Commit Graph

13153 Commits

Author SHA1 Message Date
Kamil Rytarowski f51e55e09e [compiler-rt] [netbsd] Reintroduce __sanitizer_protoent
Partial revert of https://reviews.llvm.org/D82424
2020-09-10 11:46:41 +02:00
Fangrui Song 01cdab0b33 [gcov] Delete flush_fn_list (unused since D83149) 2020-09-09 17:27:30 -07:00
Fangrui Song f559bf31ad [gcov] Delete unused llvm_gcda_increment_indirect_counter
It has been unused since r157564 (2012).
2020-09-09 16:58:03 -07:00
Vitaly Buka 91c28bbe74 [Asan] Return nullptr for invalid chunks
CHUNK_ALLOCATED. CHUNK_QUARANTINE are only states
which make AsanChunk useful for GetAsanChunk callers.
In either case member of AsanChunk are not useful.

Fix few cases which didn't expect nullptr. Most of the callers are already
expects nullptr.

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D87135
2020-09-09 16:32:47 -07:00
Vitaly Buka b5bc56da8a [NFC][Asan] Fit ChunkHeader into redzone
In code as-is min redzone and ChunkHeader are 16 byte.
This patch just makes sure that redzone is calculated correctly if we
extend ChunkHeader.
2020-09-09 03:29:51 -07:00
Dokyung Song 1bb1eac6b1 [libFuzzer] Add a command-line option for tracing mutation of corpus inputs in the dot graph format.
This patch adds a new command-line option -mutation_graph_file=FILE for
debugging purposes, which traces how corpus inputs evolve during a fuzzing
run. For each new input that is added to the corpus, a new vertex corresponding
to the added input, as well as a new edge that connects its base input to itself
are written to the given file. Each vertex is labeled with the filename of the
input, and each edge is labeled with the mutation sequence that led to the input
w.r.t. its base input.

The format of the mutation graph file is the dot file format. Once prepended and
appended with "graph {" and "}", respectively, the graph becomes a valid dot
file and can be visualized.

Differential Revision: https://reviews.llvm.org/D86560
2020-09-09 03:28:53 +00:00
Fangrui Song b9d086693b [llvm-cov gcov] Compute unmeasured arc counts by Kirchhoff's circuit law
For a CFG G=(V,E), Knuth describes that by Kirchoff's circuit law, the minimum
number of counters necessary is |E|-(|V|-1). The emitted edges form a spanning
tree. libgcov emitted .gcda files leverages this optimization while clang
--coverage's doesn't.

Propagate counts by Kirchhoff's circuit law so that llvm-cov gcov can
correctly print line counts of gcc --coverage emitted files and enable
the future improvement of clang --coverage.
2020-09-08 18:45:11 -07:00
Vitaly Buka 27650a5fed [NFC][Asan] Remove Debug code
Used for https://github.com/google/sanitizers/issues/1193

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D86933
2020-09-08 13:59:59 -07:00
Vitaly Buka c05095cd68 [Asan] Don't crash if metadata is not initialized
Fixes https://github.com/google/sanitizers/issues/1193.

AsanChunk can be uninitialized yet just after return from the secondary
allocator. If lsan starts scan just before metadata assignment it can
fail to find corresponding AsanChunk.

It should be safe to ignore this and let lsan to assume that
AsanChunk is in the beginning of the block. This block is from the
secondary allocator and created with mmap, so it should not contain
any pointers and will make lsan to miss some leaks.

Similar already happens for primary allocator. If it can't find real
AsanChunk it falls back and assume that block starts with AsanChunk.
Then if the block is already returned to allocator we have  garbage in
AsanChunk and may scan dead memory hiding some leaks.
I'll fix this in D87135.

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D86931
2020-09-08 13:58:34 -07:00
Fangrui Song 2d7fd38cf7 [sanitizers] Remove unneeded MaybeCall*DefaultOptions() and nullptr checks
D28596 added SANITIZER_INTERFACE_WEAK_DEF which can guarantee `*_default_options` are always defined.
The weak attributes on the `__{asan,lsan,msan,ubsan}_default_options` declarations can thus be removed.

`MaybeCall*DefaultOptions` no longer need nullptr checks, so their call sites can just be replaced by `__*_default_options`.

Reviewed By: #sanitizers, vitalybuka

Differential Revision: https://reviews.llvm.org/D87175
2020-09-08 10:12:05 -07:00
Raul Tambre 86bd8f82cc [CMake] Remove dead FindPythonInterp code
LLVM has bumped the minimum required CMake version to 3.13.4, so this has become dead code.

Reviewed By: #libc, ldionne

Differential Revision: https://reviews.llvm.org/D87189
2020-09-08 15:23:23 +03:00
Craig Topper 35f708a3c9 [builtins] Inline __paritysi2 into __paritydi2 and inline __paritydi2 into __parityti2.
No point in making __parityti2 go through 2 calls to get to
__paritysi2.

Reviewed By: MaskRay, efriedma

Differential Revision: https://reviews.llvm.org/D87218
2020-09-07 17:57:39 -07:00
Fangrui Song 5f5a0bb087 [asan][test] Use --image-base for Linux/asan_prelink_test.cpp if ld is LLD
LLD supports -Ttext but with the option there is still a PT_LOAD at address zero
and thus the Linux kernel will map it to a different address and the test will fail.

Use --image-base instead.
2020-09-07 14:45:21 -07:00
Fangrui Song ab68517e6b [asan_symbolize] Pass --demangle/--no-demangle instead of --demangle={True,False}
`--demangle={True,False}` were accepted but disallowed after llvm-symbolizer's switch to OptTable.
(`--demangle={true,false}` were temporarily supported but they are case sensitive.)
2020-09-06 14:44:37 -07:00
Brad Smith 8542dab909 [compiler-rt] Implement __clear_cache() on OpenBSD/arm 2020-09-06 15:54:24 -04:00
Vitaly Buka b11db3606c [Asan] Cleanup atomic usage in allocator
There are no know bugs related to this, still it may fix some latent ones.
Main concerns with preexisting code:
1. Inconsistent atomic/non-atomic access to the same field.
2. Assumption that bitfield chunk_state is always the first byte without
    even taking into account endianness.

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D86917
2020-09-06 00:14:33 -07:00
Vitaly Buka b2e27a86c1 Revert "[Asan] Cleanup atomic usage in allocator"
Crashes on PPC

This reverts commit eb87e1dbcf.
2020-09-05 23:41:25 -07:00
Vitaly Buka eb87e1dbcf [Asan] Cleanup atomic usage in allocator
There are no know bugs related to this, still it may fix some latent ones.
Main concerns with preexisting code:
1. Inconsistent atomic/non-atomic access to the same field.
2. Assumption that bitfield chunk_state is always the first byte without
    even taking into account endianness.

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D86917
2020-09-05 19:55:38 -07:00
Vitaly Buka 289c08e4bc [NFC][Asan] Fix clang-tidy warning 2020-09-05 19:09:59 -07:00
Vitaly Buka 9128f5c8a7 [NFC][Asan] Move free_tid from ChunkHeader
The goal to make chunk_state atomic, but we can't pack it with
free_tid on Windows.
2020-09-05 18:42:32 -07:00
Vitaly Buka d5d09d93ee [NFC][Asan] Reformat some allocator code 2020-09-05 15:56:02 -07:00
Vitaly Buka 398c44ba84 [NFC][Asan] Inline enum doc strings 2020-09-05 15:54:18 -07:00
Vitaly Buka 51597cc37a [NFC][Asan] Rename internal enum value.
New name better represents the state of chunk.
2020-09-05 15:53:52 -07:00
Vitaly Buka 298c9fae93 [NFC][compiler-rt] Refine .clang-tidy checks
Reviewed By: MaskRay

Differential Revision: https://reviews.llvm.org/D87182
2020-09-05 15:42:15 -07:00
Fangrui Song a5d6af421d [compiler-rt] Add .clang-tidy with customization to disable readability-identifier-naming
Copied from lldb/.clang-tidy (D75810).

