Add close_fd_mask functionality to AFL driver.
Summary:
Add support for env var AFL_DRIVER_CLOSE_FD_MASK which behaves
the same as libFuzzer's -close_fd_mask=1.
Also add tests.
Reviewers: kcc, vitalybuka, morehouse
Reviewed By: morehouse
Subscribers: #sanitizers, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D60334
llvm-svn: 358703
Summary:
This change adds a simple plugin architecture to `asan_symbolize.py`.
The motivation here is that sometimes it's necessary to perform extra
work to figure out where binaries with debug symbols can actually be
found. For example it might be the case that a remote service needs
to be queried for binaries and then copied to the local system.
This "extra work" can be extremely site-specific such that adding the
code directly into the `asan_symbolize.py` would just clutter the code
for a very niche use case. To avoid this, the `asan_symbolize.py` can
now load external code via a new `--plugins` command line option.
These plugins are loaded before main command line argument parsing so
that they can add their own command line options.
Right now the only hook into the behaviour of symbolization is the
`filter_binary_path()` function which assumes a very similar role
to the `binary_name_filter` function that was previously in the code.
We can add more hooks as necessary.
Code in the `asan_symbolize.py` script does not call plugin code
directly. Instead it uses a `AsanSymbolizerPlugInProxy` object.
This object
* Loads plugins from files.
* Manages the lifetime of the plugins.
* Provides an interface for calling into plugin functions and handles
calling into multiple plugins.
To unify the way binary paths are filtered the old `sysroot_path_filter`
function (and associated code) has been turned into a simple plugin
(`SysRootFilterPlugIn`) that is always loaded. The plugin unloads
itself if the `-s` option is not present on the command line. Users
should not see any functional change relating to this command line
option.
Some simple tests are provided to illustrate what plugin code looks
like and also to check the functionality continues to work.
rdar://problem/49476995
Reviewers: kubamracek, yln, samsonov, dvyukov, vitalybuka
Subscribers: srhines, #sanitizers, llvm-commits
Tags: #llvm, #sanitizers
Differential Revision: https://reviews.llvm.org/D60529
llvm-svn: 358657
Summary:
Apparently, it makes a difference on where a block lives depending on if
it's passed "inline" versus assigned and then passed via a variable.
Both tests in this commit now give a signal, if `Block_copy` is used in
`dispatch_sync`.
Since these tests use different mechanisms (Objective-C retain versus
C++ copy constructor) as proxies to observe if the block was copied, we
should keep both of them.
Commit, that first avoided the unnecessary copy:
faef7d034a
Subscribers: kubamracek, #sanitizers, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D60639
llvm-svn: 358469
Summary:
1. Do not create DFSan labels for the bytes which we do not trace. This is where we run out of labels at the first place.
2. When dumping the traces on the disk, make sure to offset the label identifiers by the number of the first byte in the trace range.
3. For the last label, make sure to write it at the last position of the trace bit string, as that label represents the input size, not any particular byte.
Also fixed the bug with division in python which I've introduced when migrated the scripts to Python3 (`//` is required for integral division).
Otherwise, the scripts are wasting too much time unsuccessfully trying to
collect and process traces from the long inputs. For more context, see
https://github.com/google/oss-fuzz/issues/1632#issuecomment-481761789
Reviewers: kcc
Reviewed By: kcc
Subscribers: delcypher, #sanitizers, llvm-commits
Tags: #llvm, #sanitizers
Differential Revision: https://reviews.llvm.org/D60538
llvm-svn: 358311
After this change, most tests don't have a dependency on Foundation.
Note: To hold the file name `tempnam` allocates a new buffer. We leak
this buffer (omit the free), but I don't think we need to care.
Reviewed By: kubamracek
Differential Revision: https://reviews.llvm.org/D60591
llvm-svn: 358308
In a previous commit, I re-enabled the ported variants of these 2 tests:
tsan/Darwin/gcd-data.mm -> tsan/libdispatch/data.c
tsan/Darwin/gcd-source-serial.mm -> tsan/libdispatch/source-serial.c
So now we can delete the Darwin-only version.
llvm-svn: 358235
I re-activated "broad strokes suppressions"
(ignore_noninstrumented_modules=1) in my last commit. Re-enable tests
that only fail on our bots to check if they work now.
llvm-svn: 358209
Change test semantics by waiting for both timer callbacks at the end
instead of serializing operations: start/wait timer 1 then 2.
