summaryrefslogtreecommitdiffstats
path: root/llvm/test/Instrumentation/AddressSanitizer
Commit message (Collapse)AuthorAgeFilesLines
...
* [Verifier] Add verification for TBAA metadataSanjoy Das2016-12-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: This change adds some verification in the IR verifier around struct path TBAA metadata. Other than some basic sanity checks (e.g. we get constant integers where we expect constant integers), this checks: - That by the time an struct access tuple `(base-type, offset)` is "reduced" to a scalar base type, the offset is `0`. For instance, in C++ you can't start from, say `("struct-a", 16)`, and end up with `("int", 4)` -- by the time the base type is `"int"`, the offset better be zero. In particular, a variant of this invariant is needed for `llvm::getMostGenericTBAA` to be correct. - That there are no cycles in a struct path. - That struct type nodes have their offsets listed in an ascending order. - That when generating the struct access path, you eventually reach the access type listed in the tbaa tag node. Reviewers: dexonsmith, chandlerc, reames, mehdi_amini, manmanren Subscribers: mcrosier, llvm-commits Differential Revision: https://reviews.llvm.org/D26438 llvm-svn: 289402
* [asan] Split load and store checks in test. NFCIFilipe Cabecinhas2016-12-071-62/+62
| | | | llvm-svn: 288991
* [asan/win] Align global registration metadata to its sizeReid Kleckner2016-11-291-1/+1
| | | | | | | | This way, when the linker adds padding between globals, we can skip over the zero padding bytes and reliably find the start of the next metadata global. llvm-svn: 288096
* [asan] Make ASan compatible with linker dead stripping on WindowsReid Kleckner2016-11-212-4/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: This is similar to what was done for Darwin in rL264645 / http://reviews.llvm.org/D16737, but it uses COFF COMDATs to achive the same result instead of relying on new custom linker features. As on MachO, this creates one metadata global per instrumented global. The metadata global is placed in the custom .ASAN$GL section, which the ASan runtime will iterate over during initialization. There are no other references to the metadata, so normal linker dead stripping would discard it. However, the metadata is put in a COMDAT group with the instrumented global, so that it will be discarded if and only if the instrumented global is discarded. I didn't update the ASan ABI version check since this doesn't affect non-Windows platforms, and the WinASan ABI isn't really stable yet. Implementing this for ELF will require extending LLVM IR and MC a bit so that we can use non-COMDAT section groups. Reviewers: pcc, kcc, mehdi_amini, kubabrecka Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D26770 llvm-svn: 287576
* [asan] Turn on Mach-O global metadata liveness tracking by defaultAnna Zaks2016-11-171-1/+1
| | | | | | | | | | | | | | | | This patch turns on the metadata liveness tracking since all known issues have been resolved. The future has been implemented in https://reviews.llvm.org/D16737 and enables support of dead code stripping option on Mach-O platforms. As part of enabling the feature, I also plan on reverting the following patch to compiler-rt: http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20160704/369910.html Differential Revision: https://reviews.llvm.org/D26772 llvm-svn: 287235
* [AddressSanitizer] Add support for (constant-)masked loads and stores.Filipe Cabecinhas2016-11-151-0/+127
| | | | | | | | | | | | | | | | This patch adds support for instrumenting masked loads and stores under ASan, if they have a constant mask. isInterestingMemoryAccess now supports returning a mask to be applied to the loads, and instrumentMop will use it to generate additional checks. Added tests for v4i32 v8i32, and v4p0i32 (~v4i64) for both loads and stores (as well as a test to verify we don't add checks to non-constant masks). Differential Revision: https://reviews.llvm.org/D26230 llvm-svn: 287047
* [asan] Speed up compilation of large C++ stringmaps (tons of allocas) with ASanKuba Brecka2016-11-081-0/+21
