Vector clocks is the most actively allocated object in tsan runtime.
Current internal allocator is not scalable enough to handle allocation
of clocks in scalable way (too small caches). This changes transforms
clocks to 2-level array with 512-byte blocks. Since all blocks are of
the same size, it's possible to cache them more efficiently in per-thread caches.
llvm-svn: 214912
Summary:
This is required for linking DLLs with large functions exceeding
san-instrumentation-with-call-threshold. One such function is
vp9_fdct16x16_sse2 in libvpx.
Reviewers: timurrrr
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D4758
llvm-svn: 214532
This change introduces the first UBSan-specific runtime flag: print_stacktrace
(off by default). It can be set in UBSAN_OPTIONS to unwind and print call stacks
in addition to diagnostic messages. For now these stacks are printed only
in vptr checker.
This change is based on http://reviews.llvm.org/D4410 by Byoungyoung Lee!
llvm-svn: 213783
If UBSan is run in a standalone mode (w/o any other sanitizer), it
still uses functions from sanitizer_common, some of which depend on
the value of runtime flags. Allow to override the default values of these
flags with UBSAN_OPTIONS variable. In particular, UBSAN_OPTIONS=symbolize=0
can be used to turn off online symbolization.
llvm-svn: 213782
This was done by calling __cxa_demangle directly, which is bad
when c++abi library is instrumented. The following line always
contains the demangled name (when running with a symbolizer) anyway.
llvm-svn: 212929
Currently ASan instrumentation pass creates a string with global name
for each instrumented global (to include global names in the error report). Global
name is already mangled at this point, and we may not be able to demangle it
at runtime (e.g. there is no __cxa_demangle on Android).
Instead, create a string with fully qualified global name in Clang, and pass it
to ASan instrumentation pass in llvm.asan.globals metadata. If there is no metadata
for some global, ASan will use the original algorithm.
This fixes https://code.google.com/p/address-sanitizer/issues/detail?id=264.
llvm-svn: 212872
This is a minor fix to two tsan tests that were expecting the wrong
column information. Now that clang emits column information by default
in its debugging output, the tests had started failing.
llvm-svn: 212779
The tsan's deadlock detector has been used in Chromium for a while;
it found a few real bugs and reported no false positives.
So, it's time to give it a bit more exposure.
llvm-svn: 212533
Introduce new public header <sanitizer/allocator_interface.h> and a set
of functions __sanitizer_get_ownership(), __sanitizer_malloc_hook() etc.
that will eventually replace their tool-specific equivalents
(__asan_get_ownership(), __msan_get_ownership() etc.). Tool-specific
functions are now deprecated and implemented as stubs redirecting
to __sanitizer_ versions (which are implemented differently in each tool).
Replace all uses of __xsan_ versions with __sanitizer_ versions in unit
and lit tests.
llvm-svn: 212469
With this change all values passed through blacklisted functions
become fully initialized. Previous behavior was to initialize all
loads in blacklisted functions, but apply normal shadow propagation
logic for all other operation.
This makes blacklist applicable in a wider range of situations.
It also makes code for blacklisted functions a lot shorter, which
works as yet another workaround for PR17409.
llvm-svn: 212268
With this change all values passed through blacklisted functions
become fully initialized. Previous behavior was to initialize all
loads in blacklisted functions, but apply normal shadow propagation
logic for all other operation.
This makes blacklist applicable in a wider range of situations.
It also makes code for blacklisted functions a lot shorter, which
works as yet another workaround for PR17409.
llvm-svn: 212265
See https://code.google.com/p/address-sanitizer/issues/detail?id=299 for the
original feature request.
Introduce llvm.asan.globals metadata, which Clang (or any other frontend)
may use to report extra information about global variables to ASan
instrumentation pass in the backend. This metadata replaces
llvm.asan.dynamically_initialized_globals that was used to detect init-order
bugs. llvm.asan.globals contains the following data for each global:
1) source location (file/line/column info);
2) whether it is dynamically initialized;
3) whether it is blacklisted (shouldn't be instrumented).
Source location data is then emitted in the binary and can be picked up
by ASan runtime in case it needs to print error report involving some global.
For example:
0x... is located 4 bytes to the right of global variable 'C::array' defined in '/path/to/file:17:8' (0x...) of size 40
These source locations are printed even if the binary doesn't have any
debug info.
This is an ABI-breaking change. ASan initialization is renamed to
__asan_init_v4(). Pre-built libraries compiled with older Clang will not work
with the fresh runtime.
llvm-svn: 212188
Origin history should only be recorded for uninitialized values, because it is
meaningless otherwise. This change moves __msan_chain_origin to the runtime
library side and makes it conditional on the corresponding shadow value.
Previous code was correct, but _very_ inefficient.
llvm-svn: 211700
Summary: The patch supports both the clang cross-compiler and native compiler
Patch by Kumar Sukhani <Kumar.Sukhani@imgtec.com>
Test Plan:
Kumar had the following asan test results when compiled on a MIPS board:
Expected Passes : 96
Expected Failures : 2
Unsupported Tests : 84
Unexpected Passes : 4
Unexpected Failures: 19
The list of unexpected failures can be found in the review.
