Commit Graph

8041 Commits

Author SHA1 Message Date
Marco Castelluccio 32d18beb8c Make __gcov_flush flush counters for all shared libraries
Summary:
This will make the behavior of __gcov_flush match the GCC behavior.

I would like to rename __gcov_flush to __llvm_gcov_flush (in case of programs linking to libraries built with different compilers), but I guess we can't for compatibility reasons.

Reviewers: davidxl

Reviewed By: davidxl

Subscribers: samsonov, vitalybuka, pcc, kcc, junbuml, glider, fhahn, eugenis, dvyukov, davidxl, srhines, chh, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D48538

llvm-svn: 336365
2018-07-05 15:52:59 +00:00
George Karpenkov aeeac6d41c [libFuzzer] [NFC] Inline static variable to avoid the linker warning.
Differential Revision: https://reviews.llvm.org/D48650

llvm-svn: 336238
2018-07-04 00:37:45 +00:00
Kostya Serebryany 51ddb88300 [libFuzzer] add one more value profile metric, under a flag (experimental)
llvm-svn: 336234
2018-07-03 22:33:09 +00:00
Kostya Serebryany dcac0a3b5e [libFuzzer] remove stale code, as suggested in https://reviews.llvm.org/D48800
llvm-svn: 336230
2018-07-03 21:22:44 +00:00
Kostya Kortchinsky e64a81475c [scudo] Get rid of builtin-declaration-mismatch warnings
Summary:
The C interceptors were using `SIZE_T` defined in the interception library as
a `__sanitizer::uptr`. On some 32-bit platforms, this lead to the following
warning:
```
warning: declaration of ‘void* malloc(SIZE_T)’ conflicts with built-in declaration ‘void* malloc(unsigned int)’ [-Wbuiltin-declaration-mismatch]
INTERCEPTOR_ATTRIBUTE void *malloc(SIZE_T size) {
```
`__sanitizer::uptr` is indeed defined as an `unsigned long` on those.

So just include `stddef.h` and use `size_t` instead.

Reviewers: alekseyshl

Reviewed By: alekseyshl

Subscribers: delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D48885

llvm-svn: 336221
2018-07-03 19:03:46 +00:00
Kostya Kortchinsky 4bc7f3d4d6 [scudo] Enable Scudo memory hooks for Fuchsia.
Summary:
    It would be useful for Flutter apps, especially, to be able to use
    malloc hooks to debug memory leaks on Fuchsia. They're not able to do
    this right now, so it'd be a nice bonus to throw in with the Scudo
    switchover.


Reviewers: cryptoad, alekseyshl

Reviewed By: cryptoad

Differential Revision: https://reviews.llvm.org/D48618

llvm-svn: 336139
2018-07-02 19:48:01 +00:00
Fangrui Song 5f27e0c021 [asan] Fix deadlock issue on FreeBSD, caused by use of .preinit_array in rL325240
Summary:
Without this patch,
clang -fsanitize=address -xc =(printf 'int main(){}') -o a; ./a => deadlock in __asan_init>AsanInitInternal>AsanTSDInit>...>__getcontextx_size>_rtld_bind>rlock_acquire(rtld_bind_lock, &lockstate)

libexec/rtld-elf/rtld.c
  wlock_acquire(rtld_bind_lock, &lockstate);
  if (obj_main->crt_no_init)
    preinit_main(); // unresolved PLT functions cannot be called here

lib/libthr/thread/thr_rtld.c
  uc_len = __getcontextx_size(); // unresolved PLT function in libthr.so.3

check-xray tests currently rely on .preinit_array so we special case in
xray_init.cc

Subscribers: srhines, kubamracek, krytarowski, delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D48806

llvm-svn: 336067
2018-07-01 17:52:41 +00:00
Fangrui Song da891dc6b4 [asan] Use MADV_NOCORE for use_madv_dontdump on FreeBSD.
Currently in FreeBSD 12.0-CURRENT with trunk clang+compiler-rt, faulty -fsanitize=address executable hangs at 'urdlck' state.

Ka Ho Ng has verified that by backporting this to llvm 6.0.1, with use_madv_dontdump=1, shadow memory is not dumped.

