TSan needs to use a custom malloc zone on OS X, which is already implemented in ASan. This patch is a refactoring patch (NFC) that extracts this from ASan into sanitizer_common, where we can reuse it in TSan.
Reviewed at http://reviews.llvm.org/D14330
llvm-svn: 252052
This reverts commit r250823.
Replacing at least some of empty
constructors with "= default" variants is a semantical change which we
don't want. E.g. __tsan::ClockBlock contains a union of large arrays,
and it's critical for correctness and performance that we don't memset()
these arrays in the constructor.
llvm-svn: 251717
Define WIN32_LEAN_AND_MEAN before including Windows.h. This is already being
done in some places. This does it more broadly. This permits building ASAN on
Linux for Winndows, as well as reduces the amount of included declarations.
llvm-svn: 251649
When ASan currently detects a bug, by default it will only print out the text
of the report to stderr. This patch changes this behavior and writes the full
text of the report to syslog before we terminate the process. It also calls
os_trace (Activity Tracing available on OS X and iOS) with a message saying
that the report is available in syslog. This is useful, because this message
will be shown in the crash log.
For this to work, the patch makes sure we store the full report into
error_message_buffer unconditionally, and it also strips out ANSI escape
sequences from the report (they are used when producing colored reports).
I've initially tried to log to syslog during printing, which is done on Android
right now. The advantage is that if we crash during error reporting or the
produced error does not go through ScopedInErrorReport, we would still get a
(partial) message in the syslog. However, that solution is very problematic on
OS X. One issue is that the logging routine uses GCD, which may spawn a new
thread on its behalf. In many cases, the reporting logic locks threadRegistry,
which leads to deadlocks.
Reviewed at http://reviews.llvm.org/D13452
(In addition, add sanitizer_common_libcdep.cc to buildgo.sh to avoid
build failures on Linux.)
llvm-svn: 251577
app_process32, when started via a shell script wrapper, needs a
different security context to satisty SELinux.
Patch by Abhishek Arya.
llvm-svn: 251572
When ASan currently detects a bug, by default it will only print out the text
of the report to stderr. This patch changes this behavior and writes the full
text of the report to syslog before we terminate the process. It also calls
os_trace (Activity Tracing available on OS X and iOS) with a message saying
that the report is available in syslog. This is useful, because this message
will be shown in the crash log.
For this to work, the patch makes sure we store the full report into
error_message_buffer unconditionally, and it also strips out ANSI escape
sequences from the report (they are used when producing colored reports).
I've initially tried to log to syslog during printing, which is done on Android
right now. The advantage is that if we crash during error reporting or the
produced error does not go through ScopedInErrorReport, we would still get a
(partial) message in the syslog. However, that solution is very problematic on
OS X. One issue is that the logging routine uses GCD, which may spawn a new
thread on its behalf. In many cases, the reporting logic locks threadRegistry,
which leads to deadlocks.
Reviewed at http://reviews.llvm.org/D13452
llvm-svn: 251447
- Trim spaces.
- Use nullptr in place of 0 for pointer variables.
- Use '!p' in place of 'p == 0' for null pointer checks.
- Add blank lines to separate function definitions.
- Add 'extern "C"' or 'namespace foo' comments after the appropriate
closing brackets
This is a continuation of work from 409b7b82. The focus here is on the
various sanitizers (not sanitizer_common, as before).
Patch by Eugene Zelenko!
Differential Revision: http://reviews.llvm.org/D13225
llvm-svn: 248966
This fixes a crash in pthread_create on linux/i386 due to abi
incompatibility between intercepted and non-intercepted functions.
See the test case for more details.
llvm-svn: 248325
This patch adds a runtime check for asan, dfsan, msan, and tsan for
architectures that support multiple VMA size (like aarch64). Currently
the check only prints a warning indicating which is the VMA built and
expected against the one detected at runtime.
llvm-svn: 247413
On recent OS X systems, blocks used as callbacks for XPC events (set up e.g. via xpc_connection_set_event_handler) are not later executed via the public libdispatch API (dispatch_async, etc). Because we don't intercept the path where the block is executed, we can fail to register the newly created dispatch thread. To fix that, let's intercept libxpc's APIs that take a block as a callback handler, and let's wrap these blocks in the same way as we do for libdispatch API.
Differential Revision: http://reviews.llvm.org/D12490
llvm-svn: 246961
All supported version of Android provide both "signal" and
"bsd_signal" libc exports. Binaries built for API level <21 call
bsd_signal; newer binaries call signal.
Simply intercept both.
Fixes AddressSanitizer.SignalTest on Android/x86.
llvm-svn: 246716
Summary:
Teach all sanitizers to call abort() instead of _exit() after printing
an error report, if requested. This behavior is the default on Mac OS.
Reviewers: kcc, kubabrecka
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D12332
llvm-svn: 246205
Summary:
This is another step in a multi-step refactoring to move add_sanitizer_rt_symbols in the direction of other add_* functions in compiler-rt.
Changes to CMakeLists files are all minimal except ubsan which tests the new ARCHS loop.
Further cleanup patches will follow.
