| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: Flag is -fno-sanitize-use-after-dtor.
Reviewers: vitalybuka, eugenis, kcc
Reviewed By: vitalybuka, eugenis
Subscribers: cfe-commits
Differential Revision: https://reviews.llvm.org/D37867
llvm-svn: 313314
|
| |
|
|
|
|
| |
https://reviews.llvm.org/D37598
llvm-svn: 313099
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
An implementation of ubsan runtime library suitable for use in production.
Minimal attack surface.
* No stack traces.
* Definitely no C++ demangling.
* No UBSAN_OPTIONS=log_file=/path (very suid-unfriendly). And no UBSAN_OPTIONS in general.
* as simple as possible
Minimal CPU and RAM overhead.
* Source locations unnecessary in the presence of (split) debug info.
* Values and types (as in A+B overflows T) can be reconstructed from register/stack dumps, once you know what type of error you are looking at.
* above two items save 3% binary size.
When UBSan is used with -ftrap-function=abort, sometimes it is hard to reason about failures. This library replaces abort with a slightly more informative message without much extra overhead. Since ubsan interface in not stable, this code must reside in compiler-rt.
Reviewers: pcc, kcc
Subscribers: srhines, mgorny, aprantl, krytarowski, llvm-commits
Differential Revision: https://reviews.llvm.org/D36810
llvm-svn: 312029
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Enable more sanitizers:
- i386 and amd64:
* SanitizerKind::Vptr;
* SanitizerKind::Leak;
* SanitizerKind::SafeStack;
* SanitizerKind::Function;
- amd64 only:
* SanitizerKind::Thread;
These sanitizers are in the process of upstreaming to LLVM projects.
Sponsored by <The NetBSD Foundation>
Reviewers: joerg, dim, vitalybuka, kcc, filcab, fjricci
Reviewed By: vitalybuka
Subscribers: #sanitizers, cfe-commits
Tags: #sanitizers
Differential Revision: https://reviews.llvm.org/D36482
llvm-svn: 310649
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
available
In r309007, I made -fsanitize=null a hard prerequisite for -fsanitize=vptr. I
did not see the need for the two checks to have separate null checking logic
for the same pointer. I expected the two checks to either always be enabled
together, or to be mutually compatible.
In the mailing list discussion re: r309007 it became clear that that isn't the
case. If a codebase is -fsanitize=vptr clean but not -fsanitize=null clean,
it's useful to have -fsanitize=vptr emit its own null check. That's what this
patch does: with it, -fsanitize=vptr can be used without -fsanitize=null.
Differential Revision: https://reviews.llvm.org/D36112
llvm-svn: 309846
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On some targets, passing zero to the clz() or ctz() builtins has undefined
behavior. I ran into this issue while debugging UB in __hash_table from libcxx:
the bug I was seeing manifested itself differently under -O0 vs -Os, due to a
UB call to clz() (see: libcxx/r304617).
This patch introduces a check which can detect UB calls to builtins.
llvm.org/PR26979
Differential Revision: https://reviews.llvm.org/D34590
llvm-svn: 309459
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The instrumentation generated by -fsanitize=vptr does not null check a
user pointer before loading from it. This causes crashes in the face of
UB member calls (this=nullptr), i.e it's causing user programs to crash
only after UBSan is turned on.
The fix is to make run-time null checking a prerequisite for enabling
-fsanitize=vptr, and to then teach UBSan to reuse these run-time null
checks to make -fsanitize=vptr safe.
Testing: check-clang, check-ubsan, a stage2 ubsan-enabled build
Differential Revision: https://reviews.llvm.org/D35735
https://bugs.llvm.org/show_bug.cgi?id=33881
llvm-svn: 309007
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This check currently isn't able to diagnose any issues at -O0, not is it
likely to [1]. Disabling the check at -O0 leads to substantial compile
time and binary size savings.
