We've got some internal users that either aren't compatible with this or
have found a bug with it. Either way, this is an isolated cleanup and so
I'm reverting it to un-block folks while we investigate. Alexey and
I will be working on fixing everything up so this can be re-committed
soon. Sorry for the noise and any inconvenience.
llvm-svn: 225079
This reverts commit r221445. This change leads to false positives
reports from -fsanitize=vptr. See original commit thread for more
details.
llvm-svn: 224972
The change in r224819 started using internal_unlink in a sanitizer_common unit test. For some reason, internal_unlink is not defined in sanitizer_mac.cc, fixing that.
llvm-svn: 224910
This increases the limit from 4M locations to 16M, reserving
64Mb virtual memory. Chrome has >5M unique coverage locations with coverage=3.
llvm-svn: 224855
This is a re-commit of r224838 + r224839, previously reverted in r224850.
Test failures were likely (still can not reproduce) caused by two lit tests
using the same name for an intermediate build target.
llvm-svn: 224853
The current code leaves the first event in the trace part uninitialized
(from the previous thread). It can cause unpredictable behavior
during stack/mutexset restoration.
Initialize the first event to a fake harmless memory access.
llvm-svn: 224834
This is mostly useful for testing, as the only other way of specifying
activation options (Android system property) is system-wide and affects
concurrently running tests.
llvm-svn: 224824
Summary:
Protect CommonFlags singleton by adding const qualifier to
common_flags() accessor. The only ways to modify the flags are
SetCommonFlagsDefaults(), ParseCommonFlagsFromString() and
OverrideCommonFlags() functions, which are only supposed to be
called during initialization.
Test Plan: regression test suite
Reviewers: kcc, eugenis, glider
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6741
llvm-svn: 224736
As mentioned in
https://code.google.com/p/address-sanitizer/issues/detail?id=365, when the
re-exec that adds the required DYLD_INSERT_LIBRARIES variable fails, ASan
currently continues to run, but things are broken (some memory can be
overwritten, interceptors don't work, ...). This patch aborts if the execv()
fails and prints an error message that DYLD_INSERT_LIBRARIES is required. It
also removes the "alllow_reexec" flag, since using it causes the same issues.
Reviewed at http://reviews.llvm.org/D6752
llvm-svn: 224712
NULL handler
Per
https://developer.apple.com/library/mac/documentation/Performance/Reference/GCD_libdispatch_Ref/index.html,
the dispatch_source_set_cancel_handler() API *can* be called with a NULL
handler. In that case, the libdispatch removes an already existing cancellation
handler, if there was one. ASan's interceptor always creates a new block that
always tries to call the original handler. In case the original block is NULL,
a segmentation fault happens. Let's fix that by not wrapping a NULL-block at
all.
It looks like all the other libdispatch APIs (which we intercept) do *not*
allow NULL. So it's really only the dispatch_source_set_cancel_handler one that
needs this fix.
Reviewed at http://reviews.llvm.org/D6747
llvm-svn: 224711
Add CommonFlags::SetDefaults() and CommonFlags::ParseFromString(),
so that this object can be easily tested. Enforce
that ParseCommonFlagsFromString() and SetCommonFlagsDefaults()
work only with singleton CommonFlags, shared across all sanitizer
runtimes.
llvm-svn: 224617
Now ASan deactivation doesn't modify common or ASan-specific runtime
flags. Flags stay constant after initialization, and "deactivation"
instead stashes initialized runtime state, and deactivates the
runtime. Activation then just restores the original state (possibly,
overriden by some activation flags provided in system property on
Android).
llvm-svn: 224614
Summary:
Reduce the dependency of allocator code on runtime flags. Instead,
pass a bunch of options that configure allocator behavior at
initialization or re-initialization. That would allow us to
cleaner modify allocator behavior during a program execution
when ASan is activated or de-activated.
Test Plan: regression test suite
Reviewers: kcc
Subscribers: llvm-commits, eugenis
Differential Revision: http://reviews.llvm.org/D6711
llvm-svn: 224605
Summary:
Change the way ASan flag parsing is performed at activation: instead
of overwriting all ASan and common flags from the activation string,
ASan will now only override a handful of whitelisted flags.
This is a first step towards making runtime flags immutable after
initialization. I plan to re-factor the activation stragegy to
the following one:
- Parse commandline flags. Override the defaults from compile
definition, env var, etc. Flags are immutable at this point.
- Initiailize the runtime from commandline flags.
- If ASan needs to be started deactivated, stash the runtime
state in "asan_deactivated_flags" and deactivate the runtime.
- When ASan is activated, override "asan_deactivated_flags" with
activation flags, and use it to re-activate the runtime.
Test Plan: regression test suite
Reviewers: eugenis, kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6709
llvm-svn: 224601
clang does not like the definition of builtins. In order to work around this,
we use a SUN CC to redefine the generated name. However, this requires that we
account for the user label prefix. Rather than hard coding that into the file,
rely on the compiler to tell us the information and use the preprocessor to
generate the name as we do in the assembly routines. NFC.
llvm-svn: 224597
signal handler reads sa_sigaction when a concurrent sigaction call can modify it
as the result in could try to call SIG_DFL or a partially overwritten function pointer
llvm-svn: 224530
Summary:
The numbers in /proc/self/statm are in pages, not in fixed 4k units.
This fixes Linux/hard_rss_limit_mb_test.cc on my PowerPC64 box which
has 64k pages.
Reviewers: kcc, willschm
Reviewed By: willschm
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6717
llvm-svn: 224522
tctx==NULL crash observed during deadlock reporting.
There seems to be some bugs in the deadlock detector,
but it is still useful to be more robust during reporting.
llvm-svn: 224508
This commit changes the strategy for building shared ASan runtime
and the way we test it:
- COMPILER_RT_BUILD_SHARED_ASAN CMake option is removed. We now
always build shared ASan runtime (it is the default on Android,
Windows and Mac, and not the default on Linux and FreeBSD).
