| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Repoisoning just the minimal redzones might leave an unpoisoned
gap of the size of the actual redzone minus minimal redzone size.
After ASan activation the actual redzone might be bigger than the minimal
size and ASan allocator assumes that the chunk returned by the common
allocator is either entirely poisoned or entirely not poisoned (it's too
expensive to check the entire chunk or always poison one).
Reviewers: eugenis
Subscribers: kubabrecka, llvm-commits
Differential Revision: https://reviews.llvm.org/D28577
llvm-svn: 291714
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revert "ASAN activate/deactive controls thread_local_quarantine_size_kb option."
Revert "Bypass quarantine when quarantine size is set ot zero."
Revert "ASAN activate/deactive controls thread_local_quarantine_size_kb option."
One of these commits broke some of the ARM / AArch64 buildbots:
TEST 'AddressSanitizer-aarch64-linux :: TestCases/Posix/start-deactivated.cc' FAILED
Command Output (stderr):
--
/home/buildslave/buildslave/clang-cmake-aarch64-42vma/llvm/projects/compiler-rt/test/asan/TestCases/Posix/start-deactivated.cc:85:12: error: expected string not found in input
// CHECK: WARNING: AddressSanitizer failed to allocate 0xfff{{.*}} bytes
^
<stdin>:1:1: note: scanning from here
start-deactivated.cc.tmp: /home/buildslave/buildslave/clang-cmake-aarch64-42vma/llvm/projects/compiler-rt/test/asan/TestCases/Posix/start-deactivated.cc:40: void test_malloc_shadow(char *, size_t, bool): Assertion `(char *)__asan_region_is_poisoned(p - 1, sz + 1) == (expect_redzones ? p - 1 : nullptr)' failed.
^
<stdin>:2:1: note: possible intended match here
Error: Aborted (core dumped)
^
llvm-svn: 291560
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
The build system was inconsistent in its naming conventions for
link flags. This patch changes all uses of LINKFLAGS to LINK_FLAGS,
for consistency with cmake's LINK_FLAGS property.
This patch should make it easier to search the source code for
uses of link flags, as well as providing the benefit of improved
style and consistency.
Reviewers: compnerd, beanz
Subscribers: kubabrecka, llvm-commits, mgorny
Differential Revision: https://reviews.llvm.org/D28506
llvm-svn: 291539
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: Also, bypass quarantine altogether when quarantine size is set ot zero.
Reviewers: eugenis
Subscribers: kubabrecka, llvm-commits, mehdi_amini
Differential Revision: https://reviews.llvm.org/D28480
llvm-svn: 291511
|
| |
|
|
| |
llvm-svn: 291509
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
By default, darwin requires a definition for weak interface functions at
link time. Adding the '-U' link flag with each weak function allows these
weak interface functions to be used without definitions, which mirrors
behavior on linux and windows.
Reviewers: compnerd, eugenis
Subscribers: kubabrecka, mgorny, llvm-commits
Differential Revision: https://reviews.llvm.org/D28203
llvm-svn: 291417
|
| |
|
|
|
|
|
|
| |
Reverts accidental upload.
This reverts commit 421408c0f2cc811bcf9a945be6e95e46f76cb358.
llvm-svn: 291316
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
By default, darwin requires a definition for weak interface functions at
link time. Adding the '-U' link flag with each weak function allows these
weak interface functions to be used without definitions, which mirrors
behavior on linux and windows.
Reviewers: compnerd, eugenis
Subscribers: kubabrecka, mgorny, llvm-commits
Differential Revision: https://reviews.llvm.org/D28203
llvm-svn: 291314
|
| |
|
|
|
|
|
|
|
|
| |
Darwin
This patch teaches asan_symbolize.py to read an architecture suffix on module names (e.g. ":x86_64") and pass that option to atos and llvm-symbolizer.
Differential Revision: https://reviews.llvm.org/D27378
llvm-svn: 291280
|
| |
|
|
|
|
|
|
|
|
| |
Darwin
This patch add a new sanitizer flag, print_module_map, which enables printing a module map when the process exits, or after each report (for TSan). The output format is very similar to what Crash Reporter produces on Darwin (e.g. the format of module UUIDs). This enables users to use the existing symbol servers to offline symbolicate and aggregate reports.
Differential Revision: https://reviews.llvm.org/D27400
llvm-svn: 291277
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: Improved ASAN allocator and quarantine stats.
Reviewers: eugenis
Patch by Alex Shlyapnikov.
