Commit Graph

222 Commits

Author SHA1 Message Date
Kostya Serebryany
acbc9cb577 [asan] add llvm-ish test for memset/etc instrumentation
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@206747 91177308-0d34-0410-b5e6-96231b3b80d8
2014-04-21 11:57:43 +00:00
Evgeniy Stepanov
f19e327319 [msan] Add -msan-instrumentation-with-call-threshold.
This flag replaces inline instrumentation for checks and origin stores with
calls into MSan runtime library. This is a workaround for PR17409.

Disabled by default.



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@206585 91177308-0d34-0410-b5e6-96231b3b80d8
2014-04-18 12:17:20 +00:00
Kostya Serebryany
40a9c0f58b [asan] one more workaround for PR17409: don't do BB-level coverage instrumentation if there are more than N (=1500) basic blocks. This makes ASanCoverage work on libjpeg_turbo/jchuff.c used by Chrome, which has 1824 BBs
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@206564 91177308-0d34-0410-b5e6-96231b3b80d8
2014-04-18 08:02:42 +00:00
Kostya Serebryany
8cc4741d85 [asan] add two new hidden compile-time flags for asan: asan-instrumentation-with-call-threshold and asan-memory-access-callback-prefix. This is part of the workaround for PR17409 (instrument huge functions with callbacks instead of inlined code). These flags will also help us experiment with kasan (kernel-asan) and clang
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@206383 91177308-0d34-0410-b5e6-96231b3b80d8
2014-04-16 12:12:19 +00:00
Evgeniy Stepanov
ffa7f428c5 [msan] Relax the test some more.
This may or may not fix the bots. R204720 did not.



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@204721 91177308-0d34-0410-b5e6-96231b3b80d8
2014-03-25 14:32:05 +00:00
Evgeniy Stepanov
0b9bcfa50f [msan] Make some tests less strict.
This may or may not fix the bots.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@204720 91177308-0d34-0410-b5e6-96231b3b80d8
2014-03-25 14:15:14 +00:00
Evgeniy Stepanov
800399636a [msan] More precise instrumentation of select IR.
Some bits of select result may be initialized even if select condition
is not.

https://code.google.com/p/memory-sanitizer/issues/detail?id=50


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@204716 91177308-0d34-0410-b5e6-96231b3b80d8
2014-03-25 13:08:34 +00:00
Alexander Potapenko
90844c4778 [ASan] Add -asan-module to the ASan .ll tests.
After the -asan pass had been split into -asan (function-level) and -asan-module (module-level) some of the
tests have silently stopped working, because they didn't instrument the globals anymore.
We've decided to have every test using both passes, irrespective of the presence of globals in it.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@204335 91177308-0d34-0410-b5e6-96231b3b80d8
2014-03-20 11:16:34 +00:00
Alexander Potapenko
d68ef1a8d7 [ASan] Do not instrument globals from the llvm.metadata section.
Fixes https://code.google.com/p/address-sanitizer/issues/detail?id=279.



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@204331 91177308-0d34-0410-b5e6-96231b3b80d8
2014-03-20 10:48:34 +00:00
Evgeniy Stepanov
eef411a52a Set debug info for instructions inserted in SplitBlockAndInsertIfThen.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@204230 91177308-0d34-0410-b5e6-96231b3b80d8
2014-03-19 12:56:38 +00:00
Evgeniy Stepanov
610469f4c2 [msan] Origin tracking with history.
LLVM part of MSan implementation of advanced origin tracking,
when we record not only creation point, but all locations where
an uninitialized value was stored to memory, too.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@204151 91177308-0d34-0410-b5e6-96231b3b80d8
2014-03-18 13:30:56 +00:00
Evgeniy Stepanov
bf7cc396c6 AddressSanitizer instrumentation for MOV and MOVAPS.
This is an initial version of *Sanitizer instrumentation of assembly code.

Patch by Yuri Gorshenin.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@203908 91177308-0d34-0410-b5e6-96231b3b80d8
2014-03-14 08:58:04 +00:00
Evgeniy Stepanov
2da418712c [msan] Fix handling of byval arguments in VarArg calls.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@203794 91177308-0d34-0410-b5e6-96231b3b80d8
2014-03-13 13:17:11 +00:00
Tim Northover
ca396e391e IR: add a second ordering operand to cmpxhg for failure
The syntax for "cmpxchg" should now look something like:

	cmpxchg i32* %addr, i32 42, i32 3 acquire monotonic

where the second ordering argument gives the required semantics in the case
that no exchange takes place. It should be no stronger than the first ordering
constraint and cannot be either "release" or "acq_rel" (since no store will
have taken place).

rdar://problem/15996804

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@203559 91177308-0d34-0410-b5e6-96231b3b80d8
2014-03-11 10:48:52 +00:00
Evgeniy Stepanov
8b77d958fd [msan] Handle X86 SIMD bitshift intrinsics.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@202712 91177308-0d34-0410-b5e6-96231b3b80d8
2014-03-03 13:47:42 +00:00
Kostya Serebryany
596d621b57 [asan] remove test that should have been removed in r202033
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@202034 91177308-0d34-0410-b5e6-96231b3b80d8
2014-02-24 13:44:24 +00:00
Rafael Espindola
737c9f6005 Add back r201608, r201622, r201624 and r201625
r201608 made llvm corretly handle private globals with MachO. r201622 fixed
a bug in it and r201624 and r201625 were changes for using private linkage,
assuming that llvm would do the right thing.

