This is an archive of the discontinued LLVM Phabricator instance.

Differential D32197

[TySan] A Type Sanitizer (Runtime Library)
Needs ReviewPublic

Authored by fhahn on Apr 18 2017, 3:58 PM.

Details

Reviewers
kcc
chandlerc
kubamracek
dberlin
hfinkel
CJ-Johnson
Summary

This patch introduces the runtime components of a type sanitizer: a sanitizer for type-based aliasing violations.

C/C++ have type-based aliasing rules, and LLVM's optimizer can exploit these given TBAA metadata added by Clang. Roughly, a pointer of given type cannot be used to access an object of a different type (with, of course, certain exceptions). Unfortunately, there's a lot of code in the wild that violates these rules (e.g. for type punning), and such code often must be built with -fno-strict-aliasing. Performance is often sacrificed as a result. Part of the problem is the difficulty of finding TBAA violations. Hopefully, this sanitizer will help.

For each TBAA type-access descriptor, encoded in LLVM's IR using metadata, the corresponding instrumentation pass generates descriptor tables. Thus, for each type (and access descriptor), we have a unique pointer representation. Excepting anonymous-namespace types, these tables are comdat, so the pointer values should be unique across the program. The descriptors refer to other descriptors to form a type aliasing tree (just like LLVM's TBAA metadata does). The instrumentation handles the "fast path" (where the types match exactly and no partial-overlaps are detected), and defers to the runtime to handle all of the more-complicated cases. The runtime, of course, is also responsible for reporting errors when those are detected.

The runtime uses essentially the same shadow memory region as tsan, and we use 8 bytes of shadow memory, the size of the pointer to the type descriptor, for every byte of accessed data in the program. The value 0 is used to represent an unknown type. The value -1 is used to represent an interior byte (a byte that is part of a type, but not the first byte). The instrumentation first checks for an exact match between the type of the current access and the type for that address recorded in the shadow memory. If it matches, it then checks the shadow for the remainder of the bytes in the type to make sure that they're all -1. If not, we call the runtime. If the exact match fails, we next check if the value is 0 (i.e. unknown). If it is, then we check the shadow for the remainder of the byes in the type (to make sure they're all 0). If they're not, we call the runtime. We then set the shadow for the access address and set the shadow for the remaining bytes in the type to -1 (i.e. marking them as interior bytes). If the type indicated by the shadow memory for the access address is neither an exact match nor 0, we call the runtime.

The instrumentation pass inserts calls to the memset intrinsic to set the memory updated by memset, memcpy, and memmove, as well as allocas/byval (and for lifetime.start/end) to reset the shadow memory to reflect that the type is now unknown. The runtime intercepts memset, memcpy, etc. to perform the same function for the library calls.

The runtime essentially repeats these checks, but uses the full TBAA algorithm, just as the compiler does, to determine when two types are permitted to alias. In a situation where access overlap has occurred and aliasing is not permitted, an error is generated.

Clang's TBAA representation currently has a problem representing unions, as demonstrated by the one XFAIL'd test. We'll update the TBAA representation to fix this, and at the same time, update the sanitizer.

As a note, this implementation does not use the compressed shadow-memory scheme discussed previously (http://lists.llvm.org/pipermail/llvm-dev/2017-April/111766.html). That scheme would not handle the struct-path (i.e. structure offset) information that our TBAA represents. I expect we'll want to further work on compressing the shadow-memory representation, but I think it makes sense to do that as follow-up work.

Diff Detail

Unit TestsFailed

TimeTest
2,390 msx64 debian > TypeSanitizer-x86_64.TypeSanitizer-x86_64::anon-ns.cpp
250 msx64 debian > TypeSanitizer-x86_64.TypeSanitizer-x86_64::anon-same-struct.c
210 msx64 debian > TypeSanitizer-x86_64.TypeSanitizer-x86_64::anon-struct.c
260 msx64 debian > TypeSanitizer-x86_64.TypeSanitizer-x86_64::basic.c
290 msx64 debian > TypeSanitizer-x86_64.TypeSanitizer-x86_64::char-memcpy.c
View Full Test Results (12 Failed)

Event Timeline

hfinkel created this revision.Apr 18 2017, 3:58 PM
Herald added subscribers: mgorny, kubamracek, mcrosier, srhines. · View Herald TranscriptApr 18 2017, 3:58 PM
hfinkel updated this revision to Diff 95651.Apr 18 2017, 4:00 PM

Upload the version of the patch that works on ppc64le.

kubamracek added a reviewer: kubamracek.Apr 18 2017, 4:10 PM
hfinkel added a comment.Apr 18 2017, 4:16 PM

https://reviews.llvm.org/D32198 (LLVM)
https://reviews.llvm.org/D32199 (Clang)

pcc added a subscriber: pcc.Apr 19 2017, 10:05 AM
filcab added a subscriber: filcab.Apr 19 2017, 10:53 AM

I just did a very quick first pass. Looks good in general, but I have some nits.

Also: Can you add a test for ATOMIC UPDATE access type?

cmake/config-ix.cmake
500 ↗(On Diff #95651)

clang enables it on FreeBSD too. I guess maybe enabling it on FreeBSD in the clang patch was a bug and you'd rather finish work on Linux first?
Or do you want to use the bots/keep testing on FreeBSD as you commit the parts, and expect FreeBSD to "just work" too?

lib/tbaasan/tbaasan.h
23 ↗(On Diff #95651)

Can you move this include above?
When reading, one can't tell if the using directives above are required before including the header or not. We can probably just stick them there, if they're really needed (I'd rather they weren't (in general), but given how fundamental the uptr and u16 types are, I don't see having those using directives in a header as a problem)

30 ↗(On Diff #95651)

Can these go inside namespace __tbaasan?

lib/tbaasan/tbaasan_interceptors.cc
198 ↗(On Diff #95651)

We're using 8x the memory for shadow memory. Do these make a noticeable difference?

hfinkel added a comment.Apr 19 2017, 3:39 PM
In D32197#730755, @filcab wrote:

I just did a very quick first pass. Looks good in general, but I have some nits.

Thanks!

Also: Can you add a test for ATOMIC UPDATE access type?

I had forgotten about that. I can't add a test yet because Clang doesn't add TBAA on atomic instructions. I need to fix that too.

cmake/config-ix.cmake
500 ↗(On Diff #95651)

I suspect it will just work. OTOH, I'll turn it off in Clang for now (pending confirmation that it functions properly).

lib/tbaasan/tbaasan.h
23 ↗(On Diff #95651)

Currently, no. The included header assumes those types have been brought in. FWIW, I also generally don't like having using directives in headers, but I agree that it seems reasonable in this case (and essentially every sanitizer has using __sanitizer::uptr in a header).

30 ↗(On Diff #95651)

Yes. Will do.

lib/tbaasan/tbaasan_interceptors.cc
198 ↗(On Diff #95651)

No, but I figured that it can't hurt (I copied these from TSan). Hopefully, one day (in the not-so-distant future), we'll use less memory (if we have the runtime manage type registration, for example, I think we could easily bring this down to 2-3 bytes per byte). I can obviously take this out if you'd prefer.

hfinkel updated this revision to Diff 95839.Apr 19 2017, 3:43 PM

Updated per review comments.

hfinkel updated this revision to Diff 96137.Apr 21 2017, 7:19 AM
hfinkel retitled this revision from [TBAASan] A TBAA Sanitizer (Runtime Library) to [TySan] A Type Sanitizer (Runtime Library).
hfinkel edited the summary of this revision. (Show Details)

Rename TBAASanitizer -> TypeSanitizer

hfinkel updated this revision to Diff 96266.Apr 21 2017, 5:20 PM

Mark the types of globals in a generated ctor-called function (added a runtime test for this). memcpy/memmove should do the corresponding thing for the type shadow data.

kosarev added a subscriber: kosarev.May 11 2017, 3:22 AM
kosarev added inline comments.
test/tysan/union-wr-wr.c
21 ↗(On Diff #96266)

Note the missing slash before n.

phi added a subscriber: phi.May 27 2017, 4:01 AM
hfinkel added inline comments.Aug 14 2017, 6:59 PM
test/tysan/union-wr-wr.c
21 ↗(On Diff #96266)

Indeed. Fixed.

hfinkel updated this revision to Diff 111110.Aug 14 2017, 7:00 PM

Rebased.

hfinkel updated this revision to Diff 117621.Oct 3 2017, 8:45 PM

Rebased (and fixed address mappings for (big-Endian) ppc64).

hfinkel updated this revision to Diff 119105.Oct 15 2017, 8:00 PM

Rebased.

wfh added a subscriber: wfh.Oct 25 2017, 12:00 PM

FWIW - I tried this with chromium base/ and it fails on base/allocator/tcmalloc/internal_logging.cc

