Summary:
Due to a QoI issuse in FreeBSD's libcxxrt-based demangler, one sanitizer
symbolizer test consistently appears to fail:
Value of: DemangleSwiftAndCXX("foo")
Actual: "float"
Expected: "foo"
This is because libcxxrt's __cxa_demangle() incorrectly demangles the "foo"
identifier to "float". It should return an error instead.
For now, XFAIL this particular test for FreeBSD, until we can fix libcxxrt
properly (which might take some time to coordinate with upstream).
Reviewers: rnk, zaks.anna, emaste
Subscribers: emaste, llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D23001
llvm-svn: 277297
Summary:
On windows, an export can be redirected to an other DLL.
This patch is adding the required support to the internal
GetProcAddress implementation.
This case was encountered by instrumenting chromium (win 64-bits)
using this GN configuration:
```
is_component_build = true
is_debug = false
enable_nacl = false
is_clang = true
is_asan = true
clang_base_path = "d:\src\llvm\ninja64"
clang_use_chrome_plugins = false
clang_version = "4.0.0"
```
The operating system is win7 (x64).
Visual Studio: 2015 Professional
Reviewers: rnk
Subscribers: llvm-commits, chrisha
Differential Revision: https://reviews.llvm.org/D22880
llvm-svn: 277294
This patch adds 48-bits VMA support for tsan on aarch64. As current
mappings for aarch64, 48-bit VMA also supports PIE executable. This
limits the mapping mechanism because the PIE address bits
(usually 0aaaaXXXXXXXX) makes it harder to create a mask/xor value
to include all memory regions. I think it is possible to create a
large application VAM range by either dropping PIE support or tune
current range.
It also changes slight the way addresses are packed in SyncVar structure:
previously it assumes x86_64 as the maximum VMA range. Since ID is 14 bits
wide, shifting 48 bits should be ok.
Tested on x86_64, ppc64le and aarch64 (39 and 48 bits VMA).
llvm-svn: 277137
This addresses some comments from D21612, which contains the following changes:
- Update __xray_patch() and __xray_unpatch() API documentation to not imply asynchrony.
- Introduce a scope cleanup mechanism to make sure we can roll-back changes to the XRayPatching global atomic.
- Introduce a few more comments for potential extension points for other platforms (for the implementation details of patching and un-patching).
Reviewers: eugenis, rnk, kcc, echristo, majnemer
Subscribers: llvm-commits, mehdi_amini
Differential Revision: https://reviews.llvm.org/D22911
llvm-svn: 277124
Summary:
This patch is re-introducing the code to fix the
dynamic hooking on windows and to fix a compiler
warning on Apple.
Related patches:
* https://reviews.llvm.org/D22641
* https://reviews.llvm.org/D22610
* https://reviews.llvm.org/rL276311
* https://reviews.llvm.org/rL276490
Both architecture are using different techniques to
hook on library functions (memchr, strcpy,...).
On Apple, the function is not dynamically hooked and
the symbol always points to a valid function
(i.e. can't be null). The REAL macro returns the
symbol.
On windows, the function is dynamically patch and the
REAL(...) function may or may not be null. It depend
on whether or not the function was hooked correctly.
Also, on windows memcpy and memmove are the same.
```
#if !defined(__APPLE__)
[...]
# define REAL(x) __interception::PTR_TO_REAL(x)
# define ASSIGN_REAL(dst, src) REAL(dst) = REAL(src)
[...]
#else // __APPLE__
[...]
# define REAL(x) x
# define ASSIGN_REAL(x, y)
[...]
#endif // __APPLE__
Reviewers: rnk
Subscribers: kcc, hans, kubabrecka, llvm-commits, bruno, chrisha
Differential Revision: https://reviews.llvm.org/D22758
llvm-svn: 276885
When we delay signals we can deliver them when the signal
is blocked. This can be surprising to the program.
Intercept signal blocking functions merely to process
pending signals. As the result, at worst we will delay
a signal till return from the signal blocking function.
llvm-svn: 276876
The kernel on Nexus 5X returns error_code in ucontext which has
correct FSR_WRITE flag, but empty (zero) abort type field. Removing
the checks means that we will report all SEGVs as READ on very old
kernels, but will properly distinguish READ vs WRITE on moderately
old ones.
llvm-svn: 276803
This test attempts to allocate 100 512MB aligned pages of memory. This
is implemented in the usual way by allocating size + alignment bytes and
aligning the result. As a result, this test allocates 51.2GB of memory.
Windows allocates swap for all memory allocated, and our bots do not
have this much swap available.
Avoid the failure by using a more reasonable alignment, like 16MB, as we
do on 32-bit.
llvm-svn: 276779
This reverts commit r276333.
As I commented in the review (https://reviews.llvm.org/D22415), this change isn't needed because CMAKE_C_FLAGS is implicitly added by CMake to the command line for all C source files.
With this patch enabled CMAKE_C_FLAGS is duplicated on all C sources, and applied to ASM sources, which is not ideal.
I sent an email about this to llvm-commits on the commit thread. I suspect the problem the patch author was actually seeing is that CMAKE_C_FLAGS isn't applied to ASM files, and the builtins library has quite a few of those. The correct solution there is to specify CMAKE_ASM_FLAGS with whatever flags need to be passed to the compiler when compiling ASM files.
If there are other problems with flag propagation, please let me know.
llvm-svn: 276683
sanitizer_common_interceptors.inc:667:12: warning: address of function 'memchr' will always evaluate to 'true' [-Wpointer-bool-conversion]
if (REAL(memchr)) {
~~ ^~~~~~
llvm-svn: 276539
Add a %stdcxx11 lit substitution for -std=c++11. Windows defaults to
-std=c++14 when VS 2015 is used because the STL requires it. Harcoding
-std=c++11 in the ASan tests actually downgrades the C++ standard level,
leading to test failures.
Relax a FileCheck pattern in use-after-scope-types.cc.
Disable the sanitizer_common OOM tests. They fail on bots with low swap,
and cause other concurrently running tests to OOM.
llvm-svn: 276454
Summary:
Some instructions can only be copied if the relative offset is adjusted.
This patch adds support for two common instruction.
It's quite common to have a indirect load in the prologue
(loading the security cookie).
Reviewers: rnk
Subscribers: llvm-commits, wang0109, chrisha
Differential Revision: https://reviews.llvm.org/D22647
llvm-svn: 276336
Summary:
This patch fixes cross-architecture compilation,
by allowing flags like -target and --sysroot to be set for
architecture testing and compilation.
Reviewers: tberghammer, srhines, danalbert, beanz, compnerd
Subscribers: tberghammer, llvm-commits, danalbert
Differential Revision: https://reviews.llvm.org/D22415
llvm-svn: 276333
Summary:
This patch is fixing running interception unittests for memcpy/memmove on
windows 64.
Reviewers: rnk
Subscribers: llvm-commits, wang0109, kubabrecka, chrisha
Differential Revision: https://reviews.llvm.org/D22641
llvm-svn: 276324
Make kStderrFd a macro to avoid dynamic initialization of the
report_file global. This actually causes a crash at runtime, because
ASan initializes before static initializers run.
Remove an unused variable in asan_win.cc.
llvm-svn: 276314
Summary:
The memcpy and memmove functions are the same on windows.
The overlap detection logic is incorrect.
printf-1 test:
```
stdin>:2:114: note: possible intended match here
==877412==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x0000002bf2a8,0x0000002bf2ad) and [0x0000002bf2a9, 0x0000002bf2ae) overlap
``` ^
Reviewers: rnk
Subscribers: llvm-commits, wang0109, kubabrecka, chrisha
Differential Revision: https://reviews.llvm.org/D22610
llvm-svn: 276299
Summary:
This is a fixed-up version of D21612, to address failure identified post-commit.
Original commit description:
This patch implements the initialisation and patching routines for the XRay runtime, along with the necessary trampolines for function entry/exit handling. For now we only define the basic hooks for allowing an implementation to define a handler that gets run on function entry/exit. We expose a minimal API for controlling the behaviour of the runtime (patching, cleanup, and setting the handler to invoke when instrumenting).
Fixes include:
- Gating XRay build to only Linux x86_64 and with the right dependencies in case it is the only library being built
- Including <cstddef> to fix std::size_t issue
Reviewers: kcc, rnk, echristo
Subscribers: mehdi_amini, llvm-commits
Differential Revision: https://reviews.llvm.org/D22611
llvm-svn: 276251
Summary:
By adding the initialisation of the symbolisation library (DbgHelp)
we are swapping the order in which both warnings are produced.
We can't use CHECK-NEXT as the dbghelp warning is multiline.