They all got reverted because r201608 introduced a crash in LTO. This patch
includes a fix for that. The issue was that TargetLoweringObjectFile now has
to be initialized before we can mangle names of private globals. This is
trivially true during the normal codegen pipeline (the asm printer does it),
but LTO has to do it manually.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@201700 91177308-0d34-0410-b5e6-96231b3b80d8
2014-02-19 17:23:20 +00:00
Rafael Espindola
3e0d3a45e5 This reverts commit r201625 and r201624.
Since r201608 got reverted, it is not safe to use private linkage in these cases
until it is committed back.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@201688 91177308-0d34-0410-b5e6-96231b3b80d8
2014-02-19 15:49:46 +00:00
Rafael Espindola
070b5745ae Now that llvm always does the right thing with private, use it.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@201625 91177308-0d34-0410-b5e6-96231b3b80d8
2014-02-19 02:08:39 +00:00
Kostya Serebryany
8cab11a9f8 [asan] support for FreeBSD, LLVM part. patch by Viktor Kutuzov
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@201067 91177308-0d34-0410-b5e6-96231b3b80d8
2014-02-10 07:37:04 +00:00
Kostya Serebryany
06fd4ed4c9 [asan] simplify a test
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@200378 91177308-0d34-0410-b5e6-96231b3b80d8
2014-01-29 07:35:43 +00:00
Kostya Serebryany
bd2c711cdd [asan] extend asan-coverage (still experimental).
- add a mode for collecting per-block coverage (-asan-coverage=2).
   So far the implementation is naive (all blocks are instrumented),
   the performance overhead on top of asan could be as high as 30%.
 - Make sure the one-time calls to __sanitizer_cov are moved to function buttom,
   which in turn required to copy the original debug info into the call insn.

Here is the performance data on SPEC 2006
(train data, comparing asan with asan-coverage={0,1,2}):

                             asan+cov0     asan+cov1      diff 0-1    asan+cov2       diff 0-2      diff 1-2
       400.perlbench,        65.60,        65.80,         1.00,        76.20,         1.16,         1.16
           401.bzip2,        65.10,        65.50,         1.01,        75.90,         1.17,         1.16
             403.gcc,         1.64,         1.69,         1.03,         2.04,         1.24,         1.21
             429.mcf,        21.90,        22.60,         1.03,        23.20,         1.06,         1.03
           445.gobmk,       166.00,       169.00,         1.02,       205.00,         1.23,         1.21
           456.hmmer,        88.30,        87.90,         1.00,        91.00,         1.03,         1.04
           458.sjeng,       210.00,       222.00,         1.06,       258.00,         1.23,         1.16
      462.libquantum,         1.73,         1.75,         1.01,         2.11,         1.22,         1.21
         464.h264ref,       147.00,       152.00,         1.03,       160.00,         1.09,         1.05
         471.omnetpp,       115.00,       116.00,         1.01,       140.00,         1.22,         1.21
           473.astar,       133.00,       131.00,         0.98,       142.00,         1.07,         1.08
       483.xalancbmk,       118.00,       120.00,         1.02,       154.00,         1.31,         1.28
            433.milc,        19.80,        20.00,         1.01,        20.10,         1.02,         1.01
            444.namd,        16.20,        16.20,         1.00,        17.60,         1.09,         1.09
          447.dealII,        41.80,        42.20,         1.01,        43.50,         1.04,         1.03
          450.soplex,         7.51,         7.82,         1.04,         8.25,         1.10,         1.05
          453.povray,        14.00,        14.40,         1.03,        15.80,         1.13,         1.10
             470.lbm,        33.30,        34.10,         1.02,        34.10,         1.02,         1.00
         482.sphinx3,        12.40,        12.30,         0.99,        13.00,         1.05,         1.06


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@199488 91177308-0d34-0410-b5e6-96231b3b80d8
2014-01-17 11:00:30 +00:00
Alexander Potapenko
ca523f4f3d [ASan] Fix the tests broken by r198018 to check for private linkage of ASan-generated globals.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@198020 91177308-0d34-0410-b5e6-96231b3b80d8
2013-12-25 17:06:04 +00:00
Kostya Serebryany
26f1d1cbbc [asan] don't unpoison redzones on function exit in use-after-return mode.
Summary:
Before this change the instrumented code before Ret instructions looked like:
  <Unpoison Frame Redzones>
  if (Frame != OriginalFrame) // I.e. Frame is fake
     <Poison Complete Frame>

