This patch enabled msan for aarch64 with 39-bit VMA and 42-bit VMA.
As defined by lib/msan/msan.h the memory layout used is for 39-bit is:
00 0000 0000 - 40 0000 0000: invalid
40 0000 0000 - 43 0000 0000: shadow
43 0000 0000 - 46 0000 0000: origin
46 0000 0000 - 55 0000 0000: invalid
55 0000 0000 - 56 0000 0000: app (low)
56 0000 0000 - 70 0000 0000: invalid
70 0000 0000 - 80 0000 0000: app (high)
And for 42-bit VMA:
000 0000 0000 - 100 0000 0000: invalid
100 0000 0000 - 11b 0000 0000: shadow
11b 0000 0000 - 120 0000 0000: invalid
120 0000 0000 - 13b 0000 0000: origin
13b 0000 0000 - 2aa 0000 0000: invalid
2aa 0000 0000 - 2ab 0000 0000: app (low)
2ab 0000 0000 - 3f0 0000 0000: invalid
3f0 0000 0000 - 400 0000 0000: app (high)
Most of tests are passing with exception of:
* Linux/mallinfo.cc
* chained_origin_limits.cc
* dlerror.cc
* param_tls_limit.cc
* signal_stress_test.cc
* nonnull-arg.cpp
The 'Linux/mallinfo.cc' is due the fact AArch64 returns the sret in 'x8'
instead of default first argument 'x1'. So a function prototype that
aims to mimic (by using first argument as the return of function) won't
work. For GCC one can make a register alias (register var asm ("r8")), but
for clang it detects is an unused variable and generate wrong code.
The 'chained_origin_limits' is probably due a wrong code generation,
since it fails only when origin memory is used
(-fsanitize-memory-track-origins=2) and only in the returned code
(return buf[50]).
The 'signal_streess_test' and 'nonnull-arg' are due currently missing variadic
argument handling in memory sanitizer code instrumentation on LLVM side.
Both 'dlerror' and 'param_tls_test' are unknown failures that require
further investigation.
All the failures are XFAIL for aarch64 for now.
llvm-svn: 247809
test/msan/dtor-trivial.cpp. Runtime testing for poisoning
vtable pointer in dtor.
Summary: Runtime testing for vtable ptr poisoning in dtor.
Reviewers: eugenis, kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D12713
Clean test case & comments.
Update tests for vptr poisoning order.
Simplify test to rely upon globals.
Assertions verify that vtable still accessible from dtors.
Testing linear inheritance and multiple inheritance for vtable poisoning.
Macros for testing expected failing functions.
Rename macros.
Removed xfail, modified FileCheck commands, to expect test to crash.
llvm-svn: 247763
Summary:
When destructor for a class is not declared, no destructor
is emitted, and members are not poisoned. Test case exhibits this
current bug in use-after-dtor implementation (detailed in
https://github.com/google/sanitizers/issues/596).
Reviewers: eugenis, kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D12617
Rename test files.
llvm-svn: 247091
Summary: Verify that all members are poisoned.
Reviewers: eugenis, kcc
Differential Revision: http://reviews.llvm.org/D12023
Test virtual functions and virtual bases poisoning proper size.
Runtime testing of destroying diamond inheritance.
Explicit testing for 0 optimizations.
Simplify test to only test interesting values.
Test poisoning on multiple inheritance with nontrivial and trivial members.
Removed unnecessary header.
Testing (anonymous/)bit fields.
Revised object instantiation in test to avoid undefined behavior.
llvm-svn: 246817
Summary: Fixed test in response to buildbot failures from last night.
Reviewers: eugenis, kcc
Differential Revision: http://reviews.llvm.org/D12018
llvm-svn: 244952
Summary: Fixed test in response to buildbot failures from last night.
Reviewers: eugenis, kcc
Differential Revision: http://reviews.llvm.org/D11992
llvm-svn: 244818
Summary: New implementation for dtor sanitizer callback poisons only class members, and emits poisoning callback before base dtor invoked.