Most compiler-rt code actually uses variableName or variable_name but not VariableName.
Lots of functions use `__function_name` and FunctionName instead of functionName.
Just exclude readability-identifier-naming.
2020-09-04 16:05:20 -07:00
Daniel Sanders 5e04b539c8 [compiler-rt] Try again to correct test after 3f1a9b7eca added segment names to objdump output
One check was missed on the previous attempt
2020-09-04 15:49:11 -07:00
Daniel Sanders 1eae19a87f [compiler-rt] Try to correct test after 3f1a9b7eca added segment names to objdump output 2020-09-04 12:24:46 -07:00
Hubert Tong dde16ef031 [tests][libFuzzer] Fix `-Wmissing-field-initializers` after D86092
Speculatively fix `-Werror,-Wmissing-field-initializers` failures
relating to the `ScalePerExecTime` field added by D86092.
2020-09-04 13:07:44 -04:00
Nico Weber fab60665eb sanitizer_common: Implement COMPILER_CHECK using static_assert
Since this is an internal header, we can just assume static_assert
exists.

If this doesn't upset any bots, I'll replace all uses of
COMPILER_CHECK in a follow-up.
2020-09-04 11:05:54 -04:00
Nico Weber dbf04aaade Revert "[Asan] Cleanup atomic usage in allocator"
This reverts commit 8b8be6f38a
and follow-ups 99a93c3a22,
a9c0bf0404,
48ac5b4833.

It breaks building on Windows, see https://reviews.llvm.org/D86917#2255872
2020-09-04 10:51:08 -04:00
Vitaly Buka 4770f80a7c [NFC][Asan] Fix typo in comment 2020-09-04 02:04:25 -07:00
Vitaly Buka 48ac5b4833 [NFC][Asan] Reformat some allocator code 2020-09-04 01:22:21 -07:00
Vitaly Buka a9c0bf0404 [NFC][Asan] Inline enum doc strings 2020-09-04 00:18:59 -07:00
Vitaly Buka 99a93c3a22 [NFC][Asan] Rename internal enum value.
New name better represents the state of chunk.
2020-09-03 18:54:52 -07:00
Vitaly Buka a803ddc522 [NFC][Asan] Add FIXME into GetAsanChunk 2020-09-03 18:50:09 -07:00
Vitaly Buka 2b71b7f791 [NFC][Asan] Set AP32::kMetadataSize to 0
Asan does not use metadata with primary allocators.
It should match AP64::kMetadataSize whic is 0.

Depends on D86917.

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D86919
2020-09-03 14:23:51 -07:00
Vitaly Buka 8b8be6f38a [Asan] Cleanup atomic usage in allocator
There are no know bugs related to this, still it may fix some latent ones.
Main concerns with preexisting code:
1. Inconsistent atomic/non-atomic access to the same field.
2. Assumption that bitfield chunk_state is always the first byte without
    even taking into account endianness.

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D86917
2020-09-03 14:22:10 -07:00
Dokyung Song 5cda4dc7b4 [libFuzzer] Scale energy assigned to each input based on input execution time.
This patch scales the energy computed by the Entropic schedule based on the
execution time of each input. The input execution time is compared with the
average execution time of inputs in the corpus, and, based on the amount by
which they differ, the energy is scaled from 0.1x (for inputs executing slow) to
3x (for inputs executing fast). Note that the exact scaling criteria and formula
is borrowed from AFL.

On FuzzBench, this gives a sizeable throughput increase, which in turn leads to
more coverage on several benchmarks. For details, see the following report.

https://storage.googleapis.com/fuzzer-test-suite-public/exectime-report/index.html

Differential Revision: https://reviews.llvm.org/D86092
2020-09-03 20:38:20 +00:00
Dokyung Song b53243e194 [libFuzzer] Evenly select inputs to cross over with from the corpus regardless of the input's coverage.
This patch adds an option "cross_over_uniform_dist", which, if 1, considers all
inputs in the corpus for the crossover input selection. More specifically, this
patch uses a uniform distribution of all inputs in the corpus for the CrossOver
input selection. Note that input selection for mutation is still fully
determined by the scheduling policy (i.e., vanilla or Entropic); the uniform
distribution only applies to the secondary input selection, only for the
crossover mutation of the base input chosen by the scheduling policy. This way
the corpus inputs that have useful fragments in them, even though they are
deprioritized by the scheduling policy, have chances of getting mixed with other
inputs that are prioritized and selected as base input for mutation.

Differential Revision: https://reviews.llvm.org/D86954
2020-09-03 19:47:00 +00:00
Dokyung Song 62673c430d [libFuzzer] Add an option to keep initial seed inputs around.
This patch adds an option "keep_seed" to keep all initial seed inputs in the
corpus. Previously, only the initial seed inputs that find new coverage were
added to the corpus, and all the other initial inputs were discarded. We
observed in some circumstances that useful initial seed inputs are discarded as
they find no new coverage, even though they contain useful fragments in them
(e.g., SQLITE3 FuzzBench benchmark). This newly added option provides a way to
keeping seed inputs in the corpus for those circumstances. With this patch, and
with -keep_seed=1, all initial seed inputs are kept in the corpus regardless of
whether they find new coverage or not. Further, these seed inputs are not
replaced with smaller inputs even if -reduce_inputs=1.

Differential Revision: https://reviews.llvm.org/D86577
2020-09-03 15:54:39 +00:00
Matt Morehouse 711b980654 [fuzzer] Create user provided fuzzer writeable directories when requested if they dont exist
Currently, libFuzzer will exit with an error message if a non-existent
directory is provided for any of the appropriate arguments. For cases
where libFuzzer is used in a specialized embedded environment, it would
be much easier to have libFuzzer create the directories for the user.

This patch accommodates for this scenario by allowing the user to provide
the argument `-create_missing_dirs=1` which makes libFuzzer attempt to
create the `artifact_prefix`, `exact_artifact_path`,
`features_dir` and/or corpus directory if they don't already exist rather
than throw an error and exit.

Split off from D84808 as requested [here](https://reviews.llvm.org/D84808#2208546).

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D86733
2020-09-03 08:31:59 -07:00
Jinsong Ji 0cefaec2e8 [compiler-rt] Don't build llvm-lit in RUNTIMES-BUILD
With runtimes-build, we lost map config for llvm-lit, so we can NOT run
lit from source dir anymore.
All the subdir target like: ninja check-llvm-codegen-powerpc will fail
too.

We will get some cfg error like:
  File "../lvm-project/llvm/test/lit.cfg.py", line 21, in <module>
    config.test_format = lit.formats.ShTest(not llvm_config.use_lit_shell)
AttributeError: 'NoneType' object has no attribute 'use_lit_shell'

This is reset of map config in llvm-lit rebuild.
We already have llvm-lit in runtimes-build, so don't build it.

Reviewed By: phosek

Differential Revision: https://reviews.llvm.org/D87002
2020-09-03 01:08:16 +00:00
Fangrui Song 2324482383 [asan_symbolize] Remove --use-symbol-table=true which is the default 2020-09-02 17:34:35 -07:00
Kostya Kortchinsky 00d9907a7a [scudo][standalone] Enable secondary cache release on Fuchsia
I had left this as a TODO, but it turns out it wasn't complicated.
By specifying `MAP_RESIZABLE`, it allows us to keep the VMO which we
can then use for release purposes.
`releasePagesToOS` also had to be called the "proper" way, as Fuchsia
requires the `Offset` field to be correct. This has no impact on
non-Fuchsia platforms.

Differential Revision: https://reviews.llvm.org/D86800
2020-09-02 14:28:17 -07:00
Ahsan Saghir a27398a815 [PowerPC] Update MemorySanitizer test to cater for number of CPUs > 1024
MemorySanitizer test fails on systems with more than 1024 CPUs.
This patch updates the test to make it work for machines that
have more than 1024 CPUs. This helps to fix errors on the PowerPC
sanitizer bot.

