summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Transforms/Instrumentation/AddressSanitizer.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [asan] Add const into few methodsVitaly Buka2016-07-281-10/+10
| | | | | | | | | | | | Summary: No functional changes Reviewers: eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D22899 llvm-svn: 277069
* Unpoison stack before resume instructionVitaly Buka2016-07-221-0/+6
| | | | | | | | | | | | | | | | | | | Summary: Clang inserts cleanup code before resume similar way as before return instruction. This makes asan poison local variables causing false use-after-scope reports. __asan_handle_no_return does not help here as it was executed before llvm.lifetime.end inserted into resume block. To avoid false report we need to unpoison stack for resume same way as for return. PR27453 Reviewers: kcc, eugenis Differential Revision: https://reviews.llvm.org/D22661 llvm-svn: 276480
* Fix detection of stack-use-after scope for char arrays.Vitaly Buka2016-07-221-0/+4
| | | | | | | | | | | | | | Summary: Clang inserts GetElementPtrInst so findAllocaForValue was not able to find allocas. PR27453 Reviewers: kcc, eugenis Differential Revision: https://reviews.llvm.org/D22657 llvm-svn: 276374
* [asan] Add a hidden option for Mach-O global metadata liveness trackingRyan Govostes2016-07-051-0/+10
| | | | llvm-svn: 274578
* [asan] fix false dynamic-stack-buffer-overflow report with constantly-sized ↵Kuba Brecka2016-06-271-9/+10
| | | | | | | | | | dynamic allocas, LLVM part See the bug report at https://github.com/google/sanitizers/issues/691. When a dynamic alloca has a constant size, ASan instrumentation will treat it as a regular dynamic alloca (insert calls to poison and unpoison), but the backend will turn it into a regular stack variable. The poisoning/unpoisoning is then broken. This patch will treat such allocas as static. Differential Revision: http://reviews.llvm.org/D21509 llvm-svn: 273888
* Apply clang-tidy's modernize-loop-convert to most of lib/Transforms.Benjamin Kramer2016-06-261-3/+3
| | | | | | Only minor manual fixes. No functionality change intended. llvm-svn: 273808
* [asan] Do not instrument accesses to profiling globalsVedant Kumar2016-06-221-5/+14
| | | | | | | | | | | | | It's only useful to asan-itize profiling globals while debugging llvm's profiling instrumentation passes. Enabling asan along with instrprof or gcov instrumentation shouldn't incur extra overhead. This patch is in the same spirit as r264805 and r273202, which disabled tsan instrumentation of instrprof/gcov globals. Differential Revision: http://reviews.llvm.org/D21541 llvm-svn: 273444
* [asan] Do not instrument pointers with address space attributesAnna Zaks2016-06-221-0/+8
| | | | | | | | | Do not instrument pointers with address space attributes since we cannot track them anyway. Instrumenting them results in false positives in ASan and a compiler crash in TSan. (The compiler should not crash in any case, but that's a different problem.) llvm-svn: 273339
* This is part of the effort for asan to support Windows 64 bit.Etienne Bergeron2016-06-211-0/+4
| | | | | | | | | | The large offset is being tested on Windows 10 (which has larger usable virtual address space than Windows 8 or earlier) Patch by: Wei Wang Differential Revision: http://reviews.llvm.org/D21523 llvm-svn: 273269
* [sanitizers] Disable target-specific lowering of string functions.Marcin Koscielnicki2016-06-181-2/+4
| | | | | | | | | | | | CodeGen has hooks that allow targets to emit specialized code instead of calls to memcmp, memchr, strcpy, stpcpy, strcmp, strlen, strnlen. When ASan/MSan/TSan/ESan is in use, this sidesteps its interceptors, resulting in uninstrumented memory accesses. To avoid that, make these sanitizers mark the calls as nobuiltin. Differential Revision: http://reviews.llvm.org/D19781 llvm-svn: 273083
