Commit Graph

128 Commits

Author SHA1 Message Date
Matt Morehouse bb26f86e6f [MSan] Add flag to disable use-after-dtor.
Summary: Flag is -fno-sanitize-use-after-dtor.

Reviewers: vitalybuka, eugenis, kcc

Reviewed By: vitalybuka, eugenis

Subscribers: cfe-commits

Differential Revision: https://reviews.llvm.org/D37867

llvm-svn: 313314
2017-09-14 23:14:37 +00:00
Vedant Kumar d8ab8c2528 [ubsan] Enable -fsanitize=function on Darwin
https://reviews.llvm.org/D37598

llvm-svn: 313099
2017-09-13 00:04:36 +00:00
Evgeniy Stepanov 6d2b6f0a5f Minimal runtime for UBSan.
Summary:
An implementation of ubsan runtime library suitable for use in production.

Minimal attack surface.
* No stack traces.
* Definitely no C++ demangling.
* No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general.
* as simple as possible

Minimal CPU and RAM overhead.
* Source locations unnecessary in the presence of (split) debug info.
* Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at.
* above two items save 3% binary size.

When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt.

Reviewers: pcc, kcc

Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits

Differential Revision: https://reviews.llvm.org/D36810

llvm-svn: 312029
2017-08-29 20:03:51 +00:00
Kamil Rytarowski 9fef3b3948 Enable bunch of sanitizers on NetBSD/X86 and X86_64
Summary:
Enable more sanitizers:
 - i386 and amd64:
 * SanitizerKind::Vptr;
 * SanitizerKind::Leak;
 * SanitizerKind::SafeStack;
 * SanitizerKind::Function;

 - amd64 only:
 * SanitizerKind::Thread;

These sanitizers are in the process of upstreaming to LLVM projects.

Sponsored by <The NetBSD Foundation>

Reviewers: joerg, dim, vitalybuka, kcc, filcab, fjricci

Reviewed By: vitalybuka

Subscribers: #sanitizers, cfe-commits

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D36482

llvm-svn: 310649
2017-08-10 18:53:52 +00:00
Vedant Kumar a0c3671b20 [ubsan] Have -fsanitize=vptr emit a null check if -fsanitize=null isn't available
In r309007, I made -fsanitize=null a hard prerequisite for -fsanitize=vptr. I
did not see the need for the two checks to have separate null checking logic
for the same pointer. I expected the two checks to either always be enabled
together, or to be mutually compatible.

In the mailing list discussion re: r309007 it became clear that that isn't the
case. If a codebase is -fsanitize=vptr clean but not -fsanitize=null clean,
it's useful to have -fsanitize=vptr emit its own null check. That's what this
patch does: with it, -fsanitize=vptr can be used without -fsanitize=null.

Differential Revision: https://reviews.llvm.org/D36112

llvm-svn: 309846
2017-08-02 18:10:31 +00:00
Vedant Kumar 10c3102071 [ubsan] Diagnose invalid uses of builtins (clang)
On some targets, passing zero to the clz() or ctz() builtins has undefined
behavior. I ran into this issue while debugging UB in __hash_table from libcxx:
the bug I was seeing manifested itself differently under -O0 vs -Os, due to a
UB call to clz() (see: libcxx/r304617).

This patch introduces a check which can detect UB calls to builtins.

llvm.org/PR26979

Differential Revision: https://reviews.llvm.org/D34590

llvm-svn: 309459
2017-07-29 00:19:51 +00:00
Vedant Kumar bbc953fed4 [ubsan] Null-check pointers in -fsanitize=vptr (PR33881)
The instrumentation generated by -fsanitize=vptr does not null check a
user pointer before loading from it. This causes crashes in the face of
UB member calls (this=nullptr), i.e it's causing user programs to crash
only after UBSan is turned on.

The fix is to make run-time null checking a prerequisite for enabling
-fsanitize=vptr, and to then teach UBSan to reuse these run-time null
checks to make -fsanitize=vptr safe.

Testing: check-clang, check-ubsan, a stage2 ubsan-enabled build

Differential Revision: https://reviews.llvm.org/D35735

https://bugs.llvm.org/show_bug.cgi?id=33881

llvm-svn: 309007
2017-07-25 19:34:23 +00:00
Vedant Kumar 7aacb659da [ubsan] Disable the object size check at -O0
This check currently isn't able to diagnose any issues at -O0, not is it
likely to [1]. Disabling the check at -O0 leads to substantial compile
time and binary size savings.