Now the instrumented code looks like:
  if (Frame != OriginalFrame) // I.e. Frame is fake
     <Poison Complete Frame>
  else
     <Unpoison Frame Redzones>

Reviewers: eugenis

Reviewed By: eugenis

CC: llvm-commits

Differential Revision: http://llvm-reviews.chandlerc.com/D2458

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@197907 91177308-0d34-0410-b5e6-96231b3b80d8
2013-12-23 14:15:08 +00:00
Evgeniy Stepanov
a7eb2b83ba Add an explicit insert point argument to SplitBlockAndInsertIfThen.
Currently SplitBlockAndInsertIfThen requires that branch condition is an
Instruction itself, which is very inconvenient, because it is sometimes an
Operator, or even a Constant.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@197677 91177308-0d34-0410-b5e6-96231b3b80d8
2013-12-19 13:29:56 +00:00
Matt Arsenault
1e80bef896 Teach MemoryBuiltins about address spaces
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@197292 91177308-0d34-0410-b5e6-96231b3b80d8
2013-12-14 00:27:48 +00:00
Kostya Serebryany
daa1bf3b74 [asan] rewrite asan's stack frame layout
Summary:
Rewrite asan's stack frame layout.
First, most of the stack layout logic is moved into a separte file
to make it more testable and (potentially) useful for other projects.
Second, make the frames more compact by using adaptive redzones
(smaller for small objects, larger for large objects).
Third, try to minimized gaps due to large alignments (this is hypothetical since
today we don't see many stack vars aligned by more than 32).

The frames indeed become more compact, but I'll still need to run more benchmarks
before committing, but I am sking for review now to get early feedback.

This change will be accompanied by a trivial change in compiler-rt tests
to match the new frame sizes.

Reviewers: samsonov, dvyukov

Reviewed By: samsonov

CC: llvm-commits

Differential Revision: http://llvm-reviews.chandlerc.com/D2324

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@196568 91177308-0d34-0410-b5e6-96231b3b80d8
2013-12-06 09:00:17 +00:00
Kostya Serebryany
64abf5b441 [tsan] fix PR18146: sometimes a variable written into vptr could have an integer type (after other optimizations)
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@196507 91177308-0d34-0410-b5e6-96231b3b80d8
2013-12-05 15:03:02 +00:00
Kostya Serebryany
dfb74a58c5 [tsan] fix instrumentation of vector vptr updates (https://code.google.com/p/thread-sanitizer/issues/detail?id=43)
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@196079 91177308-0d34-0410-b5e6-96231b3b80d8
2013-12-02 08:07:15 +00:00
Manman Ren
bec50063a5 Debug Info: update testing cases to specify the debug info version number.
We are going to drop debug info without a version number or with a different
version number, to make sure we don't crash when we see bitcode files with
different debug info metadata format.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@195504 91177308-0d34-0410-b5e6-96231b3b80d8
2013-11-22 21:49:45 +00:00
Peter Collingbourne
934d1f83ae Introduce two command-line flags for the instrumentation pass to control whether the labels of pointers should be ignored in load and store instructions
The new command line flags are -dfsan-ignore-pointer-label-on-store and -dfsan-ignore-pointer-label-on-load. Their default value matches the current labelling scheme.

Additionally, the function __dfsan_union_load is marked as readonly.

Patch by Lorenzo Martignoni!

Differential Revision: http://llvm-reviews.chandlerc.com/D2187

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@195382 91177308-0d34-0410-b5e6-96231b3b80d8
2013-11-21 23:20:54 +00:00
Evgeniy Stepanov
52658c9db5 [msan] Propagate condition origin in select instruction.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@195349 91177308-0d34-0410-b5e6-96231b3b80d8
2013-11-21 12:00:24 +00:00
Evgeniy Stepanov
ae89383daa Use multiple filecheck prefixes in msan instrumentation tests.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@195342 91177308-0d34-0410-b5e6-96231b3b80d8
2013-11-21 11:37:16 +00:00
Alexey Samsonov
64409ad8e3 [ASan] Fix PR17867 - make sure ASan doesn't crash if use-after-scope and use-after-return are combined.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@195014 91177308-0d34-0410-b5e6-96231b3b80d8
2013-11-18 14:53:55 +00:00
Bob Wilson
4b8991424a Reapply "[asan] Poor man's coverage that works with ASan"
I was able to successfully run a bootstrapped LTO build of clang with
r194701, so this change does not seem to be the cause of our failing
buildbots.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@194789 91177308-0d34-0410-b5e6-96231b3b80d8
2013-11-15 07:16:09 +00:00
Bob Wilson
2475da80ed Revert "[asan] Poor man's coverage that works with ASan"
This reverts commit 194701. Apple's bootstrapped LTO builds have been failing,
and this change (along with compiler-rt 194702-194704) is the only thing on
the blamelist.  I will either reappy these changes or help debug the problem,
depending on whether this fixes the buildbots.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@194780 91177308-0d34-0410-b5e6-96231b3b80d8
2013-11-15 03:28:22 +00:00
Kostya Serebryany
8cc5f7cd59 [asan] Poor man's coverage that works with ASan
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@194701 91177308-0d34-0410-b5e6-96231b3b80d8
2013-11-14 13:27:41 +00:00
Evgeniy Stepanov
45f5110634 [msan] Use CHECK-DAG instead of CHECK where order of instructions does not matter.
This may fix hexagon-elf bots.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@194700 91177308-0d34-0410-b5e6-96231b3b80d8
2013-11-14 12:46:12 +00:00
Evgeniy Stepanov
34432aeb6d [msan] Fast path optimization for wrap-indirect-calls feature of MemorySanitizer.
Indirect call wrapping helps MSanDR (dynamic instrumentation companion tool
for MSan) to catch all cases where execution leaves a compiler-instrumented
module by allowing the tool to rewrite targets of indirect calls.

