Age | Commit message (Collapse) | Author |
|
Summary:
On PPC64, half the msan tests fail with an infinite recursion through
GetStackTrace like this:
#0 __msan::GetStackTrace
#1 __msan_memcpy
#2 ?? () from /lib64/libgcc_s.so.1
#3 ?? () from /lib64/libgcc_s.so.1
#4 _Unwind_Backtrace
#5 __sanitizer::BufferedStackTrace::SlowUnwindStack
#6 __sanitizer::BufferedStackTrace::Unwind
#7 __msan::GetStackTrace
#8 __interceptor_calloc
#9 _dl_allocate_tls
#10 pthread_create@@GLIBC_2.17
#11 __interceptor_pthread_create
#12 main
The problem is that we call _Unwind_Backtrace to get a stack trace; but
_Unwind_Backtrace calls memcpy, which we intercept and try to get
another stack trace.
This patch fixes it in __msan_memcpy by skipping the stack trace if
IsInSymbolizer(). This works because GetStackTrace already creates a
SymbolizerScope to "block reports from our interceptors during
_Unwind_Backtrace".
Reviewers: samsonov, wschmidt, eugenis
Reviewed By: eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D10762
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@240878 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Current code tries to find the dynamic TLS header to the left of the
TLS block without checking that it's not a static TLS allocation.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@237495 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This patch is related to Issue 346: moar string interceptors: strstr, strcasestr, strcspn, strpbrk
As was suggested in original review http://reviews.llvm.org/D6056 a new "strict_string_checks" run-time flag introduced.
The flag support applied for existing common, asan, msan and tsan interceptors. New asan tests added.
Change by Maria Guseva reviewed in http://reviews.llvm.org/D7123
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@234187 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D7233
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@227570 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D7172
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@227559 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
By attaching an extra integer tag to heap origins, we are able
to distinguish between uninits
- created by heap allocation,
- created by heap deallocation (i.e. use-after-free),
- created by __msan_allocated_memory call,
- etc.
See https://code.google.com/p/memory-sanitizer/issues/detail?id=35.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@226821 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Move a bunch of functions to a new source file and rename some of them for
consistency. No functional changes.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@226673 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D6968
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@226648 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D7051
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@226461 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D6928
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@225986 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D6738
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@224708 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Turn "allocator_may_return_null" common flag into an
Allocator::may_return_null bool flag. We want to make sure
that common flags are immutable after initialization. There
are cases when we want to change this flag in the allocator
at runtime: e.g. in unit tests and during ASan activation
on Android.
Test Plan: regression test suite, real-life applications
Reviewers: kcc, eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6623
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@224148 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Intercept wcstod, wcstof, wcstold, wcstol, wcstoul, wcstoll, wcstoull.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@223650 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Previously, all origin ids were "chained" origins, i.e values of
ChainedOriginDepot. This added a level of indirection for simple
stack and heap allocation, which were represented as chains of
length 1. This costs both RAM and CPU, but provides a joined 2**29
origin id space. It also made function (any instrumented function)
entry non-async-signal-safe, but that does not really matter because
memory stores in track-origins=2 mode are not async-signal-safe anyway.
With this change, the type of the origin is encoded in origin id.
See comment in msan_origin.h for more details. This reduces chained and stack
origin id range to 2**28 each, but leaves extra 2**31 for heap origins.
This change should not have any user-visible effects.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@223233 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D6387
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@222919 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D6417
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@222885 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D6404
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@222822 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
memset. Fixes PR 21579
Summary:
Exactly what the title says. I've tested this change against the libc++ test failures and it solves all of them. The check-msan rule also still passes.
I'm not sure why it called memset originally.
I can add tests if requested but currently there are no tests involving wide chars and they are a c++11 features.
Reviewers: kcc, eugenis
Reviewed By: eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6352
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@222673 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
MSanDR is a dynamic instrumentation tool that can instrument the code
(prebuilt libraries and such) that could not be instrumented at compile time.
This code is unused (to the best of our knowledge) and unmaintained, and
starting to bit-rot.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@222232 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@221936 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@221912 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
analysis of sanitized systems logs.
Reviewed at http://reviews.llvm.org/D5724
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@221896 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@220637 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Chained origins make plain memory stores async-signal-unsafe.
We already disable it inside signal handlers.