Reviewed By: kubamracek
Differential Revision: https://reviews.llvm.org/D60476
llvm-svn: 358204
Remove the dependency on Foundation so we can start running those tests
on other platforms. Rename/move of tests will be done in a separate
commit.
Reviewed By: kubamracek, dvyukov
Differential Revision: https://reviews.llvm.org/D60347
llvm-svn: 358023
It's been on in Android for a while without causing problems, so it's time
to make it the default and remove the flag.
Differential Revision: https://reviews.llvm.org/D60355
llvm-svn: 357960
Summary:
The previous logging infrastructure had several problems:
* Debugging output was emitted to standard output which is also where
the symbolized output would go. Interleaving these two separate
bits of information makes inspecting the output difficult and could
potentially break tests.
* Enabling debugging output requires modifying the script which is
not very conveninent.
* When debugging it isn't immediately obvious where the output is
coming from.
This patch uses the Python standard library logging infrastructure
which fixes all of the above problems. Logging is controlled using
two new options.
* `--log-level` - Sets the logging level, default is
`info`.
* `--log-dest` - Set the logging destination, default
is standard error.
Some simple test cases for the feature are included.
rdar://problem/49476995
Reviewers: kubamracek, yln, samsonov, dvyukov, vitalybuka
Subscribers: #sanitizers, llvm-commits
Tags: #llvm, #sanitizers
Differential Revision: https://reviews.llvm.org/D60343
llvm-svn: 357951
wcrtomb is not intercepted on windows, so this test fails there. It's
not clear to me why we do not intercept this function there (I'll look
into that separately), but for now this should at least make the windows
sanitizer bot green again (broken by r357889, when I added this test).
I also add "UNSUPPORTED: android" as this function is also not
intercepted there.
llvm-svn: 357892
Summary:
r357240 added an interceptor for wctomb, which uses a temporary local
buffer to make sure we don't write to unallocated memory. This patch
applies the same technique to wcrtomb, and adds some additional tests
for this function.
Reviewers: vitalybuka, eugenis
Subscribers: kubamracek, delcypher, llvm-commits, #sanitizers
Tags: #llvm, #sanitizers
Differential Revision: https://reviews.llvm.org/D59984
llvm-svn: 357889
Summary:
When using libfuzzer on Windows, in the contents of a crash sample, bytes that can be mistaken for a \n are replaced by a \r\n sequence. As a consequence, crashes are not reproducible. This patch will open files in binary mode to fix this issue. The patch does not affect POSIX systems.
Patch by tuktuk
Reviewers: kcc, vitalybuka
Reviewed By: vitalybuka
Subscribers: dexonsmith, jdoerfert, llvm-commits, #sanitizers
Tags: #llvm, #sanitizers
Differential Revision: https://reviews.llvm.org/D60008
llvm-svn: 357807
`--implicit-check-not='ThreadSanitizer'` checks in the entire output
while `// CHECK-NOT: ThreadSanitizer` only checks after (before) the
previous (next) match.
llvm-svn: 357727
Specify libdispatch header dir (include path) for lit tests. This is the
last missing piece in order to run the libdispatch tests on Linux even
when libdispatch is installed in a custom path instead of a default
(system) location.
llvm-svn: 357707
Patch from 'troyj':
Hi, I ran into a problem with this test when the source was located in
certain directories. The mkdir(2) man page states that the set-group-ID
bit is inherited from the parent directory, but this test was written in
such a way that it assumes the bit is unset. Whether that assumption is
true depends on where the checkout lives, which leads to some people
being able to reproduce the problem whereas others cannot. I think the
correct fix is to exclude the bit from the check.
Making probinson a reviewer since they reviewed the original test.
Patch landed for troyj, thanks!
Differential Revision: D53832
llvm-svn: 357449
Summary:
This is required to avoid msan false positives for code using this
function (although generally one should avoid using this function in
favor of wcrtomb).
