[wasm][asan][windows] Reset thread-in-wasm flag in memory_fill_wrapper

ASAN on Windows uses exceptions to manage its shadow memory. However, this behavior can conflict with WebAssembly trap handler, because WebAssembly trap handler are executed before the ASAN exception handler. For some WebAssembly instructions we do not generate assembly code but call to C functions instead. Since these functions are very simple, we do not want to reset the thread-in-wasm flag before calling them. However, when these functions trigger the ASAN exceptions, the thread-in-wasm flag gets out-of-sync. This happened for the memory_fill_wrapper function. Originally we thought that it's sufficient to just mark the function with DISABLE_ASAN. However, this is not enough because clang compiles the function to use memset, and memset gets replaced by ASAN with asan_memset. Therefore I decided now that just for sanitizer builds on Windows, we reset the thread-in-wasm flag in memory_fill_wrapper. This is not ideal because it's test-specific code within production code. However, the alternatives also don't sound convincing. Alternatives would be: * Resetting the thread-in-wasm flag whenever we call a c-function - This would be unnecessary performance overhead for production code just to make a test work. * Configure ASAN to not change memset. - This would weaken ASAN also for other cases. * Disable ASAN for trap handlers, or trap handlers in ASAN builds. - This would reduce test coverage. R=binji@chromium.org Bug: chromium:957405 Change-Id: Ibd13c6fe7b898238f636db576552e3e4b278c04a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617671 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Ben Smith <binji@chromium.org> Cr-Commit-Position: refs/heads/master@{#61658}

[wasm][asan][windows] Reset thread-in-wasm flag in memory_fill_wrapper
ASAN on Windows uses exceptions to manage its shadow memory. However, this behavior can conflict with WebAssembly trap handler, because WebAssembly trap handler are executed before the ASAN exception handler. For some WebAssembly instructions we do not generate assembly code but call to C functions instead. Since these functions are very simple, we do not want to reset the thread-in-wasm flag before calling them. However, when these functions trigger the ASAN exceptions, the thread-in-wasm flag gets out-of-sync. This happened for the memory_fill_wrapper function. Originally we thought that it's sufficient to just mark the function with DISABLE_ASAN. However, this is not enough because clang compiles the function to use memset, and memset gets replaced by ASAN with asan_memset. Therefore I decided now that just for sanitizer builds on Windows, we reset the thread-in-wasm flag in memory_fill_wrapper. This is not ideal because it's test-specific code within production code. However, the alternatives also don't sound convincing. Alternatives would be: * Resetting the thread-in-wasm flag whenever we call a c-function - This would be unnecessary performance overhead for production code just to make a test work. * Configure ASAN to not change memset. - This would weaken ASAN also for other cases. * Disable ASAN for trap handlers, or trap handlers in ASAN builds. - This would reduce test coverage. R=binji@chromium.org Bug: chromium:957405 Change-Id: Ibd13c6fe7b898238f636db576552e3e4b278c04a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617671 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Ben Smith <binji@chromium.org> Cr-Commit-Position: refs/heads/master@{#61658}
2ca2f370 · Andreas Haas · Commit Bot · 437d710f · 2ca2f370
Commit 2ca2f370 authored May 20, 2019 by Andreas Haas Committed by Commit Bot May 20, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 2 deletions

wasm-external-refs.cc src/wasm/wasm-external-refs.cc +33 -2

No files found.
--- a/src/wasm/wasm-external-refs.cc
+++ b/src/wasm/wasm-external-refs.cc
@@ -12,6 +12,23 @@
 #include "src/base/bits.h"
 #include "src/base/ieee754.h"
 #include "src/memcopy.h"
+#if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
+    defined(THREAD_SANITIZER) || defined(LEAK_SANITIZER) ||    \
+    defined(UNDEFINED_SANITIZER)
+#define V8_WITH_SANITIZER
+#endif
+#if defined(V8_OS_WIN) && defined(V8_WITH_SANITIZER)
+// With ASAN on Windows we have to reset the thread-in-wasm flag. Exceptions
+// caused by ASAN let the thread-in-wasm flag get out of sync. Even marking
+// functions with DISABLE_ASAN is not sufficient when the compiler produces
+// calls to memset. Therefore we add test-specific code for ASAN on
+// Windows.
+#define RESET_THREAD_IN_WASM_FLAG_FOR_ASAN_ON_WINDOWS
+#include "src/trap-handler/trap-handler.h"
+#endif
 #include "src/utils.h"
 #include "src/v8memory.h"
 #include "src/wasm/wasm-external-refs.h"
@@ -281,8 +298,14 @@ DISABLE_ASAN void memory_copy_wrapper(Address dst, Address src, uint32_t size) {
 // Asan on Windows triggers exceptions in this function that confuse the
 // WebAssembly trap handler, so Asan is disabled. See the comment on
 // memory_copy_wrapper above for more info.
-DISABLE_ASAN void memory_fill_wrapper(Address dst, uint32_t value,
+void memory_fill_wrapper(Address dst, uint32_t value, uint32_t size) {
-                                      uint32_t size) {
+#if defined(RESET_THREAD_IN_WASM_FLAG_FOR_ASAN_ON_WINDOWS)
+  bool thread_was_in_wasm = trap_handler::IsThreadInWasm();
+  if (thread_was_in_wasm) {
+    trap_handler::ClearThreadInWasm();
+  }
+#endif
  // Use an explicit forward copy to match the required semantics for the
  // memory.fill instruction. It is assumed that the caller of this function
  // has already performed bounds checks, so {dst + size} should not overflow.
@@ -292,6 +315,11 @@ DISABLE_ASAN void memory_fill_wrapper(Address dst, uint32_t value,
  for (; size > 0; size--) {
    *dst8++ = value8;
  }
+#if defined(RESET_THREAD_IN_WASM_FLAG_FOR_ASAN_ON_WINDOWS)
+  if (thread_was_in_wasm) {
+    trap_handler::SetThreadInWasm();
+  }
+#endif
 }
 static WasmTrapCallbackForTesting wasm_trap_callback_for_testing = nullptr;
@@ -309,3 +337,6 @@ void call_trap_callback_for_testing() {
 }  // namespace wasm
 }  // namespace internal
 }  // namespace v8
+#undef V8_WITH_SANITIZER
+#undef RESET_THREAD_IN_WASM_FLAG_FOR_ASAN_ON_WINDOWS