cmake/config-ix.cmake: Enabled building of asan for mipsel arch
test/asan/CMakeLists.txt: Enabled testing of asan for mipsel
Patch by Kumar Sukhani
Differential Revision: http://reviews.llvm.org/D5615
llvm-svn: 219496
ASAN, UBSAN and profile tests that don't work with arm-linux-gnueabi and
android also don't work on armv7l-linux-gnueabihf. Some of the tests have
known causes, others not yet. In order to get a green bot, I'm disabling
those tests for now and will investigate when the priority rises.
llvm-svn: 219343
FreeBSD does not have libdl, so set it via lit.cfg instead of the test
input, as with asan. Also remove it from Darwin test runs - it's not
necessary, but harmless there.
Add FreeBSD to the list of hosts to test.
Differential Revision: http://reviews.llvm.org/D5650
llvm-svn: 219227
Summary: Fixed asan-asm-stacktrace-test.cc. Now it's supported on x86_64 and added test run when no debug info is generated.
Differential Revision: http://reviews.llvm.org/D5547
llvm-svn: 219200
There is some strange interaction between mmap limit and unlimited stack
(ulimit -s unlimited), which results in this test failing when run with
"make".
llvm-svn: 218764
This is needed so we can produce -i686- named libraries for
x86 Android (which is i686-linux-android).
An alternative solution would be keeping the "i386" name internally and
tweaking the OUTPUT_NAME of compiler-rt libraries.
llvm-svn: 218761
The optimization for -gmlt/-gline-tables-only introduced in r218129 happened to break on Darwin and produce no line number information due to
an incompatibility with dsymutil. ASan tests have been failing because of that and we disabled the use of -gmlt for the tests in r218545. This patch re-enables the use of -gmlt, because we have conditionally disabled the incompatible optimization in LLVM, so -gmlt now works on Darwin. Once Darwin's dsymutil is modified to allow this optimization, we can re-enable the optimization in LLVM.
llvm-svn: 218716
* Detect Android toolchain target arch and set correct runtime library name.
* Merged a lot of Android and non-Android code paths.
* Android is only supported in standalone build of compiler-rt now.
* Linking lsan-common in ASan-Android (makes lsan annotations work).
* Relying on -fsanitize=address linker flag when building tests (again,
unification with non-Android path).
* Runtime library moved from lib/asan to lib/linux.
llvm-svn: 218605
Reviewed at http://reviews.llvm.org/D4527
Fixed a test case failure on 32-bit Linux, I did right shift on intptr_t, instead it should have been uintptr_t.
llvm-svn: 218538
Changed files:
config-ix.cmake: Enabled UBSan for MIPS32
sanitizer_stacktrace.cc: Program counter for MIPS32 is four byte aligned
and a delay slot so subtracted PC by 8 for getting call site address.
cast-overflow.cpp: Added big endian support for this test case.
Patch by Sagar Thakur.
Differential Revision: http://reviews.llvm.org/D4881
llvm-svn: 218519
Reviewed at http://reviews.llvm.org/D4527
This patch is part of an effort to implement a more generic debugging API, as proposed in http://lists.cs.uiuc.edu/pipermail/llvmdev/2014-July/074656.html, with first part reviewed at http://reviews.llvm.org/D4466. Now adding several new APIs: __asan_report_present, __asan_get_report_{pc,bp,sp,address,type,size,description}, __asan_locate_address. These return whether an asan report happened yet, the PC, BP, SP, address, access type (read/write), access size and bug description (e.g. "heap-use-after-free"), __asan_locate_address takes a pointer and tries to locate it, i.e. say whether it is a heap pointer, a global or a stack, or whether it's a pointer into the shadow memory. If global or stack, tries to also return the variable name, address and size. If heap, tries to return the chunk address and size. Generally these should serve as an alternative to "asan_describe_address", which only returns all the data in text form. Having an API to get these data could allow having debugging scripts/extensions that could show additional information about a variable/expression/pointer. Test cases in test/asan/TestCases/debug_locate.cc and test/asan/TestCasea/debug_report.cc.
llvm-svn: 218481
When dump_instruction_bytes=1 and the instruction pointer doesn't point to the zero page, ASan prints 16 bytes starting at the instruction point.
llvm-svn: 218243
By default summary is not printed if UBSan is run in a standalone mode,
but is printed if it's combined with another sanitizer (like ASan).
llvm-svn: 218135
In debug mode tsan checks that user accesses
access user memory. NULL is not user memory.