* IR: Introduce local_unnamed_addr attribute.Peter Collingbourne2016-06-141-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a local_unnamed_addr attribute is attached to a global, the address is known to be insignificant within the module. It is distinct from the existing unnamed_addr attribute in that it only describes a local property of the module rather than a global property of the symbol. This attribute is intended to be used by the code generator and LTO to allow the linker to decide whether the global needs to be in the symbol table. It is possible to exclude a global from the symbol table if three things are true: - This attribute is present on every instance of the global (which means that the normal rule that the global must have a unique address can be broken without being observable by the program by performing comparisons against the global's address) - The global has linkonce_odr linkage (which means that each linkage unit must have its own copy of the global if it requires one, and the copy in each linkage unit must be the same) - It is a constant or a function (which means that the program cannot observe that the unique-address rule has been broken by writing to the global) Although this attribute could in principle be computed from the module contents, LTO clients (i.e. linkers) will normally need to be able to compute this property as part of symbol resolution, and it would be inefficient to materialize every module just to compute it. See: http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20160509/356401.html http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20160516/356738.html for earlier discussion. Part of the fix for PR27553. Differential Revision: http://reviews.llvm.org/D20348 llvm-svn: 272709
* Make sure that not interesting allocas are not instrumented.Vitaly Buka2016-06-091-4/+13
| | | | | | | | | | | | | | | | | | | Summary: We failed to unpoison uninteresting allocas on return as unpoisoning is part of main instrumentation which skips such allocas. Added check -asan-instrument-allocas for dynamic allocas. If instrumentation of dynamic allocas is disabled it will not will not be unpoisoned. PR27453 Reviewers: kcc, eugenis Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D21207 llvm-svn: 272341
* Unpoison stack memory in use-after-return + use-after-scope modeVitaly Buka2016-06-091-12/+21
| | | | | | | | | | | | | | | Summary: We still want to unpoison full stack even in use-after-return as it can be disabled at runtime. PR27453 Reviewers: eugenis, kcc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D21202 llvm-svn: 272334
* [asan] Rename *UAR* into *UseAfterReturn*Vitaly Buka2016-06-021-7/+7
| | | | | | | | | | | | | | | Summary: To improve readability. PR27453 Reviewers: kcc, eugenis, aizatsky Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D20761 llvm-svn: 271447
* [asan] Add option to enable asan-use-after-scope from clang.Vitaly Buka2016-05-271-5/+10
| | | | | | | | | | | | | | Clang will have -fsanitize-address-use-after-scope flag. PR27453 Reviewers: kcc, eugenis, aizatsky Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D20750 llvm-svn: 271067
* Use StringRef::startswith instead of find(...) == 0.Benjamin Kramer2016-05-271-3/+3
| | | | | | It's faster and easier to read. llvm-svn: 271018
* Return a StringRef from getSection.Rafael Espindola2016-05-111-1/+1
| | | | | | This is similar to how getName is handled. llvm-svn: 269218
* Fix whitespace and line wrapping. NFC.Ryan Govostes2016-05-061-3/+4
| | | | llvm-svn: 268725
* [asan] add option to set shadow mapping offsetRyan Govostes2016-05-061-2/+9
| | | | | | | | | | Allowing overriding the default ASAN shadow mapping offset with the -asan-shadow-offset option, and allow zero to be specified for both offset and scale. Patch by Aaron Carroll <aaronc@apple.com>. llvm-svn: 268724
* Revert "[asan] add option to set shadow mapping offset"Ryan Govostes2016-05-051-9/+2
| | | | | | This reverts commit ba89768f97b1d4326acb5e33c14eb23a05c7bea7. llvm-svn: 268588
* [asan] add option to set shadow mapping offsetRyan Govostes2016-05-051-2/+9