This change grabs all origin-related locks before fork() and releases
them after fork() to avoid a deadlock in the child process.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@217140 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
functionality change intended
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@216407 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
fcvt() result can be heap-allocated and must be unpoisoned.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@215106 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@213590 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Our versions are not exactly as fast as libc's, and
MSan uses them heavily (even compared to other sanitizers).
This will break if libc version of mem* are instrumented,
but they never are, and if they are, we should be able
to fix it on libc side.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@212799 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Fast path was never triggered when called from __msan_poison.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@212715 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@212534 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Introduce new public header <sanitizer/allocator_interface.h> and a set
of functions __sanitizer_get_ownership(), __sanitizer_malloc_hook() etc.
that will eventually replace their tool-specific equivalents
(__asan_get_ownership(), __msan_get_ownership() etc.). Tool-specific
functions are now deprecated and implemented as stubs redirecting
to __sanitizer_ versions (which are implemented differently in each tool).
Replace all uses of __xsan_ versions with __sanitizer_ versions in unit
and lit tests.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@212469 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@212322 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Use existing DTLS code in sanitizer_tls_get_addr.{h,cc} to unpoison DTLS
blocks both on allocation and deallocation.
https://code.google.com/p/memory-sanitizer/issues/detail?id=44
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@211683 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Conditions for the first and the last origin value in range were wrong.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@211585 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This should fix strtoimax/strtoumax on newer glibc.
https://code.google.com/p/memory-sanitizer/issues/detail?id=36
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@210463 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This way does not require a __sanitizer_cov_dump() call. That's
important on Android, where apps can be killed at arbitrary time.
We write raw PCs to disk instead of module offsets; we also write
memory layout to a separate file. This increases dump size by the
factor of 2 on 64-bit systems.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@209653 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Generalize StackDepot and create a new specialized instance of it to
efficiently (i.e. without duplicating stack trace data) store the
origin history tree.
This reduces memory usage for chained origins roughly by an order of
magnitude.
Most importantly, this new design allows us to put two limits on
stored history data (exposed in MSAN_OPTIONS) that help avoid
exponential growth in used memory on certain workloads.
See comments in lib/msan/msan_origin.h for more details.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@209284 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@208303 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Format string parsing is disabled by default.
This is not expected to meaningfully change the tool behavior.
With this change, check_printf flag could be used to evaluate printf format
string parsing in MSan.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@208295 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
signals may be raised while thread is being destroyed
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@208250 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@208207 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@208195 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
StackDepot is not async-signal-safe; storing a new origin to it can deadlock.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@206983 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@206179 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This reduces .tbss from 109K down to almost nothing.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@205618 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@205412 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@204923 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
The interceptors had code that after macro expansion ended up looking like
extern "C" void memalign()
__attribute__((weak, alias("__interceptor_memalign")));
extern "C" void __interceptor_memalign() {}
extern "C" void __interceptor___libc_memalign()
__attribute__((alias("memalign")));
That is,
* __interceptor_memalign is a function
* memalign is a weak alias to __interceptor_memalign
* __interceptor___libc_memalign is an alias to memalign
Both gcc and clang produce assembly that look like
__interceptor_memalign:
...
.weak memalign
memalign = __interceptor_memalign
.globl __interceptor___libc_memalign
__interceptor___libc_memalign = memalign
What it means in the end is that we have 3 symbols pointing to the
same position in the file, one of which is weak:
8: 0000000000000000 1 FUNC GLOBAL DEFAULT 1
__interceptor_memalign
9: 0000000000000000 1 FUNC WEAK DEFAULT 1 memalign
10: 0000000000000000 1 FUNC GLOBAL DEFAULT 1
__interceptor___libc_memalign
In particular, note that __interceptor___libc_memalign will always
point to __interceptor_memalign, even if we do link in a strong symbol
for memalign. In fact, the above code produces exactly the same binary
as
extern "C" void memalign()
__attribute__((weak, alias("__interceptor_memalign")));
extern "C" void __interceptor_memalign() {}
extern "C" void __interceptor___libc_memalign()
__attribute__((alias("__interceptor_memalign")));
If nothing else, this patch makes it more obvious what is going on.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@204823 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Using __msan_unpoison() on null-terminated strings is awkward because
strlen() can't be called on a poisoned string. This case warrants a special
interface function.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@204448 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Compiler-rt part of MSan implementation of advanced origin tracking,
when we record not only creation point, but all locations where
an uninitialized value was stored to memory, too.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@204152 91177308-0d34-0410-b5e6-96231b3b80d8
|