Reviewers: filcab, bogner, kubabrecka, zaks.anna, glider, samsonov
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D12410
llvm-svn: 246199
Summary: This is the first step in a multi-step refactoring to move add_sanitizer_rt_symbols in the direction of other add_* functions in compiler-rt.
Reviewers: filcab, bogner, kubabrecka, zaks.anna, glider, samsonov
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D12386
llvm-svn: 246102
Summary: This is one more step to allow us to eliminate platform-specific code from the library CMakeLists files. Subsequent patches will refactor all call sites to use this and other new features.
Reviewers: filcab, bogner, kubabrecka, zaks.anna, glider, samsonov
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D12339
llvm-svn: 246047
Summary: This refactoring moves much of the Apple-specific behavior into a function in AddCompilerRT. The next cleanup patch will remove more of the if(APPLE) checks in the outlying CMakeLists.
This patch adds a bunch of new functionality to add_compiler_rt_runtime so that the target names don't need to be reconstructed outside the call. It also updates some of the call sites to exercise the new functionality, but does not update all uses fully. Subsequent patches will further update call sites and move to using the new features.
Reviewers: filcab, bogner, kubabrecka, zaks.anna, glider, samsonov
Subscribers: beanz, rengolin, llvm-commits
Differential Revision: http://reviews.llvm.org/D12292
llvm-svn: 245970
Previously we had to call __sanitizer_cov_dump() from tool-specific
callbacks - instead, let sanitizer_common library handle this in a
single place.
This is a re-application of r245770, with slightly different approach
taken.
llvm-svn: 245890
This is required to properly re-apply r245770:
1) We should be able to dump coverage in __sanitizer::Die() if coverage
collection is turned on.
2) We don't want to explicitly do this in every single
sanitizer that supports it.
3) We don't want to link in coverage (and therefore symbolization) bits
into small sanitizers that don't support it (safestack).
The solution is to make InitializeCoverage() register its own Die()
callback that would call __sanitizer_cov_dump(). This callback should be
executed in addition to another tool-specific die callbacks (if there
are any).
llvm-svn: 245889
These changes break both autoconf Mac OS X buildbot (linker errors
due to wrong Makefiles) and CMake buildbot (safestack test failures).
llvm-svn: 245784
Previously we had to call __sanitizer_cov_dump() from tool-specific
callbacks - instead, let sanitizer_common library handle this in a single place.
llvm-svn: 245770
Summary:
Merge "exitcode" flag from ASan, LSan, TSan and "exit_code" from MSan
into one entity. Additionally, make sure sanitizer_common now uses the
value of common_flags()->exitcode when dying on error, so that this
flag will automatically work for other sanitizers (UBSan and DFSan) as
well.
User-visible changes:
* "exit_code" MSan runtime flag is now deprecated. If explicitly
specified, this flag will take precedence over "exitcode".
The users are encouraged to migrate to the new version.
* __asan_set_error_exit_code() and __msan_set_exit_code() functions
are removed. With few exceptions, we don't support changing runtime
flags during program execution - we can't make them thread-safe.
The users should use __sanitizer_set_death_callback()
that would call _exit() with proper exit code instead.
* Plugin tools (LSan and UBSan) now inherit the exit code of the parent
tool. In particular, this means that ASan would now crash the program
with exit code "1" instead of "23" if it detects leaks.
Reviewers: kcc, eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D12120
llvm-svn: 245734
This patch adds support for asan on aarch64-linux with 42-bit VMA
(current default config for 64K pagesize kernels). The support is
enabled by defining the SANITIZER_AARCH64_VMA to 42 at build time
for both clang/llvm and compiler-rt. The default VMA is 39 bits.
For 42-bit VMA aarch64 uses SANITIZIER_CAN_USER_ALLOCATOR64.
llvm-svn: 245596
Summary:
There are a number of issues with unit tests on Darwin. These patches address the following:
* Unit tests should be passed -arch (-m32/-m64 isn't sufficient)
* Unit tests should be passed ${DARWIN_osx_CFLAGS} because they're being built for OS X
* Test architectures should be filtered based on base system capabilities (i.e. don't try running x86_64h tests on pre-haswell hardware).
Reviewers: bogner, filcab, kubabrecka
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D12174
llvm-svn: 245580
ASan uses GetProcAddress to get the address of malloc so it can patch
it. Newer versions of Windows make GetProcAddress initialize the DLL
before returning a function pointer into it. That's perfectly
reasonable, but ASan needs to finish patching malloc before CRT
initialization. So now we roll our own GetProcAddress.
Fixes PR24237
Based on a patch by David Major
Originally written by David Major as part of:
https://hg.mozilla.org/mozilla-central/file/tip/toolkit/xre/WindowsCrtPatch.h
llvm-svn: 245377
Summary: This patch consolidates add_compiler_rt_osx_static_runtime and add_compiler_rt_darwin_dynamic_runtime into a single new function add_compiler_rt_darwin_runtime.
Reviewers: filcab, samsonov, bogner
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D12106
llvm-svn: 245317
Summary: I've copy/pasted the LLVM_NOEXCEPT definition macro goo from LLVM's Compiler.h. Is there somewhere I should put this in Compiler RT? Is there a useful header to define/share things like this?