Reviewers: rnk
Subscribers: kubabrecka, llvm-commits, wang0109, chrisha
Differential Revision: https://reviews.llvm.org/D22586
llvm-svn: 276228
and also the follow-up "[xray] Only build xray on Linux for now"
Two build errors were reported on the llvm-commits list:
[ 88%] Building CXX object lib/xray/CMakeFiles/clang_rt.xray-x86_64.dir/xray_flags.cc.o
/mnt/b/sanitizer-buildbot1/sanitizer-x86_64-linux/build/llvm/projects/compiler-rt/lib/xray/xray_init.cc:23:10: fatal error: 'llvm/Support/ELF.h' file not found
#include "llvm/Support/ELF.h"
^
and
In file included from /w/src/llvm.org/projects/compiler-rt/lib/xray/xray_interface.cc:16:
/w/src/llvm.org/projects/compiler-rt/lib/xray/xray_interface_internal.h:36:8: error:
no type named 'size_t' in namespace 'std'
std::size_t Entries;
~~~~~^
llvm-svn: 276186
Should fix the Windows buildbots, and maybe some other non-Linux Unix
bots too.
XRay currently depends on sanitizer_common, so associate it with the
"build sanitizers" option and remove the option for separately
controlling the XRay build.
llvm-svn: 276124
Summary:
This patch implements the initialisation and patching routines for the XRay runtime, along with the necessary trampolines for function entry/exit handling. For now we only define the basic hooks for allowing an implementation to define a handler that gets run on function entry/exit. We expose a minimal API for controlling the behaviour of the runtime (patching, cleanup, and setting the handler to invoke when instrumenting).
Depends on D19904
Reviewers: echristo, kcc, rnk
Subscribers: rnk, mehdi_amini, llvm-commits
Differential Revision: https://reviews.llvm.org/D21612
llvm-svn: 276117
Currently fails as:
gotsan.cc: In function 'void* __sanitizer::__libc_memalign(__sanitizer::uptr, __sanitizer::uptr)':
gotsan.cc:6194:50: error: 'posix_memalign' was not declared in this scope
uptr error = posix_memalign(&p, alignment, size);
Windows does not provide posix_memalign.
llvm-svn: 276107
Summary: This flag could be used to disable check in runtime.
Subscribers: kubabrecka
Differential Revision: https://reviews.llvm.org/D22495
llvm-svn: 276004
Adds a new esan public interface routine __esan_get_sample_count() and uses
it to ensure that tests of sampling receive the minimum number of samples.
llvm-svn: 275948
Fixes an esan sideline thread CHECK that failed to account for the sideline
thread reaching its code before the internal_clone() return value was
assigned in the parent.
llvm-svn: 275946
Summary:
Indirect load are relative offset from RIP.
The current trampoline implementation is incorrectly
copying these instructions which make some unittests
crashing.
This patch is not fixing the unittests but it's fixing
the crashes. The functions are no longer hooked.
Patches will come soon to fix these unittests.
Reviewers: rnk
Subscribers: llvm-commits, wang0109, chrisha
Differential Revision: https://reviews.llvm.org/D22410
llvm-svn: 275892
Summary:
The trampoline allocation limits the memory scanning to 1 gig.
There is an unittest that is allocating a large object which make
it impossible to the trampoline allocator to find a free spot.
see shadow_mapping_failures:
```
char bigchunk[1 << 30];
```
This patch is not fixing the unittest but it's fixing it's infinite
loop behavior.
Reviewers: rnk
Subscribers: llvm-commits, wang0109, chrisha
Differential Revision: https://reviews.llvm.org/D22471
llvm-svn: 275887
This patch adds 48-bits VMA support for asan on aarch64. The current
47-bit mask is not suffice since on aarch64 kernel with 48-bit vma
(default on ubuntu 16.04) the process may use full VMA range as:
[...]
ffffa39a7000-ffffa39a8000 r--p 00000000 00:00 0 [vvar]
ffffa39a8000-ffffa39a9000 r-xp 00000000 00:00 0 [vdso]
ffffa39a9000-ffffa39aa000 r--p 0001c000 08:02 13631554 /lib/aarch64-linux-gnu/ld-2.23.so
ffffa39aa000-ffffa39ac000 rw-p 0001d000 08:02 13631554 /lib/aarch64-linux-gnu/ld-2.23.so
ffffc2227000-ffffc2248000 rw-p 00000000 00:00 0 [stack]
llvm-svn: 275792
Summary:
This is adding the appropriate suport for exception handling for
64-bits ASAN on windows.
Reviewers: rnk
Subscribers: kubabrecka, llvm-commits, wang0109, chrisha
Differential Revision: https://reviews.llvm.org/D22395
llvm-svn: 275585
Summary:
Indirect load are relative offset from RIP.
The current trampoline implementation is incorrectly
copying these instructions which make some unittests
crashing.
This patch is not fixing the unittests but it's fixing
the crashes. The functions are no longer hooked.
Patches will come soon to fix these unittests.
Reviewers: rnk
Subscribers: llvm-commits, wang0109, chrisha
Differential Revision: https://reviews.llvm.org/D22410
llvm-svn: 275584
c:\lipo\work\asan\b_llvm>c:\lipo\work\asan\b_llvm\projects\compiler-rt\test\asan\X86_64WindowsConfig\TestCases\Output\null_deref.cc.tmp
=================================================================
==5488==ERROR: AddressSanitizer: access-violation on unknown address 0x000000000028 (pc 0x7ff701f91067 bp 0x000c8cf8fbf0 sp 0x000c8cf8fbb0 T0)
==5488==The signal is caused by a READ memory access.
==5488==Hint: address points to the zero page.
#0 0x7ff701f91066 in NullDeref(int *) C:\lipo\work\asan\llvm\projects\compiler-rt\test\asan\TestCases\null_deref.cc:15:10
#1 0x8a0388830a67 (<unknown module>)
The reason was symbols was not initilized. In fact, it was first inited
with a call to stack.Print(), which calls
WinSymbolizerTool::SymbolizePC, then InitializeDbgHelpIfNeeded().
Since the StackWalk was performed before the stack.Print(), stack frames
where not gathered correctly.
There should be a better place to initialize symbols. For now, this
patch makes the test happy.
Patch by Wei Wang
Differential Revision: https://reviews.llvm.org/D22410
llvm-svn: 275580
There is not enough padding in front of memchr(), and, the first 6 bytes
contains a branch instruction. Basically the current interception will
not work on memchr().
It was disabled before, but was missing the part to disable it for
INTERCEPT_LIBRARY_FUNCTION.
Patch by Wei Wang
Differential Revision: https://reviews.llvm.org/D22371
llvm-svn: 275494
Summary:
These patterns are encounter when using instrumented DLL.
Without this patch, asan lit test are crashing when trying to hook
on RaiseException function.
Reviewers: rnk
Subscribers: llvm-commits, wang0109, chrisha
Differential Revision: https://reviews.llvm.org/D22340
llvm-svn: 275489
Summary:
The function wcslen is incorrectly hooked on windows 64-bits.
The interception library is not able to hook without breaking the code.
The function is too small and the interception must be done with
trampoline-hooking which turned out to be incorrect on a small
loop (first few instructions have a backedge).
Reviewers: rnk
Subscribers: wang0109, chrisha, llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D22363
llvm-svn: 275488
Summary:
This aims to add support for __cpu_model and address Bug 25510. It uses
the code from lib/Support/Host.cpp for cpu detection, and creates
__cpu_model with that info.
Tested on OSX and built on Linux as well (though libgcc is the default).
The use of "asm" required -std=gnu99, hence the cmake change. Corrections
on better addressing this are welcome.
Previously reverted, up for review again to iron out outstanding issues.
Reviewers: llvm-commits, joerg, echristo, mehdi_amini
Subscribers: mehdi_amini
Differential Revision: http://reviews.llvm.org/D22181
llvm-svn: 275484
Use unified syntax for builtins/arm/aeabi_mem*.S.
This makes these files consistent with the others.
This fixes a problem on the linker, which can fail with the message
"relocation truncated to fit: R_ARM_THM_JUMP11 against symbol"
Patch by Kor Nielsen.
llvm-svn: 275264
The thread registry test was failing to allocate 25 threads with stack
size 134MB, which is pretty reasonable.
Also print the error code in our pthread wrappers in case this happens
again.
llvm-svn: 275209
mov edi,edi is _not_ NOP in 64-bit, use 66,90h instead.
This bug was causing interception unittest to crash on
Windows64 (windows 8 and windows 10).
Credits to etienneb for finding the root cause.
Patch by: Wei Wang
Differential Revision: http://reviews.llvm.org/D22274
llvm-svn: 275207
Summary:
The unittest is not working on windows. The "regexp.h" is not available and
gtest-port won't support regexp with operator '|'.
The test wasn't failing on 32-bits because of this check:
```
if (SANITIZER_WORDSIZE != 64 || ASAN_AVOID_EXPENSIVE_TESTS) return;
```
```
[ RUN ] AddressSanitizer.HugeMallocTest
C:/src/llvm/llvm/utils/unittest/googletest\src/gtest-port.cc(272): error: Failed
Syntax error at index 30 in simple regular expression "is located 1 bytes to the left|AddressSanitizer failed to allocate": '|' is unsupported.
