Commit Graph

8059 Commits

Author SHA1 Message Date
Marco Castelluccio e21cfa7e7f Fix reading 32 bit gcov tag values on little-endian machines
Summary:
The write buffer contains signed chars, which means the shift operations caused values such as the arc tag value (0x01a10000) to be read incorrectly (0xffa10000).

This fixes a regression from https://reviews.llvm.org/D49132.

Reviewers: uweigand, davidxl

Reviewed By: uweigand

Subscribers: llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D49161

llvm-svn: 336775
2018-07-11 09:30:25 +00:00
Dean Michael Berris 8299e4b8db [XRay] basic mode PID and TID always fetch
Summary: XRayRecords now includes a PID field. Basic handlers fetch pid and tid each time they are called instead of caching the value. Added a testcase that calls fork and checks if the child TID is different from the parent TID to verify that the processes' TID are different in the trace.

Reviewers: dberris, Maknee

Reviewed By: dberris, Maknee

Subscribers: kpw, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D49025

llvm-svn: 336769
2018-07-11 07:14:27 +00:00
Matt Morehouse 0e904e8806 Revert "[Fuzzer] Afl driver changing iterations handling"
This reverts rL334510 due to breakage of afl_driver's command line
interface.

Patch By: Jonathan Metzman

Differential Revision: https://reviews.llvm.org/D49141

llvm-svn: 336719
2018-07-10 19:58:42 +00:00
Ulrich Weigand dd4d2ac607 [gcov] Fix fallout from r336693
Fix building GCDAProfiling.c with pre-C99 compilers.
This caused a build bot failure.

llvm-svn: 336706
2018-07-10 17:08:05 +00:00
Dan Liew 9f6302e950 Try to fix broken build due to r336663.
It turns out that the `${XRAY_HEADERS}` CMake variable was already
in use and was used for public headers. It seems that
`lib/xray/tests/CMakeLists.txt` was depending on this.

To fix rename the new `${XRAY_HEADERS}` to `${XRAY_IMPL_HEADERS}`.

llvm-svn: 336699
2018-07-10 16:22:05 +00:00
Ulrich Weigand e508cd2a04 [gcov] Fix gcov profiling on big-endian machines
Two fixes required to handle big-endian systems:

- 64-bit counter values are stored in a mixed-endian format in the
gcov files: a 32-bit low-part followed by a 32-bit high part. Note that
this is already implemented correctly on the LLVM side, see
GCOVBuffer::readInt64.

- The tag values (e.g. arcs tag, object summary tag, ...) are aways
written as the same sequence of bytes independent of byte order. But
when *reading* them back in, the code reads them as 32-bit values in
host byte order. For the comparisons to work correctly, this should
instead always read them as little-endian values.

Fixes PR 38121.

Reviewed By: marco-c

Differential Revision: https://reviews.llvm.org/D49132

llvm-svn: 336693
2018-07-10 16:08:27 +00:00
Marco Castelluccio 2827420aab Reapply "Make __gcov_flush flush counters for all shared libraries"
This reapplies r336365, after marking tests as failing on various
configurations.

llvm-svn: 336678
2018-07-10 14:12:03 +00:00
Dan Liew b1f95697c1 [CMake] Add compiler-rt header files to the list of sources for targets
when building with an IDE so that header files show up in the UI.
This massively improves the development workflow in IDEs.

To implement this a new function `compiler_rt_process_sources(...)` has
been added that adds header files to the list of sources when the
generator is an IDE. For non-IDE generators (e.g. Ninja/Makefile) no
changes are made to the list of source files.

The function can be passed a list of headers via the
`ADDITIONAL_HEADERS` argument. For each runtime library a list of
explicit header files has been added and passed via
`ADDITIONAL_HEADERS`. For `tsan` and `sanitizer_common` a list of
headers was already present but it was stale and has been updated
to reflect the current state of the source tree.

The original version of this patch used file globbing (`*.{h,inc,def}`)
to find the headers but the approach was changed due to this being a
CMake anti-pattern (if the list of headers changes CMake won't
automatically re-generate if globbing is used).

