No behavioral change, but eliminates potential UB in strict-alignment
systems.
The previous commit (llvm#94171) bulk-updated alignment usage to C++23
spec, but missed this occurrence.
https://github.com/llvm/llvm-project/pull/152192 forgot to make the
argument changes to Android code in UBsan minimal causing a build error
for Android LLVM:
```
/b/f/w/src/git/out/llvm-project/compiler-rt/lib/ubsan_minimal/ubsan_minimal_handlers.cpp:102:3: error: no matching function for call to 'format_msg'
102 | format_msg(kind, caller, msg_buf, msg_buf + sizeof(msg_buf));
| ^~~~~~~~~~
/b/f/w/src/git/out/llvm-project/compiler-rt/lib/ubsan_minimal/ubsan_minimal_handlers.cpp:37:13:
note: candidate function not viable: requires 5 arguments, but 4 were
provided
37 | static void format_msg(const char *kind, uintptr_t caller,
| ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
38 | const uintptr_t *address, char *buf,
const char *end) {
```
This change adds the address argument to abort_with_message just like
__ubsan_report_error_fatal so it can be passed to format_msg.
This adds commentary to explain why ASan does not work for AArch64
non-Android Linux with 39-bit and 42-bit VMAs (e.g.,
https://github.com/llvm/llvm-project/issues/145259).
Additionally, it updates the 42-bit VMA shadow map comment, which has
been outdated for the last 10 years
(18b2258c92df93c83bc7fce94c20baff3c06e2c6 changed 39-bit and 42-bit to
use the same offset), and adds a comment for the 48-bit VMA shadow map.
+ Changed type_mismatch minimal handler to accept and print pointer.
This will allow to distinguish null pointer use, misallignment and
incorrect object size.
The change increases binary size by ~1% and has almost no performance
impact.
Fixes#149943
There is an issue tracking lsan incompatibility on these platforms:
https://github.com/llvm/llvm-project/issues/131678. Many of these tests
are currently failing and creating CI noise.
rdar://157252316
Fixes corner cases of https://github.com/llvm/llvm-project/pull/151406:
- Don't run TestPTrace() on SPARC, because internal_fork() on SPARC
actually calls __fork(). We can't safely __fork(), because it's possible
seccomp has been configured to disallow fork() but allow clone().
- if internal_fork() fails for whatever reason, we shouldn't give up. It
is strictly worse to give up early than to attempt StopTheWorld.
Also updates some comments/TODOs.
StopTheWorld() clones a child process (with shared virtual address space
and shared TLS) that calls ptrace before releasing a mutex; the parent
process yields until the mutex is unlocked. If seccomp kills the child
process, the parent process will silently hang. The parent process
cannot use waitpid to detect that the child process has been killed,
because the processes share errno.
This patch forks the process one-time to test whether ptrace is allowed.
If it fails, it prints an informational message (though it does not
abort the sanitizer).
Fixes https://github.com/llvm/llvm-project/issues/150380 and
https://github.com/google/sanitizers/issues/777
Sanitizer-specific tests don't use the sanitizer_common flags, but the
issues they address probably also apply to the individual sanitizers.
This was observed in #119071: moving a test from sanitizer_common to
msan broke it in builds with CMAKE_SYSROOT set, because the --sysroot
argument was no longer applied to the test.
When compiling TSan I currently get a handful of warnings like this:
"warning: format specifies type 'void *' but the argument has type 'X
*'". This patch adds the necessary casts to fix them.
Make clang calls using custom suffix to allow correct calls without
reading cfg.py. As I see tests for other other specific checks are doing
it too (e.g. %clangxx_asan).
Instead of writing out in native endian, write out the raw profile bytes
in little endian. Also update the MIB data in little endian. Also clean
up some lint and unused includes in rawprofile.cpp.
Add a new configuration option QuarantineDisabled that allows all of the
quarantine code to be compiled out.
Add new tests that verify that the code is removed properly.
On Android, this saves ~4000 bytes for 32 bit and ~6000 bytes for 64
bit.
On Android, I used some microbenchmarks that do malloc/free in a loop
and for allocations in the primary, the performance is about the same
for both 32 bit and 64 bit. For secondary allocations, I saw ~8% speed
up on 32 bit and ~3% on 64 bit speed up which feels like it could just
be code size improvements.
Reapply #147854 after fixes merged in #151398.
Change memory access histogram storage from uint64_t to uint16_t to
reduce profile size on disk. This change updates the raw profile format
to v5. Also add a histogram test in compiler-rt since we didn't have one
before. With this change the histogram memprof raw for the basic test
reduces from 75KB -> 20KB.
Add the necessary sanitizer interface decls required when the memprof
runtime is built in dynamic mode. This was a latent issue since we didn't
add tests for the histogram feature in compiler-rt. These tests are run
with `ninja check-memprof-dynamic`. I discovered this after the CI
failures for #147854.
Change memory access histogram storage from uint64_t to uint16_t to
reduce profile size on disk. This change updates the raw profile format
to v5. Also add a histogram test in compiler-rt since we didn't have one
before. With this change the histogram memprof raw for the basic test
reduces from 75KB -> 20KB.