FAILED: obj/base/allocator/tcmalloc/internal_logging.o
../../../../llvm/build/bin/clang++ -MMD -MF obj/base/allocator/tcmalloc/internal_logging.o.d -DNO_HEAP_CHECK -DV8_DEPRECATION_WARNINGS -DUSE_UDEV -DUSE_AURA=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -DFULL_SAFE_BROWSING -DSAFE_BROWSING_CSD -DSAFE_BROWSING_DB_LOCAL -DCHROMIUM_BUILD -DFIELDTRIAL_TESTING_ENABLED -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DCR_CLANG_REVISION=\"315613-1\" -DCOMPONENT_BUILD -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DTCMALLOC_DONT_REPLACE_SYSTEM_ALLOC -I../../base/allocator -I../../third_party/tcmalloc/chromium/src/base -I../../third_party/tcmalloc/chromium/src -I../.. -Igen -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -Wno-builtin-macro-redefined -DDATE= -DTIME= -DTIMESTAMP= -funwind-tables -fPIC -pipe -B../../third_party/binutils/Linux_x64/Release/bin -pthread -fcolor-diagnostics -Xclang -mllvm -Xclang -instcombine-lower-dbg-declare=0 -no-canonical-prefixes -m64 -march=x86-64 -fno-omit-frame-pointer -g1 -gline-tables-only -gcolumn-info -fno-omit-frame-pointer -fsanitize=type -fsanitize-blacklist=../../tools/tysan/blacklist.txt -fvisibility=hidden -Wheader-hygiene -Wstring-conversion -Wtautological-overlap-compare -Werror -Wall -Wno-unused-variable -Wno-missing-field-initializers -Wno-unused-parameter -Wno-c++11-narrowing -Wno-covered-switch-default -Wno-unneeded-internal-declaration -Wno-inconsistent-missing-override -Wno-undefined-var-template -Wno-nonportable-include-path -Wno-address-of-packed-member -Wno-unused-lambda-capture -Wno-user-defined-warnings -Wno-enum-compare-switch -Wno-tautological-unsigned-zero-compare -Wno-null-pointer-arithmetic -Wno-tautological-unsigned-enum-zero-compare -Wno-reorder -Wno-unused-function -Wno-unused-local-typedefs -Wno-unused-private-field -Wno-sign-compare -Wno-unused-result -O2 -fno-ident -fdata-sections -ffunction-sections -std=gnu++14 -fno-rtti -nostdinc++ -isystem../../buildtools/third_party/libc++/trunk/include -isystem../../buildtools/third_party/libc++abi/trunk/include --sysroot=../../build/linux/debian_jessie_amd64-sysroot -fno-exceptions -fvisibility-inlines-hidden -c ../../third_party/tcmalloc/chromium/src/internal_logging.cc -o obj/base/allocator/tcmalloc/internal_logging.o

Instruction does not dominate all uses!

%15 = load i64, i64* @__tysan_app_memory_mask
%1 = and i64 %0, %15

Instruction does not dominate all uses!

%16 = load i64, i64* @__tysan_shadow_memory_address
%3 = add i64 %2, %16

Instruction does not dominate all uses!

%15 = load i64, i64* @__tysan_app_memory_mask
%6 = and i64 %5, %15

Instruction does not dominate all uses!

%16 = load i64, i64* @__tysan_shadow_memory_address
%8 = add i64 %7, %16

Instruction does not dominate all uses!

%15 = load i64, i64* @__tysan_app_memory_mask
%11 = and i64 %10, %15

Instruction does not dominate all uses!

%16 = load i64, i64* @__tysan_shadow_memory_address
%13 = add i64 %12, %16

can provide more info on request... for now I'm just disabling tcmalloc and seeing how much further I can get...

janisozaur added a subscriber: janisozaur.May 16 2018, 5:14 AM
Herald added subscribers: cryptoad, bollu. · View Herald TranscriptMay 16 2018, 5:14 AM
laurent.rineau added a subscriber: laurent.rineau.Sep 17 2018, 9:30 AM
Herald added a subscriber: jfb. · View Herald TranscriptSep 17 2018, 9:30 AM
CJ-Johnson commandeered this revision.Jan 2 2020, 8:10 AM
CJ-Johnson added a reviewer: hfinkel.
CJ-Johnson added a subscriber: CJ-Johnson.

After discussing things with Hal, I'm going to take over these diffs and try to update them to the new pass manager :)

jgorbe added a subscriber: jgorbe.Jun 18 2020, 6:29 PM
MTC added a subscriber: MTC.Aug 16 2021, 7:38 PM
Herald added a subscriber: jeroen.dobbelaere. · View Herald TranscriptAug 16 2021, 7:38 PM
russell.gallop added a subscriber: russell.gallop.Oct 26 2021, 5:00 AM
fhahn mentioned this in D32199: [TySan] A Type Sanitizer (Clang).Mar 29 2022, 12:49 PM
fhahn updated this revision to Diff 418963.Mar 29 2022, 12:54 PM
fhahn edited the summary of this revision. (Show Details)
fhahn added a subscriber: fhahn.

I rebased the patch, but I wasn't able to test it yet as it would need porting to Darwin.

Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptMar 29 2022, 12:54 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Harbormaster completed remote builds in B156827: Diff 418963.Mar 30 2022, 9:57 AM
fhahn updated this revision to Diff 435512.Jun 9 2022, 5:32 AM

Fix cmake scaffolding, support Darwin, only set type info in interceptors after tysan got initialized.

With the current version of the patch stack, all tests expcept 2 pass on macOS X86.

Herald added subscribers: Enna1, fedor.sergeev. · View Herald TranscriptJun 9 2022, 5:32 AM
Harbormaster completed remote builds in B168800: Diff 435512.Jun 9 2022, 5:51 AM
fhahn mentioned this in D32198: [TySan] A Type Sanitizer (LLVM).Jun 27 2022, 9:25 AM
fhahn updated this revision to Diff 440265.Jun 27 2022, 9:27 AM

Add some additional tests, rename .cc files -> .cpp

Harbormaster completed remote builds in B172227: Diff 440265.Jun 27 2022, 10:03 AM
fhahn updated this revision to Diff 469271.Oct 20 2022, 10:11 AM

Rebase on top of current main, all tests now pass on X86 macOS

Harbormaster completed remote builds in B193264: Diff 469271.Oct 20 2022, 10:39 AM
TDHolmes added a subscriber: TDHolmes.Oct 21 2022, 6:17 AM
Enna1 added a child revision: D137414: [TySan] Fix Type Sanitizer build on Linux.Nov 4 2022, 5:29 AM
Enna1 added a parent revision: D32199: [TySan] A Type Sanitizer (Clang).Nov 4 2022, 6:03 AM
thesamesam added a subscriber: thesamesam.Nov 4 2022, 4:19 PM
Enna1 added a comment.Nov 14 2022, 7:22 PM
In D32197#3871692, @fhahn wrote:

Rebase on top of current main, all tests now pass on X86 macOS

Hi @fhahn, I send https://reviews.llvm.org/D137414 which fixed the build and tests on X86 Linux.

fhahn commandeered this revision.Nov 15 2022, 3:35 PM
fhahn added a reviewer: CJ-Johnson.

Commandeering after the recent updates to make review + follow-ups easier.

Matt added a subscriber: Matt.Dec 7 2022, 6:28 PM
albntomat0 added a subscriber: albntomat0.Mar 5 2023, 8:18 AM
Herald added subscribers: yaneury, supersymetrie, Chia-hungDuan, StephenFan. · View Herald TranscriptMar 5 2023, 8:18 AM
fhahn updated this revision to Diff 502608.Mar 6 2023, 5:58 AM

rebased and removed MIPS and PPC from compiler-rt/lib/tysan/tysan_platform.h as it has not been tested.