So the test fails. Allocate real inaccessible
memory for the test.
llvm-svn: 218069
Summary:
UBSan needs to check if memory snippet it's going to print resides
in addressable memory. Similar check might be helpful in ASan with
dump_instruction_bytes option (see http://reviews.llvm.org/D5167).
Instead of scanning /proc/self/maps manually, delegate this check to
the OS kernel: try to write this memory in a syscall and assume that
memory is inaccessible if the syscall failed (e.g. with EFAULT).
Fixes PR20721.
Test Plan: compiler-rt test suite
Reviewers: eugenis, glider
Reviewed By: glider
Subscribers: emaste, ygribov, llvm-commits, glider, rsmith
Differential Revision: http://reviews.llvm.org/D5253
llvm-svn: 217971
I don't remember that crash on mmap in internal allocator
ever yielded anything useful, only crashes in rare wierd untested situations.
One of the reasons for crash was to catch if tsan starts allocating
clocks using mmap. Tsan does not allocate clocks using internal_alloc anymore.
Solve it once and for all by allowing mmaps.
llvm-svn: 217929
This change replaces an in-test timeout with an unconditional blocking wait.
It speeds up normal execution significantly at the cost of hanging up indefinitely
in case of a failure. This is a very specific regression test and we don't
expect any failures in the future.
Another approach ould be increasing the timeout to ~8 seconds, which seems too
much for a lit test.
llvm-svn: 217870
This test has a chance to hit some other random allocation
and get neither heap overflow nor SEGV.
Relax test condition to only check that there is no internal CHECK failure.
llvm-svn: 217769
Summary:
This patch implements a new UBSan check, which verifies
that function arguments declared to be nonnull with __attribute__((nonnull))
are actually nonnull in runtime.
To implement this check, we pass FunctionDecl to CodeGenFunction::EmitCallArgs
(where applicable) and if function declaration has nonnull attribute specified
for a certain formal parameter, we compare the corresponding RValue to null as
soon as it's calculated.
Test Plan: regression test suite
Reviewers: rsmith
Reviewed By: rsmith
Subscribers: cfe-commits, rnk
Differential Revision: http://reviews.llvm.org/D5082
llvm-svn: 217389
We are interested in verifying that -gline-tables-only provides enough
debug information for verbose error reports and symbolized stack traces.
llvm-svn: 217284
The naming scheme we're using for counters in profile data shares a
prefix with some fixed names we use for the runtime, notably
__llvm_profile_data_begin and _end. Embarrassingly, this means a
function called begin() can't be instrumented.
This modifies the runtime names so as not to collide with the
instrumentation.
llvm-svn: 217166
Chained origins make plain memory stores async-signal-unsafe.
We already disable it inside signal handlers.
This change grabs all origin-related locks before fork() and releases
them after fork() to avoid a deadlock in the child process.
llvm-svn: 217140
another sanitizer.
A user may run both LSan and LSan+ASan. It is weird to pass path to leak
suppression file (or other common sanitizer flags, like "verbosity") in
"LSAN_OPTIONS" in the first case and in "ASAN_OPTIONS" in the second case.
llvm-svn: 215949
Summary:
This patch adds a runtime check verifying that functions
annotated with "returns_nonnull" attribute do in fact return nonnull pointers.
It is based on suggestion by Jakub Jelinek:
http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20140623/223693.html.
Test Plan: regression test suite
Reviewers: rsmith
Reviewed By: rsmith
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D4849
llvm-svn: 215485
a given platform in a top-level CMakeLists.txt to use it both
in lib/ and in test/ subdirectories. Move architecture/platform
checks to config-ix.
llvm-svn: 215247
Vector clocks is the most actively allocated object in tsan runtime.
Current internal allocator is not scalable enough to handle allocation
of clocks in scalable way (too small caches). This changes transforms
clocks to 2-level array with 512-byte blocks. Since all blocks are of
the same size, it's possible to cache them more efficiently in per-thread caches.
llvm-svn: 214912
Summary:
This is required for linking DLLs with large functions exceeding
san-instrumentation-with-call-threshold. One such function is
vp9_fdct16x16_sse2 in libvpx.