Reviewers: eugenis, EricWF, vitalybuka
Subscribers: srhines, kubamracek, fedor.sergeev, delcypher, llvm-commits, #sanitizers
Tags: #llvm, #sanitizers
Differential Revision: https://reviews.llvm.org/D59548
llvm-svn: 357240
Implement rounding mode support for addxf3/subxf3.
On architectures that implemented the support, this will access the
corresponding floating point environment register to apply the
correct rounding. For other architectures, it will keep the current
behaviour and use IEEE-754 default rounding mode (to nearest, ties
to even).
ARM32/AArch64 support implemented in this change. i386 and AMD64
will be added in a follow up change.
Differential Revision: https://reviews.llvm.org/D57143
llvm-svn: 357035
Summary:
To make this test pass it was necesary to change `iossim_run.py` to
propagate the `ASAN_ACTIVATION_OPTIONS` environment variable into the
testing environment.
rdar://problem/49114807
Reviewers: kubamracek, yln, serge-sans-paille
Subscribers: #sanitizers, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D59660
llvm-svn: 356701
We were treating certain edge cases that are actually normal as denormal
results, and flushing them to zero; we shouldn't do that. Not sure this
is the cleanest way to implement this edge case, but I wanted to avoid
adding any code on the common path.
Differential Revision: https://reviews.llvm.org/D59070
llvm-svn: 356529
* Array index out of bounds: 100 iterations, but size of array is 2.
* Unmatched barrier_init (2) with barrier_wait (200)
* Number of iterations must be smaller than the available parallelism
for the queue, otherwise we deadlock (since every barrier_wait call
blocks the thread).
Scary: All of this worked reliably in gcd-apply.mm (for Darwin)
Rievewed By: kubamracek
Differential Revision: https://reviews.llvm.org/D59510
llvm-svn: 356418
When COMPILER_RT_INTERCEPT_LIBDISPATCH is ON the TSan runtime library
now has a dependency on the blocks runtime and libdispatch. Make sure we
set all the required linking options.
Also add cmake options for specifying additional library paths to
instruct the linker where to search for libdispatch and the blocks
runtime. This allows us to build TSan runtime with libdispatch support
without installing those libraries into default linker library paths.
`CMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY` is necessary to avoid
aborting the build due to failing the link step in CMake's
check_c_compiler test.
Reviewed By: dvyukov, kubamracek
Differential Revision: https://reviews.llvm.org/D59334
llvm-svn: 356281
Remove 'gcd' file prefix. GCD stands for Grand Central Dispatch, which
is another name for libdispatch.
https://apple.github.io/swift-corelibs-libdispatch/
Remove `REQUIRE: dispatch` from tests.
Also rename lit feature 'dispatch' -> 'libdispatch' to be more explicit
what this is about.
Reviewed By: kubamracek
Differential Revision: https://reviews.llvm.org/D59341
llvm-svn: 356202
It hasn't seen active development in years, and it hasn't reached a
state where it was useful.
Remove the code until someone is interested in working on it again.
Differential Revision: https://reviews.llvm.org/D59133
llvm-svn: 355862
Summary:
This change change the instrumentation to allow users to view the registers at the point at which tag mismatch occured. Most of the heavy lifting is done in the runtime library, where we save the registers to the stack and emit unwind information. This allows us to reduce the overhead, as very little additional work needs to be done in each __hwasan_check instance.
In this implementation, the fast path of __hwasan_check is unmodified. There are an additional 4 instructions (16B) emitted in the slow path in every __hwasan_check instance. This may increase binary size somewhat, but as most of the work is done in the runtime library, it's manageable.
The failure trace now contains a list of registers at the point of which the failure occured, in a format similar to that of Android's tombstones. It currently has the following format:
Registers where the failure occurred (pc 0x0055555561b4):
x0 0000000000000014 x1 0000007ffffff6c0 x2 1100007ffffff6d0 x3 12000056ffffe025
x4 0000007fff800000 x5 0000000000000014 x6 0000007fff800000 x7 0000000000000001
x8 12000056ffffe020 x9 0200007700000000 x10 0200007700000000 x11 0000000000000000
x12 0000007fffffdde0 x13 0000000000000000 x14 02b65b01f7a97490 x15 0000000000000000
x16 0000007fb77376b8 x17 0000000000000012 x18 0000007fb7ed6000 x19 0000005555556078
x20 0000007ffffff768 x21 0000007ffffff778 x22 0000000000000001 x23 0000000000000000
x24 0000000000000000 x25 0000000000000000 x26 0000000000000000 x27 0000000000000000
x28 0000000000000000 x29 0000007ffffff6f0 x30 00000055555561b4
... and prints after the dump of memory tags around the buggy address.
