Commit Graph

10939 Commits

Author SHA1 Message Date
Dean Michael Berris f578aaa058 [XRay] Clean up XRay build configuration
Summary:
This change spans both LLVM and compiler-rt, where we do the following:

- Add XRay to the LLVMBuild system, to allow for distributing the XRay
  trace loading library along with the LLVM distributions.

- Use `llvm-config` better in the compiler-rt XRay implementation, to
  depend on the potentially already-distributed LLVM XRay library.

While this is tested with the standalone compiler-rt build, it does
require that the LLVMXRay library (and LLVMSupport as well) are
available during the build. In case the static libraries are available,
the unit tests will build and work fine. We're still having issues with
attempting to use a shared library version of the LLVMXRay library since
the shared library might not be accessible from the standard shared
library lookup paths.

The larger change here is the inclusion of the LLVMXRay library in the
distribution, which allows for building tools around the XRay traces and
profiles that the XRay runtime already generates.

Reviewers: echristo, beanz

Subscribers: mgorny, hiraditya, mboerger, llvm-commits

Differential Revision: https://reviews.llvm.org/D52349

llvm-svn: 342859
2018-09-24 05:28:01 +00:00
Vlad Tsyrklevich 00705a7f95 SafeStack: Fix flaky test (PR39001)
Summary:
pthread_join() can return before a thread finishes exit()ing in the
kernel and a subsequent tgkill() can report the thread still alive.
Update the pthread-cleanup.c test to sleep and retry if it hits this
possible flake.

Thanks to Jeremy Morse for reporting.

Reviewers: jmorse, eugenis, vitalybuka

Reviewed By: jmorse, vitalybuka

Subscribers: delcypher, jfb, llvm-commits, #sanitizers, kcc

Differential Revision: https://reviews.llvm.org/D52330

llvm-svn: 342763
2018-09-21 19:02:32 +00:00
Kostya Kortchinsky 7bdb0b9493 [sanitizer] Move __sanitizer_set_death_callback to a more appropriate file
Summary:
`__sanitizer_set_death_callback` is a public interface function wrapping
`SetUserDieCallback`. Said function is defined in `sanitizer_termination.cc`,
which is not included in all the RT. Moving the interface function to that
file allows to not have a spurious public fuinction in RT that don't use it.

Reviewers: eugenis

Reviewed By: eugenis

Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D52363

llvm-svn: 342747
2018-09-21 17:05:56 +00:00
Dean Michael Berris 0cb22386e0 [XRay][compiler-rt] Update use of internal_mmap
Summary:
The implementation of `internal_mmap(...)` deviates from the contract of
`mmap(...)` -- i.e. error returns are actually the equivalent of `errno`
results. We update how XRay uses `internal_mmap(...)` to better handle
these error conditions.

In the process, we change the default pointers we're using from `char*`
to `uint8_t*` to prevent potential usage of the pointers in the string
library functions that expect to operate on `char*`.

We also take the chance to "promote" sizes of individual `internal_mmap`
requests to at least page size bytes, consistent with the expectations
of calls to `mmap`.

Reviewers: cryptoad, mboerger

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D52361

llvm-svn: 342745
2018-09-21 16:34:42 +00:00
Jeremy Morse b52bd9eed6 [libfuzzer] Fix a test's run line
r342698 removed the 'UNSUPPORTED: windows' flags from a number of fuzzer
tests, however too many lines were removed from 'fuzzer-flags.test',
including the run-line that generates the test binary, which breaks that
test for me (and the clang-x64-ninja-win7 buildbot). This patch just
re-adds that line.

llvm-svn: 342720
2018-09-21 10:50:15 +00:00
Calixte Denizet 8f7aab5c61 [profile] Fix the tests for patch in https://reviews.llvm.org/D49916.
Summary:
The goal of D49916 is to remove some hit counters from lines like '}'.
So as a consequence, the tests must be fixed.
FYI, after holidays, I'll add more tests.

Reviewers: marco-c, davidxl

Reviewed By: marco-c

Subscribers: delcypher, llvm-commits, #sanitizers, sylvestre.ledru

Differential Revision: https://reviews.llvm.org/D49917

llvm-svn: 342718
2018-09-21 09:17:14 +00:00
Jonathan Metzman 0744d3c5a1 [fuzzer] Replace FuzzerExtFunctionsDlsymWin.cpp with FuzzerExtFunctionsWeakAlias.cpp
Summary:
Replace FuzzerExtFunctionsDlsymWin.cpp with FuzzerExtFunctionsWeakAlias.cpp
to get externally defined functions (eg: LLVMFuzzerInitialize,
LLVMFuzzerCustomMutator, etc) working again.

Also enable tests that depended on these functions (on windows)

Reviewers: rnk, morehouse

Reviewed By: rnk, morehouse

Subscribers: rnk, morehouse, mgorny

Differential Revision: https://reviews.llvm.org/D51700

llvm-svn: 342698
2018-09-20 23:24:48 +00:00
David Carlier 362e6095a6 [Hwasan] interceptor macro / extra comma removal
gcc being pedantic, removing the unnecessary comma.

Reviewers: eugenis, kcc

Reviewed By: eugenis

Differential Revision: https://reviews.llvm.org/D52305

llvm-svn: 342680
2018-09-20 19:30:51 +00:00
Calixte Denizet 6dde0d4283 [profile] Fix tests in compiler-rt for patch in gcov (https://reviews.llvm.org/D49659)
Summary: Some tests are broken if patch in D49659 is accepted so this patch fixes them.

Reviewers: marco-c

Reviewed By: marco-c

Subscribers: dberris, delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D49721

llvm-svn: 342661
2018-09-20 16:21:09 +00:00
David Major 2ebabe8f6c Fix test after r342652
llvm-svn: 342654
2018-09-20 15:22:21 +00:00
David Major 468f53b58c [winasan] Unpoison the stack in NtTerminateThread
In long-running builds we've seen some ASan complaints during thread creation that we suspect are due to leftover poisoning from previous threads whose stacks occupied that memory. This patch adds a hook that unpoisons the stack just before the NtTerminateThread syscall.

Differential Revision: https://reviews.llvm.org/D52091

llvm-svn: 342652
2018-09-20 14:59:33 +00:00
Kostya Kortchinsky caa9619bce [sanitizer] Make __sanitizer::CheckFailed not public
Summary:
As far as I can tell, there is no reason why `__sanitizer::CheckFailed` should
be exported. Looking back in time, it was added with the FIXME with the
following by @timurrrr:

```
[*San/RTL] Fix minor breakage
Grumbling: this hasn't been caught by running 'make check-{a,l,t}san check-sanitizer'
```

I can't find any detail about the breakage, all tests seem to work for me, so
maybe Windows (@rnk?) or something I have no setup for.

The reason to make it private (past the FIXME) is that Scudo defines its own
(without callback) and I am trying to make the .so be loadable with the UBsan
one (that has its own public `CheckFailed`) with as little drama as possible.

Reviewers: eugenis, rnk

Reviewed By: eugenis, rnk

Subscribers: kubamracek, delcypher, #sanitizers, timurrrr, rnk, llvm-commits

Differential Revision: https://reviews.llvm.org/D52279

llvm-svn: 342651
2018-09-20 14:50:06 +00:00
David Major c4624d9e3f [winasan] Reduce hotpatch prefix check to 8 bytes
Same idea as r310419: The 8 byte nop is a suffix of the 9 byte nop, and we need at most 6 bytes.

Differential Revision: https://reviews.llvm.org/D51788

llvm-svn: 342649
2018-09-20 14:28:50 +00:00
Dean Michael Berris 1f60207984 [XRay][compiler-rt] FDRLogWriter Abstraction
Summary:
This change introduces an `FDRLogWriter` type which is responsible for
serialising metadata and function records to character buffers. This is
the first step in a refactoring of the implementation of the FDR runtime
to allow for more granular testing of the individual components of the
implementation.

The main contribution of this change is a means of hiding the details of
how specific records are written to a buffer, and for managing the
extents of these buffers. We make use of C++ features (templates and
some metaprogramming) to reduce repetition in the act of writing out
specific kinds of records to the buffer.

In this process, we make a number of changes across both LLVM and
compiler-rt to allow us to use the `Trace` abstraction defined in the
LLVM project in the testing of the runtime implementation. This gives us
a closer end-to-end test which version-locks the runtime implementation
with the loading implementation in LLVM.

We also allow using gmock in compiler-rt unit tests, by adding the
requisite definitions in the `AddCompilerRT.cmake` module. We also add
the terminfo library detection along with inclusion of the appropriate
compiler flags for header include lookup.

Finally, we've gone ahead and updated the FDR logging implementation to
use the FDRLogWriter for the lowest-level record-writing details.

Following patches will isolate the state machine transitions which
manage the set-up and tear-down of the buffers we're using in multiple
threads.

Reviewers: mboerger, eizan

Subscribers: mgorny, jfb, llvm-commits

Differential Revision: https://reviews.llvm.org/D52220

llvm-svn: 342617
2018-09-20 05:22:37 +00:00
Yi Kong 0c4cf6436a [builtins] Add __emutls_unregister_key function
This is called by Bionic on dlclose to delete the emutls pthread key.

The return value of pthread_key_delete is unchecked and behaviour of
multiple calls to the method is dependent on the implementation of
pthread_key_delete.

Differential Revision: https://reviews.llvm.org/D52251

llvm-svn: 342608
2018-09-20 01:02:13 +00:00
Evgeniy Stepanov 09e7f243f1 Revert "[XRay][compiler-rt] FDRLogWriter Abstraction" and 1 more.
Revert the following 2 commits to fix standalone compiler-rt build:
* r342523 [XRay] Detect terminfo library
* r342518 [XRay][compiler-rt] FDRLogWriter Abstraction

llvm-svn: 342596
2018-09-19 22:29:56 +00:00
Kostya Kortchinsky 851a7c9b2b [sanitizer][fuchsia] Fix VMAR leak
Summary:
Destroy and close a range's vmar if all its memory was unmapped.

This addresses some performance regression due to the proliferation of vmars
when Secondary backed allocations are concerned with Scudo on Fuchsia.

When a Secondary backed allocation was freed, the associated
`ReservedAddressRange` was going away after unmapping the entirety of the
mapping, but without getting rid of the associated vmar properly (which
was created specifically for that mapping). This resulted in an increase of
defunct vmars, that in turn slowed down further new vmar allocations.

This appears to solve ZX-2560/ZX-2642, at least on QEMU.

Reviewers: flowerhack, mcgrathr, phosek, mseaborn

Reviewed By: mcgrathr

Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D52242

llvm-svn: 342584
2018-09-19 19:50:35 +00:00
Dan Liew bd810dbd27 [UBSan] Fix typo in CMake conditional that checked if the architecture
of a darwin platform was in the list of `UBSAN_SUPPORTED_ARCH`.

This is a follow up to r341306.

The typo meant that if an architecture was a prefix to another
architecture in the list (e.g. `armv7` is a prefix of `armv7k`) then
this would trigger a match which is not the intended behaviour.

rdar://problem/41126835

llvm-svn: 342553
2018-09-19 15:27:00 +00:00
Arnaud A. de Grandmaison 86a5e43656 [compiler-rt][TSan] Add TSan runtime support for Go on linux-aarch64.
Summary:
This patch adds TSan runtime support for Go on linux-aarch64
platforms. This enables people working on golang to implement their
platform/language part of the TSan support.

Basic testing is done with lib/tsan/go/buildgo.sh. Additional testing will be
done as part of the work done in the Go project.

It is intended to support other VMA sizes, except 39 which does not
have enough bits to support the Go heap requirements.

Patch by Fangming Fang <Fangming.Fang@arm.com>.

Reviewers: kubamracek, dvyukov, javed.absar

Subscribers: mcrosier, dberris, mgorny, kristof.beyls, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D52167

llvm-svn: 342541
2018-09-19 11:56:20 +00:00
Dean Michael Berris ff93d3a8aa [XRay] Detect terminfo library
Instead of assuming `-ltinfo` works, check whether there's terminfo
support on the host where LLVMSupport is compiled.

Follow-up to D52220.

llvm-svn: 342523
2018-09-19 01:35:52 +00:00
Dean Michael Berris b64f71b029 [XRay][compiler-rt] FDRLogWriter Abstraction
Summary:
This change introduces an `FDRLogWriter` type which is responsible for
serialising metadata and function records to character buffers. This is
the first step in a refactoring of the implementation of the FDR runtime
to allow for more granular testing of the individual components of the
implementation.

The main contribution of this change is a means of hiding the details of
how specific records are written to a buffer, and for managing the
extents of these buffers. We make use of C++ features (templates and
some metaprogramming) to reduce repetition in the act of writing out
specific kinds of records to the buffer.

In this process, we make a number of changes across both LLVM and
compiler-rt to allow us to use the `Trace` abstraction defined in the
LLVM project in the testing of the runtime implementation. This gives us
a closer end-to-end test which version-locks the runtime implementation
with the loading implementation in LLVM.

We also allow using gmock in compiler-rt unit tests, by adding the
requisite definitions in the `AddCompilerRT.cmake` module.

Finally, we've gone ahead and updated the FDR logging implementation to
use the FDRLogWriter for the lowest-level record-writing details.

Following patches will isolate the state machine transitions which
manage the set-up and tear-down of the buffers we're using in multiple
threads.

