Age | Commit message (Collapse) | Author |
|
Changes:
- Remove static assertion on size of a structure, fails on systems where
pointers aren't 8 bytes.
- Use size_t instead of deducing type of arguments to
`nearest_boundary`.
Follow-up to D48653.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336648 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
We found a bug while working on a benchmark for the profiling mode which
manifests as a segmentation fault in the profiling handler's
implementation. This change adds unit tests which replicate the
issues in isolation.
We've tracked this down as a bug in the implementation of the Freelist
in the `xray::Array` type. This happens when we trim the array by a
number of elements, where we've been incorrectly assigning pointers for
the links in the freelist of chunk nodes. We've taken the chance to add
more debug-only assertions to the code path and allow us to verify these
assumptions in debug builds.
In the process, we also took the opportunity to use iterators to
implement both `front()` and `back()` which exposes a bug in the
iterator decrement operation. In particular, when we decrement past a
chunk size boundary, we end up moving too far back and reaching the
`SentinelChunk` prematurely.
This change unblocks us to allow for contributing the non-crashing
version of the benchmarks in the test-suite as well.
Reviewers: kpw
Subscribers: mgorny, llvm-commits
Differential Revision: https://reviews.llvm.org/D48653
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336644 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This patch allows libFuzzer to fuzz applications instrumented with MSan
without recompiling libFuzzer with MSan instrumentation.
Fixes https://github.com/google/sanitizers/issues/958.
Differential Revision: https://reviews.llvm.org/D48891
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336619 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This reverts r336597 due to bot breakage.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336616 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Code now exists to track number of mutations that are used in fuzzing in
total and ones that produce new coverage. The stats are currently being
dumped to the command line.
Patch By: Kode Williams
Differntial Revision: https://reviews.llvm.org/D48054
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336597 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
- use proper Error() decorator for error messages
- refactor ASan thread id and name reporting
Reviewers: eugenis
Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits
Differential Revision: https://reviews.llvm.org/D49044
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336573 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This reverts r336365: the added tests are failing on various
configurations (e.g. on green-dragon).
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336474 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: This is a minor cosmetic change. When function/path exceed ~1000 characters, the output is truncated before the line-break. I noticed this for NEW_FUNC.
Reviewers: kcc
Reviewed By: kcc
Subscribers: llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D48799
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336461 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
The motivation for this change is to make libFuzzer+MSan possible
without instrumenting libFuzzer.
See https://github.com/google/sanitizers/issues/958.
Reviewers: eugenis
Reviewed By: eugenis
Subscribers: llvm-commits, kcc
Differential Revision: https://reviews.llvm.org/D48890
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336447 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Namely, set the abort message, and allow to write the message to syslog if the
option is enabled.
Reviewers: alekseyshl
Reviewed By: alekseyshl
Subscribers: delcypher, #sanitizers, llvm-commits
Differential Revision: https://reviews.llvm.org/D48902
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336445 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
This will make the behavior of __gcov_flush match the GCC behavior.
I would like to rename __gcov_flush to __llvm_gcov_flush (in case of programs linking to libraries built with different compilers), but I guess we can't for compatibility reasons.
Reviewers: davidxl
Reviewed By: davidxl
Subscribers: samsonov, vitalybuka, pcc, kcc, junbuml, glider, fhahn, eugenis, dvyukov, davidxl, srhines, chh, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D48538
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336365 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: https://reviews.llvm.org/D48650
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336238 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336234 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336230 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
The C interceptors were using `SIZE_T` defined in the interception library as
a `__sanitizer::uptr`. On some 32-bit platforms, this lead to the following
warning:
```
warning: declaration of ‘void* malloc(SIZE_T)’ conflicts with built-in declaration ‘void* malloc(unsigned int)’ [-Wbuiltin-declaration-mismatch]
INTERCEPTOR_ATTRIBUTE void *malloc(SIZE_T size) {
```
`__sanitizer::uptr` is indeed defined as an `unsigned long` on those.
So just include `stddef.h` and use `size_t` instead.
Reviewers: alekseyshl
Reviewed By: alekseyshl
Subscribers: delcypher, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D48885
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336221 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
It would be useful for Flutter apps, especially, to be able to use
malloc hooks to debug memory leaks on Fuchsia. They're not able to do
this right now, so it'd be a nice bonus to throw in with the Scudo
switchover.
