config("ark_jsruntime_common_config") {
    defines += [ "NDEBUG" ]
  }

+  if (run_with_asan) {
+    defines += [ "RUN_WITH_ASAN" ]
+  }
+
  if (run_with_asan && is_linux &&
      (current_cpu == "x86" || current_cpu == "x64")) {
    cflags_cc += [
--- a/ecmascript/base/asan_interface.h
+++ b/ecmascript/base/asan_interface.h
@ -0,0 +1,46 @@
+/**
+ * Copyright (c) 2022-2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ECMASCRIPT_BASE_ASAN_INTERFACE_H
+#define ECMASCRIPT_BASE_ASAN_INTERFACE_H
+
+#if (defined(__has_feature) && __has_feature(address_sanitizer)) || defined(__SANITIZE_ADDRESS__)
+#define HAS_SANITIZER
+#endif
+
+#if defined(HAS_SANITIZER) && defined(RUN_WITH_ASAN)
+#define ARK_ASAN_ON
+#endif
+
+#ifdef ARK_ASAN_ON
+extern "C" {
+// NOLINTNEXTLINE(readability-identifier-naming)
+void __asan_poison_memory_region(void const volatile *addr, size_t size) __attribute__((visibility("default")));
+// NOLINTNEXTLINE(readability-identifier-naming)
+void __asan_unpoison_memory_region(void const volatile *addr, size_t size) __attribute__((visibility("default")));
+}
+
+// NOLINTNEXTLINE(cppcoreguidelines-macro-usage)
+#define ASAN_POISON_MEMORY_REGION(addr, size) __asan_poison_memory_region((addr), (size))
+// NOLINTNEXTLINE(cppcoreguidelines-macro-usage)
+#define ASAN_UNPOISON_MEMORY_REGION(addr, size) __asan_unpoison_memory_region((addr), (size))
+#else
+// NOLINTNEXTLINE(cppcoreguidelines-macro-usage)
+#define ASAN_POISON_MEMORY_REGION(addr, size) ((void)(addr), (void)(size))
+// NOLINTNEXTLINE(cppcoreguidelines-macro-usage)
+#define ASAN_UNPOISON_MEMORY_REGION(addr, size) ((void)(addr), (void)(size))
+#endif
+
+#endif  // ECMASCRIPT_BASE_ASAN_INTERFACE_H
--- a/ecmascript/compiler/BUILD.gn
+++ b/ecmascript/compiler/BUILD.gn
@ -227,6 +227,10 @@ ohos_shared_library("libark_jsoptimizer") {
    "$js_root:libark_jsruntime",
  ]

+  if (run_with_asan) {
+    defines = [ "RUN_WITH_ASAN" ]
+  }
+
  install_enable = false

  output_extension = "so"
@ -256,6 +260,10 @@ ohos_executable("ark_stub_compiler") {
  ldflags = [ "-Wl,--lto-O0" ]
  install_enable = false

+  if (run_with_asan) {
+    defines = [ "RUN_WITH_ASAN" ]
+  }
+
  part_name = "ark_js_runtime"
  subsystem_name = "ark"
 }
--- a/ecmascript/compiler/llvm_codegen.h
+++ b/ecmascript/compiler/llvm_codegen.h
@ -39,9 +39,9 @@
 #pragma GCC diagnostic ignored "-Wunused-parameter"
 #endif

+#include "ecmascript/base/asan_interface.h"
 #include "ecmascript/mem/machine_code.h"
 #include "ecmascript/mem/region.h"
-#include "libpandabase/utils/asan_interface.h"
 #include "llvm-c/Analysis.h"
 #include "llvm-c/Core.h"
 #include "llvm-c/ExecutionEngine.h"
--- a/ecmascript/compiler/new_object_stub_builder.cpp
+++ b/ecmascript/compiler/new_object_stub_builder.cpp
@ -164,6 +164,10 @@ void NewObjectStubBuilder::AllocateInYoung(Variable *result, Label *exit)
    Label success(env);
    Label callRuntime(env);

+#ifdef ARK_ASAN_ON
+    DEFVARIABLE(ret, VariableType::JS_ANY(), Undefined());
+    Jump(&callRuntime);
+#else
    auto topOffset = JSThread::GlueData::GetNewSpaceAllocationTopAddressOffset(env->Is32Bit());
    auto endOffset = JSThread::GlueData::GetNewSpaceAllocationEndAddressOffset(env->Is32Bit());
    auto topAddress = Load(VariableType::NATIVE_POINTER(), glue_, IntPtr(topOffset));
@ -183,6 +187,7 @@ void NewObjectStubBuilder::AllocateInYoung(Variable *result, Label *exit)
        result->WriteVariable(*ret);
        Jump(exit);
    }
+#endif
    Bind(&callRuntime);
    {
        ret = CallRuntime(glue_, RTSTUB_ID(AllocateInYoung), {
@ -226,4 +231,4 @@ void NewObjectStubBuilder::InitializeTaggedArrayWithSpeicalValue(Label *exit,
    auto endOffset = Int32Add(offset, Int32(TaggedArray::DATA_OFFSET));
    InitializeWithSpeicalValue(exit, array, value, dataOffset, endOffset);
 }
-}  // namespace panda::ecmascript::kungfu
+}  // namespace panda::ecmascript::kungfu
--- a/ecmascript/free_object.h
+++ b/ecmascript/free_object.h
@ -71,7 +71,7 @@ public:
    // Before operating any freeobject, need to mark unpoison when is_asan is true.
    inline void AsanUnPoisonFreeObject() const
    {
-#if __has_feature(address_sanitizer) || defined(__SANITIZE_ADDRESS__)
+#ifdef ARK_ASAN_ON
        ASAN_UNPOISON_MEMORY_REGION(this, NEXT_OFFSET);
        if (GetClass()->IsFreeObjectWithOneField()) {
            ASAN_UNPOISON_MEMORY_REGION(this, SIZE_OFFSET);
@ -84,7 +84,7 @@ public:
    // After operating any freeobject, need to marked poison again when is_asan is true
    inline void AsanPoisonFreeObject() const
    {
-#if __has_feature(address_sanitizer) || defined(__SANITIZE_ADDRESS__)
+#ifdef ARK_ASAN_ON
        if (GetClass()->IsFreeObjectWithNoneField()) {
            ASAN_POISON_MEMORY_REGION(this, NEXT_OFFSET);
        } else if (GetClass()->IsFreeObjectWithOneField()) {
--- a/ecmascript/mem/free_object_set.cpp
+++ b/ecmascript/mem/free_object_set.cpp
@ -15,8 +15,7 @@

