| Age | Commit message (Collapse) | Author |
|---|
|
Summary:
Turns out that in the case of -fsanitize=null and a virtual call,
the type check was generated *after* reading from vtable, which
causes a non-interpretable segfault. The check has been moved up
in https://reviews.llvm.org/D26559 and this CL adds a test for this case.
Reviewers: pcc
Subscribers: cfe-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D26560
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@287578 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
The test contains a switch statement in which two of the cases are
tail-merged, with the call to __ubsan_handle_dynamic_type_cache_miss_abort
in the common tail. When tail-merging occurs, the debug location of the
tail is randomly taken from one of the merge inputs. Luckily for the test,
the expected line number in the check is the one which is chosen by the
tail-merge. However, if the switch cases are re-ordered the test will
fail.
This patch disables tail-merge, making the test resilient to changes
in tail-merge, and unblocking review D25742. It does not change the
semantics of the test.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@285208 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
allocator
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@279661 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Also replace mkdir -p with rm -rf && mkdir.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@272839 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
By default coverage is dumped to the current directory, which may not
always be writable.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@272732 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@272718 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
This CL adds a weak check for a Vtable prefix: for a well-formed
Vtable, we require the prefix to be within [-1<<20; 1<<20].
Practically, this solves most of the known cases when UBSan segfaults
without providing any useful diagnostics.
Reviewers: pcc
Subscribers: kubabrecka
Differential Revision: http://reviews.llvm.org/D19750
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@271560 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
After r270775, Clang is smarter about the generating the locations for
member-function calls. Update some ubsan tests accordingly.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@270801 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D18845
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@265614 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
That change did:
-#if defined(__BIG_ENDIAN__)
+#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
If __BYTE_ORDER__ and __ORDER_BIG_ENDIAN__ aren't defined, like
they are with MSVC, this condition is true (0 == 0).
Fixes PR26919.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@263324 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@263311 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@262733 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@262632 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Reviewers: samsonov
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D17783
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@262469 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@262251 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
iOS on ARM64 doesn't unique RTTI.
Ref: clang's iOS64CXXABI::shouldRTTIBeUnique()
Due to this, pointer-equality will not necessarily work in this
architecture, across dylib boundaries.
dynamic_cast<>() will (as expected) still work, since Apple ships with
one prepared for this, but we can't rely on the type names being
pointer-equal.
I've limited the expensive strcmp check to the specific architecture
which needs it.
Example which triggers this bug:
lib.h:
struct X {
virtual ~X() {}
};
X *libCall();
lib.mm:
X *libCall() {
return new X;
}
prog.mm:
int main() {
X *px = libCall();
delete px;
}
Expected output: Nothing
Actual output:
<unknown>: runtime error: member call on address 0x00017001ef50 which does not point to an object of type 'X'
0x00017001ef50: note: object is of type 'X'
00 00 00 00 60 00 0f 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for ‘X’
Reviewers: kubabrecka, samsonov, eugenis, rsmith
Subscribers: aemerson, llvm-commits, rengolin
Differential Revision: http://reviews.llvm.org/D11502
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@262147 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This test requires llvm-symbolizer to be able to convert a stack
address into a function name. It is only able to do this if the
DIA SDK was found at cmake time. Add a lit feature for this,
and let the test depend on it.
See also discussion in D15363.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@258545 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
See discussion in http://reviews.llvm.org/D15363
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@257952 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@257183 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@256307 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Add the ability to suppress UBSan reports for files/functions/modules
at runtime. The user can now pass UBSAN_OPTIONS=suppressions=supp.txt
with the contents of the form:
signed-integer-overflow:file-with-known-overflow.cpp
alignment:function_doing_unaligned_access
vptr:shared_object_with_vptr_failures.so
Suppression categories match the arguments passed to -fsanitize=
flag (although, see below). There is no overhead if suppressions are
not provided. Otherwise there is extra overhead for symbolization.
Limitations:
1) sometimes suppressions need debug info / symbol table to function
properly (although sometimes frontend generates enough info to
do the match).
2) it's only possible to suppress recoverable UB kinds - if you've
built the code with -fno-sanitize-recover=undefined, suppressions
will not work.
