Summary:
This is an initial implementation of a Hardened Allocator based on Sanitizer Common's CombinedAllocator.
It aims at mitigating heap based vulnerabilities by adding several features to the base allocator, while staying relatively fast.
The following were implemented:
- additional consistency checks on the allocation function parameters and on the heap chunks;
- use of checksum protected chunk header, to detect corruption;
- randomness to the allocator base;
- delayed freelist (quarantine), to mitigate use after free and overall determinism.
Additional mitigations are in the works.
Reviewers: eugenis, aizatsky, pcc, krasin, vitalybuka, glider, dvyukov, kcc
Subscribers: kubabrecka, filcab, llvm-commits
Differential Revision: http://reviews.llvm.org/D20084
llvm-svn: 271968
Summary:
Adds the initial version of a runtime library for the new
EfficiencySanitizer ("esan") family of tools. The library includes:
+ Slowpath code via callouts from the compiler instrumentation for
each memory access.
+ Registration of atexit() to call finalization code.
+ Runtime option flags controlled by the environment variable
ESAN_OPTIONS. The common sanitizer flags are supported such as
verbosity and log_path.
+ An initial simple test.
Still TODO: common code for libc interceptors and shadow memory mapping,
and tool-specific code for shadow state updating.
Reviewers: eugenis, vitalybuka, aizatsky, filcab
Subscribers: filcab, vkalintiris, kubabrecka, llvm-commits, zhaoqin, kcc
Differential Revision: http://reviews.llvm.org/D19168
llvm-svn: 267060
If we don't create the target, don't try to add it as a dependency.
After r265595, we were only creating the SanitizerLintCheck when
`CMAKE_HOST_UNIX` was true.
CMake was emitting a warning:
The dependency target "SanitizerLintCheck" of target "check-ubsan" does not
exist.
llvm-svn: 265613
Compiler-rt only relies on LLVM for lit support. Pushing this dependency down into the test and unitest layers will allow builtin libraries to be built without LLVM.
llvm-svn: 261105
Fix incorrect condition for enabling the CFI tests. This removes the following CMake warnings on Windows:
The dependency target "cfi" of target "check-all" does not exist.
The dependency target "cfi" of target "check-cfi-and-supported" does not exist.
llvm-svn: 257199
Summary:
Rather than having to add new "experimental" options each time someone wants to work on bringing a sanitizer to a new platform, this patch makes options for all of them.
The default values for the options are set by the platform checks that would have enabled them, but they can be overridden on or off.
Reviewers: kubabrecka, samsonov
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D14846
llvm-svn: 255170
Specifically:
- Disable int128 tests on Windows, as MSVC cl.exe does not support
int128, so we might not have been able to build the runtime
with int128 support.
- XFAIL the vptr tests as we lack Microsoft ABI support.
- XFAIL enum.cpp as UBSan fails to add the correct instrumentation code
for some reason.
- Modify certain tests that build executables multiple times to use
unique names for each executable. This works around a race condition
observed on Windows.
- Implement IsAccessibleMemoryRange for Windows to fix the last
misaligned.cpp test.
- Introduce a substitution for testing crashes on Windows using
KillTheDoctor.
Differential Revision: http://reviews.llvm.org/D10864
llvm-svn: 241303
This patch adds runtime support for the Safe Stack protection to compiler-rt
(see http://reviews.llvm.org/D6094 for the detailed description of the
Safe Stack).
This patch is our implementation of the safe stack on top of compiler-rt. The
patch adds basic runtime support for the safe stack to compiler-rt that
manages unsafe stack allocation/deallocation for each thread.
Original patch by Volodymyr Kuznetsov and others at the Dependable Systems
Lab at EPFL; updates and upstreaming by myself.
Differential Revision: http://reviews.llvm.org/D6096
llvm-svn: 239763
Summary:
It still gets picked up by ASan, but it also gets picked up by the other
test suites.
Otherwise, some test suites (e.g: UBSan) would complain they had no
dependencies, and wouldn't run.
Reviewers: samsonov, eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D7740
llvm-svn: 229962
a given platform in a top-level CMakeLists.txt to use it both
in lib/ and in test/ subdirectories. Move architecture/platform
checks to config-ix.
llvm-svn: 215247
Add the test infrastructure for testing lib/profile and a single test.
This initial commit only enables the tests on Darwin, but they'll be
enabled on Linux soon after.
<rdar://problem/16458307>
llvm-svn: 205256
1) Depend on llvm-config (configured in LLVM_CONFIG_PATH) to
get necessary LLVM source/binary directories.
2) Add basic support for running lit tests (check-xsan commands).
For now this "support" is far from what we want:
* unit tests are not built currently.
* lit tests use Clang/compiler-rt from LLVM build directory,
not the host compiler or just-built compiler-rt libraries.
We should make a choice on the way we intend ti run compiler-rt lit testsuite:
a) use either Clang from LLVM build tree, or the host compiler.
b) use either just-built runtimes, or the runtimes shipped with the
host compiler.
Using just-built runtimes is tricky - we have to know where to put them, so that
Clang/GCC driver would pick them up (and not overwrite the existing runtimes).
Using a host compiler instead of Clang from LLVM build tree will give us a chance to
run lit tests under GCC (which already has support for several sanitizers).
That is, I tend to make the following choice: if we're in a standalone compiler-rt
build, use host compiler with its set of runtime libraries to run lit tests.
This will effectively decouple "make compiler-rt" and "make check-compiler-rt" in
a standalone build - the latter wouldn't invoke the former. Note that if we decide
to fix LLVM/Clang/compiler-rt build system so that it would configure/build
compiler-rt with just-built Clang (as we do in Makefile-based build), this will not
be a problem - we can add a dependency to ensure that clang/compiler-rt are rebuilt
before running compiler-rt tests.
llvm-svn: 201656
I cannot build any part of this successfully on either Linux or Darwin,
and the replacement is worlds simpler by requiring that this be built as
a subproject of LLVM. If this breaks you for any reason, please let me
know, and let me know what your use case is.
llvm-svn: 154059