Reviewers: mboerger, eizan

Subscribers: mgorny, jfb, llvm-commits

Differential Revision: https://reviews.llvm.org/D52220

llvm-svn: 342518
2018-09-18 23:59:32 +00:00
Saleem Abdulrasool 73c39c0328 build: clean up some unnecessary cached variables
The CMAKE_<LANG>_ARCHIVE_FINISH rule doesn't need to be cleared for Darwin
static libraries.  Avoid resetting the variables in the SIP case.  If
CMAKE_RANLIB is cached, then CMake's Ninja generator will invoke ranlib during
installation, not due to the CMAKE_<LANG>_ARCHIVE_FINISH rule.

llvm-svn: 342511
2018-09-18 20:33:01 +00:00
Kristina Brooks 22db696549 [builtins] Fix c?zdi2 on sparc64/Linux and ignore riscv32
On sparc64/Linux, sparc64 isn't defined; the canonical way of
checking for sparc64 is sparc && arch64, which also works on the
BSDs and Solaris. Since this problem does not occur on 32-bit
architectures, riscv32 can be ignored. This fixes and refines rL324593.

Patch by jrtc27 (James Clarke)

Differential Revision: https://reviews.llvm.org/D43146

llvm-svn: 342504
2018-09-18 18:56:52 +00:00
Saleem Abdulrasool f5ebd70a67 build: fix standalone builds for compiler-rt on Darwin
When building static fat libraries, we need to ensure that we use libtool rather
than llvm-ar to create the library.  Duplicate the rules from LLVM to ensure
that we correctly build the fat libraries when building compiler-rt standalone.
This also requires that we duplicate the workaround for the `DYLD_LIBRARY_PATH`
for SIP.  Additionally, ensure that we set the `CMAKE_*_ARCHIVE_FINISH` variable
to ensure that we do not try to use `ranlib` on that target.

llvm-svn: 342425
2018-09-17 23:25:36 +00:00
Matt Morehouse 1e1f3c8298 [libFuzzer] Avoid fuzzer symbols being hidden.
Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1490845#c5.

Patch By: Mike Hommey

llvm-svn: 342423
2018-09-17 23:08:15 +00:00
Dan Liew fb310c0af9 [UBSan] Partially fix `test/ubsan/TestCases/Misc/log-path_test.cc` so that it can run on devices.
Summary:
In order for this test to work the log file needs to be removed from both
from the host and device. To fix this the `rm` `RUN` lines have been
replaced with `RUN: rm` followed by `RUN: %device_rm`.

Initially I tried having it so that `RUN: %run rm` implicitly runs `rm`
on the host as well so that only one `RUN` line is needed. This
simplified writing the test however that had two large drawbacks.

* It's potentially very confusing (e.g. for use of the device scripts outside
  of the lit tests) if asking for `rm` to run on device also causes files
  on the host to be deleted.

* This doesn't work well with the glob patterns used in the test.
  The host shell expands the `%t.log.*` glob pattern and not on the
  device so we could easily miss deleting old log files from previous
  test runs if the corresponding file doesn't exist on the host.

So instead deletion of files on the device and host are explicitly
separate commands.

The command to delete files from a device is provided by a new
substitution `%device_rm` as suggested by Filipe Cabecinhas.

The semantics of `%device_rm` are that:

* It provides a way remove files from a target device when
 the host is not the same as the target. In the case that the
 host and target are the same it is a no-op.

* It interprets shell glob patterns in the context of the device
  file system instead of the host file system.
  This solves the globbing problem provided the argument is quoted so
  that lit's underlying shell doesn't try to expand the glob pattern.

* It supports the `-r` and `-f` flags of the `rm` command,
  with the same semantics.

Right now an implementation of `%device_rm` is provided only for
ios devices. For all other devices a lit warning is emitted and
the `%device_rm` is treated as a no-op. This done to avoid changing
the behaviour for other device types but leaves room for others
to implement `%device_rm`.

The ios device implementation uses the `%run` wrapper to do the work
of removing files on a device.

The `iossim_run.py` script has been fixed so that it just runs `rm`
on the host operating system because the device and host file system
are the same.

rdar://problem/41126835

Reviewers: vsk, kubamracek, george.karpenkov, eugenis

Subscribers: #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D51648

llvm-svn: 342391
2018-09-17 13:33:44 +00:00
Petr Hosek 040ab65c53 [sanitizer_common] Fuchsia now supports .preinit_array
Support for .preinit_array has been implemented in Fuchsia's libc,
add Fuchsia to the list of platforms that support this feature.

Differential Revision: https://reviews.llvm.org/D52155

llvm-svn: 342357
2018-09-17 05:22:26 +00:00
Dean Michael Berris 1a23d3bbce [XRay] Simplify FDR buffer management
Summary:
This change makes XRay FDR mode use a single backing store for the
buffer queue, and have indexes into that backing store instead. We also
remove the reliance on the internal allocator implementation in the FDR
mode logging implementation.

In the process of making this change we found an inconsistency with the
way we're returning buffers to the queue, and how we're setting the
extents. We take the chance to simplify the way we're managing the
extents of each buffer. It turns out we do not need the indirection for
the extents, so we co-host the atomic 64-bit int with the buffer object.
It also seems that we've not been returning the buffers for the thread
running the flush functionality when writing out the files, so we can
run into a situation where we could be missing data.

We consolidate all the allocation routines now into xray_allocator.h,
where we used to have routines defined in xray_buffer_queue.cc.

Reviewers: mboerger, eizan

Subscribers: jfb, llvm-commits

Differential Revision: https://reviews.llvm.org/D52077

llvm-svn: 342356
2018-09-17 03:09:01 +00:00
Dean Michael Berris d5577aea07 [XRay] Fix FDR initialization
Follow-up to D51606.

llvm-svn: 342355
2018-09-17 02:49:17 +00:00
Petr Hosek 9e8b4de3b3 [XRay] Remove the unused variable
This broke the fdr-single-thread test after FDRLoggingOptions struct
has been removed in r342318.

llvm-svn: 342320
2018-09-15 06:25:17 +00:00
Petr Hosek d197ebf3ed [XRay] Remove the deprecated __xray_log_init API
This API has been deprecated three months ago and shouldn't be used
anymore, all clients should migrate to the new string based API.

Differential Revision: https://reviews.llvm.org/D51606

llvm-svn: 342318
2018-09-15 02:55:42 +00:00
Matt Morehouse 0039792d7b [libFuzzer] Disable value-profile-strncmp.test on aarch64.
Test no longer finds the BINGO on clang-cmake-aarch64-full bot, and I
can't reproduce on our ARM machine.

llvm-svn: 342255
2018-09-14 18:24:02 +00:00
Ulrich Weigand 9ed8fd5df8 [asan] Fix test case failure on SystemZ
Since we changed our inlining parameters, this test case was failing
on SystemZ, as the two tests were now both inlined into the main
function, which the test didn't expect.  Fixed by adding a few more
noinline attributes.

llvm-svn: 342236
2018-09-14 13:36:55 +00:00
Dean Michael Berris 05cf443463 [XRay][clang] Emit "never-instrument" attribute
Summary:
Before this change, we only emit the XRay attributes in LLVM IR when the
-fxray-instrument flag is provided. This may cause issues with thinlto
when the final binary is being built/linked with -fxray-instrument, and
the constitutent LLVM IR gets re-lowered with xray instrumentation.

With this change, we can honour the "never-instrument "attributes
provided in the source code and preserve those in the IR. This way, even
in thinlto builds, we retain the attributes which say whether functions
should never be XRay instrumented.

This change addresses llvm.org/PR38922.

Reviewers: mboerger, eizan

Subscribers: mehdi_amini, dexonsmith, cfe-commits, llvm-commits

Differential Revision: https://reviews.llvm.org/D52015

llvm-svn: 342200
2018-09-14 01:59:12 +00:00
Kostya Serebryany c173a703b5 [hwasan] use a single Printf per line when printing a report (more friendly to android logging)
llvm-svn: 342164
2018-09-13 19:14:22 +00:00
Dean Michael Berris 90a46bdec2 [XRay] Bug fixes for FDR custom event and arg-logging
Summary:
This change has a number of fixes for FDR mode in compiler-rt along with
changes to the tooling handling the traces in llvm.

In the runtime, we do the following:

- Advance the "last record" pointer appropriately when writing the
  custom event data in the log.

- Add XRAY_NEVER_INSTRUMENT in the rewinding routine.

- When collecting the argument of functions appropriately marked, we
  should not attempt to rewind them (and reset the counts of functions
  that can be re-wound).

In the tooling, we do the following:

- Remove the state logic in BlockIndexer and instead rely on the
  presence/absence of records to indicate blocks.

- Move the verifier into a loop associated with each block.

Reviewers: mboerger, eizan

Subscribers: llvm-commits, hiraditya

Differential Revision: https://reviews.llvm.org/D51965

llvm-svn: 342122
2018-09-13 09:25:42 +00:00
Vlad Tsyrklevich aadfe4661d [TSan] Update test values
Similarly to before, D51985 again reduced the number of registers
required for the read/write routines causing this test to fail on
sanitizer-x86_64-linux-autoconf.

llvm-svn: 342092
2018-09-12 22:16:14 +00:00
Kostya Serebryany ee9bb8761c [hwasan] On every use-after-free print a developer note: the index of this heap object in the thread's deallocation ring buffer. Mostly useful to hwasan developers, will hopefully let us know the good size of the deallocation ring buffer
llvm-svn: 342014
2018-09-12 00:58:15 +00:00
Kostya Serebryany 2362bf7d10 [hwasan] tests for a buffer overflow with a large allocation
llvm-svn: 342011
2018-09-12 00:27:34 +00:00
Martin Storsjo e199a2d434 [libFuzzer] [Windows] Include windows.h and psapi.h with lowercase
This fixes building on a case sensitive filesystem with mingw-w64
headers, where all headers are lowercase, and matches how these
headers are included elsewhere in compiler-rt.

Also include these headers with angle brackets, as they are system
headers.

Differential Revision: https://reviews.llvm.org/D51913

llvm-svn: 341983
2018-09-11 19:11:54 +00:00
Vedant Kumar 727d89526e [gcov] Fix branch counters with switch statements (fix PR38821)
Right now, the counters are added in regards of the number of successors
for a given BasicBlock: it's good when we've only 1 or 2 successors (at
least with BranchInstr). But in the case of a switch statement, the
BasicBlock after switch has several predecessors and we need know from
which BB we're coming from.

So the idea is to revert what we're doing: add a PHINode in each block
which will select the counter according to the incoming BB.  They're
several pros for doing that:

- we fix the "switch" bug
- we remove the function call to "__llvm_gcov_indirect_counter_increment"
  and the lookup table stuff
- we replace by PHINodes, so the optimizer will probably makes a better
  job.

Patch by calixte!

Differential Revision: https://reviews.llvm.org/D51619

llvm-svn: 341977
2018-09-11 18:38:34 +00:00
David Carlier 395aa78986 [Msan] Fix unit test linkage issue on FreeBSD
Fix typical relocation linkage issue.

Reviwewers: dim, emaste

Reviewed By: krytarowski

Differential Revision: https://reviews.llvm.org/D51681

llvm-svn: 341924
2018-09-11 10:35:32 +00:00
Martin Storsjo b2b0f859d4 [ASan] [Windows] Remove const from _msize function declaration parameter
This function isn't declared with a const parameter anywhere; neither
in MSVC (neither in ucrt or in older msvcrt versions) nor in mingw-w64.

Differential Revision: https://reviews.llvm.org/D51876

llvm-svn: 341903
2018-09-11 06:07:32 +00:00
Evgeniy Stepanov 7e6c32aa45 [hwasan] Re-enable print-memory-usage-android test.
The problem was not in a non-rooted device, but in tagged local
variable address passed to a system call, see comments in the code.

llvm-svn: 341875
2018-09-10 22:22:02 +00:00
Martin Storsjo 6dc8968124 [Windows] Include BaseTsd.h with lowercase
This fixes building on a case sensitive filesystem with mingw-w64
headers, where all headers are lowercase. This header actually also
is named with a lowercase name in the Windows SDK as well.

Differential Revision: https://reviews.llvm.org/D51877

llvm-svn: 341857
2018-09-10 20:28:06 +00:00
Kostya Serebryany 1ee01bbf37 [hwasan] rename two .cc tests into .c
llvm-svn: 341739
2018-09-08 01:27:10 +00:00
Evgeniy Stepanov 8f0d9020d4 [hwasan] Disable print-memory-usage-android test.
Requires a rooted device => fails on sanitizer-x86_64-linux-android bot.

llvm-svn: 341738
2018-09-08 01:16:47 +00:00
Richard Smith 4357ca653a Switch to using a reserved identifier for this internal compiler-rt function.
llvm-svn: 341736
2018-09-08 00:17:37 +00:00
Evgeniy Stepanov d263cb8ea1 [hwasan] Export memory stats through /proc/$PID/maps.
Adds a line to /proc/$PID/maps with more or less up-to-date memory
stats of the process.

llvm-svn: 341735
2018-09-08 00:11:12 +00:00
Dean Michael Berris edf0f6a79b [XRay] XRAY_NEVER_INSTRUMENT more functions, consolidate allocators
Summary:
In this change we apply `XRAY_NEVER_INSTRUMENT` to more functions in the
profiling implementation to ensure that these never get instrumented if
the compiler used to build the library is capable of doing XRay
instrumentation.