The LLVM repo contains a similar function named `llvm_process_sources()`
but we don't use it here for several reasons:

* It depends on the `LLVM_ENABLE_OPTION` cache variable which is
  not set in standalone compiler-rt builds.
* We would have to `include(LLVMProcessSources)` which I'd like to
  avoid because it would include a bunch of stuff we don't need.

Differential Revision: https://reviews.llvm.org/D48422

llvm-svn: 336663
2018-07-10 13:00:17 +00:00
Dean Michael Berris b251f62428 [XRay][compiler-rt] Fixup build breakage
Changes:

- Remove static assertion on size of a structure, fails on systems where
  pointers aren't 8 bytes.

- Use size_t instead of deducing type of arguments to
  `nearest_boundary`.

Follow-up to D48653.

llvm-svn: 336648
2018-07-10 08:58:12 +00:00
Dean Michael Berris 0dd4f9f22f [XRay][compiler-rt] xray::Array Freelist and Iterator Updates
Summary:
We found a bug while working on a benchmark for the profiling mode which
manifests as a segmentation fault in the profiling handler's
implementation. This change adds unit tests which replicate the
issues in isolation.

We've tracked this down as a bug in the implementation of the Freelist
in the `xray::Array` type. This happens when we trim the array by a
number of elements, where we've been incorrectly assigning pointers for
the links in the freelist of chunk nodes. We've taken the chance to add
more debug-only assertions to the code path and allow us to verify these
assumptions in debug builds.

In the process, we also took the opportunity to use iterators to
implement both `front()` and `back()` which exposes a bug in the
iterator decrement operation.  In particular, when we decrement past a
chunk size boundary, we end up moving too far back and reaching the
`SentinelChunk` prematurely.

This change unblocks us to allow for contributing the non-crashing
version of the benchmarks in the test-suite as well.

Reviewers: kpw

Subscribers: mgorny, llvm-commits

Differential Revision: https://reviews.llvm.org/D48653

llvm-svn: 336644
2018-07-10 08:25:44 +00:00
Matt Morehouse a34c65e845 [libFuzzer] Make -fsanitize=memory,fuzzer work.
This patch allows libFuzzer to fuzz applications instrumented with MSan
without recompiling libFuzzer with MSan instrumentation.

Fixes https://github.com/google/sanitizers/issues/958.

Differential Revision: https://reviews.llvm.org/D48891

llvm-svn: 336619
2018-07-09 23:51:08 +00:00
Matt Morehouse a5bb6d53f2 Revert "[libFuzzer] Mutation tracking and logging implemented"
This reverts r336597 due to bot breakage.

llvm-svn: 336616
2018-07-09 22:31:26 +00:00
Matt Morehouse d153d46884 [libFuzzer] Mutation tracking and logging implemented
Code now exists to track number of mutations that are used in fuzzing in
total and ones that produce new coverage. The stats are currently being
dumped to the command line.

Patch By: Kode Williams

Differntial Revision: https://reviews.llvm.org/D48054

llvm-svn: 336597
2018-07-09 20:17:52 +00:00
Alex Shlyapnikov 63af91574f [ASan] Minor ASan error reporting cleanup
Summary:
- use proper Error() decorator for error messages
- refactor ASan thread id and name reporting

Reviewers: eugenis

Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D49044

llvm-svn: 336573
2018-07-09 17:54:55 +00:00
Michael Zolotukhin 9664ca9dce Revert "Make __gcov_flush flush counters for all shared libraries"
This reverts r336365: the added tests are failing on various
configurations (e.g. on green-dragon).

llvm-svn: 336474
2018-07-07 00:07:00 +00:00
Kostya Serebryany 2bd02db943 libFuzzer: always print line-break for NEW_FUNC/PC output
Summary: This is a minor cosmetic change. When function/path exceed ~1000 characters, the output is truncated before the line-break. I noticed this for NEW_FUNC.