C:/src/llvm/llvm/projects/compiler-rt/lib/asan/tests/asan_test.cc(308): error: Death test: Ident((char*)malloc(n_megs << 20))[-1] = 0
Result: died but not with expected error.
Expected: is located 1 bytes to the left|AddressSanitizer failed to allocate
```
See gtest-port.h:
```
#elif GTEST_OS_WINDOWS
// <regex.h> is not available on Windows. Use our own simple regex
// implementation instead.
# define GTEST_USES_SIMPLE_RE 1
```
Reviewers: rnk
Subscribers: llvm-commits, wang0109, kubabrecka, chrisha
Differential Revision: http://reviews.llvm.org/D22257
llvm-svn: 275181
Summary:
Many CRT (64-bits) functions contains a "hint-nop". The current padding
detection is not able to recognize the 10-bytes padding and the HotPatch
hooking technique cannot be used.
Other patterns may be discover and may be added later.
Reviewers: rnk
Subscribers: llvm-commits, wang0109, chrisha
Differential Revision: http://reviews.llvm.org/D22258
llvm-svn: 275180
Summary:
This is a cleanup and refactoring of the interception code on windows
Enhancement:
* Adding the support for 64-bits code
* Adding several hooking technique:
* Detour
* JumpRedirect
* HotPatch
* Trampoline
* Adding a trampoline memory pool (64-bits) and release the allocated memory in unittests
Cleanup:
* Adding unittests for 64-bits hooking techniques
* Enhancing the RoundUpInstruction by sharing common decoder
Reviewers: rnk
Subscribers: llvm-commits, wang0109, chrisha
Differential Revision: http://reviews.llvm.org/D22111
llvm-svn: 275123
Summary:
This patch is a refactoring of the way cmake 'targets' are grouped.
It won't affect non-UI cmake-generators.
Clang/LLVM are using a structured way to group targets which ease
navigation through Visual Studio UI. The Compiler-RT projects
differ from the way Clang/LLVM are grouping targets.
This patch doesn't contain behavior changes.
Reviewers: kubabrecka, rnk
Subscribers: wang0109, llvm-commits, kubabrecka, chrisha
Differential Revision: http://reviews.llvm.org/D21952
llvm-svn: 275111
Memory will be committed on demand when exception happens while accessing
shadow memeory region.
Patch by: Wei Wang
Differential Revision: http://reviews.llvm.org/D21942
llvm-svn: 275107
[asan] Fix unittest Asan-x86_64-inline-Test crashing on Windows64
REAL(memcpy) was used in several places in Asan, while REAL(memmove) was not used.
This CL chooses to patch memcpy() first, solving the crash for unittest.
The crash looks like this:
projects\compiler-rt\lib\asan\tests\default\Asan-x86_64-inline-Test.exe
=================================================================
==22680==ERROR: AddressSanitizer: access-violation on unknown address 0x000000000000 (pc 0x000000000000 bp 0x0029d555f590 sp 0x0029d555f438 T0)
==22680==Hint: pc points to the zero page.
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: access-violation (<unknown module>)
==22680==ABORTING
Patch by: Wei Wang
Differential Revision: http://reviews.llvm.org/D22232
llvm-svn: 275098
This patch adds interceptors for dispatch_io_*, dispatch_read and dispatch_write functions. This avoids false positives when using GCD IO. Adding several test cases.
Differential Revision: http://reviews.llvm.org/D21889
llvm-svn: 275071
Summary:
Adds a new public interface routine __esan_report() which can be used to
request profiling results prior to abnormal termination (e.g., for a server
process killed by its parent where the normal exit does not allow for
normal result reporting).
Implements this for the working-set tool. The cache frag tool is left
unimplemented as it requires missing iteration capabilities.
Adds a new test.
Reviewers: aizatsky
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D22098
llvm-svn: 274964
Summary:
This aims to add support for __cpu_model and address Bug 25510. It uses
the code from lib/Support/Host.cpp for cpu detection, and creates
__cpu_model with that info.
Tested on OSX, it builts successfully, but the current version does
*not* resolve Bug 25510. The __cpu_model symbol is present in the
library but it only gets loaded with -all_load. This patch will not land
until this issue is clarified.
Built on Linux as well (though libgcc is the default). The use of "asm"
required -std=gnu99, hence the cmake change. Corrections on better
addressing this are welcome.
Note: See additional comments on D20988 (committed as r271921).
Reviewers: llvm-commits, joerg, echristo, mehdi_amini
Subscribers: mehdi_amini
Differential revision: http://reviews.llvm.org/D21033
llvm-svn: 274873
Summary:
This aims to add support for __cpu_model and address Bug 25510. It uses the code from lib/Support/Host.cpp for cpu detection, and creates __cpu_model with that info.
Tested on OSX, it builts successfully, but the current version does *not* resolve Bug 25510. The __cpu_model symbol is present in the library but it only gets loaded with -all_load. This patch will not land until this issue is clarified.
Built on Linux as well (though libgcc is the default). The use of "asm" required -std=gnu99, hence the cmake change. Corrections on better addressing this are welcome.
Note: See additional comments on D20988 (committed as r271921).
Reviewers: llvm-commits, joerg, echristo, mehdi_amini
Subscribers: mehdi_amini
Differential Revision: http://reviews.llvm.org/D21033
llvm-svn: 274865
Summary:
Some unittest were not able to run in 64-bit because they need more than
2MB of stack and the default allocated stack with MSVC linker is 1MB.
Reviewers: rnk
Subscribers: wang0109, chrisha, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D22101
llvm-svn: 274785
Summary:
This patch is adding more unittests for testing the interception
of 32-bits code.
Reviewers: rnk
Subscribers: llvm-commits, wang0109, chrisha
Differential Revision: http://reviews.llvm.org/D22077
llvm-svn: 274775
Summary:
This patch is fixing unittests for sanitizer memory allocator.
There was two issues:
1) The VirtualAlloc can't reserve twice a memory range.
The memory space used by the SizeClass allocator is reserved
with NoAccess and pages are commited on demand (using MmapFixedOrDie).
2) The address space is allocated using two VirtualAlloc calls. The first one
for the memory space, the second one for the AdditionnalSpace (after).
On windows, they need to be freed separately.
Reviewers: rnk
Subscribers: llvm-commits, wang0109, kubabrecka, chrisha
Differential Revision: http://reviews.llvm.org/D21900
llvm-svn: 274772
Summary:
The unittest was not freeing the mapped memory.
```
Repeating all tests (iteration 1) . . .
Note: Google Test filter = Allocator.AllocatorCacheDeallocNewThread
[==========] Running 1 test from 1 test case.
[----------] Global test environment set-up.
[----------] 1 test from Allocator
[ RUN ] Allocator.AllocatorCacheDeallocNewThread
[ OK ] Allocator.AllocatorCacheDeallocNewThread (3 ms)
[----------] 1 test from Allocator (4 ms total)
[----------] Global test environment tear-down
[==========] 1 test from 1 test case ran. (5 ms total)
[ PASSED ] 1 test.
Repeating all tests (iteration 2) . . .
Note: Google Test filter = Allocator.AllocatorCacheDeallocNewThread
[==========] Running 1 test from 1 test case.
[----------] Global test environment set-up.
[----------] 1 test from Allocator
[ RUN ] Allocator.AllocatorCacheDeallocNewThread
==4504==WARNING: SanitizerTool failed to mprotect 0x010000003000 (1099511640064) bytes at 0x010000000000 (error code: 48
7)
==4504==Sanitizer CHECK failed: D:/src/llvm/llvm/projects/compiler-rt/lib\sanitizer_common/sanitizer_allocator.h:329 ((kSpaceBeg)) == ((reinterpret_cast<uptr>( MmapFixedNoAccess(kSpaceBeg, TotalSpaceSize)))) (1099511627776, 0)
```
Reviewers: rnk
Subscribers: llvm-commits, kubabrecka, chrisha
Differential Revision: http://reviews.llvm.org/D22094
llvm-svn: 274764
This patch adds synchronization between the creation of the GCD data object and destructor’s execution. It’s far from perfect, because ideally we’d want to synchronize the destruction of the last reference (via dispatch_release) and the destructor’s execution, but intercepting objc_release is problematic.
Differential Revision: http://reviews.llvm.org/D21990
llvm-svn: 274749
Summary:
Adds interception of sigprocmask and pthread_sigmask to esan so that the
working set tool can prevent SIGSEGV from being blocked. A blocked SIGSEGV
results in crashes due to our lazy shadow page allocation scheme.
Adds new sanitizer helper functions internal_sigemptyset and
internal_sigismember.
Adds a test to workingset-signal-posix.cpp.
Reviewers: aizatsky
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D22063
llvm-svn: 274672
Summary:
The CMake generation is not working on Apple.
This patch is disabling the generation until it's fixed.