Subscribers: llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D28333
llvm-svn: 291183
|
| |
|
|
|
|
|
|
|
|
|
|
| |
SetErrorReportCallbackTest
Reviewers: eugenis
Subscribers: kubabrecka, dberris, llvm-commits
Differential Revision: https://reviews.llvm.org/D28376
llvm-svn: 291176
|
| |
|
|
| |
llvm-svn: 291089
|
| |
|
|
| |
llvm-svn: 291077
|
| |
|
|
| |
llvm-svn: 291076
|
| |
|
|
| |
llvm-svn: 291071
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Make kLargeMalloc big enough to be handled by secondary allocator
and small enough to fit into quarantine for all configurations.
It become too big to fit into quarantine on Android after D27873.
Reviewers: eugenis
Patch by Alex Shlyapnikov.
Subscribers: danalbert, llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D28142
llvm-svn: 290689
|
| |
|
|
|
|
|
|
|
|
|
|
| |
asan to sanitizer_common.
Reviewers: eugenis
Subscribers: kubabrecka, dberris, llvm-commits
Differential Revision: https://reviews.llvm.org/D28074
llvm-svn: 290626
|
| |
|
|
|
|
|
|
|
|
| |
Reviewers: ahatanak, eugenis, myatsina
Subscribers: kubabrecka, zizhar, llvm-commits
Differential Revision: https://reviews.llvm.org/D28128
llvm-svn: 290621
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated test according to commit 290539:
According to extended asm syntax, a case where the clobber list includes a variable from the inputs or outputs should be an error - conflict.
for example:
const long double a = 0.0;
int main()
{
char b;
double t1 = a;
__asm__ ("fucompp": "=a" (b) : "u" (t1), "t" (t1) : "cc", "st", "st(1)");
return 0;
}
This should conflict with the output - t1 which is st, and st which is st aswell.
The patch fixes it.
Commit on behald of Ziv Izhar.
Differential Revision: https://reviews.llvm.org/D15075
llvm-svn: 290540
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: We setup these interceptors twice which hangs test on windows.
Reviewers: eugenis
Subscribers: llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D28070
llvm-svn: 290393
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
According https://reviews.llvm.org/D27659#625093 WRAP adds confusing stack
frame.
Reviewers: eugenis
Subscribers: kubabrecka, llvm-commits
Differential Revision: https://reviews.llvm.org/D28039
llvm-svn: 290382
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: Make thread local quarantine size an option so it can be turned off to save memory.
Reviewers: eugenis
Patch by Alex Shlyapnikov.
Subscribers: kubabrecka, llvm-commits
Differential Revision: https://reviews.llvm.org/D28027
llvm-svn: 290373
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Warm up ASAN caches in ThreadedQuarantineTest to get more predictable
incremental heap memory usage measurements.
Reviewers: eugenis
Patch by Alex Shlyapnikov.
Subscribers: aemerson, kubabrecka, llvm-commits
Differential Revision: https://reviews.llvm.org/D28061
llvm-svn: 290371
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: eugenis
Patch by Alex Shlyapnikov.
Subscribers: llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D28029
llvm-svn: 290279
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Experiments show that on Android the current values result in too much
of the memory consumption for all quarantined chunks.
Reviewers: kcc, eugenis
Subscribers: mgorny, danalbert, srhines, llvm-commits, kubabrecka
Patch by Aleksey Shlyapnikov.
Differential Revision: https://reviews.llvm.org/D27873
llvm-svn: 290218
|
| |
|
|
| |
llvm-svn: 289587
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
On windows, memmove and memcpy may be the same functions (on 64-bits).
```
-- f:\dd\vctools\crt\vcruntime\src\string\amd64\memcpy.asm --------------------
OPTION PROLOGUE:NONE, EPILOGUE:NONE
memmove = memcpy
mov r11, rcx ; save destination address
```
This is causing ASAN to report overlaping parameters when instrumenting chromium.
```
D:\src\chromium\src>out\asan64\chrome.exe --no-sandbox
[8956:6208:1121/162511:ERROR:entry.cc(167)] Entry::Deserialize: dictionary has no interface_provider_specs key
[8956:11560:1121/162511:ERROR:external_registry_loader_win.cc(130)] Missing value path for key Software\Google\Chrome\Ex
tensions\doeiiacdhfmpdeckdaifnjaemmkkdlkf.