ASAN_OPTIONS=abort_on_error=1:disable_coredump=0:use_madv_dontdump=1 ./a

Reviewers: dimitry, kcc, dvyukov, emaste, khng300

Subscribers: kubamracek, delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D48257

llvm-svn: 336046
2018-06-30 08:27:48 +00:00
Chih-Hung Hsieh 7222e8e30b [profile] Add llvm_gcov_flush to be called outside a shared library
__gcov_flush is hidden.
For applications to dump profiling data of selected .so files,
they can use dlsym to find and call llvm_gcov_flush in each .so file.

Differential Revision: https://reviews.llvm.org/D45454

llvm-svn: 336019
2018-06-29 21:45:55 +00:00
Alex Shlyapnikov fb1644835b [TSan] More detailed error message on failed sahdow memory madvise
Summary:
Report errno value on failed shadow memory madvise attempt and add a
hint message with the possible workaround.

Reviewers: eugenis

Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D48668

llvm-svn: 335928
2018-06-28 21:38:34 +00:00
Petr Hosek 61574fdb06 [sanitizer] zx_cprng_draw no longer returns any value
Remove the return value check.

Differential Revision: https://reviews.llvm.org/D48671

llvm-svn: 335790
2018-06-27 21:25:21 +00:00
Matt Morehouse 520748f01e [UBSan] Add silence_unsigned_overflow flag.
Summary:
Setting UBSAN_OPTIONS=silence_unsigned_overflow=1 will silence all UIO
reports.  This feature, combined with
-fsanitize-recover=unsigned-integer-overflow, is useful for providing
fuzzing signal without the excessive log output.

Helps with https://github.com/google/oss-fuzz/issues/910.

Reviewers: kcc, vsk

Reviewed By: vsk

Subscribers: vsk, kubamracek, Dor1s, llvm-commits

Differential Revision: https://reviews.llvm.org/D48660

llvm-svn: 335762
2018-06-27 18:24:46 +00:00
Petr Hosek 3209b28aa9 [sanitizer] zx_cprng_draw no longer takes the output argument
The zx_cprng_draw system call no longer takes the output argument.

Differential Revision: https://reviews.llvm.org/D48657

llvm-svn: 335755
2018-06-27 16:49:37 +00:00
Dan Liew bb78eef6b6 [CMake] Tidy up the organisation of compiler-rt when configured as a standalone
build with an IDE (e.g. Xcode) as the generator.

Previously the global `USE_FOLDERS` property wasn't set in standalone
builds leading to existing settings of FOLDER not being respected.

In addition to this there were several targets that appeared at the top
level that were not interesting and clustered up the view. These have
been changed to be displayed in "Compiler-RT Misc".

Now when an Xcode project is generated from a standalone compiler-rt
build the project navigator is much less cluttered. The interesting
libraries should appear in "Compiler-RT Libraries" in the IDE.

Differential Revision: https://reviews.llvm.org/D48378

llvm-svn: 335728
2018-06-27 12:56:34 +00:00
Vlad Tsyrklevich e745cf9bf3 CFI: Print DSO names for failed cross-DSO icalls
Reviewers: pcc

Reviewed By: pcc

Subscribers: kubamracek, delcypher, llvm-commits, kcc, #sanitizers

Differential Revision: https://reviews.llvm.org/D48583

llvm-svn: 335644
2018-06-26 18:51:04 +00:00
Matt Morehouse 0948bc2086 [libFuzzer] Do not turn unittest warnings into errors.
Some warnings originating from googletest were causing bots to fail
while bulding unit tests.  The sanitizers address this issue by not
using -Werror.  We adopt this approach for libFuzzer.

llvm-svn: 335640
2018-06-26 18:37:37 +00:00
Peter Collingbourne e44acadf6a Implement CFI for indirect calls via a member function pointer.
Similarly to CFI on virtual and indirect calls, this implementation
tries to use program type information to make the checks as precise
as possible.  The basic way that it works is as follows, where `C`
is the name of the class being defined or the target of a call and
the function type is assumed to be `void()`.

For virtual calls:
- Attach type metadata to the addresses of function pointers in vtables
  (not the functions themselves) of type `void (B::*)()` for each `B`
  that is a recursive dynamic base class of `C`, including `C` itself.
  This type metadata has an annotation that the type is for virtual
  calls (to distinguish it from the non-virtual case).
- At the call site, check that the computed address of the function
  pointer in the vtable has type `void (C::*)()`.

