Age | Commit message (Collapse) | Author |
|
The ignore_interceptors_accesses setting did not have an effect on mmap, so
let's change that. It helps in cases user code is accessing the memory
written to by mmap when the synchronization is ensured by the code that
does not get rebuilt.
(This effects Swift interoperability since it's runtime is mapping memory
which gets accessed by the code emitted into the Swift application by the
compiler.)
Differential Revision: http://reviews.llvm.org/D20294
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@269855 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Fix https://llvm.org/bugs/show_bug.cgi?id=27673.
Currenty ASan checks the return value of real recv/recvfrom to see if the written bytes fit in the buffer. That works fine most of time.
However, there is an exception: (from the RECV(2) man page)
MSG_TRUNC (since Linux 2.2)
... return the real length of the packet or datagram, even when it was longer than the passed buffer. ...
Some programs combine MSG_TRUNC, MSG_PEEK and a single-byte buffer to peek the incoming data size without reading (much of) them. In this case,
the return value is usually longer than what's been written and ASan raises a false alarm here. To avoid such false positive reports,
we can use min(res, len) in COMMON_INTERCEPTOR_WRITE_RANGE checks.
Differential Revision: http://reviews.llvm.org/D20280
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@269749 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@269571 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
With this change, dynamic memory allocation is only used
for testing purpose. This change is one of the many steps to
make instrument profiler dynamic allocation free.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@269453 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
symbols).
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@269311 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is needed for proper operation of the fast unwinder, see the discussion
on D18895.
Differential Revision: http://reviews.llvm.org/D19898
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@269277 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Re-enable the tests after IR instrumentation fix (r269146).
Check-in on behalf of davidxl.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@269219 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Adds shadow memory mapping support common to all tools to the new
Efficiencysanitizer ("esan") family of tools. This includes:
+ Shadow memory layout and mapping support for 64-bit Linux for any
power-of-2 scale-down (1x, 2x, 4x, 8x, 16x, etc.) that ensures that
shadow(shadow(address)) does not overlap shadow or application
memory.
+ Mmap interception to ensure the application does not map on top of
our shadow memory.
+ Init-time sanity checks for shadow regions.
+ A test of the mmap conflict mechanism.
Reviewers: aizatsky, filcab
Subscribers: filcab, kubabrecka, llvm-commits, vitalybuka, eugenis, kcc, zhaoqin
Differential Revision: http://reviews.llvm.org/D19921
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@269198 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@269142 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@269130 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Another stack where we try to free sync objects,
but don't have a processors is:
// ResetRange
// __interceptor_munmap
// __deallocate_stack
// start_thread
// clone
Again, it is a latent bug that lead to memory leaks.
Also, increase amount of memory we scan in MetaMap::ResetRange.
Without that the test does not fail, as we fail to free
the sync objects on stack.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@269041 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268978 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268964 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268866 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Fixes crash reported in:
https://bugs.chromium.org/p/v8/issues/detail?id=4995
The problem is that we don't have a processor in a free interceptor
during thread exit.
The crash was introduced by introduction of Processors.
However, previously we silently leaked memory which wasn't any better.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268782 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268779 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
configurations (PR27667)
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268748 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268745 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
In recovery mode, when ASan detects stack overflow (say, when infinite recursion detected),
it tries to continue program execution and hangs on repetitive error reports. There isn't any
sense to do it, we can just bail out on stack overflow error, because the program would crash soon anyway.
Differential Revision: http://reviews.llvm.org/D19958
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268713 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268612 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268608 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
On Windows (already fixed) and FreeBSD we have stacks traces without
operator().
Reviewers: eugenis
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D19427
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268332 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Use after scope is not detected if array larger then 8 bytes.
Subscribers: kubabrecka
Differential Revision: http://reviews.llvm.org/D19572
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268330 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This happens on a 64-bit platform that uses SizeClassAllocator32 (e.g. ASan on AArch64). When querying a large invalid pointer, `__sanitizer_get_allocated_size(0xdeadbeefdeadbeef)`, an assertion will fail. This patch changes PointerIsMine to return false if the pointer is outside of [kSpaceBeg, kSpaceBeg + kSpaceSize).
Differential Revision: http://reviews.llvm.org/D15008
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268243 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is the compiler-rt counterpart to D19650.
Differential Revision: http://reviews.llvm.org/D19652
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268162 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
buildbot.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268160 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
In http://reviews.llvm.org/D19100, I introduced a bug: On OS X, existing programs rely on malloc_size() to detect whether a pointer comes from heap memory (malloc_size returns non-zero) or not. We have to distinguish between a zero-sized allocation (where we need to return 1 from malloc_size, due to other binary compatibility reasons, see http://reviews.llvm.org/D19100), and pointers that are not returned from malloc at all.
Differential Revision: http://reviews.llvm.org/D19653
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268157 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268138 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
global var capture it).
