[HN Gopher] Address Sanitizer Internals
___________________________________________________________________
Address Sanitizer Internals
Author : todsacerdoti
Score : 94 points
Date : 2024-06-15 13:42 UTC (9 hours ago)
(HTM) web link (blog.gistre.epita.fr)
(TXT) w3m dump (blog.gistre.epita.fr)
| xtqctz wrote:
| This is great! I found these videos helpful, too:
| https://youtu.be/Tl1uZ7FBwFQ
|
| Does anyone know of a good explanation of HWAddress Sanitizer
| internals?
| barco wrote:
| There are multiple versions of HWAsan.
|
| One for ARMv8 with Top-Byte-Ignore: you can use the top byte of
| memory addresses to store a tag.
|
| When you allocate memory you return the "tagged" pointer and
| internally store "this region has this tag".
|
| When you dereference a pointer, you check that the tag matches
| what you expect in your internal data structure.
|
| With memory tagging extensions you can do something similar but
| the checks are performed by the processor.
| yosefk wrote:
| One thing this explains is why ASan has false negatives. It's a
| great tool, but the typical comment that it fully mitigates
| memory safety issues is just not true (even assuming your tests
| actually trigger the memory safety bugs, which unlike eg code
| coverage there's no knowing if you achieved or not)
| searealist wrote:
| I've never seen anyone claim that.
| yosefk wrote:
| It comes up a lot in HN C++-related comment threads, for
| starters
| searealist wrote:
| I've never seen anyone claim that asan fully mitigates
| memory safety issues in C++. Perhaps you could link to one?
| skobes wrote:
| I've never seen that particular claim either, but I did
| previously believe that asan would reliably detect an
| out-of-bounds write if and when it occurs.
|
| So I learned something new from the OP (that this type of
| false negative is possible).
| wyldfire wrote:
| I frequently bring up ASan on HN. it's a great way to
| mitigate C and C++'s shortcomings. But it's not a panacea
| and unlikely to be described that way here without swift
| rebuttal.
|
| C or C++ w/o ASan and UBSan is like skydiving w/o a
| parachute.
| turndown wrote:
| I wouldn't say they explicitly mention ASan, but in
| general you will see certain well known C++
| developers/community members insist that with a set of
| sanitizers you won't have to worry about the kind of
| things safety focused programmers would like added to
| C++, all the time never mentioning false positives.
| kccqzy wrote:
| Who sanitizes the sanitizer? One of the most hilarious bugs I've
| previously seen is when someone found a memory out-of-bound
| access inside the run time support library of Asan.
| ThouYS wrote:
| sanitizers are a constant source of pain
| kimixa wrote:
| And just like pain, they show you where the (likely) problem
| is.
|
| If you didn't have pain you'd still get the same damage to the
| body, you just wouldn't be aware.
___________________________________________________________________
(page generated 2024-06-15 23:00 UTC)