We used to initialize symbolizer lazily, but this doesn't work in
various sandboxed environments. Instead, let's be consistent with
the rest of sanitizers.
llvm-svn: 214006
Get rid of Symbolizer::Init(path_to_external) in favor of
thread-safe Symbolizer::GetOrInit(), and use the latter version
everywhere. Implicitly depend on the value of external_symbolizer_path
runtime flag instead of passing it around manually.
No functionality change.
llvm-svn: 214005
Specifically, use .preinit_array initialization on Linux and dynamic global
initializer on another platforms. Historically UBSan didn't have any
initialization code and its runtime was stateless. This is no longer the
case - UBSan relies on some non-trivial functionality from sanitizer_common
(e.g. online symbolization) and is now configurable by runtime flags.
Additionally, we've dropped support for enabling UBSan only for a few shared
objects, so UBSan is now always linked into the main executable, so now
we can use similar initialization as all the rest sanitizers.
llvm-svn: 213983
Get rid of ASAN_USE_PREINIT_ARRAY and LSAN_USE_PREINIT_ARRAY - just always
use .preinit_array if it's available. This mode seems stable enough, and
we've been relying on default values of these macro for a long time.
llvm-svn: 213980
It is currently broken because it reads a wrong value from profile (heap instead of total).
Also make it faster by reading /proc/self/statm. Reading of /proc/self/smaps
can consume more than 50% of time on beefy apps if done every 100ms.
llvm-svn: 213942
This change introduces the first UBSan-specific runtime flag: print_stacktrace
(off by default). It can be set in UBSAN_OPTIONS to unwind and print call stacks
in addition to diagnostic messages. For now these stacks are printed only
in vptr checker.
This change is based on http://reviews.llvm.org/D4410 by Byoungyoung Lee!
llvm-svn: 213783
If UBSan is run in a standalone mode (w/o any other sanitizer), it
still uses functions from sanitizer_common, some of which depend on
the value of runtime flags. Allow to override the default values of these
flags with UBSAN_OPTIONS variable. In particular, UBSAN_OPTIONS=symbolize=0
can be used to turn off online symbolization.
llvm-svn: 213782
Convert the CBNZ backward branch instruction to CMP and BNE
avoiding illegal backwards branch and making the assembly code
in synh-ops.h to be UAL compliant.
Patch by: Sumanth Gundapaneni
llvm-svn: 213685
The CMake assembler build system ignores the .S assembly files in builtins
library build. This patch fixes the issue.
Patch by: Sumanth Gundapaneni
llvm-svn: 213684
For ARM cores that are ARMv6T2+ but not ARMv7ve or ARMv7-r and not an updated
ARMv7-a that has the idiv extension (chips with clz but not idiv), an incorrect
jump would be calculated due to the preference to thumb instructions over ARM.
Rather than computing the target at runtime, use a jumptable instead. This
trades a bit of storage for performance. The overhead is 32-bytes for each of
the three routines, but avoid the calculation of the offset.
Because clz was introduced in ARMv6T2 and idiv in certain versions of ARMv7,
the non-clz, non-idiv case implies a target which does not support Thumb-2, and
thus we cannot use Thumb on those targets (as it is unlikely that the assembly
will assemble).
Take the opportunity to refactor the IT block macros into assembly.h rather than
redefining them in the TUs where they are used.
Existing tests cover the full change already, so no new tests are added.
This effectively reverts SVN r213309.
llvm-svn: 213467
The udivmodsi4/modsi3/umodsi3 code computes jump targets based on ARM encodings
(if CLZ is present and IDIV is not present).
Reverts parts of r211032 and r211035.
llvm-svn: 213309
Format of __libc_malloc_dispatch has changed in Android L.
While we are moving towards a solution that does not depend on bionic
internals, here is something to support both K* and L releases.
llvm-svn: 213263
This was done by calling __cxa_demangle directly, which is bad
when c++abi library is instrumented. The following line always
contains the demangled name (when running with a symbolizer) anyway.
llvm-svn: 212929
This fixes '___asan_init_v4 already defined' errors when linking some of Chromium DLLs.
Looks like one of the DLL is using a .lib produced while linking another DLL and it exploded after r212699.
I'm trying to come up with a small testcase...
llvm-svn: 212815
Our versions are not exactly as fast as libc's, and
MSan uses them heavily (even compared to other sanitizers).
This will break if libc version of mem* are instrumented,
but they never are, and if they are, we should be able
to fix it on libc side.
llvm-svn: 212799
Without some mention of armv6m in a subdirectory of builtins, the make code
doesn't even know that armv6m exists and is something it should be looking for
in the platform-specific Makefiles. This means that none of the functions
listed actually get built and we end up with an almost entirely empty
libclang_rt.a for armv6m.