| | | | | | | | This addresses PR30746, <https://llvm.org/bugs/show_bug.cgi?id=30746>. The ASan pass iterates over entry-block instructions and checks each alloca whether it's in NonInstrumentedStaticAllocaVec, which is apparently slow. This patch gathers the instructions to move during visitAllocaInst. Differential Revision: https://reviews.llvm.org/D26380 llvm-svn: 286296
* [asan] Move instrumented null-terminated strings to a special section, LLVM partKuba Brecka2016-10-311-0/+21
| | | | | | | | On Darwin, simple C null-terminated constant strings normally end up in the __TEXT,__cstring section of the resulting Mach-O binary. When instrumented with ASan, these strings are transformed in a way that they cannot be in __cstring (the linker unifies the content of this section and strips extra NUL bytes, which would break instrumentation), and are put into a generic __const section. This breaks some of the tools that we have: Some tools need to scan all C null-terminated strings in Mach-O binaries, and scanning all the contents of __const has a large performance penalty. This patch instead introduces a special section, __asan_cstring which will now hold the instrumented null-terminated strings. Differential Revision: https://reviews.llvm.org/D25026 llvm-svn: 285619
* [Coverage] Darwin: Move __llvm_covmap from __DATA to __LLVM_COVVedant Kumar2016-10-271-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Programs with very large __llvm_covmap sections may fail to link on Darwin because because of out-of-range 32-bit RIP relative references. It isn't possible to work around this by using the large code model because it isn't supported on Darwin. One solution is to move the __llvm_covmap section past the end of the __DATA segment. === Testing === In addition to check-{llvm,clang,profile}, I performed a link test on a simple object after injecting ~4GB of padding into __llvm_covmap: @__llvm_coverage_padding = internal constant [4000000000 x i8] zeroinitializer, section "__LLVM_COV,__llvm_covmap", align 8 (This test is too expensive to check-in.) === Backwards Compatibility === This patch should not pose any backwards-compatibility concerns. LLVM is expected to scan all of the sections in a binary for __llvm_covmap, so changing its segment shouldn't affect anything. I double-checked this by loading coverage produced by an unpatched compiler with a patched llvm-cov. Suggested by Nick Kledzik. llvm-svn: 285360
* [asan] Append line number to variable name if line is available and in the ↵Vitaly Buka2016-10-181-7/+43
| | | | | | | | | | | | same file as the function. PR30498 Reviewers: eugenis Differential Revision: https://reviews.llvm.org/D25715 llvm-svn: 284546
* [asan] Rename test file as the poisoning is not "experimental"Vitaly Buka2016-10-182-0/+0
| | | | | | | | | | Reviewers: eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D25737 llvm-svn: 284507
* [asan] Combine check-prefixes in stack-poisoning testVitaly Buka2016-10-182-108/+102
| | | | | | | | | | Reviewers: eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D25736 llvm-svn: 284506
* [asan] Make -asan-experimental-poisoning the only behaviorVitaly Buka2016-10-182-206/+8
| | | | | | | | | | Reviewers: eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D25735 llvm-svn: 284505
* [ASAN] Add the binder globals on Darwin to llvm.compiler.used to avoid LTO ↵Mehdi Amini2016-10-011-1/+6
| | | | | | | | | | | | | | | | dead-stripping The binder is in a specific section that "reverse" the edges in a regular dead-stripping: the binder is live as long as a global it references is live. This is a big hammer that prevents LLVM from dead-stripping these, while still allowing linker dead-stripping (with special knowledge of the section). Differential Revision: https://reviews.llvm.org/D24673 llvm-svn: 282988
* [asan] Support dynamic shadow address instrumentationEtienne Bergeron2016-09-301-0/+35
| | | | | | | | | | | | | | | | | | | Summary: This patch is adding the support for a shadow memory with dynamically allocated address range. The compiler-rt needs to export a symbol containing the shadow memory range. This is required to support ASAN on windows 64-bits. Reviewers: kcc, rnk, vitalybuka Subscribers: zaks.anna, kubabrecka, dberris, llvm-commits, chrisha Differential Revision: https://reviews.llvm.org/D23354 llvm-svn: 282881