- Platforms, which use static runtime by default now have
"check-asan-dynamic" testsuite. This testsuite contains instrumented
unit tests, and ASan lit tests, and runs them with shared ASan
runtime. This testsuite is *not* a part of "check-asan" and
*not* a part of "check-all", as adding 1000 more test cases, which
duplicate existing ones is costly. However, you're welcome to
add this command to your buildbot.
llvm-svn: 224470
pthread_getspecific is not async-signal-safe.
MsanThread pointer is now stored in a TLS variable, and the TSD slot
is used only for its destructor, and never from a signal handler.
This should fix intermittent CHECK failures in MsanTSDSet.
llvm-svn: 224423
Introduce "Allocator" object, which contains all the bits and pieces
ASan allocation machinery actually use: allocator from sanitizer_common,
quarantine, fallback allocator and quarantine caches, fallback mutex.
This step is a preparation to adding more state to this object. We want
to reduce dependency of Allocator on commandline flags and be able to
"safely" modify its behavior (such as the size of the redzone) at
runtime.
llvm-svn: 224406
SetCanPoisonMemory()/CanPoisonMemory() functions are now used
instead of "poison_heap" flag to determine if ASan is allowed
to poison the shadow memory. This allows to hot-patch this
value in runtime (e.g. during ASan activation) without introducing
a data race.
llvm-svn: 224395
We recently had a broken version check because an newer OS X version is treated as MACOS_VERSION_UNKNOWN which is less than all the defined values. Let's have a separate enum value for unknown but newer versions, so the ">=" and "<=" version checks still work even in upcoming OS X releases.
Reviewed at http://reviews.llvm.org/D6137
llvm-svn: 224315
Summary:
Introduce __asan::malloc_context_size atomic that is used to determine
required malloc/free stack trace size. It is initialized with
common_flags()->malloc_context_size flag, but can later be overwritten
at runtime (e.g. when ASan is activated / deactivated).
Test Plan: regression test suite
Reviewers: kcc, eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6645
llvm-svn: 224305
Summary:
Turn "allocator_may_return_null" common flag into an
Allocator::may_return_null bool flag. We want to make sure
that common flags are immutable after initialization. There
are cases when we want to change this flag in the allocator
at runtime: e.g. in unit tests and during ASan activation
on Android.
Test Plan: regression test suite, real-life applications
Reviewers: kcc, eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6623
llvm-svn: 224148
Enabling COMPILER_RT_INCLUDE_TESTS and updating tests/sanitizer_allocator_test.cc to remove Allocator64 related tests for MIPS.
Reviewed By: samsonov
llvm-svn: 224101
This commit changes the way we get fake stack from ASan runtime
(to find use-after-return errors) and the way we represent local
variables:
- __asan_stack_malloc function now returns pointer to newly allocated
fake stack frame, or NULL if frame cannot be allocated. It doesn't
take pointer to real stack as an input argument, it is calculated
inside the runtime.
- __asan_stack_free function doesn't take pointer to real stack as
an input argument. Now this function is never called if fake stack
frame wasn't allocated.
- __asan_init version is bumped to reflect changes in the ABI.
- new flag "-asan-stack-dynamic-alloca" allows to store all the
function local variables in a dynamic alloca, instead of the static
one. It reduces the stack space usage in use-after-return mode
(dynamic alloca will not be called if the local variables are stored
in a fake stack), and improves the debug info quality for local
variables (they will not be described relatively to %rbp/%rsp, which
are assumed to be clobbered by function calls). This flag is turned
off by default for now, but I plan to turn it on after more
testing.
llvm-svn: 224063
Summary:
- Make sure mmap() is never called inside RawWrite function.
- Wrap a bunch of standalone globals in a ReportFile object.
- Make sure accesses to these globals are thread-safe.
- Fix report_path functionality on Windows, where
__sanitizer_set_report_path() would break program.
I've started this yak shaving in order to make
"CommonFlags::mmap_limit_mb" immutable. Currently we drop this flag
to zero before printing an error message.
Test Plan: regression test suite
Reviewers: kcc, glider
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6595
llvm-svn: 224031
Each of the object formats use a different directive for selecting the constant
section. Use a macro to avoid the duplication across a number of files. Also
correct a small macro mismatch on the Windows case (HIDDEN_DIRECTIVE -> HIDDEN).
Patch by Vadim Chugunov!
llvm-svn: 223910
On Darwin, compiler_rt uses magic linker symbols to find the profile
counters in the __DATA segment. This is a reasonable method for
normal, hosted, userspace programs. However programs with custom
memory layouts, such as the kernel, will need to tell compiler_rt
explicitly where to find these sections.
Patch by Lawrence D'Anna. Thanks!
llvm-svn: 223840
In the current scheme of things, the call to ThreadStart() in the child
thread is not synchronized with the parent thread. So, if a pointer is passed to
pthread_create, there may be a window of time during which this pointer will not
be discoverable by LSan. I.e. the pthread_create interceptor has already
returneed and thus the pointer is no longer on the parent stack, but we don't
yet know the location of the child stack. This has caused bogus leak reports
(see http://llvm.org/bugs/show_bug.cgi?id=21621/).
This patch makes the pthread_create interceptor wait until the child thread is
properly registered before returning.
llvm-svn: 223419
Previously, all origin ids were "chained" origins, i.e values of
ChainedOriginDepot. This added a level of indirection for simple
stack and heap allocation, which were represented as chains of
length 1. This costs both RAM and CPU, but provides a joined 2**29
origin id space. It also made function (any instrumented function)
entry non-async-signal-safe, but that does not really matter because
memory stores in track-origins=2 mode are not async-signal-safe anyway.
With this change, the type of the origin is encoded in origin id.
See comment in msan_origin.h for more details. This reduces chained and stack
origin id range to 2**28 each, but leaves extra 2**31 for heap origins.
