This patch fixes the ptrace interceptor for aarch64. The PTRACE_GETREGSET
ptrace syscall with with invalid memory might zero the iovec::iov_base
field and then masking the subsequent check after the syscall (since it
will be 0 and it will not trigger an invalid access). The fix is to copy
the value on a local variable and use its value on the checks.
The patch also adds more coverage on the Linux/ptrace.cc testcase by addding
check for PTRACE_GETREGSET for both general and floating registers (aarch64
definitions added only).
llvm-svn: 251331
This patch enables the ptrace syscall interceptors for arm and adds support
for both PTRACE_GETVFPREGS and PTRACE_SETVFPREGS used to get the VFP register
from ARM.
The ptrace tests is also updated with arm and PTRACE_GETVFPREGS tests.
llvm-svn: 251321
Summary:
While instrumenting std::string with asan I discovered that speculative load might load data from poisoned region. Disabling all speculative loads for asan-annotated functions.
The test follows the std::string implementation.
Corresponding CL in llvm: http://reviews.llvm.org/D13264
Patch by Mike Aizatsky, the review page for the CL is http://reviews.llvm.org/D13265
Reviewers: aizatsky
Subscribers: kcc, llvm-commits
Differential Revision: http://reviews.llvm.org/D13905
llvm-svn: 250837
Old version of sem_init (GLIBC_2.0) fails to initialize parts of
sem_t that are used in sem_timedwait. This is fixed in GLIBC_2.1,
but since ASan interceptors downgrade sem_* to the oldest available
version, this can introduce bugs that are only present in sanitized
build. Workaround by zero-initializing sem_t in sem_init.
llvm-svn: 250113
This is an implementation of
https://github.com/google/sanitizers/issues/579
It has a number of advantages over the current mapping:
* Works for non-PIE executables.
* Does not require ASLR; as a consequence, debugging MSan programs in
gdb no longer requires "set disable-randomization off".
* Supports linux kernels >=4.1.2.
* The code is marginally faster and smaller.
This is an ABI break. We never really promised ABI stability, but
this patch includes a courtesy escape hatch: a compile-time macro
that reverts back to the old mapping layout.
llvm-svn: 249754
This fixes a crash in pthread_create on linux/i386 due to abi
incompatibility between intercepted and non-intercepted functions.
See the test case for more details.
llvm-svn: 248325
Currently aarch64 lacks instrumentation support for variadic arguments
for MSan. This patch sets the UBSan tests that uses it as to require
stable-runtime and sets aarch64/ubsan as an unstable one.
llvm-svn: 247996
This patch enabled msan for aarch64 with 39-bit VMA and 42-bit VMA.
As defined by lib/msan/msan.h the memory layout used is for 39-bit is:
00 0000 0000 - 40 0000 0000: invalid
40 0000 0000 - 43 0000 0000: shadow
43 0000 0000 - 46 0000 0000: origin
46 0000 0000 - 55 0000 0000: invalid
55 0000 0000 - 56 0000 0000: app (low)
56 0000 0000 - 70 0000 0000: invalid
70 0000 0000 - 80 0000 0000: app (high)
And for 42-bit VMA:
000 0000 0000 - 100 0000 0000: invalid
100 0000 0000 - 11b 0000 0000: shadow
11b 0000 0000 - 120 0000 0000: invalid
120 0000 0000 - 13b 0000 0000: origin
13b 0000 0000 - 2aa 0000 0000: invalid
2aa 0000 0000 - 2ab 0000 0000: app (low)
2ab 0000 0000 - 3f0 0000 0000: invalid
3f0 0000 0000 - 400 0000 0000: app (high)
Most of tests are passing with exception of:
* Linux/mallinfo.cc
* chained_origin_limits.cc
* dlerror.cc
* param_tls_limit.cc
* signal_stress_test.cc
* nonnull-arg.cpp
The 'Linux/mallinfo.cc' is due the fact AArch64 returns the sret in 'x8'
instead of default first argument 'x1'. So a function prototype that
aims to mimic (by using first argument as the return of function) won't
work. For GCC one can make a register alias (register var asm ("r8")), but
for clang it detects is an unused variable and generate wrong code.