* revert 281908 because 281909 got revertedNico Weber2016-09-211-35/+0
| | | | llvm-svn: 282097
* ASAN: Don't drop debug info attachements for global variables.Adrian Prantl2016-09-201-0/+28
| | | | | | | | | | This is a follow-up to r281284. Global Variables now can have !dbg attachements, so ASAN should clone these when generating a sanitized copy of a global variable. <rdar://problem/24899262> llvm-svn: 281994
* [asan] Support dynamic shadow address instrumentationEtienne Bergeron2016-09-191-0/+35
| | | | | | | | | | | | | | | | | | | Summary: This patch is adding the support for a shadow memory with dynamically allocated address range. The compiler-rt needs to export a symbol containing the shadow memory range. This is required to support ASAN on windows 64-bits. Reviewers: kcc, rnk, vitalybuka Subscribers: kubabrecka, dberris, llvm-commits, chrisha Differential Revision: https://reviews.llvm.org/D23354 llvm-svn: 281908
* Revert "[asan] Avoid lifetime analysis for allocas with can be in ambiguous ↵Vitaly Buka2016-09-161-45/+4
| | | | | | | | | | state" This approach is not good enough. Working on the new solution. This reverts commit r280907. llvm-svn: 281689
* Revert "[asan] Add flag to allow lifetime analysis of problematic allocas"Vitaly Buka2016-09-161-9/+6
| | | | | | | | This approach is not good enough. Working on the new solution. This reverts commit r281126. llvm-svn: 281688
* address comments from: https://reviews.llvm.org/D24566Etienne Bergeron2016-09-151-1/+1
| | | | | | using startswith instead of find. llvm-svn: 281617
* [compiler-rt] Avoid instrumenting sanitizer functionsEtienne Bergeron2016-09-141-0/+24
| | | | | | | | | | | | | | | | | | | Summary: Function __asan_default_options is called by __asan_init before the shadow memory got initialized. Instrumenting that function may lead to flaky execution. As the __asan_default_options is provided by users, we cannot expect them to add the appropriate function atttributes to avoid instrumentation. Reviewers: kcc, rnk Subscribers: dberris, chrisha, llvm-commits Differential Revision: https://reviews.llvm.org/D24566 llvm-svn: 281503
* [asan] Add flag to allow lifetime analysis of problematic allocasVitaly Buka2016-09-101-6/+9
| | | | | | | | | | | | | | Summary: Could be useful for comparison when we suspect that alloca was skipped because of this. Reviewers: eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D24437 llvm-svn: 281126
* Do not widen load for different variable in GVN.Dehao Chen2016-09-091-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: Widening load in GVN is too early because it will block other optimizations like PRE, LICM. https://llvm.org/bugs/show_bug.cgi?id=29110 The SPECCPU2006 benchmark impact of this patch: Reference: o2_nopatch (1): o2_patched Benchmark Base:Reference (1) ------------------------------------------------------- spec/2006/fp/C++/444.namd 25.2 -0.08% spec/2006/fp/C++/447.dealII 45.92 +1.05% spec/2006/fp/C++/450.soplex 41.7 -0.26% spec/2006/fp/C++/453.povray 35.65 +1.68% spec/2006/fp/C/433.milc 23.79 +0.42% spec/2006/fp/C/470.lbm 41.88 -1.12% spec/2006/fp/C/482.sphinx3 47.94 +1.67% spec/2006/int/C++/471.omnetpp 22.46 -0.36% spec/2006/int/C++/473.astar 21.19 +0.24% spec/2006/int/C++/483.xalancbmk 36.09 -0.11% spec/2006/int/C/400.perlbench 33.28 +1.35% spec/2006/int/C/401.bzip2 22.76 -0.04% spec/2006/int/C/403.gcc 32.36 +0.12% spec/2006/int/C/429.mcf 41.04 -0.41% spec/2006/int/C/445.gobmk 26.94 +0.04% spec/2006/int/C/456.hmmer 24.5 -0.20% spec/2006/int/C/458.sjeng 28 -0.46% spec/2006/int/C/462.libquantum 55.25 +0.27% spec/2006/int/C/464.h264ref 45.87 +0.72% geometric mean +0.23% For most benchmarks, it's a wash, but we do see stable improvements on some benchmarks, e.g. 447,453,482,400. Reviewers: davidxl, hfinkel, dberlin, sanjoy, reames Subscribers: gberry, junbuml Differential Revision: https://reviews.llvm.org/D24096 llvm-svn: 281074
* [asan] Avoid lifetime analysis for allocas with can be in ambiguous stateVitaly Buka2016-09-081-0/+41