This change should not have any user-visible effects.
llvm-svn: 223233
Return a linked list of AddressInfo objects, instead of using an array of
these objects as an output parameter. This simplifies the code in callers
of this function (especially TSan).
Fix a few memory leaks from internal allocator, when the returned
AddressInfo objects were not properly cleared.
llvm-svn: 223145
Extending SuppressionContext to add a HasSuppressionType method that tells whether a certain suppression type is currently used or not. It's a step to implement issue suppressions for ASan, see http://reviews.llvm.org/D6280.
Reviewed at http://reviews.llvm.org/D6443
llvm-svn: 222954
Summary:
Exactly what the title says. I've tested this change against the libc++ test failures and it solves all of them. The check-msan rule also still passes.
I'm not sure why it called memset originally.
I can add tests if requested but currently there are no tests involving wide chars and they are a c++11 features.
Reviewers: kcc, eugenis
Reviewed By: eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6352
llvm-svn: 222673
Summary:
TestCases/Linux/heavy_uar_test.cc was failing on my
PowerPC64 box with GCC 4.8.2, because the compiler recognised
a memset-like loop and turned it into a call to memset, which
got intercepted by __asan_memset, which got upset because it was
being called on an address in high shadow memory.
Use break_optimization to stop the compiler from doing this.
Reviewers: kcc, samsonov
Reviewed By: kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6266
llvm-svn: 222572
Let the users of SymbolizationLoop define a function that produces the list of .dSYM hints (possible path to the .dSYM bundle) for the given binary.
Because the hints can't be added to an existing llvm-symbolizer process, we spawn a new symbolizer process ones each time a new hint appears.
Those can only appear for binaries that we haven't seen before.
llvm-svn: 222535
Reviewed at http://reviews.llvm.org/D6238
ASan on Darwin during launch reads DYLD_INSERT_LIBRARIES env. variable and if it's not set or if the ASan dylib is not present in there, it relaunches the process. The check whether the dylib is present in the variable is now trying to find a full path in there. This fails in the scenarios where we want to copy the dylib to the executable's directory or somewhere else and set the DYLD_INSERT_LIBRARIES manually, see http://reviews.llvm.org/D6018.
Let's change the search in DYLD_INSERT_LIBRARIES to only look for the filename of the dylib and not the full path.
llvm-svn: 222297
MSanDR is a dynamic instrumentation tool that can instrument the code
(prebuilt libraries and such) that could not be instrumented at compile time.
This code is unused (to the best of our knowledge) and unmaintained, and
starting to bit-rot.
llvm-svn: 222232
Summary:
AsanOnSIGSEGV has some heuristics for detecting stack overflow, but
they don't cope with a PowerPC store-with-update instruction which
modifies sp and stores to the modified address in one instruction.
This patch adds some PowerPC-specific code to check for this case.
This fixes the last few cases of the stack-overflow test.
Reviewers: kcc, samsonov, eugenis
Reviewed By: eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6253
llvm-svn: 222001
This change removes libclang_rt.profile-pic-<arch>.a version of
profile runtime. Instead, it's sufficient to always build
libclang_rt.profile-<arch>.a with -fPIC, as it can be linked into
both executables and shared objects.
llvm-svn: 221952
The code in {add,sub}v.i3 routines does not trap when it should, because
it performs the actual add/subtract operation in signed arithmetic,
rather than unsigned.
Patch by Francois-Xavie Coudert!
llvm-svn: 221826
Summary:
The option -asan-instrument-assembly is declared in the X86 backend.
If I test on PowerPC configured with LLVM_TARGETS_TO_BUILD=All then the
option is tolerated but ignored.
If I test on PowerPC configured with LLVM_TARGETS_TO_BUILD=PowerPC then
the testsuite fails with:
[ 93%] Generating ASAN_INST_TEST_OBJECTS.gtest-all.cc.powerpc64-inline.o
clang (LLVM option parsing): Unknown command line argument '-asan-instrument-assembly'. Try: 'clang (LLVM option parsing) -help'
Fix this inconsistency by only adding the option if that toolchain was
built with the X86 backend included.
Reviewers: kcc, samsonov, eugenis
Reviewed By: eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6190
llvm-svn: 221687
Summary:
Tweak the asan stack overflow heuristics to cope with PowerPC64 redzones,
which are larger than on x86-64: 288 bytes for big-endian and 512 bytes
for little-endian.
Reviewers: kcc, willschm, samsonov, eugenis
Reviewed By: samsonov, eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6168
llvm-svn: 221578
This flag can be used to specify the format of stack frames - user
can now provide a string with placeholders, which should be printed
for each stack frame with placeholders replaced with actual data.
For example "%p" will be replaced by PC, "%s" will be replaced by
the source file name etc.
"DEFAULT" value enforces default stack trace format currently used in
all the sanitizers except TSan.
This change also implements __sanitizer_print_stack_trace interface
function in TSan.
llvm-svn: 221469
for both PPC64 Big and Little endian modes, so also eliminates the need for
the BIG_ENDIAN/LITTLE_ENDIAN #ifdeffery.
By trial and error, it also looks like the kPPC64_ShadowOffset64 value is
valid using (1ULL << 41) for both BE and LE, so that #if/#elif/#endif block
has also been simplified.
Differential Revision: http://reviews.llvm.org/D6044
llvm-svn: 221457
When the __virtual_mask is set, __offset_flags >> __offset_shift yields
an offset into the vtable. Dereferencing this vtable slot gets us the
vbase offset.
Adjust a test case to verify that this, in fact, works.
Differential Revision: http://reviews.llvm.org/D6074
llvm-svn: 221445
Summary:
This commit introduces function __sanitizer::RenderFrame()
that allows to render the contents of AddressInfo (essentially, symbolized stack frame)
using the custom format string. This function can be used to
implement stack frame formatting for both ThreadSanitizer and
generic StackTrace::Print(), used in another places. This paves the
way towards allowing user to control the format of stack frames,
obtaining them in any format he desires, and/or enforcing the consistent
output from all sanitizers.
