Commit Graph

12563 Commits

Author SHA1 Message Date
Michał Górny e73c662b9e [compiler-rt] [test] Disable MPROTECT for XRay tests on NetBSD 2019-12-20 22:08:01 +01:00
Kostya Kortchinsky 0fd6f19025 [scudo][standalone] Support __BIONIC__
Summary:
Some Android builds that we are interested in define `__BIONIC__`
but not `__ANDROID__`, so expand `SCUDO_ANDROID` to encompass those.

Reviewers: cferris, hctim, pcc, eugenis, morehouse

Subscribers: krytarowski, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D71772
2019-12-20 12:59:33 -08:00
Evgenii Stepanov ddf897fc80 [msan] Check qsort input.
Summary:
Qsort interceptor suppresses all checks by unpoisoning the data in the
wrapper of a comparator function, and then unpoisoning the output array
as well.

This change adds an explicit run of the comparator on all elements of
the input array to catch any sanitizer bugs.

Reviewers: vitalybuka

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D71780
2019-12-20 12:41:57 -08:00
Evgenii Stepanov 07861e955d [msan] Intercept qsort, qsort_r.
Summary:
This fixes qsort-related false positives with glibc-2.27.
I'm not entirely sure why they did not show up with the earlier
versions; the code seems similar enough.

Reviewers: vitalybuka

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D71740
2019-12-20 12:27:09 -08:00
Michał Górny 190b9110c2 [compiler-rt] [test] Disable MPROTECT on two builtin tests
Introduce a new %run_nomprotect substitution to run tests that do not
work with MPROTECT enabled.  This uses paxctl via a wrapper on NetBSD,
and evaluates to plain %run on other systems.

Differential Revision: https://reviews.llvm.org/D71513
2019-12-20 17:50:53 +01:00
Kostya Kortchinsky 77e906ac78 [scudo][standalone] Implement TSD registry disabling
Summary:
In order to implement `malloc_{enable|disable}` we were just disabling
(or really locking) the Primary and the Secondary. That meant that
allocations could still be serviced from the TSD as long as the cache
wouldn't have to be filled from the Primary.

This wasn't working out for Android tests, so this change implements
registry disabling (eg: locking) so that `getTSDAndLock` doesn't
return a TSD if the allocator is disabled. This also means that the
Primary doesn't have to be disabled in this situation.

For the Shared Registry, we loop through all the TSDs and lock them.
For the Exclusive Registry, we add a `Disabled` boolean to the Registry
that forces `getTSDAndLock` to use the Fallback TSD instead of the
thread local one. Disabling the Registry is then done by locking the
Fallback TSD and setting the boolean in question (I don't think this
needed an atomic variable but I might be wrong).

I clang-formatted the whole thing as usual hence the couple of extra
whiteline changes in this CL.

Reviewers: cferris, pcc, hctim, morehouse, eugenis

Subscribers: jfb, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D71719
2019-12-20 06:52:13 -08:00
Michał Górny 20345707b2 [compiler-rt] [test] Add missing %run to fread_fwrite MSAN test
Add a missing %run substitution to fread_fwrite test.  This fixes
the test on NetBSD where %run disables ASLR as necessary for MSAN
to function.

Differential Revision: https://reviews.llvm.org/D71623
2019-12-19 20:28:00 +01:00
Dmitri Gribenko 0109efe751 Revert "Support powerpc when builing without init_array."
This reverts commit 5789e83ded. It broke
the build on aarch64.
2019-12-19 11:25:14 +01:00
Kamil Rytarowski 3a189bac9b [compiler-rt] Enable SANITIZER_CAN_USE_PREINIT_ARRAY on NetBSD
.preinit_array is supported since 9.0.
2019-12-19 03:23:51 +01:00
Kamil Rytarowski d15241ed2c [compiler-rt] [fuzzer] Enable LSan in libFuzzer tests on NetBSD 2019-12-19 01:16:14 +01:00
Kamil Rytarowski 7e8541f3df [compiler-rt] [fuzzer] Include stdarg.h for va_list
Fixes build on NetBSD after 139e216e66.
2019-12-19 01:11:39 +01:00
Sterling Augustine 5789e83ded Support powerpc when builing without init_array.
Summary: Also add an error case when targetting an unimplement architecture.

Subscribers: nemanjai, jsji, shchenz, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D71670
2019-12-18 13:37:08 -08:00
Kamil Rytarowski 3f96686700 Correct version check 9.9.26 -> 9.99.26 2019-12-18 21:10:33 +01:00
Mitch Phillips 2f4c3c565a [NFC] Fix sanitizer lint problem that's breaking Android bot.
Fixes the lint issue introduced by
e14ff22694
2019-12-18 08:47:31 -08:00
Michał Górny d3d1ca14ce [compiler-rt] [test] Disable ASLR on UBSAN+[AMT]SAN tests on NetBSD 2019-12-18 17:21:15 +01:00
Michał Górny 9102a59084 [compiler-rt] [test] Disable ASLR on LSAN+ASAN tests on NetBSD 2019-12-18 17:21:14 +01:00
Michał Górny d372576d8a [compiler-rt] [test] Disable ASLR for fuzzer tests on NetBSD 2019-12-18 16:51:31 +01:00
Kamil Rytarowski e14ff22694 [compiler-rt] Sync NetBSD ioctl definitions with 9.99.26
Document the minimal version supported to 9.0.
2019-12-18 15:44:01 +01:00
Thomas Preud'homme ddd0bb8dba [lit] Remove lit's REQUIRES-ANY directive
Summary:
Remove REQUIRES-ANY alias lit directive since it is hardly used and can
be easily implemented using an OR expression using REQUIRES. Fixup
remaining testcases still using REQUIRES-ANY.

Reviewers: probinson, jdenny, gparker42

Reviewed By: gparker42

Subscribers: eugenis, asb, rbar, johnrusso, simoncook, sabuasal, niosHD, delcypher, jrtc27, zzheng, edward-jones, rogfer01, MartinMosbeck, brucehoult, the_o, PkmX, jocewei, lenary, s.egerton, pzheng, sameer.abuasal, apazos, luismarques, cfe-commits, #sanitizers, llvm-commits

Tags: #llvm, #clang, #sanitizers

Differential Revision: https://reviews.llvm.org/D71408
2019-12-17 10:36:36 +00:00
Igor Kudrin a57adc7a0b [sanitizer] Construct InternalMmapVector without memory allocation.
Construction of InternalMmapVector is often followed by a call to
reserve(), which may result in immediate reallocation of the memory
for the internal storage. This patch delays that allocation until
it is really needed.

Differential Revision: https://reviews.llvm.org/D71342
2019-12-17 15:03:23 +07:00
Dan Liew e2bcc33b50 Change `asan/TestCases/Darwin/malloc_zone-protected.cpp` to call abort so that it **always crashes**.
Summary:
This is needed because on some platforms we can't install signal
handlers and so the application just traps (i.e. crashes) rather than being intercepted
by ASan's signal handler which in the default Darwin config doesn't
exit with a crashing exit code.

rdar://problem/57984547

Reviewers: yln, kubamracek, jfb

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D71573
2019-12-16 16:37:50 -08:00
Julian Lettner f9a706a36a [TSan][Darwin] Avoid calling pthread_self() before libpthread is initialized
This skips calling `pthread_self` when `main_thread_identity` hasn't
been initialized yet.  `main_thread_identity` is only ever assigned in
`__tsan::InitializePlatform`.  This change should be relatively safe; we
are not changing behavior other than skipping the call to `pthread_self`
when `main_thread_identity == 0`.

rdar://57822138

Reviewed By: kubamracek

Differential Revision: https://reviews.llvm.org/D71559
2019-12-16 13:10:51 -08:00
Vedant Kumar ed83942bc0 [ubsan] Enable testing of .m files
This allows `.m` test files, like the existing Misc/bool.m, to be
tested.
2019-12-13 14:55:29 -08:00
Alex Richardson 9cb7a1be2a [LSAN] Increase stack space for guard-page.c test
Summary:
When running the tests on a Ubuntu 18.04 machine this test is crashing for
me inside the runtime linker. My guess is that it is trying to save more
registers (possibly large vector ones) and the current stack space is not
sufficient.

Reviewers: samsonov, kcc, eugenis

Reviewed By: eugenis

Subscribers: eugenis, merge_guards_bot, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D71461
2019-12-13 21:40:03 +00:00
Mitch Phillips d6c445ea69 [NFC] Guard scudo_standalone's optional dependency on GWP-ASan behind flags. 2019-12-13 10:55:53 -08:00
Mitch Phillips a00cd6dfea [GWP-ASan] [Scudo] ifdef entire GWP-ASan tests.
Turns out that gtest in LLVM is only 1.8.0 (the newest version 1.10.0)
supports the GTEST_SKIP() macro, and apparently I didn't build w/o
GWP-ASan.

Should fix the GN bot, as well as any bots that may spuriously break on
platforms where the code wasn't correctly ifdef'd out as well.
2019-12-13 09:45:28 -08:00
Mitch Phillips ed4618edb3 [Scudo] [GWP-ASan] Add GWP-ASan to Scudo Standalone.
Summary:
Adds GWP-ASan to Scudo standalone. Default parameters are pulled across from the
GWP-ASan build. No backtrace support as of yet.

Reviewers: cryptoad, eugenis, pcc

Reviewed By: cryptoad

Subscribers: merge_guards_bot, mgorny, #sanitizers, llvm-commits, cferris, vlad.tsyrklevich, pcc

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D71229
2019-12-13 09:09:41 -08:00
Julian Lettner cdb4560557 [iOS sim] Simplify iossim_run.py script 2019-12-12 17:34:08 -08:00
Eric Christopher 3ecfe64fe3 [sanitizers] Redirect stdout and stderr to TASK_LOG
At some point cpplint.py became very noisy during a build spewing
a few hundred lines of "Done processing..." even with SILENT=1 in
cmake. This attempts to redirect the stdout of "Done processing" to
the task log along with any errors.

Tested by this with and without SILENT=1 to check things.

Differential Revision: https://reviews.llvm.org/D71402
Reviewed By: eugenis
2019-12-12 13:11:16 -08:00
Max Moroz 926fa4088c [compiler-rt] libFuzzer: update -merge_control_file= help message.
Summary:
The motivation for this change is to have a distinguisher in libFuzzer
that would let the runner know whether multistep merge is supported or not by
a particular fuzz target binary. Otherwise, multistep merge fails to execute
with older version of libFuzzer, and there is no way to verify that easily.

Reviewers: kcc

Subscribers: dberris, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D71423
2019-12-12 11:09:40 -08:00
Jonathan Metzman 23bee0b0cf [fuzzer] Add basic support for emscripten.
Summary:
Add basic support for emscripten.

This enables libFuzzer to build (using build.sh) for emscripten and fuzz
a target compiled with
-fsanitize-coverage=inline-8bit-counters.

Basic fuzzing and bug finding work with this commit.
RSS limit and timeouts will not work because they depend on system
functions that are not implemented/widely supported in emscripten.

Reviewers: kcc, vitalybuka, hctim

Reviewed By: hctim

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D71285
2019-12-12 08:56:47 -08:00
Eric Christopher 6c79095576 Revert unintentional change to compiler-rt as part of the __bit_reference revert. 2019-12-12 00:31:23 -08:00
Calixte Denizet 02ce9d8ef5 [compiler-rt] Add a critical section when flushing gcov counters
Summary:
Counters can be flushed in a multi-threaded context for example when the process is forked in different threads (https://github.com/llvm/llvm-project/blob/master/llvm/lib/Transforms/Instrumentation/GCOVProfiling.cpp#L632-L663).
In order to avoid pretty bad things, a critical section is needed around the flush.
We had a lot of crashes in this code in Firefox CI when we switched to clang for linux ccov builds and those crashes disappeared with this patch.

Reviewers: marco-c, froydnj, dmajor, davidxl, vsk

Reviewed By: marco-c, dmajor

Subscribers: ahatanak, froydnj, dmajor, dberris, jfb, #sanitizers, llvm-commits, sylvestre.ledru

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D70910
2019-12-12 09:23:32 +01:00
Eric Christopher fa0fc04a4f Temporarily Revert "[libc++] Fix -Wdeprecated-copy warnings in __bit_reference"
as it's causing test failures due to mismatched visibility.

This reverts commit 02bb20223b.
2019-12-12 00:22:37 -08:00
Julian Lettner 6e3b60625b [TSan] Pacify flaky test on Darwin
This flaky test that I added really gives our CI a lot of headaches.
Although I was never able to reproduce this locally, it sporadically
hangs/fails on our bots.  I decided to silently pass the test whenever
we are unable to setup the proper test condition after 10 retries.  This
is of course suboptimal and a last recourse.  Please let me know if you
know how to test this better.

rdar://57844626
2019-12-11 12:56:52 -08:00
Vedant Kumar 5a486e0f15 [profile] Avoid allocating a page on the stack, NFC
When writing out a profile, avoid allocating a page on the stack for the
purpose of writing out zeroes, as some embedded environments do not have
enough stack space to accomodate this.

Instead, use a small, fixed-size zero buffer that can be written
repeatedly.

For a synthetic file with >100,000 functions, I did not measure a
significant difference in profile write times. We are removing a
page-length zero-fill `memset()` in favor of several smaller buffered
`fwrite()` calls: in practice, I am not sure there is much of a
difference. The performance impact is only expected to affect the
continuous sync mode (%c) -- zero padding is less than 8 bytes in all
other cases.

rdar://57810014

Differential Revision: https://reviews.llvm.org/D71323
2019-12-11 10:04:00 -08:00
Vedant Kumar d25437e957 [profile] Delete stale profiles in test/profile/instrprof-value-prof.test, NFC 2019-12-11 10:03:59 -08:00
Vedant Kumar 13a517445f [profile] Delete stale profile in test/profile/instrprof-set-filename.c, NFC 2019-12-11 10:03:59 -08:00
Igor Kudrin 3a713ae5fa [SanitizerCommon] Reduce wasting memory in LowLevelAllocator.
MmapOrDie allocates memory multiple to page size. LowLevelAllocator
should use all that memory for the internal buffer because there are
chances that subsequent requests may be small enough to fit in that
space.

Differential Revision: https://reviews.llvm.org/D71275
2019-12-11 12:44:55 +07:00
Peter Collingbourne 9fbfdd2bfe scudo: Tweak how we align UserPtr. NFCI.
Instead of testing whether the pointer is aligned, just align it
unconditionally and compare it to the original pointer.

This moves the computation of UserPtr up to before we start preparing the
header, so that the memory tagging code will be able to read the original
header containing the bounds of the previous allocation before it gets
potentially clobbered by the pointer realignment code.

Differential Revision: https://reviews.llvm.org/D71292
2019-12-10 12:09:47 -08:00
Peter Collingbourne e966416ff1 scudo: Move getChunkFromBlock() allocated check into caller. NFCI.
With tag-on-free we will need to get the chunk of a deallocated block. Change
getChunkFromBlock() so that it doesn't check that the chunk is allocated,
and move the check into the caller, so that it can be reused for this purpose.

Differential Revision: https://reviews.llvm.org/D71291
2019-12-10 12:08:52 -08:00
Vedant Kumar 8c7d5c8b2b [profile] Add explanatory comments to instrprof-darwin-exports.c, NFC 2019-12-10 09:45:04 -08:00
Kostya Kortchinsky b36b16372d [scudo][standalone] Define hasHardwareCRC32 for other archs
Summary:
The function was only defined for x86 and arm families, which ends
up being an issue for PPC in g3.

Define the function, simply returning `false` for "other"
architectures.