Reviewers: cryptoad, alekseyshl
Reviewed By: cryptoad
Differential Revision: https://reviews.llvm.org/D48618
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336139 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
rL325240
Summary:
Without this patch,
clang -fsanitize=address -xc =(printf 'int main(){}') -o a; ./a => deadlock in __asan_init>AsanInitInternal>AsanTSDInit>...>__getcontextx_size>_rtld_bind>rlock_acquire(rtld_bind_lock, &lockstate)
libexec/rtld-elf/rtld.c
wlock_acquire(rtld_bind_lock, &lockstate);
if (obj_main->crt_no_init)
preinit_main(); // unresolved PLT functions cannot be called here
lib/libthr/thread/thr_rtld.c
uc_len = __getcontextx_size(); // unresolved PLT function in libthr.so.3
check-xray tests currently rely on .preinit_array so we special case in
xray_init.cc
Subscribers: srhines, kubamracek, krytarowski, delcypher, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D48806
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336067 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Currently in FreeBSD 12.0-CURRENT with trunk clang+compiler-rt, faulty -fsanitize=address executable hangs at 'urdlck' state.
Ka Ho Ng has verified that by backporting this to llvm 6.0.1, with use_madv_dontdump=1, shadow memory is not dumped.
ASAN_OPTIONS=abort_on_error=1:disable_coredump=0:use_madv_dontdump=1 ./a
Reviewers: dimitry, kcc, dvyukov, emaste, khng300
Subscribers: kubamracek, delcypher, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D48257
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336046 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
__gcov_flush is hidden.
For applications to dump profiling data of selected .so files,
they can use dlsym to find and call llvm_gcov_flush in each .so file.
Differential Revision: https://reviews.llvm.org/D45454
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336019 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Report errno value on failed shadow memory madvise attempt and add a
hint message with the possible workaround.
Reviewers: eugenis
Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits
Differential Revision: https://reviews.llvm.org/D48668
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335928 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Remove the return value check.
Differential Revision: https://reviews.llvm.org/D48671
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335790 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Setting UBSAN_OPTIONS=silence_unsigned_overflow=1 will silence all UIO
reports. This feature, combined with
-fsanitize-recover=unsigned-integer-overflow, is useful for providing
fuzzing signal without the excessive log output.
Helps with https://github.com/google/oss-fuzz/issues/910.
Reviewers: kcc, vsk
Reviewed By: vsk
Subscribers: vsk, kubamracek, Dor1s, llvm-commits
Differential Revision: https://reviews.llvm.org/D48660
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335762 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
The zx_cprng_draw system call no longer takes the output argument.
Differential Revision: https://reviews.llvm.org/D48657
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335755 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
build with an IDE (e.g. Xcode) as the generator.
Previously the global `USE_FOLDERS` property wasn't set in standalone
builds leading to existing settings of FOLDER not being respected.
In addition to this there were several targets that appeared at the top
level that were not interesting and clustered up the view. These have
been changed to be displayed in "Compiler-RT Misc".
Now when an Xcode project is generated from a standalone compiler-rt
build the project navigator is much less cluttered. The interesting
libraries should appear in "Compiler-RT Libraries" in the IDE.
Differential Revision: https://reviews.llvm.org/D48378
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335728 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Reviewers: pcc
Reviewed By: pcc
Subscribers: kubamracek, delcypher, llvm-commits, kcc, #sanitizers
Differential Revision: https://reviews.llvm.org/D48583
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335644 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Some warnings originating from googletest were causing bots to fail
while bulding unit tests. The sanitizers address this issue by not
using -Werror. We adopt this approach for libFuzzer.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335640 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Similarly to CFI on virtual and indirect calls, this implementation
tries to use program type information to make the checks as precise
as possible. The basic way that it works is as follows, where `C`
is the name of the class being defined or the target of a call and
the function type is assumed to be `void()`.
For virtual calls:
- Attach type metadata to the addresses of function pointers in vtables
(not the functions themselves) of type `void (B::*)()` for each `B`
that is a recursive dynamic base class of `C`, including `C` itself.
This type metadata has an annotation that the type is for virtual
calls (to distinguish it from the non-virtual case).
- At the call site, check that the computed address of the function
pointer in the vtable has type `void (C::*)()`.
For non-virtual calls:
- Attach type metadata to each non-virtual member function whose address
can be taken with a member function pointer. The type of a function
in class `C` of type `void()` is each of the types `void (B::*)()`
where `B` is a most-base class of `C`. A most-base class of `C`
is defined as a recursive base class of `C`, including `C` itself,
that does not have any bases.
- At the call site, check that the function pointer has one of the types
`void (B::*)()` where `B` is a most-base class of `C`.
Differential Revision: https://reviews.llvm.org/D47567
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335569 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Initialize shadow memory before calling more libc functions to allow
for HWASan-instrumented libc.
Reviewers: eugenis
Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits
Differential Revision: https://reviews.llvm.org/D48551
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335502 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335487 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Speculative fix for the interface definition of __ubsan_on_report for
the Windows bots:
http://lab.llvm.org:8011/builders/sanitizer-windows/builds/30528
lib\ubsan\ubsan_interface.inc(55): error C2065: '__ubsan_on_report':
undeclared identifier
INTERCEPT_SANITIZER_WEAK_FUNCTION was the wrong macro to use to begin
with because __ubsan_on_report isn't weak. Reading through that macro,
it's still not clear to me why there is an undefined reference, though,
because it appears to define a dummy __ubsan_on_report shim.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335383 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Add support to the ubsan runtime for reporting diagnostics to a monitor
process (e.g a debugger).