We also consolidate all the allocators into a single header
(xray_allocator.h) which sidestep the use of the internal allocator
implementation in sanitizer_common.

This addresses more cases mentioned in llvm.org/PR38577.

Reviewers: mboerger, eizan

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D51776

llvm-svn: 341647
2018-09-07 10:16:14 +00:00
Alexander Potapenko f1510528dd [MSan] Define %clang_kmsan for KMSAN tests
llvm-svn: 341638
2018-09-07 09:17:12 +00:00
Jonathan Metzman 3ab0ee4d9b [libfuzzer] Enable trace-malloc-unballanced.test on Windows.
Summary:
Enables trace-malloc-unbalanced.test on Windows, fixing two problems it had with Windows before.
The first fix is specifying python instead of relying on a script's shebang since they can't be used on Windows.
The second fix is making the regex tolerate windows' implementation of the "%p" format string.

Reviewers: Dor1s

Reviewed By: Dor1s

Subscribers: morehouse

Differential Revision: https://reviews.llvm.org/D51760

llvm-svn: 341632
2018-09-07 04:28:54 +00:00
Kostya Serebryany 6fdfd6a34f [hwasan] relax the rint-memory-usage.c test further
llvm-svn: 341625
2018-09-07 01:36:34 +00:00
Jonathan Metzman 6167c4ee74 [libfuzzer] Use cl driver mode for tests and enable another test on Windows
Summary:
When targeting MSVC: compile using clang's cl driver mode (this is needed for
libfuzzer's exit_on_src_pos feature). Don't use -lstdc++ when linking,
it isn't needed and causes a warning.
On Windows: Fix exit_on_src_pos.test by making sure debug info isn't
overwritten during compilation of second binary by using .exe extension.

Reviewers: morehouse

Reviewed By: morehouse

Subscribers: aprantl, JDevlieghere

Differential Revision: https://reviews.llvm.org/D51757

llvm-svn: 341622
2018-09-07 01:11:31 +00:00
Kostya Serebryany 93ce8b24d5 [hwasan] make the print-memory-usage.c less agressive: do not assume that malloc can't happen before main
llvm-svn: 341615
2018-09-07 00:38:31 +00:00
Evgeniy Stepanov 5b332abd66 [hwasan] Fix malloc overflow detection.
Check size limit before rounding up, otherwise malloc((size_t)-1)
would happily allocate 0 bytes.

Steal a nice test case from scudo.

llvm-svn: 341612
2018-09-07 00:27:11 +00:00
Kostya Serebryany f9ec62cb3a [hwasan] change the thread list so that main_thread can also be removed
llvm-svn: 341610
2018-09-07 00:16:55 +00:00
Evgeniy Stepanov fe4808eba7 [hwasan] Remove allocator interceptors.
Summary:
When building without COMPILER_RT_HWASAN_WITH_INTERCEPTORS, skip
interceptors for malloc/free/etc and only export their versions with
__sanitizer_ prefix.

Also remove a hack in mallinfo() interceptor that does not apply to
hwasan.

Reviewers: kcc

Subscribers: kubamracek, krytarowski, llvm-commits

Differential Revision: https://reviews.llvm.org/D51711

llvm-svn: 341598
2018-09-06 22:53:08 +00:00
Kostya Serebryany f1f556c179 [hwasan] fix pthread_exit
llvm-svn: 341594
2018-09-06 22:13:43 +00:00
Kostya Serebryany 950a1a3936 [hwasan] introduce __hwasan_print_memory_usage
llvm-svn: 341592
2018-09-06 22:08:41 +00:00
Jonathan Metzman c239482207 [libfuzzer] Correct typo in comment (test commit).
Differential Revision: https://reviews.llvm.org/D51739

llvm-svn: 341569
2018-09-06 17:50:01 +00:00
Max Moroz a39da2f8ca [libfuzzer] Fix fuzzer-oom.test on windows and reenable it.
Summary: Patch by Jonathan Metzman (@metzman).

Reviewers: Dor1s, morehouse

Reviewed By: Dor1s

Subscribers: delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D51735

llvm-svn: 341562
2018-09-06 16:48:18 +00:00
Alexander Potapenko 7f270fcf0a [MSan] store origins for variadic function parameters in __msan_va_arg_origin_tls
Add the __msan_va_arg_origin_tls TLS array to keep the origins for variadic function parameters.
Change the instrumentation pass to store parameter origins in this array.

This is a reland of r341528.

test/msan/vararg.cc doesn't work on Mips, PPC and AArch64 (because this
patch doesn't touch them), XFAIL these arches.
Also turned out Clang crashed on i80 vararg arguments because of
incorrect origin type returned by getOriginPtrForVAArgument() - fixed it
and added a test.

llvm-svn: 341554
2018-09-06 15:14:36 +00:00
Alexander Potapenko ac6595bd53 [MSan] revert r341528 to unbreak the bots
llvm-svn: 341541
2018-09-06 12:19:27 +00:00
Tim Northover 8f141016ee ARM: wrap call to __clzsi2 so that the name is correct on MachO.
MachO symbols are prefixed with an extra '_' (that's 3 in total for this
function), so assembly calls have to go through a wrapper to insert any prefix
needed.

llvm-svn: 341540
2018-09-06 12:13:46 +00:00
Alexander Potapenko 1a10ae0def [MSan] store origins for variadic function parameters in __msan_va_arg_origin_tls
Add the __msan_va_arg_origin_tls TLS array to keep the origins for
variadic function parameters.
Change the instrumentation pass to store parameter origins in this array.

llvm-svn: 341528
2018-09-06 08:50:11 +00:00
Max Moroz 48d1398b36 [libfuzzer] Temporarily disable unittests failing on Windows.
Summary:
Patch by Jonathan Metzman (@metzman).


Reviewers: morehouse, Dor1s

Reviewed By: Dor1s

Subscribers: kcc, delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D51712

llvm-svn: 341514
2018-09-06 02:54:47 +00:00
Kostya Serebryany 68902c7050 [hwasan] when verbose_threads==1, print the memory usage per thread
llvm-svn: 341507
2018-09-05 23:52:31 +00:00
Kostya Serebryany b29d42ee31 [hwasan] simplify the code, NFC
llvm-svn: 341501
2018-09-05 23:22:38 +00:00
Evgeniy Stepanov 6afce6a438 [hwasan] Don't handle signals on Android.
Sigtrap is used for error reporting, but all other signals are better
left for the platform.

In particular, sanitizer signal handlers do not dump registers or
memory which makes debugging harder for no good reason.

llvm-svn: 341500
2018-09-05 22:46:19 +00:00
Matt Morehouse 02f3ad81c3 [libfuzzer] Replace memmem with strstr.
Summary: Memmem is not available on Windows.

Patch By: metzman

Reviewers: morehouse

Reviewed By: morehouse

Subscribers: george.karpenkov, morehouse

Differential Revision: https://reviews.llvm.org/D51692

llvm-svn: 341495
2018-09-05 21:03:43 +00:00
Kostya Serebryany 3daf3e7072 [hwasan] deflake a test
llvm-svn: 341480
2018-09-05 16:09:53 +00:00
Max Moroz 651abaf536 Enable symbolize-deadlock.test on Windows
Summary:
Remove unneeded #include of <unistd.h> from SymbolizeDeadlock.cpp to
enable compilation on Windows and enable symbolize-deadlock.test on
Windows.

Patch by Jonathan Metzman (@metzman).

Reviewers: Dor1s

Reviewed By: Dor1s

Subscribers: kcc, delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D51685

llvm-svn: 341473
2018-09-05 14:43:38 +00:00
David Carlier c3d1d107ff [Xray] Darwin providing defined value for weak symbols to fix linkage issue
- Temporary hack to make the buildbot failure stop on Darwin.

llvm-svn: 341445
2018-09-05 05:18:34 +00:00
Brian Cain 416296b8f7 Add glibc_prereq to platform limits mmsghdr
sendmmsg requires glibc >= 2.14.

Fixes PR38589.

Review: https://reviews.llvm.org/D51538
llvm-svn: 341442
2018-09-05 02:15:54 +00:00
Kostya Serebryany ee0e2f8323 [hwasan] revert r341435 as it breaks the bot on aarch64
llvm-svn: 341441
2018-09-05 01:29:08 +00:00
Kostya Serebryany c12cc9b85c [hwasan] fix colored output
llvm-svn: 341440
2018-09-05 01:27:48 +00:00
Kostya Serebryany 5d05be84b7 [hwasan] print thread IDs when reporting a bug (also had to fix pthread_create on Linux)
llvm-svn: 341438
2018-09-05 01:16:50 +00:00
Kostya Serebryany 9fbedcad71 [hwasan] use real TLS on linux to store the current thread -- this way we can call t->Destroy in __hwasan_thread_exit, same as on Android
llvm-svn: 341435
2018-09-05 00:17:23 +00:00
Kostya Serebryany 2768b52117 [hwasan] simplify the code, NFC
llvm-svn: 341432
2018-09-05 00:01:45 +00:00
Kostya Serebryany c551220de8 [hwasan] remove stale Thread:: data members. While doing so noticed that GetThreadStackAndTls was always called with 'at_initialization=true', fixed that.
llvm-svn: 341431
2018-09-04 23:57:09 +00:00
Kostya Serebryany 3d8f49a6bf [hwasan] add a unique id to a thread and add debug prints for thread creation/destruction
llvm-svn: 341428
2018-09-04 23:26:08 +00:00
Kostya Serebryany 470db78115 [sanitizer] optimize internal_memset for the most performance critical case (16-byte-aligned)
llvm-svn: 341420
2018-09-04 22:43:30 +00:00
Matt Morehouse 24568789c4 [libFuzzer] Enable tests on Windows
Summary:
Enable tests on Windows and make check-fuzzer pass on it.  Make
check-fuzzer pass on Windows by fixing libFuzzer, fixing tests, and by
disabling tests on Windows. Most of these are disabled temporarily as
support for the tests and the features they test will be added
incrementally.  Other tests will not be enabled since they require
things that are not on Windows (eg: afl_driver tests).  Every test
that was explicitly disabled on Windows has a comment explaining why
(unless obvious like merge-posix.test).

The lit.cfg file was modified to support running tests on windows.
fuzzer-dirs.test was fixed by making the Windows implementation print
the same error message as the posix version.
merge-control-file.test was fixed by making the test binary end with
the ".exe" extension (on all platforms).

Patch By: metzman

Reviewers: morehouse

Reviewed By: morehouse

Subscribers: srhines, mgorny

Differential Revision: https://reviews.llvm.org/D51549

llvm-svn: 341385
2018-09-04 17:08:47 +00:00
Matt Morehouse facfb70d90 [TSan] Update assembly test again.
Previous commit incorrectly updated the read1 case.

llvm-svn: 341384
2018-09-04 17:04:30 +00:00
Matt Morehouse 876d382cf3 [TSan] Update assembly code check.
The new assembly makes our benchmark faster, so it should be safe to
update the check.

llvm-svn: 341381
2018-09-04 16:34:26 +00:00
Dan Liew 257f375f0c [asan] Clean up some confusing code in
`test/asan/TestCases/Darwin/segv_read_write.c`

* The `fd` arg passed to `mmap()` should be `-1`. It is not defined
what passing `0` does on Darwin.

* The comment about the shadow memory doesn't make any sense to me,
so I'm removing it.

Differential Revision: https://reviews.llvm.org/D44579

llvm-svn: 341307
2018-09-03 10:33:32 +00:00
Dan Liew 7294c0563c [UBSan] Add CMake and lit support for configuring and running UBSan
tests for ios, watchos, tvos, and their simulator counterparts.

This commit does not make the tests actually pass. This will be handled
in later commits.

rdar://problem/41126835

Differential Revision: https://reviews.llvm.org/D51270

llvm-svn: 341306
2018-09-03 10:30:10 +00:00
Dan Liew d96d5e9046 Give a better error message when trying to run the iossim tests and `SANITIZER_IOSSIM_TEST_DEVICE_IDENTIFIER` is not set in the environment.
Summary: Give a better error message when trying to run the iossim tests and `SANITIZER_IOSSIM_TEST_DEVICE_IDENTIFIER` is not set in the environment.

Reviewers: kubamracek, george.karpenkov

Subscribers: #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D51272

llvm-svn: 341300
2018-09-03 08:40:19 +00:00
Dan Liew 5eb532bb5d [UBSan] Propagate `UBSAN_OPTIONS` environment variable when running ios simulator tests.
rdar://problem/41126835

Reviewers: kubamracek, vsk, george.karpenkov

Subscribers: #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D51273

llvm-svn: 341299
2018-09-03 08:37:42 +00:00
Dan Liew 4218a00697 [UBSan] Add missing `%run` prefixes to Pointer tests.
Summary: rdar://problem/41126835

Reviewers: vsk, kubamracek

Subscribers: #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D51271

llvm-svn: 341298
2018-09-03 08:33:24 +00:00
David Carlier fb58ea1b80 Fix buildbot test
llvm-svn: 341286
2018-09-02 10:52:43 +00:00
David Carlier e858aa6565 [Sanitizer] openbsd build fix
sysctl has a different signature under OpenBSD

Reviewers: krytarowski

Reviewed By: krytarowski

Differential Revision: https://reviews.llvm.org/D51572

llvm-svn: 341285
2018-09-02 09:08:50 +00:00
Evgeniy Stepanov 5abf7d90ac [hwasan] Fix new[] with zero size.
Fixes "allocator is out of memory trying to allocate 0x0 bytes" by
always allocating at least one byte.

llvm-svn: 341229
2018-08-31 17:49:49 +00:00
Kamil Rytarowski 43b15cddac Try to unbreak internal_sysctl() for MacOSX
Cast the 5th argument to (void *), removing cast.

llvm-svn: 341192
2018-08-31 09:35:33 +00:00
Kamil Rytarowski 1125e78045 Try to fix internal_sysctl() for MacOSX
Cast the first argument to (int *) removing const.

llvm-svn: 341187
2018-08-31 08:51:29 +00:00
Kamil Rytarowski 6c3f626378 Improve portability of internal_sysctl()
Add an explicit cast from uptr to size_t to prevent potential type mismatch.

llvm-svn: 341183
2018-08-31 08:24:23 +00:00
Kamil Rytarowski 935203306f Add internal_sysctl() used by FreeBSD, NetBSD, OpenBSD and MacOSX
Summary:
Switch local sysctl(2) calls to internal_sysctl().