Reviewers: rnk
Subscribers: tberghammer, chrisha, danalbert, llvm-commits, srhines
Differential Revision: http://reviews.llvm.org/D22066
llvm-svn: 274667
Summary:
Adds support for nullptr as the action parameter to
internal_sigaction_syscall().
Reviewers: aizatsky
Subscribers: kubabrecka, vitalybuka, zhaoqin, kcc, eugenis, llvm-commits
Differential Revision: http://reviews.llvm.org/D22061
llvm-svn: 274665
We already have interceptors for dispatch_source API (e.g. dispatch_source_set_event_handler), but they currently only handle submission synchronization. We also need to synchronize based on the target queue (serial, concurrent), in other words, we need to use dispatch_callback_wrap. This patch implements that.
Differential Revision: http://reviews.llvm.org/D21999
llvm-svn: 274619
In the patch that introduced support for GCD barrier blocks, I removed releasing a group when leaving it (in dispatch_group_leave). However, this is necessary to synchronize leaving a group and a notification callback (dispatch_group_notify). Adding this back, simplifying dispatch_group_notify_f and adding a test case.
Differential Revision: http://reviews.llvm.org/D21927
llvm-svn: 274549
Because we use SCOPED_TSAN_INTERCEPTOR in the dispatch_once interceptor, the original dispatch_once can also be sometimes called (when ignores are enabled or when thr->is_inited is false). However the original dispatch_once function doesn’t expect to find “2” in the storage and it will spin forever (but we use “2” to indicate that the initialization is already done, so no waiting is necessary). This patch makes sure we never call the original dispatch_once.
Differential Revision: http://reviews.llvm.org/D21976
llvm-svn: 274548
Summary:
The debug information is not present due to a mis named variabl in
the cmake files.
Reviewers: rnk
Subscribers: kubabrecka, wang0109, llvm-commits, chrisha
Differential Revision: http://reviews.llvm.org/D21938
llvm-svn: 274386
Summary:
The thread specific key wasn't not released.
Running the unittest in loop will fail after 1024 iteraions.
```
./projects/compiler-rt/lib/sanitizer_common/tests/Sanitizer-i386-Test --gtest_filter=SanitizerCommon.PthreadDestructorIterations --gtest_repeat=2000 --gtest_break_on_failure
```
```
Repeating all tests (iteration 1023) . . .
Note: Google Test filter = SanitizerCommon.PthreadDestructorIterations
[==========] Running 1 test from 1 test case.
[----------] Global test environment set-up.
[----------] 1 test from SanitizerCommon
[ RUN ] SanitizerCommon.PthreadDestructorIterations
/usr/local/google/home/etienneb/llvm/llvm/projects/compiler-rt/lib/sanitizer_common/tests/sanitizer_posix_test.cc:54: Failure
Value of: pthread_key_create(&key, &destructor)
Actual: 11
Expected: 0
Aborted (core dumped)
```
Reviewers: rnk
Subscribers: kubabrecka, llvm-commits, chrisha
Differential Revision: http://reviews.llvm.org/D21902
llvm-svn: 274264
Summary:
The FlagParser is populating a static global class with the
unrecognized flags when parsing. That global class has a
dcheck that limit the number of unrecognized flag to 20.
```
class UnknownFlags {
static const int kMaxUnknownFlags = 20;
const char *unknown_flags_[kMaxUnknownFlags];
int n_unknown_flags_;
[...]
void Report() {
if (!n_unknown_flags_) return;
Printf("WARNING: found %d unrecognized flag(s):\n", n_unknown_flags_);
for (int i = 0; i < n_unknown_flags_; ++i)
Printf(" %s\n", unknown_flags_[i]);
n_unknown_flags_ = 0;
}
};
UnknownFlags unknown_flags;
```
Unittests based on that class must reset the counter 'n_unknown_flags_' or
the next usage of that class may fail arbitrary. This can be done by
reporting the pending unknown flags.
Reviewers: rnk
Subscribers: llvm-commits, wang0109, kubabrecka, chrisha
Differential Revision: http://reviews.llvm.org/D21896
llvm-svn: 274234
Summary:
The unittest 'ThreadRegistryThreadedTest' is failing when running in loop.
There are global variables that need to be cleared.
To repro:
```
projects\compiler-rt\lib\sanitizer_common\tests\Release\Sanitizer-x86_64-Test.exe --gtest_filter=SanitizerCommon.ThreadRegistryThreadedTest --gtest_repeat=2
```
Output:
```
Repeating all tests (iteration 1) . . .
Note: Google Test filter = SanitizerCommon.ThreadRegistryThreadedTest
[==========] Running 1 test from 1 test case.
[----------] Global test environment set-up.
[----------] 1 test from SanitizerCommon
[ RUN ] SanitizerCommon.ThreadRegistryThreadedTest
[ OK ] SanitizerCommon.ThreadRegistryThreadedTest (1 ms)
[----------] 1 test from SanitizerCommon (1 ms total)
[----------] Global test environment tear-down
[==========] 1 test from 1 test case ran. (2 ms total)
[ PASSED ] 1 test.
Repeating all tests (iteration 2) . . .
Note: Google Test filter = SanitizerCommon.ThreadRegistryThreadedTest
[==========] Running 1 test from 1 test case.
[----------] Global test environment set-up.
[----------] 1 test from SanitizerCommon
[ RUN ] SanitizerCommon.ThreadRegistryThreadedTest
C:/src/llvm/llvm/projects/compiler-rt/lib/sanitizer_common/tests/sanitizer_thread_registry_test.cc(216): error: Value of: num_created[0]
Actual: 2
Expected: 1
C:/src/llvm/llvm/projects/compiler-rt/lib/sanitizer_common/tests/sanitizer_thread_registry_test.cc(217): error: Value of: num_started[0]
Actual: 2
Expected: 1
C:/src/llvm/llvm/projects/compiler-rt/lib/sanitizer_common/tests/sanitizer_thread_registry_test.cc(220): error: Value of: num_created[i]
[...]
[ FAILED ] SanitizerCommon.ThreadRegistryThreadedTest (294 ms)
[----------] 1 test from SanitizerCommon (294 ms total)
[----------] Global test environment tear-down
[==========] 1 test from 1 test case ran. (299 ms total)
[ PASSED ] 0 tests.
[ FAILED ] 1 test, listed below:
[ FAILED ] SanitizerCommon.ThreadRegistryThreadedTest
1 FAILED TEST
```
Reviewers: rnk
Subscribers: llvm-commits, wang0109, kubabrecka, chrisha
Differential Revision: http://reviews.llvm.org/D21886
llvm-svn: 274231
Summary:
This patch is fixing unittests that are broken on windows (64-bits).
Tests under 'SANITIZER_CAN_USE_ALLOCATOR64' are disabled.
A custom allocator for windows based on WinHeap API will replace these tests.
Tested on Win32/Win64 (Ninja and MSVC).
Tested on Linux 32-bit/64-bit clang.
```
C:\src\llvm\build64\projects\compiler-rt>lib\sanitizer_common\tests\Release\Sanitizer-x86_64-Test.exe
[==========] Running 101 tests from 12 test cases.
[----------] Global test environment set-up.
[----------] 51 tests from SanitizerCommon
[ RUN ] SanitizerCommon.DefaultSizeClassMap
[ OK ] SanitizerCommon.DefaultSizeClassMap (1 ms)
[ RUN ] SanitizerCommon.CompactSizeClassMap
[ OK ] SanitizerCommon.CompactSizeClassMap (1 ms)
[ RUN ] SanitizerCommon.InternalSizeClassMap
[ OK ] SanitizerCommon.InternalSizeClassMap (1 ms)
[ RUN ] SanitizerCommon.SizeClassAllocator32Compact
[ OK ] SanitizerCommon.SizeClassAllocator32Compact (828 ms)
[ RUN ] SanitizerCommon.SizeClassAllocator32CompactMetadataStress
[ OK ] SanitizerCommon.SizeClassAllocator32CompactMetadataStress (914 ms)
[ RUN ] SanitizerCommon.SizeClassAllocator32MapUnmapCallback
[...]
[----------] 4 tests from Symbolizer
[ RUN ] Symbolizer.ExtractToken
[ OK ] Symbolizer.ExtractToken (0 ms)
[ RUN ] Symbolizer.ExtractInt
[ OK ] Symbolizer.ExtractInt (0 ms)
[ RUN ] Symbolizer.ExtractUptr
[ OK ] Symbolizer.ExtractUptr (0 ms)
[ RUN ] Symbolizer.ExtractTokenUpToDelimiter
[ OK ] Symbolizer.ExtractTokenUpToDelimiter (0 ms)
[----------] 4 tests from Symbolizer (24 ms total)
[----------] Global test environment tear-down
[==========] 101 tests from 12 test cases ran. (5090 ms total)
[ PASSED ] 101 tests.
```
Reviewers: rnk
Subscribers: chrisha, wang0109, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D21817
llvm-svn: 274174
Summary:
The build bot is broken because the runtime library doesn't have
debug information.
