Summary:
The dynamic shadow code is not detected correctly on Android.
The android shadow seems to start at address zero.
The bug is introduced here:
https://reviews.llvm.org/D23363
Started here: https://build.chromium.org/p/chromium.fyi/builders/ClangToTAndroidASan/builds/4029
Likely due to an asan runtime change, filed https://llvm.org/bugs/show_bug.cgi?id=30462
From asan_mapping.h:
```
#if SANITIZER_WORDSIZE == 32
# if SANITIZER_ANDROID
# define SHADOW_OFFSET (0) <<---- HERE
# elif defined(__mips__)
```
Shadow address on android is 0.
From asan_rtl.c:
```
if (shadow_start == 0) {
[...]
shadow_start = FindAvailableMemoryRange(space_size, alignment, granularity);
}
```
We assumed that 0 is dynamic address.
On windows, the address was determined with:
```
# elif SANITIZER_WINDOWS64
# define SHADOW_OFFSET __asan_shadow_memory_dynamic_address
# else
```
and __asan_shadow_memory_dynamic_address is initially zero.
Reviewers: rnk, eugenis, vitalybuka
Subscribers: kcc, tberghammer, danalbert, kubabrecka, dberris, llvm-commits, chrisha
Differential Revision: https://reviews.llvm.org/D24768
llvm-svn: 282085
One of the tests relying on sem_t's layout gets the wrong value for versions of
glibc newer than 2.21 on platforms that don't have 64-bit atomics (e.g. ARM).
This commit fixes the test to work with:
* versions of glibc >= 2.21 on platforms with 64-bit atomics: unchanged
* versions of glibc >= 2.21 on platforms without 64-bit atomics: the semaphore
value is shifted by SEM_VALUE_SHIFT (which is set to 1 in glibc's internal
headers)
* versions of glibc < 2.21: unchanged
See the glibc 2.23 sources:
* sysdeps/nptl/internaltypes.h (struct new_sem for glibc >= 2.21 and
struct old_sem for glibc < 2.21)
* nptl/sem_getvalue.c
This was uncovered on one of the new buildbots that we are trying to move to
production.
Differential Revision: https://reviews.llvm.org/D24766
llvm-svn: 282061
This was changed in rL276151 and causes problems if the C++ compiler does not
support the same arches as the C compiler.
For the builtins, only the C compiler is tested in try_compile_only.
Additionally, -fno-exceptions is passed in (if available) to work around
the case where no libunwind is available.
Differential Revision: https://reviews.llvm.org/D23654
llvm-svn: 282054
Summary:
GetActuallyAllocatedSize() was not accounting for the last page of the mapping
being a guard page, and was returning the wrong number of actually allocated
bytes, which in turn would mess up with the realloc logic. Current tests didn't
find this as the size exercised was only serviced by the Primary.
Correct the issue by subtracting PageSize, and update the realloc test to
exercise paths in both the Primary and the Secondary.
Reviewers: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D24787
llvm-svn: 282030
Summary:
Much of the non-Darwin build system assumes that COMPILER_RT_DEFAULT_TARGET_TRIPLE is the default target triple for the compiler being used. With clang as your compiler this isn't necessarily true.
To ensure that the rest of the build system behaves as expected this patch adds "--target=${COMPILER_RT_DEFAULT_TARGET_TRIPLE}" to the compiler flags for C, CXX and ASM sources.
Reviewers: compnerd, rengolin, fjricci
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D24156
llvm-svn: 282024
Summary:
The Sanitizer Secondary Allocator was not entirely ideal was Scudo for several
reasons: decent amount of unneeded code, redundant checks already performed by
the front end, unneeded data structures, difficulty to properly protect the
secondary chunks header.
Given that the second allocator is pretty straight forward, Scudo will use its
own, trimming all the unneeded code off of the Sanitizer one. A significant
difference in terms of security is that now each secondary chunk is preceded
and followed by a guard page, thus mitigating overflows into and from the
chunk.
A test was added as well to illustrate the overflow & underflow situations
into the guard pages.
Reviewers: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D24737
llvm-svn: 281938
Summary:
This patch is adding the needed code to compiler-rt to support
dynamic shadow.
This is to support this patch:
https://reviews.llvm.org/D23354
It's adding support for using a shadow placed at a dynamic address determined
at runtime.
The dynamic shadow is required to work on windows 64-bits.
Reviewers: rnk, kcc, vitalybuka
Subscribers: kubabrecka, dberris, llvm-commits, chrisha
Differential Revision: https://reviews.llvm.org/D23363
llvm-svn: 281909
Currently, when doing a ASanified build of LLVM (with Clang, compiler-rt and libcxx) via -DLLVM_USE_SANITIZER=Address and not using any other options, we already disable building of sanitizer runtimes (because they themselves can’t be sanitized) and also exclude the sanitizer tests. However, the same is not done for the profiling runtime, which will build fine, but then all the tests fail due to linking errors. Let’s disable the profiling runtime as well (when LLVM_USE_SANITIZER is set).
