This adds support for TSan C++ exception handling, where we need to add extra calls to __tsan_func_exit when a function is exitted via exception mechanisms. Otherwise the shadow stack gets corrupted (leaked). This patch moves and enhances the existing implementation of EscapeEnumerator that finds all possible function exit points, and adds extra EH cleanup blocks where needed.
Differential Revision: https://reviews.llvm.org/D26177
llvm-svn: 286894
It's not a good idea to build the sanitizers with e.g. -DCMAKE_OSX_DEPLOYMENT_TARGET=10.12, because some deprecated functions that we intercept will cause build errors. Let's limit the allowed deployment targets to 10.9 (which is the default anyway), and warn when it's set above.
Differential Revision: https://reviews.llvm.org/D26557
llvm-svn: 286859
Summary:
ASan needs to initialize before ucrtbase.dll so that it can intercept
all of its heap allocations. New versions of dbghelp.dll depend on
ucrtbase.dll, which means both of those DLLs will initialize before the
dynamic ASan runtime. By lazily loading dbghelp.dll with LoadLibrary, we
avoid the issue.
Eventually, I would like to remove our dbghelp.dll dependency in favor
of always using llvm-symbolizer.exe, but this seems like an acceptable
interim solution.
Fixes PR30903
Reviewers: etienneb
Subscribers: kubabrecka, mgorny, llvm-commits
Differential Revision: https://reviews.llvm.org/D26473
llvm-svn: 286848
This patch replaces fprintf with print_address function in LSAN
tests. This is necessary because of different printing of pointers
in fprintf and sanitizer's print function.
Differential Revision: https://reviews.llvm.org/D26084.
llvm-svn: 286816
Summary:
In non-strict mode we will check memory access for both strings from beginning
to either:
1. 0-char
2. size
3. different chars
In strict mode we will check from beginning to either:
1. 0-char
2. size
Previously in strict mode we always checked up to the 0-char.
Reviewers: kcc, eugenis
Subscribers: llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D26574
llvm-svn: 286708
Summary: Unit tests for the new clang flags.
Reviewers: eugenis, dvyukov
Subscribers: kubabrecka, llvm-commits
Patch by Alex Shlyapnikov.
Differential Revision: https://reviews.llvm.org/D26462
llvm-svn: 286670
This patch is needed to implement the function attribute that disable TSan checking at run time.
Differential Revision: https://reviews.llvm.org/D25859
llvm-svn: 286658
Changed the kernel sigaction structure in test syscalls_sigaction.cc for MIPS according to the structure defined in kernel.
Reviewed by eugenis.
Differential: https://reviews.llvm.org/D25814
llvm-svn: 286583
Now that we use TerminateProcess, the debugger doesn't stop on program
exit. Add this breakpoint so that the debugger stops after asan reports
an error and is prepared to exit the program.
llvm-svn: 286501
ExitProcess still runs some code which can lead to ASan interceptors
running after CHECK failure. This can lead to deadlock if it CHECK fails
again. Avoid that mess by really exiting immediately.
llvm-svn: 286395
I'm not sure why is it there, but it is breaking tests on Android N
because of unexpected linker output about an empty LD_LIBRARY_PATH
entry.
llvm-svn: 286321
Summary:
User applications may register hooks in the .CRT$XL* callback list,
which is called very early by the loader. This is very common in
Chromium:
https://cs.chromium.org/search/?q=CRT.XL&sq=package:chromium&type=cs
This has flown under the radar for a long time because the loader
appears to catch exceptions originating from these callbacks. It's a
real problem when you're debugging an asan application, though, since it
makes the program crash early.
The solution is to add our own callback to this list, and sort it very
early in the list like we do elsewhere. Also add a test with such an
instrumented callback, and test that it gets called with asan.
Reviewers: etienneb
Subscribers: llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D26404
llvm-svn: 286290
Atomic stores terminate release sequences on the atomic variable,
and must use ReleaseStore primitive instead of Release.
This was broken in r192355 during a refactoring.
Restore correct behavior and add a test.
llvm-svn: 286211
asan_device_setup script is using LD_PRELOAD to inject the ASan
runtime library into the Zygote process. This breaks when the Zygote
or any of its descendants spawn a process with different bitness due
to the fact that the ASan-RT library name includes the target
architecture.
The fix is to preload the library through a symlink which has the
same name in lib and lib64.
llvm-svn: 286188
Although rare, atomic accesses to floating-point types seem to be valid, i.e. `%a = load atomic float ...`. The TSan instrumentation pass however tries to emit inttoptr, which is incorrect, we should use a bitcast here. Anyway, IRBuilder already has a convenient helper function for this.
Differential Revision: https://reviews.llvm.org/D26266
llvm-svn: 286136
Only tests using %clang_cl_asan were using the dynamic CRT before this.
The unit tests and lit tests using %clangxx_asan were using the static
CRT. Many cross-platform tests fail with the dynamic CRT, so I had to
add win32-(static|dynamic)-asan lit features.