Reviewers: timurrrr
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D4758
llvm-svn: 214532
This change introduces the first UBSan-specific runtime flag: print_stacktrace
(off by default). It can be set in UBSAN_OPTIONS to unwind and print call stacks
in addition to diagnostic messages. For now these stacks are printed only
in vptr checker.
This change is based on http://reviews.llvm.org/D4410 by Byoungyoung Lee!
llvm-svn: 213783
If UBSan is run in a standalone mode (w/o any other sanitizer), it
still uses functions from sanitizer_common, some of which depend on
the value of runtime flags. Allow to override the default values of these
flags with UBSAN_OPTIONS variable. In particular, UBSAN_OPTIONS=symbolize=0
can be used to turn off online symbolization.
llvm-svn: 213782
This was done by calling __cxa_demangle directly, which is bad
when c++abi library is instrumented. The following line always
contains the demangled name (when running with a symbolizer) anyway.
llvm-svn: 212929
Currently ASan instrumentation pass creates a string with global name
for each instrumented global (to include global names in the error report). Global
name is already mangled at this point, and we may not be able to demangle it
at runtime (e.g. there is no __cxa_demangle on Android).
Instead, create a string with fully qualified global name in Clang, and pass it
to ASan instrumentation pass in llvm.asan.globals metadata. If there is no metadata
for some global, ASan will use the original algorithm.
This fixes https://code.google.com/p/address-sanitizer/issues/detail?id=264.
llvm-svn: 212872
This is a minor fix to two tsan tests that were expecting the wrong
column information. Now that clang emits column information by default
in its debugging output, the tests had started failing.
llvm-svn: 212779
The tsan's deadlock detector has been used in Chromium for a while;
it found a few real bugs and reported no false positives.
So, it's time to give it a bit more exposure.
llvm-svn: 212533
Introduce new public header <sanitizer/allocator_interface.h> and a set
of functions __sanitizer_get_ownership(), __sanitizer_malloc_hook() etc.
that will eventually replace their tool-specific equivalents
(__asan_get_ownership(), __msan_get_ownership() etc.). Tool-specific
functions are now deprecated and implemented as stubs redirecting
to __sanitizer_ versions (which are implemented differently in each tool).
Replace all uses of __xsan_ versions with __sanitizer_ versions in unit
and lit tests.
llvm-svn: 212469
With this change all values passed through blacklisted functions
become fully initialized. Previous behavior was to initialize all
loads in blacklisted functions, but apply normal shadow propagation
logic for all other operation.
This makes blacklist applicable in a wider range of situations.
It also makes code for blacklisted functions a lot shorter, which
works as yet another workaround for PR17409.
llvm-svn: 212268
With this change all values passed through blacklisted functions
become fully initialized. Previous behavior was to initialize all
loads in blacklisted functions, but apply normal shadow propagation
logic for all other operation.
This makes blacklist applicable in a wider range of situations.
It also makes code for blacklisted functions a lot shorter, which
works as yet another workaround for PR17409.
llvm-svn: 212265
See https://code.google.com/p/address-sanitizer/issues/detail?id=299 for the
original feature request.
Introduce llvm.asan.globals metadata, which Clang (or any other frontend)
may use to report extra information about global variables to ASan
instrumentation pass in the backend. This metadata replaces
llvm.asan.dynamically_initialized_globals that was used to detect init-order
bugs. llvm.asan.globals contains the following data for each global:
1) source location (file/line/column info);
2) whether it is dynamically initialized;
3) whether it is blacklisted (shouldn't be instrumented).
Source location data is then emitted in the binary and can be picked up
by ASan runtime in case it needs to print error report involving some global.
For example:
0x... is located 4 bytes to the right of global variable 'C::array' defined in '/path/to/file:17:8' (0x...) of size 40
These source locations are printed even if the binary doesn't have any
debug info.
This is an ABI-breaking change. ASan initialization is renamed to
__asan_init_v4(). Pre-built libraries compiled with older Clang will not work
with the fresh runtime.
llvm-svn: 212188
Origin history should only be recorded for uninitialized values, because it is
meaningless otherwise. This change moves __msan_chain_origin to the runtime
library side and makes it conditional on the corresponding shadow value.