Every register is saved exactly as it was at the point where the tag mismatch occurs, with the exception of x16/x17. These registers are used in the tag mismatch calculation as scratch registers during __hwasan_check, and cannot be saved without affecting the fast path. As these registers are designated as scratch registers for linking, there should be no important information in them that could aid in debugging.
Reviewers: pcc, eugenis
Reviewed By: pcc, eugenis
Subscribers: srhines, kubamracek, mgorny, javed.absar, krytarowski, kristof.beyls, hiraditya, jdoerfert, llvm-commits, #sanitizers
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D58857
llvm-svn: 355738
r355343 was landed and was reverted in r355363 due to build breakage.
This patch adds Linux/Windows support on top of r355343.
In this patch, Darwin should be working with testing case. Linux should be working,
I will enable the testing case in a follwup diff. Windows/Other should be building.
Correct implementation for Other platforms will be added.
Thanks David for reviewing the original diff, helping me with issues on Linux, and
giving suggestions for adding support for Other platforms.
llvm-svn: 355701
Summary:
ShadowCallStack on x86_64 suffered from the same racy security issues as
Return Flow Guard and had performance overhead as high as 13% depending
on the benchmark. x86_64 ShadowCallStack was always an experimental
feature and never shipped a runtime required to support it, as such
there are no expected downstream users.
Reviewers: pcc
Reviewed By: pcc
Subscribers: mgorny, javed.absar, hiraditya, jdoerfert, cfe-commits, #sanitizers, llvm-commits
Tags: #clang, #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D59034
llvm-svn: 355624
Add new sets of tests (copy instead of move existing tests) because
there could be subtle differences between C/Obj-C and with/without
Foundation etc.
Reviewed By: dvyukov
Differential Revision: https://reviews.llvm.org/D59047
llvm-svn: 355618
Summary:
The current install-clang-headers target installs clang's resource
directory headers. This is different from the install-llvm-headers
target, which installs LLVM's API headers. We want to introduce the
corresponding target to clang, and the natural name for that new target
would be install-clang-headers. Rename the existing target to
install-clang-resource-headers to free up the install-clang-headers name
for the new target, following the discussion on cfe-dev [1].
I didn't find any bots on zorg referencing install-clang-headers. I'll
send out another PSA to cfe-dev to accompany this rename.
[1] http://lists.llvm.org/pipermail/cfe-dev/2019-February/061365.html
Reviewers: beanz, phosek, tstellar, rnk, dim, serge-sans-paille
Subscribers: mgorny, javed.absar, jdoerfert, #sanitizers, openmp-commits, lldb-commits, cfe-commits, llvm-commits
Tags: #clang, #sanitizers, #lldb, #openmp, #llvm
Differential Revision: https://reviews.llvm.org/D58791
llvm-svn: 355340
GetStackTrace is a implementation detail of BufferedStackTrace. Make it
a private method.
Reviewed By: vitalybuka
Differential-Revision: https://reviews.llvm.org/D58753
llvm-svn: 355232
Summary:
I hadn't realized that instrumentation runs before inlining, so we can't
use the function as the comdat group. Doing so can create relocations
against discarded sections when references to discarded __profc_
variables are inlined into functions outside the function's comdat
group.
In the future, perhaps we should consider standardizing the comdat group
names that ELF and COFF use. It will save object file size, since
__profv_$sym won't appear in the symbol table again.
Reviewers: xur, vsk
Subscribers: eraman, hiraditya, cfe-commits, #sanitizers, llvm-commits
Tags: #clang, #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D58737
llvm-svn: 355044
Summary:
Port libFuzzer's fork mode to Windows.
Implement Windows versions of MkDir, RmDir, and IterateDirRecursive to do this.
Don't print error messages under new normal uses of FileSize (on a non-existent file).
Implement portable way of piping output to /dev/null.