This is a preparation for introduction of interceptors for
the sysctl*() family of functions and switching `internal_sysctl*()`
to libc calls bypassing interceptors.

No functional change intended with this revision.

Reviewers: vitalybuka, joerg, kcc

Reviewed By: vitalybuka

Subscribers: kubamracek, llvm-commits, #sanitizers

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D51425

llvm-svn: 341181
2018-08-31 08:10:06 +00:00
Kostya Serebryany f0965c3af4 [hwasan] move code around to remove an opaque class definition (HwasanThreadLocalMallocStorage) that had incorrect size and used 10x more than needed RAM (500K instead of 50K per thread)
llvm-svn: 341170
2018-08-31 06:08:48 +00:00
Kostya Serebryany bca94773b7 [hwasan] simplify the code, NFC
llvm-svn: 341166
2018-08-31 05:55:18 +00:00
Kostya Serebryany 60746d91c1 [hwasan] more heap-buffer-overflow tests
llvm-svn: 341162
2018-08-31 05:05:01 +00:00
Kostya Serebryany 53cb061b32 [hwasan] report heap-buffer-overflow location, once, not once per each live thread
llvm-svn: 341160
2018-08-31 03:29:09 +00:00
Kostya Serebryany 1e2ec57803 [hwasan] properly report heap-buffer-overflow
llvm-svn: 341159
2018-08-31 03:18:31 +00:00
Kostya Serebryany e775a3ee42 [hwasan] fix the build on Linux Ubuntu 14.04. We don't need __hwasan_shadow on Linux at all
llvm-svn: 341158
2018-08-31 02:38:23 +00:00
Kostya Serebryany f8be3fa5b6 [hwasan] make malloc(0) return nullptr, add basic address description for stack addresses
llvm-svn: 341156
2018-08-31 01:38:00 +00:00
Kostya Serebryany 347b989cef [hwasan] fix the linux-only pthread_create interceptor and reinstate the two threaded tests
llvm-svn: 341143
2018-08-30 23:22:26 +00:00
Kostya Serebryany e6507f02a0 [hwasan] use thread-local ring buffers to properly report heap-use-after-free
llvm-svn: 341133
2018-08-30 22:11:56 +00:00
Kostya Serebryany 8f0f36b83f [hwasan] temporarily remove two tests to silence the bots
llvm-svn: 341129
2018-08-30 22:07:09 +00:00
Kostya Serebryany c359d9b8fa [hwasan] simplify the thread hangling: instead of the ThreadRegistry (too heavy) simply maintain a linked list of Threads
llvm-svn: 341111
2018-08-30 20:15:39 +00:00
David Carlier bdab89b228 [Xray] Darwin fix variable typo
llvm-svn: 341090
2018-08-30 18:12:47 +00:00
Matt Morehouse 7e042bb1d1 [libFuzzer] Port to Windows
Summary:
Port libFuzzer to windows-msvc.
This patch allows libFuzzer targets to be built and run on Windows, using -fsanitize=fuzzer and/or fsanitize=fuzzer-no-link. It allows these forms of coverage instrumentation to work on Windows as well.
It does not fix all issues, such as those with -fsanitize-coverage=stack-depth, which is not usable on Windows as of this patch.
It also does not fix any libFuzzer integration tests. Nearly all of them fail to compile, fixing them will come in a later patch, so libFuzzer tests are disabled on Windows until them.

Patch By: metzman

Reviewers: morehouse, rnk

Reviewed By: morehouse, rnk

Subscribers: #sanitizers, delcypher, morehouse, kcc, eraman

Differential Revision: https://reviews.llvm.org/D51022

llvm-svn: 341082
2018-08-30 15:54:44 +00:00
David Carlier e4c372c4a4 [Xray] Darwin improving slightly the support
using sysctl to get the tic frequency data.
still linkage issue for X-ray_init not resolved.

Reviewers: dberris, kubamracek

Reviewed By: dberris

Differential Revision: https://reviews.llvm.org/D51399

llvm-svn: 341019
2018-08-30 05:55:27 +00:00
Petr Hosek 6518929569 [sanitizer] Transition to new _zx_vmar_... calls
Now that all _zx_vmar_... calls have been updated, we can undo the
change made in r337801 and switch over to the new calls.

Differential Revision: https://reviews.llvm.org/D51468

llvm-svn: 341011
2018-08-30 01:27:26 +00:00
Kostya Serebryany a4132df0ee [hwasan] add a simple threaded UAF test, make it work on x86 (need to disable tagging in malloc with inside pthread_create)
llvm-svn: 341007
2018-08-30 00:44:55 +00:00
Kostya Serebryany d0cd2db23b [hwasan] add basic ThreadRegistry plumbing, also rename HwasanThread to Thread
llvm-svn: 341005
2018-08-30 00:13:20 +00:00
Kostya Serebryany a050a8da03 [hwasan] remove even more stale code
llvm-svn: 340989
2018-08-29 22:54:52 +00:00
Kostya Serebryany 87bc568eca [hwasan] remove more stale code
llvm-svn: 340985
2018-08-29 22:47:53 +00:00
Kostya Serebryany 1e4498869d [hwasan] get rid of some macros, remove the fixed shadow mapping
llvm-svn: 340983
2018-08-29 22:42:16 +00:00
Kostya Serebryany 5d26313ce0 [hwasan] formatting change, NFC
llvm-svn: 340980
2018-08-29 22:23:34 +00:00
Kostya Serebryany ab62b59a76 [hwasan] rename some variables and functions for better readability, NFC
llvm-svn: 340979
2018-08-29 22:21:22 +00:00
Max Moroz 8c95b48ba2 [libFuzzer] Remove mutation stats and weighted mutation selection.
Summary:
This was an experimental feature. After evaluating it with:

1) https://github.com/google/fuzzer-test-suite/tree/master/engine-comparison

2) enabling on real world fuzz targets running at ClusterFuzz and OSS-Fuzz

The following conclusions were made:

1) With fuzz targets that have reached a code coverage plateau, the feature does
   not improve libFuzzer's ability to discover new coverage and may actually
   negatively impact it.

2) With fuzz targets that have not yet reached a code coverage plateau, the
   feature might speed up new units discovery in some cases, but it is quite
   rare and hard to confirm with a high level on confidence.

Revert of https://reviews.llvm.org/D48054 and https://reviews.llvm.org/D49621.

Reviewers: metzman, morehouse

Reviewed By: metzman, morehouse

Subscribers: delcypher, #sanitizers, llvm-commits, kcc

Differential Revision: https://reviews.llvm.org/D51455

llvm-svn: 340976
2018-08-29 21:53:15 +00:00
Kostya Serebryany fd48b7d558 [hwasan] simplify the realloc implementation: always allocate/deallocate on realloc. This may slowdown some realloc-heavy code, but at least at this point a want simpler code. Also added a test
llvm-svn: 340973
2018-08-29 21:28:14 +00:00
Kostya Serebryany 51e1a83850 Add a thread-local ring buffer of heap allocations
Summary:
We need this in order to properly report heap-use-after-free,
since we don't have a quarantine.

This is a first part of the code, more like a proof of concept.
But I'd like to commit at as is and proceed with refactoring,
adding a ThreadRegistry, and extending the functionality.

Reviewers: eugenis

Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D51394

llvm-svn: 340971
2018-08-29 21:07:07 +00:00
Kostya Serebryany d709a36084 [sanitizer] reapply r340884 'Add a RingBuffer class to sanitizer_common', with fixes for Windows
llvm-svn: 340969
2018-08-29 21:00:01 +00:00
Kostya Kortchinsky 65e1bcf2b2 [sanitizer] Revert D50940
Summary:
The previous version of the patch makes some code unable to distinguish
failure to map address 0 and error.
Revert to turn the bots back to green while figuring out a new approach.

Reviewers: eugenis

Reviewed By: eugenis

Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D51451

llvm-svn: 340957
2018-08-29 19:41:28 +00:00
Matt Morehouse cf311cfc20 Revert "[libFuzzer] Port to Windows"
This reverts r340949 due to bot breakage again.

llvm-svn: 340954
2018-08-29 18:40:41 +00:00
Matt Morehouse 245ebd71ef [libFuzzer] Port to Windows
Summary:
Port libFuzzer to windows-msvc.
This patch allows libFuzzer targets to be built and run on Windows, using -fsanitize=fuzzer and/or fsanitize=fuzzer-no-link. It allows these forms of coverage instrumentation to work on Windows as well.
It does not fix all issues, such as those with -fsanitize-coverage=stack-depth, which is not usable on Windows as of this patch.
It also does not fix any libFuzzer integration tests. Nearly all of them fail to compile, fixing them will come in a later patch, so libFuzzer tests are disabled on Windows until them.

Reviewers: morehouse, rnk

Reviewed By: morehouse, rnk

Subscribers: #sanitizers, delcypher, morehouse, kcc, eraman

Differential Revision: https://reviews.llvm.org/D51022

llvm-svn: 340949
2018-08-29 18:08:34 +00:00
Hans Wennborg 61cbae90a5 Revert r340884 "Add a RingBuffer class to sanitizer_common"
The test doesn't pass on Windows, where sizeof(long) == 4 also
on 64-bit, and so it isn't a multiple of sizeof(void*).

This also reverts the follow-up r340886.

> Summary: a constrained RingBuffer optimized for fast push
>
> Reviewers: eugenis
>
> Reviewed By: eugenis
>
> Subscribers: kubamracek, mgorny, delcypher, #sanitizers, llvm-commits
>
> Differential Revision: https://reviews.llvm.org/D51196

llvm-svn: 340924
2018-08-29 12:40:29 +00:00
Kamil Rytarowski d1c1e036ae Introduce new type for inteceptors UINTMAX_T
Summary:
The UINTMAX_T type will be used in new interceptors.

While there, correct the type of strtoumax(3) from INTMAX_T to UINTMAX_T.

Original patch from Yang Zheng.

Reviewers: vitalybuka, kcc, joerg

Reviewed By: vitalybuka

Subscribers: kubamracek, llvm-commits, tomsun.0.7, #sanitizers

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D51106

llvm-svn: 340907
2018-08-29 09:11:17 +00:00
Kostya Serebryany 67d0488934 [sanitizer] fix a test
llvm-svn: 340886
2018-08-28 23:50:59 +00:00
Kostya Serebryany 66eefee7ed Add a RingBuffer class to sanitizer_common
Summary: a constrained RingBuffer optimized for fast push

Reviewers: eugenis

Reviewed By: eugenis

Subscribers: kubamracek, mgorny, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D51196

llvm-svn: 340884
2018-08-28 23:32:56 +00:00
Matt Morehouse bab8556f01 Revert "[libFuzzer] Port to Windows"
This reverts commit r340860 due to failing tests.

llvm-svn: 340867
2018-08-28 19:07:24 +00:00
Matt Morehouse c6fff3b6f5 [libFuzzer] Port to Windows
Summary:
Port libFuzzer to windows-msvc.
This patch allows libFuzzer targets to be built and run on Windows, using -fsanitize=fuzzer and/or fsanitize=fuzzer-no-link. It allows these forms of coverage instrumentation to work on Windows as well.
It does not fix all issues, such as those with -fsanitize-coverage=stack-depth, which is not usable on Windows as of this patch.
It also does not fix any libFuzzer integration tests. Nearly all of them fail to compile, fixing them will come in a later patch, so libFuzzer tests are disabled on Windows until them.

Patch By: metzman

Reviewers: morehouse, rnk

Reviewed By: morehouse, rnk

Subscribers: morehouse, kcc, eraman

Differential Revision: https://reviews.llvm.org/D51022

llvm-svn: 340860
2018-08-28 18:34:32 +00:00
Vlad Tsyrklevich 03f89d3c5e SafeStack: Fix thread liveness check on *BSD
Summary:
The Linux/BSD system call interfaces report errors differently, use the
internal_iserror() function to correctly check errors on either.

Reviewers: eugenis

Reviewed By: eugenis

Subscribers: delcypher, llvm-commits, #sanitizers, krytarowski, kcc, devnexen

Differential Revision: https://reviews.llvm.org/D51368

llvm-svn: 340856
2018-08-28 18:30:03 +00:00
Dean Michael Berris 6b1e125db9 [XRay][compiler-rt] Remove uses of internal allocator in profiling mode
Summary:
This change removes further cases where the profiling mode
implementation relied on dynamic memory allocation. We're using
thread-local aligned (uninitialized) memory instead, which we initialize
appropriately with placement new.

