Commit Graph

48 Commits

Author SHA1 Message Date
Dmitry Vyukov 6bd917a31f asan: optimization experiments
The experiments can be used to evaluate potential optimizations that remove
instrumentation (assess false negatives). Instead of completely removing
some instrumentation, you set Exp to a non-zero value (mask of optimization
experiments that want to remove instrumentation of this instruction).
If Exp is non-zero, this pass will emit special calls into runtime
(e.g. __asan_report_exp_load1 instead of __asan_report_load1). These calls
make runtime terminate the program in a special way (with a different
exit status). Then you run the new compiler on a buggy corpus, collect
the special terminations (ideally, you don't see them at all -- no false
negatives) and make the decision on the optimization.

The exact reaction to experiments in runtime is not implemented in this patch.
It will be defined and implemented in a subsequent patch.

http://reviews.llvm.org/D8198

llvm-svn: 232501
2015-03-17 16:59:11 +00:00
Sergey Matveev 348800b3d9 [asan] Demote "trying to poison/unpoison memory region" messages...
... to verbosity level 3. Because log spam.

llvm-svn: 230974
2015-03-02 17:13:38 +00:00
Evgeniy Stepanov f074b3c2de [asan] Allow changing verbosity in activation flags.
This change removes some debug output in asan_flags.cc that
was reading the verbosity level before all the flags were parsed.

llvm-svn: 226566
2015-01-20 13:21:20 +00:00
Alexey Samsonov 91bb25f515 [ASan] Introduce SetCanPoisonMemory() function.
SetCanPoisonMemory()/CanPoisonMemory() functions are now used
instead of "poison_heap" flag to determine if ASan is allowed
to poison the shadow memory. This allows to hot-patch this
value in runtime (e.g. during ASan activation) without introducing
a data race.

llvm-svn: 224395
2014-12-17 00:01:02 +00:00
Kostya Serebryany c9855da6d9 [asan] the run-time part of intra-object-overflow detector (-fsanitize-address-field-padding=1). Note that all of this is still experimental; don't use unless you are brave.
llvm-svn: 220013
2014-10-17 01:22:37 +00:00
Kostya Serebryany da9d495d03 [asan] add a test for array cookie if the operator new is defined inside the class (the cookie should not be poisoned in such case); update the related comment in asan_poisoning.cc
llvm-svn: 218620
2014-09-29 19:40:56 +00:00
Kostya Serebryany 1fb81720ec [asan] relax the assertion around array cookie load; still need to extract a reproducer where this assertion fails...
llvm-svn: 217215
2014-09-05 01:16:30 +00:00
Kostya Serebryany ac77055272 [asan] introduce __asan_load_cxx_array_cookie: check that the array cookie address is properly poisoned and return the cookie value. If not, return 0 to avoid infinite loop of DTORs (in case of use-after-free). Calls to this function will be inserted by clang (separate change)
llvm-svn: 216692
2014-08-28 22:28:04 +00:00
Kostya Serebryany e9f24a9b3b [asan] poison array cookies only on 64-bit arch
llvm-svn: 214713
2014-08-04 12:59:45 +00:00
Kostya Serebryany 522c35eb80 [asan] introduce __asan_poison_cxx_array_cookie. This is asan-rt part of PR19838 (Left OOB accesses on new[]-allocated arrays with array cookies are not detected). No tests yet. They will follow once I commit the clang part.
llvm-svn: 214711
2014-08-04 12:43:13 +00:00
Kostya Serebryany 7a733480c8 [asan] introduce interface function __sanitizer_verify_contiguous_container to verify annotations in vector-like containers
llvm-svn: 208092
2014-05-06 14:41:01 +00:00
Kostya Serebryany 38bb53b2c5 [asan] add a run-time flag detect_container_overflow=true/false
llvm-svn: 206753
2014-04-21 14:18:45 +00:00
Kostya Serebryany 90527cb324 [asan] don't use bool in public interface, make sure the interface headers are usable in plain C
llvm-svn: 206160
2014-04-14 11:16:53 +00:00
Kostya Serebryany f694ab1f18 [asan] provide better reports for cases where memcpy/etc get negative size parameter. Also fix a typo found by Tetsuo Kiso
llvm-svn: 206158
2014-04-14 09:50:52 +00:00
Kostya Serebryany 4871067a55 [asan] relax the checks inside __sanitizer_annotate_contiguous_container: they are too optimistic due to https://code.google.com/p/address-sanitizer/issues/detail?id=258.
llvm-svn: 199715
2014-01-21 09:53:49 +00:00
Kostya Serebryany a650116adb [asan] convert a CHECK failure in __sanitizer_annotate_contiguous_container into a proper warning message
llvm-svn: 197899
2013-12-23 07:01:43 +00:00
Kostya Serebryany e55d388e71 [asan] when a fake stack is being unmapped also flush the corresponding shadow
llvm-svn: 197040
2013-12-11 14:26:41 +00:00
Sergey Matveev 47b02994f1 Fix Windows build.
llvm-svn: 196780
2013-12-09 13:24:44 +00:00
Sergey Matveev b1b8d1aa47 [lsan] Make LSan ignore memory poisoned by ASan.
Summary:
No more (potenital) false negatives due to red zones or fake stack
frames.

