Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

is there any plan to support GWP-Asan? #948

Open
Arteiimis opened this issue Oct 17, 2024 · 2 comments
Open

is there any plan to support GWP-Asan? #948

Arteiimis opened this issue Oct 17, 2024 · 2 comments

Comments

@Arteiimis
Copy link

sth. like this:
https://rocm.docs.amd.com/projects/llvm-project/en/develop/LLVM/llvm/html/GwpAsan.html#allocator-support
@daanx
Copy link
Collaborator

daanx commented Oct 18, 2024
edited
Loading

Ah, I was not aware yet of GWP-asan; it looks quite interesting. I would like to support such feature in mimalloc as well. It turns out I worked on something similar recently. In the latest dev and dev-slice (v2.x) branches there is a new cmake option -DMI_GUARDED=ON that can be used to add a guard page after certain allocations. You need to set the environment variable MIMALLOC_GUARDED_SIZE_MIN=<size> to enable it for any allocation of size <size>. For such size it will be allocated directly followed by a guard page, and on free the memory will be made inaccessible (to catch use-after-free errors). I added this mostly for debugging hard to find buffer overflows in large applications where it may be difficult to use ASAN.

At the moment, this is mostly meant for exactly that since the overhead is very large (8k minimum per object of <size>). However, it would be not so difficult to extend it in the way of GWK-asan where we could only allocate using the guard pages every once in a while probalisitically. I will look into this

@daanx
Copy link
Collaborator

daanx commented Nov 18, 2024
edited
Loading

Just to add to this: I updated the latest dev and dev-slice branches:

  • build with cmake ../.. -DMI_GUARDED=ON to allow for guard pages behind objects
  • the MIMALLOC_GUARDED_SAMPLE_RATE=N environment variable can be used to set the sample rate -- by default it is 4000 which means 1 in 4000 allocations uses a guard page. Set it to 1 for every allocation, and to 0 to disable.
  • MIMALLOC_GUARDED_SIZE_MIN and _MAX can be used to only use guarded allocations in a size range
  • it can be set per heap as well -- if you have a large program you can use a separate heap for one part where you suspect buffer overflows (use mi_heap_guarded_set_sample_rate and mi_heap_guarded_set_size_bounds)

The idea is that one could potentially use a guarded build in deployment (with a low enough sample rate) -- it will have some performance impact (but less than ASAN), but can be used to catch latent buffer overflow errors in the wild at the moment they occur.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daanx @Arteiimis