Addresses llvm.org/PR38577.

Reviewers: eizan, kpw

Subscribers: jfb, llvm-commits

Differential Revision: https://reviews.llvm.org/D51278

llvm-svn: 340814
2018-08-28 10:41:10 +00:00
Dean Michael Berris bb6aa92c31 [XRay][compiler-rt] Stash flags as well in x86_64 trampoline
Summary:
This change saves and restores the full flags register in x86_64 mode.
This makes running instrumented signal handlers safer, and avoids flags
set during the execution of the event handlers from polluting the
instrumented call's flags state.

Reviewers: kpw, eizan, jfb

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D51277

llvm-svn: 340812
2018-08-28 10:32:50 +00:00
Vitaly Buka dd4c14e4dd [lsan] Check that leak sanitizer works in the forked process
Regression test for PR38698

llvm-svn: 340769
2018-08-27 19:15:05 +00:00
Petr Hosek 118dc299f9 [sanitizer][fuzzer] Transition back to ZX_TIME_INFINITE
Now that all Zircon calls have been transitioned to take time as signed
value, we can transition back to ZX_TIME_INFINITE, undoing the change
made in r337802.

Differential Revision: https://reviews.llvm.org/D51266

llvm-svn: 340764
2018-08-27 17:51:52 +00:00
Vitaly Buka d833acdb5f Revert "[lsan] Do not check for leaks in the forked process"
Users need leak reports in forks.

This reverts commit r334036.

llvm-svn: 340758
2018-08-27 17:26:28 +00:00
Kostya Kortchinsky 9920489a2a [scudo] Replace eraseHeader with compareExchangeHeader for Quarantined chunks
Summary:
The reason for the existence of `eraseHeader` was that it was deemed faster
to null-out a chunk header, effectively making it invalid, rather than marking
it as available, which incurred a checksum computation and a cmpxchg.

A previous use of `eraseHeader` was removed with D50655 due to a race.

Now we remove the second use of it in the Quarantine deallocation path and
replace is with a `compareExchangeHeader`.

The reason for this is that greatly helps debugging some heap bugs as the chunk
header is now valid and the chunk marked available, as opposed to the header
being invalid. Eg: we get an invalid state error, instead of an invalid header
error, which reduces the possibilities. The computational penalty is negligible.

Reviewers: alekseyshl, flowerhack, eugenis

Reviewed By: eugenis

Subscribers: delcypher, jfb, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D51224

llvm-svn: 340633
2018-08-24 18:21:32 +00:00
David Carlier 60251a5eb7 [Sanitizer] implementing remaining function under OSX
- GetRandom and GetnumberOfCPUs using sys call for the former.
- enabling unit tests for the other oses.

Reviewers: kubamracek

Reviewed By: kubamracek

Differential Revision: https://reviews.llvm.org/D50937

llvm-svn: 340621
2018-08-24 16:53:06 +00:00
Kostya Serebryany a7c3846a2e [hwasan] implement detection of realloc-after-free
llvm-svn: 340593
2018-08-24 01:44:17 +00:00
Kostya Serebryany c5f98d2ab2 [hwasan] implement detection of double-free (invalid-free)
llvm-svn: 340591
2018-08-24 01:12:26 +00:00
Kuba Mracek 9f690839d6 [sanitizer] Don't call task_for_pid(mach_task_self). NFC.
Calling task_for_pid with mach_task_self is just returning mach_task_self anyway, but it also triggers system warnings (task_for_pid is only supposed to be used by high-privileged executables). NFC.

rdar://problem/39198248

Differential Revision: https://reviews.llvm.org/D51119

llvm-svn: 340587
2018-08-23 22:55:58 +00:00
Kostya Kortchinsky 14b838a1ca [sanitizer] Change Mmap*NoAccess to return nullptr on error
Summary:
`MmapNoAccess` & `MmapFixedNoAccess` return directly the result of
`internal_mmap`, as opposed to other Mmap functions that return nullptr.

This inconsistency leads to some confusion for the callers, as some check for
`~(uptr)0` (`MAP_FAILED`) for failure (while it can fail with `-ENOMEM` for
example).

Two potential solutions: change the callers, or make the functions return
`nullptr` on failure to follow the precedent set by the other functions.
The second option looked more appropriate to me.

Correct the callers that were wrongly checking for `~(uptr)0` or
`MAP_FAILED`.

TODO for follow up CLs:
- There are a couple of `internal_mmap` calls in XRay that check for
  MMAP_FAILED as a result as well (cc: @dberris); they should use
  `internal_iserror`;


Reviewers: eugenis, alekseyshl, dberris, kubamracek

Reviewed By: alekseyshl

Subscribers: kristina, kubamracek, delcypher, #sanitizers, dberris, llvm-commits

Differential Revision: https://reviews.llvm.org/D50940

llvm-svn: 340576
2018-08-23 21:13:39 +00:00
Kostya Serebryany e2efbbe571 [hwasan] make error reporting look more like in asan, print the memory tag around the buggy access, simplify one test
llvm-svn: 340470
2018-08-22 22:55:16 +00:00
Kostya Serebryany bb4cf6e1e1 [hwasan] remove stale data field
llvm-svn: 340442
2018-08-22 19:47:19 +00:00
Kuba Mracek 986f03c2ea [tsan] Adjust setjmp/longjmp handling on Darwin for macOS Mojave
On macOS Mojave, the OS started using the XOR-by-a-secret-key scheme (same as glibc is alread doing) for storing the SP value in setjmp environment. We need to adjust for that to keep supporting setjmp/longjmp on latest Darwin. The patch is basically doing the same what we're already doing for glibc.

rdar://problem/43542596

Differential Revision: https://reviews.llvm.org/D51064

llvm-svn: 340350
2018-08-21 22:35:52 +00:00
Kuba Mracek 22d1a2789a Fixup for r340342: Avoid Block_release'ing the block since we're no longer making a copy.
rdar://problem/42242579

llvm-svn: 340347
2018-08-21 22:03:28 +00:00
Kuba Mracek faef7d034a [tsan] Avoid calling Block_copy in the "sync" GCD interceptors
The synchronous dispatch functions in GCD (dispatch_sync, dispatch_barrier_sync), don't make a copy of the passed block. To maintain binary compatibility, we should avoid doing that as well in TSan, as there's no reason to do that. The synchronous dispatch functions will not return before the block is actually executed.

rdar://problem/42242579

Differential Revision: https://reviews.llvm.org/D50920

llvm-svn: 340342
2018-08-21 21:24:22 +00:00
Vlad Tsyrklevich f6c701054e SafeStack: Use correct unsafe stack sizes
Summary:
When deallocating thread stacks, we use one thread's unsafe stack size
to deallocate another thread's unsafe stack; however, the two sizes may
differ. Record an unsafe stack's size in the thread stack linked list.

Reviewers: pcc, eugenis

Reviewed By: eugenis

Subscribers: delcypher, llvm-commits, #sanitizers, kcc

Differential Revision: https://reviews.llvm.org/D51016

llvm-svn: 340308
2018-08-21 17:29:01 +00:00
Evgeniy Stepanov 4f0e10fff9 [hwasan] Add a (almost) no-interceptor mode.
Summary:
The idea behind this change is to allow sanitization of libc. We are prototyping on Bionic,
but the tool interface will be general enough (or at least generalizable) to support any other libc.

When libc depends on libclang_rt.hwasan, the latter can not interpose libc functions.
In fact, majority of interceptors become unnecessary when libc code is instrumented.

This change gets rid of most hwasan interceptors and provides interface for libc to notify
hwasan about thread creation and destruction events. Some interceptors (pthread_create)
are kept under #ifdef to enable testing with uninstrumented libc. They are expressed in
terms of the new libc interface.

The new cmake switch, COMPILER_RT_HWASAN_WITH_INTERCEPTORS, ON by default, builds testing
version of the library with the aforementioned pthread_create interceptor.
With the OFF setting, the library becomes more of a libc plugin.

Reviewers: vitalybuka, kcc, jfb

Subscribers: srhines, kubamracek, mgorny, jfb, llvm-commits

Differential Revision: https://reviews.llvm.org/D50922

llvm-svn: 340216
2018-08-20 21:49:15 +00:00
Kostya Kortchinsky 7515e75bc2 [sanitizer] Use private futex operations for BlockingMutex
Summary:
Use `FUTEX_PRIVATE_FLAG` in conjunction with the wait & wake operations
employed by `BlockingMutex`. As far as I can tell, the mutexes are
process-private, and there is an actual performance benefit at employing the
private operations. There should be no downside to switching to it.

Reviewers: eugenis, alekseyshl, dvyukov

Reviewed By: dvyukov

Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D50910

llvm-svn: 340178
2018-08-20 14:57:58 +00:00
Fangrui Song b2f8ba0dec [msan] Remove XFAIL: freebsd from test/msan/tls_reuse.cc
This passes now.

llvm-svn: 340132
2018-08-18 23:25:55 +00:00
Kuba Mracek 2b93dfe0ad [sanitizer] When setting up shadow memory on iOS, fix handling the return value of task_info on older OS versions
task_vm_info is a "revisioned" structure, new OS versions add fields to the end, and compatibility is based on the reported size. On older OS versions, min_address/max_address is not filled back. Let's handle that case. Unfortunately, we can't really write a test (as the failure only happens when on a specific OS version).

Differential Revision: https://reviews.llvm.org/D50275

llvm-svn: 340058
2018-08-17 17:53:14 +00:00
Roman Lebedev 630fa0ee87 [NFC] Some small test updates for Implicit Conversion sanitizer.
Split off from D50251.

llvm-svn: 339996
2018-08-17 07:33:38 +00:00
Dean Michael Berris 21d4a1eec7 [XRay][compiler-rt] Avoid InternalAlloc(...) in Profiling Mode
Summary:
We avoid using dynamic memory allocated with the internal allocator in
the profile collection service used by profiling mode. We use aligned
storage for globals and in-struct storage of objects we dynamically
initialize.

We also remove the dependency on `Vector<...>` which also internally
uses the dynamic allocator in sanitizer_common (InternalAlloc) in favour
of the XRay allocator and segmented array implementation.

This change addresses llvm.org/PR38577.

Reviewers: eizan

Reviewed By: eizan

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D50782

llvm-svn: 339978
2018-08-17 01:57:42 +00:00
Matt Morehouse be57e8e328 Revert "[libFuzzer] Use std::discrete_distribution for input selection."
This reverts r339973 due to msan.test failing on
sanitizer-x86_64-linux-fuzzer bot.

llvm-svn: 339976
2018-08-17 01:30:27 +00:00
Matt Morehouse 0094d31f5b [libFuzzer] Use std::discrete_distribution for input selection.
Summary:
Since we're casting from double to size_t during input selection, we
really want a discrete distribution over size_t rather than a piecewise
distribution over doubles.

Reviewers: kcc

Reviewed By: kcc

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D50356

llvm-svn: 339973
2018-08-17 00:13:22 +00:00
Evgeniy Stepanov 37fb896572 Revert "Revert "[hwasan] Add __hwasan_handle_longjmp.""
This reapplies commit r339935 with the following changes:
* make longjmp test C, not C++, to avoid dependency on libc++/libstdc++
* untag pointer in memset interceptor

x86_64 does not have TBI, so hwasan barely works there. Tests must be carefully
written in a way that does not leak tagged pointer to system libraries.

llvm-svn: 339963
2018-08-16 23:17:14 +00:00
Evgeniy Stepanov 7f9b4af184 Revert "[hwasan] Add __hwasan_handle_longjmp."
This reverts commit 339935 which breaks hwasan tests on x86_64.

llvm-svn: 339957
2018-08-16 22:28:02 +00:00
Evgeniy Stepanov 628e766ca3 [hwasan] Enable Android logging.
Summary: Enable syslog as soon as the shadow is mapped.

Reviewers: vitalybuka, kcc

Subscribers: srhines, kubamracek, llvm-commits

Differential Revision: https://reviews.llvm.org/D50865

llvm-svn: 339950
2018-08-16 21:56:04 +00:00
Evgeniy Stepanov 8bb383f1fb [hwasan] Add __hwasan_handle_longjmp.
Summary:
A callback to annotate longjmp-like code.

Unlike __asan_handle_no_return, in hwasan we can not conservatively
"unpoison" the entire thread stack, because there is no such thing as
unpoisoned memory. Pointer and memory tags must always match.

Reviewers: vitalybuka, kcc

Subscribers: kubamracek, llvm-commits

Differential Revision: https://reviews.llvm.org/D50752

llvm-svn: 339935
2018-08-16 20:46:41 +00:00
Evgeniy Stepanov fa9f78553a [hwasan] Add malloc_fill_byte and free_fill_byte flags.
Reviewers: vitalybuka, kcc

Subscribers: kubamracek, llvm-commits

Differential Revision: https://reviews.llvm.org/D50753

llvm-svn: 339932
2018-08-16 20:13:09 +00:00
David Carlier 0a1e2f9f7e [Sanitizer] Fix build openbsd
- The alternative syscall exists only on FreeBSD.
- Adding OpenBSD's equivalent and while at it other
remaining oses ones.