Reviewers: kcc, samsonov

Reviewed By: samsonov

CC: llvm-commits, samsonov

Differential Revision: http://llvm-reviews.chandlerc.com/D2359

llvm-svn: 196778
2013-12-09 13:12:10 +00:00
Sergey Matveev 9be70fbda9 [sanitizer] Introduce VReport and VPrintf macros and use them in sanitizer code.
Instead of "if (common_flags()->verbosity) Report(...)" we now have macros.

llvm-svn: 196497
2013-12-05 12:04:51 +00:00
Kostya Serebryany 3771a3dd73 [asan] remove a fixed FIXME; extend the comment around __sanitizer_annotate_contiguous_container
llvm-svn: 195131
2013-11-19 14:54:14 +00:00
Kostya Serebryany 7b664299f0 [asan] new shadow poison magic for contiguous-container-buffer-overflow, addressed Alexey Samsonov's comments for r195011
llvm-svn: 195117
2013-11-19 08:40:07 +00:00
Kostya Serebryany 60ecf38133 [asan] fix Windows build
llvm-svn: 195012
2013-11-18 14:26:13 +00:00
Kostya Serebryany 3d97c2040d [asan] introduce __sanitizer_annotate_contiguous_container
llvm-svn: 195011
2013-11-18 14:02:05 +00:00
Dmitry Vyukov 52ca74ec61 tsan: move verbosity flag to CommonFlags
llvm-svn: 192701
2013-10-15 13:28:51 +00:00
Evgeniy Stepanov 56050e8f69 [sanitizer] Fix __sanitizer_unaligned_* to work with unaligned data types.
llvm-svn: 183224
2013-06-04 13:49:10 +00:00
Kostya Serebryany 92684efb1d [asan] implement callbacks for unaligned loads/stores
Reviewers: samsonov

Reviewed By: samsonov

CC: samsonov, llvm-commits

Differential Revision: http://llvm-reviews.chandlerc.com/D652

llvm-svn: 179175
2013-04-10 13:59:32 +00:00
Kostya Serebryany 5b4267f7e7 [sanitizer] found a bug by code inspection: CHECK(a=b) instead of CHECK(a==b). Was puzzled why lint did not catch it. Turns out this check was disabled for asan source. fix all cases and enable the check
llvm-svn: 178872
2013-04-05 14:40:25 +00:00
Alexey Samsonov a88c60b085 [ASan] Speed-up initialization-order checking: create and use fast versions of PoisonShadow functions, store copies of __asan_global descriptors in a vector instead of list of pointers. This gives 3x speedup on both benchmarks and real binaries with lots of globals.
llvm-svn: 178239
2013-03-28 15:42:43 +00:00
Alexey Samsonov a0c0da8f51 [ASan] Split ASan interface header into private and public parts. Add a test that makes sure users can include interface header
llvm-svn: 174058
2013-01-31 13:46:14 +00:00
Kostya Serebryany 63c36bbe5e [asan] fix two off-by-one errors that seem to affect only PowerPC because only there the stack top may be equal to the address space top. Noted by Andreas Schwab in http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55975#c11 . Also make swapcontext interceptor a bit more robust
llvm-svn: 172807
2013-01-18 11:30:36 +00:00
Kostya Serebryany cb510e50e2 [asan] implement more strict checking for memset/etc parameters. Instead of checking the first and the last byte, we check the entire shadow region. This costs ~10 slowdown for the instrumented functions. Motivated by a nasty memset-buffer-overflow-by-140-bytes in chrome which was reported as a use-after-free or not at all
llvm-svn: 171198
2012-12-28 15:24:16 +00:00
Kostya Serebryany 9da3dd0415 [asan] add a flag poison_heap to allow better allocator benchmarking, implemenet malloc_stats() on Linux
llvm-svn: 170685
2012-12-20 11:54:21 +00:00
Kostya Serebryany 7dfb168eb8 [asan] more asan_allocator2 code: actually un/poison shadow on malloc/free
llvm-svn: 170190
2012-12-14 12:15:09 +00:00
Alexey Samsonov 45b6edbd1d ASan: add new interface functions - __asan_(un)poison_stack_memory. Calls to these functions are inserted by the instrumentation pass in use-after-scope mode
llvm-svn: 169201
2012-12-04 01:38:15 +00:00
Chandler Carruth 1aa4fef601 Relocate the external headers provided by ASan and the common sanitizer
library.