Reviewers: hctim, pcc, cferris, eugenis, vitalybuka

Subscribers: kristof.beyls, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D71223
2019-12-10 07:41:46 -08:00
Akira Hatanaka 78a7af456d Revert "[compiler-rt] Add a critical section when flushing gcov counters"
This reverts commit 88f5bf77f9 as it broke
green dragon bots.

http://lab.llvm.org:8080/green/job/clang-stage1-RA/4401/
2019-12-09 19:58:26 -08:00
Eric Christopher 22d516261a Remove unused Unit test directory for xray. 2019-12-09 18:40:44 -08:00
Evgenii Stepanov 9ef451d1fd [hwasan] Offline symbolization script.
Summary:
A script to symbolize hwasan reports after the fact using unstripped
binaries. Supports stack-based reports. Requires llvm-symbolizer
(addr2line is not an option).

Reviewers: pcc, hctim

Subscribers: mgorny, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D71148
2019-12-09 13:46:11 -08:00
Peter Collingbourne 29f0a65671 scudo: Add a basic malloc/free benchmark.
Differential Revision: https://reviews.llvm.org/D71104
2019-12-09 10:10:19 -08:00
Mitch Phillips 26fd95680b [GWP-ASan] 32-bit test pointers, allow multi-init for test.
Summary:
GWP-ASan test currently fail on 32-bit platforms, as some of the pointers are
larger than `uintptr_t` on 32-bit platforms. Fix up all those instances.

Also add an uncompress varint test where the result is an underflow.

Furthermore, allow multi-init for testing. Each gtest when running
`check-gwp_asan` apparently runs in its own instance, but when integrating
these tests into Android, this behaviour isn't the same. We remove the
global multi-init check here, to allow for testing to work elsewhere, and we're
not really worried about multi-init anyway as it's part of our contract with
the allocator.

Reviewers: eugenis, vlad.tsyrklevich

Reviewed By: eugenis

Subscribers: #sanitizers, llvm-commits, pcc

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D71121
2019-12-09 08:19:54 -08:00
Calixte Denizet 88f5bf77f9 [compiler-rt] Add a critical section when flushing gcov counters
Summary:
Counters can be flushed in a multi-threaded context for example when the process is forked in different threads (https://github.com/llvm/llvm-project/blob/master/llvm/lib/Transforms/Instrumentation/GCOVProfiling.cpp#L632-L663).
In order to avoid pretty bad things, a critical section is needed around the flush.
We had a lot of crashes in this code in Firefox CI when we switched to clang for linux ccov builds and those crashes disappeared with this patch.

Reviewers: marco-c, froydnj, dmajor, davidxl

Reviewed By: marco-c, dmajor

Subscribers: froydnj, dmajor, dberris, jfb, #sanitizers, llvm-commits, sylvestre.ledru

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D70910
2019-12-09 10:39:55 +01:00
Michał Górny 6c2b2b9e20 [compiler-rt] [test] Disable ASLR on ASAN/MSAN/TSAN tests on NetBSD
Use a new %run wrapper for ASAN/MSAN/TSAN tests that calls paxctl
in order to disable ASLR on the test executables.  This makes it
possible to test sanitizers on systems where ASLR is enabled by default.

Differential Revision: https://reviews.llvm.org/D70958
2019-12-06 08:09:01 +01:00
Peter Collingbourne c8a2882a97 scudo: Fix one of the C wrapper tests on Android.
The test ScudoWrappersCTest.Realloc expects realloc of memalign to work on
Android, but this relies on dealloc_type_mismatch being set to false. Commit
0d3d4d3b0 caused us to start setting it to true in the C wrapper tests,
which broke the test. Set it to the correct value on Android.

Differential Revision: https://reviews.llvm.org/D71078
2019-12-05 11:15:31 -08:00
Peter Collingbourne 0cfe0a7bb0 scudo: Fix the build of wrappers_c_test.cpp on Android.
The Android headers don't provide a declaration of valloc or pvalloc, so we
need to declare them ourselves.

Differential Revision: https://reviews.llvm.org/D71077
2019-12-05 11:15:00 -08:00
Max Moroz a44ef027eb [compiler-rt] FuzzedDataProvider: do not call memcpy on empty vector.
Summary:
Some versions of memcpy mark pointer arguments as __nonnull, that triggers UBSan
errors even when the length passed is 0.

Reviewers: manojgupta, metzman

Subscribers: dberris, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D71031

[compiler-rt] FDP: assert that num_bytes_to_consume == 0 when size == 0.
2019-12-04 14:18:52 -08:00
Vedant Kumar f208b70fbc Revert "[Coverage] Revise format to reduce binary size"
This reverts commit e18531595b.

On Windows, there is an error:

http://lab.llvm.org:8011/builders/sanitizer-windows/builds/54963/steps/stage%201%20check/logs/stdio

error: C:\b\slave\sanitizer-windows\build\stage1\projects\compiler-rt\test\profile\Profile-x86_64\Output\instrprof-merging.cpp.tmp.v1.o: Failed to load coverage: Malformed coverage data
2019-12-04 10:35:14 -08:00
Vedant Kumar e18531595b [Coverage] Revise format to reduce binary size
Revise the coverage mapping format to reduce binary size by:

1. Naming function records and marking them `linkonce_odr`, and
2. Compressing filenames.

This shrinks the size of llc's coverage segment by 82% (334MB -> 62MB)
and speeds up end-to-end single-threaded report generation by 10%. For
reference the compressed name data in llc is 81MB (__llvm_prf_names).

Rationale for changes to the format:

- With the current format, most coverage function records are discarded.
  E.g., more than 97% of the records in llc are *duplicate* placeholders
  for functions visible-but-not-used in TUs. Placeholders *are* used to
  show under-covered functions, but duplicate placeholders waste space.

- We reached general consensus about giving (1) a try at the 2017 code
  coverage BoF [1]. The thinking was that using `linkonce_odr` to merge
  duplicates is simpler than alternatives like teaching build systems
  about a coverage-aware database/module/etc on the side.

- Revising the format is expensive due to the backwards compatibility
  requirement, so we might as well compress filenames while we're at it.
  This shrinks the encoded filenames in llc by 86% (12MB -> 1.6MB).

See CoverageMappingFormat.rst for the details on what exactly has
changed.

Fixes PR34533 [2], hopefully.

[1] http://lists.llvm.org/pipermail/llvm-dev/2017-October/118428.html
[2] https://bugs.llvm.org/show_bug.cgi?id=34533

Differential Revision: https://reviews.llvm.org/D69471
2019-12-04 10:10:55 -08:00
Alex Lorenz ad871e4295 [compiler-rt] Disable fuzzer large.test when LLVM_ENABLE_EXPENSIVE_CHECKS=ON
This test is timing out on Green Dragon http://green.lab.llvm.org/green/job/clang-stage1-cmake-RA-expensive/
and looks like it's not executed on other bots with expensive checks
enabled
http://lab.llvm.org:8011/builders/llvm-clang-x86_64-expensive-checks-ubuntu
http://lab.llvm.org:8011/builders/llvm-clang-x86_64-expensive-checks-win

The test times out at the C++ source file takes too long to build (2+ hours on my machine), as
clang spends a lot of time in IR/MIR verifiers.

Differential Revision: https://reviews.llvm.org/D70024
2019-12-03 14:37:37 -08:00
Dan Liew 96c8024e2e Rename `tsan/race_range_pc.cc` to `test/tsan/race_range_pc.cpp`.
The old suffix was preventing it from being executed by default.
2019-12-03 09:49:25 -08:00
Kostya Kortchinsky 5595249e48 [scudo][standalone] Add chunk ownership function
Summary:
In order to be compliant with tcmalloc's extension ownership
determination function, we have to expose a function that will
say if a chunk was allocated by us.

As to whether or not this has security consequences: someone
able to call this function repeatedly could use it to determine
secrets (cookie) or craft a valid header. So this should not be
exposed directly to untrusted user input.

Add related tests.

Additionally clang-format caught a few things to change.

Reviewers: hctim, pcc, cferris, eugenis, vitalybuka

Subscribers: JDevlieghere, jfb, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D70908
2019-12-03 08:32:26 -08:00
Yi Kong acc79aa0e7 Revert "Revert 1689ad27af "[builtins] Implement rounding mode support for i386/x86_64""
Don't build specilised fp_mode.c on MSVC since it does not support
inline ASM on x86_64.

This reverts commit a19f0eec94.
2019-11-27 17:29:20 -08:00
Roman Lebedev b98a0c7f6c
[clang][CodeGen] Implicit Conversion Sanitizer: handle increment/decrement (PR44054)(take 2)
Summary:
Implicit Conversion Sanitizer is *almost* feature complete.
There aren't *that* much unsanitized things left,
two major ones are increment/decrement (this patch) and bit fields.

As it was discussed in
[[ https://bugs.llvm.org/show_bug.cgi?id=39519 | PR39519 ]],
unlike `CompoundAssignOperator` (which is promoted internally),
or `BinaryOperator` (for which we always have promotion/demotion in AST)
or parts of `UnaryOperator` (we have promotion/demotion but only for
certain operations), for inc/dec, clang omits promotion/demotion
altogether, under as-if rule.

This is technically correct: https://rise4fun.com/Alive/zPgD
As it can be seen in `InstCombineCasts.cpp` `canEvaluateTruncated()`,
`add`/`sub`/`mul`/`and`/`or`/`xor` operators can all arbitrarily
be extended or truncated:
901cd3b3f6/llvm/lib/Transforms/InstCombine/InstCombineCasts.cpp (L1320-L1334)

But that has serious implications:
1. Since we no longer model implicit casts, do we pessimise
   their AST representation and everything that uses it?
2. There is no demotion, so lossy demotion sanitizer does not trigger :]

Now, i'm not going to argue about the first problem here,
but the second one **needs** to be addressed. As it was stated
in the report, this is done intentionally, so changing
this in all modes would be considered a penalization/regression.
Which means, the sanitization-less codegen must not be altered.

It was also suggested to not change the sanitized codegen
to the one with demotion, but i quite strongly believe
that will not be the wise choice here:
1. One will need to re-engineer the check that the inc/dec was lossy
   in terms of `@llvm.{u,s}{add,sub}.with.overflow` builtins
2. We will still need to compute the result we would lossily demote.
   (i.e. the result of wide `add`ition/`sub`traction)
3. I suspect it would need to be done right here, in sanitization.
   Which kinda defeats the point of
   using `@llvm.{u,s}{add,sub}.with.overflow` builtins:
   we'd have two `add`s with basically the same arguments,
   one of which is used for check+error-less codepath and other one
   for the error reporting. That seems worse than a single wide op+check.
4. OR, we would need to do that in the compiler-rt handler.
   Which means we'll need a whole new handler.
   But then what about the `CompoundAssignOperator`,
   it would also be applicable for it.
   So this also doesn't really seem like the right path to me.
5. At least X86 (but likely others) pessimizes all sub-`i32` operations
   (due to partial register stalls), so even if we avoid promotion+demotion,
   the computations will //likely// be performed in `i32` anyways.

So i'm not really seeing much benefit of
not doing the straight-forward thing.

While looking into this, i have noticed a few more LLVM middle-end
missed canonicalizations, and filed
[[ https://bugs.llvm.org/show_bug.cgi?id=44100 | PR44100 ]],
[[ https://bugs.llvm.org/show_bug.cgi?id=44102 | PR44102 ]].

Those are not specific to inc/dec, we also have them for
`CompoundAssignOperator`, and it can happen for normal arithmetics, too.
But if we take some other path in the patch, it will not be applicable
here, and we will have most likely played ourselves.

TLDR: front-end should emit canonical, easy-to-optimize yet
un-optimized code. It is middle-end's job to make it optimal.

I'm really hoping reviewers agree with my personal assessment
of the path this patch should take..

This originally landed in 9872ea4ed1
but got immediately reverted in cbfa237892
because the assertion was faulty. That fault ended up being caused
by the enum - while there will be promotion, both types are unsigned,
with same width. So we still don't need to sanitize non-signed cases.
So far. Maybe the assert will tell us this isn't so.

Fixes [[ https://bugs.llvm.org/show_bug.cgi?id=44054 | PR44054 ]].
Refs. https://github.com/google/sanitizers/issues/940

Reviewers: rjmccall, erichkeane, rsmith, vsk

Reviewed By: erichkeane

Subscribers: mehdi_amini, dexonsmith, cfe-commits, #sanitizers, llvm-commits, aaron.ballman, t.p.northover, efriedma, regehr

Tags: #llvm, #clang, #sanitizers

Differential Revision: https://reviews.llvm.org/D70539
2019-11-27 21:52:41 +03:00
Peter Collingbourne b208088a21 scudo: Limit the number of bytes tested in a realloc test.
This test was previously effectively doing:
P = malloc(X); write X bytes to P; P = realloc(P, X - Y); P = realloc(P, X)
and expecting that all X bytes stored to P would still be identical after
the final realloc.

This happens to be true for the current scudo implementation of realloc,
but is not guaranteed to be true by the C standard ("Any bytes in the new
object beyond the size of the old object have indeterminate values.").
This implementation detail will change with the new memory tagging support,
which unconditionally zeros newly allocated granules when memory tagging
is enabled. Fix this by limiting the number of bytes that we test to the
minimum size that we realloc the allocation to.

Differential Revision: https://reviews.llvm.org/D70761
2019-11-27 10:32:34 -08:00
Peter Collingbourne 6fd6cfdf72 scudo: Replace a couple of macros with their expansions.
The macros INLINE and COMPILER_CHECK always expand to the same thing (inline
and static_assert respectively). Both expansions are standards compliant C++
and are used consistently in the rest of LLVM, so let's improve consistency
with the rest of LLVM by replacing them with the expansions.

Differential Revision: https://reviews.llvm.org/D70793
2019-11-27 10:12:27 -08:00
Peter Collingbourne f30fe16d49 scudo: Call setCurrentTSD(nullptr) when bringing down the TSD registry in tests.
Otherwise, we will hit a use-after-free when testing multiple instances of
the same allocator on the same thread. This only recently became a problem
with D70552 which caused us to run both ScudoCombinedTest.BasicCombined and
ScudoCombinedTest.ReleaseToOS on the unit tests' main thread.

Differential Revision: https://reviews.llvm.org/D70760
2019-11-27 09:55:14 -08:00
Martin Liska 2045d2c90e
Make memory dump same as the one in asan.
Shadow memory (and short granules) are not prepended with memory
address and arrow at the end of line is removed.

Differential Revision: https://reviews.llvm.org/D70707
2019-11-27 18:46:38 +01:00
Kostya Kortchinsky 0d3d4d3b0f [scudo][standalone] Make tests work on Fuchsia
Summary:
This CL makes unit tests compatible with Fuchsia's zxtest. This
required a few changes here and there, but also unearthed some
incompatibilities that had to be addressed.

A header is introduced to allow to account for the zxtest/gtest
differences, some `#if SCUDO_FUCHSIA` are used to disable incompatible
code (the 32-bit primary, or the exclusive TSD).

It also brought to my attention that I was using
`__scudo_default_options` in different tests, which ended up in a
single binary, and I am not sure how that ever worked. So move
this to the main cpp.

Additionally fully disable the secondary freelist on Fuchsia as we do
not track VMOs for secondary allocations, so no release possible.

With some modifications to Scudo's BUILD.gn in Fuchsia:
```
[==========] 79 tests from 23 test cases ran (10280 ms total).
[  PASSED  ] 79 tests
```

Reviewers: mcgrathr, phosek, hctim, pcc, eugenis, cferris

Subscribers: srhines, jfb, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D70682
2019-11-27 09:17:40 -08:00
Hans Wennborg 900d8a9a3b [profile] Fix file contention causing dropped counts on Windows under -fprofile-generate
See PR43425:
https://bugs.llvm.org/show_bug.cgi?id=43425

When writing profile data on Windows we were opening profile file with
exclusive read/write access.

In case we are trying to write to the file from multiple processes
simultaneously, subsequent calls to CreateFileA would return
INVALID_HANDLE_VALUE.

To fix this, I changed to open without exclusive access and then take a
lock.

Patch by Michael Holman!