Previous code was correct, but _very_ inefficient.
llvm-svn: 211700
Summary: The patch supports both the clang cross-compiler and native compiler
Patch by Kumar Sukhani <Kumar.Sukhani@imgtec.com>
Test Plan:
Kumar had the following asan test results when compiled on a MIPS board:
Expected Passes : 96
Expected Failures : 2
Unsupported Tests : 84
Unexpected Passes : 4
Unexpected Failures: 19
The list of unexpected failures can be found in the review.
Reviewers: kcc, petarj, dsanders
Reviewed By: kcc
Subscribers: farazs, kcc, llvm-commits
Differential Revision: http://reviews.llvm.org/D4208
llvm-svn: 211587
Add a test for the frexp() interceptor.
Annotate the interceptors that may potentially corrupt stack IDs of freed buffers with FIXME comments.
llvm-svn: 211153
Multiplication by an integer with a number of trailing zero bits leaves
the same number of lower bits of the result initialized to zero.
This change makes MSan take this into account in the case of multiplication by
a compile-time constant.
We don't handle the general, non-constant, case because
(a) it's not going to be cheap (computation-wise);
(b) multiplication by a partially uninitialized value in user code is
a bad idea anyway.
Constant case must be handled because it appears from LLVM optimization of a
completely valid user code, as the test case in compiler-rt demonstrates.
llvm-svn: 211092
Init-order and use-after-return modes can currently be enabled
by runtime flags. use-after-scope mode is not really working at the
moment.
The only problem I see is that users won't be able to disable extra
instrumentation for init-order and use-after-scope by a top-level Clang flag.
But this instrumentation was implicitly enabled for quite a while and
we didn't hear from users hurt by it.
llvm-svn: 210924
Clang's lit cfg already detects the currently selected SDK via
"xcrun --show-sdk-path". The same thing should be done for compiler-rt tests,
to make them work on recent OS X versions. Instead of duplicating the detection
code, this patch extracts the detection function into a lit.util method.
Patch by Kuba Brecka (kuba.brecka@gmail.com),
reviewed at http://reviews.llvm.org/D4072
llvm-svn: 210534
Instructions from __nodebug__ functions don't have file:line
information even when inlined into no-nodebug functions. As a result,
intrinsics (SSE and other) from <*intrin.h> clang headers _never_
have file:line information.
With this change, an instruction without !dbg metadata gets one from
the call instruction when inlined.
Fixes PR19001.
llvm-svn: 210459
This sound like a good idea in general.
Also, without this on Android we get add_lit_testsuite() with empty DEPENDS
list, and it does not work well.
llvm-svn: 210257
Reset coverage data on fork().
For memory-mapped mode (coverage_direct=1) this helps avoid loss of data
(before this change two processes would write to the same file simultaneously).
For normal mode, this reduces coverage dump size, because PCs from the parent
process are no longer inherited by the child.
llvm-svn: 210180
Add a script that is used to deflake inherently flaky tsan tests.
It is invoked from lit tests as:
%deflake %run %t
The script runs the target program up to 10 times,
until it produces a tsan warning.
llvm-svn: 209898
You can expect the sanitizers to be built under any of the following conditions:
1) CMAKE_C_COMPILER is GCC built to cross-compile to ARM
2) CMAKE_C_COMPILER is Clang built to cross-compile to ARM (ARM is default target)
3) CMAKE_C_COMPILER is Clang and CMAKE_C_FLAGS contains -target and --sysroot
Differential Revision: http://reviews.llvm.org/D3794
llvm-svn: 209835
The new storage (MetaMap) is based on direct shadow (instead of a hashmap + per-block lists).
This solves a number of problems:
- eliminates quadratic behaviour in SyncTab::GetAndLock (https://code.google.com/p/thread-sanitizer/issues/detail?id=26)
- eliminates contention in SyncTab
- eliminates contention in internal allocator during allocation of sync objects
- removes a bunch of ad-hoc code in java interface
- reduces java shadow from 2x to 1/2x
- allows to memorize heap block meta info for Java and Go
- allows to cleanup sync object meta info for Go
- which in turn enabled deadlock detector for Go
llvm-svn: 209810
This way does not require a __sanitizer_cov_dump() call. That's
important on Android, where apps can be killed at arbitrary time.
We write raw PCs to disk instead of module offsets; we also write
memory layout to a separate file. This increases dump size by the
factor of 2 on 64-bit systems.
llvm-svn: 209653
Alexey Samsonov