| | | | | | | | | | | | | | | | | | Summary: C allows to jump over variables declaration so lifetime.start can be avoid before variable usage. To avoid false-positives on such rare cases we detect them and remove from lifetime analysis. PR27453 PR28267 Reviewers: eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D24321 llvm-svn: 280907
* Revert "[asan] Avoid lifetime analysis for allocas with can be in ambiguous ↵Vitaly Buka2016-09-071-41/+0
| | | | | | | | | | state" Fails on Windows. This reverts commit r280880. llvm-svn: 280883
* [asan] Avoid lifetime analysis for allocas with can be in ambiguous stateVitaly Buka2016-09-071-0/+41
| | | | | | | | | | | | | | | | | | Summary: C allows to jump over variables declaration so lifetime.start can be avoid before variable usage. To avoid false-positives on such rare cases we detect them and remove from lifetime analysis. PR27453 PR28267 Reviewers: eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D24321 llvm-svn: 280880
* [asan] Enable new stack poisoning with store instruction by defaultVitaly Buka2016-08-294-59/+106
| | | | | | | | | | Reviewers: eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D23968 llvm-svn: 279993
* Use store operation to poison allocas for lifetime analysis.Vitaly Buka2016-08-292-35/+624
| | | | | | | | | | | | | | | | | | Summary: Calling __asan_poison_stack_memory and __asan_unpoison_stack_memory for small variables is too expensive. Code is disabled by default and can be enabled by -asan-experimental-poisoning. PR27453 Reviewers: eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D23947 llvm-svn: 279984
* [asan] Minimize code size by using __asan_set_shadow_* for large blocksVitaly Buka2016-08-201-10/+45
| | | | | | | | | | | | | Summary: We can insert function call instead of multiple store operation. Current default is blocks larger than 64 bytes. Changes are hidden behind -asan-experimental-poisoning flag. PR27453 Differential Revision: https://reviews.llvm.org/D23711 llvm-svn: 279383
* [asan] Initialize __asan_set_shadow_* callbacksVitaly Buka2016-08-201-0/+24
| | | | | | | | | | | | | | | Summary: Callbacks are not being used yet. PR27453 Reviewers: kcc, eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D23634 llvm-svn: 279380
* [asan] Optimize store size in FunctionStackPoisoner::poisonRedZonesVitaly Buka2016-08-202-7/+8
| | | | | | | | | | | | Summary: Reduce store size to avoid leading and trailing zeros. Reviewers: kcc, eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D23648 llvm-svn: 279379
* [asan] Cleanup instrumentation of dynamic allocasVitaly Buka2016-08-204-5/+5
| | | | | | | | | | Summary: Extract instrumenting dynamic allocas into separate method. Rename asan-instrument-allocas -> asan-instrument-dynamic-allocas Differential Revision: https://reviews.llvm.org/D23707 llvm-svn: 279376
* Revert "[asan] Optimize store size in FunctionStackPoisoner::poisonRedZones"Vitaly Buka2016-08-192-7/+7
| | | | | | | | This reverts commit r279178. Speculative revert in hope to fix asan crash on arm. llvm-svn: 279277
* Revert "[asan] Fix size of shadow incorrectly calculated in r279178"Vitaly Buka2016-08-191-1/+0
| | | | | | | | This reverts commit r279222. Speculative revert in hope to fix asan crash on arm. llvm-svn: 279276
* [asan] Fix size of shadow incorrectly calculated in r279178Vitaly Buka2016-08-191-0/+1
| | | | | | | | | | | | Summary: r279178 generates 8 times more stores than necessary. Reviewers: eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D23708 llvm-svn: 279222
* [asan] Optimize store size in FunctionStackPoisoner::poisonRedZonesVitaly Buka2016-08-182-7/+7
| | | | | | | | | | | | Summary: Reduce store size to avoid leading and trailing zeros. Reviewers: kcc, eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D23648 llvm-svn: 279178
* [asan] Extend testVitaly Buka2016-08-181-3/+33
| | | | | | | | | | | | Summary: PR27453 Reviewers: eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D23647 llvm-svn: 279109
* [Asan] Unpoison red zones even if use-after-scope was disabled with runtime flagVitaly Buka2016-08-162-4/+8