These headers are intended to be available to user code when built with
AddressSanitizer (or one of the other sanitizer's in the future) to
interface with the runtime library. As such, they form stable external
C interfaces, and the headers shouldn't be located within the
implementation.

I've pulled them out into what seem like fairly obvious locations and
names, but I'm wide open to further bikeshedding of these names and
locations.

I've updated the code and the build system to cope with the new
locations, both CMake and Makefile. Please let me know if this breaks
anyone's build.

The eventual goal is to install these headers along side the Clang
builtin headers when we build the ASan runtime and install it. My
current thinking is to locate them at:

  <prefix>/lib/clang/X.Y/include/sanitizer/common_interface_defs.h
  <prefix>/lib/clang/X.Y/include/sanitizer/asan_interface.h
  <prefix>/lib/clang/X.Y/include/sanitizer/...

But maybe others have different suggestions?

Fixing the style of the #include between these headers at least unblocks
experimentation with installing them as they now should work when
installed in these locations.

llvm-svn: 162822
2012-08-29 02:27:54 +00:00
Alexey Samsonov 34efb8e9b9 [ASan] Use common flags parsing machinery.
llvm-svn: 159933
2012-07-09 14:36:04 +00:00
Alexey Samsonov 461820ad67 [ASan] Make printf arguments match format strings better.
llvm-svn: 158059
2012-06-06 10:46:00 +00:00
Alexey Samsonov 485d3dc363 Remove file-type tags for .cc files in ASan run-time library
llvm-svn: 157927
2012-06-04 13:50:10 +00:00
Kostya Serebryany 1d35d155fd [asan] more renaming
llvm-svn: 157747
2012-05-31 15:02:07 +00:00
Kostya Serebryany 8d03204204 [asan] more renaming
llvm-svn: 157746
2012-05-31 14:35:53 +00:00
Kostya Serebryany 1b71207f48 [asan,tsan] introduce sanitizer_common/sanitizer_defs.h and perform some renaming in asan rt. More to come.
llvm-svn: 157743
2012-05-31 14:11:07 +00:00
Kostya Serebryany fd2037162e [asan] performance optimization: make sure the check for poisoned shadow inside inteceptors is inlined
llvm-svn: 152767
2012-03-15 01:18:06 +00:00
Alexey Samsonov e725478e2f AddressSanitizer: replace all "real_X" calls with "REAL(X)"
llvm-svn: 150073
2012-02-08 13:45:31 +00:00
Alexey Samsonov f9fef3d275 AddressSanitizer: simplify RoundUpToPowerOfTwo/clz; add a couple of CHECKs for real_X calls. Patch by timurrrr@google.com
llvm-svn: 149687
2012-02-03 08:50:16 +00:00
Kostya Serebryany 2d27cdf621 [asan] minimize the use of STL. One bit is still left.
llvm-svn: 145691
2011-12-02 18:42:04 +00:00
Kostya Serebryany 15dd3f2500 Refactor shadow poisoning done by asan-rt, no funtionality changes; patch by samsonov@google.com
llvm-svn: 145505
2011-11-30 18:50:23 +00:00
Kostya Serebryany 019b76f5fd AddressSanitizer run-time library. Not yet integrated with the compiler-rt build system, but can be built using the old makefile. See details in README.txt
llvm-svn: 145463
2011-11-30 01:07:02 +00:00