test/cfi/cross-dso/dlopen.cpp:67:45: warning: GCC does not allow 'aligned' attribute in this position on a function definition [-Wgcc-compat]
extern "C" void do_nothing() __attribute__((aligned(4096))) {}
llvm-svn: 258992
This change enables diagnostics when the target address for a CFI
check is out of bounds of any known library, or even not in the
limits of the address space. This happens when casting pointers to
uninitialized memory.
Ubsan code does not yet handle some of these situations correctly,
so it is still possible to see a segmentation fault instead of a
proper diagnostic message once in a while.
llvm-svn: 258879
* add __cfi_slowpath_diag with a 3rd parameter which is a pointer to
the diagnostic info for the ubsan handlers.
*__cfi_check gets a 3rd parameter as well.
* unify vcall/cast/etc and icall diagnostic info format, and merge
the handlers to have a single entry point (actually two points due
to abort/noabort variants).
* tests
Note that this comes with a tiny overhead in the non-diag mode:
cfi_slowpath must pass 0 as the 3rd argument to cfi_check.
llvm-svn: 258744
This test requires llvm-symbolizer to be able to convert a stack
address into a function name. It is only able to do this if the
DIA SDK was found at cmake time. Add a lit feature for this,
and let the test depend on it.
See also discussion in D15363.
llvm-svn: 258545
The original submittion triggered a BFD linker bug (2.24) on Aarch64 only. Before
the build bot is upgraded to more recent linker, restrict the test to be
executed only with gold linker.
llvm-svn: 258437
Thread stack/TLS may be stored by libpthread for future reuse after
thread destruction, and the linked list it's stored in doesn't
even hold valid pointers to the objects, the latter are calculated
by obscure pointer arithmetic.
With this change applied, LSan test suite passes with
"use_ld_allocations" flag defaulted to "false". It still requires more
testing to check if the default can be switched.
llvm-svn: 257975
This is part of a new statistics gathering feature for the sanitizers.
See clang/docs/SanitizerStats.rst for further info and docs.
Differential Revision: http://reviews.llvm.org/D16176
llvm-svn: 257972
This flag allows to disable old way of determining dynamic TLS by
filtering out allocations from dynamic linker. This will be eventually
superseded by __tls_get_addr interceptor (see r257785), after we:
1) Test it in several supported environments
2) Deal with existing problems (currently we can't find a pointer to
DTV which is calloc()-ed in pthread_create).
llvm-svn: 257789
On OS X, TSan already passes all unit and lit tests, but for real-world applications (even very simple ones), we currently produce a lot of false positive reports about data races. This makes TSan useless at this point, because the noise dominates real bugs. This introduces a runtime flag, "ignore_interceptors_accesses", off by default, which makes TSan ignore all memory accesses that happen from interceptors. This will significantly lower the coverage and miss a lot of bugs, but it eliminates most of the current false positives on OS X.
Differential Revision: http://reviews.llvm.org/D15189
llvm-svn: 257760
This patch removes the requirement on stable-runtime on insertvalue_origin.cc
testcase, added due a instrumentation failure on aarch64-linux. This is fixed
on llvm code by r257375.
llvm-svn: 257479
(second try with more strict config check)
Currently, only gc-sections related tests are added. Gold
linker currently is required due to PR19161 of bfd linker.
llvm-svn: 257456
IR level instrumentation needs to override version with variant bits.
No change for FE instrumentation is needed. Test case is added to
detect version mismatch.
llvm-svn: 257230
Fix incorrect condition for enabling the CFI tests. This removes the following CMake warnings on Windows:
The dependency target "cfi" of target "check-all" does not exist.
The dependency target "cfi" of target "check-cfi-and-supported" does not exist.
llvm-svn: 257199
Summary:
In rL255491, the safestack overflow test was disabled for aarch64, since
it "is currently failing on an AArch64 buildbot with a segfault, but it
is currently passing on other configuration".
While testing on FreeBSD on x86, I also encountered a segfault. This is
because the `fct()` function actually writes before and after `buffer`,
and on FreeBSD this crashes because `buffer` is usually allocated at the
end of a page. That this runs correctly on Linux is probably just by
accident.