Unfortunately, the assembly code in the usual arm directory has no hope of
running on armv6m, which only supports Thumb-1 (not even ARM mode), so adding
it there won't work. Realistically, we probably *will* want to put any
optimised versions in a separate directory, so creating it now is harmless.
rdar://problem/17613576
llvm-svn: 212696
Otherwise, it can be accidentally redefined when we build specific sanitizer
runtime. This definition should be provided only once - when we build
sanitizer_common library.
llvm-svn: 212663
The tsan's deadlock detector has been used in Chromium for a while;
it found a few real bugs and reported no false positives.
So, it's time to give it a bit more exposure.
llvm-svn: 212533
The bug happens in the following case:
Mutex is located at heap block beginning,
when we call MutexDestroy, s->next is set to 0,
so free can't find the MBlock related to the block.
llvm-svn: 212531
Introduce new public header <sanitizer/allocator_interface.h> and a set
of functions __sanitizer_get_ownership(), __sanitizer_malloc_hook() etc.
that will eventually replace their tool-specific equivalents
(__asan_get_ownership(), __msan_get_ownership() etc.). Tool-specific
functions are now deprecated and implemented as stubs redirecting
to __sanitizer_ versions (which are implemented differently in each tool).
Replace all uses of __xsan_ versions with __sanitizer_ versions in unit
and lit tests.
llvm-svn: 212469
Large part of this change is required due to
https://code.google.com/p/android/issues/detail?id=61799
dlsym() crashes when symbol resolution fails, which means
we have to limit the interceptor list instead of relying on
runtime detection.
There are minor differencies in system headers, too.
llvm-svn: 212273
See https://code.google.com/p/address-sanitizer/issues/detail?id=299 for the
original feature request.
Introduce llvm.asan.globals metadata, which Clang (or any other frontend)
may use to report extra information about global variables to ASan
instrumentation pass in the backend. This metadata replaces
llvm.asan.dynamically_initialized_globals that was used to detect init-order
bugs. llvm.asan.globals contains the following data for each global:
1) source location (file/line/column info);
2) whether it is dynamically initialized;
3) whether it is blacklisted (shouldn't be instrumented).
Source location data is then emitted in the binary and can be picked up
by ASan runtime in case it needs to print error report involving some global.
For example:
0x... is located 4 bytes to the right of global variable 'C::array' defined in '/path/to/file:17:8' (0x...) of size 40
These source locations are printed even if the binary doesn't have any
debug info.
This is an ABI-breaking change. ASan initialization is renamed to
__asan_init_v4(). Pre-built libraries compiled with older Clang will not work
with the fresh runtime.
llvm-svn: 212188
The former used to crash with a null deref if it was given a not owned pointer,
while the latter returned 0. Now they both return 0. This is still not the best possible
behavior: it is better to print an error report with a stack trace, pointing
to the error in user code, as we do in ASan.
llvm-svn: 212112
Origin history should only be recorded for uninitialized values, because it is
meaningless otherwise. This change moves __msan_chain_origin to the runtime
library side and makes it conditional on the corresponding shadow value.
Previous code was correct, but _very_ inefficient.
llvm-svn: 211700
Summary: The patch supports both the clang cross-compiler and native compiler
Patch by Kumar Sukhani <Kumar.Sukhani@imgtec.com>
Test Plan:
Kumar had the following asan test results when compiled on a MIPS board:
Expected Passes : 96
Expected Failures : 2
Unsupported Tests : 84
Unexpected Passes : 4
Unexpected Failures: 19
The list of unexpected failures can be found in the review.
Reviewers: kcc, petarj, dsanders
Reviewed By: kcc
Subscribers: farazs, kcc, llvm-commits
Differential Revision: http://reviews.llvm.org/D4208
llvm-svn: 211587
Storage Class 3 is static storage. These symbols need to be marked as external
(storage class 2) so that they can be referenced. Note that this external is
not the same as ELF "external" visibility, which is indicated by DLL Storage
Class (i.e. __declspec(dllexport) or __declspec(dllimport)).
llvm-svn: 211428
Add a test for the frexp() interceptor.
Annotate the interceptors that may potentially corrupt stack IDs of freed buffers with FIXME comments.
llvm-svn: 211153
When possible, use Thumb or Thumb-2 over ARM instructions. This is particularly
important for pure-Thumb environments (e.g. Windows on ARM). Although, it is
possible to conditionalise this for that target specifically, this is available
on most newer ARM CPUs, and the code remains compatible with older CPUs with no
adverse effects. It therefore feels better to always prefer Thumb when
possible.
llvm-svn: 211032
Use caller pc of __sanitizer_cov_module_init to figure out
when 2 sequential calls are from the same module; skip
.sancov.map file update in this case.
llvm-svn: 210267
Reset coverage data on fork().