Test Plan: compiler-rt test suite
Reviewers: kcc
Reviewed By: kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6140
llvm-svn: 221409
This also fixes the test/asan/TestCases/Darwin/malloc_zone-protected.cc test failure on OS X 10.10.
Reviewed at http://reviews.llvm.org/D6119
llvm-svn: 221379
# Make DataInfo (describing a global) a member of ReportLocation
to avoid unnecessary copies and allocations.
# Introduce a constructor and a factory method, so that
all structure users don't have to go to internal allocator directly.
# Remove unused fields (file/line).
No functionality change.
llvm-svn: 221302
AddressInfo contains the results of symbolization. Store this object
directly in the symbolized stack, instead of copying data around and
making unnecessary memory allocations.
No functionality change.
llvm-svn: 221294
TSan used to do the following transformations with data obtained
from the symbolizer:
1) Strip "__interceptor_" prefix from function name.
2) Use "strip_path_prefix" runtime flag to strip filepath.
Now these transformations are performed right before the stack trace
is printed, and ReportStack structure contains original information.
This seems like a right thing to do - stripping is a detail of report
formatting implementation, and should belong there. We should, for
example, use original path to source file when we apply suppressions.
This change also make "strip_path_prefix" flag behavior in TSan
consistent with all the other sanitizers - now it should actually
match *the prefix* of path, not some substring. E.g. earlier TSan
would turn "/usr/lib/libfoo.so" into "libfoo.so" even if strip_path_prefix
was "/lib/".
Finally, strings obtained from symbolizer come from internal allocator,
and "stripping" them early by incrementing a "char*" ensures they can
never be properly deallocated, which is a bug.
llvm-svn: 221283
Change the LC_ID_DYLIB of ASan's dynamic libraries on OS X to be set to "@rpath/libclang_rt.asan_osx_dynamic.dylib" and similarly for iossim. Clang driver then sets the "-rpath" to be the real path to where clang currently has the dylib (because clang uses the relative path to its current executable). This means if you move the compiler or install the binary release, -fsanitize=address will link to the proper library.
Reviewed at http://reviews.llvm.org/D6018
llvm-svn: 221278
This commit changes the place where TSan runtime turns full path
to binary or shared library into its basename
(/usr/foo/mybinary -> mybinary). Instead of doing it as early as possible
(when we obtained the full path from the symbolizer), we now do it as
late as possible (right before printing the error report).
This seems like a right thing to do - stripping to basename is a detail
of report formatting implementation, and should belong there. Also, we
might need the full path at some point - for example, to match the
suppressions.
llvm-svn: 221225
Summary:
This change removes `__tsan::StackTrace` class. There are
now three alternatives:
# Lightweight `__sanitizer::StackTrace`, which doesn't own a buffer
of PCs. It is used in functions that need stack traces in read-only
mode, and helps to prevent unnecessary allocations/copies (e.g.
for StackTraces fetched from StackDepot).
# `__sanitizer::BufferedStackTrace`, which stores buffer of PCs in
a constant array. It is used in TraceHeader (non-Go version)
# `__tsan::VarSizeStackTrace`, which owns buffer of PCs, dynamically
allocated via TSan internal allocator.
Test Plan: compiler-rt test suite
Reviewers: dvyukov, kcc
Reviewed By: kcc
Subscribers: llvm-commits, kcc
Differential Revision: http://reviews.llvm.org/D6004
llvm-svn: 221194
introduce a BufferedStackTrace class, which owns this array.
Summary:
This change splits __sanitizer::StackTrace class into a lightweight
__sanitizer::StackTrace, which doesn't own array of PCs, and BufferedStackTrace,
which owns it. This would allow us to simplify the interface of StackDepot,
and eventually merge __sanitizer::StackTrace with __tsan::StackTrace.
Test Plan: regression test suite.
Reviewers: kcc, dvyukov
Reviewed By: dvyukov
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D5985
llvm-svn: 220635
ParamTLS (shadow for function arguments) is of limited size. This change
makes all arguments that do not fit unpoisoned, and avoids writing
past the end of a TLS buffer.
llvm-svn: 220351
Sanitizer source is not affected by _FILE_OFFSET_BITS in general,
but this one file must be built with 32-bit off_t. More details in the code.
llvm-svn: 220328
__ANDROID__ is a define that comes from the toolchain when building
for Android targets. ANDROID has a different meaning. ANDROID is
defined for _every_ Android build, including those done for host
modules. For host modules, we want to build the regular Linux
sanitizers and builtins, not the one for Android devices. This hasn't
been a problem until now because we only just started building the
sanitizers for the host.
llvm-svn: 220203
Whitespace update for lint check by myself (Will). Otherwise code and comments by Peter Bergner, as previously seen on llvm-commits.
The following patch gets ASAN somewhat working on powerpc64le-linux.
It currently assumes the LE kernel uses 46-bit addressing, which is
true, but it doesn't solve the case for BE where it may be 44 or
46 bits. That can be fixed with a follow on patch.
There are some test suite fails even with this patch that I haven't had
time to solve yet, but this is better than the state it is in now.
The limited debugging of those test suite fails seems to show that the
address map for 46-bit addressing has changed and so we'll need to
modify the shadow memory location slightly. Again, that can be fixed
with a follow on patch.
llvm-svn: 219827
We have to #define _WANT_RTENTRY to get struct rtentry, and add headers
that it depends on.
SIOCADDRT and SIOCDELRT also do not exist in FreeBSD 10.1 and were removed
in FreeBSD rev. 263203:
Garbage collect long time obsoleted (or never used) stuff from routing
API.
Differential Revision: http://reviews.llvm.org/D5703
llvm-svn: 219722
Clang r219557 introduces libcalls to complex multiply/divide functions.