Reviewers: kcc

Reviewed By: kcc

Subscribers: llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D48799

llvm-svn: 336461
2018-07-06 19:47:00 +00:00
Matt Morehouse 373d6ed7cf [MSan] Add functions to enable/disable interceptor checks.
Summary:
The motivation for this change is to make libFuzzer+MSan possible
without instrumenting libFuzzer.

See https://github.com/google/sanitizers/issues/958.

Reviewers: eugenis

Reviewed By: eugenis

Subscribers: llvm-commits, kcc

Differential Revision: https://reviews.llvm.org/D48890

llvm-svn: 336447
2018-07-06 17:10:51 +00:00
Kostya Kortchinsky 2efb847b6f [scudo] Add some logs for Android
Summary:
Namely, set the abort message, and allow to write the message to syslog if the
option is enabled.

Reviewers: alekseyshl

Reviewed By: alekseyshl

Subscribers: delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D48902

llvm-svn: 336445
2018-07-06 16:50:12 +00:00
Marco Castelluccio 32d18beb8c Make __gcov_flush flush counters for all shared libraries
Summary:
This will make the behavior of __gcov_flush match the GCC behavior.

I would like to rename __gcov_flush to __llvm_gcov_flush (in case of programs linking to libraries built with different compilers), but I guess we can't for compatibility reasons.

Reviewers: davidxl

Reviewed By: davidxl

Subscribers: samsonov, vitalybuka, pcc, kcc, junbuml, glider, fhahn, eugenis, dvyukov, davidxl, srhines, chh, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D48538

llvm-svn: 336365
2018-07-05 15:52:59 +00:00
George Karpenkov aeeac6d41c [libFuzzer] [NFC] Inline static variable to avoid the linker warning.
Differential Revision: https://reviews.llvm.org/D48650

llvm-svn: 336238
2018-07-04 00:37:45 +00:00
Kostya Serebryany 51ddb88300 [libFuzzer] add one more value profile metric, under a flag (experimental)
llvm-svn: 336234
2018-07-03 22:33:09 +00:00
Kostya Serebryany dcac0a3b5e [libFuzzer] remove stale code, as suggested in https://reviews.llvm.org/D48800
llvm-svn: 336230
2018-07-03 21:22:44 +00:00
Kostya Kortchinsky e64a81475c [scudo] Get rid of builtin-declaration-mismatch warnings
Summary:
The C interceptors were using `SIZE_T` defined in the interception library as
a `__sanitizer::uptr`. On some 32-bit platforms, this lead to the following
warning:
```
warning: declaration of ‘void* malloc(SIZE_T)’ conflicts with built-in declaration ‘void* malloc(unsigned int)’ [-Wbuiltin-declaration-mismatch]
INTERCEPTOR_ATTRIBUTE void *malloc(SIZE_T size) {
```
`__sanitizer::uptr` is indeed defined as an `unsigned long` on those.

So just include `stddef.h` and use `size_t` instead.

Reviewers: alekseyshl

Reviewed By: alekseyshl

Subscribers: delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D48885

llvm-svn: 336221
2018-07-03 19:03:46 +00:00
Kostya Kortchinsky 4bc7f3d4d6 [scudo] Enable Scudo memory hooks for Fuchsia.
Summary:
    It would be useful for Flutter apps, especially, to be able to use
    malloc hooks to debug memory leaks on Fuchsia. They're not able to do
    this right now, so it'd be a nice bonus to throw in with the Scudo
    switchover.