I propose to fix this by adding a pre and post buffer, to act as a
safety zone. The pre and post buffers must be accessed in an 'unsafe'
way, otherwise -fsanitize=safestack will allocate them on the safe
stack, and they will not bookend `buffer` itself. Therefore, I create
them large enough for `fct()`, and call it on both of them.
On FreeBSD, this makes the test run as expected, without segfaulting,
and I suppose this will also fix the segfault on AArch64. I do not have
AArch64 testing capabilities, so if someone could try that out, I would
be much obliged.
Reviewers: pcc, kcc, zatrazz
Subscribers: llvm-commits, aemerson, emaste
Differential Revision: http://reviews.llvm.org/D15725
llvm-svn: 257106
Extract the buffered filer writer code used by value profile
writer and turn it into common/sharable buffered fileIO
interfaces. Added a test case for the buffered file writer and
rewrite the VP dumping using the new APIs.
llvm-svn: 256604
The profile reader no longer depends on this field to be updated and point
to owning func's vp data. The VP data also no longer needs to be allocated
in a contiguous memory space.
Differential Revision: http://reviews.llvm.org/D15258
llvm-svn: 256543
This patch adds PIE executable support for aarch64-linux. It adds
two more segments:
- 0x05500000000-0x05600000000: 39-bits PIE program segments
- 0x2aa00000000-0x2ab00000000: 42-bits PIE program segments
Fortunately it is possible to use the same transformation formula for
the new segments range with some adjustments in shadow to memory
formula (it adds a constant offset based on the VMA size).
A simple testcase is also added, however it is disabled on x86 due the
fact it might fail on newer kernels [1].
[1] https://git.kernel.org/linus/d1fd836dcf00d2028c700c7e44d2c23404062c90
llvm-svn: 256184
Summary:
Add the ability to suppress UBSan reports for files/functions/modules
at runtime. The user can now pass UBSAN_OPTIONS=suppressions=supp.txt
with the contents of the form:
signed-integer-overflow:file-with-known-overflow.cpp
alignment:function_doing_unaligned_access
vptr:shared_object_with_vptr_failures.so
Suppression categories match the arguments passed to -fsanitize=
flag (although, see below). There is no overhead if suppressions are
not provided. Otherwise there is extra overhead for symbolization.
Limitations:
1) sometimes suppressions need debug info / symbol table to function
properly (although sometimes frontend generates enough info to
do the match).
2) it's only possible to suppress recoverable UB kinds - if you've
built the code with -fno-sanitize-recover=undefined, suppressions
will not work.
3) categories are fine-grained check kinds, not groups like "undefined"
or "integer", so you can't write "undefined:file_with_ub.cc".
Reviewers: rsmith, kcc
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D15363
llvm-svn: 256018
This is an initial version of the runtime cross-DSO CFI support
library.
It contains a number of FIXMEs, ex. it does not support the
diagnostic mode nor dlopen/dlclose, but it works and can be tested.
Diagnostic mode, in particular, would require some refactoring (we'd
like to gather all CFI hooks in the UBSan library into one function
so that we could easier pass the diagnostic information down to
__cfi_check). It will be implemented later.
Once the diagnostic mode is in, I plan to create a second test
configuration to run all existing tests in both modes. For now, this
patch includes only a few new cross-DSO tests.
llvm-svn: 255695
Now with variadic support for msan on aarch6 there is no need for
XFAIL signal_stress_test anymore. Also to garantee aligned stores
for the FP/SIMD arguments enforce the '__msan_va_arg_tls' alignment
to sizeof the SIMD register (16).
llvm-svn: 255496
We're using the dispatch group itself to synchronize (to call Release() and Acquire() on it), but in dispatch group notifications, the group can already be disposed/deallocated. This causes a later assertion failure at `DCHECK_EQ(*meta, 0);` in `MetaMap::AllocBlock` when the same memory is reused (note that the failure only happens in debug builds).