[1] [cfe-dev] Disabling ubsan's object size check at -O0

Differential Revision: https://reviews.llvm.org/D34563

llvm-svn: 306181
2017-06-23 23:15:24 +00:00
Maxim Ostapenko 154a4fd5dc [Driver] Add test to cover case when LSan is not supported
This commit adds a testcase for uncovered code paths in LSan options parsing logic in driver.

Differential Revision: https://reviews.llvm.org/D33941

llvm-svn: 304880
2017-06-07 08:51:15 +00:00
Vedant Kumar a125eb55cb [ubsan] Add a check for pointer overflow UB
Check pointer arithmetic for overflow.

For some more background on this check, see:

  https://wdtz.org/catching-pointer-overflow-bugs.html
  https://reviews.llvm.org/D20322

Patch by Will Dietz and John Regehr!

This version of the patch is different from the original in a few ways:

  - It introduces the EmitCheckedInBoundsGEP utility which inserts
    checks when the pointer overflow check is enabled.

  - It does some constant-folding to reduce instrumentation overhead.

  - It does not check some GEPs in CGExprCXX. I'm not sure that
    inserting checks here, or in CGClass, would catch many bugs.

Possible future directions for this check:

  - Introduce CGF.EmitCheckedStructGEP, to detect overflows when
    accessing structures.

Testing: Apart from the added lit test, I ran check-llvm and check-clang
with a stage2, ubsan-instrumented clang. Will and John have also done
extensive testing on numerous open source projects.

Differential Revision: https://reviews.llvm.org/D33305

llvm-svn: 304459
2017-06-01 19:22:18 +00:00
Evgeniy Stepanov c39f67bb2e Fix clang_cl argument in fsanitize.c driver test.
llvm-svn: 302594
2017-05-09 22:28:57 +00:00
Evgeniy Stepanov d991cdd50b [asan] A clang flag to enable ELF globals-gc.
This feature is subtly broken when the linker is gold 2.26 or
earlier. See the following bug for details:
  https://sourceware.org/bugzilla/show_bug.cgi?id=19002

Since the decision needs to be made at compilation time, we can not
test the linker version. The flag is off by default on ELF targets,
and on otherwise.

llvm-svn: 302591
2017-05-09 21:57:43 +00:00
Vedant Kumar a9d8be68c1 [Driver] Don't enable -fsanitize-use-after-scope when ASan is disabled
When enabling any sanitizer, -fsanitize-use-after-scope is enabled by
default. This doesn't actually turn ASan on, because we've been getting
lucky and there are extra checks in BackendUtil that stop this from
happening.

However, this has been causing a behavior change: extra lifetime markers
are emitted in some cases where they aren't needed or expected.

llvm-svn: 302468
2017-05-08 21:11:55 +00:00
Francis Ricci 8e63e54177 Enable leak sanitizer builds for darwin
Summary:
Support for leak sanitizer on darwin has been added to
compiler-rt, this patch adds compiler support.

Reviewers: dexonsmith, compnerd

Subscribers: alekseyshl, kubamracek, cfe-commits

Differential Revision: https://reviews.llvm.org/D32192

llvm-svn: 300894
2017-04-20 21:11:51 +00:00
Reid Kleckner d6fea19a97 Use the clang-cl recognized spelling of --target=
This fixes a warning. The test was passing without this change.

llvm-svn: 300214
2017-04-13 16:36:28 +00:00
Reid Kleckner d87a751d88 Re-land "[clang-cl] Make all sanitizer flags available in clang-cl"
Adding RUN lines with %clang_cl was causing these tests to fail on Mac
because absolute paths there tend to start with "/User/", which is
recognized as the "/U" flag.

Re-lands r300122

llvm-svn: 300209
2017-04-13 16:32:26 +00:00
Akira Hatanaka 1c685cfe33 Revert "[clang-cl] Make all sanitizer flags available in clang-cl"
This reverts commit 47979b20b475664013d19382fc6875b5b9f3ed9d.