Reviewed By: #powerpc, nemanjai

Differential Revision: https://reviews.llvm.org/D87053
2020-09-02 15:29:13 -05:00
Fangrui Song 1cfde143e8 [GCDAProfiling] Suppress -Wprio-ctor-dtor for GCC>=9 and remove unused write_string/length_of_string
The `__attribute__((destructor(100)))` diagnostic does not have a
warning option in GCC 8 (before r264853) and thus cannot be suppressed.
2020-09-02 12:22:23 -07:00
Julian Lettner 4cefa8614f [TSan][libdispatch] Fix compilation error on Linux
The interceptor for the block variants of the API references the
function versions (via `REAL(name##_f)`).  On Linux, this accesses the
underlying "real pointer", defined by the interceptor macro.  So we need
to declare interceptors in the right order to avoid undefined symbol
compiler error:
```
error: no member named 'real_dispatch_async_and_wait_f' in namespace '__tsan::__interception'
```

rdar://68181542
2020-09-02 11:20:47 -07:00
Matt Morehouse 49dda4e58a [libFuzzer] Break dependency on common_interface_defs.h
Some libFuzzer users build using the build.sh script, without access to
the <sanitizer/common_interface_defs.h> include.

Update https://github.com/rust-fuzz/libfuzzer/issues/65.

Reviewed By: dokyungs

Differential Revision: https://reviews.llvm.org/D86981
2020-09-01 15:35:14 -07:00
Anatoly Trosinenko 553833958f [builtins] Fix divtf3_test.c
Fixes 93eed63d2f [builtins] Make __div[sdt]f3 handle denormal results.
2020-09-02 00:19:00 +03:00
Matt Morehouse 7139736261 Revert "[libfuzzer] Reduce default verbosity when printing large mutation sequences"
This reverts commit 2665425908 due to
buildbot failure.
2020-09-01 12:49:41 -07:00
Matt Morehouse 10670bdf54 Revert "[fuzzer] Create user provided fuzzer writeable directories when requested if they dont exist"
This reverts commit cb8912799d, since the
test fails on Windows.
2020-09-01 12:05:46 -07:00
Anatoly Trosinenko 93eed63d2f [builtins] Make __div[sdt]f3 handle denormal results
This patch introduces denormal result support to soft-float division
implementation unified by D85031.

Reviewed By: sepavloff

Differential Revision: https://reviews.llvm.org/D85032
2020-09-01 21:52:34 +03:00
Matt Morehouse cb8912799d [fuzzer] Create user provided fuzzer writeable directories when requested if they dont exist
Currently, libFuzzer will exit with an error message if a non-existent
directory is provided for any of the appropriate arguments. For cases
where libFuzzer is used in a specialized embedded environment, it would
be much easier to have libFuzzer create the directories for the user.

This patch accommodates for this scenario by allowing the user to provide
the argument `-create_missing_dirs=1` which makes libFuzzer attempt to
create the `artifact_prefix`, `exact_artifact_path`,
`features_dir` and/or corpus directory if they don't already exist rather
than throw an error and exit.

Split off from D84808 as requested [here](https://reviews.llvm.org/D84808#2208546).

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D86733
2020-09-01 11:50:47 -07:00
mhl 2665425908 [libfuzzer] Reduce default verbosity when printing large mutation sequences
When using a custom mutator (e.g. thrift mutator, similar to LPM)
that calls back into libfuzzer's mutations via `LLVMFuzzerMutate`, the mutation
sequences needed to achieve new coverage can get prohibitively large.

Printing these large sequences has two downsides:

1) It makes the logs hard to understand for a human.
2) The performance cost slows down fuzzing.

In this patch I change the `PrintMutationSequence` function to take a max
number of entries, to achieve this goal. I also update `PrintStatusForNewUnit`
to default to printing only 10 entries, in the default verbosity level (1),
requiring the user to set verbosity to 2 if they want the full mutation
sequence.

For our use case, turning off verbosity is not an option, as that would also
disable `PrintStats()` which is very useful for infrastructure that analyzes
the logs in realtime. I imagine most users of libfuzzer always want those logs
in the default.

I built a fuzzer locally with this patch applied to libfuzzer.

When running with the default verbosity, I see logs like this:

    #65 NEW    cov: 4799 ft: 10443 corp: 41/1447Kb lim: 64000 exec/s: 1 rss: 575Mb L: 28658/62542 MS: 196 Custom-CrossOver-ChangeBit-EraseBytes-ChangeBit-ChangeBit-ChangeBit-CrossOver-ChangeBit-CrossOver- DE: "\xff\xff\xff\x0e"-"\xfe\xff\xff\x7f"-"\xfe\xff\xff\x7f"-"\x17\x00\x00\x00\x00\x00\x00\x00"-"\x00\x00\x00\xf9"-"\xff\xff\xff\xff"-"\xfa\xff\xff\xff"-"\xf7\xff\xff\xff"-"@\xff\xff\xff\xff\xff\xff\xff"-"E\x00"-
    #67 NEW    cov: 4810 ft: 10462 corp: 42/1486Kb lim: 64000 exec/s: 1 rss: 577Mb L: 39823/62542 MS: 135 Custom-CopyPart-ShuffleBytes-ShuffleBytes-ChangeBit-ChangeBinInt-EraseBytes-ChangeBit-ChangeBinInt-ChangeBit- DE: "\x01\x00\x00\x00\x00\x00\x01\xf1"-"\x00\x00\x00\x07"-"\x00\x0d"-"\xfd\xff\xff\xff"-"\xfe\xff\xff\xf4"-"\xe3\xff\xff\xff"-"\xff\xff\xff\xf1"-"\xea\xff\xff\xff"-"\x00\x00\x00\xfd"-"\x01\x00\x00\x05"-

Staring hard at the logs it's clear that the cap of 10 is applied.

When running with verbosity level 2, the logs look like the below:

    #66    NEW    cov: 4700 ft: 10188 corp: 37/1186Kb lim: 64000 exec/s: 2 rss: 509Mb L: 47616/61231 MS: 520 Custom-CopyPart-ChangeBinInt-ChangeBit-ChangeByte-EraseBytes-PersAutoDict-CopyPart-ShuffleBytes-ChangeBit-ShuffleBytes-CopyPart-EraseBytes-CopyPart-ChangeBinInt-CopyPart-ChangeByte-ShuffleBytes-ChangeBinInt-ShuffleBytes-ChangeBit-CMP-ShuffleBytes-ChangeBit-CrossOver-ChangeBinInt-ChangeByte-ShuffleBytes-CrossOver-EraseBytes-ChangeBinInt-InsertRepeatedBytes-PersAutoDict-InsertRepeatedBytes-InsertRepeatedBytes-CrossOver-ChangeByte-ShuffleBytes-CopyPart-ShuffleBytes-CopyPart-CrossOver-ChangeBit-ShuffleBytes-CrossOver-PersAutoDict-ChangeByte-ChangeBit-ShuffleBytes-CrossOver-ChangeByte-EraseBytes-CopyPart-ChangeBinInt-PersAutoDict-CrossOver-ShuffleBytes-CrossOver-CrossOver-EraseBytes-CrossOver-EraseBytes-CrossOver-ChangeBit-ChangeBinInt-ChangeByte-EraseBytes-ShuffleBytes-ShuffleBytes-ChangeBit-EraseBytes-ChangeBinInt-ChangeBit-ChangeBinInt-CopyPart-EraseBytes-PersAutoDict-EraseBytes-CopyPart-ChangeBinInt-ChangeByte-CrossOver-ChangeBinInt-ShuffleBytes-PersAutoDict-PersAutoDict-ChangeBinInt-CopyPart-ChangeBinInt-CrossOver-ChangeBit-ChangeBinInt-CopyPart-ChangeByte-ChangeBit-CopyPart-CrossOver-ChangeByte-ChangeBit-ChangeByte-ShuffleBytes-CMP-ChangeBit-CopyPart-ChangeBit-ChangeByte-ChangeBinInt-PersAutoDict-ChangeBinInt-CrossOver-ChangeBinInt-ChangeBit-ChangeBinInt-ChangeBinInt-PersAutoDict-ChangeBinInt-ChangeBinInt-ChangeByte-CopyPart-ShuffleBytes-ChangeByte-ChangeBit-ChangeByte-ChangeByte-EraseBytes-CrossOver-ChangeByte-ChangeByte-EraseBytes-EraseBytes-InsertRepeatedBytes-ShuffleBytes-CopyPart-CopyPart-ChangeBit-ShuffleBytes-PersAutoDict-ShuffleBytes-ChangeBit-ChangeByte-ChangeBit-ShuffleBytes-ChangeByte-ChangeBinInt-CrossOver-ChangeBinInt-ChangeBit-EraseBytes-CopyPart-ChangeByte-CrossOver-EraseBytes-CrossOver-ChangeByte-ShuffleBytes-ChangeByte-ChangeBinInt-CrossOver-ChangeByte-InsertRepeatedBytes-InsertByte-ShuffleBytes-PersAutoDict-ChangeBit-ChangeByte-ChangeBit-ShuffleBytes-ShuffleBytes-CopyPart-ShuffleBytes-EraseBytes-ShuffleBytes-ShuffleBytes-CrossOver-ChangeBinInt-CopyPart-CopyPart-CopyPart-EraseBytes-EraseBytes-ChangeByte-ChangeBinInt-ShuffleBytes-CMP-InsertByte-EraseBytes-ShuffleBytes-CopyPart-ChangeBit-CrossOver-CopyPart-CopyPart-ShuffleBytes-ChangeByte-ChangeByte-ChangeBinInt-EraseBytes-ChangeByte-ChangeBinInt-ChangeBit-ChangeBit-ChangeByte-ShuffleBytes-PersAutoDict-PersAutoDict-CMP-ChangeBit-ShuffleBytes-PersAutoDict-ChangeBinInt-EraseBytes-EraseBytes-ShuffleBytes-ChangeByte-ShuffleBytes-ChangeBit-EraseBytes-CMP-ShuffleBytes-ChangeByte-ChangeBinInt-EraseBytes-ChangeBinInt-ChangeByte-EraseBytes-ChangeByte-CrossOver-ShuffleBytes-EraseBytes-EraseBytes-ShuffleBytes-ChangeBit-EraseBytes-CopyPart-ShuffleBytes-ShuffleBytes-CrossOver-CopyPart-ChangeBinInt-ShuffleBytes-CrossOver-InsertByte-InsertByte-ChangeBinInt-ChangeBinInt-CopyPart-EraseBytes-ShuffleBytes-ChangeBit-ChangeBit-EraseBytes-ChangeByte-ChangeByte-ChangeBinInt-CrossOver-ChangeBinInt-ChangeBinInt-ShuffleBytes-ShuffleBytes-ChangeByte-ChangeByte-ChangeBinInt-ShuffleBytes-CrossOver-EraseBytes-CopyPart-CopyPart-CopyPart-ChangeBit-ShuffleBytes-ChangeByte-EraseBytes-ChangeByte-InsertRepeatedBytes-InsertByte-InsertRepeatedBytes-PersAutoDict-EraseBytes-ShuffleBytes-ChangeByte-ShuffleBytes-ChangeBinInt-ShuffleBytes-ChangeBinInt-ChangeBit-CrossOver-CrossOver-ShuffleBytes-CrossOver-CopyPart-CrossOver-CrossOver-CopyPart-ChangeByte-ChangeByte-CrossOver-ChangeBit-ChangeBinInt-EraseBytes-ShuffleBytes-EraseBytes-CMP-PersAutoDict-PersAutoDict-InsertByte-ChangeBit-ChangeByte-CopyPart-CrossOver-ChangeByte-ChangeBit-ChangeByte-CopyPart-ChangeBinInt-EraseBytes-CrossOver-ChangeBit-CrossOver-PersAutoDict-CrossOver-ChangeByte-CrossOver-ChangeByte-ChangeByte-CrossOver-ShuffleBytes-CopyPart-CopyPart-ShuffleBytes-ChangeByte-ChangeByte-ChangeBinInt-ChangeBinInt-ChangeBinInt-ChangeBinInt-ShuffleBytes-CrossOver-ChangeBinInt-ShuffleBytes-ChangeBit-PersAutoDict-ChangeBinInt-ShuffleBytes-ChangeBinInt-ChangeByte-CrossOver-ChangeBit-CopyPart-ChangeBit-ChangeBit-CopyPart-ChangeByte-PersAutoDict-ChangeBit-ShuffleBytes-ChangeByte-ChangeBit-CrossOver-ChangeByte-CrossOver-ChangeByte-CrossOver-ChangeBit-ChangeByte-ChangeBinInt-PersAutoDict-CopyPart-ChangeBinInt-ChangeBit-CrossOver-ChangeBit-PersAutoDict-ShuffleBytes-EraseBytes-CrossOver-ChangeByte-ChangeBinInt-ShuffleBytes-ChangeBinInt-InsertRepeatedBytes-PersAutoDict-CrossOver-ChangeByte-Custom-PersAutoDict-CopyPart-CopyPart-ChangeBinInt-ShuffleBytes-ChangeBinInt-ChangeBit-ShuffleBytes-CrossOver-CMP-ChangeByte-CopyPart-ShuffleBytes-CopyPart-CopyPart-CrossOver-CrossOver-CrossOver-ShuffleBytes-ChangeByte-ChangeBinInt-ChangeBit-ChangeBit-ChangeBit-ChangeByte-EraseBytes-ChangeByte-ChangeBit-ChangeByte-ChangeByte-CopyPart-PersAutoDict-ChangeBinInt-PersAutoDict-PersAutoDict-PersAutoDict-CopyPart-CopyPart-CrossOver-ChangeByte-ChangeBinInt-ShuffleBytes-ChangeBit-CopyPart-EraseBytes-CopyPart-CopyPart-CrossOver-ChangeByte-EraseBytes-ShuffleBytes-ChangeByte-CopyPart-EraseBytes-CopyPart-CrossOver-ChangeBinInt-ChangeBinInt-InsertByte-ChangeBinInt-ChangeBit-ChangeByte-CopyPart-ChangeByte-EraseBytes-ChangeByte-ChangeBit-ChangeByte-ShuffleBytes-CopyPart-ChangeBinInt-EraseBytes-CrossOver-ChangeBit-ChangeBit-CrossOver-EraseBytes-ChangeBinInt-CopyPart-CopyPart-ChangeBinInt-ChangeBit-EraseBytes-InsertRepeatedBytes-EraseBytes-ChangeBit-CrossOver-CrossOver-EraseBytes-EraseBytes-ChangeByte-CopyPart-CopyPart-ShuffleBytes-ChangeByte-ChangeBit-ChangeByte-EraseBytes-ChangeBit-ChangeByte-ChangeByte-CrossOver-CopyPart-EraseBytes-ChangeByte-EraseBytes-ChangeByte-ShuffleBytes-ShuffleBytes-ChangeByte-CopyPart-ChangeByte-ChangeByte-ChangeBit-CopyPart-ChangeBit-ChangeBinInt-CopyPart-ShuffleBytes-ChangeBit-ChangeBinInt-ChangeBit-EraseBytes-CMP-CrossOver-CopyPart-ChangeBinInt-CrossOver-CrossOver-CopyPart-CrossOver-CrossOver-InsertByte-InsertByte-CopyPart-Custom- DE: "warn"-"\x00\x00\x00\x80"-"\xfe\xff\xff\xfb"-"\xff\xff"-"\x10\x00\x00\x00"-"\xfe\xff\xff\xff"-"\xff\xff\xff\xf6"-"U\x01\x00\x00\x00\x00\x00\x00"-"\xd9\xff\xff\xff"-"\xfe\xff\xff\xea"-"\xf0\xff\xff\xff"-"\xfc\xff\xff\xff"-"warn"-"\xff\xff\xff\xff"-"\xfe\xff\xff\xfb"-"\x00\x00\x00\x80"-"\xfe\xff\xff\xf1"-"\xfe\xff\xff\xea"-"\x00\x00\x00\x00\x00\x00\x012"-"\xe2\x00"-"\xfb\xff\xff\xff"-"\x00\x00\x00\x00"-"\xe9\xff\xff\xff"-"\xff\xff"-"\x00\x00\x00\x80"-"\x01\x00\x04\xc9"-"\xf0\xff\xff\xff"-"\xf9\xff\xff\xff"-"\xff\xff\xff\xff\xff\xff\xff\x12"-"\xe2\x00"-"\xfe\xff\xff\xff"-"\xfe\xff\xff\xea"-"\xff\xff\xff\xff"-"\xf4\xff\xff\xff"-"\xe9\xff\xff\xff"-"\xf1\xff\xff\xff"-
    #48    NEW    cov: 4502 ft: 9151 corp: 27/750Kb lim: 64000 exec/s: 2 rss: 458Mb L: 50772/50772 MS: 259 ChangeByte-ShuffleBytes-ChangeBinInt-ChangeByte-ChangeByte-ChangeByte-ChangeByte-ChangeBit-CopyPart-CrossOver-CopyPart-ChangeByte-CrossOver-CopyPart-ChangeBit-ChangeByte-EraseBytes-ChangeByte-CopyPart-CopyPart-CopyPart-ChangeBit-EraseBytes-ChangeBinInt-CrossOver-CopyPart-CrossOver-CopyPart-ChangeBit-ChangeByte-ChangeBit-InsertByte-CrossOver-InsertRepeatedBytes-InsertRepeatedBytes-InsertRepeatedBytes-ChangeBinInt-EraseBytes-InsertRepeatedBytes-InsertByte-ChangeBit-ShuffleBytes-ChangeBit-ChangeBit-CopyPart-ChangeBit-ChangeByte-CrossOver-ChangeBinInt-ChangeByte-CrossOver-CMP-ChangeByte-CrossOver-ChangeByte-ShuffleBytes-ShuffleBytes-ChangeByte-ChangeBinInt-CopyPart-EraseBytes-CrossOver-ChangeBit-ChangeBinInt-InsertByte-ChangeBit-CopyPart-ChangeBinInt-ChangeByte-CrossOver-ChangeBit-EraseBytes-CopyPart-ChangeBinInt-ChangeBit-ChangeBit-ChangeByte-CopyPart-ChangeBinInt-CrossOver-PersAutoDict-ChangeByte-ChangeBit-ChangeByte-ChangeBinInt-ChangeBinInt-EraseBytes-CopyPart-CopyPart-ChangeByte-ChangeByte-EraseBytes-PersAutoDict-CopyPart-ChangeByte-ChangeByte-EraseBytes-CrossOver-CopyPart-CopyPart-CopyPart-ChangeByte-ChangeBit-CMP-CopyPart-ChangeBinInt-ChangeBinInt-CrossOver-ChangeBit-ChangeBit-EraseBytes-ChangeByte-ShuffleBytes-ChangeBit-ChangeBinInt-CMP-InsertRepeatedBytes-CopyPart-Custom-ChangeByte-CrossOver-EraseBytes-ChangeBit-CopyPart-CrossOver-CMP-ShuffleBytes-EraseBytes-CrossOver-PersAutoDict-ChangeByte-CrossOver-CopyPart-CrossOver-CrossOver-ShuffleBytes-ChangeBinInt-CrossOver-ChangeBinInt-ShuffleBytes-PersAutoDict-ChangeByte-EraseBytes-ChangeBit-CrossOver-EraseBytes-CrossOver-ChangeBit-ChangeBinInt-EraseBytes-InsertByte-InsertRepeatedBytes-InsertByte-InsertByte-ChangeByte-ChangeBinInt-ChangeBit-CrossOver-ChangeByte-CrossOver-EraseBytes-ChangeByte-ShuffleBytes-ChangeBit-ChangeBit-ShuffleBytes-CopyPart-ChangeByte-PersAutoDict-ChangeBit-ChangeByte-InsertRepeatedBytes-CMP-CrossOver-ChangeByte-EraseBytes-ShuffleBytes-CrossOver-ShuffleBytes-ChangeBinInt-ChangeBinInt-CopyPart-PersAutoDict-ShuffleBytes-ChangeBit-CopyPart-ShuffleBytes-CopyPart-EraseBytes-ChangeByte-ChangeBit-ChangeBit-ChangeBinInt-ChangeByte-CopyPart-EraseBytes-ChangeBinInt-EraseBytes-EraseBytes-PersAutoDict-CMP-PersAutoDict-CrossOver-CrossOver-ChangeBit-CrossOver-PersAutoDict-CrossOver-CopyPart-ChangeByte-EraseBytes-ChangeByte-ShuffleBytes-ChangeByte-ChangeByte-CrossOver-ChangeBit-EraseBytes-ChangeByte-EraseBytes-ChangeBinInt-CrossOver-CrossOver-EraseBytes-ChangeBinInt-CrossOver-ChangeBit-ShuffleBytes-ChangeBit-ChangeByte-EraseBytes-ChangeBit-CrossOver-CrossOver-CrossOver-ChangeByte-ChangeBit-ShuffleBytes-ChangeBit-ChangeBit-EraseBytes-CrossOver-CrossOver-CopyPart-ShuffleBytes-ChangeByte-ChangeByte-CopyPart-CrossOver-CopyPart-CrossOver-CrossOver-EraseBytes-EraseBytes-ShuffleBytes-InsertRepeatedBytes-ChangeBit-CopyPart-Custom- DE: "\xfe\xff\xff\xfc"-"\x00\x00\x00\x00"-"F\x00"-"\xf3\xff\xff\xff"-"St9exception"-"_\x00\x00\x00"-"\xf6\xff\xff\xff"-"\xfe\xff\xff\xff"-"\x00\x00\x00\x00"-"p\x02\x00\x00\x00\x00\x00\x00"-"\xfe\xff\xff\xfb"-"\xff\xff"-"\xff\xff\xff\xff"-"\x01\x00\x00\x07"-"\xfe\xff\xff\xfe"-