The 'chained_origin_limits' is probably due a wrong code generation,
since it fails only when origin memory is used
(-fsanitize-memory-track-origins=2) and only in the returned code
(return buf[50]).
The 'signal_streess_test' and 'nonnull-arg' are due currently missing variadic
argument handling in memory sanitizer code instrumentation on LLVM side.
Both 'dlerror' and 'param_tls_test' are unknown failures that require
further investigation.
All the failures are XFAIL for aarch64 for now.
llvm-svn: 247809
test/msan/dtor-trivial.cpp. Runtime testing for poisoning
vtable pointer in dtor.
Summary: Runtime testing for vtable ptr poisoning in dtor.
Reviewers: eugenis, kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D12713
Clean test case & comments.
Update tests for vptr poisoning order.
Simplify test to rely upon globals.
Assertions verify that vtable still accessible from dtors.
Testing linear inheritance and multiple inheritance for vtable poisoning.
Macros for testing expected failing functions.
Rename macros.
Removed xfail, modified FileCheck commands, to expect test to crash.
llvm-svn: 247763
If the pointer passed to the getVtablePrefix function was read from a freed
object, we may end up following pointers into objects on the heap and
printing bogus dynamic type names in diagnostics. However, we know that
vtable pointers will generally only point into memory mapped from object
files, not objects on the heap.
This change causes us to only follow pointers in a vtable if the vtable
and one of the virtual functions it points to appear to have appropriate
permissions (i.e. non-writable, and maybe executable), which will generally
exclude heap pointers.
Only enabled for Linux; this hasn't been tested on FreeBSD, and vtables are
writable on Mac (PR24782) so this won't work there.
Differential Revision: http://reviews.llvm.org/D12790
llvm-svn: 247484
Instead, assume we're going to target triple specified by
COMPILER_RT_DEFAULT_TARGET_TRIPLE and build runtimes for this triple
(and hope that the host compiler can target them).
This will help users that use cross-compiler on their host to build
Clang that would work on a different architecture. This will also come in
handy if one would want to configure several compiler-rt build trees on
the same host, using just-built Clang that can target many
architectures.
This doesn't change the behavior in the default build configuration.
llvm-svn: 247099
Summary:
When destructor for a class is not declared, no destructor
is emitted, and members are not poisoned. Test case exhibits this
current bug in use-after-dtor implementation (detailed in
https://github.com/google/sanitizers/issues/596).
Reviewers: eugenis, kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D12617
Rename test files.
llvm-svn: 247091
On recent OS X systems, blocks used as callbacks for XPC events (set up e.g. via xpc_connection_set_event_handler) are not later executed via the public libdispatch API (dispatch_async, etc). Because we don't intercept the path where the block is executed, we can fail to register the newly created dispatch thread. To fix that, let's intercept libxpc's APIs that take a block as a callback handler, and let's wrap these blocks in the same way as we do for libdispatch API.
Differential Revision: http://reviews.llvm.org/D12490
llvm-svn: 246961
Tests need to be run either via asanwrapper or asanwrapper64
depending in the binary bitness. This matters when testing on an
aarch64 device.
llvm-svn: 246891
The failure is caused by the missing implementation of array cookie
poisoning in Clang for ARMCXXABI and has nothing to do with Android
(and the test passes on Android/x86).
llvm-svn: 246832
Summary: Verify that all members are poisoned.
Reviewers: eugenis, kcc
Differential Revision: http://reviews.llvm.org/D12023
Test virtual functions and virtual bases poisoning proper size.
Runtime testing of destroying diamond inheritance.
Explicit testing for 0 optimizations.
Simplify test to only test interesting values.
Test poisoning on multiple inheritance with nontrivial and trivial members.
Removed unnecessary header.
Testing (anonymous/)bit fields.
Revised object instantiation in test to avoid undefined behavior.
llvm-svn: 246817
Race deduplication code proved to be a performance bottleneck in the past if suppressions/annotations are used, or just some races left unaddressed. And we still get user complaints about this:
https://groups.google.com/forum/#!topic/thread-sanitizer/hB0WyiTI4e4
ReportRace already has several layers of caching for racy pcs/addresses to make deduplication faster. However, ReportRace still takes a global mutex (ThreadRegistry and ReportMutex) during deduplication and also calls mmap/munmap (which take process-wide semaphore in kernel), this makes deduplication non-scalable.