This was causing a couple of bots to fail.

http://lab.llvm.org:8080/green/job/clang-stage1-configure-RA_check/30152

llvm-svn: 300181
2017-04-13 08:02:29 +00:00
Reid Kleckner a13ffe119a [clang-cl] Make all sanitizer flags available in clang-cl
Summary:
Use a tablegen let {} block so that new sanitizer flags are available by
default in all driver modes. This should cut down on time wasted with
bugs like http://crbug.com/710928.

Reviewers: vitalybuka, hans

Subscribers: kcc, llvm-commits

Differential Revision: https://reviews.llvm.org/D31988

llvm-svn: 300122
2017-04-12 22:50:51 +00:00
Maxim Ostapenko 2084b6bcf8 [lsan] Enable LSan on arm Linux, clang part
This is a compiler part of https://reviews.llvm.org/D29586. Enable LSan on arm Linux.

Differential Revision: https://reviews.llvm.org/D31760

llvm-svn: 299921
2017-04-11 07:22:11 +00:00
Kuba Mracek b26f857612 [asan] Turn -fsanitize-address-use-after-scope on by default [clang part]
AddressSanitizer has an optional compile-time flag, -fsanitize-address-use-after-scope, which enables detection of use-after-scope bugs. We'd like to have this feature on by default, because it is already very well tested, it's used in several projects already (LLVM automatically enables it when using -DLLVM_USE_SANITIZER=Address), it's low overhead and there are no known issues or incompatibilities.

This patch enables use-after-scope by default via the Clang driver, where we set true as the default value for AsanUseAfterScope. This also causes the lifetime markers to be generated whenever fsanitize=address is used. This has some nice consequences, e.g. we now have line numbers for all local variables.

Differential Revision: https://reviews.llvm.org/D31479

llvm-svn: 299174
2017-03-31 03:00:09 +00:00
Maxim Ostapenko c5d0ed5f3a [lsan] Enable LSan for x86 Linux
This is a missed part of https://reviews.llvm.org/D28609.
Enable LSan for x86 Linux in clang driver.

Differential Revision: https://reviews.llvm.org/D29077

llvm-svn: 293609
2017-01-31 07:00:23 +00:00
Evgeniy Stepanov 8a2bedbf27 Tread TSan LLVM flags to driver: add TSan controlling flags to clang.
Summary:
New clang flags, all default to true:
-f[no-]sanitize-thread-data-races
-f[no-]sanitize-thread-stack-traces
-f[no-]sanitize-thread-atomics

Reviewers: dvyukov, pcc, eugenis

Subscribers: pcc, cfe-commits

Patch by Alex Shlyapnikov.

Differential Revision: https://reviews.llvm.org/D26461

llvm-svn: 286669
2016-11-11 23:17:36 +00:00
Evgeniy Stepanov da2028b967 [cfi] Enable cfi-icall on ARM and AArch64.
llvm-svn: 286613
2016-11-11 18:49:49 +00:00
David L Kreitzer d397ea4d6f Define Contiki OS toolchain
Patch by Michael LeMay

Differential revision: http://reviews.llvm.org/D19854

llvm-svn: 284278
2016-10-14 20:44:33 +00:00
Vitaly Buka a77ac1b214 Add -fno-sanitize-address-use-after-scope flag
Reviewers: eugenis

Differential Revision: https://reviews.llvm.org/D25453

llvm-svn: 283801
2016-10-10 21:31:50 +00:00
Rafael Espindola c9d336e549 Restructure the propagation of -fPIC/-fPIE.
The PIC and PIE levels are not independent. In fact, if PIE is defined
it is always the same as PIC.

This is clear in the driver where ParsePICArgs returns a PIC level and
a IsPIE boolean. Unfortunately that is currently lost and we pass two
redundant levels down the pipeline.

This patch keeps a bool and a PIC level all the way down to codegen.

llvm-svn: 273566
2016-06-23 15:07:32 +00:00
Evgeniy Stepanov 5c063c108a Fix sanitizer coverage support in the win32 driver.
--dependent-lib arguments for the sanitizer libraries must be emitted when
coverage is enabled w/o any sanitizers.

llvm-svn: 272735
2016-06-14 23:21:19 +00:00
Vitaly Buka 9d4eb6f389 [asan] Added -fsanitize-address-use-after-scope flag
Summary:
Also emit lifetime markers for -fsanitize-address-use-after-scope.
Asan uses life-time markers for use-after-scope check.