Harbormaster completed remote builds in B217553: Diff 502608.Mar 6 2023, 6:56 AM
thesamesam added a comment.Mar 7 2023, 12:07 AM

I was able to build the LLVM and Clang components but not the Runtime part on top of commit 2708869801ae00f4681f6b2d9d69b25b3fce26b6:

[761/1099] /usr/lib/ccache/bin/x86_64-pc-linux-gnu-clang++  -I/var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.0_pre20230304/work/compiler-rt/lib/tysan/..  -DNDEBUG -
O2 -pipe -march=native -fdiagnostics-color=always -frecord-gcc-switches -Wreturn-type -ggdb3 -Wall -Wno-unused-parameter -std=c++17 -fcolor-diagnostics -m64 -MD -MT lib/ty
san/CMakeFiles/RTTysan_dynamic.x86_64.dir/tysan_interceptors.cpp.o -MF lib/tysan/CMakeFiles/RTTysan_dynamic.x86_64.dir/tysan_interceptors.cpp.o.d -o lib/tysan/CMakeFiles/R
TTysan_dynamic.x86_64.dir/tysan_interceptors.cpp.o -c /var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.0_pre20230304/work/compiler-rt/lib/tysan/tysan_interceptors.cpp
FAILED: lib/tysan/CMakeFiles/RTTysan_dynamic.x86_64.dir/tysan_interceptors.cpp.o 
/usr/lib/ccache/bin/x86_64-pc-linux-gnu-clang++  -I/var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.0_pre20230304/work/compiler-rt/lib/tysan/..  -DNDEBUG -O2 -pipe -m
arch=native -fdiagnostics-color=always -frecord-gcc-switches -Wreturn-type -ggdb3 -Wall -Wno-unused-parameter -std=c++17 -fcolor-diagnostics -m64 -MD -MT lib/tysan/CMakeFi
les/RTTysan_dynamic.x86_64.dir/tysan_interceptors.cpp.o -MF lib/tysan/CMakeFiles/RTTysan_dynamic.x86_64.dir/tysan_interceptors.cpp.o.d -o lib/tysan/CMakeFiles/RTTysan_dyna
mic.x86_64.dir/tysan_interceptors.cpp.o -c /var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.0_pre20230304/work/compiler-rt/lib/tysan/tysan_interceptors.cpp
/var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.0_pre20230304/work/compiler-rt/lib/tysan/tysan_interceptors.cpp:207:22: error: use of undeclared identifier 'mmap64'; did you mean 'mmap'?
  INTERCEPT_FUNCTION(mmap64);
                     ^~~~~~
                     mmap
/var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.0_pre20230304/work/compiler-rt/lib/tysan/../interception/interception.h:278:71: note: expanded from macro 'INTERCEPT_FUNCTION'
# define INTERCEPT_FUNCTION(func) INTERCEPT_FUNCTION_LINUX_OR_FREEBSD(func)
                                                                      ^
/var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.0_pre20230304/work/compiler-rt/lib/tysan/../interception/interception_linux.h:35:35: note: expanded from macro 'INTERCEPT_FUNCTION_LINUX_OR_FREEBSD'
      (::__interception::uptr) & (func),          \
                                  ^
/var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.0_pre20230304/work/compiler-rt/lib/tysan/tysan_interceptors.cpp:79:21: note: 'mmap' declared here
INTERCEPTOR(void *, mmap, void *addr, SIZE_T length, int prot, int flags,
                    ^
/var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.0_pre20230304/work/compiler-rt/lib/tysan/tysan_interceptors.cpp:207:3: error: no member named 'real_mmap64' in namespace '__interception'; did you mean 'real_mmap'?
  INTERCEPT_FUNCTION(mmap64);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~
/var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.0_pre20230304/work/compiler-rt/lib/tysan/../interception/interception.h:278:35: note: expanded from macro 'INTERCEPT_FUNCTION'
# define INTERCEPT_FUNCTION(func) INTERCEPT_FUNCTION_LINUX_OR_FREEBSD(func)
                                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/var/tmp/portage/sys-libs/compiler-rt-sanitizers-17.0.0_pre20230304/work/compiler-rt/lib/tysan/../interception/interception_linux.h:34:36: note: expanded from macro 'INTER

Happy to do this via email or similar if it's fine with you as it might be easier.

Full log at http://sprunge.us/gfnzM5.

Enna1 added a comment.EditedMar 7 2023, 12:17 AM

Hi @thesamesam, have you tried apply https://reviews.llvm.org/D137414 ?

thesamesam added a comment.Mar 7 2023, 2:33 AM
In D32197#4174353, @Enna1 wrote:

Hi @thesamesam, have you tried apply https://reviews.llvm.org/D137414 ?

Thanks @Enna1, I missed that, it works! TySan also works on a trivial example I've tested. Now trying it on real world programs, woo!

Enna1 added a comment.Mar 7 2023, 3:13 AM

Hi @fhahn , I have tested tysan locally, check-tysan passed on both Linux x86_64 and Linux AArch64.

But there is a small issue when build llvm compiler-rt with COMPILER_RT_DEBUG=ON and run check-tysan:
SanitizerTool: CHECK failed: tysan.cpp:122 "((0)) != (0)" (0x0, 0x0) (tid=288531)

Also if there is any thing I could help landing tysan, I’d be happy to volunteer :)

compiler-rt/lib/tysan/tysan.cpp
70

%zu

122

This line will be executed when TDA points to __tysan_v1_Simple_20C_2fC_2b_2b_20TBAA.
I suggest ether remove this DCHECK(0) or replace it with

if (Verbosity())
  Report("Reach root type descriptor\n");
173

%llu

fhahn updated this revision to Diff 504259.Mar 10 2023, 12:34 PM
fhahn marked 3 inline comments as done.

Address comments, remove ifdef code for ppc and adjust shadow-memory used on ARM64 macOS.

compiler-rt/lib/tysan/tysan.cpp
70

Should be fixed, thanks!

122

Thanks for checking, I updated the code to remove the DCHECK and added a comment.

173

Updated. thanks!

Harbormaster completed remote builds in B218759: Diff 504259.Mar 10 2023, 1:20 PM
phi removed a subscriber: phi.Mar 11 2023, 2:36 PM
leonardchan added a subscriber: leonardchan.Apr 11 2023, 11:38 AM

Also able to confirm the runtime tysan tests pass on linux arm64 and x64, and that I need https://reviews.llvm.org/D137414 to work around the build issue @thesamesam reported. Similar to the LLVM part of this, do you need a rubber stamp lgtm before submitting?

Revision Contents

PathSize
compiler-rt/
cmake/
Modules/
1 line
15 lines
lib/
tysan/
49 lines
35 lines
12 lines
79 lines
345 lines
2 lines
17 lines
231 lines
99 lines
test/
tysan/
32 lines
41 lines
26 lines
27 lines
65 lines
45 lines
31 lines
21 lines
139 lines
17 lines
19 lines
51 lines
26 lines
39 lines
18 lines

Diff 502608

compiler-rt/cmake/Modules/AllSupportedArchDefs.cmake

Show First 20 LinesShow All 56 Lines▼ Show 20 Lines
set(ALL_MSAN_SUPPORTED_ARCH ${X86_64} ${MIPS64} ${ARM64} ${PPC64} ${S390X}) set(ALL_MSAN_SUPPORTED_ARCH ${X86_64} ${MIPS64} ${ARM64} ${PPC64} ${S390X})
set(ALL_HWASAN_SUPPORTED_ARCH ${X86_64} ${ARM64} ${RISCV64}) set(ALL_HWASAN_SUPPORTED_ARCH ${X86_64} ${ARM64} ${RISCV64})
set(ALL_MEMPROF_SUPPORTED_ARCH ${X86_64}) set(ALL_MEMPROF_SUPPORTED_ARCH ${X86_64})
set(ALL_PROFILE_SUPPORTED_ARCH ${X86} ${X86_64} ${ARM32} ${ARM64} ${PPC32} ${PPC64} set(ALL_PROFILE_SUPPORTED_ARCH ${X86} ${X86_64} ${ARM32} ${ARM64} ${PPC32} ${PPC64}
${MIPS32} ${MIPS64} ${S390X} ${SPARC} ${SPARCV9} ${HEXAGON} ${MIPS32} ${MIPS64} ${S390X} ${SPARC} ${SPARCV9} ${HEXAGON}
${RISCV32} ${RISCV64}) ${RISCV32} ${RISCV64})
set(ALL_TSAN_SUPPORTED_ARCH ${X86_64} ${MIPS64} ${ARM64} ${PPC64} ${S390X} set(ALL_TSAN_SUPPORTED_ARCH ${X86_64} ${MIPS64} ${ARM64} ${PPC64} ${S390X}
${LOONGARCH64}) ${LOONGARCH64})
set(ALL_TYSAN_SUPPORTED_ARCH ${X86_64} ${ARM64})
set(ALL_UBSAN_SUPPORTED_ARCH ${X86} ${X86_64} ${ARM32} ${ARM64} ${RISCV64} set(ALL_UBSAN_SUPPORTED_ARCH ${X86} ${X86_64} ${ARM32} ${ARM64} ${RISCV64}
${MIPS32} ${MIPS64} ${PPC64} ${S390X} ${SPARC} ${SPARCV9} ${HEXAGON} ${MIPS32} ${MIPS64} ${PPC64} ${S390X} ${SPARC} ${SPARCV9} ${HEXAGON}
${LOONGARCH64}) ${LOONGARCH64})
set(ALL_SAFESTACK_SUPPORTED_ARCH ${X86} ${X86_64} ${ARM64} ${MIPS32} ${MIPS64} set(ALL_SAFESTACK_SUPPORTED_ARCH ${X86} ${X86_64} ${ARM64} ${MIPS32} ${MIPS64}
${HEXAGON} ${LOONGARCH64}) ${HEXAGON} ${LOONGARCH64})
set(ALL_CFI_SUPPORTED_ARCH ${X86} ${X86_64} ${ARM32} ${ARM64} ${MIPS64} set(ALL_CFI_SUPPORTED_ARCH ${X86} ${X86_64} ${ARM32} ${ARM64} ${MIPS64}
${HEXAGON}) ${HEXAGON})
set(ALL_SCUDO_STANDALONE_SUPPORTED_ARCH ${X86} ${X86_64} ${ARM32} ${ARM64} set(ALL_SCUDO_STANDALONE_SUPPORTED_ARCH ${X86} ${X86_64} ${ARM32} ${ARM64}
Show All 16 Lines