This change is an optimization that skips wrapping for calls when target is
inside the current module. This relies on the linker providing symbols at the
begin and end of the module code (or code + data, does not really matter).
Gold linker provides such symbols by default. GNU (BFD) linker needs a link
flag: -Wl,--defsym=__executable_start=0.

More info:
https://code.google.com/p/memory-sanitizer/wiki/MSanDR#Native_exec


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@194697 91177308-0d34-0410-b5e6-96231b3b80d8
2013-11-14 12:29:04 +00:00
Evgeniy Stepanov
4590b8c090 [msan] Propagate origin for insertvalue, extractvalue.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@194374 91177308-0d34-0410-b5e6-96231b3b80d8
2013-11-11 13:37:10 +00:00
Nuno Lopes
5e1d0d39db fix PR17635: false positive with packed structures
LLVM optimizers may widen accesses to packed structures that overflow the structure itself, but should be in bounds up to the alignment of the object

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@193317 91177308-0d34-0410-b5e6-96231b3b80d8
2013-10-24 09:17:24 +00:00
Dmitry Vyukov
4ef1999d61 tsan: implement no_sanitize_thread attribute
If a function has no_sanitize_thread attribute,
do not instrument memory accesses in it.



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@192871 91177308-0d34-0410-b5e6-96231b3b80d8
2013-10-17 07:20:06 +00:00
Kostya Serebryany
3386d25257 [asan] Optimize accesses to global arrays with constant index
Summary:
Given a global array G[N], which is declared in this CU and has static initializer
avoid instrumenting accesses like G[i], where 'i' is a constant and 0<=i<N.
Also add a bit of stats.

This eliminates ~1% of instrumentations on SPEC2006
and also partially helps when asan is being run together with coverage.

Reviewers: samsonov

Reviewed By: samsonov

CC: llvm-commits

Differential Revision: http://llvm-reviews.chandlerc.com/D1947

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@192794 91177308-0d34-0410-b5e6-96231b3b80d8
2013-10-16 14:06:14 +00:00
Evgeniy Stepanov
95864303f5 [msan] Instrument x86.*_cvt* intrinsics.
Currently MSan checks that arguments of *cvt* intrinsics are fully initialized.
That's too much to ask: some of them only operate on lower half, or even
quarter, of the input register.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@192599 91177308-0d34-0410-b5e6-96231b3b80d8
2013-10-14 15:16:25 +00:00
Evgeniy Stepanov
a0f6d1651b [msan] Fix handling of scalar select of vectors.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@192575 91177308-0d34-0410-b5e6-96231b3b80d8
2013-10-14 09:52:09 +00:00
Benjamin Kramer
2f08433210 ObjectSizeOffsetEvaluator: Don't run into infinite recursion if we have a cyclic GEP.
Those can occur in dead code. PR17402.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@191644 91177308-0d34-0410-b5e6-96231b3b80d8
2013-09-29 19:39:13 +00:00
Manman Ren
9e81c3bdb2 TBAA: handle scalar TBAA format and struct-path aware TBAA format.
Remove the command line argument "struct-path-tbaa" since we should not depend
on command line argument to decide which format the IR file is using. Instead,
we check the first operand of the tbaa tag node, if it is a MDNode, we treat
it as struct-path aware TBAA format, otherwise, we treat it as scalar TBAA
format.

When clang starts to use struct-path aware TBAA format no matter whether
struct-path-tbaa is no, and we can auto-upgrade existing bc files, the support
for scalar TBAA format can be dropped.