This is broken due to a recent change:
http://reviews.llvm.org/D21554
Reviewers: rnk
Subscribers: kubabrecka, llvm-commits, chrisha
Differential Revision: http://reviews.llvm.org/D21862
llvm-svn: 274172
Summary:
On windows, the debug information was not present in the unittest executables,
which make them hard to debug.
The Sanitizer Unittests are compiled with a local clang build.
The link pass is also done by calling clang.
This pass is adding the appropriate flags to bring the right debug information
to these executables.
Reviewers: rnk
Subscribers: kubabrecka, llvm-commits, wang0109, chrisha
Differential Revision: http://reviews.llvm.org/D21838
llvm-svn: 274153
The dispatch_group_async interceptor actually extends the lifetime of the executed block. This means the destructor of the block (and captured variables) is called *after* dispatch_group_leave, which changes the semantics of dispatch_group_async. This patch fixes that.
Differential Revision: http://reviews.llvm.org/D21816
llvm-svn: 274117
Adding support for GCD barrier blocks in concurrent queues. This uses two sync object in the same way as read-write locks do. This also simplifies the use of dispatch groups (the notifications act as barrier blocks).
Differential Revision: http://reviews.llvm.org/D21604
llvm-svn: 273893
The non-barrier versions of OSAtomic* functions are semantically mo_relaxed, but the two variants (e.g. OSAtomicAdd32 and OSAtomicAdd32Barrier) are actually aliases of each other, and we cannot have different interceptors for them, because they're actually the same function. Thus, we have to stay conservative and treat the non-barrier versions as mo_acq_rel.
Differential Revision: http://reviews.llvm.org/D21733
llvm-svn: 273890
On OS X, we often get stack trace in a report that ends with a 0x0 frame. To get rid of it, let's trim the stack trace when we find a close-to-zero value, which is obviously not a valid PC.
Differential Revision: http://reviews.llvm.org/D14656
llvm-svn: 273886
There is a "well-known" TSan false positive when using C++ weak_ptr/shared_ptr and code in destructors, e.g. described at <https://llvm.org/bugs/show_bug.cgi?id=22324>. The "standard" solution is to build and use a TSan-instrumented version of libcxx, which is not trivial for end-users. This patch tries a different approach (on OS X): It adds an interceptor for the specific function in libc++.dylib, which implements the atomic operation that needs to be visible to TSan.
Differential Revision: http://reviews.llvm.org/D21609
llvm-svn: 273806
These routines do not require executable stacks. However, by default ELFish
linkers may assume an executable stack on GNUish environments (and some non-GNU
ones too!). The GNU extension to add a note to indicate a non-executable stack
is honoured by these environments to mark the stack as non-executable (the
compiler normally emits this directive on appropriate targets whenever
possible). This allows normal builds from getting executable stacks due to
linking to the compiler rt builtins.
llvm-svn: 273500
Add the two public functions I added in my last commit in asan_win_dll_thunk.cc
Author: blastrock (Philippe Daouadi)
Reviewed in http://reviews.llvm.org/D21557
llvm-svn: 273288
This is part of the effort for asan to support Windows 64 bit.
Patch by Wei Wang
Differential Revision: http://reviews.llvm.org/D21525
llvm-svn: 273270
Summary:
The MSVC compiler complains about implicit conversion of 32-bits constant to
64-bit when using this shiting pattern 1 << (<64-bit expr>).
Reviewers: rnk
Subscribers: kcc, llvm-commits, wang0109, kubabrecka, chrisha
Differential Revision: http://reviews.llvm.org/D21524
llvm-svn: 273267
This patch adds the __sanitizer_start_switch_fiber and
__sanitizer_finish_switch_fiber methods inspired from what can be found here
2ea64dd249 .
These methods are needed when the compiled software needs to implement
coroutines, fibers or the like. Without a way to annotate them, when the program
jumps to a stack that is not the thread stack, __asan_handle_no_return shows a
warning about that, and the fake stack mechanism may free fake frames that are
still in use.
Author: blastrock (Philippe Daouadi)
Reviewed in http://reviews.llvm.org/D20913
llvm-svn: 273260
On PowerPC, if binutils and glibc are new enough, the linker uses
an optimized code sequence to implement __tls_get_addr call stub,
which will end up calling __tls_get_addr_opt instead of __tls_get_addr.
Thus, we need to intercept it in addition to __tls_get_addr.
This symbol is actually an alias of __tls_get_addr - its only purpose
is that its presence in glibc triggers the optimization in linker.
This means we can make our own intercepting symbol an alias as well.
This patch will make the linker attempt optimization even on older
glibc's (since it sees a defined __tls_get_addr_opt symbol in msan)
- however, this is only a very minor performance problem (the linker
generated code will never recognize a filled static TLS descriptor,
always burning a few cycles), not a correctness problem.
This fixes MSan's dtls_test.c, allowing us to finally enable MSan
on PowerPC64.
llvm-svn: 273250
Dstaddr may contain uninitialized padding at the end (common
implementations accept larger addrlen and ignore the extra bytes).
Also, depending on the socket state, dstaddr argument may be ignored.
llvm-svn: 273205
s390 is special again - instead of __tls_get_addr, it has __tls_get_offset
with special calling conventions: the result is TP relative, and
the argument is GOT-relative. Since we need to get address of the caller's
GOT, which is in %r12, we have to use assembly like glibc does.
Aside of __tls_get_offset, glibc also implements a slightly saner
__tls_get_addr_internal, which takes a pointer as argument, but still
returns a TP-relative offset. It is used for dlsym() called on TLS
symbols, so we have to intercept it was well. Our __tls_get_offset
is also implemented by delegating to it.
Differential Revision: http://reviews.llvm.org/D19778
llvm-svn: 273041
Here's the warnings and how they were fixed:
- InstrProfilingUtil.c(110): warning C4013: '_open_osfhandle' undefined; assuming extern returning int
Include io.h to get the prototype.
- warning C4005: 'FILE_MAP_EXECUTE': macro redefinition
Stop trying to support pre-XP versions of Windows, don't attempt to
define this macro.
- InstrProfilingWriter.c(271): warning C4221: nonstandard extension used: 'Data': cannot be initialized using address of automatic variable 'Header'
- InstrProfilingWriter.c(275): warning C4221: nonstandard extension used: 'Data': cannot be initialized using address of automatic variable 'Zeroes'
Turn this warning off. This is definitely legal in C++, all compilers
accept it, and I only have room for half of one language standard in my
brain.
- InstrProfilingValue.c(320): warning C4113: 'uint32_t (__cdecl *)()' differs in parameter lists from 'uint32_t (__cdecl *)(void)'
Fix this with an explicit (void) in the prototype.
- InstrProfilingMerge.c.obj : warning LNK4006: _VPMergeHook already defined in InstrProfilingMergeFile.c.obj; second definition ignored
Last remaining warning. This is from linking a selectany definition with
a strong definition. We need to sort out weak symbols in compiler-rt in
general, though.
llvm-svn: 273026
- Fixes warnings about the ignored -fms-compatibility-version flag.
- Fixes warnings about overriding /W4 with /W3 and back.
- Fixes a warning where PREFETCH() expanded to nothing in a braceless if
block.
llvm-svn: 273021
Summary:
Adds the struct field size array in the struct StructInfo.
Prints struct field size info in the report.
Reviewers: aizatsky
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, bruening, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D21342
llvm-svn: 272988
Fixes another interceptor issue where an app with a static tcmalloc
library that prevents our early-calloc handling from triggering yet
does not have a static mmap crashes in our mmap interceptor. The
solution is to call internal_mmap when REAL(mmap) is not yet set up.
llvm-svn: 272870
Summary:
Reports the struct field access info only if it has been used at least
once.
Adds type printing size limit.
Formats the cache_frag.cpp with clang-format.
Reviewers: bruening
Subscribers: llvm-commits, eugenis, kcc, zhaoqin, vitalybuka, aizatsky, kubabrecka
Differential Revision: http://reviews.llvm.org/D21351
llvm-svn: 272810
that makes allocation fail. "UL" is 32-bit and shift by 40 will make
the value overflow and become 0.
Patch by Wei Wang
Differential Revision: http://reviews.llvm.org/D21310
llvm-svn: 272689
Summary:
Adds a version of sigaction that uses a raw system call, to avoid circular
dependencies and support calling sigaction prior to setting up
interceptors. The new sigaction relies on an assembly sigreturn routine
for its restorer, which is Linux x86_64-only for now.
Uses the new sigaction to initialize the working set tool's shadow fault
handler prior to libc interceptor being set up. This is required to
support instrumentation invoked during interceptor setup, which happens
with an instrumented tcmalloc or other allocator compiled with esan.
Adds a test that emulates an instrumented allocator.
Reviewers: aizatsky
Subscribers: vitalybuka, tberghammer, zhaoqin, danalbert, kcc, srhines, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D21083
llvm-svn: 272676
Summary:
Adds a version of sigaction that uses a raw system call, to avoid circular
dependencies and support calling sigaction prior to setting up
interceptors. The new sigaction relies on an assembly sigreturn routine
for its restorer, which is Linux x86_64-only for now.