Reviewers: samsonov
Differential Revision: http://reviews.llvm.org/D11780
llvm-svn: 244453
The number of unaccessible pages at the beginning of the address
space can differ between processes on the same machine. Try different
values at runtime to protect as much memory as possible.
llvm-svn: 244364
This test was in an infinite loop in AArch64. We're investigating it
on PR24389, but I'm disabling it for now, so that we continue testing
everything else.
llvm-svn: 244316
This patch enables asan for aarch64/linux. It marks it as 'unstable-release',
since some tests are failing due either kernel missing support of non-executable
pages in mmap or environment instability (infinite loop in juno reference
boards).
It sets decorate_proc_maps test to require stable-release, since the test expects
the shadow memory to not be executable and the support for aarch64 is only
added recently by Linux (da141706aea52c1a9 - 4.0).
It also XFAIL static_tls test for aarch64 linker may omit the __tls_get_addr call
as a TLS optimization.
llvm-svn: 244054
We currently have a dyld check in DyldNeedsEnvVariable that detects whether we are on a new OS X (10.11+) where we don't need to re-exec. For iOS simulator, we have a dlsym() hack that checks for a specific symbol, but this turns out to be fragile and problematic, because dlsym can sometimes call malloc(), which is not a good idea this early in the process runtime.
Let's instead of this do a direct comparison of dyld's version, which is exported in a public symbol `dyldVersionNumber`.
Differential Revision: http://reviews.llvm.org/D11719
llvm-svn: 243879
ASan shadow on Android starts at address 0 for both historic and
performance reasons. This is possible because the platform mandates
-pie, which makes lower memory region always available.
This is not such a good idea on 64-bit platforms because of MAP_32BIT
incompatibility.
This patch changes Android/AArch64 mapping to be the same as that of
Linux/AAarch64.
llvm-svn: 243548
Rename getBinaryBasename() to getProcessName() and, on Linux,
read it from /proc/self/cmdline instead of /proc/self/exe. The former
can be modified by the process. The main motivation is Android, where
application processes re-write cmdline to a package name. This lets
us setup per-application ASAN_OPTIONS through include=/some/path/%b.
llvm-svn: 243473
This sets the default ASan flags to abort_on_error=1 on OS X. For unit tests and lit tests we set ASAN_OPTIONS back to abort_on_error=0 before running the tests (to avoid crashing). I added two tests that intentionally don't respect the default ASAN_OPTIONS to test the behavior of an empty ASAN_OPTIONS (on OS X we should crash, on Linux we should exit()).
Differential Revision: http://reviews.llvm.org/D7203
llvm-svn: 243418
There are some test failures after r243003 and r243004 ("Rename the ABI
versioning symbol to '__asan_version_mismatch_check' instead abusing
'__asan_init'"). See http://reviews.llvm.org/D11004
llvm-svn: 243007
There are some test failures after r243003 and r243004 ("Rename the ABI
versioning symbol to '__asan_version_mismatch_check' instead abusing
'__asan_init'"). See http://reviews.llvm.org/D11004
llvm-svn: 243005
We currently version `__asan_init` and when the ABI version doesn't match, the linker gives a `undefined reference to '__asan_init_v5'` message. From this, it might not be obvious that it's actually a version mismatch error. This patch makes the error message much clearer by changing the name of the undefined symbol to be `__asan_version_mismatch_check_xxx` (followed by the version string). We obviously don't want the initializer to be named like that, so it's a separate symbol that is used only for the purpose of version checking.
Reviewed at http://reviews.llvm.org/D11004
llvm-svn: 243004
Summary:
On Windows, thread injection by the kernel or other running processes is
a fairly common occurrence, so ASan should be resilient to it. The
comments on GetCurrentThread() say that it can return null, so we
shouldn't be CHECK failing if it does.
Sending control-C is one way to get the kernel to inject a thread into
your process, so I wrote a test around it.
Reviewers: llvm-commits
Subscribers: samsonov
Differential Revision: http://reviews.llvm.org/D11426
llvm-svn: 242948
include_if_exists=/path/to/sanitizer/options reads flags from the
file if it is present. "%b" in the include file path (for both
variants of the flag) is replaced with the basename of the main
executable.
llvm-svn: 242853
Since the CoreFoundation allocator replacement was moved in r173134, all
implementations of this function have been empty.
Reviewers: samsonov
Differential Revision: http://reviews.llvm.org/D11375
llvm-svn: 242811
ASan unit tests don't depend on the symbolizer and they never test its output, but currently they still run it for every crash. This patch simply disables the symbolizer for unit tests, which provides some speed up. On my system (OS X) that's about 1.4x faster, but this could be potentially much more e.g. when using atos on OS X.
Differential Revision: http://reviews.llvm.org/D11353
llvm-svn: 242677
On OS X 10.11 (which is currently a public beta), the dynamic linker has been improved so that it doesn't require the use of DYLD_INSERT_LIBRARIES in order for interposition/wrappers to work. This patch adds support of this behavior into ASan – we no longer need to re-exec in case the env. variable is not set.
Reviewed at http://reviews.llvm.org/D10924
llvm-svn: 241487
Summary:
This is one of many changes needed for compiler-rt to get it building on iOS.
This change ifdefs out headers and functionality that aren't available on iOS, and adds support for iOS and the iOS simulator to as an.
