Oilpan: Fix ASan instrumentation around heap object headers.

Source/wtf/Atomics.h

Index: Source/wtf/Atomics.h
diff --git a/Source/wtf/Atomics.h b/Source/wtf/Atomics.h
index aaad9c9e90cbe954fd9d30ec7a89488822201298..acce1845b8da2f27314c09b3a31c5944d0005a53 100644
--- a/Source/wtf/Atomics.h
+++ b/Source/wtf/Atomics.h
@@ -43,6 +43,10 @@
 #include <sanitizer/tsan_interface_atomic.h>
 #endif
 
+#if defined(ADDRESS_SANITIZER)
+#include <sanitizer/asan_interface.h>
+#endif
+
 namespace WTF {
 
 #if COMPILER(MSVC)
@@ -125,6 +129,21 @@ ALWAYS_INLINE unsigned acquireLoad(volatile const unsigned* ptr)
 {
     return static_cast<unsigned>(__tsan_atomic32_load(reinterpret_cast<volatile const int*>(ptr), __tsan_memory_order_acquire));
 }
+
+#if defined(ADDRESS_SANITIZER)
+
+__attribute__((no_sanitize_address)) ALWAYS_INLINE void asanReleaseStore(volatile unsigned* ptr, unsigned value)

[Alexander Potapenko, 2014/09/09 09:40:30]

This is not gonna work.
ASan doesn't provide the __tsan_* functions. Moreover, if it did, those
functions would probably check the shadow values. But even ADDRESS_SANITIZER and
THREAD_SANITIZER flags can't be defined together in the same build.

You could probably copy the implementations of acquireLoad and ReleaseStore from
below here, but that's ugly (and platform-dependent).
I think what you really need here is C++11 atomics
(http://en.cppreference.com/w/cpp/atomic). They're understood by both ASan and
TSan, and both tools consider them as memory accesses, not inline functions, so
they'll inherit the no_sanitize_address attribute.

You can either use std::atomic_load/std::atomic_store inside
asanAcquireLoad/asanReleaseStore or just replace the asan* functions with their
std:: equivalents.

[Mads Ager (chromium), 2014/09/09 09:51:36]

Thanks! Since they can't be defined together in the same build I should just
remove this and it will take the non ADDRESS_SANITIZER ones from below when
running tsan.

+{
+    __tsan_atomic32_store(reinterpret_cast<volatile int*>(ptr), static_cast<int>(value), __tsan_memory_order_release);
+}
+
+__attribute__((no_sanitize_address)) ALWAYS_INLINE unsigned asanAcquireLoad(volatile const unsigned* ptr)
+{
+    return static_cast<unsigned>(__tsan_atomic32_load(reinterpret_cast<volatile const int*>(ptr), __tsan_memory_order_acquire));
+}
+
+#endif // defined(ADDRESS_SANITIZER)
+
 #else
 
 #if CPU(X86) || CPU(X86_64)
@@ -179,10 +198,41 @@ ALWAYS_INLINE unsigned acquireLoad(volatile const unsigned* ptr)
     return value;
 }
 
+#if defined(ADDRESS_SANITIZER)
+
+__attribute__((no_sanitize_address)) ALWAYS_INLINE void asanReleaseStore(volatile unsigned* ptr, unsigned value)
+{
+    MEMORY_BARRIER();
+    *ptr = value;
+}
+
+__attribute__((no_sanitize_address)) ALWAYS_INLINE unsigned asanAcquireLoad(volatile const unsigned* ptr)
+{
+    unsigned value = *ptr;
+    MEMORY_BARRIER();
+    return value;
+}
+
+#endif // defined(ADDRESS_SANITIZER)
+
 #undef MEMORY_BARRIER
 
 #endif
 
+#if !defined(ADDRESS_SANITIZER)
+
+ALWAYS_INLINE void asanReleaseStore(volatile unsigned* ptr, unsigned value)
+{
+    releaseStore(ptr, value);
+}
+
+ALWAYS_INLINE unsigned asanAcquireLoad(volatile const unsigned* ptr)
+{
+    return acquireLoad(ptr);
+}
+
+#endif
+
 } // namespace WTF
 
 using WTF::atomicAdd;
@@ -194,4 +244,10 @@ using WTF::atomicSetOneToZero;
 using WTF::acquireLoad;
 using WTF::releaseStore;
 
+// These methods allow loading from and storing to poisoned memory. Only
+// use these methods if you know what you are doing since they will
+// silence use-after-poison errors from ASan.
+using WTF::asanAcquireLoad;
+using WTF::asanReleaseStore;
+
 #endif // Atomics_h