Existing testing cases are updated to use the struct-path aware TBAA format.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@191538 91177308-0d34-0410-b5e6-96231b3b80d8
2013-09-27 18:34:27 +00:00
Evgeniy Stepanov
ecf0fcd2b1 [msan] Handling of atomic load/store, atomic rmw, cmpxchg.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@191287 91177308-0d34-0410-b5e6-96231b3b80d8
2013-09-24 11:20:27 +00:00
Evgeniy Stepanov
6591308b7e [msan] Wrap indirect functions.
Adds a flag to the MemorySanitizer pass that enables runtime rewriting of
indirect calls. This is part of MSanDR implementation and is needed to return
control to the DynamiRio-based helper tool on transition between instrumented
and non-instrumented modules. Disabled by default.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@191006 91177308-0d34-0410-b5e6-96231b3b80d8
2013-09-19 15:22:35 +00:00
Evgeniy Stepanov
e5c8c5a1bc [msan] Check return value of main().
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@190782 91177308-0d34-0410-b5e6-96231b3b80d8
2013-09-16 13:24:32 +00:00
Manman Ren
1ed2e1fb92 Debug Info Testing: update context from empty string to null.
Context should be either null or MDNode.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@190267 91177308-0d34-0410-b5e6-96231b3b80d8
2013-09-08 03:11:54 +00:00
Manman Ren
1307103dff Debug Info Testing: updated to use NULL instead of "i32 0" in a few fields.
Field 2 of DIType (Context), field 9 of DIDerivedType (TypeDerivedFrom),
field 12 of DICompositeType (ContainingType), fields 2, 7, 12 of DISubprogram
(Context, Type, ContainingType).


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@190205 91177308-0d34-0410-b5e6-96231b3b80d8
2013-09-06 21:03:58 +00:00
Evgeniy Stepanov
69086b2962 [msan] Fix handling of select with struct arguments.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@189796 91177308-0d34-0410-b5e6-96231b3b80d8
2013-09-03 13:05:29 +00:00
Evgeniy Stepanov
6a9b29ec9b [msan] Fix select instrumentation.
Select condition shadow was being ignored resulting in false negatives.
This change OR-s sign-extended condition shadow into the result shadow.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@189785 91177308-0d34-0410-b5e6-96231b3b80d8
2013-09-03 10:04:11 +00:00
Peter Collingbourne
ffba4c7e69 DataFlowSanitizer: Implement trampolines for function pointers passed to custom functions.
Differential Revision: http://llvm-reviews.chandlerc.com/D1503

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@189408 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-27 22:09:06 +00:00
Manman Ren
6e3cd0ebe2 Debug Info: add an identifier field to DICompositeType.
DICompositeType will have an identifier field at position 14. For now, the
field is set to null in DIBuilder.
For DICompositeTypes where the template argument field (the 13th field)
was optional, modify DIBuilder to make sure the template argument field is set.
Now DICompositeType has 15 fields.

Update DIBuilder to use NULL instead of "i32 0" for null value of a MDNode.
Update verifier to check that DICompositeType has 15 fields and the last
field is null or a MDString.

Update testing cases to include an extra field for DICompositeType.
The identifier field will be used by type uniquing so a front end can
genearte a DICompositeType with a unique identifer.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@189282 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-26 22:39:55 +00:00
Peter Collingbourne
f3c0314310 DataFlowSanitizer: correctly combine labels in the case where they are equal.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@189133 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-23 18:45:06 +00:00
Evgeniy Stepanov
7c7b8e57f8 [msan] Fix handling of va_arg overflow area on x86_64.
The code was erroneously reading overflow area shadow from the TLS slot,
bypassing the local copy. Reading shadow directly from TLS is wrong, because
it can be overwritten by a nested vararg call, if that happens before va_start.



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@189104 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-23 12:11:00 +00:00
Peter Collingbourne
054cec05b8 DataFlowSanitizer: Replace non-instrumented aliases of instrumented functions, and vice versa, with wrappers.
Differential Revision: http://llvm-reviews.chandlerc.com/D1442

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@189054 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-22 20:08:15 +00:00
Peter Collingbourne
f1366c5524 DataFlowSanitizer: Prefix the name of each instrumented function with "dfs$".
DFSan changes the ABI of each function in the module.  This makes it possible
for a function with the native ABI to be called with the instrumented ABI,
or vice versa, thus possibly invoking undefined behavior.  A simple way
of statically detecting instances of this problem is to prepend the prefix
"dfs$" to the name of each instrumented-ABI function.

This will not catch every such problem; in particular function pointers passed
across the instrumented-native barrier cannot be used on the other side.
These problems could potentially be caught dynamically.

Differential Revision: http://llvm-reviews.chandlerc.com/D1373

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@189052 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-22 20:08:08 +00:00
Daniel Dunbar
24ec2e5a72 [tests] Cleanup initialization of test suffixes.
- Instead of setting the suffixes in a bunch of places, just set one master
   list in the top-level config. We now only modify the suffix list in a few
   suites that have one particular unique suffix (.ml, .mc, .yaml, .td, .py).

 - Aside from removing the need for a bunch of lit.local.cfg files, this enables
   4 tests that were inadvertently being skipped (one in
   Transforms/BranchFolding, a .s file each in DebugInfo/AArch64 and
   CodeGen/PowerPC, and one in CodeGen/SI which is now failing and has been
   XFAILED).