[1] [cfe-dev] Disabling ubsan's object size check at -O0
Differential Revision: https://reviews.llvm.org/D34563
llvm-svn: 306181
|
| |
|
|
|
|
|
|
| |
This commit adds a testcase for uncovered code paths in LSan options parsing logic in driver.
Differential Revision: https://reviews.llvm.org/D33941
llvm-svn: 304880
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check pointer arithmetic for overflow.
For some more background on this check, see:
https://wdtz.org/catching-pointer-overflow-bugs.html
https://reviews.llvm.org/D20322
Patch by Will Dietz and John Regehr!
This version of the patch is different from the original in a few ways:
- It introduces the EmitCheckedInBoundsGEP utility which inserts
checks when the pointer overflow check is enabled.
- It does some constant-folding to reduce instrumentation overhead.
- It does not check some GEPs in CGExprCXX. I'm not sure that
inserting checks here, or in CGClass, would catch many bugs.
Possible future directions for this check:
- Introduce CGF.EmitCheckedStructGEP, to detect overflows when
accessing structures.
Testing: Apart from the added lit test, I ran check-llvm and check-clang
with a stage2, ubsan-instrumented clang. Will and John have also done
extensive testing on numerous open source projects.
Differential Revision: https://reviews.llvm.org/D33305
llvm-svn: 304459
|
| |
|
|
| |
llvm-svn: 302594
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This feature is subtly broken when the linker is gold 2.26 or
earlier. See the following bug for details:
https://sourceware.org/bugzilla/show_bug.cgi?id=19002
Since the decision needs to be made at compilation time, we can not
test the linker version. The flag is off by default on ELF targets,
and on otherwise.
llvm-svn: 302591
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When enabling any sanitizer, -fsanitize-use-after-scope is enabled by
default. This doesn't actually turn ASan on, because we've been getting
lucky and there are extra checks in BackendUtil that stop this from
happening.
However, this has been causing a behavior change: extra lifetime markers
are emitted in some cases where they aren't needed or expected.
llvm-svn: 302468
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Support for leak sanitizer on darwin has been added to
compiler-rt, this patch adds compiler support.
Reviewers: dexonsmith, compnerd
Subscribers: alekseyshl, kubamracek, cfe-commits
Differential Revision: https://reviews.llvm.org/D32192
llvm-svn: 300894
|
| |
|
|
|
|
| |
This fixes a warning. The test was passing without this change.
llvm-svn: 300214
|
| |
|
|
|
|
|
|
|
|
| |
Adding RUN lines with %clang_cl was causing these tests to fail on Mac
because absolute paths there tend to start with "/User/", which is
recognized as the "/U" flag.
Re-lands r300122
llvm-svn: 300209
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit 47979b20b475664013d19382fc6875b5b9f3ed9d.
This was causing a couple of bots to fail.
http://lab.llvm.org:8080/green/job/clang-stage1-configure-RA_check/30152
llvm-svn: 300181
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Use a tablegen let {} block so that new sanitizer flags are available by
default in all driver modes. This should cut down on time wasted with
bugs like http://crbug.com/710928.
Reviewers: vitalybuka, hans
Subscribers: kcc, llvm-commits
Differential Revision: https://reviews.llvm.org/D31988
llvm-svn: 300122
|
| |
|
|
|
|
|
|
| |
This is a compiler part of https://reviews.llvm.org/D29586. Enable LSan on arm Linux.
Differential Revision: https://reviews.llvm.org/D31760
llvm-svn: 299921
|
| |
|
|
|
|
|
|
|
|
| |
AddressSanitizer has an optional compile-time flag, -fsanitize-address-use-after-scope, which enables detection of use-after-scope bugs. We'd like to have this feature on by default, because it is already very well tested, it's used in several projects already (LLVM automatically enables it when using -DLLVM_USE_SANITIZER=Address), it's low overhead and there are no known issues or incompatibilities.