Since these functions are not available in iOS for arm64 devices, add them to
the static libraries.
llvm-svn: 219715
This change fixes 2 issues in the fast unwinder from r217079:
* A crash if a frame pointer points below current stack head, but
inside the current thread stack limits. That memory may be
unmapped. A check for this was lost in r217079.
* The last valid stack frame (the first one with an invalid next
frame pointer) is always interpreted as a GCC layout frame. This
results in garbled last PC in the (expected) case when the last
frame has LLVM layout.
llvm-svn: 219683
Updated the URL to reflect information on the problem as well as build the
case for ARM. This seems to be a wider problem, not ARM or PPC specific.
llvm-svn: 219680
Allows to specify the unwinder to use for CHECK failures. Previous behaviour
was to use the "fatal" unwinder.
As compiler-rt is built without frame pointers, only the slow unwinder
really makes sense here, and it is the default.
llvm-svn: 219677
The current handling (manual execution of atexit callbacks)
is overly complex and leads to constant problems due to mutual ordering of callbacks.
Instead simply wrap callbacks into our wrapper to establish
the necessary synchronization.
Fixes issue https://code.google.com/p/thread-sanitizer/issues/detail?id=80
llvm-svn: 219675
This change adds UBSan check to upcasts. Namely, when we
perform derived-to-base conversion, we:
1) check that the pointer-to-derived has suitable alignment
and underlying storage, if this pointer is non-null.
2) if vptr-sanitizer is enabled, and we perform conversion to
virtual base, we check that pointer-to-derived has a matching vptr.
llvm-svn: 219642
On a default FreeBSD install Bash is not installed and fdescfs is not
mounted. Use plain sh functionality instead.
Differential Revision: http://reviews.llvm.org/D5631
llvm-svn: 219333
This is simply to help clarity of the code. The functions are built as thumb
only if Thumb2 is available (__ARM_ARCH_ISA_THUMB == 2). Sink the selection
into the location of the definition and make DEFINE_COMPILERRT_THUMB_FUNCTION
always define a thumb function while DEFINE_COMPILERRT_FUNCTION always selects
the default.
Since the .thumb_func directive is always available (at least on Linux, Windows,
and BSD), sinking the macro right into the macro works just as well.
No functional change intended.
llvm-svn: 219182
The arm builtins converted into thumb in r213481 are not working
on darwin. On apple platforms, .thumb_func directive is required
to generated correct symbols for thumb functions.
<rdar://problem/18523605>
llvm-svn: 219040
Summary:
Fix the function that gets stack frame description by address in
thread stack, so that it clearly indicates failures. Make this error non-fatal,
and print as much information as we can in this case. Make all errors in
ParseFrameDescription non-fatal.
Test Plan: check-asan testsuite
Reviewers: kcc
Reviewed By: kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D5554
llvm-svn: 218819
This is needed so we can produce -i686- named libraries for
x86 Android (which is i686-linux-android).
An alternative solution would be keeping the "i386" name internally and
tweaking the OUTPUT_NAME of compiler-rt libraries.
llvm-svn: 218761
* Detect Android toolchain target arch and set correct runtime library name.
* Merged a lot of Android and non-Android code paths.
* Android is only supported in standalone build of compiler-rt now.
* Linking lsan-common in ASan-Android (makes lsan annotations work).
* Relying on -fsanitize=address linker flag when building tests (again,
unification with non-Android path).
* Runtime library moved from lib/asan to lib/linux.
llvm-svn: 218605
The ldrexd and strexd instructions are undefined for the ARMv7M
architecture, so we cannot use them to implement the
__sync_fetch_and_*_8 builtins. There is no other way to implement
these without OS support, so this patch #ifdef's these functions out
for M-class architectures.
There are no tests as I cannot find any existing tests for these
builtins.
I used the __ARM_ARCH_PROFILE predefine because __ARM_FEATURE_LDREX is
deprecated and not set by clang.
llvm-svn: 218601
Reviewed at http://reviews.llvm.org/D4527
Fixed a test case failure on 32-bit Linux, I did right shift on intptr_t, instead it should have been uintptr_t.
llvm-svn: 218538
Changed files:
config-ix.cmake: Enabled UBSan for MIPS32
sanitizer_stacktrace.cc: Program counter for MIPS32 is four byte aligned
and a delay slot so subtracted PC by 8 for getting call site address.
cast-overflow.cpp: Added big endian support for this test case.
Patch by Sagar Thakur.
Differential Revision: http://reviews.llvm.org/D4881
llvm-svn: 218519
Reviewed at http://reviews.llvm.org/D4527
This patch is part of an effort to implement a more generic debugging API, as proposed in http://lists.cs.uiuc.edu/pipermail/llvmdev/2014-July/074656.html, with first part reviewed at http://reviews.llvm.org/D4466. Now adding several new APIs: __asan_report_present, __asan_get_report_{pc,bp,sp,address,type,size,description}, __asan_locate_address. These return whether an asan report happened yet, the PC, BP, SP, address, access type (read/write), access size and bug description (e.g. "heap-use-after-free"), __asan_locate_address takes a pointer and tries to locate it, i.e. say whether it is a heap pointer, a global or a stack, or whether it's a pointer into the shadow memory. If global or stack, tries to also return the variable name, address and size. If heap, tries to return the chunk address and size. Generally these should serve as an alternative to "asan_describe_address", which only returns all the data in text form. Having an API to get these data could allow having debugging scripts/extensions that could show additional information about a variable/expression/pointer. Test cases in test/asan/TestCases/debug_locate.cc and test/asan/TestCasea/debug_report.cc.
llvm-svn: 218481
Summary: This finishes support for ASAN on MSVC2012.
Test Plan: |ninja check-asan| passes locally with this on MSVC2012.