Reviewers: cryptoad, alekseyshl

Reviewed By: cryptoad

Differential Revision: https://reviews.llvm.org/D48618

llvm-svn: 336139
2018-07-02 19:48:01 +00:00
Fangrui Song 5f27e0c021 [asan] Fix deadlock issue on FreeBSD, caused by use of .preinit_array in rL325240
Summary:
Without this patch,
clang -fsanitize=address -xc =(printf 'int main(){}') -o a; ./a => deadlock in __asan_init>AsanInitInternal>AsanTSDInit>...>__getcontextx_size>_rtld_bind>rlock_acquire(rtld_bind_lock, &lockstate)

libexec/rtld-elf/rtld.c
  wlock_acquire(rtld_bind_lock, &lockstate);
  if (obj_main->crt_no_init)
    preinit_main(); // unresolved PLT functions cannot be called here

lib/libthr/thread/thr_rtld.c
  uc_len = __getcontextx_size(); // unresolved PLT function in libthr.so.3

check-xray tests currently rely on .preinit_array so we special case in
xray_init.cc

Subscribers: srhines, kubamracek, krytarowski, delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D48806

llvm-svn: 336067
2018-07-01 17:52:41 +00:00
Fangrui Song da891dc6b4 [asan] Use MADV_NOCORE for use_madv_dontdump on FreeBSD.
Currently in FreeBSD 12.0-CURRENT with trunk clang+compiler-rt, faulty -fsanitize=address executable hangs at 'urdlck' state.

Ka Ho Ng has verified that by backporting this to llvm 6.0.1, with use_madv_dontdump=1, shadow memory is not dumped.

ASAN_OPTIONS=abort_on_error=1:disable_coredump=0:use_madv_dontdump=1 ./a

Reviewers: dimitry, kcc, dvyukov, emaste, khng300

Subscribers: kubamracek, delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D48257

llvm-svn: 336046
2018-06-30 08:27:48 +00:00
Chih-Hung Hsieh 7222e8e30b [profile] Add llvm_gcov_flush to be called outside a shared library
__gcov_flush is hidden.
For applications to dump profiling data of selected .so files,
they can use dlsym to find and call llvm_gcov_flush in each .so file.

Differential Revision: https://reviews.llvm.org/D45454

llvm-svn: 336019
2018-06-29 21:45:55 +00:00
Alex Shlyapnikov fb1644835b [TSan] More detailed error message on failed sahdow memory madvise
Summary:
Report errno value on failed shadow memory madvise attempt and add a
hint message with the possible workaround.

Reviewers: eugenis

Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D48668

llvm-svn: 335928
2018-06-28 21:38:34 +00:00
Petr Hosek 61574fdb06 [sanitizer] zx_cprng_draw no longer returns any value
Remove the return value check.

Differential Revision: https://reviews.llvm.org/D48671

llvm-svn: 335790
2018-06-27 21:25:21 +00:00
Matt Morehouse 520748f01e [UBSan] Add silence_unsigned_overflow flag.
Summary:
Setting UBSAN_OPTIONS=silence_unsigned_overflow=1 will silence all UIO
reports.  This feature, combined with
-fsanitize-recover=unsigned-integer-overflow, is useful for providing
fuzzing signal without the excessive log output.

Helps with https://github.com/google/oss-fuzz/issues/910.

Reviewers: kcc, vsk

Reviewed By: vsk

Subscribers: vsk, kubamracek, Dor1s, llvm-commits

Differential Revision: https://reviews.llvm.org/D48660

llvm-svn: 335762
2018-06-27 18:24:46 +00:00
Petr Hosek 3209b28aa9 [sanitizer] zx_cprng_draw no longer takes the output argument
The zx_cprng_draw system call no longer takes the output argument.

Differential Revision: https://reviews.llvm.org/D48657

llvm-svn: 335755
2018-06-27 16:49:37 +00:00
Dan Liew bb78eef6b6 [CMake] Tidy up the organisation of compiler-rt when configured as a standalone
build with an IDE (e.g. Xcode) as the generator.

Previously the global `USE_FOLDERS` property wasn't set in standalone
builds leading to existing settings of FOLDER not being respected.

In addition to this there were several targets that appeared at the top
level that were not interesting and clustered up the view. These have
been changed to be displayed in "Compiler-RT Misc".

Now when an Xcode project is generated from a standalone compiler-rt
build the project navigator is much less cluttered. The interesting
libraries should appear in "Compiler-RT Libraries" in the IDE.