compiler-rt/cmake/config-ix.cmake

Show First 20 LinesShow All 433 Lines▼ Show 20 Lines if(COMPILER_RT_ENABLE_TVOS)
set(DARWIN_tvossim_MIN_VER_FLAG -mtvos-simulator-version-min) set(DARWIN_tvossim_MIN_VER_FLAG -mtvos-simulator-version-min)
set(DARWIN_tvossim_SANITIZER_MIN_VER_FLAG set(DARWIN_tvossim_SANITIZER_MIN_VER_FLAG
${DARWIN_tvossim_MIN_VER_FLAG}=${DARWIN_tvos_MIN_VER}) ${DARWIN_tvossim_MIN_VER_FLAG}=${DARWIN_tvos_MIN_VER})
endif() endif()
set(SANITIZER_COMMON_SUPPORTED_OS osx) set(SANITIZER_COMMON_SUPPORTED_OS osx)
set(PROFILE_SUPPORTED_OS osx) set(PROFILE_SUPPORTED_OS osx)
set(TSAN_SUPPORTED_OS osx) set(TSAN_SUPPORTED_OS osx)
set(TYSAN_SUPPORTED_OS osx)
set(XRAY_SUPPORTED_OS osx) set(XRAY_SUPPORTED_OS osx)
set(FUZZER_SUPPORTED_OS osx) set(FUZZER_SUPPORTED_OS osx)
set(ORC_SUPPORTED_OS osx) set(ORC_SUPPORTED_OS osx)
set(UBSAN_SUPPORTED_OS osx) set(UBSAN_SUPPORTED_OS osx)
set(LSAN_SUPPORTED_OS osx) set(LSAN_SUPPORTED_OS osx)
set(STATS_SUPPORTED_OS osx) set(STATS_SUPPORTED_OS osx)
# Note: In order to target x86_64h on OS X the minimum deployment target must # Note: In order to target x86_64h on OS X the minimum deployment target must
▲ Show 20 LinesShow All 111 Lines▼ Show 20 Lines foreach(platform ${DARWIN_EMBEDDED_PLATFORMS})
list_intersect(DARWIN_${platform}_TSAN_ARCHS DARWIN_${platform}_ARCHS ALL_TSAN_SUPPORTED_ARCH) list_intersect(DARWIN_${platform}_TSAN_ARCHS DARWIN_${platform}_ARCHS ALL_TSAN_SUPPORTED_ARCH)
if(DARWIN_${platform}_TSAN_ARCHS) if(DARWIN_${platform}_TSAN_ARCHS)
list(APPEND TSAN_SUPPORTED_OS ${platform}) list(APPEND TSAN_SUPPORTED_OS ${platform})
endif() endif()
list(APPEND FUZZER_SUPPORTED_OS ${platform}) list(APPEND FUZZER_SUPPORTED_OS ${platform})
list(APPEND ORC_SUPPORTED_OS ${platform}) list(APPEND ORC_SUPPORTED_OS ${platform})
list(APPEND UBSAN_SUPPORTED_OS ${platform}) list(APPEND UBSAN_SUPPORTED_OS ${platform})
list(APPEND TYSAN_SUPPORTED_OS ${platform})
list(APPEND LSAN_SUPPORTED_OS ${platform}) list(APPEND LSAN_SUPPORTED_OS ${platform})
list(APPEND STATS_SUPPORTED_OS ${platform}) list(APPEND STATS_SUPPORTED_OS ${platform})
endif() endif()
foreach(arch ${DARWIN_${platform}_ARCHS}) foreach(arch ${DARWIN_${platform}_ARCHS})
list(APPEND COMPILER_RT_SUPPORTED_ARCH ${arch}) list(APPEND COMPILER_RT_SUPPORTED_ARCH ${arch})
set(CAN_TARGET_${arch} 1) set(CAN_TARGET_${arch} 1)
endforeach() endforeach()
endif() endif()
Show All 32 Lines list_intersect(HWASAN_SUPPORTED_ARCH
ALL_HWASAN_SUPPORTED_ARCH ALL_HWASAN_SUPPORTED_ARCH
SANITIZER_COMMON_SUPPORTED_ARCH) SANITIZER_COMMON_SUPPORTED_ARCH)
list_intersect(MEMPROF_SUPPORTED_ARCH list_intersect(MEMPROF_SUPPORTED_ARCH
ALL_MEMPROF_SUPPORTED_ARCH ALL_MEMPROF_SUPPORTED_ARCH
SANITIZER_COMMON_SUPPORTED_ARCH) SANITIZER_COMMON_SUPPORTED_ARCH)
list_intersect(PROFILE_SUPPORTED_ARCH list_intersect(PROFILE_SUPPORTED_ARCH
ALL_PROFILE_SUPPORTED_ARCH ALL_PROFILE_SUPPORTED_ARCH
SANITIZER_COMMON_SUPPORTED_ARCH) SANITIZER_COMMON_SUPPORTED_ARCH)
list_intersect(TYSAN_SUPPORTED_ARCH
ALL_TYSAN_SUPPORTED_ARCH
SANITIZER_COMMON_SUPPORTED_ARCH)
list_intersect(TSAN_SUPPORTED_ARCH list_intersect(TSAN_SUPPORTED_ARCH
ALL_TSAN_SUPPORTED_ARCH ALL_TSAN_SUPPORTED_ARCH
SANITIZER_COMMON_SUPPORTED_ARCH) SANITIZER_COMMON_SUPPORTED_ARCH)
list_intersect(UBSAN_SUPPORTED_ARCH list_intersect(UBSAN_SUPPORTED_ARCH
ALL_UBSAN_SUPPORTED_ARCH ALL_UBSAN_SUPPORTED_ARCH
SANITIZER_COMMON_SUPPORTED_ARCH) SANITIZER_COMMON_SUPPORTED_ARCH)
list_intersect(SAFESTACK_SUPPORTED_ARCH list_intersect(SAFESTACK_SUPPORTED_ARCH
ALL_SAFESTACK_SUPPORTED_ARCH ALL_SAFESTACK_SUPPORTED_ARCH
Show All 30 Lineselse()
filter_available_targets(ASAN_SUPPORTED_ARCH ${ALL_ASAN_SUPPORTED_ARCH}) filter_available_targets(ASAN_SUPPORTED_ARCH ${ALL_ASAN_SUPPORTED_ARCH})
filter_available_targets(FUZZER_SUPPORTED_ARCH ${ALL_FUZZER_SUPPORTED_ARCH}) filter_available_targets(FUZZER_SUPPORTED_ARCH ${ALL_FUZZER_SUPPORTED_ARCH})
filter_available_targets(DFSAN_SUPPORTED_ARCH ${ALL_DFSAN_SUPPORTED_ARCH}) filter_available_targets(DFSAN_SUPPORTED_ARCH ${ALL_DFSAN_SUPPORTED_ARCH})
filter_available_targets(LSAN_SUPPORTED_ARCH ${ALL_LSAN_SUPPORTED_ARCH}) filter_available_targets(LSAN_SUPPORTED_ARCH ${ALL_LSAN_SUPPORTED_ARCH})
filter_available_targets(MSAN_SUPPORTED_ARCH ${ALL_MSAN_SUPPORTED_ARCH}) filter_available_targets(MSAN_SUPPORTED_ARCH ${ALL_MSAN_SUPPORTED_ARCH})
filter_available_targets(HWASAN_SUPPORTED_ARCH ${ALL_HWASAN_SUPPORTED_ARCH}) filter_available_targets(HWASAN_SUPPORTED_ARCH ${ALL_HWASAN_SUPPORTED_ARCH})
filter_available_targets(MEMPROF_SUPPORTED_ARCH ${ALL_MEMPROF_SUPPORTED_ARCH}) filter_available_targets(MEMPROF_SUPPORTED_ARCH ${ALL_MEMPROF_SUPPORTED_ARCH})
filter_available_targets(PROFILE_SUPPORTED_ARCH ${ALL_PROFILE_SUPPORTED_ARCH}) filter_available_targets(PROFILE_SUPPORTED_ARCH ${ALL_PROFILE_SUPPORTED_ARCH})
filter_available_targets(TYSAN_SUPPORTED_ARCH ${ALL_TYSAN_SUPPORTED_ARCH})
filter_available_targets(TSAN_SUPPORTED_ARCH ${ALL_TSAN_SUPPORTED_ARCH}) filter_available_targets(TSAN_SUPPORTED_ARCH ${ALL_TSAN_SUPPORTED_ARCH})
filter_available_targets(UBSAN_SUPPORTED_ARCH ${ALL_UBSAN_SUPPORTED_ARCH}) filter_available_targets(UBSAN_SUPPORTED_ARCH ${ALL_UBSAN_SUPPORTED_ARCH})
filter_available_targets(SAFESTACK_SUPPORTED_ARCH filter_available_targets(SAFESTACK_SUPPORTED_ARCH
${ALL_SAFESTACK_SUPPORTED_ARCH}) ${ALL_SAFESTACK_SUPPORTED_ARCH})
filter_available_targets(CFI_SUPPORTED_ARCH ${ALL_CFI_SUPPORTED_ARCH}) filter_available_targets(CFI_SUPPORTED_ARCH ${ALL_CFI_SUPPORTED_ARCH})
filter_available_targets(SCUDO_STANDALONE_SUPPORTED_ARCH ${ALL_SCUDO_STANDALONE_SUPPORTED_ARCH}) filter_available_targets(SCUDO_STANDALONE_SUPPORTED_ARCH ${ALL_SCUDO_STANDALONE_SUPPORTED_ARCH})
filter_available_targets(XRAY_SUPPORTED_ARCH ${ALL_XRAY_SUPPORTED_ARCH}) filter_available_targets(XRAY_SUPPORTED_ARCH ${ALL_XRAY_SUPPORTED_ARCH})
filter_available_targets(SHADOWCALLSTACK_SUPPORTED_ARCH filter_available_targets(SHADOWCALLSTACK_SUPPORTED_ARCH
Show All 28 Lines
find_program(GNU_LD_EXECUTABLE NAMES ${LLVM_DEFAULT_TARGET_TRIPLE}-ld.bfd ld.bfd DOC "GNU ld") find_program(GNU_LD_EXECUTABLE NAMES ${LLVM_DEFAULT_TARGET_TRIPLE}-ld.bfd ld.bfd DOC "GNU ld")
find_program(GOLD_EXECUTABLE NAMES ${LLVM_DEFAULT_TARGET_TRIPLE}-ld.gold ld.gold DOC "GNU gold") find_program(GOLD_EXECUTABLE NAMES ${LLVM_DEFAULT_TARGET_TRIPLE}-ld.gold ld.gold DOC "GNU gold")
if(COMPILER_RT_SUPPORTED_ARCH) if(COMPILER_RT_SUPPORTED_ARCH)
list(REMOVE_DUPLICATES COMPILER_RT_SUPPORTED_ARCH) list(REMOVE_DUPLICATES COMPILER_RT_SUPPORTED_ARCH)
endif() endif()
message(STATUS "Compiler-RT supported architectures: ${COMPILER_RT_SUPPORTED_ARCH}") message(STATUS "Compiler-RT supported architectures: ${COMPILER_RT_SUPPORTED_ARCH}")
set(ALL_SANITIZERS asan;dfsan;msan;hwasan;tsan;safestack;cfi;scudo_standalone;ubsan_minimal;gwp_asan) set(ALL_SANITIZERS asan;dfsan;msan;hwasan;tsan;tysan;safestack;cfi;scudo_standalone;ubsan_minimal;gwp_asan)
set(COMPILER_RT_SANITIZERS_TO_BUILD all CACHE STRING set(COMPILER_RT_SANITIZERS_TO_BUILD all CACHE STRING
"sanitizers to build if supported on the target (all;${ALL_SANITIZERS})") "sanitizers to build if supported on the target (all;${ALL_SANITIZERS})")
list_replace(COMPILER_RT_SANITIZERS_TO_BUILD all "${ALL_SANITIZERS}") list_replace(COMPILER_RT_SANITIZERS_TO_BUILD all "${ALL_SANITIZERS}")
if (SANITIZER_COMMON_SUPPORTED_ARCH AND NOT LLVM_USE_SANITIZER AND if (SANITIZER_COMMON_SUPPORTED_ARCH AND NOT LLVM_USE_SANITIZER AND
(OS_NAME MATCHES "Android|Darwin|Linux|FreeBSD|NetBSD|Fuchsia|SunOS" OR (OS_NAME MATCHES "Android|Darwin|Linux|FreeBSD|NetBSD|Fuchsia|SunOS" OR
(OS_NAME MATCHES "Windows" AND NOT CYGWIN AND (OS_NAME MATCHES "Windows" AND NOT CYGWIN AND
(NOT MINGW OR CMAKE_CXX_COMPILER_ID MATCHES "Clang")))) (NOT MINGW OR CMAKE_CXX_COMPILER_ID MATCHES "Clang"))))
▲ Show 20 LinesShow All 59 Lines▼ Show 20 Lines
if (PROFILE_SUPPORTED_ARCH AND NOT LLVM_USE_SANITIZER AND if (PROFILE_SUPPORTED_ARCH AND NOT LLVM_USE_SANITIZER AND
OS_NAME MATCHES "Darwin|Linux|FreeBSD|Windows|Android|Fuchsia|SunOS|NetBSD|AIX") OS_NAME MATCHES "Darwin|Linux|FreeBSD|Windows|Android|Fuchsia|SunOS|NetBSD|AIX")
set(COMPILER_RT_HAS_PROFILE TRUE) set(COMPILER_RT_HAS_PROFILE TRUE)
else() else()
set(COMPILER_RT_HAS_PROFILE FALSE) set(COMPILER_RT_HAS_PROFILE FALSE)
endif() endif()
if (COMPILER_RT_HAS_SANITIZER_COMMON AND TYSAN_SUPPORTED_ARCH AND
OS_NAME MATCHES "Linux|Darwin")
set(COMPILER_RT_HAS_TYSAN TRUE)
else()
set(COMPILER_RT_HAS_TYSAN FALSE)
endif()
if (COMPILER_RT_HAS_SANITIZER_COMMON AND TSAN_SUPPORTED_ARCH) if (COMPILER_RT_HAS_SANITIZER_COMMON AND TSAN_SUPPORTED_ARCH)
if (OS_NAME MATCHES "Linux|Darwin|FreeBSD|NetBSD") if (OS_NAME MATCHES "Linux|Darwin|FreeBSD|NetBSD")
set(COMPILER_RT_HAS_TSAN TRUE) set(COMPILER_RT_HAS_TSAN TRUE)
elseif (OS_NAME MATCHES "Android" AND ANDROID_PLATFORM_LEVEL GREATER 23) elseif (OS_NAME MATCHES "Android" AND ANDROID_PLATFORM_LEVEL GREATER 23)
set(COMPILER_RT_HAS_TSAN TRUE) set(COMPILER_RT_HAS_TSAN TRUE)
else() else()
set(COMPILER_RT_HAS_TSAN FALSE) set(COMPILER_RT_HAS_TSAN FALSE)
endif() endif()
▲ Show 20 LinesShow All 90 LinesShow Last 20 Lines