Differential Revision: https://reviews.llvm.org/D24657
llvm-svn: 281815
Summary:
This value is already defaulted to true in asan_internal.h.
Allow the value to be overriden in cases where exceptions are unavailable.
Reviewers: kcc, samsonov, compnerd
Subscribers: kubabrecka, dberris, beanz, mgorny, llvm-commits
Differential Revision: https://reviews.llvm.org/D24633
llvm-svn: 281746
Summary:
I need to redu solution, existing is not good enough.
PR28267
Reviewers: eugenis
Subscribers: llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D24490
llvm-svn: 281687
The definitions in sanitizer_common may conflict with definitions from system headers because:
The runtime includes the system headers after the project headers (as per LLVM coding guidelines).
lib/sanitizer_common/sanitizer_internal_defs.h pollutes the namespace of everything defined after it, which is all/most of the sanitizer .h and .cc files and the included system headers with: using namespace __sanitizer; // NOLINT
This patch solves the problem by introducing the namespace only within the sanitizer namespaces as proposed by Dmitry.
Differential Revision: https://reviews.llvm.org/D21947
llvm-svn: 281657
These got out of sync and the tests were failing for me locally. We
assume a 47 bit address space in ASan, so we should do the same in the
tests.
llvm-svn: 281622
Don't list __sanitizer_print_memory profile as an INTERFACE_FUNCTION. It
is not exported by ASan; it is exported by user code.
Move the weak definition from asan_win.cc to sanitizer_win.cc to fix the
ubsan tests.
llvm-svn: 281619
Summary:
ASAN on Windows 64-bits should use a dynamic address instead of a fixed one.
The asan-allocator code to support dynamic address is already landed.
This patch is turning on the feature.
Reviewers: rnk
Subscribers: kubabrecka, dberris, llvm-commits, chrisha
Differential Revision: https://reviews.llvm.org/D24575
llvm-svn: 281522
The '-asan-use-private-alias’ option (disabled by default) option is currently only enabled for Linux and ELF, but it also works on Darwin and Mach-O. This option also fixes a known problem with LTO on Darwin (https://github.com/google/sanitizers/issues/647). This patch enables the support for Darwin (but still keeps it off by default) and adds the LTO test case.
Differential Revision: https://reviews.llvm.org/D24292
llvm-svn: 281472
Support overriding LLVM_* variables obtained from llvm-config when doing
stand-alone builds. The override of LLVM_MAIN_SRC_DIR is necessary to
provide LLVM sources when the initial directory used to build LLVM does
no longer exist when compiler-rt is built stand-alone. This is
especially the case when building the projects separately in temporary
directories with unpredictable names.
The code is based on existing CMakeLists.txt from clang. Alike clang, it
extends the override to all queried variables.
Differential Revision: https://reviews.llvm.org/D24005
llvm-svn: 281461
It makes the tests extremely slow due to high latency of the test launcher.
The main reason for -j5 was high memory usage with handle_abort=1, which
is now disabled in the test runner.
llvm-svn: 281409
When running with start_deactivated=1 in ASAN_OPTIONS, heap redzones
are not poisoned until the first instrumented module is loaded. This
can cause false negatives even on memory allocated after activation,
because redzones are normally poisoned only once when a new allocator
region is mapped.
This change attempts to fix it by iterating over all existing
allocator chunks and poisoning their redzones.
llvm-svn: 281364
Summary:
Added a macro to enumerate the (error name, error member name) pairs. This way,
when adding an error, we only need to add the pair to one place (plus add its
implementation, or course).
Reviewers: kcc, samsonov
Subscribers: llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D23875
llvm-svn: 281237
Summary: As mentioned in D24394, I'm moving tid to ErrorBase, since basically all errors need it.
Also mentioned in the same review are other cleanups like adding const
to BufferedStackTrace and make sure constructor orders are consistent.
Reviewers: vitalybuka, kcc, eugenis
Subscribers: llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D24455
llvm-svn: 281236
Summary:
This is important information when we want to describe errors, and should be
part of these descriptions. Otherwise, we need to know the access size when
printing/emitting the description.
Reviewers: kcc, eugenis, vitalybuka
Subscribers: llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D24387
llvm-svn: 281093
Summary:
This is useful for inclusion in the Error* structures, to describe an
arbitrary address.
Remove the old struct since it's used only once. This removes one level of
indirection, and moves all *AddressDescription to be one of the recently
introduced structures.
This merges differential revisions: D24131 and D24132
Reviewers: kcc, eugenis, vitalybuka
Subscribers: kubabrecka, llvm-commits
Differential Revision: https://reviews.llvm.org/D24131
llvm-svn: 281090
The same thing is already done on Mac. handle_abort slows down tests
significantly because it triggers tombstone collection on Android;
also, it changes failed test outcome from "not-crash" to "crash" (as
in "bin/not --crash").