3) categories are fine-grained check kinds, not groups like "undefined"
or "integer", so you can't write "undefined:file_with_ub.cc".
Reviewers: rsmith, kcc
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D15363
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@256018 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
For the build set up which runs the unit tests using an emulator like QEMU,
the unit tests must be run using %run.
Differential Revision: http://reviews.llvm.org/D15081
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@254467 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Fixing up this test case because LLVM is smarter now, and can better analyze:
if ((argc << shift) == 16)
in this test case.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@251147 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@250063 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Currently aarch64 lacks instrumentation support for variadic arguments
for MSan. This patch sets the UBSan tests that uses it as to require
stable-runtime and sets aarch64/ubsan as an unstable one.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@247996 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This reverts r247484 and two follow-up commits.
Breaks ppc and x86_64 sanitizer bots.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@247921 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This patch enabled msan for aarch64 with 39-bit VMA and 42-bit VMA.
As defined by lib/msan/msan.h the memory layout used is for 39-bit is:
00 0000 0000 - 40 0000 0000: invalid
40 0000 0000 - 43 0000 0000: shadow
43 0000 0000 - 46 0000 0000: origin
46 0000 0000 - 55 0000 0000: invalid
55 0000 0000 - 56 0000 0000: app (low)
56 0000 0000 - 70 0000 0000: invalid
70 0000 0000 - 80 0000 0000: app (high)
And for 42-bit VMA:
000 0000 0000 - 100 0000 0000: invalid
100 0000 0000 - 11b 0000 0000: shadow
11b 0000 0000 - 120 0000 0000: invalid
120 0000 0000 - 13b 0000 0000: origin
13b 0000 0000 - 2aa 0000 0000: invalid
2aa 0000 0000 - 2ab 0000 0000: app (low)
2ab 0000 0000 - 3f0 0000 0000: invalid
3f0 0000 0000 - 400 0000 0000: app (high)
Most of tests are passing with exception of:
* Linux/mallinfo.cc
* chained_origin_limits.cc
* dlerror.cc
* param_tls_limit.cc
* signal_stress_test.cc
* nonnull-arg.cpp
The 'Linux/mallinfo.cc' is due the fact AArch64 returns the sret in 'x8'
instead of default first argument 'x1'. So a function prototype that
aims to mimic (by using first argument as the return of function) won't
work. For GCC one can make a register alias (register var asm ("r8")), but
for clang it detects is an unused variable and generate wrong code.
The 'chained_origin_limits' is probably due a wrong code generation,
since it fails only when origin memory is used
(-fsanitize-memory-track-origins=2) and only in the returned code
(return buf[50]).
The 'signal_streess_test' and 'nonnull-arg' are due currently missing variadic
argument handling in memory sanitizer code instrumentation on LLVM side.
Both 'dlerror' and 'param_tls_test' are unknown failures that require
further investigation.
All the failures are XFAIL for aarch64 for now.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@247809 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
If the pointer passed to the getVtablePrefix function was read from a freed
object, we may end up following pointers into objects on the heap and
printing bogus dynamic type names in diagnostics. However, we know that
vtable pointers will generally only point into memory mapped from object
files, not objects on the heap.
This change causes us to only follow pointers in a vtable if the vtable
and one of the virtual functions it points to appear to have appropriate
permissions (i.e. non-writable, and maybe executable), which will generally
exclude heap pointers.
Only enabled for Linux; this hasn't been tested on FreeBSD, and vtables are
writable on Mac (PR24782) so this won't work there.
Differential Revision: http://reviews.llvm.org/D12790
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@247484 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@246566 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
tests.
Introduce %env_ubsan_opts= substitution instead of specifying
UBSAN_OPTIONS manually in the RUN-lines. This will come in handy
once we introduce some default UBSAN_OPTIONS for the whole testsuite
(for instance, make abort_on_error common option).
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@245967 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Reviewers: rsmith, pcc
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D12215
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@245897 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
This is consistent with LLVM and Clang. The lit shell isn't a complete
bash implementation, but its behavior is more easily reproducible. This
fixes some ubsan test failures.
One ubsan test requires a shell currently, so I added "REQUIRES: shell",
and the other doesn't work on Windows because it prints a stack trace
and uses a linker that doesn't support DWARF. We can fix it eventually
through other means.