Reviewers: timurrrr
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D5494
llvm-svn: 218465
When dump_instruction_bytes=1 and the instruction pointer doesn't point to the zero page, ASan prints 16 bytes starting at the instruction point.
llvm-svn: 218243
By default summary is not printed if UBSan is run in a standalone mode,
but is printed if it's combined with another sanitizer (like ASan).
llvm-svn: 218135
* Allow user SEGV handler if Android-L-like setup is detected.
Necessary for correctness.
* Change file context labels on the wrapper script to appease SELinux.
llvm-svn: 218124
__ARM_ARCH is part of the ACLE specification. At least clang and GCC have
supported this part of the ACLE for some time now. Let the compiler provide the
proper definition for the macro rather than try to guess it.
llvm-svn: 218095
On some tests we see that signals are not delivered
when a thread is blocked in epoll_wait. The hypothesis
is that the signal is delivered right before epoll_wait
call. The signal is queued as in_blocking_func is not set
yet, and then the thread just blocks in epoll_wait forever.
So double check pending signals *after* setting
in_blocking_func. This way we either queue a signal
and handle it in the beginning of a blocking func,
or process the signal synchronously if it's delivered
when in_blocking_func is set.
llvm-svn: 218070
Summary:
UBSan needs to check if memory snippet it's going to print resides
in addressable memory. Similar check might be helpful in ASan with
dump_instruction_bytes option (see http://reviews.llvm.org/D5167).
Instead of scanning /proc/self/maps manually, delegate this check to
the OS kernel: try to write this memory in a syscall and assume that
memory is inaccessible if the syscall failed (e.g. with EFAULT).
Fixes PR20721.
Test Plan: compiler-rt test suite
Reviewers: eugenis, glider
Reviewed By: glider
Subscribers: emaste, ygribov, llvm-commits, glider, rsmith
Differential Revision: http://reviews.llvm.org/D5253
llvm-svn: 217971
I don't remember that crash on mmap in internal allocator
ever yielded anything useful, only crashes in rare wierd untested situations.
One of the reasons for crash was to catch if tsan starts allocating
clocks using mmap. Tsan does not allocate clocks using internal_alloc anymore.
Solve it once and for all by allowing mmaps.
llvm-svn: 217929
Summary:
These two functions are unavailable on MSVC2012, which breaks building the
ASAN tests with MSVC2012. Since the tests required to run these functions
are disabled on Windows for now, avoid building them to fix the MSVC2012
builds.
Test Plan: This is needed in order to fix building the ASAN tests with MSVC2012.
Reviewers: timurrrr
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D5343
llvm-svn: 217763
It turned out that we have to bridge more stuff between the executable
and the ASan RTL DLL than just __asan_option_detect_stack_use_after_return.
See PR20918 for more details.
llvm-svn: 217673
We may as well just use Symbolizer::GetOrInit() in all the cases.
Don't call Symbolizer::Get() early in tools initialization: these days
it doesn't do any important setup work, and we may as well create the
symbolizer the first time it's actually needed.
llvm-svn: 217558
FIx a problem reported by Jakub Jelinek: don't do early-exit from fatal
UBSan handlers: even if source location is disabled (i.e. acquired by
some other thread), we should continue the execution to make sure that:
a) some thread will print the error report before calling Die().
b) handler marked as noreturn will indeed not return.
Explicitly add "Die()" calls at the end of all fatal handlers to be
sure UBSan handlers don't introduce UB themselves.
llvm-svn: 217542
Summary:
This patch implements a new UBSan check, which verifies
that function arguments declared to be nonnull with __attribute__((nonnull))
are actually nonnull in runtime.
To implement this check, we pass FunctionDecl to CodeGenFunction::EmitCallArgs
(where applicable) and if function declaration has nonnull attribute specified
for a certain formal parameter, we compare the corresponding RValue to null as
soon as it's calculated.
Test Plan: regression test suite
Reviewers: rsmith
Reviewed By: rsmith
Subscribers: cfe-commits, rnk
Differential Revision: http://reviews.llvm.org/D5082
llvm-svn: 217389
Add the missing AEABI functions that are part of the base platform ABI
specification. The provided implementation does the bare minimum to avoid
requiring libc headers. This permits the use of compiler-rt on bare-metal
environments which conform to EABI.
llvm-svn: 217322
This macro did not do anything at this point, and is not particularly needed for
Windows unless building the builtins as a shared library. NFC.
llvm-svn: 217321
The naming scheme we're using for counters in profile data shares a
prefix with some fixed names we use for the runtime, notably
__llvm_profile_data_begin and _end. Embarrassingly, this means a
function called begin() can't be instrumented.
This modifies the runtime names so as not to collide with the
instrumentation.
llvm-svn: 217166
Chained origins make plain memory stores async-signal-unsafe.
We already disable it inside signal handlers.
This change grabs all origin-related locks before fork() and releases
them after fork() to avoid a deadlock in the child process.
llvm-svn: 217140
There interceptors do not seem to be strictly necessary for tsan.
But we see cases where the interceptors consume 70% of execution time.
Memory blocks passed to fgetgrent_r are "written to" by tsan several times.
First, there is some recursion (getgrnam_r calls fgetgrent_r), and each
function "writes to" the buffer. Then, the same memory is "written to"
twice, first as buf and then as pwbufp (both of them refer to the same addresses).
llvm-svn: 216904
Currently it fails with:
# Testing race detector.
race_windows_amd64.syso:gotsan.cc:(.text+0x4d89): undefined reference to `__imp_SymGetModuleBase64'
race_windows_amd64.syso:gotsan.cc:(.text+0x4d90): undefined reference to `__imp_SymFunctionTableAccess64'
race_windows_amd64.syso:gotsan.cc:(.text+0x4dd8): undefined reference to `__imp_StackWalk64'
x86_64-w64-mingw32/bin/ld.exe: race_windows_amd64.syso
: bad reloc address 0x10 in section `.data'
collect2.exe: error: ld returned 1 exit status
llvm-svn: 216875
There is no reason to have different library names for shared and static
cases on linux. It also breaks Android where we install the shared asan-rt
library into the system and should keep the old name.