Differential revision: https://reviews.llvm.org/D70330
2019-11-27 15:55:13 +01:00
Roman Lebedev cbfa237892
Revert "[clang][CodeGen] Implicit Conversion Sanitizer: handle increment/decrement (PR44054)"
The asssertion that was added does not hold,
breaks on test-suite/MultiSource/Applications/SPASS/analyze.c
Will reduce the testcase and revisit.

This reverts commit 9872ea4ed1, 870f3542d3.
2019-11-27 17:05:21 +03:00
Roman Lebedev 9872ea4ed1
[clang][CodeGen] Implicit Conversion Sanitizer: handle increment/decrement (PR44054)
Summary:
Implicit Conversion Sanitizer is *almost* feature complete.
There aren't *that* much unsanitized things left,
two major ones are increment/decrement (this patch) and bit fields.

As it was discussed in
[[ https://bugs.llvm.org/show_bug.cgi?id=39519 | PR39519 ]],
unlike `CompoundAssignOperator` (which is promoted internally),
or `BinaryOperator` (for which we always have promotion/demotion in AST)
or parts of `UnaryOperator` (we have promotion/demotion but only for
certain operations), for inc/dec, clang omits promotion/demotion
altogether, under as-if rule.

This is technically correct: https://rise4fun.com/Alive/zPgD
As it can be seen in `InstCombineCasts.cpp` `canEvaluateTruncated()`,
`add`/`sub`/`mul`/`and`/`or`/`xor` operators can all arbitrarily
be extended or truncated:
901cd3b3f6/llvm/lib/Transforms/InstCombine/InstCombineCasts.cpp (L1320-L1334)

But that has serious implications:
1. Since we no longer model implicit casts, do we pessimise
   their AST representation and everything that uses it?
2. There is no demotion, so lossy demotion sanitizer does not trigger :]

Now, i'm not going to argue about the first problem here,
but the second one **needs** to be addressed. As it was stated
in the report, this is done intentionally, so changing
this in all modes would be considered a penalization/regression.
Which means, the sanitization-less codegen must not be altered.

It was also suggested to not change the sanitized codegen
to the one with demotion, but i quite strongly believe
that will not be the wise choice here:
1. One will need to re-engineer the check that the inc/dec was lossy
   in terms of `@llvm.{u,s}{add,sub}.with.overflow` builtins
2. We will still need to compute the result we would lossily demote.
   (i.e. the result of wide `add`ition/`sub`traction)
3. I suspect it would need to be done right here, in sanitization.
   Which kinda defeats the point of
   using `@llvm.{u,s}{add,sub}.with.overflow` builtins:
   we'd have two `add`s with basically the same arguments,
   one of which is used for check+error-less codepath and other one
   for the error reporting. That seems worse than a single wide op+check.
4. OR, we would need to do that in the compiler-rt handler.
   Which means we'll need a whole new handler.
   But then what about the `CompoundAssignOperator`,
   it would also be applicable for it.
   So this also doesn't really seem like the right path to me.
5. At least X86 (but likely others) pessimizes all sub-`i32` operations
   (due to partial register stalls), so even if we avoid promotion+demotion,
   the computations will //likely// be performed in `i32` anyways.

So i'm not really seeing much benefit of
not doing the straight-forward thing.

While looking into this, i have noticed a few more LLVM middle-end
missed canonicalizations, and filed
[[ https://bugs.llvm.org/show_bug.cgi?id=44100 | PR44100 ]],
[[ https://bugs.llvm.org/show_bug.cgi?id=44102 | PR44102 ]].

Those are not specific to inc/dec, we also have them for
`CompoundAssignOperator`, and it can happen for normal arithmetics, too.
But if we take some other path in the patch, it will not be applicable
here, and we will have most likely played ourselves.

TLDR: front-end should emit canonical, easy-to-optimize yet
un-optimized code. It is middle-end's job to make it optimal.

I'm really hoping reviewers agree with my personal assessment
of the path this patch should take..

Fixes [[ https://bugs.llvm.org/show_bug.cgi?id=44054 | PR44054 ]].

Reviewers: rjmccall, erichkeane, rsmith, vsk

Reviewed By: erichkeane

Subscribers: mehdi_amini, dexonsmith, cfe-commits, #sanitizers, llvm-commits, aaron.ballman, t.p.northover, efriedma, regehr

Tags: #llvm, #clang, #sanitizers

Differential Revision: https://reviews.llvm.org/D70539
2019-11-27 15:39:55 +03:00
Evgenii Stepanov 947f969244 Fix sanitizer-common build with glibc 2.31
Summary:
As mentioned in D69104, glibc changed ABI recently with the [[ https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2f959dfe849e0646e27403f2e4091536496ac0f0| 2f959dfe ]] change.
D69104 dealt with just 32-bit ARM, but that is just one of the many affected architectures.
E.g. x86_64, i?86, riscv64, sparc 32-bit, s390 31-bit are affected too (and various others).

This patch instead of adding a long list of further architectures that wouldn't be checked ever next to arm 32-bit changes the structures to match the 2.31 layout and performs the checking on Linux for ipc_perm mode position/size only on non-Linux or on Linux with glibc 2.31 or later.  I think this matches what is done for aarch64 already.
If needed, we could list architectures that haven't changed ABI (e.g. powerpc), so that they would be checked even with older glibcs.  AFAIK sanitizers don't actually use ipc_perm.mode and
so all they care about is the size and alignment of the whole structure.

Note, s390 31-bit and arm 32-bit big-endian changed ABI even further, there will now be shmctl with old symbol version and shmctl@@GLIBC_2.31 which will be incompatible.  I'm afraid this isn't really solvable unless the sanitizer libraries are symbol versioned and use matching symbol versions to glibc symbols for stuff they intercept, plus use dlvsym.
This patch doesn't try to address that.

Patch by Jakub Jelinek.

Reviewers: kcc, eugenis, dvyukov

Reviewed By: eugenis

Subscribers: jyknight, kristof.beyls, fedor.sergeev, simoncook, PkmX, s.egerton, steven.zhang, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D70662
2019-11-25 14:38:10 -08:00
Lei Huang 9e676d9c7e [PowerPC][compiler-rt][builtins]Add __fixtfti builtin on PowerPC
Implements __fixtfti builtin for PowerPC. This builtin converts a
long double (IBM double-double) to a signed int128. The conversion relies on
the unsigned conversion of the absolute value of the long double.

Tests included for both positive and negative long doubles.

Patch By: Baptiste Saleil

Differential Revision: https://reviews.llvm.org/D69730
2019-11-25 14:54:03 -06:00
Mitch Phillips 19edfb3728 [GWP-ASan] Add GWP_ASAN_ prefix to macros.
Summary:
When platforms use their own `LIKELY()` definitions, it can be quite
troublesome to ensure they don't conflict with the GWP-ASan internal
definitions. Just force the GWP_ASAN_ prefix to help this issue.

Reviewers: eugenis

Reviewed By: eugenis

Subscribers: #sanitizers, llvm-commits, cferris, pcc

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D70683
2019-11-25 12:27:00 -08:00
Kostya Kortchinsky 15664fe2c4 [scudo][standalone] Fix for releaseToOS prior to init
Summary:
cferris@ found an issue where calling `releaseToOS` prior to any other
heap operation would lead to a crash, due to the allocator not being
properly initialized (it was discovered via `mallopt`).

The fix is to call `initThreadMaybe` prior to calling `releaseToOS` for
the Primary.

Add a test that crashes prior to fix.

Reviewers: hctim, cferris, pcc, eugenis

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D70552
2019-11-25 08:38:45 -08:00
Petr Hosek e8a4e5892b [CMake] Use correct include path for InstrProfData.inc on Darwin
On Darwin, part of the profile runtime is included in the builtin
library. f35032e changed the location of InstrProfData.inc but the
builtin build for Darwin hasn't been updated to include the new
path which causes a breakage when building for Darwin. This change
addresses this breakage.
2019-11-24 13:26:01 -08:00
Petr Hosek f35032e03d Reland "[CMake] Support installation of InstrProfData.inc"
This header fragment is useful on its own for any consumer that wants
to use custom instruction profile runtime with the LLVM instrumentation.
The concrete use case is in Fuchsia's kernel where we want to use
instruction profile instrumentation, but we cannot use the compiler-rt
runtime because it's not designed for use in the kernel environment.
This change allows installing this header as part of compiler-rt.

Differential Revision: https://reviews.llvm.org/D64532
2019-11-22 14:09:46 -08:00
Petr Hosek 262b10ba1f Revert "[CMake] Support installation of InstrProfData.inc"
This reverts commit f11bc1776f since it's
failing to build on some bots.
2019-11-22 12:00:23 -08:00
Petr Hosek f11bc1776f [CMake] Support installation of InstrProfData.inc
This header fragment is useful on its own for any consumer that wants
to use custom instruction profile runtime with the LLVM instrumentation.
The concrete use case is in Fuchsia's kernel where we want to use
instruction profile instrumentation, but we cannot use the compiler-rt
runtime because it's not designed for use in the kernel environment.
This change allows installing this header as part of compiler-rt.

Differential Revision: https://reviews.llvm.org/D64532
2019-11-22 11:52:50 -08:00
Vitaly Buka 97e0fd27eb Don't forward __pthread_mutex_* interceptors to pthread_mutex_* version
Summary:
Allows to use rr with asan

Fixes PR41095

Reviewers: eugenis

Subscribers: jfb, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D70581
2019-11-22 11:19:39 -08:00
Marco Vanotti e5b603a4c3 [libFuzzer] don't use /dev/null for DiscardOuput in Fuchsia.
Summary:

This commit moves the `DiscardOutput` function in FuzzerIO to
FuzzerUtil, so fuchsia can have its own specialized version.

In fuchsia, accessing `/dev/null` is not supported, and there's nothing
similar to a file that discards everything that is written to it. The
way of doing something similar in fuchsia is by using `fdio_null_create`
and binding that to a file descriptor with `fdio_bind_to_fd`.

This change should fix one of the issues with the `-close_fd_mask` flag
in libfuzzer, in which closing stdout was not working due to
`fopen("/dev/null", "w")` returning `NULL`.

Reviewers: kcc, aarongreen

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69593
2019-11-21 16:56:05 -08:00
Marco Vanotti 46c7fc22cf [libFuzzer] Fix unwinding for Fuchsia
Summary:
This commit fixes part of the issues with stack unwinding in fuchsia for
arm64 and x86_64. It consists of multiple fixes:

(1) The cfa_offset calculation was wrong, instead of pointing to the
previous stack pointer, it was pointing to the current  one. It worked in
most of the cases because the crashing functions already had a
prologue and had their cfa information relative to another register. The
fix consists on adding a constant that can be used to calculate the
crashing function's stack pointer, and base all the cfi information
relative to that offset.

(2) (arm64) Due to errors with the syntax for the dwarf information, most
of the `OP_NUM` macros were not working. The problem was that they were
referred to as `r##NUM` (like `r14`), when it should have been `x##num`
(like `x14`), or even without the x.

(3) (arm64) The link register was being considered a part of the main
registers (`r30`), when in the real struct it has its own field. Given
that the link register is in the same spot in the struct as r[30] would be,
and that C++ doesn't care about anything, the calculation was still correct.

(4) (x86_64) The stack doesn't need to be aligned to 16 bytes when we
jump to the trampoline function, but it needs to be before performing
call instructions. Encoding that logic in cfi information was tricky, so
we decided to make the cfa information relative to `rbp` and align `rsp`.
Note that this could have been done using another register directly,
but it seems cleaner to make a new fake stack frame.

There are some other minor changes like adding a `brk 1` instruction in
arm64 to make sure that we never return to the crash trampoline (similar to
what we do in x86_64).

Sadly this commit does not fix unwinding for all use cases for arm64.
Crashing functions that do not add information related to the return column in
their cfi information will fail to unwind due to a bug in libunwinder.

Reviewers: mcgrathr, jakehehrlich, phosek, kcc, aarongreen

Subscribers: aprantl, kristof.beyls, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69579
2019-11-21 15:47:07 -08:00
Marco Vanotti 16d9f44fd1 [libFuzzer] Fix fd check in DupAndCloseStderr.
Summary:
This commit fixes the check in the return value from the `DuplicateFile`
function, which returns a new file descriptor. `DuplicateFile` can
return 0 if that file descriptor is available (for example, if stdin has
already been closed).

In particular, this could cause a bug with the `-close_fd_mask` flag in
some platforms: just call the fuzzer with stdin closed and the
`-close_fd_mask=2` flag, and stderr will not be muted.

Example fuzzer:

```

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) {
  fprintf(stderr, "STDERR\n");
  fprintf(stdout, "STDOUT\n");
  return 0;
}
```

Invocation (muting both stderr and stdout):
```
./test -close_fd_mask=3 -runs=1 0<&-
INFO: Seed: 1155116940
INFO: Loaded 1 modules   (1 inline 8-bit counters): 1 [0x48b020, 0x48b021),
INFO: Loaded 1 PC tables (1 PCs): 1 [0x478dc8,0x478dd8),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
STDERR
INFO: A corpus is not provided, starting from an empty corpus
STDERR
Done 2 runs in 0 second(s)
```

Reviewers: mcgrathr, jakehehrlich, phosek, kcc, aarongreen

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68775
2019-11-21 15:25:10 -08:00
Julian Lettner 0163329dbd [TSan] Make `mach_vm_allocate.c` test less flaky
rdar://57365733
2019-11-21 15:19:31 -08:00
Kostya Kortchinsky 46240c3872 [scudo][standalone] Minor optimization & improvements
Summary:
A few small improvements and optimizations:
- when refilling the free list, push back the last batch and return
  the front one: this allows to keep the allocations towards the front
  of the region;
- instead of using 48 entries in the shuffle array, use a multiple of
  `MaxNumCached`;
- make the maximum number of batches to create on refil a constant;
  ultimately it should be configurable, but that's for later;
- `initCache` doesn't need to zero out the cache, it's already done.
- it turns out that when using `||` or `&&`, the compiler is adamant
  on adding a short circuit for every part of the expression. Which
  ends up making somewhat annoying asm with lots of test and
  conditional jump. I am changing that to bitwise `|` or `&` in two
  place so that the generated code looks better. Added comments since
  it might feel weird to people.

This yields to some small performance gains overall, nothing drastic
though.

Reviewers: hctim, morehouse, cferris, eugenis

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D70452
2019-11-21 10:05:39 -08:00
Florian Hahn a70c3f9f45 [compiler-rt] Don't check XCR0 when detecting avx512 on Darwin.
Darwin lazily saves the AVX512 context on first use [1]: instead of checking
that it already does to figure out if the OS supports AVX512, trust that
the kernel will do the right thing and always assume the context save
support is available.

[1] https://github.com/apple/darwin-xnu/blob/xnu-4903.221.2/osfmk/i386/fpu.c#L174

Reviewers: ab, RKSimon, craig.topper

Reviewed By: craig.topper

Subscribers: dberris, JDevlieghere, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D70454
2019-11-21 09:19:17 +00:00
Peter Collingbourne f751a79173 scudo: Only use the Android reserved TLS slot when building libc's copy of the allocator.
When we're not building libc's allocator, just use a regular TLS variable. This
lets the unit tests pass on Android devices whose libc uses Scudo. Otherwise
libc's copy of Scudo and the unit tests' copy will both try to use the same
TLS slot, in likely incompatible ways.

This requires using ELF TLS, so start passing -fno-emulated-tls when building
the library and the unit tests on Android.

Differential Revision: https://reviews.llvm.org/D70472
2019-11-20 11:30:58 -08:00
Peter Collingbourne 10089ce202 scudo: Switch from std::random_shuffle to std::shuffle in a test.
This lets the test build with C++17.