compiler-rt/lib/tysan/CMakeLists.txt

  • This file was added.
include_directories(..)
# Runtime library sources and build flags.
set(TYSAN_SOURCES
tysan.cpp
tysan_interceptors.cpp)
set(TYSAN_COMMON_CFLAGS ${SANITIZER_COMMON_CFLAGS})
append_rtti_flag(OFF TYSAN_COMMON_CFLAGS)
# Prevent clang from generating libc calls.
append_list_if(COMPILER_RT_HAS_FFREESTANDING_FLAG -ffreestanding TYSAN_COMMON_CFLAGS)
add_compiler_rt_object_libraries(RTTysan_dynamic
OS ${SANITIZER_COMMON_SUPPORTED_OS}
ARCHS ${TYSAN_SUPPORTED_ARCH}
SOURCES ${TYSAN_SOURCES}
ADDITIONAL_HEADERS ${TYSAN_HEADERS}
CFLAGS ${TYSAN_DYNAMIC_CFLAGS}
DEFS ${TYSAN_DYNAMIC_DEFINITIONS})
# Static runtime library.
add_compiler_rt_component(tysan)
if(APPLE)
add_weak_symbols("sanitizer_common" WEAK_SYMBOL_LINK_FLAGS)
add_compiler_rt_runtime(clang_rt.tysan
SHARED
OS ${SANITIZER_COMMON_SUPPORTED_OS}
ARCHS ${TYSAN_SUPPORTED_ARCH}
OBJECT_LIBS RTTysan_dynamic
RTInterception
RTSanitizerCommon
RTSanitizerCommonLibc
RTSanitizerCommonSymbolizer
CFLAGS ${TYSAN_DYNAMIC_CFLAGS}
LINK_FLAGS ${WEAK_SYMBOL_LINK_FLAGS}
DEFS ${TYSAN_DYNAMIC_DEFINITIONS}
PARENT_TARGET tysan)
add_compiler_rt_runtime(clang_rt.tysan_static
STATIC
ARCHS ${TYSAN_SUPPORTED_ARCH}
OBJECT_LIBS RTTysan_static
CFLAGS ${TYSAN_CFLAGS}
DEFS ${TYSAN_COMMON_DEFINITIONS}
PARENT_TARGET tysan)
endif()