Reviewers: vitalybuka, krytarowsky, hiraditya

Reviewed By: hiraditya

Differential Revision: https://reviews.llvm.org/D50760

llvm-svn: 339886
2018-08-16 15:54:38 +00:00
Dean Michael Berris 560c733815 [XRay][compiler-rt] Remove MAP_NORESERVE from XRay allocations
Summary:
This reverses an earlier decision to allow seg-faulting from the
XRay-allocated memory if it turns out that the system cannot provide
physical memory backing that cannot be swapped in/out on Linux.

This addresses http://llvm.org/PR38588.

Reviewers: eizan

Reviewed By: eizan

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D50831

llvm-svn: 339869
2018-08-16 12:19:03 +00:00
Peter Collingbourne dfd1c96d97 cfi: Remove blacklist entries for libc++.
These functions have had no-CFI annotations in the source code for
a while now.

llvm-svn: 339800
2018-08-15 18:05:55 +00:00
Evgeniy Stepanov a265a13bbe [hwasan] Add a basic API.
Summary:
Add user tag manipulation functions:
  __hwasan_tag_memory
  __hwasan_tag_pointer
  __hwasan_print_shadow (very simple and ugly, for now)

Reviewers: vitalybuka, kcc

Subscribers: kubamracek, hiraditya, llvm-commits

Differential Revision: https://reviews.llvm.org/D50746

llvm-svn: 339746
2018-08-15 00:39:35 +00:00
Matt Morehouse 0f22fac274 [SanitizerCoverage] Add associated metadata to PC guards.
Summary:
Without this metadata LLD strips unused PC table entries
but won't strip unused guards.  This metadata also seems
to influence the linker to change the ordering in the PC
guard section to match that of the PC table section.

The libFuzzer runtime library depends on the ordering
of the PC table and PC guard sections being the same.  This
is not generally guaranteed, so we may need to redesign
PC tables/guards/counters in the future.

Reviewers: eugenis

Reviewed By: eugenis

Subscribers: kcc, hiraditya, llvm-commits

Differential Revision: https://reviews.llvm.org/D50483

llvm-svn: 339733
2018-08-14 22:04:34 +00:00
Vlad Tsyrklevich 05ee22e31d Reland "SafeStack: Delay thread stack clean-up""
This relands commit r339405 (reverted in commit r339408.) The original
revert was due to tests failing on a darwin buildbot; however, after
looking at the affected code more I realized that the Darwin safestack
support has always been broken and disabled it in r339719. This relands
the original commit.

llvm-svn: 339723
2018-08-14 20:28:58 +00:00
Vlad Tsyrklevich a6446223e3 SafeStack: Disable Darwin support
Summary:
Darwin support does not appear to be used as evidenced by the fact that
the pthread interceptors have never worked and there is no support for
other common threading mechanisms like GCD.

Reviewers: pcc, eugenis, kubamracek

Reviewed By: pcc, kubamracek

Subscribers: kubamracek, mgorny, delcypher, llvm-commits, #sanitizers, kcc

Differential Revision: https://reviews.llvm.org/D50718

llvm-svn: 339719
2018-08-14 19:46:16 +00:00
Kostya Kortchinsky 3afc797e42 [scudo] Fix race condition in deallocation path when Quarantine is bypassed
Summary:
There is a race window in the deallocation path when the Quarantine is bypassed.
Initially we would just erase the header of a chunk if we were not to use the
Quarantine, as opposed to using a compare-exchange primitive, to make things
faster.

It turned out to be a poor decision, as 2 threads (or more) could simultaneously
deallocate the same pointer, and if the checks were to done before the header
got erased, this would result in the pointer being added twice (or more) to
distinct thread caches, and eventually be reused.

Winning the race is not trivial but can happen with enough control over the
allocation primitives. The repro added attempts to trigger the bug, with a
moderate success rate, but it should be enough to notice if the bug ever make
its way back into the code.

Since I am changing things in this file, there are 2 smaller changes tagging
along, marking a variable `const`, and improving the Quarantine bypass test at
runtime.

Reviewers: alekseyshl, eugenis, kcc, vitalybuka

Reviewed By: eugenis, vitalybuka

Subscribers: delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D50655

llvm-svn: 339705
2018-08-14 18:34:52 +00:00
Petr Hosek 39f0860743 [CMake] Don't parse target triple except for arch
compiler-rt CMake build currently tries to parse the triple and then
put it back together, but doing so inherently tricky, and doing so
from CMake is just crazy and currently doesn't handle triples that
have more than three components. Fortunatelly, the CMake really only
needs the architecture part, which is typically the first component,
to construct variants for other architectures. This means we can keep
the rest of the triple as is and avoid the parsing altogether.

Differential Revision: https://reviews.llvm.org/D50548

llvm-svn: 339701
2018-08-14 18:01:19 +00:00
Evgeniy Stepanov d8cc7f9f07 [hwasan] Provide __sanitizer_* aliases to allocator functions.
Summary:
Export __sanitizer_malloc, etc as aliases to malloc, etc.
This way users can wrap sanitizer malloc, even in fully static binaries.

Both jemalloc and tcmalloc provide similar aliases (je_* and tc_*).

Reviewers: vitalybuka, kcc

Subscribers: llvm-commits, kubamracek

Differential Revision: https://reviews.llvm.org/D50570

llvm-svn: 339614
2018-08-13 21:07:27 +00:00
Evgeniy Stepanov 753bc5496b [hwasan] Handle missing /proc/self/maps.
Summary:
Don't crash when /proc/self/maps is inaccessible from main thread.
It's not a big deal, really.

Reviewers: vitalybuka, kcc

Subscribers: kubamracek, llvm-commits

Differential Revision: https://reviews.llvm.org/D50574

llvm-svn: 339607
2018-08-13 20:04:48 +00:00
Evgeniy Stepanov c68be8d2d5 [hwasan] Allow optional early shadow setup.
Summary:
Provide __hwasan_shadow_init that can be used to initialize shadow w/o touching libc.
It can be used to bootstrap an unusual case of fully-static executable with
hwasan-instrumented libc, which needs to run hwasan code before it is ready to serve
user calls like madvise().

Reviewers: vitalybuka, kcc

Subscribers: kubamracek, llvm-commits

Differential Revision: https://reviews.llvm.org/D50581

llvm-svn: 339606
2018-08-13 19:57:11 +00:00
Kostya Kortchinsky 15acf26c5d [sanitizer] Remove st(X) from the clobber list in 32-bit x86 atomics
Summary:
When compiling with `WERROR=ON` & a recent clang, having the `st(?)` registers
in the clobber list produces a fatal error (except `st(7)` for some reason):
```
.../sanitizer_common/sanitizer_atomic_clang_x86.h:98:9: error: inline asm clobber list contains reserved registers: ST0, ST1, ST2, ST3, ST4, ST5, ST6 [-Werror,-Winline-asm]
        "movq %1, %%mm0;"  // Use mmx reg for 64-bit atomic moves
        ^
<inline asm>:1:1: note: instantiated into assembly here
        movq 8(%esp), %mm0;movq %mm0, (%esi);emms;
^
.../sanitizer_common/sanitizer_atomic_clang_x86.h:98:9: note: Reserved registers on the clobber list may not be preserved across the asm statement, and clobbering them may lead to undefined behaviour.
        "movq %1, %%mm0;"  // Use mmx reg for 64-bit atomic moves
        ^
<inline asm>:1:1: note: instantiated into assembly here
        movq 8(%esp), %mm0;movq %mm0, (%esi);emms;
^
```
As far as I can tell, they were in there due to the use of the `emms`
instruction, but removing the clobber doesn't appear to have a functional
impact. I am unsure if there is a better way to address this.

Reviewers: eugenis, vitalybuka

Reviewed By: vitalybuka

Subscribers: kubamracek, delcypher, jfb, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D50562

llvm-svn: 339575
2018-08-13 15:01:24 +00:00
Dan Liew 706005486f [CMake] Fix bug in `add_weak_symbols()` function.
Previously the the `weak_symbols.txt` files could be modified and the
build system wouldn't update the link flags automatically. Instead the
developer had to know to reconfigure CMake manually.

This is now fixed by telling CMake that the file being used to
read weak symbols from is a configure-time dependency.

Differential Revision: https://reviews.llvm.org/D50059

llvm-svn: 339559
2018-08-13 12:59:38 +00:00
Evgeniy Stepanov 2339dc2397 [hwasan] Remove liblog dependency.
HWASan will not run on older Android releases where we use
__android_log_write for logging.

This dependency is also harmful in the case when libc itself depends
on hwasan, because it creates a loop of
  libc -> hwasan -> liblog -> libc
which makes liblog vs libc initialization order undetermined.

Without liblog the loop is just
  libc -> hwasan -> libc
and any init order issues can be solved in hwasan.

llvm-svn: 339449
2018-08-10 16:38:57 +00:00
Vlad Tsyrklevich bd85115c6e Revert "SafeStack: Delay thread stack clean-up"
This reverts commit r339405, it's failing on Darwin buildbots because
it doesn't seem to have a tgkill/thr_kill2 interface. It has a
__pthread_kill() syscall, but that relies on having a handle to the
thread's port which is not equivalent to it's tid.

llvm-svn: 339408
2018-08-10 00:36:04 +00:00
Vlad Tsyrklevich a24ecc337f SafeStack: Delay thread stack clean-up
Summary:
glibc can call SafeStack instrumented code even after the last pthread
data destructor has run. Delay cleaning-up unsafe stacks for threads
until the thread is dead by having future threads clean-up prior threads
stacks.

Reviewers: pcc, eugenis

Reviewed By: eugenis

Subscribers: cryptoad, eugenis, kubamracek, delcypher, llvm-commits, #sanitizers, kcc

Differential Revision: https://reviews.llvm.org/D50406

llvm-svn: 339405
2018-08-09 22:56:41 +00:00
Kostya Kortchinsky d2214053a2 [sanitizer] Remove rsp from the clobber list in internal_clone
Summary:
When compiling with WERROR=ON, a new fatal warning started popping up recently
(due to -Werror,-Winline-asm):
```
.../lib/sanitizer_common/sanitizer_linux.cc:1214:24: error: inline asm clobber list contains reserved registers: RSP [-Werror,-Winline-asm]
                       "syscall\n"
                       ^
<inline asm>:1:1: note: instantiated into assembly here
        syscall
^
.../lib/sanitizer_common/sanitizer_linux.cc:1214:24: note: Reserved registers on the clobber list may not be preserved across the asm statement, and clobbering them may lead to undefined behaviour.
                       "syscall\n"
                       ^
<inline asm>:1:1: note: instantiated into assembly here
        syscall
^
```

Removing `rsp` from the clobber list makes the warning go away, and does not
appear to have a functional impact. If there is another way to solve this, let
me know.

Reviewers: eugenis, vitalybuka

Reviewed By: eugenis

Subscribers: kubamracek, delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D50519

llvm-svn: 339370
2018-08-09 20:01:11 +00:00
David Carlier 9d03a90f15 Enable getentropy for FreeBSD 12
As for Linux with its getrandom's syscall, giving the possibility to fill buffer with native call for good quality but falling back to /dev/urandom in worst case similarly.

Reviewers: vitalybuka, krytarowski

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D48804

llvm-svn: 339318
2018-08-09 08:11:48 +00:00
Petr Hosek eb46c95c3e [CMake] Use normalized Windows target triples
Changes the default Windows target triple returned by
GetHostTriple.cmake from the old environment names (which we wanted to
move away from) to newer, normalized ones. This also requires updating
all tests to use the new systems names in constraints.

Differential Revision: https://reviews.llvm.org/D47381

llvm-svn: 339307
2018-08-09 02:16:18 +00:00
George Karpenkov 67d858d5e4 [libFuzzer] Increase the iteration limit in shrink.test
After https://reviews.llvm.org/D48800, shrink.test started failing on
x86_64h architecture.
Looking into this, the optimization pass is too eager to unroll the loop
on x86_64h, possibly leading to worse coverage data.

Alternative solutions include not unrolling the loop when fuzzing, or
disabling this test on that architecture.

Differential Revision: https://reviews.llvm.org/D50484

llvm-svn: 339303
2018-08-09 00:41:22 +00:00
Alex Lorenz 9693e8baa3 [macOS] stop generating the libclang_rt.10.4.a library for macOS 10.4
The support for macOS 10.4 has been dropped by Xcode 10.

rdar://42876880

llvm-svn: 339277
2018-08-08 17:29:55 +00:00
Max Moroz cd02f3147b [libFuzzer] Optimize handle unstable checks by reducing iterations
Summary:
We only run the 3rd check if 2nd check finds unstable edges. 
3rd UpdateUnstableCounters is now merged with ApplyUnstableCounters to only run 1 iteration.

Patch by Kyungtak Woo (@kevinwkt).

Reviewers: Dor1s, metzman, morehouse

Reviewed By: Dor1s, morehouse

Subscribers: delcypher, #sanitizers, llvm-commits, kcc

Differential Revision: https://reviews.llvm.org/D50411

llvm-svn: 339249
2018-08-08 14:32:46 +00:00
Vedant Kumar 381e9d2386 [Coverage] Ignore 'unused' functions with non-zero execution counts
Frontends emit 'unused' coverage mapping records for functions which are
provably unused in a TU. These unused records contain a single counter
with CounterKind::Zero. However, a function may be unused in one TU and
used in another. When this happens, prefer the records with a full set
of counters instead of arbitrarily picking the first loaded record.

There is no impact on the single-TU case. In the multiple-TU case, this
resolves issues causing a function to appear unused when it's not.