 #include "ecmascript/mem/free_object_set.h"

-#include <sanitizer/asan_interface.h>
-
+#include "ecmascript/base/asan_interface.h"
 #include "ecmascript/free_object.h"
 #include "ecmascript/mem/free_object_list.h"

--- a/ecmascript/mem/parallel_evacuator.cpp
+++ b/ecmascript/mem/parallel_evacuator.cpp
@ -231,10 +231,6 @@ void ParallelEvacuator::UpdateRoot()
        []([[maybe_unused]]Root type, ObjectSlot base, ObjectSlot derived, uintptr_t baseOldObject) {
        if (JSTaggedValue(base.GetTaggedType()).IsHeapObject()) {
            derived.Update(base.GetTaggedType() + derived.GetTaggedType() - baseOldObject);
-            LOG_GC(DEBUG) << std::hex << "fix base after:" << base.SlotAddress() << " base Old Value:"
-                          << baseOldObject << " base New Value:" << base.GetTaggedType()
-                          << " derived:" << derived.SlotAddress() << " derived New Value:"
-                          << derived.GetTaggedType();
        }
    };

--- a/ecmascript/mem/parallel_marker-inl.h
+++ b/ecmascript/mem/parallel_marker-inl.h
@ -62,12 +62,11 @@ inline void NonMovableMarker::HandleRangeRoots(uint32_t threadId, [[maybe_unused
    }
 }

-inline void NonMovableMarker::HandleDerivedRoots([[maybe_unused]] Root type, ObjectSlot base,
-                                                 ObjectSlot derived, uintptr_t baseOldObject)
+inline void NonMovableMarker::HandleDerivedRoots([[maybe_unused]] Root type, [[maybe_unused]] ObjectSlot base,
+                                                 [[maybe_unused]] ObjectSlot derived,
+                                                 [[maybe_unused]] uintptr_t baseOldObject)
 {
    // It is only used to update the derived value. The mark of partial GC does not need to update slot
-    LOG_GC(DEBUG) << std::hex << "fix base before:" << base.SlotAddress() << " base old Value: " << baseOldObject
-                  << " derived:" << derived.SlotAddress() << " old Value: " << derived.GetTaggedType();
 }

 inline void NonMovableMarker::HandleOldToNewRSet(uint32_t threadId, Region *region)
@ -124,9 +123,6 @@ inline void MovableMarker::HandleDerivedRoots([[maybe_unused]] Root type, Object
 {
    if (JSTaggedValue(base.GetTaggedType()).IsHeapObject()) {
        derived.Update(base.GetTaggedType() + derived.GetTaggedType() - baseOldObject);
-        LOG_GC(DEBUG) << std::hex << "fix base after:" << base.SlotAddress() << " base Old Value:"
-                      << baseOldObject << " base New Value:" << base.GetTaggedType()
-                      << " derived:" << derived.SlotAddress() << " derived New Value:" << derived.GetTaggedType();
    }
 }

--- a/ecmascript/mem/region.h
+++ b/ecmascript/mem/region.h
@ -16,9 +16,8 @@
 #ifndef ECMASCRIPT_MEM_REGION_H
 #define ECMASCRIPT_MEM_REGION_H

-#include <sanitizer/asan_interface.h>
-
 #include "ecmascript/base/aligned_struct.h"
+#include "ecmascript/base/asan_interface.h"
 #include "ecmascript/js_tagged_value.h"
 #include "ecmascript/mem/free_object_list.h"
 #include "ecmascript/mem/gc_bitset.h"
@ -504,7 +503,7 @@ public:
            markGCBitset_->Clear(bitsetSize_);
            begin_ = AlignUp(begin + bitsetSize_, static_cast<size_t>(MemAlignment::MEM_ALIGN_OBJECT));
            // The object region marked with poison until it is allocated if is_asan is true
-            ASAN_POISON_MEMORY_REGION(reinterpret_cast<void *>(begin_), (end - begin));
+            ASAN_POISON_MEMORY_REGION(reinterpret_cast<void *>(begin_), (end - begin_));
        }

        static size_t GetFlagOffset(bool isArch32)