Uses the new sigaction to initialize the working set tool's shadow fault
handler prior to libc interceptor being set up. This is required to
support instrumentation invoked during interceptor setup, which happens
with an instrumented tcmalloc or other allocator compiled with esan.
Adds a test that emulates an instrumented allocator.
Reviewers: aizatsky
Subscribers: vitalybuka, tberghammer, zhaoqin, danalbert, kcc, srhines, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D21083
llvm-svn: 272591
Summary:
Adds a version of sigaction that uses a raw system call, to avoid circular
dependencies and support calling sigaction prior to setting up
interceptors. The new sigaction relies on an assembly sigreturn routine
for its restorer, which is Linux x86_64-only for now.
Uses the new sigaction to initialize the working set tool's shadow fault
handler prior to libc interceptor being set up. This is required to
support instrumentation invoked during interceptor setup, which happens
with an instrumented tcmalloc or other allocator compiled with esan.
Adds a test that emulates an instrumented allocator.
Reviewers: aizatsky
Subscribers: vitalybuka, tberghammer, zhaoqin, danalbert, kcc, srhines, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D21083
llvm-svn: 272553
Summary:
Adds the struct field offset array in the struct StructInfo.
Prints struct size and field offset info in the report.
Reviewers: aizatsky
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, bruening, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D21191
llvm-svn: 272363
- lprofCurFilename was intended to have external visibility. This is
pending further discussion.
- The raw version number doesn't need to be hidden: hiding it may make
it easier to accidentally combine FE/IR profiles.
See the mailing list discussion on r272081.
llvm-svn: 272089
There are still a few external symbols visible from InstrProfData.inc.
The plan for dealing with those isn't as straightforward, so I'll try it
in a separate commit.
llvm-svn: 272081
Summary:
When tcmalloc initializes before esan, esan's initialization ends up
calling back into tcmalloc due to the calloc done by dlsym. This results
in a deadlock. We avoid this by special-casing this single allocation.
Intercepting calloc also gives us the opportunity to act on its zeroing as
stores by the application.
Reviewers: aizatsky
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D21086
llvm-svn: 272076
Removing some preprocessor #if’s in favor of regular if’s. However, we need to declare empty stub functions to avoid linker errors.
Differential Revision: http://reviews.llvm.org/D20911
llvm-svn: 272047
GLIBC now follows POSIX [1] for both msghdr and cmsghdr definitions,
which means that msg_iovlen, msg_controllen, and cmsg_len are no
longer size_t but sockelen_t for 64-bits architectures. The final struct
size does not change, since paddings were added.
This patch fixes the build issue against GLIBC 2.24 socket.h header by
using the same definition for internal __sanitizer_msghdr and
__sanitizer_cmsghdr.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/
llvm-svn: 272008
Summary:
This is an initial implementation of a Hardened Allocator based on Sanitizer Common's CombinedAllocator.
It aims at mitigating heap based vulnerabilities by adding several features to the base allocator, while staying relatively fast.
The following were implemented:
- additional consistency checks on the allocation function parameters and on the heap chunks;
- use of checksum protected chunk header, to detect corruption;
- randomness to the allocator base;
- delayed freelist (quarantine), to mitigate use after free and overall determinism.
Additional mitigations are in the works.
Reviewers: eugenis, aizatsky, pcc, krasin, vitalybuka, glider, dvyukov, kcc
Subscribers: kubabrecka, filcab, llvm-commits
Differential Revision: http://reviews.llvm.org/D20084
llvm-svn: 271968
This patch replaces all uses of __libc_malloc and friends with the internal allocator.
It seems that the only reason why we have calls to __libc_malloc in the first place was the lack of the internal allocator at the time. Using the internal allocator will also make sure that the system allocator is never used (this is the same behavior as ASan), and we don’t have to worry about working with unknown pointers coming from the system allocator.
Differential Revision: http://reviews.llvm.org/D21025
llvm-svn: 271916
Some known issues are:
When "head" include instructions that involve branching, the "cut and paste" approach may break down in a way that function interception still work but calling back the original function does not work.
The jmp [rip -8] saves some bytes in the "head" but finding the safe zone of 0xCC is not implemented yet. So it may stomp on preceding codes.
The shadow offset is not working yet on Win64. More complexity maybe involved since there are some differences regarding virtual address space between Window 8 and Windows 8.1/10.
Patch by: Wang Wei
Differential Revision: http://reviews.llvm.org/D20884
llvm-svn: 271915
This is a very simple optimization that gets about 10% speedup for certain programs. We’re currently storing the pointer to the main thread’s ThreadState, but we can store the state directly in a static variable, which avoid the load acquire.
Differential Revision: http://reviews.llvm.org/D20910
llvm-svn: 271906
(Part-1 merging API is in profile runtime)
This patch implements a portable file opening API
with exclusive access for the process. In-process
profile merge requires profile file update to be
atomic/fully sychronized.
llvm-svn: 271864
We're not building the Go runtime with -mmacosx-version-min, which means it'll have a minimum deployment target set to the system you're building on. Let's make the code compile (and link) with -mmacosx-version-min=10.7.
Differential Revision: http://reviews.llvm.org/D20670
llvm-svn: 271833
Summary:
Adds initialization of esan's runtime library during any early interceptors
that are sometimes called prior to the official __esan_init() invocation
(we see this with apps using tcmalloc).
Adds handling of interceptors called during interceptor initialization.
Reviewers: aizatsky
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D20976
llvm-svn: 271744
Summary:
Computes the struct field access variation based on each field access
count.
Adds a flag to control the report thresholds.
Updates struct-simple.cpp with variance report output.
Reviewers: aizatsky
Subscribers: kubabrecka, zhaoqin, llvm-commits, eugenis, vitalybuka, kcc, bruening
Differential Revision: http://reviews.llvm.org/D20914
llvm-svn: 271734
Summary:
Adds a global variable to specify the tool, to support handling early
interceptors that invoke instrumented code, thus requiring shadow memory to
be initialized prior to __esan_init() being invoked.
Reviewers: aizatsky
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D20974
llvm-svn: 271714
Summary:
Adds a new option -snapshot_step controlling the frequency distribution for
an 8-level series of samples using each bit of each shadow byte.
Implements accumulation from each level to the next higher level at the
specified frequency.
Adds storage of the 8 series of samples using CircularBuffer instances.
Fixes an error in the circular buffer data structure where a static
object's destructor will be called too early.
Prints the results out at the end in a simple manner to give us something
to start with.
Updates the workingset-samples test to test the new feature.
Reviewers: aizatsky
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D20833
llvm-svn: 271683
Summary:
Adds support for creating a separate thread for performing "sideline"
actions on a periodic basis via an itimer. A new class SidelineThread
implements this feature, exposing a sampling callback to the caller.
Adds initial usage of sideline sampling to the working set tool. For now
it simply prints the usage at each snapshot at verbosity level 1. Adds a
test of this behavior. Adds a new option -record_snapshots to control
whether we sample and a new option -sample_freq to control the periodicity
of the sampling.
Reviewers: aizatsky
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D20751
llvm-svn: 271682
The new annotation was added a while ago, but was not actually used.
Use the annotation to detect linker-initialized mutexes instead
of the broken IsGlobalVar which has both false positives and false
negatives. Remove IsGlobalVar mess.
llvm-svn: 271663
Summary:
Implements real_sigaction() which it turns out is required for
internal_sigaction() to bypass the libc interceptors.
Without real_sigaction(), our internal_sigaction() calls during init happen
to work due to the EsanDuringInit check in COMMON_INTERCEPTOR_ENTER (though
even here it does not feel right for an "internal_" call to go through the
interceptor). The real problem is when we call internal_sigaction() after
we're initialized, which only happens on an unhandled SIGSEGV for which the
app has no handler: then we'll spin in an infinite loop as our attempts to
remove our own handler repeatedly fail. It's not easy to add a test for
that, unfortunately.
Reviewers: aizatsky
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D20832
llvm-svn: 271626
Summary:
Adds the call needed to cache the binary name to support the sanitizer
option log_exe_name for usable log file results when running multiple
applications. Adds a test.
Reviewers: aizatsky
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D20747
llvm-svn: 271586
Currently the added test produces false race reports with glibc 2.19,
because DLTS memory is reused by pthread under the hood.
Use the DTLS machinery to intercept new DTLS ranges.
__tls_get_addr known to cause issues for tsan in the past,
so write the interceptor more carefully.
Reviewed in http://reviews.llvm.org/D20927
llvm-svn: 271568
Summary:
Adds StructInfo to CacheFragInfo to match the LLVM's EfficiencySanitizer
structs.
Uses StructHashMap to keep track of the struct info used by the app.
Adds registerStructInfo/unregisterStructInfo to add/remove struct infos
to/from StructHashMap.
updates test struct-simple.cpp with more C structs.