This is the refactoring portion of:
https://github.com/llvm/llvm-project/pull/149516. My aim is for this
change to replicate current behaviour - just with Symbolization done
explicitly (and later than previously).
This change will enable us to perform symboliaztion after releasing the
locks in `OutputReport`; this is necessary on Apple platforms in order
to avoid a deadlock.
This reverts commit 3c3523c15850f3c42de35ae725288368414e4e91.
Keeping the directory structure the same as before fixes the failures.
They trivially reproduced locally and only passed before because I was
not cleaning up the temp test directory in between invocations.
%T has been deprecated for about seven years and use is to be avoided
given it doesn't actually create a unique test directory per test, which
can lead to races. Remove it from compiler-rt so we can hopefully remove
it from within llvm-lit.
This patch just touches the tests. There are still uses in some
substitutions defined in compiler-rt/test/lit.common.cfg.py that I want
to leave for a separate patch because it is quite a bit more thorny.
I was observing segfaults at executable exit in the rtsan instrumented
unit tests. Bisecting the offending test led to observing that this test
is not using our safe test fixture for anything involving a file
descriptor. Changing to use the fixture eliminated the segfault on exit.
When `ptrauth_calls` is present but `ptrauth_init_fini` is not, compiler
emits raw unsigned pointers in `.init_array`/`.fini_array` sections.
Previously, `__do_init`/`__do_fini` pointers, which are explicitly added
to the sections, were implicitly signed (due to the presense of
`ptrauth_calls`), while all the other pointers in the sections were
implicitly added by the compiler and thus non-signed.. As a result, the
sections contained a mix of unsigned function pointers and function
pointers signed with default signing schema.
This patch introduces use of inline assembly for this particular case,
so we can manually specify that we do not want to sign the pointers.
Note that we cannot use `__builtin_ptrauth_strip` for this purpose since
its result is not a constant expression.
The current code always unmaps a secondary allocation when MTE is
enabled. Fix this to match the comment, namely only unmap if MTE was
enabled and is no longer enabled after acquiring the lock.
In addition, allow quaratine to work in the secondary even if MTE is not
enabled.
Introduce the test from
https://github.com/llvm/llvm-project/issues/146120
For future readers of this PR, if this test causes a segfault please
comment out the line indicated by the comment (or revert this entire
commit).
My plan is to commit this, see if any test runners fail, then submit the
fix in a follow on.
I cannot repro this bug on my machine so I need some confirmation of the
bug being fixed as it is submitted.
Supplement to PR #144073
Previously, _msan_check_mem_is_initialized.cpp_ initialized a 32-byte
stack array, but checked the shadow for the offset range [12, 42),
exceeding the stack array size.
MSan does not guarantee that the shadow corresponding to the overflow
part is 0, so it is undefined to require the overflow part to be
unpoisoned.
glibc 2.42 made all usage of termios ioctl constants strictly internal
Therefore, we remove all usage for those removed constants.
This should only apply for Linux.
Fix#149103
Reference:
3d3572f590
@fweimer-rh @tstellar
ASan had a gap in coverage for wqthreads blocks submitted by
dispatch_apply
This adds interceptor for dispatch_apply and dispatch_apply_f and adds a
test that a failure in a dispatch apply block contains thread and stack
info.
rdar://139660648
`tid_t` is also defined in the AIX header `/usr/include/sys/types.h`
which is included by system `pthread.h`. The use of `tid_t` by AIX is
conforming according to
[POSIX](https://pubs.opengroup.org/onlinepubs/9799919799/functions/V2_chap02.html):
> Implementations may add symbols to the headers shown in the following
table [ ... ]
Do some refactoring to allocation/deallocation interceptors. Expose
explicit per-alloc_type functions and stop accepting explicit AllocType.
This ensures we do not accidentally mix.
NOTE: This change rejects attempts to call `operator new(<some_size>,
static_cast<std::align_val_t>(0))`.
For https://github.com/llvm/llvm-project/issues/144435
Signed-off-by: Justin King <jcking@google.com>
The script incorrectly checked ${LLVM_BUILD}/build.ninja to determine if
cached libcxx is available, while it should be checking the actual
libcxx build directory at ${LIBCXX_BUILD}/build.ninja.
Ran into the issue on Alpine when building with TSAN that
`__sanitizer_msghdr` and the `msghdr` provided by musl did not match.
This caused lots of tsan reports and an eventual termination of the
application by the oom during a `sendmsg`.
The sizes of the struct stat on MIPS64 differ in musl vs glibc.
See https://godbolt.org/z/qf9bcq8Y8 for the proof. Prior to this change,
compilation for MIPS64 musl would fail.
Signed-off-by: Jens Reidel <adrian@travitia.xyz>
287b24e1899eb6ce62eb9daef5a24faae5e66c1e moved the
`GetGlobalAddressInformation` call earlier, but this broke a chromium
test, so make this workaround for AIX only.
