summaryrefslogtreecommitdiff
path: root/test/hwasan/TestCases
Commit message (Collapse)AuthorAgeFilesLines
* hwasan: Ignore loads and stores of size 0.Peter Collingbourne2019-01-091-0/+10
| | | | | | | | | | | | | | | | | | Now that memory intrinsics are instrumented, it's more likely that CheckAddressSized will be called with size 0. (It was possible before with IR like: %val = load [0 x i8], [0 x i8]* %ptr but I don't think clang will generate IR like that and the optimizer would normally remove it by the time it got anywhere near our pass anyway). The right thing to do in both cases is to disable the addressing checks (since the underlying memory intrinsic is a no-op), so that's what we do. Differential Revision: https://reviews.llvm.org/D56465 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@350683 91177308-0d34-0410-b5e6-96231b3b80d8
* Disable system-allocator-fallback.cc test on Android O and earlier.Peter Collingbourne2019-01-041-0/+4
| | | | | | | The dynamic loader on Android O appears to have a bug where it crashes when dlopening DF_1_GLOBAL libraries. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@350444 91177308-0d34-0410-b5e6-96231b3b80d8
* hwasan: Use system allocator to realloc and free untagged pointers in ↵Peter Collingbourne2019-01-041-0/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | interceptor mode. The Android dynamic loader has a non-standard feature that allows libraries such as the hwasan runtime to interpose symbols even after the symbol already has a value. The new value of the symbol is used to relocate libraries loaded after the interposing library, but existing libraries keep the old value. This behaviour is activated by the DF_1_GLOBAL flag in DT_FLAGS_1, which is set by passing -z global to the linker, which is what we already do to link the hwasan runtime. What this means in practice is that if we have .so files that depend on interceptor-mode hwasan without the main executable depending on it, some of the libraries in the process will be using the hwasan allocator and some will be using the system allocator, and these allocators need to interact somehow. For example, if an instrumented library calls a function such as strdup that allocates memory on behalf of the caller, the instrumented library can reasonably expect to be able to call free to deallocate the memory. We can handle that relatively easily with hwasan by using tag 0 to represent allocations from the system allocator. If hwasan's realloc or free functions are passed a pointer with tag 0, the system allocator is called. One limitation is that this scheme doesn't work in reverse: if an instrumented library allocates memory, it must free the memory itself and cannot pass ownership to a system library. In a future change, we may want to expose an API for calling the system allocator so that instrumented libraries can safely transfer ownership of memory to system libraries. Differential Revision: https://reviews.llvm.org/D55986 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@350427 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] Switch to 64 allocator with a dense size class map.Evgeniy Stepanov2019-01-032-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Summary: Replace the 32-bit allocator with a 64-bit one with a non-constant base address, and reduce both the number of size classes and the maximum size of per-thread caches. As measured on [1], this reduces average weighted memory overhead (MaxRSS) from 26% to 12% over stock android allocator. These numbers include overhead from code instrumentation and hwasan shadow (i.e. not a pure allocator benchmark). This switch also enables release-to-OS functionality, which is not implemented in the 32-bit allocator. I have not seen any effect from that on the benchmark. [1] https://android.googlesource.com/platform/system/extras/+/master/memory_replay/ Reviewers: vitalybuka, kcc Subscribers: kubamracek, cryptoad, llvm-commits Differential Revision: https://reviews.llvm.org/D56239 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@350370 91177308-0d34-0410-b5e6-96231b3b80d8
* [HWASAN] Add support for memory intrinsicsEugene Leviant2018-12-201-0/+37
| | | | | | | | | | This is patch complements D55117 implementing __hwasan_mem* functions in runtime Differential revision: https://reviews.llvm.org/D55554 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@349730 91177308-0d34-0410-b5e6-96231b3b80d8
* Fix typo in test cases as well.Peter Collingbourne2018-12-153-8/+8
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@349255 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] Link ubsan_cxx to shared runtime library.Evgeniy Stepanov2018-12-121-0/+18
| | | | | | | | | | | | Summary: This is needed for C++-specific ubsan and cfi error reporting to work. Reviewers: kcc, vitalybuka Subscribers: srhines, kubamracek, mgorny, llvm-commits Differential Revision: https://reviews.llvm.org/D55589 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@348986 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] make the heap-buffer-overflow.c test more robust and re-enable it. ↵Kostya Serebryany2018-11-171-3/+3
| | | | | | With malloc_align_right the relative offsets of heap chunks are less predictable to simply don't test for them. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@347118 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] implement free_checks_tail_magic=1Kostya Serebryany2018-11-171-0/+28