Reviewers: aizatsky, filcab
Subscribers: filcab, zhaoqin, llvm-commits, eugenis, vitalybuka, kcc, bruening, kubabrecka
Differential Revision: http://reviews.llvm.org/D20590
llvm-svn: 271564
Summary:
This CL adds a weak check for a Vtable prefix: for a well-formed
Vtable, we require the prefix to be within [-1<<20; 1<<20].
Practically, this solves most of the known cases when UBSan segfaults
without providing any useful diagnostics.
Reviewers: pcc
Subscribers: kubabrecka
Differential Revision: http://reviews.llvm.org/D19750
llvm-svn: 271560
Summary:
Adds a new class, CircularBuffer, for holding a wrap-around fixed-size
sequence of a primitive data type. This will be used initially by the
working set tool.
Adds a unit test for CircularBuffer, including infrastructure support to
include esan headers and to link with the esan library by pretending to
want the working set tool.
Reviewers: aizatsky, filcab
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D20579
llvm-svn: 271286
Summary:
Adds iteration of all application memory in an efficient manner using
shadow faults. Shadow memory starts out inaccessible and we mark it
writable one page at a time on each fault when the instrumentation touches
it. This allows iteration over just the mapped shadow memory, saving
significant time.
Adds a process-end iteration and pretty-printing of the final result.
Adds a new test and updates the existing tests.
Reviewers: aizatsky, filcab
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D20578
llvm-svn: 271277
Summary:
In preparation for fault-based shadow memory iteration, we add support for
our own signal handler by adding app signal handler interception as well as
chaining for SIGSEGV. This is done in a simple manner: we do not honor the
app's alternate stack nor any sigaction flags for SIGSEGV.
Adds a new test of transparency in app signal handling.
Reviewers: aizatsky
Subscribers: filcab, kubabrecka, vitalybuka, zhaoqin, kcc, eugenis, llvm-commits
Differential Revision: http://reviews.llvm.org/D20577
llvm-svn: 271272
A signal can be delivered after TryLock but before StartReporting in ScopedInErrorReport, causing a deadlock. Fixing this by statically initializing reporting_thread_tid_ to kInvalidTid.
Differential Revision: http://reviews.llvm.org/D20524
llvm-svn: 271256
Summary:
Adds detection of large stack size rlimits (over 1 TB or unlimited), which
results in an mmap location that our shadow mapping does not support. We
re-exec the application in this situation. Adds a test of this behavior.
Adds general detection of mmap regions outside of our app regions. In the
future we want to try to adaptively handle these but for now we abort.
Moves the existing Linux-specific mmap code into a platform-specific file
where the new rlimit code lives.
Reviewers: eugenis
Subscribers: vitalybuka, zhaoqin, kcc, aizatsky, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D20745
llvm-svn: 271079
Summary:
As suggested by kcc@ in http://reviews.llvm.org/D20084#441418, move the CheckFailed and Die functions, and their associated callback functionalities in their own separate file.
I expended the build rules to include a new rule that would not include those termination functions, so that another project can define their own.
The tests check-{a,t,m,ub,l,e,df}san are all passing.
Reviewers: llvm-commits, kcc
Subscribers: kubabrecka
Differential Revision: http://reviews.llvm.org/D20742
llvm-svn: 271055
It's fixing compilation errors. The runtime is not yet working.
Missing features:
OverrideFunction for x64
an equiv function for inline asm (atomic_compare_exchange_strong)
shadow memory offset needs to be adjusted
RoundUpToInstrBoundary for x64
They will be implemented by subsequent patches.
Patch by Wei Wang.
Differential revision: http://reviews.llvm.org/D20455
llvm-svn: 271049
The max warning check was masking the "return 0" codepath.
See the thread "Warnings and compile-time failure on 458.sjeng" for more
info.
llvm-svn: 270762
After r270617 I am getting an error when building:
projects/compiler-rt/lib/profile/InstrProfilingFile.c:33:36:
error: missing field 'PidChars' initializer
[-Werror,-Wmissing-field-initializers]
lprofFilename lprofCurFilename = {0};
^
Fix the aggregate initializer.
llvm-svn: 270697
Summary:
Adds the base runtime library for the working set tool.
Adds slowpath code for updating the shadow memory.
To be added in the future:
+ Scan memory and report the total size.
+ Take samples for intermediate values.
Reviewers: aizatsky
Subscribers: kubabrecka, vitalybuka, zhaoqin, kcc, eugenis, llvm-commits
Differential Revision: http://reviews.llvm.org/D20485
llvm-svn: 270650
Summary:
Adds processCompilationUnitInit and processCompilationUnitExit
for compilation unit init/exit.
Adds a tool-specific argument passed to esan_init.
Adds the dtor and esan_exit called from the dtor.
A test will be added separately (adding it here results in failure until
the corresponding compilation patch is in place).
Reviewers: aizatsky
Subscribers: kubabrecka, bruening, kcc, vitalybuka, eugenis, llvm-commits
Differential Revision: http://reviews.llvm.org/D20486
llvm-svn: 270624
In one of the already existing apps that I'm testing TSan on, I really see a mutex path that is longer than 10 (but not by much, something like 11-13 actually). Let's raise this to 20 and weaken the assertion so we don't crash.
Differential Revision: http://reviews.llvm.org/D20427
llvm-svn: 270319
Summary:
Adds custom flag support to EfficiencySanitizer's runtime library.
Adds an initial flag cache_line_size which will be used by multiple tools.
Reviewers: aizatsky, vitalybuka
Subscribers: llvm-commits, eugenis, kcc, zhaoqin, aizatsky, kubabrecka
Differential Revision: http://reviews.llvm.org/D20478
llvm-svn: 270256
Summary:
Adds support for app libraries starting slightly below 0x7f00'00000000 (the
mmap ASLR range extends down to 0x7efb'f8000000 for reasonable stack
limits) by switching to a shadow mapping offset of 0x1300'00000000.
Reviewers: aizatsky
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, llvm-commits, kubabrecka
Differential Revision: http://reviews.llvm.org/D20479
llvm-svn: 270255
We're missing interceptors for dispatch_after and dispatch_after_f. Let's add them to avoid false positives. Added a test case.
Differential Revision: http://reviews.llvm.org/D20426
llvm-svn: 270071
Summary:
Adds *fstat to the common interceptors.
Removes the now-duplicate fstat interceptor from msan/tsan
This adds fstat to asan/esan, which previously did not intercept it.
Resubmit of http://reviews.llvm.org/D20318 with ios build fixes.
Reviewers: eugenis, vitalybuka, aizatsky
Subscribers: zaks.anna, kcc, bruening, kubabrecka, srhines, danalbert, tberghammer
Differential Revision: http://reviews.llvm.org/D20350
llvm-svn: 269981
The previous patch (r269291) was reverted (commented out) because the patch caused leaks that
were detected by LSan and they broke some lit tests. The actual reason was that dlsym allocates
an error string buffer in TLS, and some LSan lit tests are intentionally not scanning TLS for
root pointers. This patch simply makes LSan ignore the allocation from dlsym, because it's
not interesting anyway.
llvm-svn: 269917
There is no frame validity check in the slow unwinder like there is in the fast unwinder due to which lsan reports a leak even for heap allocated coroutine in the test swapcontext.cc. Since mips/linux uses slow unwindwer instead of fast unwinder, the test fails for mips/linux. Therefore adding the checks before unwinding fixes the test for mips/linux.
Reviewed by aizatsky.
Differential: http://reviews.llvm.org/D19961
llvm-svn: 269882
Summary:
Adds *fstat to the common interceptors.
Removes the now-duplicate fstat interceptor from msan/tsan
This adds fstat to asan/esan, which previously did not intercept it.
Reviewers: eugenis, vitalybuka, aizatsky
Subscribers: tberghammer, danalbert, srhines, kubabrecka, bruening, kcc
Differential Revision: http://reviews.llvm.org/D20318
llvm-svn: 269856
The ignore_interceptors_accesses setting did not have an effect on mmap, so
let's change that. It helps in cases user code is accessing the memory
written to by mmap when the synchronization is ensured by the code that
does not get rebuilt.
(This effects Swift interoperability since it's runtime is mapping memory
which gets accessed by the code emitted into the Swift application by the
compiler.)
Differential Revision: http://reviews.llvm.org/D20294
llvm-svn: 269855
Fixes a bug in checking the endpoint of a shadow region and removes an
invalid check (both introduced in http://reviews.llvm.org/rL269198).
llvm-svn: 269834
http://reviews.llvm.org/rL269291 introduced a memory leak.
Disabling offending call temprorary rather than rolling back the chain
of CLs.
llvm-svn: 269799
Fix https://llvm.org/bugs/show_bug.cgi?id=27673.
Currenty ASan checks the return value of real recv/recvfrom to see if the written bytes fit in the buffer. That works fine most of time.