Reviewers: samsonov, pcc
Subscribers: yaron.keren, filcab, llvm-commits
Differential Revision: http://reviews.llvm.org/D11960
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@244837 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Compiler-rt part of http://reviews.llvm.org/D11757
I ended up making UBSan work with both the old version and the new
version of the float_cast_overflow data (instead of just erroring with
the previous version). The old version will try to symbolize its caller.
Now we compile the float_cast_overflow tests without -g, and make sure
we have the source file+line+column.
If you think I'm trying too hard to make sure we can still use both
versions, let me know.
Reviewers: samsonov, rsmith
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D11793
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@244567 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Offset from vptr to the start of most-derived object can actually
be positive in some virtual base class vtables.
Patch by Stephan Bergmann!
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@244101 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
This test is working on other platforms.
Reviewers: samsonov, emaste
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D10415
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@243771 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Specifically:
- Disable int128 tests on Windows, as MSVC cl.exe does not support
int128, so we might not have been able to build the runtime
with int128 support.
- XFAIL the vptr tests as we lack Microsoft ABI support.
- XFAIL enum.cpp as UBSan fails to add the correct instrumentation code
for some reason.
- Modify certain tests that build executables multiple times to use
unique names for each executable. This works around a race condition
observed on Windows.
- Implement IsAccessibleMemoryRange for Windows to fix the last
misaligned.cpp test.
- Introduce a substitution for testing crashes on Windows using
KillTheDoctor.
Differential Revision: http://reviews.llvm.org/D10864
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@241303 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
This patch implements step 1 from
https://llvm.org/bugs/show_bug.cgi?id=23539#c10
I'd appreciate if you could test it on Mac OS and verify that parts of UBSan
runtime that reference C++ ABI symbols are properly excluded, and fix ASan/UBSan
builds.
Test Plan: regression test suite
Reviewers: thakis, hans
Subscribers: llvm-commits, zaks.anna, kubabrecka
Differential Revision: http://reviews.llvm.org/D10621
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@240617 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@236796 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Darwin doesn't yet allow to print stack trace, as it lacks the slow
unwinder. This is one more attempt to fix vptr.cpp on Mac OS X.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@236195 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@236165 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
* Remove __ubsan_default_options, so that test would work on Darwin
* Fix unintentional undefined behavior in the code (missing return)
* Build the test with -fno-sanitize-recover to distinguish expected
failures and expected passes by return code.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@236152 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@236151 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Partial revert of r235961; the test still fails on Green Dragon bots.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@236135 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@235961 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Embed UBSan runtime into TSan and MSan runtimes in the same as we do
in ASan. Extend UBSan test suite to also run tests for these
combinations.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@235954 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@235569 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
-fsanitize=float-cast-overflow.
float-cast-overflow handler doesn't have source location provided by the
compiler, but we still have *some* source location if we have a
symbolizer.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@235567 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
exit code.
Summary:
ubsan was correctly catching the undefined behaviour but lit's shell was
failing the test anyway because the exit code was non-zero as a result of the
undefined behaviour.
This fixes the test on a mips-linux-gnu target.
Reviewers: samsonov
Reviewed By: samsonov
Subscribers: samsonov, llvm-commits, rsmith, sagar
Differential Revision: http://reviews.llvm.org/D9155
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@235518 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
As with the other sanitizers, it is desirable to allow ubsan's output to be
redirected to somewhere other than stderr (and into per-process log files).
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@235277 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Change the way we use ASan and UBSan together. Instead of keeping two
separate runtimes (libclang_rt.asan and libclang_rt.ubsan), embed UBSan
into ASan and get rid of libclang_rt.ubsan. If UBSan is not supported on
a platform, all UBSan sources are just compiled into dummy empty object
files. UBSan initialization code (e.g. flag parsing) is directly called
from ASan initialization, so we are able to enforce correct
initialization order.
This mirrors the approach we already use for ASan+LSan. This change
doesn't modify the way we use standalone UBSan.
Test Plan: regression test suite
Reviewers: kubabrecka, zaks.anna, rsmith, kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D8646
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@233861 91177308-0d34-0410-b5e6-96231b3b80d8
|