Fix test for Windows and comment fork-sigusr.test on why it won't be ported to Win.
Reviewers: zturner
Reviewed By: zturner
Subscribers: kcc, zturner, jdoerfert, #sanitizers, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D58513
llvm-svn: 355019
Underlying condition for throttling is "has large mmap'd regions" (i.e.,
shadow memory) and not sanitizers in general (e.g., UBSan does not need
to be throttled).
Rename parallelism group `darwin-64bit-sanitizer` to `shadow-memory` and
apply it unconditionally to all tests which require it. We can then have
all the Darwin throttling logic in one place in the commen lit config.
Throttle sanitizer_common unit tests. Configuration was previously
missing from sanitizer_common/Unit/lit.site.cfg.
Reviewed by: kubamracek
Differential Revision: https://reviews.llvm.org/D58677
llvm-svn: 355018
Summary:
The current error message can cause confusion if llvm-config can't be
executed for reasons other than "not found". In my example, cross
compiling generated an llvm-config binary for aarch64 which couldn't be
executed natively. Instead of telling me that the error was with the
file architecture, it reports the file as not being present.
Reviewers: pcc
Subscribers: dberris, javed.absar, kristof.beyls, jdoerfert, #sanitizers, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D58647
llvm-svn: 354907
/Users/buildslave/jenkins/workspace/clang-stage1-configure-RA/llvm/projects/compiler-rt/test/asan/TestCases/Posix/bcmp_test.cc:14:12: error: CHECK: expected string not found in input
// CHECK: {{#1.*bcmp}}
^
<stdin>:2:57: note: scanning from here
==34677==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffee93777c4 at pc 0x0001068a7285 bp 0x7ffee9377770 sp 0x7ffee9376ef8
^
<stdin>:6:20: note: possible intended match here
#2 0x106888e77 in main bcmp_test.cc:12
^
llvm-svn: 354888
Summary:
I have not introduced a separate hook for `bcmp()` as I don't think there
should be any reason for a sanitizer to treat it differently from `memcmp()`.
This is only enabled when building on POSIX with GNU extensions.
Context: this is to avoid losing coverage when emitting `bcmp() == 0` instead
of `memcmp() == 0` in llvm, see https://reviews.llvm.org/D56593.
Reviewers: mgorny, krytarowski, vitalybuka, dvyukov
Subscribers: kubamracek, dberris, delcypher, jdoerfert, #sanitizers, llvm-commits, jyknight
Tags: #llvm, #sanitizers
Differential Revision: https://reviews.llvm.org/D58379
llvm-svn: 354851
Summary:
The llvm-cov tool needs to be able to find coverage names in the
executable, so the .lprfn and .lcovmap sections cannot be merged into
.rdata.
Also, the linker merges .lprfn$M into .lprfn, so llvm-cov needs to
handle that when looking up sections. It has to support running on both
relocatable object files and linked PE files.
Lastly, when loading .lprfn from a PE file, llvm-cov needs to skip the
leading zero byte added by the profile runtime.
Reviewers: vsk
Subscribers: hiraditya, #sanitizers, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D58661
llvm-svn: 354840
Summary:
ASan and Scudo tests are adding "-android" to test arch.
There are no tests that depend on it as far as I can see.
If necessary, do this instead:
REQUIRES: aarch64-target-arch && android
Reviewers: pcc, vitalybuka
Subscribers: srhines, kubamracek, mgorny, javed.absar, kristof.beyls, cryptoad, #sanitizers, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D58532
llvm-svn: 354829
__asan_handle_vfork was unpoisoning the wrong part of the stack.
Adjust the test to catch this reliably (current failure is
non-deterministic).
llvm-svn: 354627
Summary:
The goal of the test to check that msan does not crash when code is racy on __cxa_atexit. Original crash was caused by race condition in the glibc. With
the msan patch the msan does not crashes however the race is still there and the test triggers it.
Because the test relies on triggering of undefined behavior results are not
very predictable and it may occasionally crashes or hangs.
I don't see how to reasonably improve the test, so I remove it.
Reviewers: eugenis, peter.smith
Subscribers: jfb, jdoerfert, #sanitizers, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D58396
llvm-svn: 354377
In compiler-rt we have the notion of a `fast` and a `slow` stack
unwinder. Darwin currently only supports the fast unwinder.