Differential Revision: https://reviews.llvm.org/D70471
2019-11-19 16:13:12 -08:00
Vedant Kumar 0d4211f4e7 [profile] Address unused function warnings on Windows after D69586
This '#ifdef's out two functions which are unused on Windows, to prevent
-Wunused-function warnings.
2019-11-19 12:51:12 -08:00
Vedant Kumar 1aacf58819 [profile] Unbreak Fuchsia/Windows after D68351
Continuous mode is not yet supported on Fuchsia/Windows, however an
error should not be reported unless the user attempted to actually
enable continuous mode.
2019-11-19 12:29:57 -08:00
Dan Liew b9a92206b6 [Symbolizers] On Darwin compute function offset when possible.
Summary:
The sanitizer symbolizers support printing the function offset
(difference between pc and function start) of a stackframe using the
`%q` format specifier.

Unfortunately this didn't actually work because neither the atos
or dladdr symbolizer set the `AddressInfo::function_offset` field.

This patch teaches both symbolizers to try to compute the function
offset. In the case of the atos symbolizer, atos might not report the
function offset (e.g. it reports a source location instead) so in this
case it fallsback to using `dladdr()` to compute the function offset.

Two test cases are included.

rdar://problem/56695185

Reviewers: kubamracek, yln

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69549
2019-11-19 10:04:44 -08:00
Hans Wennborg a19f0eec94 Revert 1689ad27af "[builtins] Implement rounding mode support for i386/x86_64"
It broke the build with MSVC:

fp_mode.c(20): error C2065: '__asm__': undeclared identifier

> Differential Revision: https://reviews.llvm.org/D69870
2019-11-19 09:37:31 +01:00
Vedant Kumar 2492b5a125 [profile] Support online merging with continuous sync mode
Make it possible to use online profile merging ("%m" mode) with
continuous sync ("%c" mode).

To implement this, the merged profile is locked in the runtime
initialization step and either a) filled out for the first time or b)
checked for compatibility. Then, the profile can simply be mmap()'d with
MAP_SHARED set. With the mmap() in place, counter updates from every
process which uses an image are mapped onto the same set of physical
pages assigned by the filesystem cache. After the mmap() is set up, the
profile is unlocked.

Differential Revision: https://reviews.llvm.org/D69586
2019-11-18 12:56:58 -08:00
Craig Topper ff75bf6ac9 [X86] Add AMD Matisse (znver2) model number to getHostCPUName and compiler-rt's getAMDProcessorTypeAndSubtype.
This is the CPUID model used on Ryzen 3000 series (Zen 2/Matisse) CPUs.

Patch by Alex James

Differential Revision: https://reviews.llvm.org/D70279
2019-11-18 11:57:04 -08:00
Yi Kong 1689ad27af [builtins] Implement rounding mode support for i386/x86_64
Differential Revision: https://reviews.llvm.org/D69870
2019-11-18 10:32:40 -08:00
Julian Lettner 7e4d386b77 [cmake] Factor out DEFAULT_SANITIZER_MIN_OSX_VERSION 2019-11-18 09:41:19 -08:00
Julian Lettner 4d4066a520 Bump sanitizer iOS deployment target to 9.0
Bump default value for `-miphoneos-version-min=x` to 9.0 (from 8.0).
TSan tests that use thread local storage `__thread` (e.g., tls_race.cpp)
are failing to link for the iOS simulator (arch=x86_64 and
-miphoneos-version-min=8.0) on internal/master (will be submitted to
Glacier train):
```
ld: targeted OS version does not support use of thread local variables in _main for architecture x86_64
```

iOS 9.0 was released 2015.
2019-11-18 09:41:19 -08:00
Julian Lettner b87fc09dce Bump sanitizer macOS deployment target to 10.10
Bump default value for `SANITIZER_MIN_OSX_VERSION` to 10.10 (from 10.9).
TSan does not work on macOS 10.9 and a nice error message is preferable
to an "unreferenced symbol" error when loading the TSan runtime.

We could try to only bump the deployment target for TSan, but we would
have to invest into adding support for this to our CMake build and it
does not seem worth it.  macOS 10.10 was released in 2014.

rdar://31335781
2019-11-18 09:41:18 -08:00
Julian Lettner b0567be2b4 [ASan] Mark test as UNSUPPORTED for iOS simulator
coverage-fork.cpp uses `fork()` which requires additional permissions
in the iOS simulator sandbox.  We cannot use `sandbox-exec` to grant
these permissions since this is a Posix (not Darwin) test.
2019-11-18 08:00:46 -08:00
Alexandre Ganea 478ad94c8e [GCOV] Skip artificial functions from being emitted
This is a patch to support  D66328, which was reverted until this lands.

Enable a compiler-rt test that used to fail previously with D66328.

Differential Revision: https://reviews.llvm.org/D67283
2019-11-15 14:23:11 -05:00
Kostya Kortchinsky f018246c20 [scudo][standalone] Enabled SCUDO_DEBUG for tests + fixes
Summary:
`SCUDO_DEBUG` was not enabled for unit tests, meaning the `DCHECK`s
were never tripped. While turning this on, I discovered that a few
of those not-exercised checks were actually wrong. This CL addresses
those incorrect checks.

Not that to work in tests `CHECK_IMPL` has to explicitely use the
`scudo` namespace. Also changes a C cast to a C++ cast.

Reviewers: hctim, pcc, cferris, eugenis, vitalybuka

Subscribers: mgorny, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D70276
2019-11-15 08:33:57 -08:00
Dan Liew 4c39f34199 [SanitizerCommon] Print the current value of options when printing out help.
Summary:
Previously it wasn't obvious what the default value of various sanitizer
options were. A very close approximation of the "default values" for the
options are the current value of the options at the time of printing the
help output.

In the case that no other options are provided then the current values
are the default values (apart from `help`).

```
ASAN_OPTIONS=help=1 ./program
```

This patch causes the current option values to be printed when the
`help` output is enabled. The original intention for this patch was to append
`(Default: <value>)` to an option's help text. However because this
is technically wrong (and misleading) I've opted to append
`(Current Value: <value>)` instead.

When trying to implement a way of displaying the default value of the
options I tried another solution where the default value used in `*.inc` files
were used to create compile time strings that where used when printing
the help output. This solution was not satisfactory for several reasons:

* Stringifying the default values with the preprocessor did not work very
well in several cases.  Some options contain boolean operators which no
amount of macro expansion can get rid of.
* It was much more invasive than this patch. Every sanitizer had to be changed.
* The settings of `__<sanitizer>_default_options()` are ignored.

For those reasons I opted for the solution in this patch.

rdar://problem/42567204

Reviewers: kubamracek, yln, kcc, dvyukov, vitalybuka, cryptoad, eugenis, samsonov

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69546
2019-11-14 14:04:34 -08:00
Vedant Kumar e7aab320b1 [profile] Factor out logic for mmap'ing merged profile, NFC
Split out the logic to get the size of a merged profile and to do a
compatibility check. This can be shared with both the continuous+merging
mode implementation, as well as the runtime-allocated counters
implementation planned for Fuchsia.

Lifted out of D69586.

Differential Revision: https://reviews.llvm.org/D70135
2019-11-13 07:52:15 -08:00
Douglas Yung 7ebde1bf67 Add a shim for setenv on PS4 since it does not exist.
A few years back a similar change was made for getenv since neither function is supported on the PS4 platform.

Recently, commit d889d1e added a call to setenv in compiler-rt which was causing linking errors because the symbol was not found. This fixes that issue by putting in a shim similar to how we previously dealt with the lack of getenv.

Differential Revision: https://reviews.llvm.org/D70033
2019-11-12 15:05:45 -08:00
Sterling Augustine 38c356176b Fix include guard and properly order __deregister_frame_info.
Summary:
This patch fixes two problems with the crtbegin.c as written:

1. In do_init, register_frame_info is not guarded by a #define, but in
do_fini, deregister_frame_info is guarded by #ifndef
CRT_HAS_INITFINI_ARRAY. Thus when CRT_HAS_INITFINI_ARRAY is not
defined, frames are registered but then never deregistered.

The frame registry mechanism builds a linked-list from the .so's
static variable do_init.object, and when the .so is unloaded, this
memory becomes invalid and should be deregistered.

Further, libgcc's crtbegin treats the frame registry as independent
from the initfini array mechanism.

This patch fixes this by adding a new #define,
"EH_USE_FRAME_INFO_REGISTRY", which is set by the cmake option
COMPILER_RT_CRT_USE_EH_FRAME_REGISTRY Currently, do_init calls
register_frame_info, and then calls the binary's constructors. This
allows constructors to safely use libunwind. However, do_fini calls
deregister_frame_info and then calls the binary's destructors. This
prevents destructors from safely using libunwind.

This patch also switches that ordering, so that destructors can safely
use libunwind. As it happens, this is a fairly common scenario for
thread sanitizer.
2019-11-12 14:54:41 -08:00
Christopher Ferris 14df08f058 [scudo][standalone] Match function name change to bionic name change.
Summary: Bionic was modified to have all function names consistent. Modify the code and get rid of the special case for bionic since it's no longer needed.

Reviewers: cryptoad

Reviewed By: cryptoad

Subscribers: srhines, llvm-commits, #sanitizers

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D70031
2019-11-11 09:41:57 -08:00
Jan Korous 99e2cba219 Reland "[compiler-rt] Fix tests after 03b84e4f6d0"
This reverts commit d6be9273c6.
2019-11-08 14:28:32 -08:00
Lei Huang 71f4761431 [PowerPC][compiler-rt][builtins]Fix __fixunstfti builtin on PowerPC
__fixunstfti converts a long double (IBM double-double) to an unsigned 128 bit
integer.  This patch enables it to handle a previously unhandled case in which
a negative low double may impact the result of the conversion.

Collaborated with @masoud.ataei and @renenkel.
Patch By: Baptiste Saleil

Differential Revision: https://reviews.llvm.org/D69193
2019-11-08 11:57:09 -06:00
Jeremy Morse d6be9273c6 Revert "[compiler-rt] Fix tests after 03b84e4f6d0"
This reverts commit bdeb2724f0.

(Reverting 03b84e4f6d, so this must come out as well)
2019-11-08 12:07:42 +00:00
Jan Korous bdeb2724f0 [compiler-rt] Fix tests after 03b84e4f6d
Fallout from:
[clang] Report sanitizer blacklist as a dependency in cc1

Default blacklists are now passed via -fsanitize-system-blacklist from driver to cc1.
2019-11-07 14:40:22 -08:00
Mitch Phillips 343597789e [GWP-ASan] Respect compiler-rt's -fno-lto
https://bugs.llvm.org/show_bug.cgi?id=43722

GWP-ASan didn't include SANITIZER_COMMON_CFLAGS, and thus would produce
LLVM bitcode files, when compiler-rt is generally built without LTO.
2019-11-07 07:43:02 -08:00
Edward Jones dd25880010 [RISCV] Add riscv{32,64} to ALL_CRT_SUPPORTED_ARCH list
This allows crtbegin and crtend to be built, allowing RISC-V
to no longer rely on implementations from libgcc.

Differential revision: https://reviews.llvm.org/D68393
2019-11-07 15:32:52 +00:00
Kelvin Li 1e1ae46595 [CMake] Prevent adding lld to test dependency (TEST_DEPS) when lld project is not built
D69405 causes failure if running LIT when the compiler was built without lld.

Patch by Anh Tuyen Tran (anhtuyen)

Differential Revision: https://reviews.llvm.org/D69685
2019-11-05 16:42:30 -05:00
Alexandre Ganea efad56b2be Remove unused variables, as suggested by @mcgov.
Fixes warning: unused variable 'XXX' [-Wunused-const-variable]
2019-11-04 14:55:51 -05:00
Alexandre Ganea 9cc3ebf8b7 Fix warning: format specifies type 'unsigned long' but the argument has type 'unsigned long long' [-Wformat] 2019-11-04 14:42:07 -05:00
David Spickett 91167e22ec [hwasan] Remove lazy thread-initialisation
This was an experiment made possible by a non-standard feature of the
Android dynamic loader.

It required introducing a flag to tell the compiler which ABI was being
targeted.
This flag is no longer needed, since the generated code now works for
both ABI's.

We leave that flag untouched for backwards compatibility. This also
means that if we need to distinguish between targeted ABI's again
we can do that without disturbing any existing workflows.

We leave a comment in the source code and mention in the help text to
explain this for any confused person reading the code in the future.

Patch by Matthew Malcomson

Differential Revision: https://reviews.llvm.org/D69574
2019-11-04 10:58:46 +00:00
Kamil Rytarowski 858b15cb9c [compiler-rt] [msan] Correct the __libc_thr_keycreate prototype
Fixes build with GCC8.
2019-11-04 01:10:59 +01:00
Kamil Rytarowski e345bc6e65 [compiler-rt] [msan] Support POSIX iconv(3) on NetBSD 9.99.17+
Fixes build of test.
2019-11-04 01:08:53 +01:00
Kamil Rytarowski 983c4dd8ed [compiler-rt] Harmonize __sanitizer_addrinfo with the NetBSD headers
Add missing pad for sparc, alpha and a variation of i386.
2019-11-03 16:47:03 +01:00
Kamil Rytarowski 01f91c3526 [compiler-rt] Sync NetBSD syscall hooks with 9.99.17
Document the minimal version supported as 9.0 and add compat code for
renamed syscalls after 9.0.
2019-11-03 16:22:02 +01:00
Evgenii Stepanov 961d48df28 Disable exceptions in libfuzzer's copy of libcxxabi.
External project configuration for libcxxabi now has exceptions on by
default, but this is not needed for libfuzzer.
2019-11-01 10:05:59 -07:00
Martin Storsjö ec630194fe [compiler-rt] [profile] Fix building for MinGW after d889d1efef
This commit added use of a Windows API in InstrProfilingPort.h.
When _MSC_VER is defined (for MSVC), windows.h is already included
earlier in the same header (for atomics), but MinGW, the gcc
atomics builtins are used instead. Therefore explicitly include
windows.h here, where the API is used.
2019-11-01 09:20:51 +02:00
Vedant Kumar 197bad5089 [profile] Fifth speculative fix for Android after D68351
Use the printf macros from inttypes.h to sidestep -Wformat issues:

/var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/llvm-project/compiler-rt/lib/profile/InstrProfilingFile.c:425:14: error: format specifies type 'long long' but the argument has type 'off_t' (aka 'long') [-Werror,-Wformat]
             CurrentFileOffset, PageSize);
             ^~~~~~~~~~~~~~~~~
/var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/llvm-project/compiler-rt/lib/profile/InstrProfilingPort.h:114:50: note: expanded from macro 'PROF_ERR'
  fprintf(stderr, "LLVM Profile Error: " Format, __VA_ARGS__);
                                         ~~~~~~  ^~~~~~~~~~~
/var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/llvm-project/compiler-rt/lib/profile/InstrProfilingFile.c:461:41: error: format specifies type 'unsigned long long' but the argument has type 'uint64_t' (aka 'unsigned long') [-Werror,-Wformat]
        strerror(errno), CountersBegin, PageAlignedCountersLength, Fileno,
                                        ^~~~~~~~~~~~~~~~~~~~~~~~~
/var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/llvm-project/compiler-rt/lib/profile/InstrProfilingPort.h:114:50: note: expanded from macro 'PROF_ERR'
  fprintf(stderr, "LLVM Profile Error: " Format, __VA_ARGS__);
                                         ~~~~~~  ^~~~~~~~~~~
/var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/llvm-project/compiler-rt/lib/profile/InstrProfilingFile.c:462:9: error: format specifies type 'unsigned long long' but the argument has type 'uint64_t' (aka 'unsigned long') [-Werror,-Wformat]
        FileOffsetToCounters);
        ^~~~~~~~~~~~~~~~~~~~
/var/lib/buildbot/sanitizer-buildbot6/sanitizer-x86_64-linux-android/build/llvm-project/compiler-rt/lib/profile/InstrProfilingPort.h:114:50: note: expanded from macro 'PROF_ERR'
  fprintf(stderr, "LLVM Profile Error: " Format, __VA_ARGS__);
2019-10-31 17:03:52 -07:00
Vedant Kumar a49795d8ab [profile] Third speculative fix for Windows after D68351
_putenv on Windows takes 1 argument, whereas setenv elsewhere takes 3.
Just treat the two platforms differently.

http://lab.llvm.org:8011/builders/sanitizer-windows/builds/53547
2019-10-31 16:35:58 -07:00
Vedant Kumar 6dfe8e590e [profile] Second speculative fix for Windows
VLAs in C appear to not work on Windows, so use COMPILER_RT_ALLOCA:

C:\b\slave\sanitizer-windows\llvm-project\compiler-rt\lib\profile\InstrProfilingWriter.c(264): error C2057: expected constant expression
C:\b\slave\sanitizer-windows\llvm-project\compiler-rt\lib\profile\InstrProfilingWriter.c(264): error C2466: cannot allocate an array of constant size 0
C:\b\slave\sanitizer-windows\llvm-project\compiler-rt\lib\profile\InstrProfilingWriter.c(264): error C2133: 'Zeroes': unknown size
2019-10-31 16:25:25 -07:00
Vedant Kumar aa7f3a405d [profile] Speculative fix for Windows after D68351
setenv() appears to not be available on Windows:

http://lab.llvm.org:8011/builders/sanitizer-windows/builds/53545/steps/stage%201%20build/logs/stdio
2019-10-31 16:23:39 -07:00
Vedant Kumar d889d1efef [profile] Add a mode to continuously sync counter updates to a file
Add support for continuously syncing profile counter updates to a file.