For non-virtual calls:
- Attach type metadata to each non-virtual member function whose address
  can be taken with a member function pointer. The type of a function
  in class `C` of type `void()` is each of the types `void (B::*)()`
  where `B` is a most-base class of `C`. A most-base class of `C`
  is defined as a recursive base class of `C`, including `C` itself,
  that does not have any bases.
- At the call site, check that the function pointer has one of the types
  `void (B::*)()` where `B` is a most-base class of `C`.

Differential Revision: https://reviews.llvm.org/D47567

llvm-svn: 335569
2018-06-26 02:15:47 +00:00
Alex Shlyapnikov d42edb28d0 [HWASan] Initalize shadow earler.
Summary:
Initialize shadow memory before calling more libc functions to allow
for HWASan-instrumented libc.

Reviewers: eugenis

Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D48551

llvm-svn: 335502
2018-06-25 17:27:13 +00:00
Matt Morehouse 988f2da613 [libFuzzer] Use Vector rather than std::vector.
llvm-svn: 335487
2018-06-25 15:59:24 +00:00
Vedant Kumar c835306ac5 [ubsan] Fix __ubsan_on_report interface definition
Speculative fix for the interface definition of __ubsan_on_report for
the Windows bots:

  http://lab.llvm.org:8011/builders/sanitizer-windows/builds/30528
  lib\ubsan\ubsan_interface.inc(55): error C2065: '__ubsan_on_report':
  undeclared identifier

INTERCEPT_SANITIZER_WEAK_FUNCTION was the wrong macro to use to begin
with because __ubsan_on_report isn't weak. Reading through that macro,
it's still not clear to me why there is an undefined reference, though,
because it appears to define a dummy __ubsan_on_report shim.

llvm-svn: 335383
2018-06-22 20:15:33 +00:00
Vedant Kumar 059d20360a [ubsan] Add support for reporting diagnostics to a monitor process
Add support to the ubsan runtime for reporting diagnostics to a monitor
process (e.g a debugger).

The Xcode IDE uses this by setting a breakpoint on __ubsan_on_report and
collecting diagnostic information via __ubsan_get_current_report_data,
which it then surfaces to users in the editor UI.

Testing for this functionality already exists in upstream lldb, here:
lldb/packages/Python/lldbsuite/test/functionalities/ubsan

Apart from that, this is `ninja check-{a,ub}san` clean.

Differential Revision: https://reviews.llvm.org/D48446

llvm-svn: 335371
2018-06-22 17:21:17 +00:00
Dmitry Vyukov ac5fa6605c tsan: fix deficiency in MutexReadOrWriteUnlock
MutexUnlock uses ReleaseStore on s->clock, which is the right thing to do.
However MutexReadOrWriteUnlock for writers uses Release on s->clock.
Make MutexReadOrWriteUnlock also use ReleaseStore for consistency and performance.
Unfortunately, I don't think any test can detect this as this only potentially
affects performance.

llvm-svn: 335322
2018-06-22 08:27:52 +00:00
Kostya Kortchinsky 307c2eb94f [scudo] Add a minimal runtime for -fsanitize-minimal-runtime compatibility
Summary:
This patch follows D48373.

The point is to be able to use Scudo with `-fsanitize-minimal-runtime`. For that
we need a runtime that doesn't embed the UBSan one. This results in binaries
that can be compiled with `-fsanitize=scudo,integer -fsanitize-minimal-runtime`.

Reviewers: eugenis

Reviewed By: eugenis

Subscribers: mgorny, delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D48377

llvm-svn: 335296
2018-06-21 21:48:04 +00:00
Kuba Mracek 14c786a960 [tsan] Use DARWIN_osx_LINK_FLAGS when building unit tests to match ASan behavior.
llvm-svn: 335265
2018-06-21 18:00:51 +00:00
David Carlier 7d796ececd [TSan] fix build and couple of unit tests on FreeBSD
Similarly to Msan adding -pie provokes linkage issue, was spotted with pie_test.cc
Set to XFAIL for couple of unit tests.

Reviewers: vitalybuka, krytarowski, dim

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D48317

llvm-svn: 335166
2018-06-20 20:17:44 +00:00
David Carlier 8979d44d31 [Lsan] intercept thr_exit on FreeBSD
Intercepts thr_exit call on FreeBSD.
Disable pthread key workflow.
The pthread key create approach does not function under FreeBSD as the libpthread is not initialised enough at this stage.