From reading the code, my understanding is that
`BufferedStackTrace::Unwind` can be called with `bp=0, stack_top=0,
stack_bottom=0, request_fast_unwind=false`. If
`request_fast_unwind=true`, then we alos need to supply bp, stack_top,
and stack_bottom.
However, `BufferedStackTrace::Unwind` uses
`StackTrace::WillUseFastUnwind` which will adapt `request_fast_unwind`
if the requested unwinder is not supported. On Darwin, the result is
that we don't pass actual values for bp, stack_top, and stack_bottom,
but end up using the fast unwinder. The tests then fail because we only
print the topmost stack frame.
This patch adds a check to `WillUseFastUnwind` at the point of usage to
avoid the mismatch between `request_fast_unwind` and what `Unwind`
actually does. I am also interested in cleaning up the
`request_fast_unwind` machinery so this patch just the simplest thing
possible so I can enable the tests.
Reviewers: vitalybuka, vsk
Differential Revision: https://reviews.llvm.org/D58156
llvm-svn: 354282
According to the logs and local debugging there were two issues:
1) tsan tests listed libc++.a before the source file. That's usually
ok for shared libraries, but the linker will not add symbols from
a static library unless needed at that time. As a result the tests
that rely upon symbols from the library (and not only include the
headers) had undefined references.
To solve this I'm adding a new substitution %link_libcxx_tsan which
expands to libc++.a if available.
2) The target Fuzzer-x86_64-Test linked in SANITIZER_TEST_CXX_LIBRARIES
which defaults to -lstdc++. This resulted in error messages like
hidden symbol '_ZdlPv' is not defined locally
hidden symbol '_Znwm' is not defined locally
when using GNU gold (ld.bfd and lld are fine). Removing the linkage
is fine because we build a custom libc++ for that purpose.
llvm-svn: 354231
This changes add_custom_libcxx to also build libcxxabi and merges
the two into a static and hermetic library.
There are multiple advantages:
1) The resulting libFuzzer doesn't expose C++ internals and looks
like a plain C library.
2) We don't have to manually link in libstdc++ to provide cxxabi.
3) The sanitizer tests cannot interfere with an installed version
of libc++.so in LD_LIBRARY_PATH.
Differential Revision: https://reviews.llvm.org/D58013
llvm-svn: 354212
Serial execution on iOS devices is not specific to sanitizers. We want
to throttle all on-device tests. Pull the setting of the
parallelism_group up into the common lit configuration file.
Rename `darwin-ios-device-sanitizer` to `ios-device`. This group is not
specific to sanitizers and (theoretically) independent from the host OS.
Note that we don't support running unit tests on-device (there are no
configurations generated for that). If that ever changes, we also need
this configuration in `unittests/lit.common.unit.cfg`.
Reviewers: delcypher
Differential Revision: https://reviews.llvm.org/D58209
llvm-svn: 354179
Summary:
When symbols are unavailable, the current code prints
sp: ... pc: ... (null) (null)
instead of module name + offset.
Change the output to include module name and offset, and also to match
the regular sanitizer stack trace format so that it is recognized by
symbolize.py out of the box.
Reviewers: kcc, pcc
Subscribers: kubamracek, jdoerfert, llvm-commits
Tags: #llvm
Differential Revision: https://reviews.llvm.org/D58267
llvm-svn: 354157
Summary:
With tag_in_free=1, malloc() can not assume that the memory is untagged,
and needs to retag is to 0.
Reviewers: pcc, kcc
Subscribers: kubamracek, jfb, jdoerfert, llvm-commits
Tags: #llvm
Differential Revision: https://reviews.llvm.org/D58158
llvm-svn: 354155
Summary:
The changes in https://reviews.llvm.org/D44847 cause load time failure
due to lprofMergeValueProfData in Android libs enabled with profile generation:
"dlopen failed: cannot locate symbol "lprofMergeValueProfData" referenced by..."
Marking lprofMergeValueProfData as hidden so the correct in-module definition
is picked by the linker.