The motivation for this is that programs do not always exit cleanly. On
iOS, for example, programs are usually killed via a signal from the OS.
Running atexit() handlers after catching a signal is unreliable, so some
method for progressively writing out profile data is necessary.

The approach taken here is to mmap() the `__llvm_prf_cnts` section onto
a raw profile. To do this, the linker must page-align the counter and
data sections, and the runtime must ensure that counters are mapped to a
page-aligned offset within a raw profile.

Continuous mode is (for the moment) incompatible with the online merging
mode. This limitation is lifted in https://reviews.llvm.org/D69586.

Continuous mode is also (for the moment) incompatible with value
profiling, as I'm not sure whether there is interest in this and the
implementation may be tricky.

As I have not been able to test extensively on non-Darwin platforms,
only Darwin support is included for the moment. However, continuous mode
may "just work" without modification on Linux and some UNIX-likes. AIUI
the default value for the GNU linker's `--section-alignment` flag is set
to the page size on many systems. This appears to be true for LLD as
well, as its `no_nmagic` option is on by default. Continuous mode will
not "just work" on Fuchsia or Windows, as it's not possible to mmap() a
section on these platforms. There is a proposal to add a layer of
indirection to the profile instrumentation to support these platforms.

rdar://54210980

Differential Revision: https://reviews.llvm.org/D68351
2019-10-31 16:04:09 -07:00
Vedant Kumar ade776b584 [profile] Clean up stale raw profiles in instrprof-write-file.c 2019-10-31 16:04:08 -07:00
Kostya Kortchinsky c7bc3db23c [scudo][standalone] Fix Secondary bug w/ freelist
Summary:
cferris@ found an issue due to the new Secondary free list behavior
and unfortunately it's completely my fault. The issue is twofold:

- I lost track of the (major) fact that the Combined assumes that
  all chunks returned by the Secondary are zero'd out apprioriately
  when dealing with `ZeroContents`. With the introduction of the
  freelist, it's no longer the case as there can be a small portion
  of memory between the header and the next page boundary that is
  left untouched (the rest is zero'd via release). So the next time
  that block is returned, it's not fully zero'd out.
- There was no test that would exercise that behavior :(

There are several ways to fix this, the one I chose makes the most
sense to me: we pass `ZeroContents` to the Secondary's `allocate`
and it zero's out the block if requested and it's coming from the
freelist. The prevents an extraneous `memset` in case the block
comes from `map`. Another possbility could have been to `memset`
in `deallocate`, but it's probably overzealous as all secondary
blocks don't need to be zero'd out.

Add a test that would have found the issue prior to fix.

Reviewers: morehouse, hctim, cferris, pcc, eugenis, vitalybuka

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69675
2019-10-31 14:38:30 -07:00
Alex Richardson 8baedb82ba [compiler-rt] Use xcrun instead of xcodebuild to find the SDK directory
Summary:
xcodebuild does not work unless XCode is installed whereas xcrun also work
when only the Command Line Tools are installed. Unlike the check for the
version (D69610), this did not cause an erro for me since the fallback to
/usr/include for the OSX sysroot worked.

Reviewers: yln, delcypher

Reviewed By: yln

Subscribers: dberris, mgorny, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69659
2019-10-31 21:17:56 +00:00
Alex Richardson 52beec76de Fix compiler-rt build on macOS without XCode
Summary:
Starting with 8a5bfbe6db (D68292) this file
unconditionally uses xcodebuild to get the SDK version. On my system this
always fails with
`xcode-select: error: tool 'xcodebuild' requires Xcode, but active developer directory '/Library/Developer/CommandLineTools' is a command line tools instance`

Reviewers: delcypher, yln

Reviewed By: delcypher, yln

Subscribers: dberris, mgorny, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69610
2019-10-31 21:17:24 +00:00
Evgenii Stepanov cd751bcd52 [asan] Fix lint failure in asan_interface.h 2019-10-31 13:58:55 -07:00
Evgenii Stepanov 13e04607f7 [asan] Provide an interface to update an allocation stack trace.
Summary:
Sometimes an allocation stack trace is not very informative. Provide a
way to replace it with a stack trace of the user's choice.

Reviewers: pcc, kcc

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69208
2019-10-31 13:54:46 -07:00
Evgenii Stepanov 05a2d70d96 Sort HWASAN_RTL_SOURCES alphabetically (NFC). 2019-10-31 10:56:50 -07:00
Evgenii Stepanov 2f856a36e0 [msan] Blacklist __gxx_personality_v0.
Summary:
Fixes https://bugs.llvm.org/show_bug.cgi?id=31877.
Fixes https://github.com/google/sanitizers/issues/1155.

Enables exceptions in msan/tsan buid of libcxx, and in msan tests.

-fdepfile-entry stuff is a workaround for
https://reviews.llvm.org/D69290 (default blacklist missing from -MMD
output).

Reviewers: pcc, dvyukov

Subscribers: mgorny, christof, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69587
2019-10-31 10:22:52 -07:00
Dan Liew 23a33d450b Revert "[Builtins] Downgrade duplicate source file warning from a fatal error to a warning."
This reverts commit dc748816e2.

Now that 8ea148dc0c has landed it should
be safe to turning the warning back into a fatal error.
2019-10-30 16:21:46 -07:00
Dan Liew 8ea148dc0c [Builtins] Fix bug where powerpc builtins specializations didn't remove generic implementations.
Summary:
Previously the CMake code looked for filepaths of the form
`<arch>/<filename>` as an indication that `<arch>/<filename>` provided a
specialization of a top-level file `<filename>`. For powerpc there was a
bug because the powerpc specialized implementations lived in `ppc/` but
the architectures were `powerpc64` and `powerpc64le` which meant that
CMake was looking for files at `powerpc64/<filename>` and
`powerpc64le/<filename>`.

The result of this is that for powerpc the builtins library contained a
duplicate symbol for `divtc3` because it had the generic implementation
and the specialized version in the built static library.

Although we could just add similar code to what there is for arm (i.e.
compute `${_arch}`) to fix this, this is extremely error prone (until
r375150 no error was raised). Instead this patch takes a different
approach that removes looking for the architecture name entirely.
Instead this patch uses the convention that a source file in a
sub-directory might be a specialization of a generic implementation and
if a source file of the same name (ignoring extension) exists at the
top-level then it is the corresponding generic implementation. This
approach is much simpler because it doesn't require keeping track of
different architecture names.

This convention already existed in repository but previously it was
implicit.  This change makes it explicit.

This patch is motivated by wanting to revert r375162 which worked around
the powerpc bug found when r375150 landed.

Once it lands we should revert r375162.

Reviewers: phosek, beanz, compnerd, shiva0217, amyk, rupprecht, kongyi, mstorsjo, t.p.northover, weimingz, jroelofs, joerg, sidneym

Subscribers: nemanjai, mgorny, kristof.beyls, jsji, shchenz, steven.zhang, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D69189
2019-10-30 16:20:09 -07:00
Matt Morehouse 7904bd9409 [sanitizer_common] Create max_allocation_size_mb flag.
Summary:
The flag allows the user to specify a maximum allocation size that the
sanitizers will honor.  Any larger allocations will return nullptr or
crash depending on allocator_may_return_null.

Reviewers: kcc, eugenis

Reviewed By: kcc, eugenis

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69576
2019-10-30 11:26:05 -07:00
Kostya Kortchinsky 19ea1d46cc [scudo][standalone] Add a free list to the Secondary
Summary:
The secondary allocator is slow, because we map and unmap each block
on allocation and deallocation.

While I really like the security benefits of such a behavior, this
yields very disappointing performance numbers on Android for larger
allocation benchmarks.

So this change adds a free list to the secondary, that will hold
recently deallocated chunks, and (currently) release the extraneous
memory. This allows to save on some memory mapping operations on
allocation and deallocation. I do not think that this lowers the
security of the secondary, but can increase the memory footprint a
little bit (RSS & VA).

The maximum number of blocks the free list can hold is templatable,
`0U` meaning that we fallback to the old behavior. The higher that
number, the higher the extra memory footprint.

I added default configurations for all our platforms, but they are
likely to change in the near future based on needs and feedback.

Reviewers: hctim, morehouse, cferris, pcc, eugenis, vitalybuka

Subscribers: mgorny, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69570
2019-10-30 08:55:58 -07:00
David Tellenbach 67474c60d3 [compiler-rt] libhwasan interceptor ABI intercept longjmp/setjmp
Summary:
The hwasan interceptor ABI doesn't have interceptors for longjmp and setjmp.
This patch introduces them.

We require the size of the jmp_buf on the platform to be at least as large as
the jmp_buf in our implementation. To enforce this we compile
hwasan_type_test.cpp that ensures a compile time failure if this is not true.

Tested on both GCC and clang using an AArch64 virtual machine.

Reviewers: eugenis, kcc, pcc, Sanatizers

Reviewed By: eugenis, Sanatizers

Tags: #sanatizers, #llvm

Differential Revision: https://reviews.llvm.org/D69045

Patch By: Matthew Malcomson <matthew.malcomson@arm.com>
2019-10-30 14:04:40 +00:00
Louis Dionne 3c9063f5d2 [libc++] Force the ABI namespace to be a reserved identifier
Summary:
When the ABI namespace isn't a reserved identifier, we were issuing a
warning, but this should have been an error since the beginning. This
commit enforces that the ABI namespace is a reserved identifier, and
changes the ABI namespace used by LibFuzzer.

Reviewers: phosek, EricWF

Subscribers: mgorny, christof, jkorous, dexonsmith, #sanitizers, libcxx-commits, llvm-commits

Tags: #sanitizers, #libc, #llvm

Differential Revision: https://reviews.llvm.org/D69408
2019-10-29 10:55:43 -07:00
Kostya Kortchinsky 2513250be3 [scudo][standalone] Lists fix
Summary:
Apparently during the review of D69265, and my flailing around with
git, a somewhat important line disappeared.

On top of that, there was no test exercising that code path, and
while writing the follow up patch I intended to write, some `CHECK`s
were failing.

Re-add the missing line, and add a test that fails without said line.

Reviewers: hctim, morehouse, pcc, cferris

Reviewed By: hctim

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69529
2019-10-28 15:08:08 -07:00
Evgenii Stepanov 7b9d6a2256 [hwasan] Fix typo in the error type.
"alocation-tail-overwritten" -> "allocation-tail-overwritten"
2019-10-28 13:25:45 -07:00
Evgenii Stepanov 3f345732b4 Add missing lld checks in sanitizer tests.
Do not add an lld dependency when this target does not exist. In this
case the system installation of lld is used (or whatever is detected
with -fuse-ld=lld by default).
2019-10-28 10:32:46 -07:00
Kostya Kortchinsky 6f2de9cbb3 [scudo][standalone] Consolidate lists
Summary:
This is a clean patch using the last diff of D69265, but using git
instead of svn, since svn went ro and arc was making my life harded
than it needed to be.

I was going to introduce a couple more lists and realized that our
lists are currently a bit all over the place. While we have a singly
linked list type relatively well defined, we are using doubly linked
lists defined on the fly for the stats and for the secondary blocks.

This CL adds a doubly linked list object, reorganizing the singly list
one to extract as much of the common code as possible. We use this
new type in the stats and the secondary. We also reorganize the list
tests to benefit from this consolidation.

There are a few side effect changes such as using for iterator loops
that are, in my opinion, cleaner in a couple of places.

Reviewers: hctim, morehouse, pcc, cferris

Reviewed By: hctim

Subscribers: jfb, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69516
2019-10-28 09:34:36 -07:00
Bryan Chan 35cb3ee4ca [AArch64][Builtins] Avoid unnecessary cache cleaning
Use new control bits CTR_EL0.DIC and CTR_EL0.IDC to discover the d-cache
cleaning and i-cache invalidation requirements for instruction-to-data
coherence. This matches the behavior in the latest libgcc.

Author: Shaokun Zhang <zhangshaokun@hisilicon.com>

Reviewed By: peter.smith

Differential Revision: https://reviews.llvm.org/D69247
2019-10-28 09:56:39 -04:00
Matt Morehouse a88591cff4 [libFuzzer] Enable extra counters for Fuchsia. 2019-10-25 16:12:59 -07:00
Puyan Lotfi bc58e0279b [compiler-rt] cmake: add include(BuiltinTests) to CompilerRTDarwinUtils
In cmake, if TEST_COMPILE_ONLY is set
compiler-rt/cmake/Modules/CompilerRTDarwinUtils.cmake invokes try_compile_only()
but try_compile_only() is defined in BuiltinTests.cmake and is not included in
CompilerRTDarwinUtils.cmake. This patch simply includes it BuiltinTests.

Differential Revision: https://reviews.llvm.org/D69410
2019-10-24 18:38:25 -04:00
Evgenii Stepanov a1817996fa Fix lld detection in standalone compiler-rt.
Summary:
Right now all hwasan tests on Android are silently disabled because they
require "has_lld" and standalone compiler-rt can not (and AFAIK was
never able to) set it.

Reviewers: pcc

Subscribers: dberris, mgorny, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69405
2019-10-24 14:46:10 -07:00
Stephan T. Lavavej 2e4f1e112d [www] Change URLs to HTTPS.
This changes most URLs in llvm's html files to HTTPS. Most changes were
search-and-replace with manual verification; some changes were manual.
For a few URLs, the websites were performing redirects or had changed
their anchors; I fixed those up manually. This consistently uses the
official https://wg21.link redirector. This also strips trailing
whitespace and fixes a couple of typos.

Fixes D69363.

There are a very small number of dead links for which I don't know any
replacements (they are equally dead as HTTP or HTTPS):

https://llvm.org/cmds/llvm2cpp.html
https://llvm.org/devmtg/2010-11/videos/Grosser_Polly-desktop.mp4
https://llvm.org/devmtg/2010-11/videos/Grosser_Polly-mobile.mp4
https://llvm.org/devmtg/2011-11/videos/Grosser_PollyOptimizations-desktop.mov
https://llvm.org/devmtg/2011-11/videos/Grosser_PollyOptimizations-mobile.mp4
https://llvm.org/perf/db_default/v4/nts/22463
https://polly.llvm.org/documentation/memaccess.html
2019-10-24 13:25:15 -07:00
David Tellenbach 6d11abfe35 [compiler-rt] Expose __hwasan_tag_mismatch_stub
Summary:
GCC would like to emit a function call to report a tag mismatch
rather than hard-code the `brk` instruction directly.

__hwasan_tag_mismatch_stub contains most of the functionality to do
this already, but requires exposure in the dynamic library.

This patch moves __hwasan_tag_mismatch_stub outside of the anonymous
namespace that it was defined in and declares it in
hwasan_interface_internal.h.