This patch moves race deduplication outside of global mutexes and also removes all mmap/munmap calls.
As the result, race_stress.cc with 100 threads and 10000 iterations become 30x faster:
before:
real 0m21.673s
user 0m5.932s
sys 0m34.885s
after:
real 0m0.720s
user 0m23.646s
sys 0m1.254s
http://reviews.llvm.org/D12554
llvm-svn: 246758
According to `man freopen`, passing NULL instead of a filename is valid, however the current implementation of the interceptor assumes this parameter is non-NULL. Let's fix that and add a test case.
Differential Revision: http://reviews.llvm.org/D11389
llvm-svn: 246435
This patch adds support for tsan on aarch64-linux with 42-bit VMA
(current default config for 64K pagesize kernels). The support is
enabled by defining the SANITIZER_AARCH64_VMA to 42 at build time
for both clang/llvm and compiler-rt. The default VMA is 39 bits.
It also enabled tsan for previous supported VMA (39).
llvm-svn: 246330
Summary:
Teach all sanitizers to call abort() instead of _exit() after printing
an error report, if requested. This behavior is the default on Mac OS.
Reviewers: kcc, kubabrecka
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D12332
llvm-svn: 246205
This follows the approach we use in ASan and UBSan lit tests to setup
tool options in a portable way, and to provide a nice way to specify
testsuite-wide defaults.
llvm-svn: 246058
Introduce %env_ubsan_opts= substitution instead of specifying
UBSAN_OPTIONS manually in the RUN-lines. This will come in handy
once we introduce some default UBSAN_OPTIONS for the whole testsuite
(for instance, make abort_on_error common option).
llvm-svn: 245967
Summary:
There are a number of issues with unit tests on Darwin. These patches address the following:
* Unit tests should be passed -arch (-m32/-m64 isn't sufficient)
* Unit tests should be passed ${DARWIN_osx_CFLAGS} because they're being built for OS X
* Test architectures should be filtered based on base system capabilities (i.e. don't try running x86_64h tests on pre-haswell hardware).
Reviewers: bogner, filcab, kubabrecka
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D12174
llvm-svn: 245580
Summary:
Currently CMake doesn't build builtins for AArch64 and if one does this anyway
it's likely that at least `__multc3`, `__floatditf` and `__floatunditf` will be
missing. There is actually more builtins to add, but these come from
different libc implementations, thus providing them makes compiler-rt for
AArch64 good enough at least for basic usage.
Builtins implementation were originally taken from FreeBSD project:
* [[ https://reviews.freebsd.org/D2173 | __multc3 ]]
* [[ https://reviews.freebsd.org/D2174 | __floatditf and __floatunditf ]]
Until they have been tested to find mistakes in `__float*` functions.
`__floatditf` was based on `__floatsitf`, which had the same mistakes
(fixed it in r243746).
Version of the builtins in this patch are fixed and complemented with basic
tests. Additionally they were tested via GCC's torture (this is what revealed
these issues).
P.S. Ed (author of FreeBSD patches) asked for feedback on the list some time ago (here [[ http://lists.cs.uiuc.edu/pipermail/llvmdev/2015-March/084064.html | here ]])
and got no response, but it seems to be worth adding these builtins as is and
extracting common part later.
Reviewers: howard.hinnant, t.p.northover, jmolloy, enefaim, rengolin, zatrazz
Subscribers: asl, emaste, samsonov, aemerson, llvm-commits, rengolin
Differential Revision: http://reviews.llvm.org/D11679
llvm-svn: 245296
This reverts commit r245263, and the change wasn't catched by UBsan.
It also reverts: "[ARM] Also disable stable-runtime check on UBsan,
to use generic one" (r245287), as it didn't fix the UBsan builds.
We need to investigate what's going on before continuing, since this
is breaking all ARM RT buildbots for a while.
llvm-svn: 245292
Summary:
This involved various fixes:
- Move a test that uses ulimit to Posix.
- Add a few "REQUIRES: shell" lines to tests using backtick subshell
evaluation.
- The MSVC CRT buffers stdio if the output is a pipe by default. Some
tests need that disabled to avoid interleaving test stdio with asan
output.
