Summary:
With this change, the user may safely call __asan_get_ownership()
from malloc/free hooks and assume it would return "true". If there is a
realloc/free race, free hook might be called twice, but I think it's acceptable,
as it's a data race and would later be reported anyway.
This change also fixes a bug when failing realloc incorrectly marked the
original memory as "quarantinned".
Reviewers: timurrrr, kcc, samsonov
Reviewed By: samsonov
CC: llvm-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D913
llvm-svn: 183220
Now compiler-rt tests run correctly if compiler-rt is checked out into
arbitrary directory (not necessarily projects/compiler-rt).
Patch by Greg Fitzgerald!
llvm-svn: 182726
We don't want to report initialization-order bugs when a destructor of a global
variable accesses dynamically initialized global from another
(not necessarily initialized) module. We do this by intercepting __cxa_atexit and
registrering our own callback that unpoisons shadow for all dynamically initialized
global variables.
llvm-svn: 182637
This change adds ASan runtime option "strict-init-order" (off by default)
that makes init-order checker bark if global initializer accesses any global from different
translation unit (even if the latter is already initialized). strict init-order checking
doesn't play well with, e.g. LLVM registration machineries, and causes issue
https://code.google.com/p/address-sanitizer/issues/detail?id=178.
llvm-svn: 179843
Before: the function name was stored by the compiler as a constant string
and the run-time was printing it.
Now: the PC is stored instead and the run-time prints the full symbolized frame.
This adds a couple of instructions into every function with non-empty stack frame,
but also reduces the binary size because we store less strings (I saw 2% size reduction).
This change bumps the asan ABI version to v3.
compiler-rt part, llvm part will follow.
Example of report (now):
==31711==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffa77cf1c5 at pc 0x41feb0 bp 0x7fffa77cefb0 sp 0x7fffa77cefa8
READ of size 1 at 0x7fffa77cf1c5 thread T0
#0 0x41feaf in Frame0(int, char*, char*, char*) stack-oob-frames.cc:20
#1 0x41f7ff in Frame1(int, char*, char*) stack-oob-frames.cc:24
#2 0x41f477 in Frame2(int, char*) stack-oob-frames.cc:28
#3 0x41f194 in Frame3(int) stack-oob-frames.cc:32
#4 0x41eee0 in main stack-oob-frames.cc:38
#5 0x7f0c5566f76c (/lib/x86_64-linux-gnu/libc.so.6+0x2176c)
#6 0x41eb1c (/usr/local/google/kcc/llvm_cmake/a.out+0x41eb1c)
Address 0x7fffa77cf1c5 is located in stack of thread T0 at offset 293 in frame
#0 0x41f87f in Frame0(int, char*, char*, char*) stack-oob-frames.cc:12 <<<<<<<<<<<<<< this is new
This frame has 6 object(s):
[32, 36) 'frame.addr'
[96, 104) 'a.addr'
[160, 168) 'b.addr'
[224, 232) 'c.addr'
[288, 292) 's'
[352, 360) 'd'
llvm-svn: 177723
Because the interceptors will reside in a dylib, not the main executable, we can't just declare them,
but must use the interposition machinery.
Fix the test expectations in large_func_test.cc affected by the change.
This CL should make our Mac buildbots green.
llvm-svn: 175763
This patch makes asan instrument memory accesses with unusual sizes (e.g. 5 bytes or 10 bytes), e.g. long double or
packed structures.
Instrumentation is done with two 1-byte checks
(first and last bytes) and if the error is found
__asan_report_load_n(addr, real_size) or
__asan_report_store_n(addr, real_size)
is called.
asan-rt part
Also fix lint.
llvm-svn: 175508
MaybeReexec() does now a tricky job to manage DYLD_INSERT_LIBRARIES in a safe way.
Because we're using library interposition, it's critical for an instrumented app
to be executed with the runtime library present in DYLD_INSERT_LIBRARIES list.
Therefore if it's initially missing in that list, we append the runtime library name
to the value of DYLD_INSERT_LIBRARIES and then exec() ourselves.
On the other hand, some of the apps exec()ed by our program may not want to have
ASan runtime library preloaded, so we remove the runtime library from the
DYLD_INSERT_LIBRARIES if it's already there.
Users may want to preload other libraries using DYLD_INSERT_LIBRARIES, so we preserve those.
llvm-svn: 175276
When prelink is installed in the system, prelink-ed
libraries map between 0x003000000000 and 0x004000000000 thus occupying the shadow Gap,
so we need so split the address space even further, like this:
|| [0x10007fff8000, 0x7fffffffffff] || HighMem ||
|| [0x02008fff7000, 0x10007fff7fff] || HighShadow ||
|| [0x004000000000, 0x02008fff6fff] || ShadowGap3 ||
|| [0x003000000000, 0x003fffffffff] || MidMem ||
|| [0x00087fff8000, 0x002fffffffff] || ShadowGap2 ||
|| [0x00067fff8000, 0x00087fff7fff] || MidShadow ||
|| [0x00008fff7000, 0x00067fff7fff] || ShadowGap ||
|| [0x00007fff8000, 0x00008fff6fff] || LowShadow ||
|| [0x000000000000, 0x00007fff7fff] || LowMem ||
Do it only if necessary.
Also added a bit of profiling code to make sure that the
mapping code is efficient.
Added a lit test to simulate prelink-ed libraries.
Unfortunately, this test does not work with binutils-gold linker.
If gold is the default linker the test silently passes.
Also replaced
__has_feature(address_sanitizer)
with
__has_feature(address_sanitizer) || defined(__SANITIZE_ADDRESS__)
in two places.
Patch partially by Jakub Jelinek.
llvm-svn: 175263
Also fix large_func_test.cc, which got broken when we switched to allocator2: the OOB access was too far from the original allocation, so ASan decided to describe the next one.
llvm-svn: 174626
In case of partial right OOB, ASan was reporting
X is located 0 bytes to the right of [A, B)
where X was actually inside [A, B).
With this change, ASan will report B as the error address in such case.
llvm-svn: 174373
This CL drastically simplifies the way we're hooking the memory allocation routines in ASan on Mac by using dylib interposition to replace the main malloc_zone_* functions. This allows us to avoid replacing the default CFAllocator and drop the CF dependency at all.
Committing this patch will result in the static runtime being broken. A follow-up CL will switch ASan to use the dynamic runtime library.
llvm-svn: 173134
This test didn't pass for me locally because of "T0's stack" being converted to "T0'short stack" by c++filt.
Strange enough this doesn't show up on our bots.
llvm-svn: 170690
Alexey Samsonov