| Age | Commit message (Collapse) | Author |
|---|
|
Summary:
Adds stat/__xstat to the common interceptors.
Removes the now-duplicate stat/__xstat interceptor from msan/tsan/esan.
This adds stat/__xstat to asan, which previously did not intercept it.
Reviewers: aizatsky, eugenis
Subscribers: tberghammer, danalbert, srhines, kubabrecka, llvm-commits, vitalybuka, eugenis, kcc, bruening
Differential Revision: http://reviews.llvm.org/D19875
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268440 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
involved.
On linux, some architectures had an ABI transition from 64-bit long double
(ie. same as double) to 128-bit long double. On those, glibc symbols
involving long doubles come in two versions, and we need to pass the
correct one to dlvsym when intercepting them.
A few more functions we intercept are also versioned (all printf, scanf,
strtold variants), but there's no need to fix these, as the REAL() versions
are never called.
Differential Revision: http://reviews.llvm.org/D19555
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267794 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This fixes fails in test/msan/dlerror.cc - when real dlerror calls strcmp,
our strcmp interceptor now skips poison checking, since it's called in
interceptor context. Strictly speaking, only the dlerror change is
necessary to fix the fail, but let's also change the other two just in case.
Differential Revision: http://reviews.llvm.org/D19499
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267486 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Currently, sanitizer_common_interceptors.inc has an implicit, undocumented
assumption that the sanitizer including it has previously declared
interceptors for memset and memmove. Since the memset, memmove, and memcpy
routines require interception by many sanitizers, we add them to the
set of common interceptions, both to address the undocumented assumption
and to speed future tool development. They are intercepted under a new
flag intercept_intrin.
The tsan interceptors are removed in favor of the new common versions. The
asan and msan interceptors for these are more complex (they incur extra
interception steps and their function bodies are exposed to the compiler)
so they opt out of the common versions and keep their own.
Reviewers: vitalybuka
Subscribers: zhaoqin, llvm-commits, kcc
Differential Revision: http://reviews.llvm.org/D18465
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@264451 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Adds strnlen to the common interceptors, under the existing flag
intercept_strlen.
Removes the now-duplicate strnlen interceptor from asan and msan.
This adds strnlen to tsan, which previously did not intercept it.
Adds a new test of strnlen to the sanitizer_common test cases.
Reviewers: samsonov
Subscribers: zhaoqin, llvm-commits, kcc
Differential Revision: http://reviews.llvm.org/D18397
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@264195 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Adds strlen to the common interceptors, under a new common flag
intercept_strlen. This provides better sharing of interception code among
sanitizers and cleans up the inconsistent type declarations of the
previously duplicated interceptors.
Removes the now-duplicate strlen interceptor from asan, msan, and tsan.
The entry check semantics are normalized now for msan and asan, whose
private strlen interceptors contained multiple layers of checks that
included impossible-to-reach code. The new semantics are identical to the
old: bypass interception if in the middle of init or if both on Mac and not
initialized; else, call the init routine and proceed.
Patch by Derek Bruening!
Reviewers: samsonov, vitalybuka
Subscribers: llvm-commits, kcc, zhaoqin
Differential Revision: http://reviews.llvm.org/D18020
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@263177 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: Msan was intercepting version 2.1 of the pthread_create function which was making it to crash in libc because __pthread_create_2_1 modifies the stack attributes of the thread. Intercepting the correct version fixes the test SmallPreAllocatedStackThread.
Reviewers: eugenis, samsonov
Subscribers: llvm-commits, mohit.bhakkad, jaydeep
Differential: http://reviews.llvm.org/D17603
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@261980 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This patch moves recv and recvfrom interceptors from MSan and TSan to
sanitizer_common to enable them in ASan.
Differential Revision: http://reviews.llvm.org/D17479
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@261841 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
__msan_unpoison uses intercepted memset which currently leads to a SEGV
when linking with libc++ under CentOS 7.
Differential Revision: http://reviews.llvm.org/D17263
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@261073 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@261048 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Fix a surprising typo: the old code used to think that dynamic TLS
segments were several times larger than they actually are.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@257722 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
dlopen(NULL, ...) is intended to give you back a handle to the
executable for use with dlsym. Casting it to link_map and using it with
ForEachMappedRegion results in a crash.
