Functions instrumented with -fsanitize=function have two words before
the function label: a signature and a RTTI proxy.
Instrumented call sites check the signature first to skip checks
for uninstrumented callees.
The code is generic and works for all targets supporting C++ RTTI.
Change clangDriver to allow all targets. Add tests for Armv8.5
Branch Target Identification and `-fpatchable-function-entry=`.
Reviewed By: peter.smith
Differential Revision: https://reviews.llvm.org/D148573
The current implementation of -fsanitize=function places two words (the prolog
signature and the RTTI proxy) at the function entry, which makes the feature
incompatible with Intel Indirect Branch Tracking (IBT) that needs an ENDBR instruction
at the function entry. To allow the combination, move the two words before the
function entry, similar to -fsanitize=kcfi.
Armv8.5 Branch Target Identification (BTI) has a similar requirement.
Note: for IBT and BTI, whether a function gets a marker instruction at the entry
generally cannot be assumed (it can be disabled by a function attribute or
stronger LTO optimizations).
It is extremely unlikely for two words preceding a function entry to be
inaccessible. One way to achieve this is by ensuring that a function is
aligned at a page boundary and making the preceding page unmapped or
unreadable. This is not reasonable for application or library code.
(Think: the first text section has crt* code not instrumented by
-fsanitize=function.)
We use 0xc105cafe for all targets. .long 0xc105cafe disassembles to invalid
instructions on all architectures I have tested, except Power where it is
`lfs 8, -13570(5)` (Load Floating-Point with a weird offset, unlikely to be used in real code).
---
For the removed function in AsmPrinter.cpp, remove an assert: `mdconst::extract`
already asserts non-nullness.
For compiler-rt/test/ubsan/TestCases/TypeCheck/Function/function.cpp,
when the function doesn't have prolog/epilog (-O1 and above), after moving the two words,
the address of the function equals the address of ret instruction,
so symbolizing the function will additionally get a non-zero column number.
Adjust the test to allow an optional column number.
```
.long 3238382334
.long .L__llvm_rtti_proxy-_Z1fv
_Z1fv: // symbolizing here retrieves the line table entry from the second .loc
.file 0 ...
.loc 0 1 0
.cfi_startproc
.loc 0 2 1 prologue_end
retq
```
Reviewed By: peter.smith
Differential Revision: https://reviews.llvm.org/D148665
This patch adds the #if SANITIZER_INTERCEPT_ guard for wcslen, similarly to how all the other
functions are guarded. It was the only missing SANITIZER_INTERCEPT_ guard [1].
This missing guard was discovered while investigating the stage2/hwasan check failure of https://reviews.llvm.org/D150708 ("hwasan: lay groundwork for importing subset of sanitizer_common interceptors [NFC]"), that was seen in https://lab.llvm.org/buildbot/#/builders/236/builds/4069. llvm_build_hwasan/unittests/ADT/./ADTTests had crashed with a backtrace of:
...
A disassembly of the binary showed that wcslen interception was present (since it was not guarded by SANITIZER_INTERCEPT_WCSLEN); howver, since INIT_WCSLEN was not called, REAL(wcslen) was null, resulting in the null pointer dereference.
[1] I checked this using "egrep '^#[ ]*define[ ]+(INIT_.*)' sanitizer_common_interceptors.inc | tr -s ' ' | sed -r 's/^# /#/' | cut -d ' ' -f 2 | sort | uniq -c | grep -v '^[ ]*2[ ]'"
The other matches are {INIT_PTHREAD_SETNAME_NP, INIT_QSORT, INIT_SHA2_INTECEPTORS(LEN), INIT_TLS_GET_ADDR, INIT_WAIT4}, which all have good reasons for not having exactly two cases.
Differential Revision: https://reviews.llvm.org/D150909
These tests rely on an unintended behavior that when the driver performs both
compilation and linking phases, the .gcno & .gcda files are placed in PWD. The
behavior will be fixed to respect -o (match -ftime-trace, -gsplit-dwarf, and
GCC).
Add -dumpdir ./ so that the tests will work with or without the behavior change,
and make it easy to compare the coverage behavior with GCC.
This prevents spamming the build log with unused InitLoadedGlobals when building fuchsia runtimes.
Differential Revision: https://reviews.llvm.org/D150737
This reverts commit 65429b9af6a2c99d340ab2dcddd41dab201f399c.
Broke several projects, see https://reviews.llvm.org/D144509#4347562 onwards.
Also reverts follow-up commit "[OpenMP] Compile assembly files as ASM, not C"
This reverts commit 4072c8aee4c89c4457f4f30d01dc9bb4dfa52559.
Also reverts fix attempt "[cmake] Set CMP0091 to fix Windows builds after the cmake_minimum_required bump"
This reverts commit 7d47dac5f828efd1d378ba44a97559114f00fb64.
Allow user to provide target GOOS/GOARCH.
If not provided, use the host GOOS/GOARCH as we do now.
This allows to cross-compile the runtime.
Also provide SKIP_TEST knob for cross-compilation
since the test will most likely not run on host.