This patch enables use-after-scope by default via the Clang driver, where we set true as the default value for AsanUseAfterScope. This also causes the lifetime markers to be generated whenever fsanitize=address is used. This has some nice consequences, e.g. we now have line numbers for all local variables.
Differential Revision: https://reviews.llvm.org/D31479
llvm-svn: 299174
|
| |
|
|
|
|
|
|
|
| |
This is a missed part of https://reviews.llvm.org/D28609.
Enable LSan for x86 Linux in clang driver.
Differential Revision: https://reviews.llvm.org/D29077
llvm-svn: 293609
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
New clang flags, all default to true:
-f[no-]sanitize-thread-data-races
-f[no-]sanitize-thread-stack-traces
-f[no-]sanitize-thread-atomics
Reviewers: dvyukov, pcc, eugenis
Subscribers: pcc, cfe-commits
Patch by Alex Shlyapnikov.
Differential Revision: https://reviews.llvm.org/D26461
llvm-svn: 286669
|
| |
|
|
| |
llvm-svn: 286613
|
| |
|
|
|
|
|
|
| |
Patch by Michael LeMay
Differential revision: http://reviews.llvm.org/D19854
llvm-svn: 284278
|
| |
|
|
|
|
|
|
| |
Reviewers: eugenis
Differential Revision: https://reviews.llvm.org/D25453
llvm-svn: 283801
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The PIC and PIE levels are not independent. In fact, if PIE is defined
it is always the same as PIC.
This is clear in the driver where ParsePICArgs returns a PIC level and
a IsPIE boolean. Unfortunately that is currently lost and we pass two
redundant levels down the pipeline.
This patch keeps a bool and a PIC level all the way down to codegen.
llvm-svn: 273566
|
| |
|
|
|
|
|
| |
--dependent-lib arguments for the sanitizer libraries must be emitted when
coverage is enabled w/o any sanitizers.
llvm-svn: 272735
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Also emit lifetime markers for -fsanitize-address-use-after-scope.
Asan uses life-time markers for use-after-scope check.
PR27453
Reviewers: kcc, eugenis, aizatsky
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D20759
llvm-svn: 271451
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Adds a new -fsanitize=efficiency-working-set flag to enable esan's working
set tool. Adds appropriate tests for the new flag.
Reviewers: aizatsky
Subscribers: vitalybuka, zhaoqin, kcc, eugenis, llvm-commits
Differential Revision: http://reviews.llvm.org/D20484
llvm-svn: 270641
|
| |
|
|
| |
llvm-svn: 268540
|
| |
|
|
|
|
| |
I have updated the compiler-rt tests.
llvm-svn: 267903
|
| |
|
|
|
|
|
|
|
|
| |
It makes compiler-rt tests fail if the gold plugin is enabled.
Revert "Rework interface for bitset-using features to use a notion of LTO visibility."
Revert "Driver: only produce CFI -fvisibility= error when compiling."
Revert "clang/test/CodeGenCXX/cfi-blacklist.cpp: Exclude ms targets. They would be non-cfi."
llvm-svn: 267871
|
| |
|
|
|
|
|
| |
The -fvisibility= flag only affects compile jobs, so there's no need to
error out because of it if we aren't compiling (e.g. if we are only linking).
llvm-svn: 267824
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bitsets, and the compiler features they rely on (vtable opt, CFI),
only have visibility within the LTO'd part of the linkage unit. Therefore,
only enable these features for classes with hidden LTO visibility. This
notion is based on object file visibility or (on Windows)
dllimport/dllexport attributes.
We provide the [[clang::lto_visibility_public]] attribute to override the
compiler's LTO visibility inference in cases where the class is defined
in the non-LTO'd part of the linkage unit, or where the ABI supports
calling classes derived from abstract base classes with hidden visibility
in other linkage units (e.g. COM on Windows).
If the cross-DSO CFI mode is enabled, bitset checks are emitted even for
classes with public LTO visibility, as that mode uses a separate mechanism
to cause bitsets to be exported.