We also add the ability to pass sizes larger than 16 bytes to this
reporting function by providing a fourth parameter that is only looked
at when the size provided is not in the original accepted range.

This does not change the behaviour where it is already being called,
since the previous definition only accepted sizes up to 16 bytes and
hence the change in behaviour is not seen by existing users.
The change in declaration does not matter, since the only existing use
is in the __hwasan_tag_mismatch function written in assembly.

Reviewers: eugenis, kcc, pcc, #sanitizers

Reviewed By: eugenis, #sanitizers

Subscribers: kristof.beyls, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69113

Patch by Matthew Malcomson <matthew.malcomson@arm.com>
2019-10-24 11:16:06 +01:00
David Tellenbach 93aec861f5 Revert "Expose __hwasan_tag_mismatch_stub"
Attribution to author of patch got lost.

This reverts commit 612eadb7bc.
2019-10-24 11:11:05 +01:00
David Tellenbach 612eadb7bc Expose __hwasan_tag_mismatch_stub
Summary:
GCC would like to emit a function call to report a tag mismatch
rather than hard-code the `brk` instruction directly.

__hwasan_tag_mismatch_stub contains most of the functionality to do
this already, but requires exposure in the dynamic library.

This patch moves __hwasan_tag_mismatch_stub outside of the anonymous
namespace that it was defined in and declares it in
hwasan_interface_internal.h.

We also add the ability to pass sizes larger than 16 bytes to this
reporting function by providing a fourth parameter that is only looked
at when the size provided is not in the original accepted range.

This does not change the behaviour where it is already being called,
since the previous definition only accepted sizes up to 16 bytes and
hence the change in behaviour is not seen by existing users.
The change in declaration does not matter, since the only existing use
is in the __hwasan_tag_mismatch function written in assembly.

Tested with gcc and clang on an AArch64 vm.

Reviewers: eugenis, kcc, pcc, #sanitizers

Reviewed By: eugenis, #sanitizers

Subscribers: kristof.beyls, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69113
2019-10-24 11:05:39 +01:00
Sam Elliott 977205b595 [Sanitizers] Add support for RISC-V 64-bit
Summary:
This has been tested with gcc trunk on openSUSE Tumbleweed on the HiFive Unleashed.

Patch by Andreas Schwab (schwab)

Reviewers: luismarques

Reviewed By: luismarques

Subscribers: mhorne, emaste, luismarques, asb, mgorny, fedor.sergeev, simoncook, kito-cheng, shiva0217, rogfer01, rkruppe, lenary, s.egerton, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D66870
2019-10-23 14:12:52 +01:00
Evgenii Stepanov 70316d3174 Revert "Fix lld detection in standalone compiler-rt."
Breaks sanitizer-android buildbot.

This reverts commit d56203201f.
2019-10-22 13:36:06 -07:00
Rainer Orth 1876e6c83c [builtins][test] Avoid unportable mmap call in clear_cache_test.c
Within the last two weeks, the Builtins-*-sunos :: clear_cache_test.c started to FAIL
on Solaris.  Running it under truss shows

  mmap(0x00000000, 128, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, 0, 0) Err#22 EINVAL
  _exit(1)

While there are several possible reasons mmap can return EINVAL on Solaris, it turns
out it's this one (from mmap(2)):

  MAP_ANON  was  specified,  but the file descriptor was not
   -1.

And indeed even the Linux mmap(2) documents this as unportable:

  MAP_ANONYMOUS
          The mapping is not backed by any file; its contents are initial‐
          ized to zero.  The fd argument is ignored; however, some  imple‐
          mentations require fd to be -1 if MAP_ANONYMOUS (or MAP_ANON) is
          specified, and portable applications should  ensure  this.   The

This patch follows this advise.  Tested on x86_64-pc-linux-gnu, amd64-pc-solaris2.11
and sparcv9-sun-solaris2.11.

Differential Revision: https://reviews.llvm.org/D68455

llvm-svn: 375490
2019-10-22 08:44:25 +00:00
Evgeniy Stepanov d56203201f Fix lld detection in standalone compiler-rt.
Summary:
Right now all hwasan tests on Android are silently disabled because they
require "has_lld" and standalone compiler-rt can not (and AFAIK was
never able to) set it.

Reviewers: pcc, dyung

Subscribers: dberris, mgorny, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69196

llvm-svn: 375472
2019-10-21 23:59:45 +00:00
Evgeniy Stepanov e17b658fc7 [hwasan] Workaround unwinder issues in try-catch test.
Android links the unwinder library to every DSO. The problem is,
unwinder has global state, and hwasan implementation of personality
function wrapper happens to rub it the wrong way.

Switch the test to static libc++ as a temporary workaround.

llvm-svn: 375471
2019-10-21 23:57:12 +00:00
Vedant Kumar b081220cfd [profile] Use -fPIC -shared in a test instead of -dynamiclib
This is more portable than -dynamiclib. Also, fix the path to an input
file that broke when the test was moved in r375315.

llvm-svn: 375317
2019-10-19 00:51:27 +00:00
Vedant Kumar f6a4630417 [profile] Disable instrprof-get-filename-merge-mode.c on Windows
The Windows bots are failing with:

clang: warning: argument unused during compilation: '-dynamiclib' [-Wunused-command-line-argument]
llvm-svn: 375315
2019-10-19 00:46:53 +00:00
Vedant Kumar 937241b0d9 [profile] Do not cache __llvm_profile_get_filename result
When the %m filename pattern is used, the filename is unique to each
image, so the cached value is wrong.

It struck me that the full filename isn't something that's recomputed
often, so perhaps it doesn't need to be cached at all. David Li pointed
out we can go further and just hide lprofCurFilename. This may regress
workflows that depend on using the set-filename API to change filenames
across all loaded DSOs, but this is expected to be very rare.

rdar://55137071

Differential Revision: https://reviews.llvm.org/D69137

llvm-svn: 375301
2019-10-18 23:33:40 +00:00
Peter Collingbourne 33b758d2af hwasan: Add missing SANITIZER_INTERFACE_ATTRIBUTE on __hwasan_personality_wrapper.
Differential Revision: https://reviews.llvm.org/D69201

llvm-svn: 375298
2019-10-18 22:51:38 +00:00
Evgeniy Stepanov 0b7f320c3a [hwasan] Remove system allocator fallback.
Summary:
This has been an experiment with late malloc interposition, made
possible by a non-standard feature of the Android dynamic loader.

Reviewers: pcc, mmalcomson

Subscribers: srhines, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D69199

llvm-svn: 375296
2019-10-18 22:36:25 +00:00
Peter Collingbourne a8323679bd Update global_symbols.txt.
llvm-svn: 375284
2019-10-18 20:35:29 +00:00
Peter Collingbourne cf25242daa scudo: Update TLS_SLOT_SANITIZER value.
Android now allocates only 8 fixed TLS slots. Somehow we were getting away
with using a non-existent slot until now, but in some cases the TLS slots
were being placed at the end of a page, which led to a segfault at startup.

Differential Revision: https://reviews.llvm.org/D69191

llvm-svn: 375276
2019-10-18 20:00:32 +00:00
Sjoerd Meijer 9c155985f1 [Arm][libsanitizer] Fix arm libsanitizer failure with bleeding edge glibc
Glibc has recently introduced changed to the mode field in ipc_perm in commit
2f959dfe849e0646e27403f2e4091536496ac0f0. For Arm this means that the mode
field no longer has the same size.

This causes an assert failure against libsanitizer's internal copy of ipc_perm.
Since this change can't be easily detected I am adding arm to the list of
targets that are excluded from this check.

Patch by: Tamar Christina

Differential Revision: https://reviews.llvm.org/D69104

llvm-svn: 375220
2019-10-18 11:01:45 +00:00
Evgeniy Stepanov d5282dfc41 libhwasan initialisation include kernel syscall ABI relaxation
Summary:
Until now AArch64 development has been on patched kernels that have an always
on relaxed syscall ABI where tagged pointers are accepted.
The patches that have gone into the mainline kernel rely on each process opting
in to this relaxed ABI.

This commit adds code to choose that ABI into __hwasan_init.

The idea has already been agreed with one of the hwasan developers
(http://lists.llvm.org/pipermail/llvm-dev/2019-September/135328.html).

The patch ignores failures of `EINVAL` for Android, since there are older versions of the Android kernel that don't require this `prctl` or even have the relevant values.  Avoiding EINVAL will let the library run on them.

I've tested this on an AArch64 VM running a kernel that requires this
prctl, having compiled both with clang and gcc.

Patch by Matthew Malcomson.

Reviewers: eugenis, kcc, pcc

Reviewed By: eugenis

Subscribers: srhines, kristof.beyls, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68794

llvm-svn: 375166
2019-10-17 20:32:54 +00:00
Dan Liew dc748816e2 [Builtins] Downgrade duplicate source file warning from a fatal error to a warning.
This is a follow up to r375150 to unbreak the `clang-ppc64be-linux` bot.
The commit caused running the tests to fail due to

```
llvm-lit:
/home/buildbots/ppc64be-clang-multistage-test/clang-ppc64be-multistage/llvm/projects/compiler-rt/test/builtins/Unit/lit.cfg.py:116:
fatal: builtins_source_features contains duplicates:
['librt_has_divtc3']
```

This commit should be reverted once the build system bug for powerpc is
fixed.

llvm-svn: 375162
2019-10-17 20:14:04 +00:00
Dan Liew 5be7eb3ab4 [Builtins] Provide a mechanism to selectively disable tests based on whether an implementation is provided by a builtin library.
Summary:
If a platform removes some builtin implementations (e.g. via the
Darwin-excludes mechanism) then this can lead to test failures because
the test expects an implementation to be available.

To solve this lit features are added for each configuration based
on which sources are included in the builtin library. The features
are of the form `librt_has_<name>` where `<name>` is the name of the
source file with the file extension removed. This handles C and
assembly sources.

With the lit features in place it is possible to make certain tests
require them.

Example:

```
REQUIRES: librt_has_comparedf2
```

All top-level tests in `test/builtins/Unit` (i.e. not under
`arm`, `ppc`, and `riscv`) have been annotated with the appropriate
`REQUIRES: librt_has_*` statement.

rdar://problem/55520987

Reviewers: beanz, steven_wu, arphaman, dexonsmith, phosek, thakis

Subscribers: mgorny, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D68064

llvm-svn: 375150
2019-10-17 18:12:49 +00:00
Reid Kleckner 0aaa193127 [asan] Update Windows test expectations for LLVM's MS demangler
After r375041 llvm-symbolizer uses it for demangling instead of
UnDecorateSymbolName. LLVM puts spaces after commas while Microsoft does
not.

llvm-svn: 375147
2019-10-17 17:59:11 +00:00
Sam Elliott d4b7a60b92 Revert [Sanitizers] Add support for RISC-V 64-bit
This reverts r375132 (git commit 00bbe990c5)

llvm-svn: 375136
2019-10-17 17:24:28 +00:00
Sam Elliott 00bbe990c5 [Sanitizers] Add support for RISC-V 64-bit
Summary:
This has been tested with gcc trunk on openSUSE Tumbleweed on the HiFive Unleashed.

Patch by Andreas Schwab (schwab)

Reviewers: luismarques

Reviewed By: luismarques

Subscribers: mhorne, emaste, luismarques, asb, mgorny, fedor.sergeev, simoncook, kito-cheng, shiva0217, rogfer01, rkruppe, lenary, s.egerton, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D66870

llvm-svn: 375132
2019-10-17 16:36:27 +00:00
Zoran Jovanovic 78c78cb5a1 [mips] [builtins] Remove clear_mips_cache
Differential Revision: https://reviews.llvm.org/D69021

llvm-svn: 375110
2019-10-17 12:21:14 +00:00
Dan Liew 8a5bfbe6db [CMake] Disable building all Darwin libraries (except builtins) for macOS i386 when the SDK is >= 10.15.
Summary:
In the macOS 10.15 SDK the ability to link i386 binaries was removed and
in the corresponding OS it is not possible to run macOS i386 binaries.

The consequence of these changes meant that targets like `check-asan`
would fail because:

* Unit tests could not be linked for i386
* Lit tests for i386 would fail due to not being able to execute
  compiled binaries.

The simplest fix to this is to simply disable building for i386 for
macOS when using the 10.15 SDK (or newer). This disables building the
i386 slice for most compiler-rt libraries and consequently disables the
unit and lit tests for macOS i386.

Note that because the `DARWIN_osx_ARCHS` CMake variable is a cache
variable this patch will have no affect on existing builds unless
the existing cache variable is deleted. The simplest way to deal with
this is delete existing builds and just do a fresh configure.

Note this should not affect the builtins which are managed with
the `DARWIN_osx_BUILTIN_ARCHS` CMake cache variable.

For those who wish to force using a particular set of architectures when
using newer SDKs passing `-DDARWIN_osx_ARCHS=i386;x86_64;x86_64h` to
CMake should provide a usable (but completely unsupported) workaround.

rdar://problem/55668535
rdar://problem/47939978

Reviewers: kubamracek, yln, azhar, kcc, dvyukov, vitalybuka, cryptoad, eugenis, thakis, phosek

Subscribers: mgorny, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D68292

llvm-svn: 374977
2019-10-16 05:48:39 +00:00
Julian Lettner ecc4680c06 Revert "[ASan] Refine diagnoses messages"
This reverts commit 4d1ecadda5.

llvm-svn: 374965
2019-10-16 02:13:16 +00:00
Julian Lettner 4d1ecadda5 [ASan] Refine diagnoses messages
The provided PC is not reliable in every case, so don't suggest
something that does not make sense.

llvm-svn: 374959
2019-10-16 00:39:09 +00:00
Dmitry Mikulin 034badb312 CFI: wrong type passed to llvm.type.test with multiple inheritance devirtualization.
Differential Revision: https://reviews.llvm.org/D67985

llvm-svn: 374909
2019-10-15 16:32:50 +00:00
Dmitry Vyukov cc2f68ea2d tsan: fix Go ppc64le build
This #define is in the non-Go ppc64le build but not in the Go build.

Reviewed-in: https://reviews.llvm.org/D68046
Author: randall77 (Keith Randall)
llvm-svn: 374868
2019-10-15 08:38:58 +00:00
Jake Ehrlich cde860a1c9 [libFuzzer] Don't prefix absolute paths in fuchsia.
The ExecuteCommand function in fuchsia used to prefix the
getOutputFile for each command run with the artifact_prefix flag if
it was available, because fuchsia components don't have a writable working
directory. However, if a file with a global path is provided, fuchsia
should honor that.

An example of this is using the global /tmp directory to store stuff.
In fuchsia it ended up being translated to data///tmp, whereas we want
to make sure it is using /tmp (which is available to components using the
isolated-temp feature).

To test this I made the change, compiled fuchsia with this toolchain and
ran a fuzzer with the -fork=1 flag (that mode makes use of the /tmp
directory). I also tested that normal fuzzing workflow was not affected
by this.

Author: charco (Marco Vanotti)
Differential Revision: https://reviews.llvm.org/D68774

llvm-svn: 374612
2019-10-11 23:35:13 +00:00
Reid Kleckner 9280d6c178 Fix check-interception link error in compiler-rt debug mode
llvm-svn: 374472
2019-10-10 23:30:54 +00:00
Evgeniy Stepanov 53a53e63c8 Add a missing include in test.
A fix for r373993.

llvm-svn: 374448
2019-10-10 20:47:22 +00:00
Julian Lettner 99c9d7bd63 Reland "[ASan] Do not misrepresent high value address dereferences as null dereferences"
Updated: Removed offending TODO comment.

Dereferences with addresses above the 48-bit hardware addressable range
produce "invalid instruction" (instead of "invalid access") hardware
exceptions (there is no hardware address decoding logic for those bits),
and the address provided by this exception is the address of the
instruction (not the faulting address).  The kernel maps the "invalid
instruction" to SEGV, but fails to provide the real fault address.