Note: this change does not enable building for iOS, as there are more changes to come.
Reviewers: glider, kubabrecka, bogner, samsonov
Reviewed By: samsonov
Subscribers: samsonov, zaks.anna, llvm-commits
Differential Revision: http://reviews.llvm.org/D10515
llvm-svn: 240469
Summary:
This is one of many changes needed for compiler-rt to get it building on iOS.
This change does the following:
- Don't include crt_externs on iOS (it isn't available)
- Support ARM thread state objects
Note: this change does not enable building for iOS, as there are more changes to come.
Reviewers: glider, kubabrecka, bogner, samsonov
Reviewed By: samsonov
Subscribers: samsonov, aemerson, llvm-commits
Differential Revision: http://reviews.llvm.org/D10510
llvm-svn: 240467
Summary:
Use CMake's cmake_parse_arguments() instead.
It's called in a slightly different way, but supports all our use cases.
It's in CMake 2.8.8, which is our minimum supported version.
CMake 3.0 doc (roughly the same. No direct link to 2.8.8 doc):
http://www.cmake.org/cmake/help/v3.0/module/CMakeParseArguments.html?highlight=cmake_parse_arguments
Since I was already changing these calls, I changed ARCH and LIB into
ARCHS and LIBS to make it more clear that they're lists of arguments.
Reviewers: eugenis, samsonov, beanz
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D10529
llvm-svn: 240120
Summary:
This change takes darwin-specific goop that was scattered around CMakeLists files and spread between add_compiler_rt_object_library and add_compiler_rt_darwin_object_library and moves it all under add_compiler_rt_object_library.
The goal of this is to try to push platform handling as low in the utility functions as possible.
Reviewers: rnk, samsonov
Reviewed By: rnk, samsonov
Subscribers: rnk, rsmith, llvm-commits
Differential Revision: http://reviews.llvm.org/D10250
llvm-svn: 239498
This is done by creating a named shared memory region, unlinking it
and setting up a private (i.e. copy-on-write) mapping of that instead
of a regular anonymous mapping. I've experimented with regular
(sparse) files, but they can not be scaled to the size of MSan shadow
mapping, at least on Linux/X86_64 and ext3 fs.
Controlled by a common flag, decorate_proc_maps, disabled by default.
This patch has a few shortcomings:
* not all mappings are annotated, especially in TSan.
* our handling of memset() of shadow via mmap() puts small anonymous
mappings inside larger named mappings, which looks ugly and can, in
theory, hit the mapping number limit.
llvm-svn: 238621
CMake pre-3.1 has a bug where a shared library depending on a custom_target
does not really depend on it.
This commit implements a hilariously ugly workaround for this problem, see
code comments for more details.
llvm-svn: 238367
Current code tries to find the dynamic TLS header to the left of the
TLS block without checking that it's not a static TLS allocation.
llvm-svn: 237495
Summary:
During the review of http://reviews.llvm.org/D9199 where I had originally
changed the debug_mapping.cc test to accept hexadecimal values, we realized
that SHADOW_SCALE and SHADOW_GRANULARITY ought to be printed as decimal values.
This patch makes that change.
This patch also adds a '0x' prefix to the SHADOW_OFFSET to make it clear that
it is hexadecimal while the other two are decimal.
Reviewers: kcc, timurrrr, samsonov
Reviewed By: timurrrr, samsonov
Subscribers: samsonov, llvm-commits, sagar
Differential Revision: http://reviews.llvm.org/D9224
llvm-svn: 235798
The patch is generated using clang-tidy misc-use-override check.
This command was used:
tools/clang/tools/extra/clang-tidy/tool/run-clang-tidy.py \
-checks='-*,misc-use-override' -header-filter='llvm|clang' -j=32 -fix \
-format
llvm-svn: 234680
On Windows, we have to know if a memory to be protected is mapped or not.
On POSIX, Mprotect was semantically different from mprotect most people know.
llvm-svn: 234602
This patch is related to Issue 346: moar string interceptors: strstr, strcasestr, strcspn, strpbrk
As was suggested in original review http://reviews.llvm.org/D6056 a new "strict_string_checks" run-time flag introduced.
The flag support applied for existing common, asan, msan and tsan interceptors. New asan tests added.
Change by Maria Guseva reviewed in http://reviews.llvm.org/D7123
llvm-svn: 234187
Summary:
Change the way we use ASan and UBSan together. Instead of keeping two
separate runtimes (libclang_rt.asan and libclang_rt.ubsan), embed UBSan
into ASan and get rid of libclang_rt.ubsan. If UBSan is not supported on
a platform, all UBSan sources are just compiled into dummy empty object
files. UBSan initialization code (e.g. flag parsing) is directly called
from ASan initialization, so we are able to enforce correct
initialization order.
This mirrors the approach we already use for ASan+LSan. This change
doesn't modify the way we use standalone UBSan.
Test Plan: regression test suite
Reviewers: kubabrecka, zaks.anna, rsmith, kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D8646
llvm-svn: 233861
The experiments can be used to evaluate potential optimizations that remove
instrumentation (assess false negatives). Instead of completely removing
some instrumentation, you set Exp to a non-zero value (mask of optimization
experiments that want to remove instrumentation of this instruction).