Reviewers: davidxl
Reviewed By: davidxl
Subscribers: efriedma, xur, davidxl, llvm-commits
Differential Revision: https://reviews.llvm.org/D55893
llvm-svn: 354064
Summary:
Pre 2.27 libc can run same atexit handler twice
We will keep MSanAtExitRecord and reset fun to mark it as executed.
Fix PR40162
Reviewers: eugenis
Subscribers: jfb, jdoerfert, #sanitizers, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D58221
llvm-svn: 354005
This patch adds functions for managing fibers:
__tsan_get_current_fiber()
__tsan_create_fiber()
__tsan_destroy_fiber()
__tsan_switch_to_fiber()
__tsan_set_fiber_name()
See the added tests for use examples.
Author: yuri (Yuri Per)
Reviewed in: https://reviews.llvm.org/D54889
[The previous commit of this change was reverted,
this is a resubmit with a squashed fix for check_analyze.sh
and COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED]
llvm-svn: 353947
This patch adds functions for managing fibers:
__tsan_get_current_fiber()
__tsan_create_fiber()
__tsan_destroy_fiber()
__tsan_switch_to_fiber()
__tsan_set_fiber_name()
See the added tests for use examples.
Author: yuri (Yuri Per)
Reviewed in: https://reviews.llvm.org/D54889
llvm-svn: 353817
Summary:
This test instruments the following code with coverage, runs the fuzzer
once, and asserts that there are uncovered PCs. The ARM64 backend
optimizes this code using the `csel` (Conditional select) instruction,
which removes all branching from the resulting machine code. The test
then fails because we do not have any uncovered PCs. The easiest
solution for now is to turn off optimization for the DSOs used in this
test.
```
int DSO1(int a) {
if (a < 123456)
return 0;
return 1;
}
```
rdar://47646400
Reviewers: kcc
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D58087
llvm-svn: 353780
Summary:
The motivating use case is eliminating duplicate profile data registered
for the same inline function in two object files. Before this change,
users would observe multiple symbol definition errors with VC link, but
links with LLD would succeed.
Users (Mozilla) have reported that PGO works well with clang-cl and LLD,
but when using LLD without this static registration, we would get into a
"relocation against a discarded section" situation. I'm not sure what
happens in that situation, but I suspect that duplicate, unused profile
information was retained. If so, this change will reduce the size of
such binaries with LLD.
Now, Windows uses static registration and is in line with all the other
platforms.
Reviewers: davidxl, wmi, inglorion, void, calixte
Subscribers: mgorny, krytarowski, eraman, fedor.sergeev, hiraditya, #sanitizers, dmajor, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D57929
llvm-svn: 353547
Summary:
Before this change, check-profile would run, but all tests would be
marked unsupported on Windows. This is the new status of 'check-profile'
after this change:
Testing Time: 6.66s
Expected Passes : 29
Expected Failures : 5
Unsupported Tests : 39
I moved many tests that exercise posix-y features like dlopen and DSOs
into the Posix subdirectory, and ran the tests on Linux to validate my
changes.
These are the remaining tests that I handled on a case by case basis:
- instrprof-path.c
Passes, Fixed some path portability issues
- instrprof-gcov-exceptions.test
Passes, the FileCheck actually succeeds on Windows, so I RUNX'd it
- instrprof-icall-promo.test
XFAILed, probably due to C++ ABI differences in vtables
- instrprof-merge-match.test
- instrprof-merge.c
- instrprof-merging.cpp
XFAILed, These seem like real bugs that need fixing
- instrprof-version-mismatch.c
XFAILed, Overriding the weak version symbol doesn't work
- instrprof-without-libc.c
UNSUPPORTED, test needs an executable symbol table, Windows has none
Reviewers: davidxl, wmi, void
Subscribers: fedor.sergeev, #sanitizers, llvm-commits
Tags: #sanitizers
Differential Revision: https://reviews.llvm.org/D57853
llvm-svn: 353435
Summary:
Buffer should be referenced by results so used parts will be unpoisoned with unpoison_group and unpoison_passwd.
This fixes TSAN performance issue made us to disable this interceptors.
Reviewers: eugenis, dvyukov
Subscribers: srhines, kubamracek, krytarowski, #sanitizers
Tags: #sanitizers
Differential Revision: https://reviews.llvm.org/D57731
llvm-svn: 353351
Summary:
Refactor the way /proc/self/maps entries are annotated to support most
(all?) posix platforms, with a special implementation for Android.