Testing: check-{llvm,clang,compiler-rt}

rdar://42981322

llvm-svn: 339194
2018-08-07 22:25:36 +00:00
Max Moroz e03993e6c7 [libFuzzer] Disable print_unstable_stats.test for aarch64.
Summary:
Follow-up for https://reviews.llvm.org/D50264. Reported by testbots:
http://lab.llvm.org:8011/builders/clang-cmake-aarch64-full/builds/5592

Reviewers: morehouse, kevinwkt, metzman, javed.absar, Dor1s

Reviewed By: Dor1s

Subscribers: kristof.beyls, delcypher, #sanitizers, llvm-commits, kcc

Differential Revision: https://reviews.llvm.org/D50386

llvm-svn: 339143
2018-08-07 14:22:00 +00:00
Max Moroz 84a48271d4 [libFuzzer] Add unstable function printing to print_unstable_stats flag
Summary:
There may be cases in which a user wants to know which part of their code is unstable.
We use ObservedFuncs and UnstableCounters to print at exit which of the ObservedFunctions
are unstable under the -print_unstable_stats flag.

Patch by Kyungtak Woo (@kevinwkt).

Reviewers: Dor1s, metzman, morehouse

Reviewed By: Dor1s, metzman, morehouse

Subscribers: delcypher, #sanitizers, llvm-commits, kcc

Differential Revision: https://reviews.llvm.org/D50264

llvm-svn: 339081
2018-08-06 23:14:13 +00:00
Martin Storsjo d07bd75cb3 [CMake] Allow building builtins standalone out of tree without any llvm-config available
This is the same as libcxxabi/libcxx do.

Differential Revision: https://reviews.llvm.org/D50134

llvm-svn: 338818
2018-08-03 05:50:33 +00:00
Max Moroz 5a9baa330c [libFuzzer] Initial implementation of weighted mutation leveraging during runtime.
Summary:
Added functions that calculate stats while fuzz targets are running and give
mutations weight based on how much new coverage they provide, and choose better
performing mutations more often.

Patch by Kodé Williams (@kodewilliams).

Reviewers: Dor1s, metzman, morehouse

Reviewed By: Dor1s, morehouse

Subscribers: delcypher, kcc, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D49621

llvm-svn: 338776
2018-08-02 22:30:03 +00:00
Filipe Cabecinhas 440e96f2f7 Add header guard to asan_report.h
llvm-svn: 338700
2018-08-02 11:05:07 +00:00
Kostya Serebryany cedebd5940 [libFuzzer] use absolute distance in addition to the hamming distance in value profiling; our A/B testing have (somewhat weak) indication that this provides an additional signal for corpus expansion
llvm-svn: 338661
2018-08-02 00:24:49 +00:00
Kostya Serebryany a8d7bcdd71 Fix sizeof(struct pthread) in glibc 2.14.
Summary: Fixes: https://github.com/google/sanitizers/issues/966

Reviewers: kcc

Reviewed By: kcc

Subscribers: kubamracek

Differential Revision: https://reviews.llvm.org/D50131

llvm-svn: 338606
2018-08-01 18:29:51 +00:00
Filipe Cabecinhas e0fcc68a32 Add missing condition
llvm-svn: 338577
2018-08-01 15:30:14 +00:00
Filipe Cabecinhas a0d8359079 Test: Enable exceptions for test that needs it
llvm-svn: 338535
2018-08-01 13:20:38 +00:00
Marco Castelluccio 85ae51ed22 [gcov] Add test which uses fork
Test for https://bugs.llvm.org/show_bug.cgi?id=38180.

llvm-svn: 338500
2018-08-01 09:11:36 +00:00
Matt Davis 89e8af6d96 [compiler-rt] Add a routine to specify the mode used when creating profile dirs.
Summary:
This patch introduces `llvm_profile_set_dir_mode` and `llvm_profile_get_dir_mode` to
the compiler-rt profile API. 

Originally, profile data was placed into a directory that was created with a hard-coded
mode value of 0755 (for non-win32 builds).  In certain cases, it can be helpful to create
directories with a different mode other than 0755.  This patch introduces set/get
routines to allow users to specify a desired mode.  The default remains at 0755.

Reviewers: void, probinson

Reviewed By: probinson

Subscribers: probinson, dberris, cfe-commits

Differential Revision: https://reviews.llvm.org/D49953

llvm-svn: 338456
2018-07-31 23:37:24 +00:00
Marco Castelluccio ae43a27f9c [gcov] Add tests using switch, one with break clauses and one with fallthrough
llvm-svn: 338453
2018-07-31 23:26:50 +00:00
Dean Michael Berris f8d5969943 [XRay][compiler-rt] Update test to use similar structure
This is a follow-up to D50037.

llvm-svn: 338349
2018-07-31 04:47:37 +00:00
Dean Michael Berris 3bd20d4605 [XRay][compiler-rt] Profiling Mode: Include file header in buffers
Summary:
This change provides access to the file header even in the in-memory
buffer processing. This allows in-memory processing of the buffers to
also check the version, and the format, of the profile data.

Reviewers: eizan, kpw

Reviewed By: eizan

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D50037

llvm-svn: 338347
2018-07-31 04:16:54 +00:00
Reid Kleckner cae1b9fef2 Pacify sanitizer lint script that still does not run on Windows
llvm-svn: 338334
2018-07-31 00:08:26 +00:00
Reid Kleckner a5ed43c1c9 [asan/win] Use SRW locks to fix a race in BlockingMutex
Summary:
Before my change, BlockingMutex used Windows critial sections. Critical
sections can only be initialized by calling InitializeCriticalSection,
dynamically.

The primary sanitizer allocator expects to be able to reinterpret zero
initialized memory as a BlockingMutex and immediately lock it.
RegionInfo contains a mutex, and it placement new is never called for
it. These objects are accessed via:
  RegionInfo *GetRegionInfo(uptr class_id) const {
    DCHECK_LT(class_id, kNumClasses);
    RegionInfo *regions = reinterpret_cast<RegionInfo *>(SpaceEnd());
    return &regions[class_id];
  }
The memory comes from the OS without any other initialization.

For various reasons described in the comments, BlockingMutex::Lock would
check if the object appeared to be zero-initialized, and it would lazily
call the LinkerInitialized constructor to initialize the critical
section. This pattern is obviously racy, and the code had a bunch of
FIXMEs about it.

The best fix here is to use slim reader writer locks, which can start
out zero-initialized. They are available starting in Windows Vista. I
think it's safe to go ahead and use them today.

Reviewers: kcc, vitalybuka

Subscribers: kubamracek, llvm-commits

Differential Revision: https://reviews.llvm.org/D49893

llvm-svn: 338331
2018-07-30 23:32:33 +00:00
Roman Lebedev f07c5a0e9c [NFC] Rename test/ubsan/TestCases/{ImplicitCast => ImplicitConversion}
Just to be consistent with the rest.
I should have done that in the commit itself, but the filepaths
is one thing i forgot to verify :S

llvm-svn: 338307
2018-07-30 21:11:34 +00:00
Roman Lebedev 0c234517fd [compiler-rt] integer-truncation-blacklist.c: XFAIL on android/ios
The Builder sanitizer-x86_64-linux-android is failing
starting with rL338287 / D48959.

It runs the tests via android_compile.py, so i'm not sure this
is actually *this* issue:
  https://code.google.com/p/address-sanitizer/issues/detail?id=316
but this seems oddly similar to the other XFAIL'ed cases...

Right now that seems to be the only failing builder,
so i *think* it makes sense to try to just blacklist it for now.

llvm-svn: 338296
2018-07-30 20:05:24 +00:00
Roman Lebedev eb4a9bc343 [compiler-rt][ubsan] Implicit Conversion Sanitizer - integer truncation - compiler-rt part
Summary:
This is a compiler-rt part.
The clang part is D48958.

See [[ https://bugs.llvm.org/show_bug.cgi?id=21530 | PR21530 ]], https://github.com/google/sanitizers/issues/940.

Reviewers: #sanitizers, samsonov, vsk, rsmith, pcc, eugenis, kcc, filcab

Reviewed By: #sanitizers, vsk, filcab

Subscribers: llvm-commits, eugenis, filcab, kubamracek, dberris, #sanitizers, regehr

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D48959

llvm-svn: 338287
2018-07-30 18:58:30 +00:00
Azharuddin Mohammed ec6bdf8d4f [cmake] [ARM] Exclude any VFP builtins if VFP is not supported
Summary:
rL325492 disables FPU features when using soft floating point
(-mfloat-abi=soft), which is used internally when building for arm. This causes
errors with builtins that utililize VFP instructions.

With this change we check if VFP is enabled (by checking if the preprocessor
macro __VFP_FP__ is defined), and exclude such builtins if it is not enabled.

Reviewers: rengolin, samsonov, compnerd, smeenai, javed.absar, peter.smith

Reviewed By: peter.smith

Subscribers: delcypher, peter.smith, mgorny, kristof.beyls, chrib, llvm-commits

Differential Revision: https://reviews.llvm.org/D47217

llvm-svn: 338284
2018-07-30 18:18:59 +00:00
Dean Michael Berris f1ceb0b376 [XRay][compiler-rt] FDR Mode: Use mmap instead of internal allocator
Summary:
This change moves FDR mode to use `internal_mmap(...)` from
sanitizer_common instead of the internal allocator interface. We're
doing this to sidestep the alignment issues we encounter with the
`InternalAlloc(...)` functions returning pointers that have some magic
bytes at the beginning.

XRay copies bytes into the buffer memory, and does not require the magic
bytes tracking the other sanitizers use when allocating/deallocating
buffers.

Reviewers: kpw, eizan

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D49972

llvm-svn: 338228
2018-07-30 05:56:42 +00:00
Fangrui Song 8c40e40a85 [asan] Fix typo
llvm-svn: 338225
2018-07-30 00:25:16 +00:00
Fangrui Song c0ca8089a2 Fix Asan-i386-calls-Test AddressSanitizer.ShadowGapTest on FreeBSD
0x22000000 happens to be on the left of a heap allocation and the error
message is different (heap-buffer-overflow).
FreeBSD NetBSD have larger SHADOW_OFFSET (0x40000000) but let's try not
using #ifdef here.

llvm-svn: 338208
2018-07-28 23:41:50 +00:00
Jonas Hahnfeld a7c9fe3762 [test] Use printf instead of C++ iostream, NFC.
This test fails with libc++ when built with MemorySanitizer. This
is because we link to an uninstrumented version of the library
so msan detects a nested error when calling std::cout << "...".
This can be easily avoided by using good old printf.

Differential Revision: https://reviews.llvm.org/D49867

llvm-svn: 338053
2018-07-26 18:23:40 +00:00
Dmitry Vyukov 04f97cf2f0 [tsan] Fix gcc pedantic warning
Fix gcc (7.2.0) pedantic warning
warning: extra ‘;’ [-Wpedantic]

Author: jasonl220 (Jason Lovett)
Review: https://reviews.llvm.org/D49817
llvm-svn: 338023
2018-07-26 13:02:54 +00:00
Fangrui Song cb1107ed14 [sanitizer] Include signal.h instead of sys/signal.h
llvm-svn: 338004
2018-07-26 04:50:33 +00:00
Max Moroz f55b8c6e91 [libFuzzer] Disable handle-unstable.test for ARM and delete duplicated test file.
Summary:
This change should fix the failures mentioned in
https://reviews.llvm.org/D49684#1175245

Reviewers: kevinwkt, morehouse, metzman

Reviewed By: kevinwkt, morehouse

Subscribers: kristof.beyls, delcypher, chrib, #sanitizers, llvm-commits, kcc

Differential Revision: https://reviews.llvm.org/D49810

llvm-svn: 337949
2018-07-25 18:34:20 +00:00
Jeremy Morse 63c153edb2 [XRay tests] Don't filter test-critical calls
By default, xray filters events that takes less than 5uS from its log.
In this existing test, should printf complete very quickly this will
lead to test-critical function calls being filtered (i.e. print_parent_tid).
Given that we're not testing the filtering feature, disable it for this
test.

llvm-svn: 337929
2018-07-25 14:48:53 +00:00
David Carlier 62e06ff583 [Asan][Msan] Unit tests Disable some tests for FreeBSD
Reviewers: krytarowski

Reviewed By: krytarowski

Differential Revision: https://reviews.llvm.org/D49784

llvm-svn: 337913
2018-07-25 12:38:23 +00:00
Petr Hosek 47e5fcba57 [profile] Support profiling runtime on Fuchsia
This ports the profiling runtime on Fuchsia and enables the
instrumentation. Unlike on other platforms, Fuchsia doesn't use
files to dump the instrumentation data since on Fuchsia, filesystem
may not be accessible to the instrumented process. We instead use
the data sink to pass the profiling data to the system the same
sanitizer runtimes do.

Differential Revision: https://reviews.llvm.org/D47208

llvm-svn: 337881
2018-07-25 03:01:35 +00:00
Matt Morehouse 5377b5b275 [sanitizer] Update symbolizer test.
llvm-svn: 337872
2018-07-24 23:50:42 +00:00
Max Moroz 8db0befc6d [libFuzzer] Handle unstable edges by disregarding unstable edges
Summary:
Added a new mode within flag -handle_unstable for new unstable handling algorithm that does the following:
    When an edge is shown as unstable, copy to UnstableCounters the value 0.
    During ApplyUnstableCounters we copy back the value 0 to ModuleInline8bitCounters if the edge was unstable.