If Exp is non-zero, this pass will emit special calls into runtime
(e.g. __asan_report_exp_load1 instead of __asan_report_load1). These calls
make runtime terminate the program in a special way (with a different
exit status). Then you run the new compiler on a buggy corpus, collect
the special terminations (ideally, you don't see them at all -- no false
negatives) and make the decision on the optimization.
The exact reaction to experiments in runtime is not implemented in this patch.
It will be defined and implemented in a subsequent patch.
http://reviews.llvm.org/D8198
llvm-svn: 232501
The problem is that without SA_RESTORER flag, kernel ignores the handler. So tracer actually did not setup any handler.
Add SA_RESTORER flag when setting up handlers.
Add a test that causes SIGSEGV in stoptheworld callback.
Move SignalContext from asan to sanitizer_common to print better diagnostics about signal in the tracer thread.
http://reviews.llvm.org/D8005
llvm-svn: 230978
Revise the fix to https://code.google.com/p/address-sanitizer/issues/detail?id=178:
always disable strict init-order checking the first time dlopen() is
called: at this point shared library is allowed to access globals
defined in the main executable, as they are guaranteed to be
initialized. Revise the test cases:
* simplify init-order-dlopen.cc test case: make it Linux-specific
(there's no strict init-order checking on other platforms anyway),
and single-threaded.
* reinforce init-order-pthread-create.cc test case: make sure that
init-order checker would produce a false positive unless we
turn it off at the moment we call pthread_create().
llvm-svn: 230288
This reverts commit r230019, as it was breaking the ARM sanitizer buildbot
and let other errors be introduced since it wasn't fixed/reverted in
time.
llvm-svn: 230179
SuppressionContext is no longer a singleton, shared by all sanitizers,
but a regular class. Each of ASan, LSan, UBSan and TSan now have their
own SuppressionContext, which only parses suppressions specific to
that sanitizer.
"suppressions" flag is moved away from common flags into tool-specific
flags, so the user now may pass
ASAN_OPTIONS=suppressions=asan_supp.txt LSAN_OPIONS=suppressions=lsan_supp.txt
in a single invocation.
llvm-svn: 230026
They autotools build has a number of missing features, supports less
OS, architectures, build configurations, doesn't have any tests and
is hard to support in sync with CMake build.
llvm-svn: 229556
Summary:
LSan can be combined with a parent tool (for now it's only ASan).
Also, we allow LSAN_OPTIONS to override certain common flags. It means
we have to parse LSAN_OPTIONS early enough, before the rest of the
parent tool (including chunks of sanitizer_common) is initialized.
In future, we can use the same approach for UBSan, after we embed it
into ASan runtime in a similar way.
Test Plan: regression test suite
Reviewers: earthdok, eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D7577
llvm-svn: 229519
Android devices may not support 'adb root', but be rooted with 'su'
binary. This patch makes it possible to install ASAN to such
devices. When --use-su flag is specified, most 'adb ...' commangs are
changed to 'adb su -c "..."'.
Some other notes:
* 'readlink' changed to 'ls -l', since not all devices have readlink
in their firmware.
* removing ASan library step moved to very end, because 'su' may not
run properly without this library until shell will be restarted.
Patch by Dmitry <ripp at yandex-team dot ru>.
llvm-svn: 229368
We currently skip all "Noinst" unit tests on OS X, which was probably caused when we removed the "allow_reexec" flag. The MaybeReexec function fails to re-execute when the runtime is linked statically, because there is no dylib to use. This patch adds an explicit DisableReexec function that is used from asan_noinst_test.cc and the runtime then doesn't try to re-execute.
Reviewed at http://reviews.llvm.org/D7493
llvm-svn: 228740
MaybeReexec() in asan_mac.cc checks for presence of the ASan dylib in DYLD_INSERT_LIBRARIES, and if it is there, it will process this env. var. and remove the dylib from its value, so that spawned children don't have this variable set. However, the current implementation only works when using a canonical absolute path to the dylib, it fails to remove the dylib for example when using @executable_path.
This patch changes the processing of DYLD_INSERT_LIBRARIES to comparing values only based on filenames (ignoring directories).
Reviewed at http://reviews.llvm.org/D7160
llvm-svn: 228392
In both CMake and Makefiles, we are inconsistent about the use of libstdc++ vs. libc++, SDKs and minimum deployment targets for OS X. Let's fix the detection of SDKs, and let's explicitely set that we link against libc++ and mmacosx-version-min is 10.7.
llvm-svn: 227509
asan_symbolize.py isn't needed on Windows, but it's nice if asan has a unified
UI on all platforms. So rather than have asan_symolize.py die on startup due to
it importing modules that don't exist on Windows, let it just echo the input.
llvm-svn: 227326
Make sure "void *ctx" doesn't point to an object which already went out
of scope. This might also fix -Wuninitialized warnings GCC 4.7 produces
while building ASan runtime.
llvm-svn: 227258
The idea is to ensure that the ASan runtime gets initialized early (i.e.
before other initializers/constructors) even when DYLD_INSERT_LIBRARIES
is not used. In that case, the interceptors are not installed (on OS X,
DYLD_INSERT_LIBRARIES is required for interceptors to work), and therefore
ASan gets currently initialized quite late -- from the main executable's
module initializer. The following issues are a consequence of this:
https://code.google.com/p/address-sanitizer/issues/detail?id=363https://code.google.com/p/address-sanitizer/issues/detail?id=357
Both of them are fixed with this patch.