These are prohibitively large and of limited value in the default case (when
someone is running the fuzzer, not debugging it), in my opinion.

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D86658
2020-09-01 11:14:36 -07:00
Alex Richardson 7be8682921 [tsan] Fix "failed to intercept sysctlnametomib" on FreeBSD
The sysctlnametomib function is called from __tsan::Initialize via
__sanitizer::internal_sysctlbyname (see stack trace below). This results
in a fatal error since sysctlnametomib has not been intercepted yet.
This patch allows internal_sysctlbyname to be called before
__tsan::Initialize() has completed. On FreeBSD >= 1300045 sysctlbyname()
is a real syscall, but for older versions it calls sysctlnametomib()
followed by sysctl(). To avoid calling the intercepted version, look up
the real sysctlnametomib() followed by internal_sysctl() if the
syscall is not available.

This reduces check-sanitizer failures from 62 to 11 for me.

==34433==FATAL: ThreadSanitizer: failed to intercept sysctlnametomib
    at /exports/users/alr48/sources/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:51
    name=0x7fffffffce10, namelenp=0x7fffffffce08)
    at /exports/users/alr48/sources/upstream-llvm-project/compiler-rt/lib/tsan/../sanitizer_common/sanitizer_common_interceptors.inc:7908
    oldp=0x7fffffffcf2c, oldlenp=0x7fffffffcf20, newp=0x0, newlen=0)
    at /exports/users/alr48/sources/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp:803
    at /exports/users/alr48/sources/upstream-llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp:2152
    at /exports/users/alr48/sources/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:367
    fname=0x21c731 "readlink", pc=34366042556)
    at /exports/users/alr48/sources/upstream-llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:255
    bufsiz=1024)
    at /exports/users/alr48/sources/upstream-llvm-project/compiler-rt/lib/tsan/../sanitizer_common/sanitizer_common_interceptors.inc:7151

Reviewed By: #sanitizers, vitalybuka

Differential Revision: https://reviews.llvm.org/D85292
2020-09-01 18:25:22 +01:00
Anatoly Trosinenko 0e90d8d4fe [builtins] Unify the softfloat division implementation
This patch replaces three different pre-existing implementations of
__div[sdt]f3 LibCalls with a generic one - like it is already done for
many other LibCalls.