| | | | | | | | Allowing overriding the default ASAN shadow mapping offset with the -asan-shadow-offset option, and allow zero to be specified for both offset and scale. llvm-svn: 268586
* [ASan] Add shadow offset for SystemZ.Marcin Koscielnicki2016-04-301-2/+8
| | | | | | | | | | | | | | | | | | | | | | SystemZ on Linux currently has 53-bit address space. In theory, the hardware could support a full 64-bit address space, but that's not supported due to kernel limitations (it'd require 5-level page tables), and there are no plans for that. The default process layout stays within first 4TB of address space (to avoid creating 4-level page tables), so any offset >= (1 << 42) is fine. Let's use 1 << 52 here, ie. exactly half the address space. I've originally used 7 << 50 (uses top 1/8th of the address space), but ASan runtime assumes there's some space after the shadow area. While this is fixable, it's simpler to avoid the issue entirely. Also, I've originally wanted to have the shadow aligned to 1/8th the address space, so that we can use OR like X86 to assemble the offset. I no longer think it's a good idea, since using ADD enables us to load the constant just once and use it with register + register indexed addressing. Differential Revision: http://reviews.llvm.org/D19650 llvm-svn: 268161
* Fixed flag descriptionMike Aizatsky2016-04-211-3/+3
| | | | | | | | | | | | | | Summary: asan-use-after-return control feature we call use-after-return or stack-use-after-return. Reviewers: kcc, aizatsky, eugenis Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D19284 llvm-svn: 267064
* Rename asan-check-lifetime into asan-stack-use-after-scopeKostya Serebryany2016-04-201-6/+4
| | | | | | | | | | | | Summary: This is done for consistency with asan-use-after-return. I see no other users than tests. Reviewers: aizatsky, kcc Differential Revision: http://reviews.llvm.org/D19306 llvm-svn: 266906
* [NFC] Header cleanupMehdi Amini2016-04-181-3/+1
| | | | | | | | | | | | | | Removed some unused headers, replaced some headers with forward class declarations. Found using simple scripts like this one: clear && ack --cpp -l '#include "llvm/ADT/IndexedMap.h"' | xargs grep -L 'IndexedMap[<]' | xargs grep -n --color=auto 'IndexedMap' Patch by Eugene Kosov <claprix@yandex.ru> Differential Revision: http://reviews.llvm.org/D19219 From: Mehdi Amini <mehdi.amini@apple.com> llvm-svn: 266595
* Silencing warnings from MSVC 2015 Update 2. All of these changes silence ↵Aaron Ballman2016-03-301-4/+4
| | | | | | "C4334 '<<': result of 32-bit shift implicitly converted to 64 bits (was 64-bit shift intended?)". NFC. llvm-svn: 264929
* [asan] Support dead code stripping on Mach-O platformsRyan Govostes2016-03-281-12/+108
| | | | | | | | | | | | | | | | | | On OS X El Capitan and iOS 9, the linker supports a new section attribute, live_support, which allows dead stripping to remove dead globals along with the ASAN metadata about them. With this change __asan_global structures are emitted in a new __DATA,__asan_globals section on Darwin. Additionally, there is a __DATA,__asan_liveness section with the live_support attribute. Each entry in this section is simply a tuple that binds together the liveness of a global variable and its ASAN metadata structure. Thus the metadata structure will be alive if and only if the global it references is also alive. Review: http://reviews.llvm.org/D16737 llvm-svn: 264645
* Remove llvm::getDISubprogram in favor of Function::getSubprogramPete Cooper2016-03-111-1/+1
| | | | | | | | | | | | | | | | | llvm::getDISubprogram walks the instructions in a function, looking for one in the scope of the current function, so that it can find the !dbg entry for the subprogram itself. Now that !dbg is attached to functions, this should not be necessary. This patch changes all uses to just query the subprogram directly on the function. Ideally this should be NFC, but in reality its possible that a function: has no !dbg (in which case there's likely a bug somewhere in an opt pass), or that none of the instructions had a scope referencing the function, so we used to not find the !dbg on the function but now we will Reviewed by Duncan Exon Smith. Differential Revision: http://reviews.llvm.org/D18074 llvm-svn: 263184