Reviewed at http://reviews.llvm.org/D7117
llvm-svn: 226929
This patch is a proposed solution for https://code.google.com/p/address-sanitizer/issues/detail?id=375:
When the stacktraces are captured and printed by ASan itself, they are fine, but when the program has already printed the report (or is just printing it), capturing a stacktrace via other means is broken. "Other means" include OS X CrashReporter, debuggers or calling backtrace() within the program. For example calling backtrace() from a sanitizer_set_death_callback function prints a very truncated stacktrace.
Reviewed at http://reviews.llvm.org/D7103
llvm-svn: 226878
By attaching an extra integer tag to heap origins, we are able
to distinguish between uninits
- created by heap allocation,
- created by heap deallocation (i.e. use-after-free),
- created by __msan_allocated_memory call,
- etc.
See https://code.google.com/p/memory-sanitizer/issues/detail?id=35.
llvm-svn: 226821
The new parser is a lot stricter about syntax, reports unrecognized
flags, and will make it easier to implemented some of the planned features.
llvm-svn: 226169
This mirrors r225239 to all the rest sanitizers:
ASan, DFSan, LSan, MSan, TSan, UBSan.
Now the runtime flag type, name, default value and
description is located in the single place in the
.inc file.
llvm-svn: 225327
Fix test failures by introducing CommonFlags::CopyFrom() to make sure
compiler doesn't insert memcpy() calls into runtime code.
Original commit message:
Protect CommonFlags singleton by adding const qualifier to
common_flags() accessor. The only ways to modify the flags are
SetCommonFlagsDefaults(), ParseCommonFlagsFromString() and
OverrideCommonFlags() functions, which are only supposed to be
called during initialization.
llvm-svn: 225088
We've got some internal users that either aren't compatible with this or
have found a bug with it. Either way, this is an isolated cleanup and so
I'm reverting it to un-block folks while we investigate. Alexey and
I will be working on fixing everything up so this can be re-committed
soon. Sorry for the noise and any inconvenience.
llvm-svn: 225079
This is a re-commit of r224838 + r224839, previously reverted in r224850.
Test failures were likely (still can not reproduce) caused by two lit tests
using the same name for an intermediate build target.
llvm-svn: 224853
This is mostly useful for testing, as the only other way of specifying
activation options (Android system property) is system-wide and affects
concurrently running tests.
llvm-svn: 224824
Summary:
Protect CommonFlags singleton by adding const qualifier to
common_flags() accessor. The only ways to modify the flags are
SetCommonFlagsDefaults(), ParseCommonFlagsFromString() and
OverrideCommonFlags() functions, which are only supposed to be
called during initialization.
Test Plan: regression test suite
Reviewers: kcc, eugenis, glider
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6741
llvm-svn: 224736
As mentioned in
https://code.google.com/p/address-sanitizer/issues/detail?id=365, when the
re-exec that adds the required DYLD_INSERT_LIBRARIES variable fails, ASan
currently continues to run, but things are broken (some memory can be
overwritten, interceptors don't work, ...). This patch aborts if the execv()
fails and prints an error message that DYLD_INSERT_LIBRARIES is required. It
also removes the "alllow_reexec" flag, since using it causes the same issues.
Reviewed at http://reviews.llvm.org/D6752
llvm-svn: 224712
NULL handler
Per
https://developer.apple.com/library/mac/documentation/Performance/Reference/GCD_libdispatch_Ref/index.html,
the dispatch_source_set_cancel_handler() API *can* be called with a NULL
handler. In that case, the libdispatch removes an already existing cancellation
handler, if there was one. ASan's interceptor always creates a new block that
always tries to call the original handler. In case the original block is NULL,
a segmentation fault happens. Let's fix that by not wrapping a NULL-block at
all.
It looks like all the other libdispatch APIs (which we intercept) do *not*
allow NULL. So it's really only the dispatch_source_set_cancel_handler one that
needs this fix.
Reviewed at http://reviews.llvm.org/D6747
llvm-svn: 224711
Add CommonFlags::SetDefaults() and CommonFlags::ParseFromString(),
so that this object can be easily tested. Enforce
that ParseCommonFlagsFromString() and SetCommonFlagsDefaults()
work only with singleton CommonFlags, shared across all sanitizer
runtimes.
llvm-svn: 224617
Now ASan deactivation doesn't modify common or ASan-specific runtime
flags. Flags stay constant after initialization, and "deactivation"
instead stashes initialized runtime state, and deactivates the
runtime. Activation then just restores the original state (possibly,
overriden by some activation flags provided in system property on
Android).
llvm-svn: 224614
Summary:
Reduce the dependency of allocator code on runtime flags. Instead,
pass a bunch of options that configure allocator behavior at
initialization or re-initialization. That would allow us to
cleaner modify allocator behavior during a program execution
when ASan is activated or de-activated.