Reviewers: kcc, petarj, dsanders
Reviewed By: kcc
Subscribers: farazs, kcc, llvm-commits
Differential Revision: http://reviews.llvm.org/D4208
llvm-svn: 211587
Add a test for the frexp() interceptor.
Annotate the interceptors that may potentially corrupt stack IDs of freed buffers with FIXME comments.
llvm-svn: 211153
Multiplication by an integer with a number of trailing zero bits leaves
the same number of lower bits of the result initialized to zero.
This change makes MSan take this into account in the case of multiplication by
a compile-time constant.
We don't handle the general, non-constant, case because
(a) it's not going to be cheap (computation-wise);
(b) multiplication by a partially uninitialized value in user code is
a bad idea anyway.
Constant case must be handled because it appears from LLVM optimization of a
completely valid user code, as the test case in compiler-rt demonstrates.
llvm-svn: 211092
Init-order and use-after-return modes can currently be enabled
by runtime flags. use-after-scope mode is not really working at the
moment.
The only problem I see is that users won't be able to disable extra
instrumentation for init-order and use-after-scope by a top-level Clang flag.
But this instrumentation was implicitly enabled for quite a while and
we didn't hear from users hurt by it.
llvm-svn: 210924
Clang's lit cfg already detects the currently selected SDK via
"xcrun --show-sdk-path". The same thing should be done for compiler-rt tests,
to make them work on recent OS X versions. Instead of duplicating the detection
code, this patch extracts the detection function into a lit.util method.
Patch by Kuba Brecka (kuba.brecka@gmail.com),
reviewed at http://reviews.llvm.org/D4072
llvm-svn: 210534
Instructions from __nodebug__ functions don't have file:line
information even when inlined into no-nodebug functions. As a result,
intrinsics (SSE and other) from <*intrin.h> clang headers _never_
have file:line information.
With this change, an instruction without !dbg metadata gets one from
the call instruction when inlined.
Fixes PR19001.
llvm-svn: 210459
This sound like a good idea in general.
Also, without this on Android we get add_lit_testsuite() with empty DEPENDS
list, and it does not work well.
llvm-svn: 210257
Reset coverage data on fork().
For memory-mapped mode (coverage_direct=1) this helps avoid loss of data
(before this change two processes would write to the same file simultaneously).
For normal mode, this reduces coverage dump size, because PCs from the parent
process are no longer inherited by the child.
llvm-svn: 210180
Add a script that is used to deflake inherently flaky tsan tests.
It is invoked from lit tests as:
%deflake %run %t
The script runs the target program up to 10 times,
until it produces a tsan warning.
llvm-svn: 209898
You can expect the sanitizers to be built under any of the following conditions:
1) CMAKE_C_COMPILER is GCC built to cross-compile to ARM
2) CMAKE_C_COMPILER is Clang built to cross-compile to ARM (ARM is default target)
3) CMAKE_C_COMPILER is Clang and CMAKE_C_FLAGS contains -target and --sysroot
Differential Revision: http://reviews.llvm.org/D3794
llvm-svn: 209835
The new storage (MetaMap) is based on direct shadow (instead of a hashmap + per-block lists).
This solves a number of problems:
- eliminates quadratic behaviour in SyncTab::GetAndLock (https://code.google.com/p/thread-sanitizer/issues/detail?id=26)
- eliminates contention in SyncTab
- eliminates contention in internal allocator during allocation of sync objects
- removes a bunch of ad-hoc code in java interface
- reduces java shadow from 2x to 1/2x
- allows to memorize heap block meta info for Java and Go
- allows to cleanup sync object meta info for Go
- which in turn enabled deadlock detector for Go
llvm-svn: 209810
This way does not require a __sanitizer_cov_dump() call. That's
important on Android, where apps can be killed at arbitrary time.
We write raw PCs to disk instead of module offsets; we also write
memory layout to a separate file. This increases dump size by the
factor of 2 on 64-bit systems.
llvm-svn: 209653
Generalize StackDepot and create a new specialized instance of it to
efficiently (i.e. without duplicating stack trace data) store the
origin history tree.
This reduces memory usage for chained origins roughly by an order of
magnitude.
Most importantly, this new design allows us to put two limits on
stored history data (exposed in MSAN_OPTIONS) that help avoid
exponential growth in used memory on certain workloads.
See comments in lib/msan/msan_origin.h for more details.
llvm-svn: 209284
The patch adds better target_triple and target_arch defaults for lit tests,
which allows us to XFAIL tests based on architecture.