 - This commit also fixes a bunch of config files to use config.root instead of
   older copy-pasted code.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@188513 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-16 00:37:11 +00:00
Peter Collingbourne
a77d9f726a DataFlowSanitizer: Add a debugging feature to help us track nonzero labels.
Summary:
When the -dfsan-debug-nonzero-labels parameter is supplied, the code
is instrumented such that when a call parameter, return value or load
produces a nonzero label, the function __dfsan_nonzero_label is called.
The idea is that a debugger breakpoint can be set on this function
in a nominally label-free program to help identify any bugs in the
instrumentation pass causing labels to be introduced.

Reviewers: eugenis

CC: llvm-commits

Differential Revision: http://llvm-reviews.chandlerc.com/D1405

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@188472 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-15 18:51:12 +00:00
Peter Collingbourne
f62372f6a3 DataFlowSanitizer: move abilist input file to Inputs.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@188423 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-14 22:28:36 +00:00
Peter Collingbourne
ef8136dda1 DataFlowSanitizer: Instrumentation for memset.
Differential Revision: http://llvm-reviews.chandlerc.com/D1395

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@188412 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-14 20:51:38 +00:00
Peter Collingbourne
fdb1a6c341 DataFlowSanitizer: greylist is now ABI list.
This replaces the old incomplete greylist functionality with an ABI
list, which can provide more detailed information about the ABI and
semantics of specific functions.  The pass treats every function in
the "uninstrumented" category in the ABI list file as conforming to
the "native" (i.e. unsanitized) ABI.  Unless the ABI list contains
additional categories for those functions, a call to one of those
functions will produce a warning message, as the labelling behaviour
of the function is unknown.  The other supported categories are
"functional", "discard" and "custom".

- "discard" -- This function does not write to (user-accessible) memory,
  and its return value is unlabelled.
- "functional" -- This function does not write to (user-accessible)
  memory, and the label of its return value is the union of the label of
  its arguments.
- "custom" -- Instead of calling the function, a custom wrapper __dfsw_F
  is called, where F is the name of the function.  This function may wrap
  the original function or provide its own implementation.

Differential Revision: http://llvm-reviews.chandlerc.com/D1345

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@188402 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-14 18:54:12 +00:00
Peter Collingbourne
4f96b7e147 Reapply r188119 now that the bug it exposed is fixed.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@188217 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-12 22:38:43 +00:00
Arnold Schwaighofer
5cf14916c3 Revert r188119 "Kill some duplicated code for removing unreachable BBs."
It is breaking builbots with libgmalloc enabled on Mac OS X.

$ cd llvm ; mkdir release ; cd release
$ ../configure --enable-optimized —prefix=$PWD/install
$ make
$ make check
$ Release+Asserts/bin/llvm-lit -v --param use_gmalloc=1 --param \
  gmalloc_path=/usr/lib/libgmalloc.dylib \
  ../test/Instrumentation/DataFlowSanitizer/args-unreachable-bb.ll

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@188142 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-10 20:16:06 +00:00
Peter Collingbourne
835738ce54 Kill some duplicated code for removing unreachable BBs.
This moves removeUnreachableBlocksFromFn from SimplifyCFGPass.cpp
to Utils/Local.cpp and uses it to replace the implementation of
llvm::removeUnreachableBlocks, which appears to do a strict subset
of what removeUnreachableBlocksFromFn does.

Differential Revision: http://llvm-reviews.chandlerc.com/D1334

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@188119 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-09 22:47:24 +00:00
Peter Collingbourne
aaae6e9cb8 DataFlowSanitizer: Remove unreachable BBs so IR continues to verify
under the args ABI.

Differential Revision: http://llvm-reviews.chandlerc.com/D1316

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@188113 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-09 21:42:53 +00:00
Peter Collingbourne
6fa33f5dd9 DataFlowSanitizer; LLVM changes.
DataFlowSanitizer is a generalised dynamic data flow analysis.

Unlike other Sanitizer tools, this tool is not designed to detect a
specific class of bugs on its own.  Instead, it provides a generic
dynamic data flow analysis framework to be used by clients to help
detect application-specific issues within their own code.

Differential Revision: http://llvm-reviews.chandlerc.com/D965

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@187923 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-07 22:47:18 +00:00
Bill Wendling
55a1a590bf Change the linkage of these global values to 'internal'.
The globals being generated here were given the 'private' linkage type. However,
this caused them to end up in different sections with the wrong prefix. E.g.,
they would be in the __TEXT,__const section with an 'L' prefix instead of an 'l'
(lowercase ell) prefix.

The problem is that the linker will eat a literal label with 'L'. If a weak
symbol is then placed into the __TEXT,__const section near that literal, then it
cannot distinguish between the literal and the weak symbol.