Test Plan: regression test suite
Reviewers: kcc
Subscribers: llvm-commits, eugenis
Differential Revision: http://reviews.llvm.org/D6711
llvm-svn: 224605
Summary:
Change the way ASan flag parsing is performed at activation: instead
of overwriting all ASan and common flags from the activation string,
ASan will now only override a handful of whitelisted flags.
This is a first step towards making runtime flags immutable after
initialization. I plan to re-factor the activation stragegy to
the following one:
- Parse commandline flags. Override the defaults from compile
definition, env var, etc. Flags are immutable at this point.
- Initiailize the runtime from commandline flags.
- If ASan needs to be started deactivated, stash the runtime
state in "asan_deactivated_flags" and deactivate the runtime.
- When ASan is activated, override "asan_deactivated_flags" with
activation flags, and use it to re-activate the runtime.
Test Plan: regression test suite
Reviewers: eugenis, kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6709
llvm-svn: 224601
This commit changes the strategy for building shared ASan runtime
and the way we test it:
- COMPILER_RT_BUILD_SHARED_ASAN CMake option is removed. We now
always build shared ASan runtime (it is the default on Android,
Windows and Mac, and not the default on Linux and FreeBSD).
- Platforms, which use static runtime by default now have
"check-asan-dynamic" testsuite. This testsuite contains instrumented
unit tests, and ASan lit tests, and runs them with shared ASan
runtime. This testsuite is *not* a part of "check-asan" and
*not* a part of "check-all", as adding 1000 more test cases, which
duplicate existing ones is costly. However, you're welcome to
add this command to your buildbot.
llvm-svn: 224470
Introduce "Allocator" object, which contains all the bits and pieces
ASan allocation machinery actually use: allocator from sanitizer_common,
quarantine, fallback allocator and quarantine caches, fallback mutex.
This step is a preparation to adding more state to this object. We want
to reduce dependency of Allocator on commandline flags and be able to
"safely" modify its behavior (such as the size of the redzone) at
runtime.
llvm-svn: 224406
SetCanPoisonMemory()/CanPoisonMemory() functions are now used
instead of "poison_heap" flag to determine if ASan is allowed
to poison the shadow memory. This allows to hot-patch this
value in runtime (e.g. during ASan activation) without introducing
a data race.
llvm-svn: 224395
Summary:
Introduce __asan::malloc_context_size atomic that is used to determine
required malloc/free stack trace size. It is initialized with
common_flags()->malloc_context_size flag, but can later be overwritten
at runtime (e.g. when ASan is activated / deactivated).
Test Plan: regression test suite
Reviewers: kcc, eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6645
llvm-svn: 224305
Summary:
Turn "allocator_may_return_null" common flag into an
Allocator::may_return_null bool flag. We want to make sure
that common flags are immutable after initialization. There
are cases when we want to change this flag in the allocator
at runtime: e.g. in unit tests and during ASan activation
on Android.
Test Plan: regression test suite, real-life applications
Reviewers: kcc, eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6623
llvm-svn: 224148
This commit changes the way we get fake stack from ASan runtime
(to find use-after-return errors) and the way we represent local
variables:
- __asan_stack_malloc function now returns pointer to newly allocated
fake stack frame, or NULL if frame cannot be allocated. It doesn't
take pointer to real stack as an input argument, it is calculated
inside the runtime.
- __asan_stack_free function doesn't take pointer to real stack as
an input argument. Now this function is never called if fake stack
frame wasn't allocated.
- __asan_init version is bumped to reflect changes in the ABI.
- new flag "-asan-stack-dynamic-alloca" allows to store all the
function local variables in a dynamic alloca, instead of the static
one. It reduces the stack space usage in use-after-return mode
(dynamic alloca will not be called if the local variables are stored
in a fake stack), and improves the debug info quality for local
variables (they will not be described relatively to %rbp/%rsp, which
are assumed to be clobbered by function calls). This flag is turned
off by default for now, but I plan to turn it on after more
testing.
llvm-svn: 224063
In the current scheme of things, the call to ThreadStart() in the child
thread is not synchronized with the parent thread. So, if a pointer is passed to
pthread_create, there may be a window of time during which this pointer will not
be discoverable by LSan. I.e. the pthread_create interceptor has already
returneed and thus the pointer is no longer on the parent stack, but we don't
yet know the location of the child stack. This has caused bogus leak reports
(see http://llvm.org/bugs/show_bug.cgi?id=21621/).
This patch makes the pthread_create interceptor wait until the child thread is
properly registered before returning.
llvm-svn: 223419
Summary:
TestCases/Linux/heavy_uar_test.cc was failing on my
PowerPC64 box with GCC 4.8.2, because the compiler recognised
a memset-like loop and turned it into a call to memset, which
got intercepted by __asan_memset, which got upset because it was
being called on an address in high shadow memory.
Use break_optimization to stop the compiler from doing this.
Reviewers: kcc, samsonov
Reviewed By: kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6266
llvm-svn: 222572
Let the users of SymbolizationLoop define a function that produces the list of .dSYM hints (possible path to the .dSYM bundle) for the given binary.
Because the hints can't be added to an existing llvm-symbolizer process, we spawn a new symbolizer process ones each time a new hint appears.