We also shouldn't unpoison the globals of a DSO that is already in
memory. This ensures that we don't do it for the executable, but in
general, MSan may have false negatives if the DSO is already loaded.
Reviewers: eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D14795
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@253530 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This can be used to annotate copies of memory that are not observed by MSan.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@250124 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Trim spaces.
- Use nullptr in place of 0 for pointer variables.
- Use '!p' in place of 'p == 0' for null pointer checks.
- Add blank lines to separate function definitions.
- Add 'extern "C"' or 'namespace foo' comments after the appropriate
closing brackets
This is a continuation of work from 409b7b82. The focus here is on the
various sanitizers (not sanitizer_common, as before).
Patch by Eugene Zelenko!
Differential Revision: http://reviews.llvm.org/D13225
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@248966 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This patch enabled msan for aarch64 with 39-bit VMA and 42-bit VMA.
As defined by lib/msan/msan.h the memory layout used is for 39-bit is:
00 0000 0000 - 40 0000 0000: invalid
40 0000 0000 - 43 0000 0000: shadow
43 0000 0000 - 46 0000 0000: origin
46 0000 0000 - 55 0000 0000: invalid
55 0000 0000 - 56 0000 0000: app (low)
56 0000 0000 - 70 0000 0000: invalid
70 0000 0000 - 80 0000 0000: app (high)
And for 42-bit VMA:
000 0000 0000 - 100 0000 0000: invalid
100 0000 0000 - 11b 0000 0000: shadow
11b 0000 0000 - 120 0000 0000: invalid
120 0000 0000 - 13b 0000 0000: origin
13b 0000 0000 - 2aa 0000 0000: invalid
2aa 0000 0000 - 2ab 0000 0000: app (low)
2ab 0000 0000 - 3f0 0000 0000: invalid
3f0 0000 0000 - 400 0000 0000: app (high)
Most of tests are passing with exception of:
* Linux/mallinfo.cc
* chained_origin_limits.cc
* dlerror.cc
* param_tls_limit.cc
* signal_stress_test.cc
* nonnull-arg.cpp
The 'Linux/mallinfo.cc' is due the fact AArch64 returns the sret in 'x8'
instead of default first argument 'x1'. So a function prototype that
aims to mimic (by using first argument as the return of function) won't
work. For GCC one can make a register alias (register var asm ("r8")), but
for clang it detects is an unused variable and generate wrong code.
The 'chained_origin_limits' is probably due a wrong code generation,
since it fails only when origin memory is used
(-fsanitize-memory-track-origins=2) and only in the returned code
(return buf[50]).
The 'signal_streess_test' and 'nonnull-arg' are due currently missing variadic
argument handling in memory sanitizer code instrumentation on LLVM side.
Both 'dlerror' and 'param_tls_test' are unknown failures that require
further investigation.
All the failures are XFAIL for aarch64 for now.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@247809 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
In some cases, PHDR table is allocated with malloc() by the linker
instead of being mapped from file. It needs to be unpoisoned in the
dl_iterate_phdr callback then.
This happens when program headers are not part of any loadable ELF
segment.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@247100 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@245345 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@242589 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
On PPC64, half the msan tests fail with an infinite recursion through
GetStackTrace like this:
#0 __msan::GetStackTrace
#1 __msan_memcpy
#2 ?? () from /lib64/libgcc_s.so.1
#3 ?? () from /lib64/libgcc_s.so.1
#4 _Unwind_Backtrace
#5 __sanitizer::BufferedStackTrace::SlowUnwindStack
#6 __sanitizer::BufferedStackTrace::Unwind
#7 __msan::GetStackTrace
#8 __interceptor_calloc
#9 _dl_allocate_tls
#10 pthread_create@@GLIBC_2.17
#11 __interceptor_pthread_create
#12 main
The problem is that we call _Unwind_Backtrace to get a stack trace; but
_Unwind_Backtrace calls memcpy, which we intercept and try to get
another stack trace.
This patch fixes it in __msan_memcpy by skipping the stack trace if
IsInSymbolizer(). This works because GetStackTrace already creates a
SymbolizerScope to "block reports from our interceptors during
_Unwind_Backtrace".