| | | | | | | | | | | | | | | | | | | | | | | Summary: With free_checks_tail_magic=1 (default) HWASAN writes magic bytes to the tail of every heap allocation (last bytes of the last granule, if the last granule is not fully used) and checks these bytes on free(). This feature will detect buffer overwires within the last granule at the time of free(). This is an alternative to malloc_align_right=[1289] that should have fewer compatibility issues. It is also weaker since it doesn't detect read overflows and reports bugs at free() instead of at access. Reviewers: eugenis Subscribers: kubamracek, delcypher, #sanitizers, llvm-commits Differential Revision: https://reviews.llvm.org/D54656 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@347116 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] use reads instead of writes in a testKostya Serebryany2018-11-161-1/+3
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@347107 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] disable one test line while investigating a bot failureKostya Serebryany2018-11-161-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@347091 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] optionally right-align heap allocationsKostya Serebryany2018-11-163-8/+67
| | | | | | | | | | | | | | | | | Summary: ... so that we can find intra-granule buffer overflows. The default is still to always align left. It remains to be seen wether we can enable this mode at scale. Reviewers: eugenis Reviewed By: eugenis Subscribers: jfb, dvyukov, kubamracek, delcypher, #sanitizers, llvm-commits Differential Revision: https://reviews.llvm.org/D53789 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@347082 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] Add entire report to abort message on Android.Evgeniy Stepanov2018-11-091-0/+28
| | | | | | | | | | | | | | Summary: When reporting a fatal error, collect and add the entire report text to android_set_abort_message so that it can be found in the tombstone. Reviewers: kcc, vitalybuka Subscribers: srhines, kubamracek, llvm-commits Differential Revision: https://reviews.llvm.org/D54284 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@346557 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] Fix stack-uar.c after rCRT345110Fangrui Song2018-11-051-1/+1
| | | | | | Set -fno-discard-value-names so that the frame description string contains the variable name. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@346120 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] when printing a stack-related bugs, also print stack frame ↵Kostya Serebryany2018-10-241-2/+6
| | | | | | descriptions provided by the compiler git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@345110 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] relax a testKostya Serebryany2018-10-111-3/+3
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@344289 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] extend the stack-uar testKostya Serebryany2018-10-111-6/+20
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@344213 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] simplify a testKostya Serebryany2018-10-101-5/+5
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@344203 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] when reporting a bug, print some very basic information about the ↵Kostya Serebryany2018-10-102-2/+14
| | | | | | heap chunk (in addition to the more detailed info that we may fail to show) git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@344193 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] print all threads in a bug reportKostya Serebryany2018-10-101-0/+2
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@344174 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] Record and display stack history in stack-based reports.Evgeniy Stepanov2018-09-243-0/+175
| | | | | | | | | | | | | | | | | | | | | Summary: Display a list of recent stack frames (not a stack trace!) when tag-mismatch is detected on a stack address. The implementation uses alignment tricks to get both the address of the history buffer, and the base address of the shadow with a single 8-byte load. See the comment in hwasan_thread_list.h for more details. Developed in collaboration with Kostya Serebryany. Reviewers: kcc Subscribers: srhines, kubamracek, mgorny, hiraditya, jfb, llvm-commits Differential Revision: https://reviews.llvm.org/D52249 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@342923 91177308-0d34-0410-b5e6-96231b3b80d8
* Revert "[hwasan] Record and display stack history in stack-based reports."Evgeniy Stepanov2018-09-243-175/+0
| | | | | | This reverts commit r342921: test failures on clang-cmake-arm* bots. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@342922 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] Record and display stack history in stack-based reports.Evgeniy Stepanov2018-09-243-0/+175
| | | | | | | | | | | | | | | | | | | | | Summary: Display a list of recent stack frames (not a stack trace!) when tag-mismatch is detected on a stack address. The implementation uses alignment tricks to get both the address of the history buffer, and the base address of the shadow with a single 8-byte load. See the comment in hwasan_thread_list.h for more details. Developed in collaboration with Kostya Serebryany. Reviewers: kcc Subscribers: srhines, kubamracek, mgorny, hiraditya, jfb, llvm-commits Differential Revision: https://reviews.llvm.org/D52249 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@342921 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] On every use-after-free print a developer note: the index of this ↵Kostya Serebryany2018-09-121-0/+27
| | | | | | heap object in the thread's deallocation ring buffer. Mostly useful to hwasan developers, will hopefully let us know the good size of the deallocation ring buffer git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@342014 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] tests for a buffer overflow with a large allocationKostya Serebryany2018-09-121-1/+6
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@342011 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] Re-enable print-memory-usage-android test.Evgeniy Stepanov2018-09-101-3/+6