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268114 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
This (partially) implements the check mentioned at
http://kristerw.blogspot.co.uk/2016/04/dangling-pointers-and-undefined-behavior.html
(via John Regehr)
Quoting:
"That the behavior is undefined follows from C11 6.2.4 "Storage
durations of objects"
The lifetime of an object is the portion of program execution during
which storage is guaranteed to be reserved for it. An object exists, has
a constant address, and retains its last-stored value throughout its
lifetime. If an object is referred to outside of its lifetime, the
behavior is undefined. The value of a pointer becomes indeterminate when
the object it points to (or just past) reaches the end of its lifetime.
and 7.22.3 "Memory management functions" that says that free ends the
lifetime of objects
The lifetime of an allocated object extends from the allocation until
the deallocation.
"
We can probably implement this for stack variables too, but I think this
is a good start to see if there's interest in this check.
We can also hide this behind a flag, too.
Reviewers: samsonov, kcc, rsmith, regehr
Subscribers: kubabrecka, llvm-commits
Differential Revision: http://reviews.llvm.org/D19691
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@268097 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
On s390*-linux, sigcontext just doesn't contain any information that could
be used to recover the type of access, so there's no way to fix this, short
of emulating the faulting instruction.
Differential Revision: http://reviews.llvm.org/D19655
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267960 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
On Darwin, MAP_ANONYMOUS is a synonym for MAP_ANON. However, some SDK's
don't define MAP_ANONYMOUS. Use MAP_ANON to work around this.
(As a point of interest, the situation is exactly reversed on Linux.)
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267907 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D18813
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267902 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: Resubmit of http://reviews.llvm.org/D19495 enabled only on intel.
Subscribers: kubabrecka
Differential Revision: http://reviews.llvm.org/D19561
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267750 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Private symbols in PDBs do not have parameter types in their names so we
have to drop the parens from the lambda call operator.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267735 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
On windows platform assert() call creates two distinct CFG edges
which are coverage-instrumented. Simply calling assert would
change coverage numbers on the platform.
Subscribers: kubabrecka
Differential Revision: http://reviews.llvm.org/D19514
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267610 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: http://reviews.llvm.org/D19134
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267548 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This reverts commit r267477.
It broke our bots that enables the AArch64 backends, it seems that
this code is using a Darwin *X86 specific* field.
From: Mehdi Amini <mehdi.amini@apple.com>
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267526 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This fixes fails in test/msan/dlerror.cc - when real dlerror calls strcmp,
our strcmp interceptor now skips poison checking, since it's called in
interceptor context. Strictly speaking, only the dlerror change is
necessary to fix the fail, but let's also change the other two just in case.
Differential Revision: http://reviews.llvm.org/D19499
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267486 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Subscribers: kubabrecka
Differential Revision: http://reviews.llvm.org/D19495
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267477 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Adds libc interceptors to the runtime library for the new
EfficiencySanitizer ("esan") family of tools. The interceptors cover
the memory operations in most common library calls and will be shared
among all esan tools.
Reviewers: aizatsky
Subscribers: zhaoqin, tberghammer, danalbert, srhines, llvm-commits, vitalybuka, eugenis, kcc
Differential Revision: http://reviews.llvm.org/D19411
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267293 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Patch by Vitaly Buka.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267088 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Fix and enable working stack-use-after-scope tests.
Add more failing tests for the feature, for fix later.
PR27453.
Patch by Vitaly Buka.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267084 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Adds the initial version of a runtime library for the new
EfficiencySanitizer ("esan") family of tools. The library includes:
+ Slowpath code via callouts from the compiler instrumentation for
each memory access.
+ Registration of atexit() to call finalization code.
+ Runtime option flags controlled by the environment variable
ESAN_OPTIONS. The common sanitizer flags are supported such as
verbosity and log_path.
+ An initial simple test.
Still TODO: common code for libc interceptors and shadow memory mapping,
and tool-specific code for shadow state updating.
Reviewers: eugenis, vitalybuka, aizatsky, filcab
Subscribers: filcab, vkalintiris, kubabrecka, llvm-commits, zhaoqin, kcc
Differential Revision: http://reviews.llvm.org/D19168
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267060 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@267028 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
The field "pid" in ReportThread is used to store the OS-provided thread ID (pthread_self or gettid). The name "pid" suggests it's a process ID, which it isn't. Let's rename it.
Differential Revision: http://reviews.llvm.org/D19365
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@266994 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This happens on Linux when building as C (not C++) with optimization.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@266931 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Removed unwanted --check-prefix=CHECK from the following unit tests:
test/asan/TestCases/Posix/start-deactivated.cc
test/tsan/Darwin/ignored-interceptors.mm
Patch by: Mandeep Singh Grang (mgrang)
Reviewers: samsonov, kcc, dvyukov, eugenis
Differential Revision: http://reviews.llvm.org/D19281
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@266813 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: Test that asan detects access to the dead variable captured by lambda.
Reviewers: aizatsky, kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D19238
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@266676 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
At the moment almost every lit.site.cfg.in contains two lines comment:
## Autogenerated by LLVM/Clang configuration.
# Do not edit!
The patch adds variable LIT_SITE_CFG_IN_HEADER, that is replaced from
configure_lit_site_cfg with the note and some useful information.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@266520 91177308-0d34-0410-b5e6-96231b3b80d8
|