* [asan] Do not instrument globals in the special "LLVM" sectionsAnna Zaks2016-02-241-1/+1
| | | | llvm-svn: 261794
* [asan] Introduce new hidden -asan-use-private-alias option.Maxim Ostapenko2016-02-081-6/+44
| | | | | | | | | | | | | | | | As discussed in https://github.com/google/sanitizers/issues/398, with current implementation of poisoning globals we can have some CHECK failures or false positives in case of mixing instrumented and non-instrumented code due to ASan poisons innocent globals from non-sanitized binary/library. We can use private aliases to avoid such errors. In addition, to preserve ODR violation detection, we introduce new __odr_asan_gen_XXX symbol for each instrumented global that indicates if this global was already registered. To detect ODR violation in runtime, we should only check the value of indicator and report an error if it isn't equal to zero. Differential Revision: http://reviews.llvm.org/D15642 llvm-svn: 260075
* [asan] Add iOS support to AddressSanitzierAnna Zaks2016-02-021-3/+11
| | | | | | Differential Revision: http://reviews.llvm.org/D15625 llvm-svn: 259586
* GlobalValue: use getValueType() instead of getType()->getPointerElementType().Manuel Jacob2016-01-161-3/+2
| | | | | | | | | | | | Reviewers: mjacob Subscribers: jholewinski, arsenm, dsanders, dblaikie Patch by Eduard Burtescu. Differential Revision: http://reviews.llvm.org/D16260 llvm-svn: 257999
* [ASAN] Add doFinalization to reset stateKeno Fischer2015-12-051-0/+11
| | | | | | | | | | | | | | | Summary: If the same pass manager is used for multiple modules ASAN complains about GlobalsMD being initialized twice. Fix this by resetting GlobalsMD in a new doFinalization method to allow this use case. Reviewers: kcc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D14962 llvm-svn: 254851
* [asan] Fix dynamic allocas unpoisoning on PowerPC64.Yury Gribov2015-12-041-2/+17
| | | | | | | | | | | | | | | For PowerPC64 we cannot just pass SP extracted from @llvm.stackrestore to _asan_allocas_unpoison due to specific ABI requirements (http://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi.html#DYNAM-STACK). This patch adds the value returned by @llvm.get.dynamic.area.offset to extracted from @llvm.stackrestore stack pointer, so dynamic allocas unpoisoning stuff would work correctly on PowerPC64. Patch by Max Ostapenko. Differential Revision: http://reviews.llvm.org/D15108 llvm-svn: 254707
* Follow up to r253591. Turn into an assertion.Davide Italiano2015-11-191-2/+1
| | | | | | Reported by: David Blaikie. llvm-svn: 253605
* [AddressSanitizer] assert(false) -> llvm_unreachable and remove return.Davide Italiano2015-11-191-4/+2
| | | | llvm-svn: 253591
* [ASan] Enable optional ASan recovery.Yury Gribov2015-11-111-18/+33
| | | | | | Differential Revision: http://reviews.llvm.org/D14242 llvm-svn: 252719
* [sanitizer] Use same shadow offset for ASAN on aarch64Adhemerval Zanella2015-11-091-15/+2
| | | | | | | | | This patch makes ASAN for aarch64 use the same shadow offset for all currently supported VMAs (39 and 42 bits). The shadow offset is the same for 39-bit (36). Similar to ppc64 port, aarch64 transformation also requires to use an add instead of 'or' for 42-bit VMA. llvm-svn: 252495
* [ASan] Disable instrumentation for inalloca variables.Alexey Samsonov2015-11-051-1/+4
| | | | | | | | inalloca variables were not treated as static allocas, therefore didn't participate in regular stack instrumentation. We don't want them to participate in dynamic alloca instrumentation as well. llvm-svn: 252213
* Refactor: Simplify boolean conditional return statements in ↵Alexey Samsonov2015-10-261-4/+2
| | | | | | | | | | | | lib/Transforms/Instrumentation Summary: Use clang-tidy to simplify boolean conditional return statements. Differential Revision: http://reviews.llvm.org/D9996 Patch by Richard (legalize@xmission.com)! llvm-svn: 251318