PR27453

Reviewers: kcc, eugenis, aizatsky

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D20759

llvm-svn: 271451
2016-06-02 00:24:20 +00:00
Derek Bruening 293772e72e [esan|wset] Add working set tool driver flags
Summary:
Adds a new -fsanitize=efficiency-working-set flag to enable esan's working
set tool.  Adds appropriate tests for the new flag.

Reviewers: aizatsky

Subscribers: vitalybuka, zhaoqin, kcc, eugenis, llvm-commits

Differential Revision: http://reviews.llvm.org/D20484

llvm-svn: 270641
2016-05-25 00:41:24 +00:00
Kostya Serebryany ceb1add630 document -f[no-]sanitize-recover=all and mention it in warning messages
llvm-svn: 268540
2016-05-04 20:21:47 +00:00
Peter Collingbourne 3afb266886 Re-apply r267784, r267824 and r267830.
I have updated the compiler-rt tests.

llvm-svn: 267903
2016-04-28 17:09:37 +00:00
Benjamin Kramer 5556a5cf3b Revert r267784, r267824 and r267830.
It makes compiler-rt tests fail if the gold plugin is enabled.

Revert "Rework interface for bitset-using features to use a notion of LTO visibility."
Revert "Driver: only produce CFI -fvisibility= error when compiling."
Revert "clang/test/CodeGenCXX/cfi-blacklist.cpp: Exclude ms targets. They would be non-cfi."

llvm-svn: 267871
2016-04-28 12:14:47 +00:00
Peter Collingbourne f10237b689 Driver: only produce CFI -fvisibility= error when compiling.
The -fvisibility= flag only affects compile jobs, so there's no need to
error out because of it if we aren't compiling (e.g. if we are only linking).

llvm-svn: 267824
2016-04-28 00:18:30 +00:00
Peter Collingbourne a8b2f7c0d7 Rework interface for bitset-using features to use a notion of LTO visibility.
Bitsets, and the compiler features they rely on (vtable opt, CFI),
only have visibility within the LTO'd part of the linkage unit. Therefore,
only enable these features for classes with hidden LTO visibility. This
notion is based on object file visibility or (on Windows)
dllimport/dllexport attributes.

We provide the [[clang::lto_visibility_public]] attribute to override the
compiler's LTO visibility inference in cases where the class is defined
in the non-LTO'd part of the linkage unit, or where the ABI supports
calling classes derived from abstract base classes with hidden visibility
in other linkage units (e.g. COM on Windows).

If the cross-DSO CFI mode is enabled, bitset checks are emitted even for
classes with public LTO visibility, as that mode uses a separate mechanism
to cause bitsets to be exported.

This mechanism replaces the whole-program-vtables blacklist, so remove the
-fwhole-program-vtables-blacklist flag.

Because __declspec(uuid()) now implies [[clang::lto_visibility_public]], the
support for the special attr:uuid blacklist entry is removed.

Differential Revision: http://reviews.llvm.org/D18635

llvm-svn: 267784
2016-04-27 20:39:53 +00:00
Derek Bruening 256c2e14c7 [esan] EfficiencySanitizer driver flags
Summary:
Adds a framework to enable the instrumentation pass for the new
EfficiencySanitizer ("esan") family of tools.  Adds a flag for esan's
cache fragmentation tool via -fsanitize=efficiency-cache-frag.
Adds appropriate tests for the new flag.

Reviewers: eugenis, vitalybuka, aizatsky, filcab

Subscribers: filcab, kubabrecka, llvm-commits, zhaoqin, kcc

Differential Revision: http://reviews.llvm.org/D19169

llvm-svn: 267059
2016-04-21 21:32:04 +00:00
Evgeniy Stepanov 368d3074ba Allow simultaneous safestack and stackprotector attributes.
This is the clang part of http://reviews.llvm.org/D18846.
SafeStack instrumentation pass adds stack protector canaries if both
attributes are present on a function. StackProtector pass will step
back if the function has a safestack attribute.

llvm-svn: 266005
2016-04-11 22:27:55 +00:00
Devin Coughlin fcfa38cf76 [tsan] Allow -fsanitize=thread for iOS-style simulator targets
Update the clang driver to allow -fsanitize=thread when targeting x86_64 iOS and tvOS
simulators. Also restrict TSan targeting OS X to only be supported on x86_64 and not i386.