Was:
target_triple = LLVM_DEFAULT_TARGET_TRIPLE
target_arch = HOST_ARCH
Now:
target_triple = COMPILER_RT_TEST_TARGET_TRIPLE
, otherwise LLVM_DEFAULT_TARGET_TRIPLE
target_arch = first item in COMPILER_RT_TEST_TARGET_TRIPLE
Differential Revision: http://reviews.llvm.org/D3855
llvm-svn: 209256
Summary:
Sandboxed code may now pass additional arguments to
__sanitizer_sandbox_on_notify() to force all coverage data to be dumped to a
single file (the default is one file per module). The user may supply a file or
socket to write to. The latter option can be used to broker out the file writing
functionality. If -1 is passed, we pre-open a file.
llvm-svn: 209121
The instrprofile-write-file-only test was failing on the builtbots. The runtime
library initialization is explicitly being discarded to avoid the atexit hook.
However, this would also prevent the filename from being initialized. Thus,
when the write file was invoked, the filename would not be setup, and the test
would fail as the profiling data would never be written out. Explicitly
initialize the filename to ensure that the data is written out when requested.
This should hopefully finally get the build bots all green again.
llvm-svn: 209099
dlopen expects that the flags contains RTLD_LAZY or RTLD_NOW. RTLD_LAZY will
resolve the symbol on first use, and is generally preferred due to efficiency.
Add this to fix the test failure on the build bots.
llvm-svn: 209098
Add logging to report any failures that may occur on calls to libdl. Without
this, it is difficult to identify the actual problem if the test fails.
llvm-svn: 209097
Add an explicit link against libdl. libdl may not be indirectly pulled on some
Linux hosts. Explicitly link against it. This should hopefully improve the
state of the build bots.
llvm-svn: 209096
Shared objects are hard. After this commit, we do the right thing when
profiling two separate shared objects that have been dlopen'd with
`RTLD_LOCAL`, when the main executable is *not* being profiled.
This mainly simplifies the writer logic.
- At initialization, determine the output filename and truncate the
file. Depending on whether shared objects can see each other, this
may happen multiple times.
- At exit, each executable writes its own profile in append mode.
<rdar://problem/16918688>
llvm-svn: 209053
These tests were XPASS-ing on Linux bots creating Mach-O, which makes
sense, since the real difference is the object format.
I'm hoping a short-term fix to get these tests passing on ELF is to
create two copies of the runtime -- one built with -fPIC, and one
without. A follow-up patch will change clang's driver to pick between
them depending on whether `-shared` is specified.
llvm-svn: 208947
According to the buildbots, the new features for shared objects don't
work on ELF since it requires an -fPIC when building the profile
library. XFAIL these tests for now.
It's possible we'll have to build two versions of the profile library on
Linux (one with -fPIC and one without), but it's not clear to me exactly
how to resolve this.
llvm-svn: 208946
Change the API of the instrumented profiling library to work with shared
objects.
- Most things are now declared hidden, so that each executable gets
its own copy.
- Initialization hooks up a linked list of writers.
- The raw format with shared objects that are profiled consists of a
concatenated series of profiles. llvm-profdata knows how to deal
with that since r208938.
<rdar://problem/16918688>
llvm-svn: 208940
TSan can produce false positives in code that uses C++11 threading,
as it doesn't see synchronization inside standard library. See
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2014-February/035408.html
for an example of such case.
We may build custom TSan-instrumented version libcxx to fight with that.
This change adds build rules for libcxx_tsan and integrates it into
testing infrastructure.
llvm-svn: 208737
Move fflush and fclose interceptors to sanitizer_common.
Use a metadata map to keep information about the external locations
that must be updated when the file is written to.
llvm-svn: 208676
Check that the profile runtime works as expected. This tests the
functions that are meant to be available to advanced users.
In particular, check that the `atexit()` hook can be disabled by
defining a custom `__llvm_profile_runtime` variable, that the libc
dependencies are optional, and that the various functions for writing
out files work for basic cases.
llvm-svn: 208460
This happens, e.g., when coverage data is collected for a module which is then
dlclose()'d. Currently this causes CovDump() to ignore all PCs that are greater
than the unrecognized PC. In other words, unloading a module causes ASan to
silently ignore any coverage data for modules loaded at higher addresses.
Instead we should just skip the unrecognized PCs.
llvm-svn: 208333
If printf is intercepted (it is not atm), REAL(printf) call in the interceptor
would get redirected back to my_lgamma, resulting in infinite recursion.
llvm-svn: 208294
Add dfsan_set_write_callback(), which sets a callback to be invoked when
a write() call is invoked within DFSan instrumented code.
Patch by Sam Kerner!
Differential Revision: http://reviews.llvm.org/D3268
llvm-svn: 207131
ocasionally it fails with a slightly different report:
WARNING: ThreadSanitizer: signal handler spoils errno (pid=3674)
#0 MyHandler(int, siginfo*, void*)
...
#4 __tsan_free_hook
#5 main signal_errno.cc:40
llvm-svn: 206754
In the case of a CHECK failure the program tries to fork and launch llvm-symbolizer,
but hangs in mz_force_lock because one of the allocator locks is already acquired.
llvm-svn: 206274