Skip to content

[ASan] Do not instrument catch block parameters on Windows #159618

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 22 commits into from
Oct 17, 2025
Merged

[ASan] Do not instrument catch block parameters on Windows #159618

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
ece2a2b
do not asan-instrument catch parameters on windows
davidmrdavid Sep 18, 2025
bff409d
add basic unit test: catches exception 'inline' and in another frame
davidmrdavid Sep 18, 2025
043848d
apply clang-format on `compiler-rt/test/asan/TestCases/Windows/basic_…
davidmrdavid Sep 18, 2025
2326be0
optimization: disable catch-parameter instrumentation via a linear pa…
davidmrdavid Sep 23, 2025
3497540
Merge branch 'main' into dev/dajusto/dont-asanize-catch-params-on-win…
davidmrdavid Sep 23, 2025
e4551b1
add IR instrumentation unit test with `opt`
davidmrdavid Oct 13, 2025
9b99935
Merge branch 'dev/dajusto/dont-asanize-catch-params-on-windows' of ht…
davidmrdavid Oct 13, 2025
04956f9
Merge branch 'main' into dev/dajusto/dont-asanize-catch-params-on-win…
davidmrdavid Oct 13, 2025
65f1741
remove unecessary braces in if-statement
davidmrdavid Oct 14, 2025
fe312ec
minimize `.ll` test
davidmrdavid Oct 14, 2025
a44a340
Merge branch 'dev/dajusto/dont-asanize-catch-params-on-windows' of ht…
davidmrdavid Oct 14, 2025
bd511b5
remove braces from the 'for' loop
davidmrdavid Oct 14, 2025
c5a0e78
Merge branch 'main' into dev/dajusto/dont-asanize-catch-params-on-win…
davidmrdavid Oct 14, 2025
992a650
Merge branch 'main' into dev/dajusto/dont-asanize-catch-params-on-win…
davidmrdavid Oct 14, 2025
0dec61a
Update llvm/test/Instrumentation/AddressSanitizer/asan-win-dont-instr…
davidmrdavid Oct 17, 2025
112f078
Update llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
davidmrdavid Oct 17, 2025
2f544df
add newline to runtime test
davidmrdavid Oct 17, 2025
980e31d
follow convention: move lit commands to start of backend unit test
davidmrdavid Oct 17, 2025
7d93177
Merge branch 'main' into dev/dajusto/dont-asanize-catch-params-on-win…
davidmrdavid Oct 17, 2025
7fe17b5
Merge branch 'main' into dev/dajusto/dont-asanize-catch-params-on-win…
davidmrdavid Oct 17, 2025
98217a4
Update llvm/test/Instrumentation/AddressSanitizer/asan-win-dont-instr…
davidmrdavid Oct 17, 2025
4b88967
Merge branch 'main' into dev/dajusto/dont-asanize-catch-params-on-win…
davidmrdavid Oct 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions compiler-rt/test/asan/TestCases/Windows/basic_exception_handling.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
// RUN: %clangxx_asan %s -o %t
// RUN: %run %t | FileCheck %s

// This test tests that declaring a parameter in a catch-block does not produce a false positive
// ASan error on Windows.

// This code is based on the repro in https://github.com/google/sanitizers/issues/749
#include <cstdio>
#include <exception>

void throwInFunction() { throw std::exception("test2"); }

int main() {
// case 1: direct throw
try {
throw std::exception("test1");
} catch (const std::exception &ex) {
puts(ex.what());
// CHECK: test1
}

// case 2: throw in function
try {
throwInFunction();
} catch (const std::exception &ex) {
puts(ex.what());
// CHECK: test2
}

printf("Success!\n");
// CHECK: Success!
return 0;
}
16 changes: 15 additions & 1 deletion llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1397,6 +1397,16 @@ void AddressSanitizer::instrumentMemIntrinsic(MemIntrinsic *MI,
MI->eraseFromParent();
}

// Check if an alloca is a catch block parameter
static bool isCatchParameter(const AllocaInst &AI) {
for (const Use &U : AI.uses()) {
if (isa<CatchPadInst>(U.getUser())) {
return true;
}
}
return false;
}

/// Check if we want (and can) handle this alloca.
bool AddressSanitizer::isInterestingAlloca(const AllocaInst &AI) {
auto [It, Inserted] = ProcessedAllocas.try_emplace(&AI);
Expand All @@ -1417,7 +1427,11 @@ bool AddressSanitizer::isInterestingAlloca(const AllocaInst &AI) {
// swifterror allocas are register promoted by ISel
!AI.isSwiftError() &&
// safe allocas are not interesting
!(SSGI && SSGI->isSafe(AI)));
!(SSGI && SSGI->isSafe(AI)) &&
// Mitigation for https://github.com/google/sanitizers/issues/749
// We don't instrument Windows catch-block parameters to avoid
// interfering with exception handling assumptions.
!(TargetTriple.isOSWindows() && isCatchParameter(AI)));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please do a simple up-front pass over all basic blocks looking for catchpads and build up a set of catchpad parameters, and make this O(1) by testing for set membership.

Allocas may have a very high number of uses, so this seems worth optimizing.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I notice above that isAllocaPromotable is also O(#uses), and that seems bad, honestly :(


It->second = IsInteresting;
return IsInteresting;
Expand Down