Also deletes some redundant tests in TestCases/Windows that started
failing with this switch.
llvm-svn: 285821
Summary:
We define a new trampoline that's a hybrid between the exit and entry
trampolines with the following properties:
- Saves all of the callee-saved registers according to the x86_64
calling conventions.
- Indicate to the log handler function being called that this is a
function exit event.
This fixes a bug that is a result of not saving enough of the register
states, and that the log handler is clobbering registers that would be
used by the function being tail-exited into manifesting as runtime
errors.
Reviewers: rSerge, echristo, majnemer
Subscribers: mehdi_amini, llvm-commits
Differential Revision: https://reviews.llvm.org/D26020
llvm-svn: 285787
Apparently, the std_shared_ptr.cc testcase works fine on Darwin, even without the instrumented libcxx. Let's enable it.
Differential Revision: https://reviews.llvm.org/D26162
llvm-svn: 285634
TSan’s memory usage profiling currently doesn’t work on Darwin. This patch implements measuring the amount of resident and dirty memory for each memory region. I also removed the GetShadowMemoryConsumption function, which seems to be unused.
Differential Revision: https://reviews.llvm.org/D25973
llvm-svn: 285630
On Darwin, simple C null-terminated constant strings normally end up in the __TEXT,__cstring section of the resulting Mach-O binary. When instrumented with ASan, these strings are transformed in a way that they cannot be in __cstring (the linker unifies the content of this section and strips extra NUL bytes, which would break instrumentation), and are put into a generic __const section. This breaks some of the tools that we have: Some tools need to scan all C null-terminated strings in Mach-O binaries, and scanning all the contents of __const has a large performance penalty. This patch instead introduces a special section, __asan_cstring which will now hold the instrumented null-terminated strings.
Differential Revision: https://reviews.llvm.org/D25026
llvm-svn: 285620
GCD (libdispatch) has a concept of “target queues”: Each queue has either an implicit or explicit target queue, where the task is handed over to when it’s time to execute it. For example, a concurrent queue can have a serial target queue (effectively making the first queue serial), or multiple queues can have the same serial target queue (which means tasks in all the queues are mutually excluded). Thus we need to acquire-release semantics on the full “chain” of target queues.
This patch changes the way we Acquire() and Release() when executing tasks in queues. Now we’ll walk the chain of target queues and synchronize on each queue that is serial (or when dealing with a barrier block). This should avoid false positives when using dispatch_set_target_queue().
Differential Revision: https://reviews.llvm.org/D25835
llvm-svn: 285613
Otherwise __asan_dynamic_memory_address will be zero during static
initialization and instrumented code will crash immediately.
Fixes PR30810
Patch by David Major
llvm-svn: 285600
ASan dead-strip support relies on a linker option that only exists
in 10.11 and later, so the LLVM instrumentation checks for the deployment
target. This test does not pass when clang is built to choose lower
deployment target by default but runs on newer host.
(Note, the REQUIRES: osx-ld64-live_support clause only checks the host
and not the target OS.)
Differential Revision: https://reviews.llvm.org/D26107
llvm-svn: 285482
The CMake build system had missed this macro as part of the build of the
builtins. This would result in the builtins exporting symbols which are
implemented in assembly with global visibility. Ensure that the assembly
optimized routines are given the same visibility as the C routines.
llvm-svn: 285477
There is a corner case reported in Go issue tracker:
https://github.com/golang/go/issues/17065
On darwin data/bss segments may not be aligned to page bounary
and mmap seems to be behaving differently than on linux
(shrinks instead of enlarge unaligned regions).
Explicitly round shadow to page bounary before mapping
to avoid any such problems.
llvm-svn: 285454
Go maps shadow memory lazily, so we don't have the huge multi-TB mapping.
Virtual memory consumption is proportional to normal memory usage.
Also in Go core dumps are enabled explicitly with GOTRACEBACK=crash,
if user explicitly requests a core that must be on purpose.
So don't disable core dumps by default.
llvm-svn: 285451
Currently we either define SANITIZER_GO for Go or don't define it at all for C++.
This works fine with preprocessor (ifdef/ifndef/defined), but does not work
for C++ if statements (e.g. if (SANITIZER_GO) {...}). Also this is different
from majority of SANITIZER_FOO macros which are always defined to either 0 or 1.
Always define SANITIZER_GO to either 0 or 1.
This allows to use SANITIZER_GO in expressions and in flag default values.
Also remove kGoMode and kCppMode, which were meant to be used in expressions,
but they are not defined in sanitizer_common code, so SANITIZER_GO become prevalent.
Also convert some preprocessor checks to C++ if's or ternary expressions.
Majority of this change is done mechanically with:
sed "s#ifdef SANITIZER_GO#if SANITIZER_GO#g"
sed "s#ifndef SANITIZER_GO#if \!SANITIZER_GO#g"
sed "s#defined(SANITIZER_GO)#SANITIZER_GO#g"
llvm-svn: 285443
Vedant Kumar