Fixing this by retaining the group and releasing it in the notification. Adding a stress test case that reproduces this.
Differential Revision: http://reviews.llvm.org/D15380
llvm-svn: 255494
The safestack overflow.c test is currently failing on an aarch64
buildbot with a segfault, but it is currently passing on other
configuration.
This patch silent the issue for now on aarch64 by setting to all
supported architectures the 'stable-runtime' configure and set
the test to requires it.
llvm-svn: 255491
Add a test case to cover profile dumping of functions with no
value sites, functions with value sites but no dynamic VP data,
and functions with runtime VP data.
llvm-svn: 255327
Value profile runtime depends on libc which breaks
buffer API implemenation with current file organization.
Test case is also updated to check more symbols.
llvm-svn: 255294
Summary:
Rather than having to add new "experimental" options each time someone wants to work on bringing a sanitizer to a new platform, this patch makes options for all of them.
The default values for the options are set by the platform checks that would have enabled them, but they can be overridden on or off.
Reviewers: kubabrecka, samsonov
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D14846
llvm-svn: 255170
This patch is by Simone Atzeni with portions by Adhemerval Zanella.
This contains the LLVM patches to enable the thread sanitizer for
PPC64, both big- and little-endian. Two different virtual memory
sizes are supported: Old kernels use a 44-bit address space, while
newer kernels require a 46-bit address space.
There are two companion patches that will be added shortly. There is
a Clang patch to actually turn on the use of the thread sanitizer for
PPC64. There is also a patch that I wrote to provide interceptor
support for setjmp/longjmp on PPC64.
Patch discussion at reviews.llvm.org/D12841.
llvm-svn: 255057
Another attempt at fixing tsan_invisible_barrier.
Current implementation causes:
https://llvm.org/bugs/show_bug.cgi?id=25643
There were several unsuccessful iterations for this functionality:
Initially it was implemented in user code using REAL(pthread_barrier_wait). But pthread_barrier_wait is not supported on MacOS. Futexes are linux-specific for this matter.
Then we switched to atomics+usleep(10). But usleep produced parasitic "as-if synchronized via sleep" messages in reports which failed some output tests.
Then we switched to atomics+sched_yield. But this produced tons of tsan- visible events, which lead to "failed to restore stack trace" failures.
Move implementation into runtime and use internal_sched_yield in the wait loop.
This way tsan should see no events from the barrier, so not trace overflows and
no "as-if synchronized via sleep" messages.
llvm-svn: 255030
This patch adds release and acquire semantics for dispatch groups, plus a test case.
Differential Revision: http://reviews.llvm.org/D15048
llvm-svn: 255020
Check that TSan runtime doesn't contain compiler-inserted calls
to memset/memmove functions.
In future, we may consider moving this test to test/sanitizer_common,
as we don't want to have compiler-inserted memcpy/memmove calls in
any sanitizer runtime.
llvm-svn: 254955
This script is superseded by lit test suite integrated into CMake
for quite a while now. It doesn't support many tests, and require
custom hacks for a few other.
llvm-svn: 254932
and -no-integrated-as for source with static function.
The compiler generates assembly names containing \" in the
.s dump causing gnu assembler to complain. That issue will be
investigated separately.
llvm-svn: 254705
With the latest refactoring and code sharing patches landed,
it is possible to unify the value profile implementation between
raw and indexed profile. This is part in prfofile runtime.
Differential Revision: http://reviews.llvm.org/D15057
llvm-svn: 254678
On OS X, there are other-than-pthread locking APIs that are used quite extensively - OSSpinLock and os_lock_lock. Let's add interceptors for those.
Differential Revision: http://reviews.llvm.org/D14987
llvm-svn: 254611
In mmap_large.cc, let's use MAP_ANON instead of MAP_ANONYMOUS, because MAP_ANONYMOUS is only available on OS X 10.11 and later.
Differential Revision: http://reviews.llvm.org/D15180
llvm-svn: 254601
For the build set up which runs the unit tests using an emulator like QEMU,
the unit tests must be run using %run.