The Xcode IDE uses this by setting a breakpoint on __ubsan_on_report and
collecting diagnostic information via __ubsan_get_current_report_data,
which it then surfaces to users in the editor UI.
Testing for this functionality already exists in upstream lldb, here:
lldb/packages/Python/lldbsuite/test/functionalities/ubsan
Apart from that, this is `ninja check-{a,ub}san` clean.
Differential Revision: https://reviews.llvm.org/D48446
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335371 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
MutexUnlock uses ReleaseStore on s->clock, which is the right thing to do.
However MutexReadOrWriteUnlock for writers uses Release on s->clock.
Make MutexReadOrWriteUnlock also use ReleaseStore for consistency and performance.
Unfortunately, I don't think any test can detect this as this only potentially
affects performance.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335322 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
This patch follows D48373.
The point is to be able to use Scudo with `-fsanitize-minimal-runtime`. For that
we need a runtime that doesn't embed the UBSan one. This results in binaries
that can be compiled with `-fsanitize=scudo,integer -fsanitize-minimal-runtime`.
Reviewers: eugenis
Reviewed By: eugenis
Subscribers: mgorny, delcypher, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D48377
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335296 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
behavior.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335265 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Similarly to Msan adding -pie provokes linkage issue, was spotted with pie_test.cc
Set to XFAIL for couple of unit tests.
Reviewers: vitalybuka, krytarowski, dim
Reviewed By: vitalybuka
Differential Revision: https://reviews.llvm.org/D48317
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335166 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Intercepts thr_exit call on FreeBSD.
Disable pthread key workflow.
The pthread key create approach does not function under FreeBSD as the libpthread is not initialised enough at this stage.
Reviewers: vitalybuka, krytarowski, dim
Reviewed By: vitalybuka
Differential Revision: https://reviews.llvm.org/D48268
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335164 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Remove the generic error nadling policies and handle each allocator error
explicitly. Although more verbose, it allows for more comprehensive, precise
and actionable allocator related failure reports.
This finishes up the series of changes of the particular sanitizer
allocators, improves the internal allocator error reporting and removes
now unused policies.
Reviewers: vitalybuka, cryptoad
Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits
Differential Revision: https://reviews.llvm.org/D48328
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335147 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Reviewers: dberris
Subscribers: delcypher, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D48313
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335055 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Mark `isRssLimitExceeded` as `NOINLINE`, and move it's definition as well as
the one of `performSanityChecks` out of the class definition, as requested.
Reviewers: filcab, alekseyshl
Reviewed By: alekseyshl
Subscribers: delcypher, #sanitizers, llvm-commits
Differential Revision: https://reviews.llvm.org/D48228
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335054 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335013 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335007 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
The initial implementaiton was using the C++ typeof keyword. This
causes the compiler to spew warnings unnecissarilly. This patch removes
the uses of typeof and replaces them with explicit typedefs of the
function types.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334981 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Following up on and complementing D44404 and other sanitizer allocators.
Currently many allocator specific errors (OOM, for example) are reported as
a text message and CHECK(0) termination, no stack, no details, not too
helpful nor informative. To improve the situation, detailed and structured
common errors were defined and reported under the appropriate conditions.
Common tests were generalized a bit to cover a slightly different TSan
stack reporting format, extended to verify errno value and returned
pointer value check is now explicit to facilitate debugging.
Reviewers: dvyukov
Subscribers: srhines, kubamracek, delcypher, #sanitizers, llvm-commits
Differential Revision: https://reviews.llvm.org/D48087
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334975 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
r334881 breaks macOS bots because internal_lseek is not defined (neither
used on macOS):
http://green.lab.llvm.org/green/job/clang-stage1-configure-RA/46240/consoleFull.
See discussion from r334881: https://reviews.llvm.org/rL334881
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334944 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
On targets that don't link internal libc++ (Fuchsia and Linux) but
use libc++ as their C++ library and libFuzzer is being built using
the just built compiler together with libc++ as part of runtimes, we
need an explicit dependency from libFuzzer object library to libc++ to
make sure the headers are available by the time we start building
libFuzzer.
Differential Revision: https://reviews.llvm.org/D48261
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334928 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334923 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334914 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334913 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Reviewers: Lekensteyn, jakubjelinek
Subscribers: kubamracek, llvm-commits
Differential Revision: https://reviews.llvm.org/D48265
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334912 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334902 91177308-0d34-0410-b5e6-96231b3b80d8
|