This change reverts most of r216380 limiting it to win32 targets only.
llvm-svn: 216533
With this patch, "check-asan" passes all the tests with both MT and MD ASan RTL if you set COMPILER_RT_BUILD_SHARED_ASAN to ON
(PR20214)
llvm-svn: 216447
At least check-asan works with this change.
If the change breaks anything, we'll need to add:
a) a comment describing why we have to use INTERCEPT_FUNCTION rather than
ASAN_INTERCEPT_FUNC
and
b) a test case.
llvm-svn: 216177
When writing a label to shadow memory, don't write if the value is already set to the value being written. This dramatically reduces real memory consumption in programs with sparse use of labels.
Test Plan: It would be nice to test that unnecessary writes are skipped, but I do not see how a unit test could do this.
Patch by Sam Kerner!
Differential Revision: http://reviews.llvm.org/D4894
llvm-svn: 215961
another sanitizer.
A user may run both LSan and LSan+ASan. It is weird to pass path to leak
suppression file (or other common sanitizer flags, like "verbosity") in
"LSAN_OPTIONS" in the first case and in "ASAN_OPTIONS" in the second case.
llvm-svn: 215949
Summary:
This patch adds a runtime check verifying that functions
annotated with "returns_nonnull" attribute do in fact return nonnull pointers.
It is based on suggestion by Jakub Jelinek:
http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20140623/223693.html.
Test Plan: regression test suite
Reviewers: rsmith
Reviewed By: rsmith
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D4849
llvm-svn: 215485
The patch adds new features in asan-symbolizer script which are helpful for using ASan on embedded systems:
1) add cross-compile prefix for binutils
2) define path to sysroot with sanitized binaries
Features are enabled by command line options.
The patch also extends command line interface with help option.
Reviewed in http://reviews.llvm.org/D4703.
Patch by Maria Guseva!
llvm-svn: 215381
When building the builtins for a modern CPU (idiv support), __umodsi3 was
completely incorrect as it would behave as __udivmosi3, which takes a tertiary
parameter which is a pointer.
__udivsi3 was also incorrect, returning the remainder in r1. Although this
would not result in any crash or invalid behaviour as r1 is a caller saved
register in AAPCS, this is unnecessary. Simply perform the division ignoring
the remainder.
llvm-svn: 215295
a given platform in a top-level CMakeLists.txt to use it both
in lib/ and in test/ subdirectories. Move architecture/platform
checks to config-ix.
llvm-svn: 215247
Vector clocks is the most actively allocated object in tsan runtime.
Current internal allocator is not scalable enough to handle allocation
of clocks in scalable way (too small caches). This changes transforms
clocks to 2-level array with 512-byte blocks. Since all blocks are of
the same size, it's possible to cache them more efficiently in per-thread caches.
llvm-svn: 214912
Suppression context might be used in multiple sanitizers working
simultaneously (e.g. LSan and UBSan) and not knowing about each other.
llvm-svn: 214831
Instead of creating global variables for source locations and global names,
just create metadata nodes and strings. They will be transformed into actual
globals in the instrumentation pass (if necessary). This approach is more
flexible:
1) we don't have to ensure that our custom globals survive all the optimizations
2) if globals are discarded for some reason, we will simply ignore metadata for them
and won't have to erase corresponding globals
3) metadata for source locations can be reused for other purposes: e.g. we may
attach source location metadata to alloca instructions and provide better descriptions
for stack variables in ASan error reports.
No functionality change.
llvm-svn: 214604
Summary:
This is required for linking DLLs with large functions exceeding
san-instrumentation-with-call-threshold. One such function is
vp9_fdct16x16_sse2 in libvpx.
Reviewers: timurrrr
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D4758
llvm-svn: 214532
Convert TSan and LSan to the new interface. More changes will follow:
1) "suppressions" should become a common runtime flag.
2) Code for parsing suppressions file should be moved to SuppressionContext::Init().
llvm-svn: 214334
This object is used to encapsulate all actions that need to be
done before/after printing UBSan diagnostics. Currently these
actions are:
* locking a mutex to ensure that UBSan diagnostics from several
threads won't mix with each other and with other sanitizers'
reports
* killing a program once the report is printed (if necessary).
Use this object in all UBSan handlers. Unify the way we implement
fatal and non-fatal handlers by making all the handlers simple
one-liners that redirect __ubsan_handle_foo(_abort)? to
handleFooImpl().
llvm-svn: 214279
This will ensure that stack frames in error reports will not
contain internal UBSan failures, and frame #0 will be the
actual place in the program where the error happens.
llvm-svn: 214245
The LLVM IAS seems to accept wide instructions for add and sub in ARM mode even
though it is not permitted. This uses a macro to ensure that the wide modifier
is only applied when building in THUMB mode.
This repairs building with GCC/GAS in ARM mode.
llvm-svn: 214046
The macro definitions are shared across multiple files. Define them once in the
assembly.h header rather than redefining it in each file.
llvm-svn: 214045
The architecture specific implementation of routines would be built and included
along with the generic implementation. This would result in multiple
definitions of those symbols.
The linker is free to select either of the two. Most of the time, this
shouldn't be too terrible as the forward iteration should catch the architecture
version due to the ordering. Rather than relying on the linker and build
infrastructure ordering things in a specific manner, only provide the
architecture version when available.
This reduces the size of compiler-rt, simplifies inspection of the library
implementations, and guarantees that the desired version is selected at a
slightly complex build system.
llvm-svn: 214040
Place the floating point constants into the read-only data section. This was
already being done for x86_64, this simply mirrors the behaviour for i686.
llvm-svn: 214034
MMX/SSE instructions expect 128-bit alignment (16-byte) for constants that they
reference. Correct the alignment on the constant values. Although it is quite
possible for the data to end up aligned, there is no guarantee that this will
occur unless it is explicitly aligned to the desired location. If the data ends
up being unaligned, the resultant binary would fault at runtime due to the
unaligned access.