=================================================================
==5132==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x000000237ee8,0x000000237eea) and [0x000000237ee9
, 0x000000237eeb) overlap
```
The error triggered on chromium:
```
Child-SP RetAddr Call Site
00000000`00166520 00000001`400a4886 chrome!__asan::ReportStringFunctionMemoryRangesOverlap+0x23 [d:\src\llvm\llvm\projects\compiler-rt\lib\asan\asan_report.cc @ 305]
*** WARNING: Unable to verify checksum for D:\src\chromium\src\out\asan64dynamic\libglesv2.dll
00000000`001672a0 000007fe`e1859607 chrome!__asan_wrap_memcpy+0xf6 [d:\src\llvm\llvm\projects\compiler-rt\lib\asan\asan_interceptors.cc @ 458]
00000000`00167b30 000007fe`e184bcbc libglesv2!__acrt_fp_strflt_to_string+0xb7 [d:\th\minkernel\crts\ucrt\src\appcrt\convert\_fptostr.cpp @ 86]
(Inline Function) --------`-------- libglesv2!fp_format_f+0x57 [d:\th\minkernel\crts\ucrt\src\appcrt\convert\cvt.cpp @ 578]
00000000`00167b60 000007fe`e182e2a2 libglesv2!__acrt_fp_format+0x180 [d:\th\minkernel\crts\ucrt\src\appcrt\convert\cvt.cpp @ 722]
00000000`00167bf0 000007fe`e182ce80 libglesv2!__crt_stdio_output::output_processor<char,__crt_stdio_output::stream_output_adapter<char>,__crt_stdio_output::format_validation_
```
This bug is similar to: https://llvm.org/bugs/show_bug.cgi?id=16362
Reviewers: rnk, zaks.anna, filcab
Subscribers: filcab, kubabrecka, chrisha, llvm-commits, dberris
Differential Revision: https://reviews.llvm.org/D27052
llvm-svn: 289063
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: The function computes full module name and coverts pc into offset.
Reviewers: kcc
Subscribers: kubabrecka
Differential Revision: https://reviews.llvm.org/D26820
llvm-svn: 288711
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
The current code was sometimes attempting to release huge chunks of
memory due to undesired RoundUp/RoundDown interaction when the requested
range is fully contained within one memory page.
Reviewers: eugenis
Subscribers: kubabrecka, llvm-commits
Patch by Aleksey Shlyapnikov.
Differential Revision: https://reviews.llvm.org/D27228
llvm-svn: 288271
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
__sanitizer_contiguous_container_find_bad_address.
__sanitizer_contiguous_container_find_bad_address computes three regions of a
container to check for poisoning: begin, middle, end. The issue is that in current
design the first region can be significantly larger than kMaxRangeToCheck.
Proposed patch fixes a typo to calculate the first region properly.
Patch by Ivan Baravy.
Differential Revision: https://reviews.llvm.org/D27061
llvm-svn: 288234
|
| |
|
|
|
|
|
|
|
|
| |
macOS <=10.10)
This fixes https://llvm.org/bugs/show_bug.cgi?id=30285. On macOS 10.10 and lower, instrumented unit tests still need to be able to re-exec to make interceptors work.
Differential Revision: https://reviews.llvm.org/D24699
llvm-svn: 288224
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
In order to avoid starting a separate thread to return unused memory to
the system (the thread interferes with process startup on Android,
Zygota waits for all threads to exit before fork, but this thread never
exits), try to return it right after free.
Reviewers: eugenis
Subscribers: cryptoad, filcab, danalbert, kubabrecka, llvm-commits
Patch by Aleksey Shlyapnikov.
Differential Revision: https://reviews.llvm.org/D27003
llvm-svn: 288091
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D27137
llvm-svn: 288072
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D27012
llvm-svn: 288065
|
| |
|
|
|
|
|
|
| |
This patch prints out all CPU registers after a SIGSEGV. These are available in the signal handler context. Only implemented for Darwin. Can be turned off with the dump_registers flag.
Differential Revision: https://reviews.llvm.org/D11365
llvm-svn: 287957
|
| |
|
|
|
|
| |
Should fix issues that came up while testing Win64 ASan.
llvm-svn: 287791
|
| |
|
|
|
|
| |
Remove a needless cast as well.
llvm-svn: 287785
|
| |
|
|
|
|
|
|
|
|
| |
The MSVC incremental linker pads every global out to 256 bytes in case
it changes size after an incremental link. So, skip over null entries in
the DSO-wide asan globals array. This only works if the global padding
size is divisible by the size of the asan global object, so add some
defensive CHECKs.
llvm-svn: 287780
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
The expectation is that new instrumented code will add global variable
metadata to the .ASAN$GL section, and we will use this new code to
iterate over it.
This technique seems to break when using incremental linking, which
seems to align every global to a 256 byte boundary. Presumably this is
so that it can incrementally cope with global changing size. Clang
already passes -incremental:no as a linker flag when you invoke it to do
the link step.
The two tests added for this feature will fail until the LLVM
instrumentation change in D26770 lands, so they are marked XFAIL for
now.
Reviewers: pcc, kcc, mehdi_amini, kubabrecka
Subscribers: llvm-commits, mgorny
Differential Revision: https://reviews.llvm.org/D26771
llvm-svn: 287246
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use the __SSE2__ to determine whether SSE2 is enabled in the ASAN tests
rather than relying on either of the __i686__ and __x86_64__. The former
is only set with explicit -march=i686, and therefore misses most of
the x86 CPUs that support SSE2. __SSE2__ is in turn defined if
the current settings (-march, -msse2) indicate that SSE2 is supported
which should be more reliable.