Reviewed By: sepavloff

Differential Revision: https://reviews.llvm.org/D85031
2020-09-01 19:05:50 +03:00
Vitaly Buka bd6ee51150 [NFC][Asan] Format includes 2020-09-01 05:30:07 -07:00
Petr Hosek 3c7bfbd683 [CMake] Use find_library for ncurses
Currently it is hard to avoid having LLVM link to the system install of
ncurses, since it uses check_library_exists to find e.g. libtinfo and
not find_library or find_package.

With this change the ncurses lib is found with find_library, which also
considers CMAKE_PREFIX_PATH. This solves an issue for the spack package
manager, where we want to use the zlib installed by spack, and spack
provides the CMAKE_PREFIX_PATH for it.

This is a similar change as https://reviews.llvm.org/D79219, which just
landed in master.

Patch By: haampie

Differential Revision: https://reviews.llvm.org/D85820
2020-08-31 20:06:21 -07:00
Anatoly Trosinenko 11cf6346fd [NFC][compiler-rt] Factor out __div[sdt]i3 and __mod[dt]i3 implementations
Reviewed By: MaskRay

Differential Revision: https://reviews.llvm.org/D86400
2020-08-30 16:14:08 +03:00
Marco Vanotti 6760f7ee6f [compiler-rt][tsan] Remove unnecesary typedefs
These typedefs are not used anywhere else in this compilation unit.

Differential Revision: https://reviews.llvm.org/D86826
2020-08-28 18:43:54 -07:00
Vitaly Buka 6cf72ad3b3 [NFC][asan] Don't unwind stack before pool check 2020-08-28 02:00:35 -07:00
JF Bastien 82d29b397b Add an unsigned shift base sanitizer
It's not undefined behavior for an unsigned left shift to overflow (i.e. to
shift bits out), but it has been the source of bugs and exploits in certain
codebases in the past. As we do in other parts of UBSan, this patch adds a
dynamic checker which acts beyond UBSan and checks other sources of errors. The
option is enabled as part of -fsanitize=integer.

The flag is named: -fsanitize=unsigned-shift-base
This matches shift-base and shift-exponent flags.

<rdar://problem/46129047>

Differential Revision: https://reviews.llvm.org/D86000
2020-08-27 19:50:10 -07:00
Justin Cady 1d3ef5f122 [MSAN] Add fiber switching APIs
Add functions exposed via the MSAN interface to enable MSAN within
binaries that perform manual stack switching (e.g. through using fibers
or coroutines).

This functionality is analogous to the fiber APIs available for ASAN and TSAN.

Fixes google/sanitizers#1232

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D86471
2020-08-27 19:30:40 -07:00
Harmen Stoppels cdcb9ab10e Revert "Use find_library for ncurses"
The introduction of find_library for ncurses caused more issues than it solved problems. The current open issue is it makes the static build of LLVM fail. It is better to revert for now, and get back to it later.

Revert "[CMake] Fix an issue where get_system_libname creates an empty regex capture on windows"
This reverts commit 1ed1e16ab8.

Revert "Fix msan build"
This reverts commit 34fe9613dd.

Revert "[CMake] Always mark terminfo as unavailable on Windows"
This reverts commit 76bf26236f.

Revert "[CMake] Fix OCaml build failure because of absolute path in system libs"
This reverts commit 8e4acb82f7.

Revert "[CMake] Don't look for terminfo libs when LLVM_ENABLE_TERMINFO=OFF"
This reverts commit 495f91fd33.

Revert "Use find_library for ncurses"
This reverts commit a52173a3e5.

Differential revision: https://reviews.llvm.org/D86521
2020-08-27 17:57:26 -07:00
Dokyung Song c10e63677f Recommit "[libFuzzer] Fix arguments of InsertPartOf/CopyPartOf calls in CrossOver mutator."
The CrossOver mutator is meant to cross over two given buffers (referred to as
the first/second buffer henceforth). Previously InsertPartOf/CopyPartOf calls
used in the CrossOver mutator incorrectly inserted/copied part of the second
buffer into a "scratch buffer" (MutateInPlaceHere of the size
CurrentMaxMutationLen), rather than the first buffer. This is not intended
behavior, because the scratch buffer does not always (i) contain the content of
the first buffer, and (ii) have the same size as the first buffer;
CurrentMaxMutationLen is typically a lot larger than the size of the first
buffer. This patch fixes the issue by using the first buffer instead of the
scratch buffer in InsertPartOf/CopyPartOf calls.

A FuzzBench experiment was run to make sure that this change does not
inadvertently degrade the performance. The performance is largely the same; more
details can be found at:
https://storage.googleapis.com/fuzzer-test-suite-public/fixcrossover-report/index.html

This patch also adds two new tests, namely "cross_over_insert" and
"cross_over_copy", which specifically target InsertPartOf and CopyPartOf,
respectively.

- cross_over_insert.test checks if the fuzzer can use InsertPartOf to trigger
  the crash.

- cross_over_copy.test checks if the fuzzer can use CopyPartOf to trigger the
  crash.

These newly added tests were designed to pass with the current patch, but not
without the it (with 790878f291 these tests do not
pass). To achieve this, -max_len was intentionally given a high value. Without
this patch, InsertPartOf/CopyPartOf will generate larger inputs, possibly with
unpredictable data in it, thereby failing to trigger the crash.

The test pass condition for these new tests is narrowed down by (i) limiting
mutation depth to 1 (i.e., a single CrossOver mutation should be able to trigger
the crash) and (ii) checking whether the mutation sequence of "CrossOver-" leads
to the crash.

Also note that these newly added tests and an existing test (cross_over.test)
all use "-reduce_inputs=0" flags to prevent reducing inputs; it's easier to
force the fuzzer to keep original input string this way than tweaking
cov-instrumented basic blocks in the source code of the fuzzer executable.

Differential Revision: https://reviews.llvm.org/D85554
2020-08-27 21:48:45 +00:00
Dokyung Song 52f1df0923 Recommit "[libFuzzer] Fix value-profile-load test."
value-profile-load.test needs adjustment with a mutator change in
bb54bcf849, which reverted as of now, but will be
recommitted after landing this patch.

This patch makes value-profile-load.test more friendly to (and aware of) the
current value profiling strategy, which is based on the hamming as well as the
absolute distance. To this end, this patch adjusts the set of input values that
trigger an expected crash. More specifically, this patch now uses a single value
0x01effffe as a crashing input, because this value is close to values like
{0x1ffffff, 0xffffff, ...}, which are very likely to be added to the corpus per
the current hamming- and absolute-distance-based value profiling strategy. Note
that previously the crashing input values were {1234567 * {1, 2, ...}, s.t. <
INT_MAX}.

Every byte in the chosen value 0x01effeef is intentionally different; this was
to make it harder to find the value without the intermediate inputs added to the
corpus by the value profiling strategy.

Also note that LoadTest.cpp now uses a narrower condition (Size != 8) for
initial pruning of inputs, effectively preventing libFuzzer from generating
inputs longer than necessary and spending time on mutating such long inputs in
the corpus - a functionality not meant to be tested by this specific test.

Differential Revision: https://reviews.llvm.org/D86247
2020-08-27 19:12:30 +00:00
Raul Tambre 45344cf7ac [CMake][compiler-rt][libunwind] Compile assembly files as ASM not C, unify workarounds
It isn't very wise to pass an assembly file to the compiler and tell it to compile as a C file and hope that the compiler recognizes it as assembly instead.
Simply don't mark the file as C and CMake will recognize the rest.

This was attempted earlier in https://reviews.llvm.org/D85706, but reverted due to architecture issues on Apple.
Subsequent digging revealed a similar change was done earlier for libunwind in https://reviews.llvm.org/rGb780df052dd2b246a760d00e00f7de9ebdab9d09.
Afterwards workarounds were added for MinGW and Apple:
* https://reviews.llvm.org/rGb780df052dd2b246a760d00e00f7de9ebdab9d09
* https://reviews.llvm.org/rGd4ded05ba851304b26a437896bc3962ef56f62cb

The workarounds in libunwind and compiler-rt are unified and comments added pointing to each other.
The workaround is updated to only be used for MinGW for CMake versions before 3.17, which fixed the issue (https://gitlab.kitware.com/cmake/cmake/-/merge_requests/4287).

