Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add the ability to opt-out of ASan container annotations on a per-allocator basis #5241

Merged
Changes from 1 commit
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
3428840
add naive first implementation of per-allocator disablement of ASan
davidmrdavid Jan 16, 2025
790ac7e
improve comments
davidmrdavid Jan 16, 2025
846061c
Simplify implementation
davidmrdavid Jan 16, 2025
71c7716
constexpr if-statement and rename variable template
davidmrdavid Jan 16, 2025
0cfbb2f
checkpoint progress
davidmrdavid Jan 16, 2025
a040f8c
checkpoint progress: allocator is non-conforming still
davidmrdavid Jan 18, 2025
7bec17a
add seemingly compliant arena allocator. some TODOs and FIXMEs remain
davidmrdavid Jan 22, 2025
76e0723
remove whitespace
davidmrdavid Jan 22, 2025
516d2c0
add basic_string test and implementation
davidmrdavid Jan 23, 2025
6b04254
fix indentation
davidmrdavid Jan 23, 2025
a5de291
template new test
davidmrdavid Jan 23, 2025
4cc951b
remove use of arena allocator to simplify tests, basic_string test st…
davidmrdavid Jan 23, 2025
3f2111d
Merge branch 'main' of https://github.com/microsoft/STL into dev/daju…
davidmrdavid Jan 24, 2025
9823cb4
edit string test
davidmrdavid Jan 24, 2025
6188041
reference new GH bug in PR
davidmrdavid Jan 24, 2025
57e7aff
rename template variable as per feedback
davidmrdavid Jan 28, 2025
6c6545c
Merge branch 'main' of https://github.com/microsoft/STL into dev/daju…
davidmrdavid Jan 29, 2025
6d0b7b8
fixup tests
davidmrdavid Jan 30, 2025
cbb714d
clean up comments
davidmrdavid Jan 30, 2025
59fa3c9
Follow the "can_throw" pattern in copy assignment.
StephanTLavavej Jan 30, 2025
b6c5dca
Guard vector/string logic with `if constexpr (!disable)` to avoid dea…
StephanTLavavej Jan 30, 2025
9f68b17
Fix comments.
StephanTLavavej Jan 30, 2025
45709b9
Avoid shadowing: `vector` => `v`
StephanTLavavej Jan 30, 2025
af4fc60
Drop unnecessary `std::`.
StephanTLavavej Jan 30, 2025
1b66d92
Improve add_death_tests: add char, move char8_t, add trailing commas.
StephanTLavavej Jan 30, 2025
12c763f
Style: `T()` => `T{}`
StephanTLavavej Jan 30, 2025
44a336a
Disable for all `<T, Pocma, Stateless>` (and `typename` => `class` ni…
StephanTLavavej Jan 30, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
add seemingly compliant arena allocator. some TODOs and FIXMEs remain
davidmrdavid committed Jan 22, 2025

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit 7bec17aca50a300a67b5ecb7b4a6ca76d6324b03
131 changes: 96 additions & 35 deletions tests/std/tests/GH_002030_asan_annotate_vector/test.cpp
Original file line number Diff line number Diff line change
@@ -274,45 +274,93 @@ struct implicit_allocator : custom_test_allocator<T, Pocma, Stateless> {
STATIC_ASSERT(_Container_allocation_minimum_asan_alignment<vector<char, implicit_allocator<char>>> == 1);
STATIC_ASSERT(_Container_allocation_minimum_asan_alignment<vector<wchar_t, implicit_allocator<wchar_t>>> == 2);

template <class T>
class arena_allocator {
public:
// Helper class for `ArenaAllocator`, where data is linearly allocated in a finite buffer.
class Arena {
public:
Arena(size_t allocation_size, size_t capacity):
data(new char[capacity* allocation_size]),
allocation_size(allocation_size),
capacity(capacity),
offset(0) {}

Arena(const Arena& other):
data(other.data),
allocation_size(other.allocation_size),
capacity(other.capacity),
offset(other.offset) {}

void* allocate(size_t n) {
assert(offset + n <= capacity && "Allocation failed: the arena is out of memory. You may call `reset` to free up space.");
void* result = data + (offset * allocation_size);
offset += n;
return result;
}

// Deallocates memory in the arena, and `memset`s it all to zero
void reset() noexcept {
offset = 0;
memset(data, 0, capacity*allocation_size);
}

char* const data;
const size_t allocation_size;
const size_t capacity;
size_t offset;
};