- MSVC headers provide _alloca instead of alloca (go figure), so add a
portability macro to the two alloca tests.
- XFAIL tests that rely on accurate symbols, we need to pass more flags
to make that work.
- MSVC's printf implementation of %p uses upper case letters and doesn't
add 0x, so do that manually.
- Accept "SEGV" or "access-violation" reports in crash tests.
Reviewers: samsonov
Subscribers: tberghammer, danalbert, llvm-commits, srhines
Differential Revision: http://reviews.llvm.org/D12019
llvm-svn: 245073
Summary: Fixed test in response to buildbot failures from last night.
Reviewers: eugenis, kcc
Differential Revision: http://reviews.llvm.org/D12018
llvm-svn: 244952
Summary:
The lit internal shell is used by default on Windows, and it does not
support bash variable expansion. Because bash variable expansion
interacts with tokenization, it is prohibitively difficult to make the
existing lit shell do general shell variable expansion.
The most common use of shell variables in the asan tests is to add
options to the default set of options set by lit.cfg. We can avoid the
need for variable expansion with a substitution that expands to 'env
ASAN_OPTIONS=<defaults:>'.
This has the side benefit of shortening the RUN lines, so it seemed
better than implementing limited variable expansion in lit.
Reviewers: samsonov, filcab
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D11982
llvm-svn: 244839
Summary:
This is consistent with LLVM and Clang. The lit shell isn't a complete
bash implementation, but its behavior is more easily reproducible. This
fixes some ubsan test failures.
One ubsan test requires a shell currently, so I added "REQUIRES: shell",
and the other doesn't work on Windows because it prints a stack trace
and uses a linker that doesn't support DWARF. We can fix it eventually
through other means.
Reviewers: samsonov, pcc
Subscribers: yaron.keren, filcab, llvm-commits
Differential Revision: http://reviews.llvm.org/D11960
llvm-svn: 244837
Summary: Fixed test in response to buildbot failures from last night.
Reviewers: eugenis, kcc
Differential Revision: http://reviews.llvm.org/D11992
llvm-svn: 244818
Summary: New implementation for dtor sanitizer callback poisons only class members, and emits poisoning callback before base dtor invoked.
Reviewers: eugenis, kcc
Differential Revision: http://reviews.llvm.org/D11952
Explicit dtor invocation
llvm-svn: 244709
Summary:
llvm-symbolizer understands both PDBs and DWARF, so it's a better bet if
it's available. It prints out the function parameter types and column
numbers, so I needed to churn the expected test output a bit.
This makes most of the llvm-symbolizer subprocessing code
target-independent. Pipes on all platforms use fd_t, and we can use the
portable ReadFromFile / WriteToFile wrappers in symbolizer_sanitizer.cc.
Only the pipe creation and process spawning is Windows-specific.
Please check that the libcdep layering is still correct. I don't know
how to reproduce the build configuration that relies on that.
Reviewers: samsonov
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D11791
llvm-svn: 244616
Summary:
Compiler-rt part of http://reviews.llvm.org/D11757
I ended up making UBSan work with both the old version and the new
version of the float_cast_overflow data (instead of just erroring with
the previous version). The old version will try to symbolize its caller.
Now we compile the float_cast_overflow tests without -g, and make sure
we have the source file+line+column.
If you think I'm trying too hard to make sure we can still use both
versions, let me know.
Reviewers: samsonov, rsmith
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D11793
llvm-svn: 244567
We will use this for ASan on Windows soon. When the ELF port of LLD
matures, we can add other sanitizer integration tests to make sure they
work with LLD.
llvm-svn: 244549
Summary:
A virtual base class and derived class should only poison their
respective members upon destruction. In particular, trivial members should
be poisoned directly, non-trivial members should be poisoned by their
respective destructors, and references to non-trivial members should be
poisoned.
Reviewers: eugenis, kcc
Differential Revision: http://reviews.llvm.org/D11912
Test case avoids casting to access members
Run configurations to reflect expected runtime failure on assertions.
Simplified access to internal members.
Updated internal member structure of base.
Revised assert in main to verify successful poisoning after dtor.
Verify address of pointer is poisoned.
Fixed assert err.
Cleaned up test by removing extraneous prints, asserts.
llvm-svn: 244521
Adhemerval Zanella