Additionally fixed Clang not being passed as the assembly compiler for compiler-rt runtime build.

Example error:
[525/634] Building C object lib/tsan/CMakeFiles/clang_rt.tsan-aarch64.dir/rtl/tsan_rtl_aarch64.S.o
FAILED: lib/tsan/CMakeFiles/clang_rt.tsan-aarch64.dir/rtl/tsan_rtl_aarch64.S.o
/opt/tooling/drive/host/bin/clang --target=aarch64-linux-gnu -I/opt/tooling/drive/llvm/compiler-rt/lib/tsan/.. -isystem /opt/tooling/drive/toolchain/opt/drive/toolchain/include -x c -Wall -Wno-unused-parameter -fno-lto -fPIC -fno-builtin -fno-exceptions -fomit-frame-pointer -funwind-tables -fno-stack-protector -fno-sanitize=safe-stack -fvisibility=hidden -fno-lto -O3 -gline-tables-only -Wno-gnu -Wno-variadic-macros -Wno-c99-extensions -Wno-non-virtual-dtor -fPIE -fno-rtti -Wframe-larger-than=530 -Wglobal-constructors --sysroot=. -MD -MT lib/tsan/CMakeFiles/clang_rt.tsan-aarch64.dir/rtl/tsan_rtl_aarch64.S.o -MF lib/tsan/CMakeFiles/clang_rt.tsan-aarch64.dir/rtl/tsan_rtl_aarch64.S.o.d -o lib/tsan/CMakeFiles/clang_rt.tsan-aarch64.dir/rtl/tsan_rtl_aarch64.S.o -c /opt/tooling/drive/llvm/compiler-rt/lib/tsan/rtl/tsan_rtl_aarch64.S
/opt/tooling/drive/llvm/compiler-rt/lib/tsan/rtl/tsan_rtl_aarch64.S:29:1: error: expected identifier or '('
.section .text
^
1 error generated.

Differential Revision: https://reviews.llvm.org/D86308
2020-08-27 15:40:15 +03:00
Anatoly Trosinenko fce035eae9 [NFC][compiler-rt] Factor out __mulo[sdt]i4 implementations to .inc file
The existing implementations are almost identical except for width of the
integer type.

Factor them out to int_mulo_impl.inc for better maintainability.

This patch is almost identical to D86277.

Reviewed By: MaskRay

Differential Revision: https://reviews.llvm.org/D86289
2020-08-27 14:33:48 +03:00
Anatoly Trosinenko 182d14db07 [NFC][compiler-rt] Factor out __mulv[sdt]i3 implementations to .inc file
The existing implementations are almost identical except for width of the
integer type.

Factor them out to int_mulv_impl.inc for better maintainability.

Reviewed By: MaskRay

Differential Revision: https://reviews.llvm.org/D86277
2020-08-27 14:33:48 +03:00
Vedant Kumar 1f47f89a90 [profile] Add InstrProfilingVersionVar.c.o to Darwin kext builtins
Fixes a build failure in the Darwin kernel. Tested with:

% nm -mU lib/libclang_rt.cc_kext_x86_64h_osx.a | grep __llvm_profile_raw_version

rdar://67809173
2020-08-26 10:02:13 -07:00
Matt Morehouse 2392ff093a [libFuzzer] Error and exit if user supplied fuzzer writeable directories don't exist
Currently, libFuzzer will exit with an error message if a non-existent
corpus directory is provided. However, if a user provides a non-existent
directory for the `artifact_prefix`, `exact_artifact_path`, or
`features_dir`, libFuzzer will continue execution but silently fail to
write artifacts/features.

To improve the user experience, this PR adds validation for the existence of
all user supplied directories before executing the main fuzzing loop. If they
don't exist, libFuzzer will exit with an error message.

Patch By: dgg5503

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D84808
2020-08-26 09:27:07 -07:00
Hans Wennborg 8421503300 Bump -len_control value in fuzzer-custommutator.test (PR47286)
to make the test more stable, as suggested by mmoroz.
2020-08-26 16:45:51 +02:00
Kuba Mracek e713b0ecbc [tsan] On arm64e, strip out ptrauth bits from incoming PCs
Differential Revision: https://reviews.llvm.org/D86378
2020-08-25 11:59:36 -07:00
David Tenty f8454d60b8 [AIX][compiler-rt][builtins] Don't add ppc builtin implementations that require __int128 on AIX
since __int128 currently isn't supported on AIX.

Reviewed By: hubert.reinterpretcast

Differential Revision: https://reviews.llvm.org/D85972
2020-08-25 11:35:38 -04:00
Kostya Kortchinsky bd5ca4f0ed [scudo][standalone] Skip irrelevant regions during release
With the 'new' way of releasing on 32-bit, we iterate through all the
regions in between `First` and `Last`, which covers regions that do not
belong to the class size we are working with. This is effectively wasted
cycles.

With this change, we add a `SkipRegion` lambda to `releaseFreeMemoryToOS`
that will allow the release function to know when to skip a region.
For the 64-bit primary, since we are only working with 1 region, we never
skip.

Reviewed By: hctim

Differential Revision: https://reviews.llvm.org/D86399
2020-08-25 07:41:02 -07:00
Anatoly Trosinenko b9f49d13fd [compiler-rt][builtins] Add more test cases for __div[sdt]f3 LibCalls
* Make the three tests look more uniformly
* Explicitly specify types of integer and floating point literals
* Add more test cases (mostly inspired by divtf3_test.c)
  - tests are added for obviously special cases such as +/-Inf, +/-0.0 and some
    more implementation-specific cases such as divisor being almost 1.0
* Make NaN in the second test case of `divtf3` to be `sNaN` instead of
  testing for `qNaN` again

Reviewed By: sepavloff

Differential Revision: https://reviews.llvm.org/D84932
2020-08-25 16:19:23 +03:00
Ilya Leoshkevich 151f603199 [libFuzzer] Un-XFAIL msan.test on SystemZ
After https://reviews.llvm.org/D86382 it works.

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D86184
2020-08-25 15:01:55 +02:00
Alex Richardson 39d2506461 Fix crypt.cpp sanitizer test on FreeBSD
FreeBSD doesn't provide a crypt.h header but instead defines the functions
in unistd.h. Use __has_include() to handle that case.

Reviewed By: #sanitizers, vitalybuka

Differential Revision: https://reviews.llvm.org/D85406
2020-08-25 12:20:33 +01:00
Alex Richardson 5695fa9190 [asan] Also allow for SIGBUS in high-address-dereference.c
FreeBSD delivers a SIGBUS signal for bad addresses rather than SIGSEGV.

Reviewed By: #sanitizers, vitalybuka, yln

Differential Revision: https://reviews.llvm.org/D85409
2020-08-25 12:20:33 +01:00
Rainer Orth e3585ff7af [compiler-rt][asan][test] Set LD_LIBRARY_PATH_{32,64} on Solaris
The dynamically linked ASan tests rely on `LD_LIBRARY_PATH` to find
`libclang_rt.asan-*.so` at runtime.

However, the Solaris runtime linker `ld.so.1` also supports more specific
variables: `LD_LIBRARY_PATH_32` and `LD_LIBRARY_PATH_64` respectively.  If
those happen to be set, `LD_LIBRARY_PATH` is ignored.  In such a case, all
dynamically linked ASan tests `FAIL`.  For i386 alone, this affects about
200 tests.

The following patch fixes that by also setting `LD_LIBRARY_PATH_{32,64}` on
Solaris.

Tested on `amd64-pc-solaris2.11` both with only `LD_LIBRARY_PATH` set and
with `LD_LIBRARY_PATH_{32,64}` set too.