Differential Revision: http://reviews.llvm.org/D18280

llvm-svn: 263913
2016-03-20 18:24:33 +00:00
Ed Schouten 51bfbe7f2c Enable SafeStack for CloudABI.
Summary:
I've got a patchset in my home directory to integrate support for
SafeStack into CloudABI's C library. All of the CloudABI unit tests
still seem to pass. Pretty sweet!

This change adds the necessary changes to Clang to make
-fsanitize=safe-stack work on CloudABI. Without it, passing this command
line flag throws an error.

Reviewers: eugenis, samsonov

Differential Revision: http://reviews.llvm.org/D17243

llvm-svn: 261135
2016-02-17 18:56:20 +00:00
Anna Zaks e67b402e45 [asan] Add iOS support for Address Sanitizer
Differential Revision: http://reviews.llvm.org/D15624

llvm-svn: 259453
2016-02-02 02:04:48 +00:00
Peter Collingbourne dc13453128 Introduce -fsanitize-stats flag.
This is part of a new statistics gathering feature for the sanitizers.
See clang/docs/SanitizerStats.rst for further info and docs.

Differential Revision: http://reviews.llvm.org/D16175

llvm-svn: 257971
2016-01-16 00:31:22 +00:00
Evgeniy Stepanov fd6f92d5cb Cross-DSO control flow integrity (Clang part).
Clang-side cross-DSO CFI.

* Adds a command line flag -f[no-]sanitize-cfi-cross-dso.
* Links a runtime library when enabled.
* Emits __cfi_slowpath calls is bitset test fails.
* Emits extra hash-based bitsets for external CFI checks.
* Sets a module flag to enable __cfi_check generation during LTO.

This mode does not yet support diagnostics.

llvm-svn: 255694
2015-12-15 23:00:20 +00:00
Filipe Cabecinhas 3e127d984f [PS4] Add an additional test for ASan+UBSan
llvm-svn: 254723
2015-12-04 16:18:03 +00:00
Yury Gribov 5bfeca1201 [ASan] Allow -fsanitize-recover=address.
Differential Revision: http://reviews.llvm.org/D14243

llvm-svn: 252721
2015-11-11 10:45:48 +00:00
Kuba Brecka cc47f200ba Followup test failure fix for r252310 ("[tsan] Add Clang frontend support for TSan on OS X").
llvm-svn: 252311
2015-11-06 15:20:30 +00:00
Evgeniy Stepanov 71554fe21b MemorySanitizer does not require PIE.
Since r249754 MemorySanitizer should work equally well for PIE and
non-PIE executables on Linux/x86_64.

Beware, with this change -fsanitize=memory no longer adds implicit
-fPIE -pie compiler/linker flags on Linux/x86_64.

This is a re-land of r250941, limited to Linux/x86_64 + a very minor
refactoring in SanitizerArgs.

llvm-svn: 250949
2015-10-21 21:28:49 +00:00
Evgeniy Stepanov 76f853397a Revert "MemorySanitizer does not require PIE."
It actually does require PIE on some targets.

llvm-svn: 250944
2015-10-21 20:47:00 +00:00
Evgeniy Stepanov dccad5b9c3 MemorySanitizer does not require PIE.
Since r249754 MemorySanitizer should work equally well for PIE and
non-PIE executables.

Beware, with this change -fsanitize=memory no longer adds implicit
-fPIE -pie compiler/linker flags, unless the target defaults to PIE.

llvm-svn: 250941
2015-10-21 20:20:03 +00:00
Filipe Cabecinhas 4585ed006a [PS4] Add missing tests for -fsanitize=...
llvm-svn: 250516
2015-10-16 15:08:01 +00:00
Evgeniy Stepanov 299238a67b Enable SafeStack on all Linux platforms.
llvm-svn: 248518
2015-09-24 17:22:46 +00:00
Peter Collingbourne 24ec4924c0 Driver: Support cfi-icall on all OSs when targeting x86/x86_64.
llvm-svn: 247324
2015-09-10 19:18:05 +00:00