// An allocator that allocates memory in a pre-allocated buffer (the arena).
template <typename T>
class ArenaAllocator {
public:

using value_type = T;
Arena* arena;

ArenaAllocator(size_t alloc_size, size_t capacity) {
assert(sizeof(T) <= alloc_size && "Constructor failed: allocation size is too small for target type.");
arena = new Arena(alloc_size, capacity);
}

arena_allocator() : size_(10000), offset_(0) {
data_ = new T[size_];
};
template <class U>
constexpr arena_allocator(const arena_allocator<U>& other) : size_(other.size_), offset_(other.offset_) {
data_ = std::copy(other.data_, other.data_ + other.size_, data_);
ArenaAllocator(const ArenaAllocator<U>& other) {
assert(sizeof(U) <= arena->allocation_size && "Constructor failed: allocation size is too small for target type.");
arena = other.arena;
}

T* allocate(size_t n) {
assert(offset_ + n <= size_ && "Arena out of memory");
T* result = data_ + offset_;
offset_ += n;
return result;
void* ptr = arena->allocate(n);
return reinterpret_cast<T*>(ptr);
}

void deallocate(T*, size_t) noexcept {
// no-op. Memory is deallocated when the arena is reset.
}

// no-op. Memory is deallocated in the `reset` method
void deallocate(value_type*, size_t) noexcept {}

// Deallocates memory in the arena, and `memset`s it all to zero.
// the `memset` would normally trigger an ASan AV,
// but we'll have the ArenaAllocator opt out of ASan analysis
void reset() noexcept {
// reset arena, set memory to zero
// the `memset` would normally trigger an ASan AV,
// but we'll have the arena_allocator opt out of ASan analysis
offset_ = 0;
memset(data_, 0, size_);
arena->reset();
}

template <typename U>
bool operator==(ArenaAllocator<U> const& other)
{
return this->arena == other.arena;
}

T* data_;
size_t size_;
size_t offset_;
template<typename U>
bool operator!=(ArenaAllocator<U> const other)
{
return !(this == other);
}
};

// Opt out of ASan analysis for the ArenaAllocator
// FIXME: IntelliSense claims '_Is_ASan_enabled_for_allocator is not a templateC/C++(864)',
// but it works somehow.
template <typename T>
constexpr bool _Is_ASan_enabled_for_allocator<arena_allocator<T>> = false;
constexpr bool _Is_ASan_enabled_for_allocator<ArenaAllocator<T>> = false;

template <class Alloc>
void test_push_pop() {
@@ -1042,18 +1090,31 @@ void run_custom_allocator_matrix() {
run_tests<AllocT<T, false_type, false_type>>();
}

void run_arena_allocator_test() {
// TODO: add test where an allocator's arena is filled in, then reset,
// then continues to be used. ASan should not fire.
arena_allocator<int> allocator;
std::vector<int, arena_allocator<int>> vec(allocator);
//vec.reserve(100);
// Tests that ASan analysis can be disabled for a vector with an arena allocator.
void run_asan_disablement_test() {

// The arena allocator stores integers in 32-bit alignment.
// It can hold up to 100 such allocations.
// The 32-bit alignment is a bit excessive for `int`s, but it ensures the allocator
// can be rebound to allocate larger types as well (up to 32-bit types).
const int size = 100;
const int alloc_size = 32;
ArenaAllocator<int> allocator(alloc_size, size);

// We'll give the vector capacity 1, and allocate a single integer (99).
std::vector<int, ArenaAllocator<int>> vec(allocator);
vec.reserve(1);
vec.push_back(99);

// When calling reset, the arena would memset all 100 entries of it's buffer to zero.
// If the allocator was naively annotated by ASan, this would trigger an AV, because
// the arena is accessing memory not tracked by the vector's ASan annotations.

// vec.push_back(1);
// vec.push_back(2);
// vec.push_back(3);
// However, the allocator is annotated to opt out of ASan analysis through,
// `_Is_ASan_enabled_for_allocator`, so this should not trigger an AV.
allocator.reset();

//allocator.reset(); // should not trigger ASan AV
// TODO: is it possible to add a 'negative' test case here? One where ASan expectedly fails?
}

template <class T>
@@ -1062,7 +1123,7 @@ void run_allocator_matrix() {
run_custom_allocator_matrix<T, aligned_allocator>();
run_custom_allocator_matrix<T, explicit_allocator>();
run_custom_allocator_matrix<T, implicit_allocator>();
run_arena_allocator_test();
run_asan_disablement_test();
}

int main() {