As an example, the follow would fault previously:
cc -c lib/builtins/x86_64/floatundidf.S -o floatundidf.o
cc -c test/builtins/Unit/floatundidf_test.c -o floatundidf_test.c
ld -m elf_x86_64 floatundidf.o floatundidf_test.o -lc -o floatundidf
However, if the object files were reversed, the data would end up aligned and
the problem would go unnoticed.
llvm-svn: 214033
16M regions can waste almost 1G for nothing.
Since region size is used only during initial heap growth,
it's unclear why we even need such huge regions.
llvm-svn: 214027
Re-apply SVN r213684 which was reverted in SVN r213724 since it broke the
build bots. Add a tweak to enable inclusion of the assembly sources in
standalone build as well.
Original commit message:
This patch address the PR20360. The CMake assembler build system
ignores the .S assembly files in builtins library build. This patch
fixes the issue.
llvm-svn: 214013
The .rodata directive was added on the IA-64 (Itanium) platform. The LLVM IAS
supports the .rodata on i386 and x86_64 as well. There is no reason to really
restrict compilation of the builtins to just clang. By explicitly indicating
that the data is meant to be pushed into the .rodata section via the .section
.rodata, the assembly is made compatible with clang and gcc (with GAS).
This will enable building these routines on the Linux buildbots via CMake.
llvm-svn: 214012
We used to initialize symbolizer lazily, but this doesn't work in
various sandboxed environments. Instead, let's be consistent with
the rest of sanitizers.
llvm-svn: 214006
Get rid of Symbolizer::Init(path_to_external) in favor of
thread-safe Symbolizer::GetOrInit(), and use the latter version
everywhere. Implicitly depend on the value of external_symbolizer_path
runtime flag instead of passing it around manually.
No functionality change.
llvm-svn: 214005
Specifically, use .preinit_array initialization on Linux and dynamic global
initializer on another platforms. Historically UBSan didn't have any
initialization code and its runtime was stateless. This is no longer the
case - UBSan relies on some non-trivial functionality from sanitizer_common
(e.g. online symbolization) and is now configurable by runtime flags.
Additionally, we've dropped support for enabling UBSan only for a few shared
objects, so UBSan is now always linked into the main executable, so now
we can use similar initialization as all the rest sanitizers.
llvm-svn: 213983
Get rid of ASAN_USE_PREINIT_ARRAY and LSAN_USE_PREINIT_ARRAY - just always
use .preinit_array if it's available. This mode seems stable enough, and
we've been relying on default values of these macro for a long time.
llvm-svn: 213980
It is currently broken because it reads a wrong value from profile (heap instead of total).
Also make it faster by reading /proc/self/statm. Reading of /proc/self/smaps
can consume more than 50% of time on beefy apps if done every 100ms.
llvm-svn: 213942
This change introduces the first UBSan-specific runtime flag: print_stacktrace
(off by default). It can be set in UBSAN_OPTIONS to unwind and print call stacks
in addition to diagnostic messages. For now these stacks are printed only
in vptr checker.
This change is based on http://reviews.llvm.org/D4410 by Byoungyoung Lee!
llvm-svn: 213783
If UBSan is run in a standalone mode (w/o any other sanitizer), it
still uses functions from sanitizer_common, some of which depend on
the value of runtime flags. Allow to override the default values of these
flags with UBSAN_OPTIONS variable. In particular, UBSAN_OPTIONS=symbolize=0
can be used to turn off online symbolization.
llvm-svn: 213782
Convert the CBNZ backward branch instruction to CMP and BNE
avoiding illegal backwards branch and making the assembly code
in synh-ops.h to be UAL compliant.
Patch by: Sumanth Gundapaneni
llvm-svn: 213685
The CMake assembler build system ignores the .S assembly files in builtins
library build. This patch fixes the issue.
Patch by: Sumanth Gundapaneni
llvm-svn: 213684
For ARM cores that are ARMv6T2+ but not ARMv7ve or ARMv7-r and not an updated
ARMv7-a that has the idiv extension (chips with clz but not idiv), an incorrect
jump would be calculated due to the preference to thumb instructions over ARM.
Rather than computing the target at runtime, use a jumptable instead. This
trades a bit of storage for performance. The overhead is 32-bytes for each of
the three routines, but avoid the calculation of the offset.
Because clz was introduced in ARMv6T2 and idiv in certain versions of ARMv7,
the non-clz, non-idiv case implies a target which does not support Thumb-2, and
thus we cannot use Thumb on those targets (as it is unlikely that the assembly
will assemble).
Take the opportunity to refactor the IT block macros into assembly.h rather than
redefining them in the TUs where they are used.
Existing tests cover the full change already, so no new tests are added.
This effectively reverts SVN r213309.
llvm-svn: 213467
The udivmodsi4/modsi3/umodsi3 code computes jump targets based on ARM encodings
(if CLZ is present and IDIV is not present).
Reverts parts of r211032 and r211035.
llvm-svn: 213309
Format of __libc_malloc_dispatch has changed in Android L.
While we are moving towards a solution that does not depend on bionic
internals, here is something to support both K* and L releases.
llvm-svn: 213263
This was done by calling __cxa_demangle directly, which is bad
when c++abi library is instrumented. The following line always
contains the demangled name (when running with a symbolizer) anyway.
llvm-svn: 212929
This fixes '___asan_init_v4 already defined' errors when linking some of Chromium DLLs.
Looks like one of the DLL is using a .lib produced while linking another DLL and it exploded after r212699.
I'm trying to come up with a small testcase...
llvm-svn: 212815
Our versions are not exactly as fast as libc's, and
MSan uses them heavily (even compared to other sanitizers).
This will break if libc version of mem* are instrumented,
but they never are, and if they are, we should be able
to fix it on libc side.
llvm-svn: 212799
Chandler Carruth