compiler-rt/lib/tysan/lit.cfg

  • This file was added.
# -*- Python -*-
import os
# Setup config name.
config.name = 'TypeSanitizer' + getattr(config, 'name_suffix', 'default')
# Setup source root.
config.test_source_root = os.path.dirname(__file__)
# Setup default compiler flags used with -fsanitize=type option.
clang_tysan_cflags = (["-fsanitize=type",
"-mno-omit-leaf-frame-pointer",
"-fno-omit-frame-pointer",
"-fno-optimize-sibling-calls"] +
[config.target_cflags] +
config.debug_info_flags)
clang_tysan_cxxflags = config.cxx_mode_flags + clang_tysan_cflags
def build_invocation(compile_flags):
return " " + " ".join([config.clang] + compile_flags) + " "
config.substitutions.append( ("%clang_tysan ", build_invocation(clang_tysan_cflags)) )
config.substitutions.append( ("%clangxx_tysan ", build_invocation(clang_tysan_cxxflags)) )
# Default test suffixes.
config.suffixes = ['.c', '.cc', '.cpp']
# TypeSanitizer tests are currently supported on Linux only.
if config.host_os not in ['Linux']:
config.unsupported = True
if config.target_arch != 'aarch64':
config.available_features.add('stable-runtime')

compiler-rt/lib/tysan/lit.site.cfg.in

  • This file was added.
@LIT_SITE_CFG_IN_HEADER@
# Tool-specific config options.
config.name_suffix = "@TYSAN_TEST_CONFIG_SUFFIX@"
config.target_cflags = "@TYSAN_TEST_TARGET_CFLAGS@"
config.target_arch = "@TYSAN_TEST_TARGET_ARCH@"
# Load common config for all compiler-rt lit tests.
lit_config.load_config(config, "@COMPILER_RT_BINARY_DIR@/test/lit.common.configured")
# Load tool-specific config that would do the real work.
lit_config.load_config(config, "@TYSAN_LIT_SOURCE_DIR@/lit.cfg")

compiler-rt/lib/tysan/tysan.h

  • This file was added.
//===-- tysan.h -------------------------------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This file is a part of TypeSanitizer.
//
// Private TySan header.
//===----------------------------------------------------------------------===//
#ifndef TYSAN_H
#define TYSAN_H
#include "sanitizer_common/sanitizer_internal_defs.h"
using __sanitizer::sptr;
using __sanitizer::u16;
using __sanitizer::uptr;
#include "tysan_platform.h"
extern "C" {
void tysan_set_type_unknown(const void *addr, uptr size);
void tysan_copy_types(const void *daddr, const void *saddr, uptr size);
}
namespace __tysan {
extern bool tysan_inited;
extern bool tysan_init_is_running;
void InitializeInterceptors();
enum { TYSAN_MEMBER_TD = 1, TYSAN_STRUCT_TD = 2 };
struct tysan_member_type_descriptor {
struct tysan_type_descriptor *Base;
struct tysan_type_descriptor *Access;
uptr Offset;
};
struct tysan_struct_type_descriptor {
uptr MemberCount;
struct {
struct tysan_type_descriptor *Type;
uptr Offset;
} Members[1]; // Tail allocated.
// char Name[]; // Tail allocated.
};
struct tysan_type_descriptor {
uptr Tag;
union {
tysan_member_type_descriptor Member;
tysan_struct_type_descriptor Struct;
};
};
inline tysan_type_descriptor **shadow_for(const void *ptr) {
return (tysan_type_descriptor **)((((uptr)ptr) & AppMask()) * sizeof(ptr) +
ShadowAddr());
}
struct Flags {
#define TYSAN_FLAG(Type, Name, DefaultValue, Description) Type Name;
#include "tysan_flags.inc"
#undef TYSAN_FLAG
void SetDefaults();
};
extern Flags flags_data;
inline Flags &flags() { return flags_data; }
} // namespace __tysan
#endif // TYSAN_H

compiler-rt/lib/tysan/tysan.cpp

  • This file was added.
//===-- tysan.cpp ---------------------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This file is a part of TypeSanitizer.
//
// TypeSanitizer runtime.
//===----------------------------------------------------------------------===//
#include "sanitizer_common/sanitizer_atomic.h"
#include "sanitizer_common/sanitizer_common.h"
#include "sanitizer_common/sanitizer_flag_parser.h"
#include "sanitizer_common/sanitizer_flags.h"
#include "sanitizer_common/sanitizer_libc.h"
#include "sanitizer_common/sanitizer_report_decorator.h"
#include "sanitizer_common/sanitizer_stacktrace.h"
#include "sanitizer_common/sanitizer_symbolizer.h"
#include "tysan/tysan.h"
using namespace __sanitizer;
using namespace __tysan;
extern "C" SANITIZER_INTERFACE_ATTRIBUTE void
tysan_set_type_unknown(const void *addr, uptr size) {
if (tysan_inited)
internal_memset(shadow_for(addr), 0, size * sizeof(uptr));
}
extern "C" SANITIZER_INTERFACE_ATTRIBUTE void
tysan_copy_types(const void *daddr, const void *saddr, uptr size) {
if (tysan_inited)
internal_memmove(shadow_for(daddr), shadow_for(saddr), size * sizeof(uptr));
}
static const char *getDisplayName(const char *Name) {
if (Name[0] == '\0')
return "<anonymous type>";
// Clang generates tags for C++ types that demangle as typeinfo. Remove the
// prefix from the generated string.
const char TIPrefix[] = "typeinfo name for ";
const char *DName = Symbolizer::GetOrInit()->Demangle(Name);
if (!internal_strncmp(DName, TIPrefix, sizeof(TIPrefix) - 1))
DName += sizeof(TIPrefix) - 1;
return DName;
}
static void printTDName(tysan_type_descriptor *td) {
if (((sptr)td) <= 0) {
Printf("<unknown type>");
return;
}
switch (td->Tag) {
default:
DCHECK(0);
break;
case TYSAN_MEMBER_TD:
printTDName(td->Member.Access);
if (td->Member.Access != td->Member.Base) {
Printf(" (in ");
printTDName(td->Member.Base);
Printf(" at offset %u)", td->Member.Offset);
Enna1Unsubmitted
Done
ReplyInline Actions

%zu

Enna1: %zu
fhahnAuthorUnsubmitted
Done
ReplyInline Actions

Should be fixed, thanks!

fhahn: Should be fixed, thanks!
}
break;
case TYSAN_STRUCT_TD:
Printf("%s", getDisplayName(
(char *)(td->Struct.Members + td->Struct.MemberCount)));
break;
}
}
static tysan_type_descriptor *getRootTD(tysan_type_descriptor *TD) {
tysan_type_descriptor *RootTD = TD;
do {
RootTD = TD;
if (TD->Tag == TYSAN_STRUCT_TD) {
if (TD->Struct.MemberCount > 0)
TD = TD->Struct.Members[0].Type;
else
TD = nullptr;
} else if (TD->Tag == TYSAN_MEMBER_TD) {
TD = TD->Member.Access;
} else {
DCHECK(0);
break;
}
} while (TD);
return RootTD;
}
static bool isAliasingLegalUp(tysan_type_descriptor *TDA,
tysan_type_descriptor *TDB) {
// Walk up the tree starting with TDA to see if we reach TDB.
uptr OffsetA = 0, OffsetB = 0;
if (TDB->Tag == TYSAN_MEMBER_TD) {
OffsetB = TDB->Member.Offset;
TDB = TDB->Member.Base;
}
if (TDA->Tag == TYSAN_MEMBER_TD) {
OffsetA = TDA->Member.Offset;
TDA = TDA->Member.Base;
}
do {
if (TDA == TDB)
return OffsetA == OffsetB;
if (TDA->Tag == TYSAN_STRUCT_TD) {
if (!TDA->Struct.MemberCount) {
DCHECK(0);
Enna1Unsubmitted
Done
ReplyInline Actions