Reviewers: eugenis, kcc
Differential Revision: http://reviews.llvm.org/D11952
Explicit dtor invocation
llvm-svn: 244709
Summary:
A virtual base class and derived class should only poison their
respective members upon destruction. In particular, trivial members should
be poisoned directly, non-trivial members should be poisoned by their
respective destructors, and references to non-trivial members should be
poisoned.
Reviewers: eugenis, kcc
Differential Revision: http://reviews.llvm.org/D11912
Test case avoids casting to access members
Run configurations to reflect expected runtime failure on assertions.
Simplified access to internal members.
Updated internal member structure of base.
Revised assert in main to verify successful poisoning after dtor.
Verify address of pointer is poisoned.
Fixed assert err.
Cleaned up test by removing extraneous prints, asserts.
llvm-svn: 244521
Summary: Simple test case to verify that an instance of a derived class with virtual base is properly poisoned
Reviewers: eugenis, kcc
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D11733
modified test to be more concise, and check the local pointer to the destroyed object
revised test to not examine padding- only explicit object members
llvm-svn: 243913
Summary: Verify that running in optimized mode while checking for use-after-dtor errors, does not generate tail call invocation of destructor. This avoids possible error where stack frame for the destructor is eliminated, making tracking down the errors more difficult.
Reviewers: eugenis, kcc
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D11614
simplified test cases
updated line numbering on test
renamed test
llvm-svn: 243675
Summary:
This patch adds basic memory sanitizer support for PPC64. PR23219.
I have further patches ready to enable it in LLVM and Clang, and to fix
most of the many failing tests in check-msan.
Reviewers: kcc, willschm, samsonov, wschmidt, eugenis
Reviewed By: eugenis
Subscribers: wschmidt, llvm-commits
Differential Revision: http://reviews.llvm.org/D10648
llvm-svn: 240623
Summary: This test uses x86 intrinsics, so it can't work on other platforms.
Reviewers: garious, eugenis, samsonov
Reviewed By: samsonov
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D10652
llvm-svn: 240449
Fix 2 bugs in memory mapping setup:
- the invalid region at offset 0 was not protected because mmap at
address 0 fails with EPERM on most Linux systems. We did not
notice this because the check condition was flipped: the code was
checking that mprotect has failed. And the test that was supposed
to catch this was weakened by the mitigations in the mmap
interceptor.
- when running without origins, the origin shadow range was left
unprotected.
The new test ensures that mmap w/o MAP_FIXED always returns valid
application addresses.
llvm-svn: 238109
Enabling internal ptrace for mips, which fixes some
ptrace related tests. Along with this fixing some
other failures.
Reviewers: Reviewers: eugenis, kcc, samsonov
Subscribers: dsanders, sagar, lldb-commits
Differential Revision: http://reviews.llvm.org/D7332
llvm-svn: 229656
By attaching an extra integer tag to heap origins, we are able
to distinguish between uninits
- created by heap allocation,
- created by heap deallocation (i.e. use-after-free),
- created by __msan_allocated_memory call,
- etc.
See https://code.google.com/p/memory-sanitizer/issues/detail?id=35.
llvm-svn: 226821
Fixes 2 issues in origins arising from realloc() calls:
* In the in-place grow case origin for the new memory is not set at all.
* In the copy-realloc case __msan_memcpy is used, which unwinds stack from
inside the MSan runtime. This does not generally work (as we may be built
w/o frame pointers), and produces "bad" stack trace anyway, with several
uninteresting (internal) frames on top.
This change also makes realloc() honor "zeroise" and "poison_in_malloc" flags.
See https://code.google.com/p/memory-sanitizer/issues/detail?id=73.
llvm-svn: 226674
Previously we always stored 4 bytes of origin at the destination address
even for 8-byte (and longer) stores.
This should fix rare missing, or incorrect, origin stacks in MSan reports.
llvm-svn: 226658
Evgeniy Stepanov