| | | | | | | | | | | | Summary: PR27453 Reviewers: eugenis Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D23481 llvm-svn: 278818
* Unpoison stack before resume instructionVitaly Buka2016-07-222-1/+107
| | | | | | | | | | | | | | | | | | | Summary: Clang inserts cleanup code before resume similar way as before return instruction. This makes asan poison local variables causing false use-after-scope reports. __asan_handle_no_return does not help here as it was executed before llvm.lifetime.end inserted into resume block. To avoid false report we need to unpoison stack for resume same way as for return. PR27453 Reviewers: kcc, eugenis Differential Revision: https://reviews.llvm.org/D22661 llvm-svn: 276480
* Fix detection of stack-use-after scope for char arrays.Vitaly Buka2016-07-221-0/+20
| | | | | | | | | | | | | | Summary: Clang inserts GetElementPtrInst so findAllocaForValue was not able to find allocas. PR27453 Reviewers: kcc, eugenis Differential Revision: https://reviews.llvm.org/D22657 llvm-svn: 276374
* [asan] Add a hidden option for Mach-O global metadata liveness trackingRyan Govostes2016-07-051-1/+1
| | | | llvm-svn: 274578
* [asan] Do not instrument accesses to profiling globalsVedant Kumar2016-06-221-0/+9
| | | | | | | | | | | | | It's only useful to asan-itize profiling globals while debugging llvm's profiling instrumentation passes. Enabling asan along with instrprof or gcov instrumentation shouldn't incur extra overhead. This patch is in the same spirit as r264805 and r273202, which disabled tsan instrumentation of instrprof/gcov globals. Differential Revision: http://reviews.llvm.org/D21541 llvm-svn: 273444
* [asan] Do not instrument pointers with address space attributesAnna Zaks2016-06-221-0/+32
| | | | | | | | | Do not instrument pointers with address space attributes since we cannot track them anyway. Instrumenting them results in false positives in ASan and a compiler crash in TSan. (The compiler should not crash in any case, but that's a different problem.) llvm-svn: 273339
* [sanitizers] Disable target-specific lowering of string functions.Marcin Koscielnicki2016-06-181-0/+33
| | | | | | | | | | | | CodeGen has hooks that allow targets to emit specialized code instead of calls to memcmp, memchr, strcpy, stpcpy, strcmp, strlen, strnlen. When ASan/MSan/TSan/ESan is in use, this sidesteps its interceptors, resulting in uninstrumented memory accesses. To avoid that, make these sanitizers mark the calls as nobuiltin. Differential Revision: http://reviews.llvm.org/D19781 llvm-svn: 273083
* Make sure that not interesting allocas are not instrumented.Vitaly Buka2016-06-091-0/+20
| | | | | | | | | | | | | | | | | | | Summary: We failed to unpoison uninteresting allocas on return as unpoisoning is part of main instrumentation which skips such allocas. Added check -asan-instrument-allocas for dynamic allocas. If instrumentation of dynamic allocas is disabled it will not will not be unpoisoned. PR27453 Reviewers: kcc, eugenis Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D21207 llvm-svn: 272341
* Unpoison stack memory in use-after-return + use-after-scope modeVitaly Buka2016-06-092-33/+39
| | | | | | | | | | | | | | | Summary: We still want to unpoison full stack even in use-after-return as it can be disabled at runtime. PR27453 Reviewers: eugenis, kcc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D21202 llvm-svn: 272334
* [asan] add option to set shadow mapping offsetRyan Govostes2016-05-061-0/+39
| | | | | | | | | | Allowing overriding the default ASAN shadow mapping offset with the -asan-shadow-offset option, and allow zero to be specified for both offset and scale. Patch by Aaron Carroll <aaronc@apple.com>. llvm-svn: 268724
* Revert "[asan] add option to set shadow mapping offset"Ryan Govostes2016-05-051-39/+0
| | | | | | This reverts commit ba89768f97b1d4326acb5e33c14eb23a05c7bea7. llvm-svn: 268588
* [asan] add option to set shadow mapping offsetRyan Govostes2016-05-051-0/+39
| | | | | | | | Allowing overriding the default ASAN shadow mapping offset with the -asan-shadow-offset option, and allow zero to be specified for both offset and scale. llvm-svn: 268586
OpenPOWER on IntegriCloud