This line will be executed when TDA points to __tysan_v1_Simple_20C_2fC_2b_2b_20TBAA.
I suggest ether remove this DCHECK(0) or replace it with

if (Verbosity())
  Report("Reach root type descriptor\n");
Enna1: This line will be executed when TDA points to __tysan_v1_Simple_20C_2fC_2b_2b_20TBAA. I suggest…
fhahnAuthorUnsubmitted
Done
ReplyInline Actions

Thanks for checking, I updated the code to remove the DCHECK and added a comment.

fhahn: Thanks for checking, I updated the code to remove the DCHECK and added a comment.
break;
}
uptr Idx = 0;
for (; Idx < TDA->Struct.MemberCount - 1; ++Idx) {
if (TDA->Struct.Members[Idx].Offset >= OffsetA)
break;
}
OffsetA -= TDA->Struct.Members[Idx].Offset;
TDA = TDA->Struct.Members[Idx].Type;
} else {
DCHECK(0);
break;
}
} while (TDA);
return false;
}
static bool isAliasingLegal(tysan_type_descriptor *TDA,
tysan_type_descriptor *TDB) {
if (TDA == TDB || !TDB || !TDA)
return true;
// Aliasing is legal is the two types have different root nodes.
if (getRootTD(TDA) != getRootTD(TDB))
return true;
return isAliasingLegalUp(TDA, TDB) || isAliasingLegalUp(TDB, TDA);
}
namespace __tysan {
class Decorator : public __sanitizer::SanitizerCommonDecorator {
public:
Decorator() : SanitizerCommonDecorator() {}
const char *Warning() { return Red(); }
const char *Name() { return Green(); }
const char *End() { return Default(); }
};
} // namespace __tysan
ALWAYS_INLINE
static void reportError(void *Addr, int Size, tysan_type_descriptor *TD,
tysan_type_descriptor *OldTD, const char *AccessStr,
const char *DescStr, int Offset, uptr pc, uptr bp,
uptr sp) {
Decorator d;
Printf("%s", d.Warning());
Report("ERROR: TypeSanitizer: type-aliasing-violation on address %p"
" (pc %p bp %p sp %p tid %d)\n",
Enna1Unsubmitted
Done
ReplyInline Actions

%llu

Enna1: %llu
fhahnAuthorUnsubmitted
Done
ReplyInline Actions

Updated. thanks!

fhahn: Updated. thanks!
Addr, (void *)pc, (void *)bp, (void *)sp, GetTid());
Printf("%s", d.End());
Printf("%s of size %d at %p with type ", AccessStr, Size, Addr);
Printf("%s", d.Name());
printTDName(TD);
Printf("%s", d.End());
Printf(" %s of type ", DescStr);
Printf("%s", d.Name());
printTDName(OldTD);
Printf("%s", d.End());
if (Offset != 0)
Printf(" that starts at offset %d\n", Offset);
else
Printf("\n");
if (pc) {
bool request_fast = StackTrace::WillUseFastUnwind(true);
BufferedStackTrace ST;
ST.Unwind(kStackTraceMax, pc, bp, 0, 0, 0, request_fast);
ST.Print();
} else {
Printf("\n");
}
}
extern "C" SANITIZER_INTERFACE_ATTRIBUTE void
__tysan_check(void *addr, int size, tysan_type_descriptor *td, int flags) {
GET_CALLER_PC_BP_SP;
bool IsRead = flags & 1;
bool IsWrite = flags & 2;
const char *AccessStr;
if (IsRead && !IsWrite)
AccessStr = "READ";
else if (!IsRead && IsWrite)
AccessStr = "WRITE";
else
AccessStr = "ATOMIC UPDATE";
tysan_type_descriptor **OldTDPtr = shadow_for(addr);
tysan_type_descriptor *OldTD = *OldTDPtr;
if (((sptr)OldTD) < 0) {
int i = -((sptr)OldTD);
OldTDPtr -= i;
OldTD = *OldTDPtr;
if (!isAliasingLegal(td, OldTD))
reportError(addr, size, td, OldTD, AccessStr,
"accesses part of an existing object", -i, pc, bp, sp);
return;
}
if (!isAliasingLegal(td, OldTD)) {
reportError(addr, size, td, OldTD, AccessStr, "accesses an existing object",
0, pc, bp, sp);
return;
}
// These types are allowed to alias (or the stored type is unknown), report
// an error if we find an interior type.
for (int i = 0; i < size; ++i) {
OldTDPtr = shadow_for((void *)(((uptr)addr) + i));
OldTD = *OldTDPtr;
if (((sptr)OldTD) >= 0 && !isAliasingLegal(td, OldTD))
reportError(addr, size, td, OldTD, AccessStr,
"partially accesses an object", i, pc, bp, sp);
}
}
Flags __tysan::flags_data;
SANITIZER_INTERFACE_ATTRIBUTE uptr __tysan_shadow_memory_address;
SANITIZER_INTERFACE_ATTRIBUTE uptr __tysan_app_memory_mask;
#ifdef TYSAN_RUNTIME_VMA
// Runtime detected VMA size.
int __tysan::vmaSize;
#endif
void Flags::SetDefaults() {
#define TYSAN_FLAG(Type, Name, DefaultValue, Description) Name = DefaultValue;
#include "tysan_flags.inc"
#undef TYSAN_FLAG
}
static void RegisterTySanFlags(FlagParser *parser, Flags *f) {
#define TYSAN_FLAG(Type, Name, DefaultValue, Description) \
RegisterFlag(parser, #Name, Description, &f->Name);
#include "tysan_flags.inc"
#undef TYSAN_FLAG
}
static void InitializeFlags() {
SetCommonFlagsDefaults();
{
CommonFlags cf;
cf.CopyFrom(*common_flags());
cf.external_symbolizer_path = GetEnv("TYSAN_SYMBOLIZER_PATH");
OverrideCommonFlags(cf);
}
flags().SetDefaults();
FlagParser parser;
RegisterCommonFlags(&parser);
RegisterTySanFlags(&parser, &flags());
parser.ParseString(GetEnv("TYSAN_OPTIONS"));
InitializeCommonFlags();
if (Verbosity())
ReportUnrecognizedFlags();
if (common_flags()->help)
parser.PrintFlagDescriptions();
}
static void TySanInitializePlatformEarly() {
AvoidCVE_2016_2143();
#ifdef TYSAN_RUNTIME_VMA
vmaSize = (MostSignificantSetBitIndex(GET_CURRENT_FRAME()) + 1);
#if defined(__aarch64__)
if (vmaSize != 39 && vmaSize != 42 && vmaSize != 48) {
Printf("FATAL: TypeSanitizer: unsupported VMA range\n");
Printf("FATAL: Found %d - Supported 39, 42 and 48\n", vmaSize);
Die();
}
#elif defined(__powerpc64__)
if (vmaSize != 44 && vmaSize != 46) {
Printf("FATAL: TypeSanitizer: unsupported VMA range\n");
Printf("FATAL: Found %d - Supported 44 and 46\n", vmaSize);
Die();
}
#endif
#endif
__sanitizer::InitializePlatformEarly();
__tysan_shadow_memory_address = ShadowAddr();
__tysan_app_memory_mask = AppMask();
}
namespace __tysan {
bool tysan_inited = false;
bool tysan_init_is_running;
} // namespace __tysan
extern "C" SANITIZER_INTERFACE_ATTRIBUTE void __tysan_init() {
CHECK(!tysan_init_is_running);
if (tysan_inited)
return;
tysan_init_is_running = true;
InitializeFlags();
TySanInitializePlatformEarly();
InitializeInterceptors();
MmapFixedNoReserve(ShadowAddr(), AppAddr() - ShadowAddr());
tysan_init_is_running = false;
tysan_inited = true;
}
#if SANITIZER_CAN_USE_PREINIT_ARRAY
__attribute__((section(".preinit_array"),
used)) static void (*tysan_init_ptr)() = __tysan_init;
#endif

compiler-rt/lib/tysan/tysan.syms.extra

  • This file was added.
tysan_*
__tysan_*

compiler-rt/lib/tysan/tysan_flags.inc

  • This file was added.
//===-- tysan_flags.inc ---------------------------------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// TySan runtime flags.
//
//===----------------------------------------------------------------------===//
#ifndef TYSAN_FLAG
#error "Define TYSAN_FLAG prior to including this file!"
#endif
// TYSAN_FLAG(Type, Name, DefaultValue, Description)
// See COMMON_FLAG in sanitizer_flags.inc for more details.