| | | | | | | The problem was not in a non-rooted device, but in tagged local variable address passed to a system call, see comments in the code. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341875 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] rename two .cc tests into .cKostya Serebryany2018-09-082-6/+6
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341739 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] Disable print-memory-usage-android test.Evgeniy Stepanov2018-09-081-0/+5
| | | | | | Requires a rooted device => fails on sanitizer-x86_64-linux-android bot. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341738 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] Export memory stats through /proc/$PID/maps.Evgeniy Stepanov2018-09-081-0/+13
| | | | | | | Adds a line to /proc/$PID/maps with more or less up-to-date memory stats of the process. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341735 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] relax the rint-memory-usage.c test furtherKostya Serebryany2018-09-071-5/+5
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341625 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] make the print-memory-usage.c less agressive: do not assume that ↵Kostya Serebryany2018-09-071-3/+4
| | | | | | malloc can't happen before main git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341615 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] Fix malloc overflow detection.Evgeniy Stepanov2018-09-071-0/+80
| | | | | | | | | Check size limit before rounding up, otherwise malloc((size_t)-1) would happily allocate 0 bytes. Steal a nice test case from scudo. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341612 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] fix pthread_exitKostya Serebryany2018-09-061-0/+5
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341594 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] introduce __hwasan_print_memory_usageKostya Serebryany2018-09-061-0/+71
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341592 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] deflake a test Kostya Serebryany2018-09-051-2/+2
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341480 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] print thread IDs when reporting a bug (also had to fix ↵Kostya Serebryany2018-09-052-13/+44
| | | | | | pthread_create on Linux) git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341438 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] add a unique id to a thread and add debug prints for thread ↵Kostya Serebryany2018-09-041-1/+8
| | | | | | creation/destruction git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341428 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] Fix new[] with zero size.Evgeniy Stepanov2018-08-312-1/+22
| | | | | | | Fixes "allocator is out of memory trying to allocate 0x0 bytes" by always allocating at least one byte. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341229 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] more heap-buffer-overflow testsKostya Serebryany2018-08-311-5/+10
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341162 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] properly report heap-buffer-overflowKostya Serebryany2018-08-311-0/+16
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341159 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] make malloc(0) return nullptr, add basic address description for ↵Kostya Serebryany2018-08-314-2/+17
| | | | | | stack addresses git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341156 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] fix the linux-only pthread_create interceptor and reinstate the two ↵Kostya Serebryany2018-08-302-0/+63
| | | | | | threaded tests git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341143 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] use thread-local ring buffers to properly report heap-use-after-freeKostya Serebryany2018-08-303-3/+3
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341133 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] temporarily remove two tests to silence the botsKostya Serebryany2018-08-302-63/+0
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341129 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] simplify the thread hangling: instead of the ThreadRegistry (too ↵Kostya Serebryany2018-08-301-0/+37
| | | | | | heavy) simply maintain a linked list of Threads git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341111 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] add a simple threaded UAF test, make it work on x86 (need to ↵Kostya Serebryany2018-08-301-0/+26
| | | | | | disable tagging in malloc with inside pthread_create) git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@341007 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] simplify the realloc implementation: always allocate/deallocate on ↵Kostya Serebryany2018-08-291-0/+35
| | | | | | realloc. This may slowdown some realloc-heavy code, but at least at this point a want simpler code. Also added a test git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@340973 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] implement detection of realloc-after-freeKostya Serebryany2018-08-241-0/+28
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@340593 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] implement detection of double-free (invalid-free)Kostya Serebryany2018-08-241-0/+23
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@340591 91177308-0d34-0410-b5e6-96231b3b80d8
* [hwasan] make error reporting look more like in asan, print the memory tag ↵Kostya Serebryany2018-08-222-22/+18
| | | | | | around the buggy access, simplify one test git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@340470 91177308-0d34-0410-b5e6-96231b3b80d8
View Lorry Controller Status