Differential Revision: http://reviews.llvm.org/D15081
llvm-svn: 254467
This patch adds release and acquire semantics for libdispatch semaphores and a test case.
Differential Revision: http://reviews.llvm.org/D14992
llvm-svn: 254412
Calloc interceptor initially allocates memory from temp buffer (to serve dlsyms called during asan_init). There is a chance that some non-instrumented library (or executable) has allocated memory with calloc before asan_init and got pointer from the same temporary buffer which later caused problems with free.
Inspired by https://github.com/google/sanitizers/issues/626
Differential Revision: http://reviews.llvm.org/D14979
llvm-svn: 254395
This patch complete removed SANITIZER_AARCH64_VMA definition and usage.
AArch64 ports now supports runtime VMA detection and instrumentation
for 39 and 42-bit VMA.
It also Rewrite print_address to take a variadic argument list
(the addresses to print) and adjust the tests which uses it to the new
signature.
llvm-svn: 254319
Changing comments that have references to code.google.com to point to GitHub instead, because the current links are not redirected properly (they instead redirect to different issues, mostly ASan). NFC.
Differential Revision: http://reviews.llvm.org/D15053
llvm-svn: 254300
1) There's a few wrongly defined things in tsan_interceptors.cc,
2) a typo in tsan_rtl_amd64.S which calls setjmp instead of sigsetjmp in the interceptor, and
3) on OS X, accessing an mprotected page results in a SIGBUS (and not SIGSEGV).
Differential Revision: http://reviews.llvm.org/D15052
llvm-svn: 254299
Serial queues need extra happens-before between individual tasks executed in the same queue. This patch adds `Acquire(queue)` before the executed task and `Release(queue)` just after it (for serial queues only). Added a test case.
Differential Revision: http://reviews.llvm.org/D15011
llvm-svn: 254229
There's a few more lit tests that require features not available on OS X (MAP_32BIT, pthread_setname_np), let's mark them with "UNSUPPORTED: darwin".
Differential Revision: http://reviews.llvm.org/D14923
llvm-svn: 254225
Pthread spinlocks are not available on OS X and this test doesn't really require a spinlock.
Differential Revision: http://reviews.llvm.org/D14949
llvm-svn: 254224
When a race on file descriptors is detected, `FindThreadByUidLocked()` is called to retrieve ThreadContext with a specific unique_id. However, this ThreadContext might not exist in the thread registry anymore (it may have been recycled), in which case `FindThreadByUidLocked` will cause an assertion failure in `GetThreadLocked`. Adding a test case that reproduces this, producing:
FATAL: ThreadSanitizer CHECK failed: sanitizer_common/sanitizer_thread_registry.h:92 "((tid)) < ((n_contexts_))" (0x34, 0x34)
This patch fixes this by replacing the loop with `FindThreadContextLocked`.
Differential Revision: http://reviews.llvm.org/D14984
llvm-svn: 254223
This patch unify the 39 and 42-bit support for AArch64 by using an external
memory read to check the runtime detected VMA and select the better mapping
and transformation. Although slower, this leads to same instrumented binary
to be independent of the kernel.
Along with this change this patch also fix some 42-bit failures with
ALSR disable by increasing the upper high app memory threshold and also
the 42-bit madvise value for non large page set.
llvm-svn: 254151
Due to a typo, atos-symbolizer-dyld-root-path.cc is currently being skipped all the time. There's a few more typos/copy-paste-errors. Let's fix them and enable this test.
Differential Revision: http://reviews.llvm.org/D14951
llvm-svn: 254058
We need to intercept libdispatch APIs (dispatch_sync, dispatch_async, etc.) to add synchronization between the code that submits the task and the code that gets executed (possibly on a different thread). This patch adds release+acquire semantics for dispatch_sync, and dispatch_async (plus their "_f" and barrier variants). The synchronization is done on malloc'd contexts (separate for each submitted block/callback). Added tests to show usage of dispatch_sync and dispatch_async, for cases where we expect no warnings and for cases where TSan finds races.
Differential Revision: http://reviews.llvm.org/D14745
llvm-svn: 253982
Mike Aizatsky