Because of this ASan lies and says that those cases are null
dereferences.  This downgrades the severity of a found bug in terms of
security.  In the ASan signal handler, we can not provide the real
faulting address, but at least we can try not to lie.

rdar://50366151

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D68676

> llvm-svn: 374265

llvm-svn: 374384
2019-10-10 17:19:58 +00:00
David Carlier 69c9c223a0 [Sanitizers] Fix getrandom test
llvm-svn: 374333
2019-10-10 12:48:18 +00:00
Russell Gallop 38ac46b4bc Fix sanitizer lint check after r374315
llvm-svn: 374321
2019-10-10 12:02:31 +00:00
Roman Lebedev 6430adbe64 [UBSan] Appease linter
llvm-svn: 374316
2019-10-10 11:32:06 +00:00
David Carlier 90c8b59cfc [Sanitizers] Porting getrandom/getentropy interceptors to FreeBSD
- Available from 12.x branch, by the time it lands next year in FreeBSD tree, the 11.x's might be EOL.
- Intentionally changed the getrandom test to C code as with 12.0 (might be fixed in CURRENT since), there is a linkage issue in C++ context.

Reviewers: emaste, dim, vitalybuka

Reviewed-By: vitalybuka

Differential Revision: https://reviews.llvm.org/D68451

llvm-svn: 374315
2019-10-10 11:31:37 +00:00
Roman Lebedev eb8b6fe745 [UBSan] Split nullptr-and-nonzero-offset-variable.c in another direction
llvm-svn: 374309
2019-10-10 11:03:41 +00:00
Russell Gallop c48e0873af Revert "[ASan] Do not misrepresent high value address dereferences as null dereferences"
As it was breaking bots running sanitizer lint check

This reverts r374265 (git b577efe456)

llvm-svn: 374308
2019-10-10 10:56:52 +00:00
Roman Lebedev 5d59f20cc0 [UBSan] Split nullptr-and-nonzero-offset-variable.cpp into C and C++ variants
I do not understand the BB failire, it fully passes locally.

llvm-svn: 374306
2019-10-10 10:41:42 +00:00
Roman Lebedev 3de28b83c2 [UBSan] Revisit nullptr-and-nonzero-offset-variable.cpp test to hopefully make it pass on sanitizer-windows BB
llvm-svn: 374298
2019-10-10 09:51:13 +00:00
Roman Lebedev 536b0ee40a [UBSan][clang][compiler-rt] Applying non-zero offset to nullptr is undefined behaviour
Summary:
Quote from http://eel.is/c++draft/expr.add#4:
```
4     When an expression J that has integral type is added to or subtracted
      from an expression P of pointer type, the result has the type of P.
(4.1) If P evaluates to a null pointer value and J evaluates to 0,
      the result is a null pointer value.
(4.2) Otherwise, if P points to an array element i of an array object x with n
      elements ([dcl.array]), the expressions P + J and J + P
      (where J has the value j) point to the (possibly-hypothetical) array
      element i+j of x if 0≤i+j≤n and the expression P - J points to the
      (possibly-hypothetical) array element i−j of x if 0≤i−j≤n.
(4.3) Otherwise, the behavior is undefined.
```

Therefore, as per the standard, applying non-zero offset to `nullptr`
(or making non-`nullptr` a `nullptr`, by subtracting pointer's integral value
from the pointer itself) is undefined behavior. (*if* `nullptr` is not defined,
i.e. e.g. `-fno-delete-null-pointer-checks` was *not* specified.)

To make things more fun, in C (6.5.6p8), applying *any* offset to null pointer
is undefined, although Clang front-end pessimizes the code by not lowering
that info, so this UB is "harmless".

Since rL369789 (D66608 `[InstCombine] icmp eq/ne (gep inbounds P, Idx..), null -> icmp eq/ne P, null`)
LLVM middle-end uses those guarantees for transformations.
If the source contains such UB's, said code may now be miscompiled.
Such miscompilations were already observed:
* https://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20190826/687838.html
* https://github.com/google/filament/pull/1566

Surprisingly, UBSan does not catch those issues
... until now. This diff teaches UBSan about these UB's.

`getelementpointer inbounds` is a pretty frequent instruction,
so this does have a measurable impact on performance;
I've addressed most of the obvious missing folds (and thus decreased the performance impact by ~5%),
and then re-performed some performance measurements using my [[ https://github.com/darktable-org/rawspeed | RawSpeed ]] benchmark:
(all measurements done with LLVM ToT, the sanitizer never fired.)
* no sanitization vs. existing check: average `+21.62%` slowdown
* existing check vs. check after this patch: average `22.04%` slowdown
* no sanitization vs. this patch: average `48.42%` slowdown

Reviewers: vsk, filcab, rsmith, aaron.ballman, vitalybuka, rjmccall, #sanitizers

Reviewed By: rsmith

Subscribers: kristof.beyls, nickdesaulniers, nikic, ychen, dtzWill, xbolva00, dberris, arphaman, rupprecht, reames, regehr, llvm-commits, cfe-commits

Tags: #clang, #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D67122

llvm-svn: 374293
2019-10-10 09:25:02 +00:00
Julian Lettner b577efe456 [ASan] Do not misrepresent high value address dereferences as null dereferences
Dereferences with addresses above the 48-bit hardware addressable range
produce "invalid instruction" (instead of "invalid access") hardware
exceptions (there is no hardware address decoding logic for those bits),
and the address provided by this exception is the address of the
instruction (not the faulting address).  The kernel maps the "invalid
instruction" to SEGV, but fails to provide the real fault address.

Because of this ASan lies and says that those cases are null
dereferences.  This downgrades the severity of a found bug in terms of
security.  In the ASan signal handler, we can not provide the real
faulting address, but at least we can try not to lie.

rdar://50366151

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D68676

llvm-svn: 374265
2019-10-10 00:33:04 +00:00
Matt Morehouse da6cb7ba4c [sanitizer_common] Remove OnPrint from Go build.
Summary: Go now uses __sanitizer_on_print instead.

Reviewers: vitalybuka, dvyukov

Reviewed By: vitalybuka

Subscribers: llvm-commits

Tags: #llvm

Differential Revision: https://reviews.llvm.org/D68621

llvm-svn: 374258
2019-10-09 22:57:07 +00:00
Jake Ehrlich e7bfce7863 [libFuzzer] Fix Alarm callback in fuchsia.
This patch adds an #if macro to skip the InFuzzingThread() comparison
for fuchsia, similar to what it is done for Windows and NetBSD.

In fuchsia, the alarm callback runs in a separate thread[0], making it fail
the comparison InFuzzingThread(), breaking the -timeout flag.

[0]:
https://github.com/llvm/llvm-project/blob/master/compiler-rt/lib/fuzzer/FuzzerUtilFuchsia.cpp#L323

Author: charco (aka Marco  Vanotti)
Differential Revision: https://reviews.llvm.org/D68166

llvm-svn: 374228
2019-10-09 21:01:50 +00:00
Vitaly Buka ff5a7c4ca6 [sanitizer, NFC] Fix grammar in comment
llvm-svn: 374223
2019-10-09 20:52:39 +00:00
Vitaly Buka 3afc77dbbc [sanitizer] Disable signal_trap_handler on s390
llvm-svn: 374220
2019-10-09 20:48:50 +00:00
Vitaly Buka 39f759189d [sanitizer] Make signal_name a C test
llvm-svn: 374213
2019-10-09 20:22:14 +00:00
Vitaly Buka c3317658cf [sanitizer] Use raise() in test and cover more signals
llvm-svn: 374211
2019-10-09 20:18:27 +00:00
Kostya Kortchinsky f7b1489ffc [scudo][standalone] Get statistics in a char buffer
Summary:
Following up on D68471, this CL introduces some `getStats` APIs to
gather statistics in char buffers (`ScopedString` really) instead of
printing them out right away. Ultimately `printStats` will just
output the buffer, but that allows us to potentially do some work
on the intermediate buffer, and can be used for a `mallocz` type
of functionality. This allows us to pretty much get rid of all the
`Printf` calls around, but I am keeping the function in for
debugging purposes.

This changes the existing tests to use the new APIs when required.

I will add new tests as suggested in D68471 in another CL.

Reviewers: morehouse, hctim, vitalybuka, eugenis, cferris

Reviewed By: morehouse

Subscribers: delcypher, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D68653

llvm-svn: 374173
2019-10-09 15:09:28 +00:00
Vitaly Buka d5f92e345c [sanitizer] Fix crypt.cpp on Android again
llvm-svn: 374125
2019-10-08 22:09:51 +00:00
Vitaly Buka f3ae951c09 [sanitizer] Fix crypt.cpp test on Darwin
llvm-svn: 374115
2019-10-08 20:50:46 +00:00
Dan Liew 196eae533b Fix `compiler_rt_logbf_test.c` test failure for Builtins-i386-darwin test suite.
Summary:
It seems that compiler-rt's implementation and Darwin
libm's implementation of `logbf()` differ when given a NaN
with raised sign bit. Strangely this behaviour only happens with
i386 Darwin libm. For x86_64 and x86_64h the existing compiler-rt
implementation matched Darwin libm.

To workaround this the `compiler_rt_logbf_test.c` has been modified
to do a comparison on the `fp_t` type and if that fails check if both
values are NaN. If both values are NaN they are equivalent and no
error needs to be raised.

rdar://problem/55565503

Reviewers: rupprecht, scanon, compnerd, echristo
Subscribers: #sanitizers, llvm-commits
Tags: #llvm, #sanitizers
Differential Revision: https://reviews.llvm.org/D67999

llvm-svn: 374109
2019-10-08 20:06:01 +00:00
Vitaly Buka d8245e7a36 [sanitizer] Disable crypt*.cpp tests on Android
llvm-svn: 374088
2019-10-08 17:06:27 +00:00
David Carlier d80c2520d9 [builtins] Unbreak build on FreeBSD armv7 after D60351
headers include reordering.

Reviewers: phosek, echristo

Reviewed-By: phosek

Differential Revsion: https://reviews.llvm.org/D68045

llvm-svn: 374070
2019-10-08 15:45:35 +00:00
Vitaly Buka 54d767f508 [sanitizer] Fix signal_trap_handler.cpp on android
llvm-svn: 374010
2019-10-08 02:00:53 +00:00
Evgeniy Stepanov 2e2c934762 [msan] Add interceptors: crypt, crypt_r.
Reviewers: vitalybuka

Subscribers: srhines, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68431

llvm-svn: 373993
2019-10-08 00:00:30 +00:00
Vitaly Buka 2fdec42a16 [tsan, go] fix Go windows build
Summary:
Don't use weak exports when building tsan into a shared library for Go. gcc can't handle the pragmas used to make the weak references.

Include files that have been added since the last update to build.bat. (We should really find a better way to list all the files needed.)

Add windows version defines (WINVER and _WIN32_WINNT) to get AcquireSRWLockExclusive and ReleaseSRWLockExclusive defined.

Define GetProcessMemoryInfo to use the kernel32 version. This is kind of a hack, the windows header files should do this translation for us. I think we're not in the right family partition (we're using Desktop, but that translation only happens for App and System partitions???), but hacking the family partition seems equally gross and I have no idea what the consequences of that might be.

Patch by Keith Randall.

Reviewers: dvyukov, vitalybuka

Reviewed By: vitalybuka

Subscribers: jfb, delcypher, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D68599

llvm-svn: 373984
2019-10-07 23:11:07 +00:00
Vitaly Buka 2059105637 [tsan, go] break commands into multiple lines
Summary: Patch by Keith Randall.

Reviewers: dvyukov, vitalybuka

Subscribers: delcypher, jfb, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D68596

llvm-svn: 373983
2019-10-07 23:04:16 +00:00
Vitaly Buka 9917c76107 [sanitizer] Print SIGTRAP for corresponding signal
Reviewers: eugenis, jfb

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68603

llvm-svn: 373979
2019-10-07 22:43:19 +00:00
Vitaly Buka 87dd968849 [tsan] Don't delay SIGTRAP handler
Reviewers: eugenis, jfb

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68604

llvm-svn: 373978
2019-10-07 22:43:17 +00:00
Kostya Kortchinsky bebdab63e8 [scudo][standalone] Correct releaseToOS behavior
Summary:
There was an issue in `releaseToOSMaybe`: one of the criteria to
decide if we should proceed with the release was wrong. Namely:

```
const uptr N = Sci->Stats.PoppedBlocks - Sci->Stats.PushedBlocks;
if (N * BlockSize < PageSize)
  return; // No chance to release anything.
```

I meant to check if the amount of bytes in the free list was lower
than a page, but this actually checks if the amount of **in use** bytes
was lower than a page.

The correct code is:

```
const uptr BytesInFreeList =
  Region->AllocatedUser -
  (Region->Stats.PoppedBlocks - Region->Stats.PushedBlocks) * BlockSize;
if (BytesInFreeList < PageSize)
  return 0; // No chance to release anything.
```

Consequences of the bug:
- if a class size has less than a page worth of in-use bytes (allocated
  or in a cache), reclaiming would not occur, whatever the amount of
  blocks in the free list; in real world scenarios this is unlikely to
  happen and be impactful;
- if a class size had less than a page worth of free bytes (and enough
  in-use bytes, etc), then reclaiming would be attempted, with likely
  no result. This means the reclaiming was overzealous at times.

I didn't have a good way to test for this, so I changed the prototype
of the function to return the number of bytes released, allowing to
get the information needed. The test added fails with the initial
criteria.

Another issue is that `ReleaseToOsInterval` can actually be 0, meaning
we always try to release (side note: it's terrible for performances).
so change a `> 0` check to `>= 0`.

Additionally, decrease the `CanRelease` threshold to `PageSize / 32`.
I still have to make that configurable but I will do it at another time.

Finally, rename some variables in `printStats`: I feel like "available"
was too ambiguous, so change it to "total".

Reviewers: morehouse, hctim, eugenis, vitalybuka, cferris

Reviewed By: morehouse

Subscribers: delcypher, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D68471

llvm-svn: 373930
2019-10-07 17:37:39 +00:00
Kostya Kortchinsky dc802dbef2 [scudo][standalone] Make malloc_info return a minimal XML
Summary:
Initially, our malloc_info was returning ENOTSUP, but Android would
rather have it return successfully and write a barebone XML to the
stream, so we will oblige.

Add an associated test.

Reviewers: cferris, morehouse, hctim, eugenis, vitalybuka

Reviewed By: morehouse

Subscribers: delcypher, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D68427

llvm-svn: 373754
2019-10-04 15:46:34 +00:00
Vitaly Buka bb91a833c6 [compiler-rt] Remove O1 tests from signal_line.cpp
It does not work on arm

llvm-svn: 373702
2019-10-04 07:25:53 +00:00
Vitaly Buka 053391fa86 [compiler-rt] Fix signal_line.cpp test
r373682 committed wrong experimental version

llvm-svn: 373684
2019-10-04 00:43:05 +00:00
Vitaly Buka 57b6536ba1 [compiler-rt] Remove O2, O3 from signal_line test for fix android tests
llvm-svn: 373682
2019-10-04 00:38:08 +00:00
Vitaly Buka 161229eb1b compiler-rt: use __GLIBC_PREREQ for SANITIZER_INTERCEPT_GETRANDOM
Summary: Fixes https://github.com/google/oss-fuzz/issues/2836

Reviewers: eugenis

Subscribers: dberris, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68178

llvm-svn: 373681
2019-10-04 00:38:07 +00:00
Vitaly Buka 6fb03a290b [compiler-rt] More optimization levels in signal_line.cpp test
llvm-svn: 373642
2019-10-03 18:18:35 +00:00
Vitaly Buka 1fff2881a8 compiler-rt: move all __GLIBC_PREREQ into own header file
Reviewers: eugenis

Subscribers: dberris, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68177

llvm-svn: 373632
2019-10-03 17:46:07 +00:00
Matt Morehouse 629cad1266 Move SanitizerInitializeUnwinder outside anonymous namespace.
Fixes the Android build breakage introduced in r373528.

llvm-svn: 373539
2019-10-02 22:57:37 +00:00
Matt Morehouse 4d39410b1e [sanitizer_common] Declare __sanitizer_on_print in Windows interception.
Speculative fix for Windows bot.

llvm-svn: 373532
2019-10-02 22:00:29 +00:00
Matt Morehouse 38ac6bdb83 [sanitizer_common] Disable onprint.cpp on Android.
The test fails to find the written file on Android.

llvm-svn: 373531
2019-10-02 21:38:22 +00:00
Matt Morehouse 62f190ce9a [sanitizer_common] Add __sanitizer_on_print to interface list.
Should fix the current Windows buildbot failure.

llvm-svn: 373530
2019-10-02 21:21:18 +00:00
Vitaly Buka d39e7e2cf1 [compiler-rt] Use GetNextInstructionPc in signal handlers
Summary:
All other stack trace callers assume that PC contains return address.
HWAsan already use GetNextInstructionPc in similar code.