Differential Revision: https://reviews.llvm.org/D86333
2020-08-25 09:36:51 +02:00
Mateusz Mikuła 879c1db5d2 [Compiler-RT] Fix profiler building with MinGW GCC
Differential Revision: https://reviews.llvm.org/D86405
2020-08-25 10:22:53 +03:00
Freddy Ye e02d081f2b [X86] Support -march=sapphirerapids
Support -march=sapphirerapids for x86.
Compare with Icelake Server, it includes 14 more new features. They are
amxtile, amxint8, amxbf16, avx512bf16, avx512vp2intersect, cldemote,
enqcmd, movdir64b, movdiri, ptwrite, serialize, shstk, tsxldtrk, waitpkg.

Reviewed By: craig.topper

Differential Revision: https://reviews.llvm.org/D86503
2020-08-25 14:21:21 +08:00
Julian Lettner c1d25e9a82 [TSan][libdispatch] Add interceptors for dispatch_barrier_async_and_wait(), pt. 2
Also intercept these target functions on Linux.
2020-08-24 14:37:34 -07:00
Julian Lettner fa0a855c73 [TSan][libdispatch] Add interceptors for dispatch_barrier_async_and_wait()
Add interceptors for the barrier variants of the "async and wait"
dispatch API family.
2020-08-24 14:01:04 -07:00
Shoaib Meenai 2c80e2fe51 [runtimes] Use llvm-libtool-darwin for runtimes build
It's full featured now and we can use it for the runtimes build instead
of relying on an external libtool, which means the CMAKE_HOST_APPLE
restriction serves no purpose either now. Restrict llvm-lipo to Darwin
targets while I'm here, since it's only needed there.

Reviewed By: phosek

Differential Revision: https://reviews.llvm.org/D86367
2020-08-24 13:48:30 -07:00
Shoaib Meenai 26c1d689ae [compiler-rt] Disable ranlib when using libtool
libtool already produces a table of contents, and ranlib just gives
spurious errors because it doesn't understand universal binaries.

Reviewed By: phosek

Differential Revision: https://reviews.llvm.org/D86365
2020-08-24 13:48:28 -07:00
Julian Lettner 2b7a2cbb15 [TSan][Darwin] Handle NULL argument in interceptor
Handle NULL address argument in the `mach_vm_[de]allocate()`
interceptors and fix test: `Assignment 2` is not valid if we weren't
able to re-allocate memory.

rdar://67680613
2020-08-24 11:36:02 -07:00
Dokyung Song 9659b81b2a [libFuzzer] Make msan.test:SimpleCmpTest succeed with less trials.
Currently SimpleCmpTest passes after 9,831,994 trials on x86_64/Linux
when the number of given trials is 10,000,000, just a little bigger than
that. This patch modifies SimpleCmpTest.cpp so that the test passes with less
trials, reducing its chances of future failures as libFuzzer evolves. More
specifically, this patch changes a 32-bit equality check to a 8-bit equality
check, making this test pass at 4,635,303 trials.

Differential Revision: https://reviews.llvm.org/D86382
2020-08-24 14:45:39 +00:00
Julian Lettner cc62373915 [ASan][Darwin] Enable test on additional platforms 2020-08-21 11:13:09 -07:00
Azharuddin Mohammed 8831e34771 Revert "[libFuzzer] Fix arguments of InsertPartOf/CopyPartOf calls in CrossOver mutator."
This reverts commit bb54bcf849.

It is causing the value-profile-load.test test to fail on macOS.
2020-08-21 09:58:50 -07:00
Azharuddin Mohammed 7ed3286a51 [LibFuzzer] [tests] [Darwin] Use the pthread library from the SDK 2020-08-21 09:22:13 -07:00
Luís Marques 57903cf093 [compiler-rt][RISCV] Use muldi3 builtin assembly implementation
D80465 added an assembly implementation of muldi3 for RISC-V but it didn't
add it to the cmake `*_SOURCES` list, so the C implementation was being used
instead. This patch fixes that.

Differential Revision: https://reviews.llvm.org/D86036
2020-08-21 13:06:35 +01:00
Craig Topper df9a9bb7be [X86] Correct the implementation of the testFeature macro in getIntelProcessorTypeAndSubtype to do a proper bit test.
Instead of ANDing with a one hot mask representing the bit to
be tested, we were ANDing with just the bit number. This tests
multiple bits none of them the correct one.

This caused skylake-avx512, cascadelake and cooperlake to all
be misdetected. Based on experiments with the Intel SDE, it seems
that all of these CPUs are being detected as being cooperlake.
This is bad since its the newest CPU of the 3.
2020-08-20 23:50:45 -07:00
Vitaly Buka 66c882e529 Revert "[libFuzzer] Fix value-profile-load test."
D86247 fails on Windows.

This reverts commit 428bebaf10.
2020-08-20 17:49:12 -07:00
Vitaly Buka ea9bf460a8 [NFC][libFuzzer] Try to fix test on Windows
Broken after D86247
2020-08-20 17:33:51 -07:00
Julian Lettner 53aff8d864 [Darwin][iOS] Enable test on non-macOS platforms
We are now using a properly-substituted minimal deployment target
compiler flag (`%min_macos_deployment_target=10.11`).  Enable test on
iOS and watchOS plus simulators.  We are also not testing on very old
platforms anymore, so we can remove some obsolete lit infrastructure.
2020-08-20 16:40:32 -07:00
Julian Lettner 1f3c92f968 [compiler-rt][Darwin] Refactor minimum deployment target substitutions
* Support macOS 11+ version scheme
* Standardize substitution name `%min_deployment_target=x.y`
* Remove unneeded error cases (the input version is hard-coded)
* Specify version as tuple instead of string; no need to parse it

These changes should also facilitate a future addition of a substitution
that expands to "set deployment target to current target version"
(https://reviews.llvm.org/D70151).

Reviewed By: delcypher

Differential Revision: https://reviews.llvm.org/D85925
2020-08-20 16:22:56 -07:00
Julian Lettner d9b062ad87 [TSan][Darwin] Remove unnecessary lit substitution
We don't test on very old versions of Apple platforms anymore.  The
following lit substitution concerning the minimum deployment target for
ARC support can be removed.

```
%darwin_min_target_with_full_runtime_arc_support -> 10.11
```

Differential Revision: https://reviews.llvm.org/D85803
2020-08-20 13:00:32 -07:00
Julian Lettner 6222a28db5 [TSan][Darwin] Enable test on non-macOS platforms
After removing the unnecessary `-mmacosx-version-min=10.12` compiler
flag this test can run on all platforms.  I confirmed that this test is
green for iOS, iOS simulator, and watchOS simulator.

Differential Revision: https://reviews.llvm.org/D85952
2020-08-20 12:28:05 -07:00
Raphael Isemann adf0b8cc70 Revert "[compiler-rt] Compile assembly files as ASM not C"
This reverts commit d58fd4e521. This broke
compiler-rt compilation on macOS:

codesign --sign - /Users/buildslave/jenkins/workspace/lldb-cmake/lldb-build/lib/clang/12.0.99/lib/darwin/libclang_rt.tsan_ios_dynamic.dylib
ld: warning: ignoring file projects/compiler-rt/lib/tsan/CMakeFiles/clang_rt.tsan_ios_dynamic.dir/rtl/tsan_rtl_amd64.S.o, building for iOS-arm64 but attempting to link with file built for iOS Simulator-x86_64
ld: warning: ignoring file projects/compiler-rt/lib/tsan/CMakeFiles/clang_rt.tsan_ios_dynamic.dir/rtl/tsan_rtl_aarch64.S.o, building for iOS-arm64 but attempting to link with file built for iOS Simulator-x86_64
Undefined symbols for architecture arm64:
  "_wrap__setjmp", referenced from:
      substitution__setjmp in tsan_interceptors_posix.cpp.o
  "_wrap_setjmp", referenced from:
      substitution_setjmp in tsan_interceptors_posix.cpp.o
  "_wrap_sigsetjmp", referenced from:
      substitution_sigsetjmp in tsan_interceptors_posix.cpp.o
ld: symbol(s) not found for architecture arm64
2020-08-20 15:25:22 +02:00