Part of the problems here was introduced because the address sanitizer converted
some C strings into constant initializers with trailing nuls. (Thus putting them
in the __const section with the wrong prefix.) The others were variables that
the address sanitizer created but simply had the wrong linkage type.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@187827 91177308-0d34-0410-b5e6-96231b3b80d8
2013-08-06 22:52:42 +00:00
Manman Ren
d513b4033f Debug Info: update testing cases to pass verifier.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@187362 91177308-0d34-0410-b5e6-96231b3b80d8
2013-07-29 18:12:58 +00:00
Rafael Espindola
f204228b78 Current batch of -disable-debug-info-verifier.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@187130 91177308-0d34-0410-b5e6-96231b3b80d8
2013-07-25 17:16:05 +00:00
Evgeniy Stepanov
d55ef5ce5f [msan] Unpoison stack allocations and undef values in blacklisted functions.
This changes behavior of -msan-poison-stack=0 flag from not poisoning stack
allocations to actively unpoisoning them.



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@185538 91177308-0d34-0410-b5e6-96231b3b80d8
2013-07-03 14:39:14 +00:00
Kostya Serebryany
d4429214a2 [asan] workaround for PR16277: don't instrument AllocaInstr with alignment more than the redzone size
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@184928 91177308-0d34-0410-b5e6-96231b3b80d8
2013-06-26 09:49:52 +00:00
Kostya Serebryany
20985711c7 [asan] add option -asan-keep-uninstrumented-functions
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@184927 91177308-0d34-0410-b5e6-96231b3b80d8
2013-06-26 09:18:17 +00:00
Evgeniy Stepanov
7ae921dbec [msan] Handle mixed track-origins and keep-going settings (llvm part).
Before this change, each module defined a weak_odr global __msan_track_origins 
with a value of 1 if origin tracking is enabled, 0 if disabled. If there are 
modules with different values, any of them may win. If 0 wins, and there is at 
least one module with 1, the program will most likely crash.

With this change, __msan_track_origins is only emitted if origin tracking is 
on. Then runtime library detects if there is at least one module with origin 
tracking, and enables runtime support for it.



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@182997 91177308-0d34-0410-b5e6-96231b3b80d8
2013-05-31 12:04:29 +00:00
Evgeniy Stepanov
9903f75bf6 [msan] Fix argument shadow alignment.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@182771 91177308-0d34-0410-b5e6-96231b3b80d8
2013-05-28 13:07:43 +00:00
Evgeniy Stepanov
bf4150656f [msan] A no-op implementation of VarArg handling.
This stuff is used on platforms where MSan does not have a proper VarArg
implementation (anything other than x86_64 at the moment).


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@182375 91177308-0d34-0410-b5e6-96231b3b80d8
2013-05-21 12:27:47 +00:00
Evgeniy Stepanov
8f79b2f762 [msan] Switch TLS globals to initial-exec model.
They are always defined in the main executable.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@181994 91177308-0d34-0410-b5e6-96231b3b80d8
2013-05-16 09:14:05 +00:00
Benjamin Kramer
8e708d30a3 Add missing colons to check lines.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@179277 91177308-0d34-0410-b5e6-96231b3b80d8
2013-04-11 12:41:41 +00:00
Kostya Serebryany
f464481db0 [tsan] make sure memset/memcpy/memmove are not inlined in tsan mode
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@178230 91177308-0d34-0410-b5e6-96231b3b80d8
2013-03-28 11:21:13 +00:00
David Blaikie
72dfb052ab Revert "Adding DIImportedModules to DIScopes."
This reverts commit 342d92c7a0.

Turns out we're going with a different schema design to represent
DW_TAG_imported_modules so we won't need this extra field.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@178215 91177308-0d34-0410-b5e6-96231b3b80d8
2013-03-28 02:44:59 +00:00
David Blaikie
342d92c7a0 Adding DIImportedModules to DIScopes.
This is just the basic groundwork for supporting DW_TAG_imported_module but I
wanted to commit this before pushing support further into Clang or LLVM so that
this rather churny change is isolated from the rest of the work. The major
churn here is obviously adding another field (within the common DIScope prefix)
to all DIScopes (files, classes, namespaces, lexical scopes, etc). This should
be the last big churny change needed for DW_TAG_imported_module/using directive
support/PR14606.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@178099 91177308-0d34-0410-b5e6-96231b3b80d8
2013-03-27 00:07:26 +00:00
Dmitry Vyukov
aa2bece628 tsan: fix the test
Add missed file from r177717 commit that adds __tsan_vptr_read.