Differential Revision: https://reviews.llvm.org/D48378

llvm-svn: 335728
2018-06-27 12:56:34 +00:00
Vlad Tsyrklevich e745cf9bf3 CFI: Print DSO names for failed cross-DSO icalls
Reviewers: pcc

Reviewed By: pcc

Subscribers: kubamracek, delcypher, llvm-commits, kcc, #sanitizers

Differential Revision: https://reviews.llvm.org/D48583

llvm-svn: 335644
2018-06-26 18:51:04 +00:00
Matt Morehouse 0948bc2086 [libFuzzer] Do not turn unittest warnings into errors.
Some warnings originating from googletest were causing bots to fail
while bulding unit tests.  The sanitizers address this issue by not
using -Werror.  We adopt this approach for libFuzzer.

llvm-svn: 335640
2018-06-26 18:37:37 +00:00
Peter Collingbourne e44acadf6a Implement CFI for indirect calls via a member function pointer.
Similarly to CFI on virtual and indirect calls, this implementation
tries to use program type information to make the checks as precise
as possible.  The basic way that it works is as follows, where `C`
is the name of the class being defined or the target of a call and
the function type is assumed to be `void()`.

For virtual calls:
- Attach type metadata to the addresses of function pointers in vtables
  (not the functions themselves) of type `void (B::*)()` for each `B`
  that is a recursive dynamic base class of `C`, including `C` itself.
  This type metadata has an annotation that the type is for virtual
  calls (to distinguish it from the non-virtual case).
- At the call site, check that the computed address of the function
  pointer in the vtable has type `void (C::*)()`.

For non-virtual calls:
- Attach type metadata to each non-virtual member function whose address
  can be taken with a member function pointer. The type of a function
  in class `C` of type `void()` is each of the types `void (B::*)()`
  where `B` is a most-base class of `C`. A most-base class of `C`
  is defined as a recursive base class of `C`, including `C` itself,
  that does not have any bases.
- At the call site, check that the function pointer has one of the types
  `void (B::*)()` where `B` is a most-base class of `C`.

Differential Revision: https://reviews.llvm.org/D47567

llvm-svn: 335569
2018-06-26 02:15:47 +00:00
Alex Shlyapnikov d42edb28d0 [HWASan] Initalize shadow earler.
Summary:
Initialize shadow memory before calling more libc functions to allow
for HWASan-instrumented libc.

Reviewers: eugenis

Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D48551

llvm-svn: 335502
2018-06-25 17:27:13 +00:00
Matt Morehouse 988f2da613 [libFuzzer] Use Vector rather than std::vector.
llvm-svn: 335487
2018-06-25 15:59:24 +00:00
Vedant Kumar c835306ac5 [ubsan] Fix __ubsan_on_report interface definition
Speculative fix for the interface definition of __ubsan_on_report for
the Windows bots:

  http://lab.llvm.org:8011/builders/sanitizer-windows/builds/30528
  lib\ubsan\ubsan_interface.inc(55): error C2065: '__ubsan_on_report':
  undeclared identifier

INTERCEPT_SANITIZER_WEAK_FUNCTION was the wrong macro to use to begin
with because __ubsan_on_report isn't weak. Reading through that macro,
it's still not clear to me why there is an undefined reference, though,
because it appears to define a dummy __ubsan_on_report shim.

llvm-svn: 335383
2018-06-22 20:15:33 +00:00
Vedant Kumar 059d20360a [ubsan] Add support for reporting diagnostics to a monitor process
Add support to the ubsan runtime for reporting diagnostics to a monitor
process (e.g a debugger).

The Xcode IDE uses this by setting a breakpoint on __ubsan_on_report and
collecting diagnostic information via __ubsan_get_current_report_data,
which it then surfaces to users in the editor UI.

Testing for this functionality already exists in upstream lldb, here:
lldb/packages/Python/lldbsuite/test/functionalities/ubsan

Apart from that, this is `ninja check-{a,ub}san` clean.