PR43339

Reviewers: eugenis, kcc, jfb

Subscribers: dexonsmith, dberris, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68313

llvm-svn: 373529
2019-10-02 21:20:37 +00:00
Vitaly Buka 59bf75caab NFC: add namespace {}
llvm-svn: 373528
2019-10-02 21:20:32 +00:00
Matt Morehouse e55c442b1b [sanitizer_common] Rename OnPrint to __sanitizer_on_print.
Summary:
https://reviews.llvm.org/D28596 exposed OnPrint in the global namespace,
which can cause collisions with user-defined OnPrint() functions.

Reviewers: vitalybuka, dvyukov

Reviewed By: vitalybuka, dvyukov

Subscribers: llvm-commits

Tags: #llvm

Differential Revision: https://reviews.llvm.org/D67987

llvm-svn: 373518
2019-10-02 20:13:21 +00:00
Dan Liew bbde056b88 [CMake] Fix the value of `config.target_cflags` for non-macOS Apple platforms. Attempt #3.
The main problem here is that `-*-version_min=` was not being passed to
the compiler when building test cases. This can cause problems when
testing on devices running older OSs because Clang would previously
assume the minimum deployment target is the the latest OS in the SDK
which could be much newer than what the device is running.

Previously the generated value looked like this:

`-arch arm64 -isysroot
<path_to_xcode>/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS12.1.sdk`

With this change it now looks like:

`-arch arm64 -stdlib=libc++ -miphoneos-version-min=8.0 -isysroot
<path_to_xcode>/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS12.1.sdk`

This mirrors the setting of config.target_cflags on macOS.

This change is made for ASan, LibFuzzer, TSan, and UBSan.

To implement this a new `get_test_cflags_for_apple_platform()` function
has been added that when given an Apple platform name and architecture
returns a string containing the C compiler flags to use when building
tests. This also calls a new helper function `is_valid_apple_platform()`
that validates Apple platform names.

This is the third attempt at landing the patch.

The first attempt (r359305) had to be reverted (r359327) due to a buildbot
failure. The problem was that calling `get_test_cflags_for_apple_platform()`
can trigger a CMake error if the provided architecture is not supported by the
current CMake configuration. Previously, this could be triggered by passing
`-DCOMPILER_RT_ENABLE_IOS=OFF` to CMake. The root cause is that we were
generating test configurations for a list of architectures without checking if
the relevant Sanitizer actually supported that architecture. We now intersect
the list of architectures for an Apple platform with
`<SANITIZER>_SUPPORTED_ARCH` (where `<SANITIZER>` is a Sanitizer name) to
iterate through the correct list of architectures.

The second attempt (r363633) had to be reverted (r363779) due to a build
failure. The failed build was using a modified Apple toolchain where the iOS
simulator SDK was missing. This exposed a bug in the existing UBSan test
generation code where it was assumed that `COMPILER_RT_ENABLE_IOS` implied that
the toolchain supported both iOS and the iOS simulator. This is not true. This
has been fixed by using the list `SANITIZER_COMMON_SUPPORTED_OS` for the list
of supported Apple platforms for UBSan. For consistency with the other
Sanitizers we also now intersect the list of architectures with
UBSAN_SUPPORTED_ARCH.

rdar://problem/50124489

Differential Revision: https://reviews.llvm.org/D61242

llvm-svn: 373405
2019-10-01 23:08:18 +00:00
Matt Morehouse 1c8e05110c [libFuzzer] Remove lazy counters.
Summary: Lazy counters haven't improved performance for large fuzz targets.

Reviewers: kcc

Reviewed By: kcc

Subscribers: llvm-commits

Tags: #llvm

Differential Revision: https://reviews.llvm.org/D67476

llvm-svn: 373403
2019-10-01 22:49:06 +00:00
Vitaly Buka 3ee619c112 Revert "compiler-rt: use __GLIBC_PREREQ for SANITIZER_INTERCEPT_GETRANDOM"
Revert "compiler-rt: move all __GLIBC_PREREQ into own header file"

"move all __GLIBC_PREREQ" breaks build on some bots

This reverts commit 2d75ee9373.
This reverts commit 7a6461fcc2.

llvm-svn: 373367
2019-10-01 18:03:11 +00:00
Vitaly Buka 7a6461fcc2 compiler-rt: use __GLIBC_PREREQ for SANITIZER_INTERCEPT_GETRANDOM
Summary: Fixes https://github.com/google/oss-fuzz/issues/2836

Reviewers: eugenis

Subscribers: dberris, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68178

llvm-svn: 373284
2019-10-01 00:58:29 +00:00
Vitaly Buka 2d75ee9373 compiler-rt: move all __GLIBC_PREREQ into own header file
Reviewers: eugenis

Subscribers: dberris, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68177

llvm-svn: 373283
2019-10-01 00:58:28 +00:00
Vitaly Buka f74f5f2568 Rename tsan_interceptors.cpp into tsan_interceptors_posix.cpp
Summary:
It's needed to use __GLIBC_PREREQ from <features.h>

tsan didn't let us to include <features.h> by using --sysroot=. to disable system includes on
anything that is not named as "tsan*posix*", "tsan*mac*", "tsan*linux*".
See compiler-rt/lib/tsan/CMakeLists.txt

Reviewers: eugenis, dvyukov, kcc

Reviewed By: kcc

Subscribers: mgorny, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68176

llvm-svn: 373282
2019-10-01 00:58:26 +00:00
Evgeniy Stepanov 72131161a4 [msan] Intercept __getrlimit.
Summary:
This interceptor is useful on its own, but the main purpose of this
change is to intercept libpthread initialization on linux/glibc in
order to run __msan_init before any .preinit_array constructors.

We used to trigger on pthread_initialize_minimal -> getrlimit(), but
that call has changed to __getrlimit at some point.

Reviewers: vitalybuka, pcc

Subscribers: jfb, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68168

llvm-svn: 373239
2019-09-30 17:49:48 +00:00
Mitch Phillips d1e222e552 [libFuzzer] Dump trace and provide correct msg for overwritten input.
Summary:
Now crashes with a stacktrace and uses 'overwrites-const-input' as the error
message instead of 'out-of-memory'.

Reviewers: morehouse, Dor1s

Reviewed By: morehouse, Dor1s

Subscribers: #sanitizers, llvm-commits, metzman, Dor1s

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68067

llvm-svn: 373130
2019-09-27 22:04:36 +00:00
Vedant Kumar 84ca5c8cbf Revert "[profile] Add a test dependency on cxx-headers"
This reverts commit b539350f7d006b7d6f42c5c4b5715da87a52e5d8.

See: http://lab.llvm.org:8011/builders/sanitizer-windows/builds/52140/steps/annotate/logs/stdio

The cxx-headers target doesn't exist everywhere.

llvm-svn: 373123
2019-09-27 20:24:48 +00:00
Vedant Kumar 9639f3572a [profile] Mark instrprof-gcov-fork.test UNSUPPORTED on Darwin as well
This test remains flaky everywhere, I think. We should consider deleting
it and accompanying support code in GCOVProfiling: I've stopped short of
doing that now as the gcov exec* tests appear to be stable.

See the thread re: r347779.

llvm-svn: 373121
2019-09-27 20:12:38 +00:00
Vedant Kumar 20daf91af2 [profile] Add a test dependency on cxx-headers
This enables running profile runtime tests which #include <string>, etc.
via just `check-profile`.

llvm-svn: 373120
2019-09-27 20:12:35 +00:00
Peter Collingbourne c336557f02 hwasan: Compatibility fixes for short granules.
We can't use short granules with stack instrumentation when targeting older
API levels because the rest of the system won't understand the short granule
tags stored in shadow memory.

Moreover, we need to be able to let old binaries (which won't understand
short granule tags) run on a new system that supports short granule
tags. Such binaries will call the __hwasan_tag_mismatch function when their
outlined checks fail. We can compensate for the binary's lack of support
for short granules by implementing the short granule part of the check in
the __hwasan_tag_mismatch function. Unfortunately we can't do anything about
inline checks, but I don't believe that we can generate these by default on
aarch64, nor did we do so when the ABI was fixed.

A new function, __hwasan_tag_mismatch_v2, is introduced that lets code
targeting the new runtime avoid redoing the short granule check. Because tag
mismatches are rare this isn't important from a performance perspective; the
main benefit is that it introduces a symbol dependency that prevents binaries
targeting the new runtime from running on older (i.e. incompatible) runtimes.

Differential Revision: https://reviews.llvm.org/D68059

llvm-svn: 373035
2019-09-27 01:02:10 +00:00
Mitch Phillips da3cf61654 [libFuzzer] [NFC] Fix grammar error with "it's"
llvm-svn: 372937
2019-09-26 00:54:30 +00:00
Nico Weber cddc153102 builtins test: Move clear_cache_test.c from a mprotect()ed global to a mmap()ed variable
ld64 in the macOS 10.15 SDK gives __DATA a maxprot of 3, meaning it
can't be made executable at runtime by default.

Change clear_cache_test.c to use mmap()ed data that's mapped as writable
and executable from the beginning, instead of trying to mprotect()ing a
__DATA variable as executable. This fixes the test on macOS with the
10.15 SDK.

PR43407.

Differential Revision: https://reviews.llvm.org/D67929

llvm-svn: 372849
2019-09-25 11:57:51 +00:00
Puyan Lotfi 67b705b18d [NFC] Invoke lipo from CMAKE_LIPO.
This shouldn't change anything, except that a cmake cache file that specifies
CMAKE_LIPO can specify an alternate lipo to use.

llvm-svn: 372790
2019-09-24 23:48:42 +00:00
Joachim Protze 886a4ff977 [TSAN] Add read/write range interface functions with PC
Adding annotation function variants __tsan_write_range_pc and
__tsan_read_range_pc to annotate ranged access to memory while providing a
program counter for the access.

Differential Revision: https://reviews.llvm.org/D66885

llvm-svn: 372730
2019-09-24 11:19:02 +00:00
Dmitry Vyukov 88a5bba7b5 sanitizer_common: fix freebsd build error
Variable flags is not used. Remove it.

Suggested-by: randall77 (Keith Randall)
Review: https://reviews.llvm.org/D67928
llvm-svn: 372698
2019-09-24 08:27:51 +00:00
Rumeet Dhindsa 1605eb1c1c Fix int to bool errors exposed due to r372612.
Differential Revision: https://reviews.llvm.org/D67937
M    lib/builtins/fp_add_impl.inc
M    lib/builtins/fp_lib.h
M    lib/builtins/fp_trunc_impl.inc

llvm-svn: 372684
2019-09-24 02:59:02 +00:00
Artem Dergachev 837273711e [llvm-cov] NFC: Specify a specific C++ standard in the test.
Makes life easier for downstream users with customized default standard.

llvm-svn: 372674
2019-09-24 00:01:51 +00:00
Jinsong Ji e2af0e5ee8 [compiler-rt] Fix lint check failure on comments
This fixes buildbot failures for https://reviews.llvm.org/rL372459.
(at least on PowerPC/Z )

The fix is generated by running clang-format on the error lines only.

llvm-svn: 372511
2019-09-22 15:31:03 +00:00
Kamil Rytarowski 1b58389428 Add __lsan::ScopedInterceptorDisabler for strerror(3)
Summary:
strerror(3) on NetBSD uses internally TSD with a destructor that is never
fired for exit(3). It's correctly called for pthread_exit(3) scenarios.

This is a case when a leak on exit(3) is expected, unavoidable and harmless.

Reviewers: joerg, vitalybuka, dvyukov, mgorny

Reviewed By: vitalybuka

Subscribers: dmgreen, kristof.beyls, jfb, llvm-commits, #sanitizers

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D67337

llvm-svn: 372461
2019-09-21 07:45:02 +00:00
Kamil Rytarowski 5fe1e55d35 Avoid memory leak in ASan test
Summary:
Add missing free(3) for the malloc(3) call.

Detected on NetBSD with LSan.

Reviewers: joerg, mgorny, vitalybuka, dvyukov

Reviewed By: vitalybuka

Subscribers: llvm-commits, #sanitizers

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D67330

llvm-svn: 372460
2019-09-21 07:43:55 +00:00
Kamil Rytarowski 8827047551 Stop tracking atexit/__cxa_atexit/pthread_atfork allocations in LSan/NetBSD
Summary:
The atexit(3) and __cxa_atexit() calls allocate internally memory and free on exit,
after executing all callback. This causes false positives as DoLeakCheck() is called
from the atexit handler. In the LSan/ASan tests there are strict checks triggering
false positives here.

Intercept all atexit(3) and __cxa_atexit() calls and disable LSan when calling the
real functions.

Stop tracing allocations in pthread_atfork(3) funtions, as there are performed
internal allocations that are not freed for the time of running StopTheWorld()
code. This avoids false-positives.

The same changes have to be replicated in the ASan and LSan runtime.

Non-NetBSD OSs are not tested and this code is restricted to NetBSD only.

Reviewers: dvyukov, joerg, mgorny, vitalybuka, eugenis

Reviewed By: vitalybuka

Subscribers: jfb, llvm-commits, #sanitizers

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D67331

llvm-svn: 372459
2019-09-21 07:30:42 +00:00
Evgeniy Stepanov f1b6bd403d [lsan] Fix deadlock in dl_iterate_phdr.
Summary:
Do not grab the allocator lock before calling dl_iterate_phdr. This may
cause a lock order inversion with (valid) user code that uses malloc
inside a dl_iterate_phdr callback.

Reviewers: vitalybuka, hctim

Subscribers: jfb, #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D67738

llvm-svn: 372348
2019-09-19 19:52:57 +00:00
Hans Wennborg ec841cf36c [cmake] Strip quotes in try_compile_only
After r372209, the compile command can end up including an argument with
quotes in it, e.g.

  -fprofile-instr-use="/foo/bar.profdata"

when invoking the compiler with execute_process, the compiler ends up
getting that argument with quotes and all, and fails to open the file.

This all seems horribly broken, but one way of working around it is to
simply strip the quotes from the string here. If they were there to
protect a path that's got spaces in it, that wasn't going to work
anyway because the string is later split by spaces.

llvm-svn: 372312
2019-09-19 11:28:32 +00:00
Dmitry Vyukov d97865e530 tsan: allow the Go runtime to return multiple stack frames for a single PC
This fix allows tsan to report stack traces correctly even in the
presence of mid-stack inlining by the Go compiler.

See https://go-review.googlesource.com/c/go/+/195781 for the Go runtime side of this change.

Author: randall77 (Keith Randall)
Reviewed: https://reviews.llvm.org/D67671
llvm-svn: 372205
2019-09-18 09:18:04 +00:00
David Bolvansky 9a14ee81d2 Remove asan test for strncat(x, y, 0)
llvm-svn: 372143
2019-09-17 17:17:30 +00:00
David Bolvansky 5abd6f46ae [ASAN] Adjust asan tests due to new optimizations
llvm-svn: 372141
2019-09-17 17:07:31 +00:00