Reviewers: vitalybuka, krytarowski, dim

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D48268

llvm-svn: 335164
2018-06-20 20:13:25 +00:00
Alex Shlyapnikov 7e067ab1af [Sanitizers] Remove OOM/BadRequest allocator error handling policies.
Summary:
Remove the generic error nadling policies and handle each allocator error
explicitly. Although more verbose, it allows for more comprehensive, precise
and actionable allocator related failure reports.

This finishes up the series of changes of the particular sanitizer
allocators, improves the internal allocator error reporting and removes
now unused policies.

Reviewers: vitalybuka, cryptoad

Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D48328

llvm-svn: 335147
2018-06-20 17:10:33 +00:00
Fangrui Song 6fa3bf9588 [XRay] Fix error message. NFC
Reviewers: dberris

Subscribers: delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D48313

llvm-svn: 335055
2018-06-19 15:39:19 +00:00
Kostya Kortchinsky 63c33b1c9b [scudo] Move noinline functions definitions out of line
Summary:
Mark `isRssLimitExceeded` as `NOINLINE`, and move it's definition as well as
the one of `performSanityChecks` out of the class definition, as requested.

Reviewers: filcab, alekseyshl

Reviewed By: alekseyshl

Subscribers: delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D48228

llvm-svn: 335054
2018-06-19 15:36:30 +00:00
Francis Visoiu Mistrih 972a462a7e Fix bots after r334981
llvm-svn: 335013
2018-06-19 02:56:24 +00:00
Reid Kleckner b8a5ee2b00 [asan] Avoid deadlock when initializing the symbolizer CHECK fails
llvm-svn: 335007
2018-06-19 00:36:47 +00:00
Chris Bieneman feb4537b44 Fixing os_version_check.c to be actual C source
The initial implementaiton was using the C++ typeof keyword. This
causes the compiler to spew warnings unnecissarilly. This patch removes
the uses of typeof and replaces them with explicit typedefs of the
function types.

llvm-svn: 334981
2018-06-18 20:56:19 +00:00
Alex Shlyapnikov c75d47b52d [TSan] Report proper error on allocator failures instead of CHECK(0)-ing
Summary:
Following up on and complementing D44404 and other sanitizer allocators.

Currently many allocator specific errors (OOM, for example) are reported as
a text message and CHECK(0) termination, no stack, no details, not too
helpful nor informative. To improve the situation, detailed and structured
common errors were defined and reported under the appropriate conditions.

Common tests were generalized a bit to cover a slightly different TSan
stack reporting format, extended to verify errno value and returned
pointer value check is now explicit to facilitate debugging.

Reviewers: dvyukov

Subscribers: srhines, kubamracek, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D48087

llvm-svn: 334975
2018-06-18 20:03:31 +00:00
Francis Visoiu Mistrih 1197f01bb9 [sanitizer] Guard call to internal_lseek when SANITIZER_MAC is true
r334881 breaks macOS bots because internal_lseek is not defined (neither
used on macOS):
http://green.lab.llvm.org/green/job/clang-stage1-configure-RA/46240/consoleFull.

See discussion from r334881: https://reviews.llvm.org/rL334881

llvm-svn: 334944
2018-06-18 13:53:51 +00:00
Petr Hosek 068246886a [Fuzzer] Set an explicit libc++ dependency when needed
On targets that don't link internal libc++ (Fuchsia and Linux) but
use libc++ as their C++ library and libFuzzer is being built using
the just built compiler together with libc++ as part of runtimes, we
need an explicit dependency from libFuzzer object library to libc++ to
make sure the headers are available by the time we start building
libFuzzer.