Differential Revision: https://reviews.llvm.org/D48446

llvm-svn: 335371
2018-06-22 17:21:17 +00:00
Dmitry Vyukov ac5fa6605c tsan: fix deficiency in MutexReadOrWriteUnlock
MutexUnlock uses ReleaseStore on s->clock, which is the right thing to do.
However MutexReadOrWriteUnlock for writers uses Release on s->clock.
Make MutexReadOrWriteUnlock also use ReleaseStore for consistency and performance.
Unfortunately, I don't think any test can detect this as this only potentially
affects performance.

llvm-svn: 335322
2018-06-22 08:27:52 +00:00
Kostya Kortchinsky 307c2eb94f [scudo] Add a minimal runtime for -fsanitize-minimal-runtime compatibility
Summary:
This patch follows D48373.

The point is to be able to use Scudo with `-fsanitize-minimal-runtime`. For that
we need a runtime that doesn't embed the UBSan one. This results in binaries
that can be compiled with `-fsanitize=scudo,integer -fsanitize-minimal-runtime`.

Reviewers: eugenis

Reviewed By: eugenis

Subscribers: mgorny, delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D48377

llvm-svn: 335296
2018-06-21 21:48:04 +00:00
Kuba Mracek 14c786a960 [tsan] Use DARWIN_osx_LINK_FLAGS when building unit tests to match ASan behavior.
llvm-svn: 335265
2018-06-21 18:00:51 +00:00
David Carlier 7d796ececd [TSan] fix build and couple of unit tests on FreeBSD
Similarly to Msan adding -pie provokes linkage issue, was spotted with pie_test.cc
Set to XFAIL for couple of unit tests.

Reviewers: vitalybuka, krytarowski, dim

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D48317

llvm-svn: 335166
2018-06-20 20:17:44 +00:00
David Carlier 8979d44d31 [Lsan] intercept thr_exit on FreeBSD
Intercepts thr_exit call on FreeBSD.
Disable pthread key workflow.
The pthread key create approach does not function under FreeBSD as the libpthread is not initialised enough at this stage.

Reviewers: vitalybuka, krytarowski, dim

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D48268

llvm-svn: 335164
2018-06-20 20:13:25 +00:00
Alex Shlyapnikov 7e067ab1af [Sanitizers] Remove OOM/BadRequest allocator error handling policies.
Summary:
Remove the generic error nadling policies and handle each allocator error
explicitly. Although more verbose, it allows for more comprehensive, precise
and actionable allocator related failure reports.

This finishes up the series of changes of the particular sanitizer
allocators, improves the internal allocator error reporting and removes
now unused policies.

Reviewers: vitalybuka, cryptoad

Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D48328

llvm-svn: 335147
2018-06-20 17:10:33 +00:00
Fangrui Song 6fa3bf9588 [XRay] Fix error message. NFC
Reviewers: dberris

Subscribers: delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D48313

llvm-svn: 335055
2018-06-19 15:39:19 +00:00
Kostya Kortchinsky 63c33b1c9b [scudo] Move noinline functions definitions out of line
Summary:
Mark `isRssLimitExceeded` as `NOINLINE`, and move it's definition as well as
the one of `performSanityChecks` out of the class definition, as requested.

Reviewers: filcab, alekseyshl

Reviewed By: alekseyshl

Subscribers: delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D48228

llvm-svn: 335054
2018-06-19 15:36:30 +00:00
Francis Visoiu Mistrih 972a462a7e Fix bots after r334981
llvm-svn: 335013
2018-06-19 02:56:24 +00:00
Reid Kleckner b8a5ee2b00 [asan] Avoid deadlock when initializing the symbolizer CHECK fails
llvm-svn: 335007
2018-06-19 00:36:47 +00:00
Chris Bieneman feb4537b44 Fixing os_version_check.c to be actual C source
The initial implementaiton was using the C++ typeof keyword. This
causes the compiler to spew warnings unnecissarilly. This patch removes
the uses of typeof and replaces them with explicit typedefs of the
function types.

llvm-svn: 334981
2018-06-18 20:56:19 +00:00