| Age | Commit message (Collapse) | Author |
|---|
|
ASan allocator stores the requested alignment for new and new[] calls
and on delete and delete[] verifies that alignments do match.
The representable alignments are: default alignment, 8, 16, 32, 64, 128,
256 and 512 bytes. Alignments > 512 are stored as 512, hence two
different alignments > 512 will pass the check (possibly masking the bug),
but limited memory requirements deemed to be a resonable tradeoff for
relaxed conditions.
The feature is controlled by new_delete_type_mismatch flag, the same one
protecting new/delete matching size check.
Differential revision: https://reviews.llvm.org/D38574
Issue: https://github.com/google/sanitizers/issues/799
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@316595 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Submitted on behalf of Roland McGrath.
Reviewers: vitalybuka, alekseyshl, kcc
Reviewed By: alekseyshl
Subscribers: srhines, cryptoad, kubamracek, phosek, filcab, llvm-commits
Tags: #sanitizers
Differential Revision: https://reviews.llvm.org/D36190
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@309914 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
r304285 - [sanitizer] Avoid possible deadlock in child process after fork
r304297 - [sanitizer] Trying to fix MAC buildbots after r304285
These changes create deadlock when Tcl calls pthread_create from a
pthread_atfork child handler. More info in the original review at
https://reviews.llvm.org/D33325
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@304735 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This patch addresses https://github.com/google/sanitizers/issues/774. When we
fork a multi-threaded process it's possible to deadlock if some thread acquired
StackDepot or allocator internal lock just before fork. In this case the lock
will never be released in child process causing deadlock on following memory alloc/dealloc
routine. While calling alloc/dealloc routines after multi-threaded fork is not allowed,
most of modern allocators (Glibc, tcmalloc, jemalloc) are actually fork safe. Let's do the same
for sanitizers except TSan that has complex locking rules.
Differential Revision: https://reviews.llvm.org/D33325
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@304285 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
With rL279771, SizeClassAllocator64 was changed to accept only one template
instead of 5, for the following reasons: "First, this will make the mangled
names shorter. Second, this will make adding more parameters simpler". This
patch mirrors that work for SizeClassAllocator32.
This is in preparation for introducing the randomization of chunks in the
32-bit SizeClassAllocator in a later patch.
Reviewers: kcc, alekseyshl, dvyukov
Reviewed By: alekseyshl
Subscribers: llvm-commits, kubamracek
Differential Revision: https://reviews.llvm.org/D33141
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@303071 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: Improved ASAN allocator and quarantine stats.
Reviewers: eugenis
Patch by Alex Shlyapnikov.
Subscribers: llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D28333
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@291183 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: Make thread local quarantine size an option so it can be turned off to save memory.
Reviewers: eugenis
Patch by Alex Shlyapnikov.
Subscribers: kubabrecka, llvm-commits
Differential Revision: https://reviews.llvm.org/D28027
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@290373 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
In order to avoid starting a separate thread to return unused memory to
the system (the thread interferes with process startup on Android,
Zygota waits for all threads to exit before fork, but this thread never
exits), try to return it right after free.
Reviewers: eugenis
Subscribers: cryptoad, filcab, danalbert, kubabrecka, llvm-commits
Patch by Aleksey Shlyapnikov.
Differential Revision: https://reviews.llvm.org/D27003
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@288091 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
ASAN on Windows 64-bits should use a dynamic address instead of a fixed one.
The asan-allocator code to support dynamic address is already landed.
This patch is turning on the feature.
Reviewers: rnk
Subscribers: kubabrecka, dberris, llvm-commits, chrisha
Differential Revision: https://reviews.llvm.org/D24575
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@281522 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This uses the "very compact" size class mapping that fits in the
39-bit address space.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@281371 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
under a flag. Set this flag for the scudo allocator, add a test.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@279793 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
parameter instead of 5. First, this will make the mangled names shorter. Second, this will make adding more parameters simpler.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@279771 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@279547 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the same name as the enum)
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@278919 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
function to get all the information about the address, and one to print it.
Summary:
Replacement for part of D23518
This deals with heap addresses, and renames DescribeHeapAddress.
Requires D23520, which moves code around to make it accessible in asan_describers.cc (and still accessible in asan_report.cc if needed).
Reviewers: kcc, samsonov
Subscribers: kubabrecka, llvm-commits
Differential Revision: https://reviews.llvm.org/D23569
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@278917 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
memory profiler; asan/Linux-only for now)
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@271463 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
This (partially) implements the check mentioned at
http://kristerw.blogspot.co.uk/2016/04/dangling-pointers-and-undefined-behavior.html
(via John Regehr)
Quoting:
"That the behavior is undefined follows from C11 6.2.4 "Storage
durations of objects"
The lifetime of an object is the portion of program execution during
which storage is guaranteed to be reserved for it. An object exists, has
a constant address, and retains its last-stored value throughout its
lifetime. If an object is referred to outside of its lifetime, the
behavior is undefined. The value of a pointer becomes indeterminate when
the object it points to (or just past) reaches the end of its lifetime.
and 7.22.3 "Memory management functions" that says that free ends the
lifetime of objects
The lifetime of an allocated object extends from the allocation until
the deallocation.
"
We can probably implement this for stack variables too, but I think this
is a good start to see if there's interest in this check.
We can also hide this behind a flag, too.