For memory-mapped mode (coverage_direct=1) this helps avoid loss of data
(before this change two processes would write to the same file simultaneously).
For normal mode, this reduces coverage dump size, because PCs from the parent
process are no longer inherited by the child.
llvm-svn: 210180
Place constants into .rdata if targeting ELF or COFF/PE. This should be
functionally identical, however, the data would be placed into a different
section. This is purely a cleanup change.
llvm-svn: 209986
Make the whitespace a bit more uniform in the various assembly routines. This
also makes the assembly files a bit more uniform on the ARM side by explicitly
stating that it is using the unified syntax and that the contents of the code is
in the text section (or segment). No functional change.
llvm-svn: 209985
The optimization is two-fold:
First, the algorithm now uses SSE instructions to
handle all 4 shadow slots at once. This makes processing
faster.
Second, if shadow contains the same access, we do not
store the event into trace. This increases effective
trace size, that is, tsan can remember up to 10x more
previous memory accesses.
Perofrmance impact:
Before:
[ OK ] DISABLED_BENCH.Mop8Read (2461 ms)
[ OK ] DISABLED_BENCH.Mop8Write (1836 ms)
After:
[ OK ] DISABLED_BENCH.Mop8Read (1204 ms)
[ OK ] DISABLED_BENCH.Mop8Write (976 ms)
But this measures only fast-path.
On large real applications the speedup is ~20%.
Trace size impact:
On app1:
Memory accesses : 1163265870
Including same : 791312905 (68%)
on app2:
Memory accesses : 166875345
Including same : 150449689 (90%)
90% of filtered events means that trace size is effectively 10x larger.
llvm-svn: 209897
You can expect the sanitizers to be built under any of the following conditions:
1) CMAKE_C_COMPILER is GCC built to cross-compile to ARM
2) CMAKE_C_COMPILER is Clang built to cross-compile to ARM (ARM is default target)
3) CMAKE_C_COMPILER is Clang and CMAKE_C_FLAGS contains -target and --sysroot
Differential Revision: http://reviews.llvm.org/D3794
llvm-svn: 209835
The new storage (MetaMap) is based on direct shadow (instead of a hashmap + per-block lists).
This solves a number of problems:
- eliminates quadratic behaviour in SyncTab::GetAndLock (https://code.google.com/p/thread-sanitizer/issues/detail?id=26)
- eliminates contention in SyncTab
- eliminates contention in internal allocator during allocation of sync objects
- removes a bunch of ad-hoc code in java interface
- reduces java shadow from 2x to 1/2x
- allows to memorize heap block meta info for Java and Go
- allows to cleanup sync object meta info for Go
- which in turn enabled deadlock detector for Go
llvm-svn: 209810
The refactoring makes suppressions more flexible
and allow to suppress based on arbitrary number of stacks.
In particular it fixes:
https://code.google.com/p/thread-sanitizer/issues/detail?id=64
"Make it possible to suppress deadlock reports by any stack (not just first)"
llvm-svn: 209757
This way does not require a __sanitizer_cov_dump() call. That's
important on Android, where apps can be killed at arbitrary time.
We write raw PCs to disk instead of module offsets; we also write
memory layout to a separate file. This increases dump size by the
factor of 2 on 64-bit systems.
llvm-svn: 209653
Call it "libclang_rt.builtins-<arch>.a" to be consistent
with sanitizers/profile libraries naming. Modify Makefile
and CMake build systems and Clang driver accordingly.
Fixes PR19822.
llvm-svn: 209473
Generalize StackDepot and create a new specialized instance of it to
efficiently (i.e. without duplicating stack trace data) store the
origin history tree.
This reduces memory usage for chained origins roughly by an order of
magnitude.
Most importantly, this new design allows us to put two limits on
stored history data (exposed in MSAN_OPTIONS) that help avoid
exponential growth in used memory on certain workloads.
See comments in lib/msan/msan_origin.h for more details.
llvm-svn: 209284
This change also enables asm instrumentation in asan tests that was
accidentally disabled yearlier, and adds a sanity test for that.
Patch by Yuri Gorshenin.
llvm-svn: 209282
For Linux/x86-64, pointers passed to internal_syscall should be casted
to uptr first. Otherwise, they won't be properly extended to 64-bit for
x32.
Patch by H.J. Lu
llvm-svn: 209278
Summary:
Sandboxed code may now pass additional arguments to
__sanitizer_sandbox_on_notify() to force all coverage data to be dumped to a
single file (the default is one file per module). The user may supply a file or
socket to write to. The latter option can be used to broker out the file writing
functionality. If -1 is passed, we pre-open a file.
llvm-svn: 209121
Extend the function definition macros further to support COFF object emission.