Those can only appear for binaries that we haven't seen before.
llvm-svn: 222535
Reviewed at http://reviews.llvm.org/D6238
ASan on Darwin during launch reads DYLD_INSERT_LIBRARIES env. variable and if it's not set or if the ASan dylib is not present in there, it relaunches the process. The check whether the dylib is present in the variable is now trying to find a full path in there. This fails in the scenarios where we want to copy the dylib to the executable's directory or somewhere else and set the DYLD_INSERT_LIBRARIES manually, see http://reviews.llvm.org/D6018.
Let's change the search in DYLD_INSERT_LIBRARIES to only look for the filename of the dylib and not the full path.
llvm-svn: 222297
MSanDR is a dynamic instrumentation tool that can instrument the code
(prebuilt libraries and such) that could not be instrumented at compile time.
This code is unused (to the best of our knowledge) and unmaintained, and
starting to bit-rot.
llvm-svn: 222232
Summary:
AsanOnSIGSEGV has some heuristics for detecting stack overflow, but
they don't cope with a PowerPC store-with-update instruction which
modifies sp and stores to the modified address in one instruction.
This patch adds some PowerPC-specific code to check for this case.
This fixes the last few cases of the stack-overflow test.
Reviewers: kcc, samsonov, eugenis
Reviewed By: eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6253
llvm-svn: 222001
Summary:
The option -asan-instrument-assembly is declared in the X86 backend.
If I test on PowerPC configured with LLVM_TARGETS_TO_BUILD=All then the
option is tolerated but ignored.
If I test on PowerPC configured with LLVM_TARGETS_TO_BUILD=PowerPC then
the testsuite fails with:
[ 93%] Generating ASAN_INST_TEST_OBJECTS.gtest-all.cc.powerpc64-inline.o
clang (LLVM option parsing): Unknown command line argument '-asan-instrument-assembly'. Try: 'clang (LLVM option parsing) -help'
Fix this inconsistency by only adding the option if that toolchain was
built with the X86 backend included.
Reviewers: kcc, samsonov, eugenis
Reviewed By: eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6190
llvm-svn: 221687
Summary:
Tweak the asan stack overflow heuristics to cope with PowerPC64 redzones,
which are larger than on x86-64: 288 bytes for big-endian and 512 bytes
for little-endian.
Reviewers: kcc, willschm, samsonov, eugenis
Reviewed By: samsonov, eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6168
llvm-svn: 221578
for both PPC64 Big and Little endian modes, so also eliminates the need for
the BIG_ENDIAN/LITTLE_ENDIAN #ifdeffery.
By trial and error, it also looks like the kPPC64_ShadowOffset64 value is
valid using (1ULL << 41) for both BE and LE, so that #if/#elif/#endif block
has also been simplified.
Differential Revision: http://reviews.llvm.org/D6044
llvm-svn: 221457
Change the LC_ID_DYLIB of ASan's dynamic libraries on OS X to be set to "@rpath/libclang_rt.asan_osx_dynamic.dylib" and similarly for iossim. Clang driver then sets the "-rpath" to be the real path to where clang currently has the dylib (because clang uses the relative path to its current executable). This means if you move the compiler or install the binary release, -fsanitize=address will link to the proper library.
Reviewed at http://reviews.llvm.org/D6018
llvm-svn: 221278
introduce a BufferedStackTrace class, which owns this array.
Summary:
This change splits __sanitizer::StackTrace class into a lightweight
__sanitizer::StackTrace, which doesn't own array of PCs, and BufferedStackTrace,
which owns it. This would allow us to simplify the interface of StackDepot,
and eventually merge __sanitizer::StackTrace with __tsan::StackTrace.
Test Plan: regression test suite.
Reviewers: kcc, dvyukov
Reviewed By: dvyukov
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D5985
llvm-svn: 220635
__ANDROID__ is a define that comes from the toolchain when building
for Android targets. ANDROID has a different meaning. ANDROID is
defined for _every_ Android build, including those done for host
modules. For host modules, we want to build the regular Linux
sanitizers and builtins, not the one for Android devices. This hasn't
been a problem until now because we only just started building the
sanitizers for the host.
llvm-svn: 220203
Whitespace update for lint check by myself (Will). Otherwise code and comments by Peter Bergner, as previously seen on llvm-commits.
The following patch gets ASAN somewhat working on powerpc64le-linux.
It currently assumes the LE kernel uses 46-bit addressing, which is
true, but it doesn't solve the case for BE where it may be 44 or
46 bits. That can be fixed with a follow on patch.
There are some test suite fails even with this patch that I haven't had
time to solve yet, but this is better than the state it is in now.
The limited debugging of those test suite fails seems to show that the
address map for 46-bit addressing has changed and so we'll need to
modify the shadow memory location slightly. Again, that can be fixed
with a follow on patch.
llvm-svn: 219827
Updated the URL to reflect information on the problem as well as build the
case for ARM. This seems to be a wider problem, not ARM or PPC specific.
llvm-svn: 219680
Allows to specify the unwinder to use for CHECK failures. Previous behaviour
was to use the "fatal" unwinder.
As compiler-rt is built without frame pointers, only the slow unwinder
really makes sense here, and it is the default.
llvm-svn: 219677
Mike Aizatsky