Differential Revision: https://reviews.llvm.org/D26763
llvm-svn: 287245
|
| |
|
|
|
|
|
|
|
|
|
| |
Users often have their own unhandled exception filters installed. ASan
already goes to great lengths to install its own filter, but our core
wars with Chrome crashpad have escalated to the point that its time to
declare a truce. By exposing this hook, they can call us directly when
they want ASan crash reporting without worrying about who initializes
when.
llvm-svn: 287040
|
| |
|
|
|
|
| |
NFC
llvm-svn: 287000
|
| |
|
|
| |
llvm-svn: 286346
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
User applications may register hooks in the .CRT$XL* callback list,
which is called very early by the loader. This is very common in
Chromium:
https://cs.chromium.org/search/?q=CRT.XL&sq=package:chromium&type=cs
This has flown under the radar for a long time because the loader
appears to catch exceptions originating from these callbacks. It's a
real problem when you're debugging an asan application, though, since it
makes the program crash early.
The solution is to add our own callback to this list, and sort it very
early in the list like we do elsewhere. Also add a test with such an
instrumented callback, and test that it gets called with asan.
Reviewers: etienneb
Subscribers: llvm-commits, kubabrecka
Differential Revision: https://reviews.llvm.org/D26404
llvm-svn: 286290
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
asan_device_setup script is using LD_PRELOAD to inject the ASan
runtime library into the Zygote process. This breaks when the Zygote
or any of its descendants spawn a process with different bitness due
to the fact that the ASan-RT library name includes the target
architecture.
The fix is to preload the library through a symlink which has the
same name in lib and lib64.
llvm-svn: 286188
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Only tests using %clang_cl_asan were using the dynamic CRT before this.
The unit tests and lit tests using %clangxx_asan were using the static
CRT. Many cross-platform tests fail with the dynamic CRT, so I had to
add win32-(static|dynamic)-asan lit features.
Also deletes some redundant tests in TestCases/Windows that started
failing with this switch.
llvm-svn: 285821
|
| |
|
|
|
|
|
|
|
|
|
| |
Otherwise __asan_dynamic_memory_address will be zero during static
initialization and instrumented code will crash immediately.
Fixes PR30810
Patch by David Major
llvm-svn: 285600
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
namespace
Summary: Newer versions of clang complain that __asan_schedule_unregister_globals is unused. Moving it outside the anonymous namespace gets rid of that warning.
Reviewers: rnk, timurrrr
Subscribers: kubabrecka, dberris
Differential Revision: https://reviews.llvm.org/D25921
llvm-svn: 285010
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of our existing tests hang on the new Windows bot with this stack:
770, clang_rt.asan_dynamic-i386.dll!__asan::AsanTSDGet+0x3e
771, clang_rt.asan_dynamic-i386.dll!__asan::GetCurrentThread+0x9
772, clang_rt.asan_dynamic-i386.dll!__asan_handle_no_return+0xe
773, clang_rt.asan_dynamic-i386.dll!__asan_wrap__except_handler4_common+0x12
774, ntdll.dll!wcstombs+0xb0 (No unwind info)
775, ntdll.dll!ZwWow64CallFunction64+0x2001 (No unwind info)
776, ntdll.dll!ZwWow64CallFunction64+0x1fd3 (No unwind info)
777, ntdll.dll!KiUserExceptionDispatcher+0xf (No unwind info)
778, clang_rt.asan_dynamic-i386.dll!destroy_fls+0x13
779, ntdll.dll!RtlLockHeap+0xea (No unwind info)
780, ntdll.dll!LdrShutdownProcess+0x7f (No unwind info)
781, ntdll.dll!RtlExitUserProcess+0x81 (No unwind info)
782, kernel32.dll!ExitProcess+0x13 (No unwind info)
783, clang_rt.asan_dynamic-i386.dll!__sanitizer::internal__exit+0xc
784, clang_rt.asan_dynamic-i386.dll!__sanitizer::Die+0x3d
785, clang_rt.asan_dynamic-i386.dll!__asan::AsanInitInternal+0x50b
786, clang_rt.asan_dynamic-i386.dll!__asan::Allocator::Allocate+0x1c
787, clang_rt.asan_dynamic-i386.dll!__asan::Allocator::Calloc+0x43
We hang because AsanDie tries to defend against multi-threaded death by
infinite looping if someone is already exiting. We might want to
reconsider that, but one easy way to avoid getting here is not to let
our noreturn interceptors call back into fragile parts of ASan.
llvm-svn: 284067
|