The function definition in COFF includes the type and storage class in the
symbol definition context. This is needed to make the assembly routines
possible to be built for COFF environments (i.e. Windows).
llvm-svn: 209095
Rename the HIDDEN_DIRECTIVE macro to HIDDEN and give it a parameter providing
the name of the symbol to be given hidden visibility. This makes the macros
more amenable to COFF.
llvm-svn: 209094
Shared objects are hard. After this commit, we do the right thing when
profiling two separate shared objects that have been dlopen'd with
`RTLD_LOCAL`, when the main executable is *not* being profiled.
This mainly simplifies the writer logic.
- At initialization, determine the output filename and truncate the
file. Depending on whether shared objects can see each other, this
may happen multiple times.
- At exit, each executable writes its own profile in append mode.
<rdar://problem/16918688>
llvm-svn: 209053
These tests were XPASS-ing on Linux bots creating Mach-O, which makes
sense, since the real difference is the object format.
I'm hoping a short-term fix to get these tests passing on ELF is to
create two copies of the runtime -- one built with -fPIC, and one
without. A follow-up patch will change clang's driver to pick between
them depending on whether `-shared` is specified.
llvm-svn: 208947
Change the API of the instrumented profiling library to work with shared
objects.
- Most things are now declared hidden, so that each executable gets
its own copy.
- Initialization hooks up a linked list of writers.
- The raw format with shared objects that are profiled consists of a
concatenated series of profiles. llvm-profdata knows how to deal
with that since r208938.
<rdar://problem/16918688>
llvm-svn: 208940
User-visible instances of xdr_ops always seem to be allocated statically, and
don't need unpoisoning. Also, it's size differs between platforms.
llvm-svn: 208851
TSan can produce false positives in code that uses C++11 threading,
as it doesn't see synchronization inside standard library. See
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2014-February/035408.html
for an example of such case.
We may build custom TSan-instrumented version libcxx to fight with that.
This change adds build rules for libcxx_tsan and integrates it into
testing infrastructure.
llvm-svn: 208737
Move fflush and fclose interceptors to sanitizer_common.
Use a metadata map to keep information about the external locations
that must be updated when the file is written to.
llvm-svn: 208676
asan_cxx containts replacements for new/delete operators, and should
only be linked in C++ mode. We plan to start building this part
with exception support to make new more standard-compliant.
See https://code.google.com/p/address-sanitizer/issues/detail?id=295
for more details.
llvm-svn: 208609
Add (missing) definition of COMPILER_RT_EXPORT which is meant to be used for
decorating functions that are meant to be exported. This is useful for
platforms where exports and imports must be decorated explicitly (i.e. Windows).
llvm-svn: 208593
Use COMPILER_RT_EXPORT rather than COMPILER_RT_ABI for this function. Adding an
explicit PCS standard to the function causes a mismatch between the
declarations. Furthermore, the function is implemented in C, and should take
the CC based on the target triple.
llvm-svn: 208591
The .align statements in ARM assembly routines is actually meant to be a power
of 2 alignment (e.g. .align 2 == 4 byte alignment, not 2). Switch to using
.p2align. .p2align is guaranteed to be a power-of-two alignment always and much
more explicit.
The .align in the case of x86_64 is byte alignment, use .balign instead of
.align.
llvm-svn: 208578
r201909, which introduced CRT_HAS_128BIT, unintentionally broke self-hosting on
PPC32. We used to define CRT_HAS_128BIT only on LP64 systems, but this is not
quite right (at least for Clang-compiled code). Even though __int128 is not
supported on PPC32, SROA can (and does) still form i128 variables at the IR
level, and operations on those variables may turn into the associated runtime
calls. As a result, we still need to compile __ashlti3, __ashrti3, __lshrti3,
and perhaps others, on PPC32.
llvm-svn: 208560
This change lets MSan rely on libcxx's own build system instead of manually
compiling its sources and setting up all the necessary compile flags. It would
also simplify compiling libcxx with another sanitizers (in particular, TSan).
The tricky part is to make sure libcxx is reconfigured/rebuilt when Clang or
MSan runtime library is changed. "clobber" step used in this patch works well
for me, but it's possible it would break for other configurations - will
watch the buildbots.
llvm-svn: 208451
This happens, e.g., when coverage data is collected for a module which is then
dlclose()'d. Currently this causes CovDump() to ignore all PCs that are greater
than the unrecognized PC. In other words, unloading a module causes ASan to
silently ignore any coverage data for modules loaded at higher addresses.
Instead we should just skip the unrecognized PCs.
llvm-svn: 208333
Alexey Samsonov