However, there is an exception: (from the RECV(2) man page)
MSG_TRUNC (since Linux 2.2)
... return the real length of the packet or datagram, even when it was longer than the passed buffer. ...
Some programs combine MSG_TRUNC, MSG_PEEK and a single-byte buffer to peek the incoming data size without reading (much of) them. In this case,
the return value is usually longer than what's been written and ASan raises a false alarm here. To avoid such false positive reports,
we can use min(res, len) in COMMON_INTERCEPTOR_WRITE_RANGE checks.
Differential Revision: http://reviews.llvm.org/D20280
llvm-svn: 269749
licensees actually see in the toolchain we deliver to them. This will
reduce the set of local patches we have to maintain. The triple is
not changing. (The term ORBIS is an internal code name for PS4.)
llvm-svn: 269672
Summary:
When using a multi-configuration build (i.e. MSVC) the output path where
libraries are dropped is incorrect.
Example:
```
C:\src\llvm\examples>d:\src\llvm\build\Release\bin\clang-cl.exe -fsanitize=address test.cc
LINK : fatal error LNK1181: cannot open input file 'd:\src\llvm\build\Release\bin\..\lib\clang\3.9.0\lib\windows\clang_rt.asan-i386.lib'
```
The dropped executable path contains the configuration 'Release':
```
'd:\src\llvm\build\Release\bin\..\lib\clang\3.9.0\lib\windows\Release\clang_rt.asan-i386.lib'
```
The variable 'RUNTIME_OUTPUT_DIRECTORY' is used to specify the output directory.
But CMAKE is appending the current configuration (i.e. Debug, Release).
see: https://cmake.org/cmake/help/v3.0/prop_tgt/RUNTIME_OUTPUT_DIRECTORY.html
```
"Multi-configuration generators (VS, Xcode) append a per-configuration subdirectory to the specified directory."
```
To avoid this problem, the configuration specific variable must be set:
'RUNTIME_OUTPUT_DIRECTORY_DEBUG', 'RUNTIME_OUTPUT_DIRECTORY_RELEASE', and so on.
Reviewers: ddunbar, chapuni, rnk
Subscribers: kubabrecka, llvm-commits
Differential Revision: http://reviews.llvm.org/D20261
llvm-svn: 269658
This patch tries to fix https://llvm.org/bugs/show_bug.cgi?id=27310 by using the same hack for malloc as we use for calloc: allocate corresponding memory from internal buffer when ASan is not initialized.
This way we could avoid nasty '==6987==AddressSanitizer CHECK failed: ../../../../libsanitizer/asan/asan_rtl.cc:556 "((!asan_init_is_running && "ASan init calls itself!")) != (0)" (0x0, 0x0)' errors in
environments with glibc 2.23+ in use, where _dl_signal_error, called from dlsym for undefined symbols calls malloc in order to get a buffer for error message.
Differential Revision: http://reviews.llvm.org/D20235
llvm-svn: 269633
This is part-3 of the effort to eliminate dependency on
libc allocator in instr profiler runtime. With this change,
the profile dumper is completely free of malloc/calloc.
Value profile instr API implementation is the only remaining
piece with calloc dependency.
llvm-svn: 269576
This reverts commit r269493 as the corresponding LLVM commit was
reverted due to lots of warnings. See the review thread for the original
LLVM commit (r269491) for details.
llvm-svn: 269550
With this change, dynamic memory allocation is only used
for testing purpose. This change is one of the many steps to
make instrument profiler dynamic allocation free.
llvm-svn: 269453
The introduction of the Swift demangler now causes an assertion failure when we
try to demangle nullptr, but we used to allow that (and return nullptr back).
This situation is rare, but it can still happen. Let's allow nullptr.
llvm-svn: 269302
Summary:
On a 32-bit MIPS, the `ld` instruction does not exist. However, GAS has an `ld`
macro that expands to a pair of `lw` instructions which load to a pair of
registers (reg, and reg+1). This macro is not available in the Integrated
Assembler and its use causes -fintegrated-as builds to fail. Even if it were
available, the behaviour on 32-bit MIPS would be incorrect since the current
usage of `ld` causes the code to clobber $5 (which is supposed to hold
child_stack). It also clobbers $k0 which is reserved for kernel use.
Aside from enabling builds with the integrated assembler, there is no functional
change since internal_clone() is only used by StopTheWorld() which is only used
by 64-bit sanitizers.
Reviewers: kcc, sagar
Subscribers: mohit.bhakkad, jaydeep, sagar, llvm-commits
Differential Revision: http://reviews.llvm.org/D18753
llvm-svn: 269297
To invoke the Swift demangler, we use dlsym to locate swift_demangle. However, dlsym malloc's storage and stores it in thread-local storage. Since allocations from the symbolizer are done with the system allocator (at least in TSan, interceptors are skipped when inside the symbolizer), we will crash when we try to deallocate later using the sanitizer allocator again.
To fix this, let's just not call dlsym from the demangler, and call it during initialization. The dlsym function calls malloc, so it needs to be only used after our allocator is initialized. Adding a Symbolizer::LateInitialize call that is only invoked after all other initializations.
Differential Revision: http://reviews.llvm.org/D20015
llvm-svn: 269291
We're using forkpty to spawn the atos symbolizer. In some cases, login_tty (part of forkpty) can fail due to security measures (sandboxing). In this case, we should exit with a status code instead of completely crashing the spawned process. Even processing a failed CHECK() is problematic here, because we're post-fork and pre-exec where a lot of things don't work (for multithreaded processes, for OS X GUI apps, etc.).
Differential Revision: http://reviews.llvm.org/D20048
llvm-svn: 269289
While debugging ASan and TSan, I sometimes get a recursion during a failed CHECK processing. CheckFailed can call a lot of code (printing, unwinding a stack trace, symbolicating, ...) and this can fail another CHECK. This means I sometimes see a crash due to a infinite recursion stack overflow. Let's stop after 10 failed CHECKs and just kill the process immediately. I also added a Sleep(2) call before the trap, so that other threads still get a chance to print their failed CHECKs.
Differential Revision: http://reviews.llvm.org/D20047
llvm-svn: 269288
ASan runtime library used libcorkscrew from Android platform for
stack unwinding. Since Android L, this is both unnecessary (the
libgcc unwinder has been fixed) and impossible (the library is not
there any more). Don't even try.
This should have not effect on modern Android devices other than
removing a message about failing to open the library with
ASAN_OPTIONS=verbosity=1.
llvm-svn: 269233
Adds *stat to the common interceptors.
Removes the now-duplicate *stat interceptor from msan/tsan/esan.
This adds *stat to asan, which previously did not intercept it.
Patch by Qin Zhao.
llvm-svn: 269223
Summary:
Adds shadow memory mapping support common to all tools to the new
Efficiencysanitizer ("esan") family of tools. This includes:
+ Shadow memory layout and mapping support for 64-bit Linux for any
power-of-2 scale-down (1x, 2x, 4x, 8x, 16x, etc.) that ensures that
shadow(shadow(address)) does not overlap shadow or application
memory.
+ Mmap interception to ensure the application does not map on top of
our shadow memory.
+ Init-time sanity checks for shadow regions.
+ A test of the mmap conflict mechanism.
Reviewers: aizatsky, filcab
Subscribers: filcab, kubabrecka, llvm-commits, vitalybuka, eugenis, kcc, zhaoqin
Differential Revision: http://reviews.llvm.org/D19921
llvm-svn: 269198
Another stack where we try to free sync objects,
but don't have a processors is:
// ResetRange
// __interceptor_munmap
// __deallocate_stack
// start_thread
// clone
Again, it is a latent bug that lead to memory leaks.
Also, increase amount of memory we scan in MetaMap::ResetRange.
Without that the test does not fail, as we fail to free
the sync objects on stack.
llvm-svn: 269041
Summary:
This patch adds support for building lib/builtins without a fully functioning toolchain. It allows you to bootstrap a cross-compiler, which previously couldn't be done with CMake.
This patch contains the following specific changes:
* Split builtin-specific code out of config-ix.cmake into builtin-config-ix.cmake
* Split some common CMake functionality needed by both builtins and sanitizers into base-config-ix.cmake
* Made lib/builtins/CMakeLists.txt able to be a top-level CMake configuration
I have tested this on Darwin targeting embedded Darwin, and on FreeBSD x86_64 targeting FreeBSD AArch64.
This patch depends on http://reviews.llvm.org/D19692, and is the last part of http://reviews.llvm.org/D16653.
Reviewers: samsonov, iains, jroelofs
Subscribers: compnerd, aemerson, tberghammer, danalbert, srhines, emaste, llvm-commits
Differential Revision: http://reviews.llvm.org/D19742
llvm-svn: 268977
This reverts commit r268840, as it breaks Thumb2 self-hosting. There is something
unstable in the profiling for Thumb2 that needs to be sorted out before we continue
implementing these changes to the profiler. See PR27667.
llvm-svn: 268864
Etienne Bergeron