* [ASan] Enable instrumentation of dynamic allocas by default.Alexey Samsonov2015-10-221-1/+1
| | | | llvm-svn: 251056
* [ASan] Minor fixes to dynamic allocas handling:Alexey Samsonov2015-10-221-12/+11
| | | | | | | | | | | | | | | * Don't instrument promotable dynamic allocas: We already have a test that checks that promotable dynamic allocas are ignored, as well as static promotable allocas. Make sure this test will still pass if/when we enable dynamic alloca instrumentation by default. * Handle lifetime intrinsics before handling dynamic allocas: lifetime intrinsics may refer to dynamic allocas, so we need to emit instrumentation before these dynamic allocas would be replaced. Differential Revision: http://reviews.llvm.org/D12704 llvm-svn: 251045
* Fix missing INITIALIZE_PASS_DEPENDENCY for AddressSanitizerKeno Fischer2015-10-201-0/+1
| | | | | | | | | | | | | | Summary: In r231241, TargetLibraryInfoWrapperPass was added to `getAnalysisUsage` for `AddressSanitizer`, but the corresponding `INITIALIZE_PASS_DEPENDENCY` was not added. Reviewers: dvyukov, chandlerc, kcc Subscribers: kcc, llvm-commits Differential Revision: http://reviews.llvm.org/D13629 llvm-svn: 250813
* Instrumentation: Remove ilist iterator implicit conversions, NFCDuncan P. N. Exon Smith2015-10-131-4/+5
| | | | llvm-svn: 250186
* Add Triple::isAndroid().Evgeniy Stepanov2015-10-081-1/+1
| | | | | | | This is a simple refactoring that replaces Triple.getEnvironment() checks for Android with Triple.isAndroid(). llvm-svn: 249750
* Fix Clang-tidy modernize-use-nullptr warnings in source directories and ↵Hans Wennborg2015-10-061-3/+3
| | | | | | | | | | generated files; other minor cleanups. Patch by Eugene Zelenko! Differential Revision: http://reviews.llvm.org/D13321 llvm-svn: 249482
* [ASan] Don't instrument globals in .preinit_array/.init_array/.fini_arrayAlexey Samsonov2015-09-151-0/+8
| | | | | | | | | | | | These sections contain pointers to function that should be invoked during startup/shutdown by __libc_csu_init and __libc_csu_fini. Instrumenting these globals will append redzone to them, which will be filled with zeroes. This will cause null pointer dereference at runtime. Merge ASan regression tests for globals that should be ignored by instrumentation pass. llvm-svn: 247734
* [asan] Add ASAN support for AArch64 42-bit VMAAdhemerval Zanella2015-08-201-0/+14
| | | | | | | | | This patch adds support for asan on aarch64-linux with 42-bit VMA (current default config for 64K pagesize kernels). The support is enabled by defining the SANITIZER_AARCH64_VMA to 42 at build time for both clang/llvm and compiler-rt. The default VMA is 39 bits. llvm-svn: 245594
* De-constify pointers to Type since they can't be modified. NFCCraig Topper2015-08-011-1/+1
| | | | | | This was already done in most places a while ago. This just fixes the ones that crept in over time. llvm-svn: 243842
* [ASan] Disable dynamic alloca and UAR detection in presence of returns_twice ↵Alexey Samsonov2015-07-291-9/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | calls. Summary: returns_twice (most importantly, setjmp) functions are optimization-hostile: if local variable is promoted to register, and is changed between setjmp() and longjmp() calls, this update will be undone. This is the reason why "man setjmp" advises to mark all these locals as "volatile". This can not be enough for ASan, though: when it replaces static alloca with dynamic one, optionally called if UAR mode is enabled, it adds a whole lot of SSA values, and computations of local variable addresses, that can involve virtual registers, and cause unexpected behavior, when these registers are restored from buffer saved in setjmp. To fix this, just disable dynamic alloca and UAR tricks whenever we see a returns_twice call in the function. Reviewers: rnk Subscribers: llvm-commits, kcc Differential Revision: http://reviews.llvm.org/D11495 llvm-svn: 243561
OpenPOWER on IntegriCloud