Differential Revision: https://reviews.llvm.org/D48261

llvm-svn: 334928
2018-06-18 08:01:57 +00:00
Vitaly Buka 7fd0d388e0 [sanitizer] Suppress unused function warning
llvm-svn: 334923
2018-06-18 05:55:44 +00:00
Vitaly Buka 87ea4487f7 [sanitizer] Fix tsan GO build
llvm-svn: 334914
2018-06-17 17:58:08 +00:00
Vitaly Buka 4647c8b93d [sanitizer] Fix s390 build after r334900
llvm-svn: 334913
2018-06-17 17:40:38 +00:00
Vitaly Buka 755f0e8174 [sanitizer] Use confstr to check libc version in InitTlsSize
Reviewers: Lekensteyn, jakubjelinek

Subscribers: kubamracek, llvm-commits

Differential Revision: https://reviews.llvm.org/D48265

llvm-svn: 334912
2018-06-17 17:31:22 +00:00
Vitaly Buka 4d6b33c510 [fuzzer] Python 3 print fixes
llvm-svn: 334902
2018-06-17 09:11:56 +00:00
Vitaly Buka b213a345e1 [fuzzer] Fix collect_data_flow.py for python 3
llvm-svn: 334901
2018-06-17 08:41:56 +00:00
Vitaly Buka b957f99d57 [sanitizer] Use const char* in internal_simple_strtoll
llvm-svn: 334900
2018-06-17 08:41:45 +00:00
Fangrui Song 87bcd4abef [sanitizer_common] Fix windows build caused by r334881
llvm-svn: 334884
2018-06-16 05:05:19 +00:00
Fangrui Song d40fc6019b [sanitizer_common] Use O_TRUNC for WrOnly access mode.
Summary: Otherwise if the file existed and was larger than the write size before the OpenFile call, the file will not be truncated and contain garbage in trailing bytes.

Reviewers: glider, kcc, vitalybuka

Subscribers: kubamracek, delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D48250

llvm-svn: 334881
2018-06-16 03:32:59 +00:00
Petr Hosek 5e6bc090ed [Fuzzer] Don't hardcode target architecture for Fuzzer tests
Don't hardcode the architecture for Fuzzer tests which breaks when
compiler-rt is being compiled for architectures other than x86_64.

Differential Revision: https://reviews.llvm.org/D48207

llvm-svn: 334852
2018-06-15 18:21:02 +00:00
Kostya Kortchinsky 4adf24502e [scudo] Add verbose failures in place of CHECK(0)
Summary:
The current `FailureHandler` mechanism was fairly opaque with regard to the
failure reason due to using `CHECK(0)`. Scudo is a bit different from the other
Sanitizers as it prefers to avoid spurious processing in its failure path. So
we just `dieWithMessage` using a somewhat explicit string.

Adapted the tests for the new strings.

While this takes care of the `OnBadRequest` & `OnOOM` failures, the next step
is probably to migrate the other Scudo failures in the same failes (header
corruption, invalid state and so on).

Reviewers: alekseyshl

Reviewed By: alekseyshl

Subscribers: filcab, mgorny, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D48199

llvm-svn: 334843
2018-06-15 16:45:19 +00:00
Eli Friedman 16c4456022 [compiler-rt] [builtins] Don't build __atomic_* by default.
The locks need to be implemented in a shared library to work correctly,
so they shouldn't be part of libclang_rt.builtins.a, except in
specialized scenarios where the user can prove it will only be linked
once.

Differential Revision: https://reviews.llvm.org/D47606

llvm-svn: 334779
2018-06-14 23:22:53 +00:00
George Karpenkov d1e0365ce3 [libFuzzer] [NFC] Support multi-arch and multi-OS building and testing
Differential Revision: https://reviews.llvm.org/D47296

llvm-svn: 334768
2018-06-14 20:46:07 +00:00
Alex Shlyapnikov c9b41354ff [MSan] Linker-initialize static fallback_mutex in msan_allocator.cc
Summary:
static fallback_mutex in msan_allocator.cc does not need the ctor
call and can be linker initialized.

Issue: https://github.com/google/sanitizers/issues/194

Reviewers: morehouse, eugenis

Subscribers: delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D48145

llvm-svn: 334749
2018-06-14 18:30:51 +00:00
Alex Shlyapnikov 241b758690 [ASan] Linker-initialize static ScopedInErrorReport::current_error_.
Summary:
Static ScopedInErrorReport::current_error_ can be linker initialized to
shave one global ctor call on application startup and be __asan_init-safe.

Global constructors in ASan runtime are bad because __asan_init runs
from preinit_array, before any such constructors.

Issue: https://github.com/google/sanitizers/issues/194

Reviewers: eugenis, morehouse

Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D48141

llvm-svn: 334748
2018-06-14 18:22:23 +00:00