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@177719 91177308-0d34-0410-b5e6-96231b3b80d8
2013-03-22 09:04:01 +00:00
Dmitry Vyukov
ab78ac1a2d tsan: handle vptr loads specially
This is required to determine ctor/dtor vs virtual call races.
http://llvm-reviews.chandlerc.com/D566



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@177717 91177308-0d34-0410-b5e6-96231b3b80d8
2013-03-22 08:51:22 +00:00
Evgeniy Stepanov
7541cd36fd Fix llvm::removeUnreachableBlocks to handle unreachable loops.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@177713 91177308-0d34-0410-b5e6-96231b3b80d8
2013-03-22 08:43:04 +00:00
David Blaikie
ebb5183a2f Remove unused field in DISubprogram
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@177661 91177308-0d34-0410-b5e6-96231b3b80d8
2013-03-21 20:28:52 +00:00
Kostya Serebryany
5111627ac1 [asan] when creating string constants, set unnamed_attr and align 1 so that equal strings are merged by the linker. Observed up to 1% binary size reduction. Thanks to Anton Korobeynikov for the suggestion
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@177264 91177308-0d34-0410-b5e6-96231b3b80d8
2013-03-18 09:38:39 +00:00
Kostya Serebryany
3797adb94f [asan] don't instrument functions with available_externally linkage. This saves a bit of compile time and reduces the number of redundant global strings generated by asan (https://code.google.com/p/address-sanitizer/issues/detail?id=167)
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@177250 91177308-0d34-0410-b5e6-96231b3b80d8
2013-03-18 07:33:49 +00:00
David Blaikie
b4cf0ab22b Split out filename & directory from DIFile to start generalizing over DIScopes
This is the first step to making all DIScopes have a common metadata prefix (so
that things (using directives, for example) that can appear in any scope can be
added to that common prefix). DIFile is itself a DIScope so the common prefix
of all DIScopes cannot be a DIFile - instead it's the raw filename/directory
name pair.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@177239 91177308-0d34-0410-b5e6-96231b3b80d8
2013-03-17 21:13:55 +00:00
Alexey Samsonov
b4ba5e68e1 [ASan] emit instrumentation for initialization order checking by default
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@177063 91177308-0d34-0410-b5e6-96231b3b80d8
2013-03-14 12:38:58 +00:00
David Blaikie
e0805a992d Remove the unused 4th operand for DIFile debug info metadata
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@176983 91177308-0d34-0410-b5e6-96231b3b80d8
2013-03-13 22:05:21 +00:00
Evgeniy Stepanov
5e81213969 [msan] Implement sanitize_memory attribute.
Shadow checks are disabled and memory loads always produce fully initialized
values in functions that don't have a sanitize_memory attribute. Value and
argument shadow is propagated as usual.

This change also updates blacklist behaviour to match the above.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@176247 91177308-0d34-0410-b5e6-96231b3b80d8
2013-02-28 11:25:14 +00:00
Kostya Serebryany
8eec41fc77 Unify clang/llvm attributes for asan/tsan/msan (LLVM part)
These are two related changes (one in llvm, one in clang).
LLVM: 
- rename address_safety => sanitize_address (the enum value is the same, so we preserve binary compatibility with old bitcode)
- rename thread_safety => sanitize_thread
- rename no_uninitialized_checks -> sanitize_memory

CLANG: 
- add __attribute__((no_sanitize_address)) as a synonym for __attribute__((no_address_safety_analysis))
- add __attribute__((no_sanitize_thread))
- add __attribute__((no_sanitize_memory))

for S in address thread memory
If -fsanitize=S is present and __attribute__((no_sanitize_S)) is not
set llvm attribute sanitize_S


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@176075 91177308-0d34-0410-b5e6-96231b3b80d8
2013-02-26 06:58:09 +00:00
Kostya Serebryany
1479c9bb39 [asan] instrument invoke insns with noreturn attribute (as well as call insns)
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@175617 91177308-0d34-0410-b5e6-96231b3b80d8
2013-02-20 12:35:15 +00:00
Kostya Serebryany
6ecccdbb2b [asan] instrument memory accesses with unusual sizes
This patch makes asan instrument memory accesses with unusual sizes (e.g. 5 bytes or 10 bytes), e.g. long double or
packed structures.
Instrumentation is done with two 1-byte checks
(first and last bytes) and if the error is found
__asan_report_load_n(addr, real_size) or
__asan_report_store_n(addr, real_size)
is called.

Also, call these two new functions in memset/memcpy
instrumentation.

asan-rt part will follow.



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@175507 91177308-0d34-0410-b5e6-96231b3b80d8
2013-02-19 11:29:21 +00:00
Kostya Serebryany
605ff6655b [asan] revert r175266 as it breaks code with packed structures. supporting long double will require a more general solution
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@175442 91177308-0d34-0410-b5e6-96231b3b80d8
2013-02-18 13:47:02 +00:00
Kostya Serebryany
74ecd214e2 [asan] support long double on 64-bit. See https://code.google.com/p/address-sanitizer/issues/detail?id=151
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@175266 91177308-0d34-0410-b5e6-96231b3b80d8
2013-02-15 12:46:06 +00:00
Kostya Serebryany
7bce462c15 [tsan] disable load widening in ThreadSanitizer mode
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@175034 91177308-0d34-0410-b5e6-96231b3b80d8
2013-02-13 05:59:45 +00:00