This change adds handle_abort=0 to asan options on android (test
only!), and also tweaks android_run.py to semi-correctly pass the
crash/no-crash status to the caller.
llvm-svn: 281075
Summary: Merges back both scariness_score_test.cc files, since the Linux-specific version shouldn't be needed any more.
Reviewers: kcc, eugenis, vitalybuka
Subscribers: llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D24347
llvm-svn: 281048
Summary: This flag doesn't make sense on Windows systems.
Reviewers: beanz, kubabrecka, compnerd
Subscribers: dberris, llvm-commits, beanz
Differential Revision: https://reviews.llvm.org/D24320
llvm-svn: 280953
r280885 added a testcase for handle_abort, which is broken on macOS, let’s add this support into sanitizer_mac.cc.
Differential Revision: https://reviews.llvm.org/D24344
llvm-svn: 280945
This patch adds a wrapper for call_once, which uses an already-compiled helper __call_once with an atomic release which is invisible to TSan. To avoid false positives, the interceptor performs an explicit atomic release in the callback wrapper.
Differential Revision: https://reviews.llvm.org/D24188
llvm-svn: 280920
Reset the SIGABRT signal handler before calling abort().
Also, change the error message when catching SIGABRT to say "ABRT"
instead of "SEGV".
llvm-svn: 280885
On Linux ARM, the syscall will take 3 arguments (start, end, flags). Ensure
that we do not pass garbage to the flags, which can cause the cacheflush call to
fail, and therefore cause an abort at runtime.
llvm-svn: 280877
Android-specific code in GetCurrentThread() does not handle the situation when there is no
ThreadContext for the current thread. This happens if the current thread is requested before the
main thread is added to the registry. 64-bit allocator does that to record map/unmap stats during
initialization.
llvm-svn: 280876
Normally, syslog() uses argv[0] for the log tag; bionic, however,
would crash in syslog() before libc constructor unless the log
tag is explicitly set with openlog().
llvm-svn: 280875
Summary:
A few small changes required to permit building the sanitizers
with Clang instead of only with MSVC.
Reviewers: compnerd, beanz, rnk
Subscribers: beanz, timurrrr, kubabrecka, dberris, llvm-commits
Differential Revision: https://reviews.llvm.org/D24092
llvm-svn: 280863
Summary:
Make sure that windows libraries contain the suffixes expected by clang.
This is expecially important when compiling the windows builtins with
clang, as cmake will use .a as the suffix by default.
Reviewers: beanz, compnerd
Subscribers: llvm-commits, dberris
Differential Revision: https://reviews.llvm.org/D24046
llvm-svn: 280854
Since r279664 this test causes frequent failures of test runs for ppc64le and
occasional failures for ppc64be which makes buildbot results unreliable. If
the underlying problem is fixed it can be re-enabled.
llvm-svn: 280823
With this patch 10 out of 13 tests are passing.
Following is the list of failing tests:
struct-simple.cpp
workingset-signal-posix.cpp
mmap-shadow-conflict.c
Reviewed by bruening
Differential: D23799
llvm-svn: 280795
When optimizing, GCC optimizes away aggressively unused static globals.
The __asan_before_dynamic_init/__asan_after_dynamic_init calls are placed
in static constructor earlier while the registration of the globals is done
later in the compilation process. If all the globals with
dynamic initialization are optimized away from some particular TU in between
those two, libasan can fail on an assertion that dynamic_init_globals is
empty.
While I'm going to commit a GCC change which will remove the
__asan_before_dynamic_init/__asan_after_dynamic_init in many cases when this
happens (basically if the optimizers can prove there are no memory
references in between the two calls), there are still testcases where such
pair of calls is left, e.g. for
struct S { S () { asm volatile ("" : : : "memory"); } };
static S c;
int
main ()
{
return 0;
}
with -O2 -fsanitize=address and ASAN_OPTIONS=check_initialization_order=true
this still fails the assertion. Trying to avoid this problem on the
compiler side would decrease code quality I'm afraid, whether it is making
sure for -fsanitize=address we keep around at least one dynamically
initialized global if the
__asan_before_dynamic_init/__asan_after_dynamic_init pair has been emitted,
or adding some artificial global which would be used as the condition for
those calls etc.
So, can the assertion be instead just removed, this really shouldn't slow
down the calls measurably (for __asan_before_dynamic_init it is even
cheaper) and the assertion doesn't check something worthwhile anyway (it is
sufficient if there is a single dynamically initialized global in any other
TU to make it happy).
Details in http://gcc.gnu.org/PR77396
Author: Jakub Jelinek
llvm-svn: 280657
Summary:
Only one of the tests in it doesn't work on OS X.
On Windows it seems that everything that is being moved is also
supported.
The abort() test wasn't copied over (original case 22). This is because
it doesn't work on OS X.
Reviewers: kcc, eugenis, vitalybuka
Subscribers: kubabrecka, llvm-commits
llvm-svn: 280469
Etienne Bergeron