This way we would be ignoring completely features that were collected through non-determinism.
Unstable hits would be counted as if it never hit.

Reviewers: metzman, Dor1s, kcc, morehouse

Reviewed By: metzman, morehouse

Subscribers: delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D49684

llvm-svn: 337853
2018-07-24 21:02:44 +00:00
Kuba Mracek dc36389ea8 [tsan] Fix crash in objc_sync_enter/objc_sync_exit when using an Obj-C tagged pointer
Objective-C tagged pointers (either bottom-most or top-most bit is 1) are valid Obj-C objects but are not valid pointers. Make sure we don't crash on them when used in objc_sync_enter/objc_sync_exit. Instead, let's synchronize on a global object.

Differential Revision: https://reviews.llvm.org/D49707

llvm-svn: 337837
2018-07-24 16:19:06 +00:00
Igor Kudrin 356c2aeffe [profile] Fix finding the first and last directory separators on Windows.
Until now, our code preferred backslashes to slashes, whereas Windows
allows using both types of directory separators in one path string.

Differential Revision: https://reviews.llvm.org/D49664

llvm-svn: 337826
2018-07-24 13:06:19 +00:00
Igor Kudrin 63600c7487 [profile] Fix a possible memory leak in parseFilenamePattern().
Differential Revision: https://reviews.llvm.org/D49666

llvm-svn: 337823
2018-07-24 12:28:53 +00:00
Petr Hosek b8ab7e811b [sanitizer][fuzzer] Temporarily transition to ZX_TIME_INFINITE_OLD
This is a preparation for breaking change when all Zircon calls that
take time as an argument will start using signed valued. We will
transition back to ZX_TIME_INFITINE after all the changes to these
symbols are done and become part of the Fuchsia SDK.

Differential Revision: https://reviews.llvm.org/D49694

llvm-svn: 337802
2018-07-24 02:34:24 +00:00
Petr Hosek e2da642697 [sanitizer] Transition from _zx_vmar_... to _zx_vmar_..._old calls
This is a preparation for breaking changes to _zx_vmar_... calls.
We will transition back to _zx_vmar_... after all the changes to
these symbols are done and become part of the Fuchsia SDK.

Differential Revision: https://reviews.llvm.org/D49697

llvm-svn: 337801
2018-07-24 02:28:54 +00:00
Petr Hosek c14d513e0d Revert "[Fuzzer] Update path to libc++ headers"
This reverts commit r337775 since r337727 has been reverted in r337782.

llvm-svn: 337784
2018-07-24 00:34:55 +00:00
Petr Hosek 2cf5d81f04 [Fuzzer] Update path to libc++ headers
The path to headers which are installed into libc++ build directory
has changed in r337727 which broke the libFuzzer build.

Differential Revision: https://reviews.llvm.org/D49705

llvm-svn: 337775
2018-07-23 23:38:28 +00:00
Matthew Voss 1486d5c6e2 Reapply "[XRay] Remove scheduling dependency in fork_basic_logging.cc"
Summary:
Continuation of https://reviews.llvm.org/D49501

Second part of the test has an scheduling order when there shouldn't be.



Reviewers: dberris, ormris

Reviewed By: dberris, ormris

Subscribers: TWeaver

Differential Revision: https://reviews.llvm.org/D49559

llvm-svn: 337745
2018-07-23 21:22:02 +00:00
Max Moroz 1e954f78d1 [libFuzzer] Handle unstable edges by using minimum hit counts
Summary:
Created unstable_handle flag that takes 1 or 2, depending on the handling type.
Modified RunOne to accommodate the following heuristic:
    Use the first CollectFeatures to count how many features there are.
    If no new features, CollectFeatures like before.
    If there is new feature, we run CB 2 more times,
        Check which edges are unstable per input and we store the least amount of hit counts for each edge.
        Apply these hit counts back to inline8bitcounters so that CollectFeatures can work as intended.
Modified UnstableCounters to 8int_t and created a bitset UnstableSet to tell which edges are unstable.

Patch by Kyungtak Woo (@kevinwkt).

Reviewers: Dor1s, metzman, morehouse

Reviewed By: Dor1s, morehouse

Subscribers: delcypher, #sanitizers, llvm-commits, kcc

Differential Revision: https://reviews.llvm.org/D49525

llvm-svn: 337696
2018-07-23 14:20:52 +00:00
Peter Collingbourne acf005676e Change the cap on the amount of padding for each vtable to 32-byte (previously it was 128-byte)
We tested different cap values with a recent commit of Chromium. Our results show that the 32-byte cap yields the smallest binary and all the caps yield similar performance.
Based on the results, we propose to change the cap value to 32-byte.

Patch by Zhaomo Yang!

Differential Revision: https://reviews.llvm.org/D49405

llvm-svn: 337622
2018-07-20 21:43:20 +00:00
H.J. Lu 0cb55919ec Mark REAL(swapcontext) with indirect_return attribute on x86
When shadow stack from Intel CET is enabled, the first instruction of all
indirect branch targets must be a special instruction, ENDBR.

lib/asan/asan_interceptors.cc has

...
  int res = REAL(swapcontext)(oucp, ucp);
...

REAL(swapcontext) is a function pointer to swapcontext in libc.  Since
swapcontext may return via indirect branch on x86 when shadow stack is
enabled, as in this case,

int res = REAL(swapcontext)(oucp, ucp);
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^  This function may be
returned via an indirect branch.

Here compiler must insert ENDBR after call, like

call *bar(%rip)
endbr64

I opened an LLVM bug:

https://bugs.llvm.org/show_bug.cgi?id=38207

to add the indirect_return attribute so that it can be used to inform
compiler to insert ENDBR after REAL(swapcontext) call.  We mark
REAL(swapcontext) with the indirect_return attribute if it is available.

This fixed:

https://bugs.llvm.org/show_bug.cgi?id=38249

Reviewed By: eugenis

Differential Revision: https://reviews.llvm.org/D49608

llvm-svn: 337603
2018-07-20 19:24:11 +00:00
Dan Liew c358e51e9b On Darwin switch from the `VM_MEMORY_ANALYSIS_TOOL` VM tag to
`VM_MEMORY_SANITIZER`.

It turns out that `VM_MEMORY_ANALYSIS_TOOL` is already reserved for
use by other tools so switch to a tag reserved for use by the Sanitizers.

rdar://problem/41969783

Differential Revision: https://reviews.llvm.org/D49603

llvm-svn: 337579
2018-07-20 17:07:35 +00:00
Kostya Kortchinsky cccd21d42c [scudo] Simplify internal names (NFC)
Summary:
There is currently too much redundancy in the class/variable/* names in Scudo:
- we are in the namespace `__scudo`, so there is no point in having something
  named `ScudoX` to end up with a final name of `__scudo::ScudoX`;
- there are a lot of types/* that have `Allocator` in the name, given that
  Scudo is an allocator I figure this doubles up as well.

So change a bunch of the Scudo names to make them shorter, less redundant, and
overall simpler. They should still be pretty self explaining (or at least it
looks so to me).

The TSD part will be done in another CL (eg `__scudo::ScudoTSD`).

Reviewers: alekseyshl, eugenis

Reviewed By: alekseyshl

Subscribers: delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D49505

llvm-svn: 337557
2018-07-20 15:07:17 +00:00
Dmitry Vyukov 97cf5f7f40 esan: fix shadow setup
r337531 changed return type of MmapFixedNoReserve, but esan wasn't updated.
As the result esan shadow setup always fails.
We probably need to make MmapFixedNoAccess signature consistent
with MmapFixedNoReserve. But this is just to unbreak tests.
 

llvm-svn: 337550
2018-07-20 13:40:08 +00:00
David Carlier 12be7b7bf7 [Xray] fix c99 warning build about flexible array semantics
Reviewers: dberris

Reviewed By: dberris

Differential Revision: https://reviews.llvm.org/D49590

llvm-svn: 337536
2018-07-20 09:22:22 +00:00
Dmitry Vyukov f52726aae9 sanitizers: consistently check result of MmapFixedNoReserve
MmapFixedNoReserve does not terminate process on failure.
Failure to check its result and die will always lead to harder
to debug crashes later in execution. This was observed in Go
processes due to some address space conflicts.

Consistently check result of MmapFixedNoReserve.
While we are here also add warn_unused_result attribute
to prevent such bugs in future and change return type to bool
as that's what all callers want.

Reviewed in https://reviews.llvm.org/D49367

llvm-svn: 337531
2018-07-20 08:33:41 +00:00
Joel E. Denny a47cb644c7 [libFuzzer] Use separate test directory for each config
Previously, check-all failed many tests for me.  It was running the
X86_64DefaultLinuxConfig, X86_64LibcxxLinuxConfig, and
X86_64StaticLibcxxLinuxConfig configs out of
llvm-build/projects/compiler-rt/test/fuzzer.  Now, it runs them out of
separate subdirectories there, and most tests pass.

Reviewed By: morehouse, george.karpenkov

Differential Revision: https://reviews.llvm.org/D49249

llvm-svn: 337521
2018-07-20 02:39:01 +00:00
Kostya Serebryany 44edc281d9 [libFuzzer] when -print_coverage=1 is given, print more stats (the number of seeds that hit every given function)
llvm-svn: 337501
2018-07-19 22:00:48 +00:00
Teresa Johnson 408f50dbb4 [profile] Fix typo in test
Noticed that this was causing a compiler warning in the test.

llvm-svn: 337493
2018-07-19 20:18:37 +00:00
Teresa Johnson 73053b221f [profile] Add interface to get profile filename
Summary:
Add __llvm_profile_get_filename interface to get the profile filename,
which can be used for identifying which profile file belongs to an app
when multiple binaries are instrumented and dumping profiles into the
same directory. The filename includes the path.

Reviewers: davidxl

Subscribers: delcypher, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D49529

llvm-svn: 337482
2018-07-19 19:03:50 +00:00
Teresa Johnson d4143bc772 [compiler-rt] Only set lto_flags if lto_supported
Fix bot failure from r37465. Move the new lto_flags append under the
check for whether lto_supported. Otherwise TestingConfig may not have
that member.

llvm-svn: 337467
2018-07-19 16:12:15 +00:00
Teresa Johnson 293b0f43ac [compiler-rt] Add NewPM testing to CFI tests
Summary:
Executes both LTO and ThinLTO CFI tests an additional time using the new
pass manager. I only bothered to add with gold and not lld as testing
with one linker should be sufficient. I didn't add for APPLE or WIN32
since I don't have a way to test those.

Depends on D49429.

Reviewers: pcc

Subscribers: dberris, mgorny, mehdi_amini, delcypher, dexonsmith, #sanitizers, llvm-commits

Differential Revision: https://reviews.llvm.org/D49432

llvm-svn: 337465
2018-07-19 15:32:48 +00:00
Dean Michael Berris 41cea19b4f [XRay][compiler-rt] Profiling: No files when empty
This change makes it so that the profiling mode implementation will only
write files when there are buffers to write. Before this change, we'd
always open a file even if there were no profiles collected when
flushing.

llvm-svn: 337443
2018-07-19 09:20:19 +00:00
Dean Michael Berris e0099f1c6d [XRay][compiler-rt] FDR Mode: Add extents metadata to buffer
When providing raw access to the FDR mode buffers, we used to not
include the extents metadata record. This oversight means that
processing the buffers in-memory will lose important information that
would have been written in files.

This change exposes the metadata record by serializing the data
similarly to how we would do it when flushing to files.

llvm-svn: 337441
2018-07-19 05:17:32 +00:00
David Carlier cfc1d1d46e [Xray] Fix allocator build, MAP_NORESERVE flag is not always supported
MAP_NORESERVE is not supported or a no-op on BSD.

Reviewers: dberris

Reviewed By: dberris

Differential Revision: https://reviews.llvm.org/D49494

llvm-svn: 337440
2018-07-19 05:08:59 +00:00
Kostya Serebryany 7a6295f2e1 [libFuzzer] fix the bot (the no-assert build)
llvm-svn: 337437
2018-07-19 03:16:12 +00:00
Kostya Serebryany 79bd14772f [libFuzzer] quick hack to fix the bot
llvm-svn: 337436
2018-07-19 01:54:28 +00:00
Kostya Serebryany 6b87e0c18f [libFuzzer] first experimental attempt at DFT-based mutations (DFT=data-flow-trace)
llvm-svn: 337434
2018-07-19 01:23:32 +00:00
Matthew Voss ac1f9263d1 Remove scheduling dependency from XRay :: Posix/fork_basic_logging.cc
Summary:
We've been seeing intermittent failures on our internal bots and we suspect
this may be due to the OS scheduling the child process to run before the parent
process.

This version ensures that the parent and child can be run in either order.

Reviewers: Maknee, dberris

Reviewed By: dberris

Subscribers: delcypher, #sanitizers, Maknee, llvm-commits

Differential Revision: https://reviews.llvm.org/D49501

llvm-svn: 337432
2018-07-19 00:25:00 +00:00
Peter Collingbourne 4a653fa7f1 Rename __asan_gen_* symbols to ___asan_gen_*.
This prevents gold from printing a warning when trying to export
these symbols via the asan dynamic list after ThinLTO promotes them
from private symbols to external symbols with hidden visibility.

Differential Revision: https://reviews.llvm.org/D49498

llvm-svn: 337428
2018-07-18 22:23:14 +00:00