Extend the set of decorated Mmap* calls.
Replace shm_open with internal_open("/dev/shm/%s"). Shm_open is
problematic because it calls libc open() which may be intercepted.
Generic implementation has limits (max number of files under /dev/shm is
64K on my machine), which can be conceivably reached when sanitizing
multiple programs at once. Android implemenation is essentially free, and
enabled by default.
The test in sanitizer_common is copied to hwasan and not reused directly
because hwasan fails way too many common tests at the moment.
Reviewers: pcc, vitalybuka
Subscribers: srhines, kubamracek, jfb, llvm-commits, kcc
Differential Revision: https://reviews.llvm.org/D57720
llvm-svn: 353255
NDK r19 includes a sysroot that can be used directly by the compiler
without creating a standalone toolchain, so we just need a handful
of flags to point Clang there.
Differential Revision: https://reviews.llvm.org/D57733
llvm-svn: 353139
Summary:
This is the initial check-in for the Standalone version of Scudo.
The project is initially going to live in scudo/standalone then will
replace scudo. See http://lists.llvm.org/pipermail/llvm-dev/2019-January/129113.html
for details.
This initial CL is meant to lay out the project structure, of both
code & tests, providing a minimal amount of functionalities, namely
various definitions, some atomic helpers and an intrusive list.
(empty.cc is just here to have a compilation unit, but will go away
in the upcoming CLs).
Initial support is restricted to Linux i386 & x86_64 in make files
and will be extended once things land & work.
We will grow organically from here, adding functionalities in limited
amounts.
Reviewers: morehouse, eugenis, vitalybuka, kcc, mcgrathr, flowerhack
Reviewed By: morehouse, vitalybuka
Subscribers: srhines, mgorny, krytarowski, delcypher, jfb, #sanitizers, llvm-commits
Tags: #llvm, #sanitizers
Differential Revision: https://reviews.llvm.org/D57412
llvm-svn: 353055
Summary:
Enable tests that were previously disabled because they didn't work on
Windows.
Reviewers: morehouse
Reviewed By: morehouse
Subscribers: morehouse
Differential Revision: https://reviews.llvm.org/D57563
llvm-svn: 353000
The test seems to be failing because the module suppression file
contains a colon. I found that it was sufficient to just use the
basename of the suppression file.
While I was here, I noticed that we don't implement IsAbsolutePath for
Windows, so I added it.
llvm-svn: 352921
Summary:
Temporarily disable value-profile-cmp2.test on Win.
https://reviews.llvm.org/D57465 causes the test to fail on Win.
However, it seems that the behavior of libFuzzer on Win was broken
before that patch. It crashes in the exit handler when not used with
ASAN. Prior to the patch, the crash handler would run, tricking the
test into thinking libFuzzer on Win had exited properly.
Reviewers: morehouse, vitalybuka
Reviewed By: morehouse
Subscribers: yln
Differential Revision: https://reviews.llvm.org/D57551
llvm-svn: 352815
Summary:
Use RawPrint instead of Printf for instrumentation warning because
Printf doesn't work on Win when instrumentation is being
initialized (since OutputFile is not yet initialized).
Reviewers: kcc
Reviewed By: kcc
Differential Revision: https://reviews.llvm.org/D57531
llvm-svn: 352789
Support for -fsanitize-coverage=trace-pc[-guard] was removed from
libFuzzer, which makes this currently fail.
This commit aligns this Darwin-specific test with its Linux counterpart
which changed in this commit:
3a94519a77
llvm-svn: 352721
Summary:
Set default `ASAN_OPTIONS` when running libFuzzer tests. This allows us
to remove special casing in code for Darwin where we usually pass
`abort_on_error=0` to override platform defaults for tests.
A previous commit changed the code to make the tests pass:
7764a04af0
Adapted a few tests to use `%env_asan_opts=` instead of directly setting
the environment variable.
rdar://problem/47515276
Reviewers: kcc, george.karpenkov
Differential Revision: https://reviews.llvm.org/D57465
llvm-svn: 352711
Julian Lettner