Reviewers: samsonov, kcc, rsmith, regehr
Subscribers: kubabrecka, llvm-commits
Differential Revision: http://reviews.llvm.org/D19691
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268097 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
ucrtbase.dll appears to be built with some kind of cross-module
inlining, because there are calls to imported Heap* routines sprinkled
throughout the code. This inlining defeats our attempts to hotpatch
malloc, _malloc_base, and related functions. Failing to intercept an
allocation or deallocation results in a crash when the program attempts
to deallocate or reallocate memory with the wrong allocator.
This change patches the IAT of ucrtbase.dll to replace the addresses of
the imported Heap* functions with implementations provided by ASan. We
don't globally intercept the win32 Heap* functions because they are
typically used by system DLLs that run before ASan initializes.
Eventually, we may want to intercept them, but for now I think this is
the minimal change that will keep ASan stable.
Reviewers: samsonov
Differential Revision: http://reviews.llvm.org/D18413
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@264327 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This patch adds support for asan on aarch64-linux with 42-bit VMA
(current default config for 64K pagesize kernels). The support is
enabled by defining the SANITIZER_AARCH64_VMA to 42 at build time
for both clang/llvm and compiler-rt. The default VMA is 39 bits.
For 42-bit VMA aarch64 uses SANITIZIER_CAN_USER_ALLOCATOR64.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@245596 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Remove stats that we no longer collect after the allocator change.
Use proper constant SizeClassMap::kNumClasses to fix potential buffer
overflow (https://code.google.com/p/address-sanitizer/issues/detail?id=397).
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@240816 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@225323 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Now ASan deactivation doesn't modify common or ASan-specific runtime
flags. Flags stay constant after initialization, and "deactivation"
instead stashes initialized runtime state, and deactivates the
runtime. Activation then just restores the original state (possibly,
overriden by some activation flags provided in system property on
Android).
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@224614 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Reduce the dependency of allocator code on runtime flags. Instead,
pass a bunch of options that configure allocator behavior at
initialization or re-initialization. That would allow us to
cleaner modify allocator behavior during a program execution
when ASan is activated or de-activated.
Test Plan: regression test suite
Reviewers: kcc
Subscribers: llvm-commits, eugenis
Differential Revision: http://reviews.llvm.org/D6711
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@224605 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Introduce "Allocator" object, which contains all the bits and pieces
ASan allocation machinery actually use: allocator from sanitizer_common,
quarantine, fallback allocator and quarantine caches, fallback mutex.
This step is a preparation to adding more state to this object. We want
to reduce dependency of Allocator on commandline flags and be able to
"safely" modify its behavior (such as the size of the redzone) at
runtime.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@224406 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@224396 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Turn "allocator_may_return_null" common flag into an
Allocator::may_return_null bool flag. We want to make sure
that common flags are immutable after initialization. There
are cases when we want to change this flag in the allocator
at runtime: e.g. in unit tests and during ASan activation
on Android.
Test Plan: regression test suite, real-life applications
Reviewers: kcc, eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6623
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@224148 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
introduce a BufferedStackTrace class, which owns this array.
Summary:
This change splits __sanitizer::StackTrace class into a lightweight
__sanitizer::StackTrace, which doesn't own array of PCs, and BufferedStackTrace,
which owns it. This would allow us to simplify the interface of StackDepot,
and eventually merge __sanitizer::StackTrace with __tsan::StackTrace.
Test Plan: regression test suite.
Reviewers: kcc, dvyukov
Reviewed By: dvyukov
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D5985
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@220635 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
-Xclang -fsized-deallocation). Not yet on Mac. Also, remove some unused code.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@214296 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
larger than needed. This was a leftover of the allocator1=>allocator2 migration; thanks Yuri Gribov for reminding
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@206280 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
when two unrelated pointers are compared or subtracted). This implementation has both false positives and false negatives and is not tuned for performance. A bug report for a proper implementation will follow.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@202389 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is covered by AddressSanitizer.UAF_* tests in asan_test
with start_deactivated=1.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@200696 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
implement correct atomic load/store for ARM
add test for atomic load/store
http://llvm-reviews.chandlerc.com/D2582
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@199802 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@195840 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Invoke a fatal stack trace unwinder when ASan prints allocator-relevant
error reports (double-free, alloc-dealloc-mismatch, invalid-free).
Thus we'll be able to print complete stack trace even if allocation/free
stacks are not stored (malloc_context_size=0).
Based on the patch by Yuri Gribov!
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@194579 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Out-of-bound access may touch not-yet allocated or already freed
and recycled from quarantine chunks. We should treat this situation as
a "free-range memory access" and avoid printing any data about that
irrelevant chunk (which may be inconsistent).
This should fix https://code.google.com/p/address-sanitizer/issues/detail?id=183
Reviewers: kcc
Reviewed By: kcc
CC: timurrrr, llvm-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D1893
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@192581 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@190860 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
SANITIZER_INTERFACE_ATTRIBUTE or SANITIZER_ATTRIBUTE_WEAK are used
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@188261 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@179273 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@178758 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@177263 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
New allocator has 1.5x memory overhead of the old one.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@176340 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@176255 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@174710 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@174707 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@174706 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
asan_mz_force_unlock() for allocator2.
Switch to allocator2 on Darwin.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@174603 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
In case of partial right OOB, ASan was reporting
X is located 0 bytes to the right of [A, B)
where X was actually inside [A, B).
With this change, ASan will report B as the error address in such case.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@174373 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
__asan_init)
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@173676 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
platforms and remove the old one later, after additional testing. The new allocator is much faster and uses less memory
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@172531 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@172526 91177308-0d34-0410-b5e6-96231b3b80d8
|