This mechanism replaces the whole-program-vtables blacklist, so remove the
-fwhole-program-vtables-blacklist flag.
Because __declspec(uuid()) now implies [[clang::lto_visibility_public]], the
support for the special attr:uuid blacklist entry is removed.
Differential Revision: http://reviews.llvm.org/D18635
llvm-svn: 267784
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Adds a framework to enable the instrumentation pass for the new
EfficiencySanitizer ("esan") family of tools. Adds a flag for esan's
cache fragmentation tool via -fsanitize=efficiency-cache-frag.
Adds appropriate tests for the new flag.
Reviewers: eugenis, vitalybuka, aizatsky, filcab
Subscribers: filcab, kubabrecka, llvm-commits, zhaoqin, kcc
Differential Revision: http://reviews.llvm.org/D19169
llvm-svn: 267059
|
| |
|
|
|
|
|
|
|
| |
This is the clang part of http://reviews.llvm.org/D18846.
SafeStack instrumentation pass adds stack protector canaries if both
attributes are present on a function. StackProtector pass will step
back if the function has a safestack attribute.
llvm-svn: 266005
|
| |
|
|
|
|
|
|
|
| |
Update the clang driver to allow -fsanitize=thread when targeting x86_64 iOS and tvOS
simulators. Also restrict TSan targeting OS X to only be supported on x86_64 and not i386.
Differential Revision: http://reviews.llvm.org/D18280
llvm-svn: 263913
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
I've got a patchset in my home directory to integrate support for
SafeStack into CloudABI's C library. All of the CloudABI unit tests
still seem to pass. Pretty sweet!
This change adds the necessary changes to Clang to make
-fsanitize=safe-stack work on CloudABI. Without it, passing this command
line flag throws an error.
Reviewers: eugenis, samsonov
Differential Revision: http://reviews.llvm.org/D17243
llvm-svn: 261135
|
| |
|
|
|
|
| |
Differential Revision: http://reviews.llvm.org/D15624
llvm-svn: 259453
|
| |
|
|
|
|
|
|
|
| |
This is part of a new statistics gathering feature for the sanitizers.
See clang/docs/SanitizerStats.rst for further info and docs.
Differential Revision: http://reviews.llvm.org/D16175
llvm-svn: 257971
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clang-side cross-DSO CFI.
* Adds a command line flag -f[no-]sanitize-cfi-cross-dso.
* Links a runtime library when enabled.
* Emits __cfi_slowpath calls is bitset test fails.
* Emits extra hash-based bitsets for external CFI checks.
* Sets a module flag to enable __cfi_check generation during LTO.
This mode does not yet support diagnostics.
llvm-svn: 255694
|
| |
|
|
| |
llvm-svn: 254723
|
| |
|
|
|
|
| |
Differential Revision: http://reviews.llvm.org/D14243
llvm-svn: 252721
|
| |
|
|
|
|
| |
for TSan on OS X").
llvm-svn: 252311
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since r249754 MemorySanitizer should work equally well for PIE and
non-PIE executables on Linux/x86_64.
Beware, with this change -fsanitize=memory no longer adds implicit
-fPIE -pie compiler/linker flags on Linux/x86_64.
This is a re-land of r250941, limited to Linux/x86_64 + a very minor
refactoring in SanitizerArgs.
llvm-svn: 250949
|
| |
|
|
|
|
| |
It actually does require PIE on some targets.
llvm-svn: 250944
|
| |
|
|
|
|
|
|
|
|
| |
Since r249754 MemorySanitizer should work equally well for PIE and
non-PIE executables.
Beware, with this change -fsanitize=memory no longer adds implicit
-fPIE -pie compiler/linker flags, unless the target defaults to PIE.
llvm-svn: 250941
|
| |
|
|
| |
llvm-svn: 250516
|
| |
|
|
| |
llvm-svn: 248518
|
| |
|
|
| |
llvm-svn: 247324
|