Reviewers: samsonov, wschmidt, eugenis
Reviewed By: eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D10762
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@240878 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Current code tries to find the dynamic TLS header to the left of the
TLS block without checking that it's not a static TLS allocation.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@237495 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This patch is related to Issue 346: moar string interceptors: strstr, strcasestr, strcspn, strpbrk
As was suggested in original review http://reviews.llvm.org/D6056 a new "strict_string_checks" run-time flag introduced.
The flag support applied for existing common, asan, msan and tsan interceptors. New asan tests added.
Change by Maria Guseva reviewed in http://reviews.llvm.org/D7123
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@234187 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D7233
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@227570 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D7172
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@227559 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
By attaching an extra integer tag to heap origins, we are able
to distinguish between uninits
- created by heap allocation,
- created by heap deallocation (i.e. use-after-free),
- created by __msan_allocated_memory call,
- etc.
See https://code.google.com/p/memory-sanitizer/issues/detail?id=35.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@226821 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Move a bunch of functions to a new source file and rename some of them for
consistency. No functional changes.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@226673 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D6968
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@226648 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D7051
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@226461 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D6928
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@225986 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D6738
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@224708 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Turn "allocator_may_return_null" common flag into an
Allocator::may_return_null bool flag. We want to make sure
that common flags are immutable after initialization. There
are cases when we want to change this flag in the allocator
at runtime: e.g. in unit tests and during ASan activation
on Android.
Test Plan: regression test suite, real-life applications
Reviewers: kcc, eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6623
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@224148 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Intercept wcstod, wcstof, wcstold, wcstol, wcstoul, wcstoll, wcstoull.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@223650 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Previously, all origin ids were "chained" origins, i.e values of
ChainedOriginDepot. This added a level of indirection for simple
stack and heap allocation, which were represented as chains of
length 1. This costs both RAM and CPU, but provides a joined 2**29
origin id space. It also made function (any instrumented function)
entry non-async-signal-safe, but that does not really matter because
memory stores in track-origins=2 mode are not async-signal-safe anyway.
With this change, the type of the origin is encoded in origin id.
See comment in msan_origin.h for more details. This reduces chained and stack
origin id range to 2**28 each, but leaves extra 2**31 for heap origins.
This change should not have any user-visible effects.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@223233 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D6387
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@222919 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D6417
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@222885 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D6404
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@222822 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
memset. Fixes PR 21579
Summary:
Exactly what the title says. I've tested this change against the libc++ test failures and it solves all of them. The check-msan rule also still passes.
I'm not sure why it called memset originally.
I can add tests if requested but currently there are no tests involving wide chars and they are a c++11 features.
Reviewers: kcc, eugenis
Reviewed By: eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D6352
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@222673 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
MSanDR is a dynamic instrumentation tool that can instrument the code
(prebuilt libraries and such) that could not be instrumented at compile time.
This code is unused (to the best of our knowledge) and unmaintained, and
starting to bit-rot.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@222232 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@221936 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@221912 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
analysis of sanitized systems logs.
Reviewed at http://reviews.llvm.org/D5724
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@221896 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@220637 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Chained origins make plain memory stores async-signal-unsafe.
We already disable it inside signal handlers.
This change grabs all origin-related locks before fork() and releases
them after fork() to avoid a deadlock in the child process.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@217140 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
functionality change intended
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@216407 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
fcvt() result can be heap-allocated and must be unpoisoned.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@215106 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@213590 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Our versions are not exactly as fast as libc's, and
MSan uses them heavily (even compared to other sanitizers).
This will break if libc version of mem* are instrumented,
but they never are, and if they are, we should be able
to fix it on libc side.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@212799 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Fast path was never triggered when called from __msan_poison.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@212715 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@212534 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Introduce new public header <sanitizer/allocator_interface.h> and a set
of functions __sanitizer_get_ownership(), __sanitizer_malloc_hook() etc.
that will eventually replace their tool-specific equivalents
(__asan_get_ownership(), __msan_get_ownership() etc.). Tool-specific
functions are now deprecated and implemented as stubs redirecting
to __sanitizer_ versions (which are implemented differently in each tool).
Replace all uses of __xsan_ versions with __sanitizer_ versions in unit
and lit tests.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@212469 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@212322 91177308-0d34-0410-b5e6-96231b3b80d8
|