Reviewed By: vitalybuka
Differential Revision: https://reviews.llvm.org/D150650
This patch does the bare minimum to import sanitizer_common_interceptors, but
without actually enabling any interceptors or meaningfully defining the
COMMON_INTERCEPT macros.
This will allow selectively enabling sanitizer_common interceptors (if the
appropriate macros are defined), as suggested by Vitaly in D149701.
Differential Revision: https://reviews.llvm.org/D150708
The AllocatorRingBuffer is allocated dynamically when Allocator is
initialized. This patch adds a corresponding deinitialization call in
unmapTestOnly, to avoid running out of virtual memory if the tests are run
a large number of times on memory-constrained platforms.
Reviewed By: Chia-hungDuan
Differential Revision: https://reviews.llvm.org/D149266
The COMPILER_RT_HAS_FLOAT16 cmake check is now set per architecture,
which needs to be reflected when building the tests.
Additionally added armhf to the architecture list.
Reviewed By: dim
Differential Revision: https://reviews.llvm.org/D150281
This moves all but one remaining tests which use clang-cl and test
MSVC-specific behaviour into its own subdirectory. `dll_host.cpp` test
is excluded from the move because other tests also depend on its source
file, making it not MSVC-specific.
Differential Revision: https://reviews.llvm.org/D150271
This appears to be a leftover from when these tests were first added in
D62927. Because of this, these tests had never run with `check-asan` or
`check-asan-dynamic`.
I've tested locally that these tests do pass on both i686 MSVC and MinGW
targets. They are disabled for 64-bit though, and I believe no LLVM
buildbots are testing for 32-bit Windows targets.
Differential Revision: https://reviews.llvm.org/D150270
This test checks that asan does not intercept user-provided libc
functions, but on Windows the static asan runtime does intercept static
copies of libc functions, so this test is invalid for said environment.
It used to fail from a different linker error, but this no longer
happens with newer WinSDK. Refer to comments on
https://reviews.llvm.org/D149549.
Differential Revision: https://reviews.llvm.org/D150349
Various ASan interceptors may corrupt memory if passed a
pointer to freed memory (https://github.com/google/sanitizers/issues/321).
This patch fixes the issue for the backtrace interceptor,
by calling REAL(backtrace) with a known-good scratch buffer,
and performing an addressability check on the user-provided
buffer prior to writing to it.
Differential Revision: https://reviews.llvm.org/D150496
My newly added backtrace test (https://reviews.llvm.org/D150491)
broke the Windows buildbot (https://lab.llvm.org/buildbot/#/builders/127/builds/48103)
because they do not have execinfo.h.
I expect the same will happen with the backtrace_symbols test (https://reviews.llvm.org/D150498) as well.
This patch does a quick fix by restricting the test scope to glibc-2.27.
(A tricker fix would take into account SANITIZER_INTERCEPT_BACKTRACE,
which is defined as (SI_FREEBSD || SI_NETBSD || SI_GLIBC || SI_SOLARIS))
This is another patch for https://github.com/google/sanitizers/issues/321
(sanitizer interceptors can write to freed memory, causing corruption),
in this case for backtrace_symbols.
backtrace_symbols is already correct, hence this patch removes the
TODO note. Additionally, this patch adds a test case for it.
Differential Revision: https://reviews.llvm.org/D150498
It is a known, longstanding issue that some ASan interceptors
may write to freed memory, causing corruption
(https://github.com/google/sanitizers/issues/321). This patch
adds a testcase for the backtrace interceptor (one of the
known cases).
Reviewed By: vitalybuka
Differential Revision: https://reviews.llvm.org/D150491
The short granule logic made this test flaky because with low
probability there would be no tag mismatch by coincidence.
Reviewed By: vitalybuka
Differential Revision: https://reviews.llvm.org/D150484
Bionic uses pthread_exit to set retval, when GLIBC does not.
This cause double call to Finish. Rather then tracking this difference
on interceptor size, we can just relax precondition. It does not make
a difference.
Revert "[xray] Ignore -Wc++20-extensions in xray_records.h [NFC]"
Not needed. The fix is 3826a74fc7ad589e268b267d9323d4d416c5f6e9.
This reverts commit 231c1d4134513e5a97cfdc874e8bda488ad59699.
This reverts commit 7f191e6d2c9ec4af1819c4e80a5453583cd72f08.
Python>=3.6 has been the requirement since D93097 (2020).
Remove old workarounds.
Remove unused imports from compiler-rt/test/memprof/lit.cfg.py
Reviewed By: serge-sans-paille
Differential Revision: https://reviews.llvm.org/D150410
I tried to build libFuzzer for RISC-V and succeeded. All the libFuzzer
targets were successfully built. I tested this on the small hello world code
with a few branches to check the instrumentation; all of them were covered by
libFuzzer on RISC-V arch. So I suppose it makes sense to enable libFuzzer
build for RISC-V.
Reviewed By: phosek, thetruestblue, MaskRay
Differential Revision: https://reviews.llvm.org/D147788
up at runtime using dlsym
Calling dlsym with RTLD_DEFAULT can be very slow as all images in the
process are searched for the symbol.
Differential Revision: https://reviews.llvm.org/D150397