compiler-rt/lib/tysan/tysan_interceptors.cpp

  • This file was added.
//===-- tysan_interceptors.cpp --------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This file is a part of TypeSanitizer.
//
// Interceptors for standard library functions.
//===----------------------------------------------------------------------===//
#include "interception/interception.h"
#include "sanitizer_common/sanitizer_common.h"
#include "tysan/tysan.h"
#if SANITIZER_LINUX && !SANITIZER_ANDROID
#define TYSAN_INTERCEPT___STRDUP 1
#else
#define TYSAN_INTERCEPT___STRDUP 0
#endif
#if SANITIZER_LINUX
extern "C" int mallopt(int param, int value);
#endif
using namespace __sanitizer;
using namespace __tysan;
static const uptr early_alloc_buf_size = 16384;
static uptr allocated_bytes;
static char early_alloc_buf[early_alloc_buf_size];
static bool isInEarlyAllocBuf(const void *ptr) {
return ((uptr)ptr >= (uptr)early_alloc_buf &&
((uptr)ptr - (uptr)early_alloc_buf) < sizeof(early_alloc_buf));
}
// Handle allocation requests early (before all interceptors are setup). dlsym,
// for example, calls calloc.
static void *handleEarlyAlloc(uptr size) {
void *mem = (void *)&early_alloc_buf[allocated_bytes];
allocated_bytes += size;
CHECK_LT(allocated_bytes, early_alloc_buf_size);
return mem;
}
INTERCEPTOR(void *, memset, void *dst, int v, uptr size) {
if (!tysan_inited && REAL(memset) == nullptr)
return internal_memset(dst, v, size);
void *res = REAL(memset)(dst, v, size);
tysan_set_type_unknown(dst, size);
return res;
}
INTERCEPTOR(void *, memmove, void *dst, const void *src, uptr size) {
if (!tysan_inited && REAL(memmove) == nullptr)
return internal_memmove(dst, src, size);
void *res = REAL(memmove)(dst, src, size);
tysan_copy_types(dst, src, size);
return res;
}
INTERCEPTOR(void *, memcpy, void *dst, const void *src, uptr size) {
if (!tysan_inited && REAL(memcpy) == nullptr) {
// memmove is used here because on some platforms this will also
// intercept the memmove implementation.
return internal_memmove(dst, src, size);
}
void *res = REAL(memcpy)(dst, src, size);
tysan_copy_types(dst, src, size);
return res;
}
INTERCEPTOR(void *, mmap, void *addr, SIZE_T length, int prot, int flags,
int fd, OFF_T offset) {
void *res = REAL(mmap)(addr, length, prot, flags, fd, offset);
if (res != (void *)-1)
tysan_set_type_unknown(res, RoundUpTo(length, GetPageSize()));
return res;
}
#ifndef SANITIZER_APPLE
INTERCEPTOR(void *, mmap64, void *addr, SIZE_T length, int prot, int flags,
int fd, OFF64_T offset) {
void *res = REAL(mmap64)(addr, length, prot, flags, fd, offset);
if (res != (void *)-1)
tysan_set_type_unknown(res, RoundUpTo(length, GetPageSize()));
return res;
}
#endif
INTERCEPTOR(char *, strdup, const char *s) {
char *res = REAL(strdup)(s);
if (res)
tysan_copy_types(res, const_cast<char *>(s), internal_strlen(s));
return res;
}
#if TYSAN_INTERCEPT___STRDUP
INTERCEPTOR(char *, __strdup, const char *s) {
char *res = REAL(__strdup)(s);
if (res)
tysan_copy_types(res, const_cast<char *>(s), internal_strlen(s));
return res;
}
#endif // TYSAN_INTERCEPT___STRDUP
INTERCEPTOR(void *, malloc, uptr size) {
if (tysan_init_is_running && REAL(malloc) == nullptr)
return handleEarlyAlloc(size);
void *res = REAL(malloc)(size);
if (res)
tysan_set_type_unknown(res, size);
return res;
}
INTERCEPTOR(void *, realloc, void *ptr, uptr size) {
void *res = REAL(realloc)(ptr, size);
// We might want to copy the types from the original allocation (although
// that would require that we knew its size).
if (res)
tysan_set_type_unknown(res, size);
return res;
}
INTERCEPTOR(void *, calloc, uptr nmemb, uptr size) {
if (tysan_init_is_running && REAL(calloc) == nullptr)
return handleEarlyAlloc(nmemb * size);
void *res = REAL(calloc)(nmemb, size);
if (res)
tysan_set_type_unknown(res, nmemb * size);
return res;
}
INTERCEPTOR(void, free, void *p) {
// There are only a few early allocation requests,
// so we simply skip the free.
if (isInEarlyAllocBuf(p))
return;
REAL(free)(p);
}
INTERCEPTOR(void *, valloc, uptr size) {
void *res = REAL(valloc)(size);
if (res)
tysan_set_type_unknown(res, size);
return res;
}
#ifndef SANITIZER_APPLE
INTERCEPTOR(void *, memalign, uptr alignment, uptr size) {
void *res = REAL(memalign)(alignment, size);
if (res)
tysan_set_type_unknown(res, size);
return res;
}
INTERCEPTOR(void *, __libc_memalign, uptr alignment, uptr size) {
void *res = REAL(__libc_memalign)(alignment, size);
if (res)
tysan_set_type_unknown(res, size);
return res;
}
INTERCEPTOR(void *, pvalloc, uptr size) {
void *res = REAL(pvalloc)(size);
if (res)
tysan_set_type_unknown(res, size);
return res;
}
#endif
INTERCEPTOR(void *, aligned_alloc, uptr alignment, uptr size) {
void *res = REAL(aligned_alloc)(alignment, size);
if (res)
tysan_set_type_unknown(res, size);
return res;
}
INTERCEPTOR(int, posix_memalign, void **memptr, uptr alignment, uptr size) {
int res = REAL(posix_memalign)(memptr, alignment, size);
if (res == 0 && *memptr)
tysan_set_type_unknown(*memptr, size);
return res;
}
namespace __tysan {
void InitializeInterceptors() {
static int inited = 0;
CHECK_EQ(inited, 0);
// Instruct libc malloc to consume less memory.
#if SANITIZER_LINUX
mallopt(1, 0); // M_MXFAST
mallopt(-3, 32 * 1024); // M_MMAP_THRESHOLD
#endif
INTERCEPT_FUNCTION(mmap);
INTERCEPT_FUNCTION(mmap64);
INTERCEPT_FUNCTION(strdup);
#if TYSAN_INTERCEPT___STRDUP
INTERCEPT_FUNCTION(__strdup);
#endif
INTERCEPT_FUNCTION(malloc);
INTERCEPT_FUNCTION(calloc);
INTERCEPT_FUNCTION(free);
INTERCEPT_FUNCTION(realloc);
INTERCEPT_FUNCTION(valloc);
INTERCEPT_FUNCTION(memalign);
INTERCEPT_FUNCTION(__libc_memalign);
INTERCEPT_FUNCTION(pvalloc);
INTERCEPT_FUNCTION(aligned_alloc);
INTERCEPT_FUNCTION(posix_memalign);
INTERCEPT_FUNCTION(memset);
INTERCEPT_FUNCTION(memmove);
INTERCEPT_FUNCTION(memcpy);
inited = 1;
}
} // namespace __tysan

compiler-rt/lib/tysan/tysan_platform.h

  • This file was added.
//===------------------------ tysan_platform.h ----------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This file is a part of TypeSanitizer.
//
// Platform specific information for TySan.
//===----------------------------------------------------------------------===//
#ifndef TYSAN_PLATFORM_H
#define TYSAN_PLATFORM_H
namespace __tysan {
#if defined(__x86_64__)
struct Mapping {
static const uptr kShadowAddr = 0x010000000000ull;
static const uptr kAppAddr = 0x550000000000ull;
static const uptr kAppMemMsk = ~0x780000000000ull;
};
#elif defined(__aarch64__)
struct Mapping39 {
static const uptr kShadowAddr = 0x0800000000ull;
static const uptr kAppAddr = 0x5500000000ull;
static const uptr kAppMemMsk = ~0x7800000000ull;
};
struct Mapping42 {
static const uptr kShadowAddr = 0x10000000000ull;
static const uptr kAppAddr = 0x2aa00000000ull;
static const uptr kAppMemMsk = ~0x3c000000000ull;
};
struct Mapping48 {
static const uptr kShadowAddr = 0x0002000000000ull;
static const uptr kAppAddr = 0x0aaaa00000000ull;
static const uptr kAppMemMsk = ~0x0fff800000000ull;
};
#define TYSAN_RUNTIME_VMA 1
#else
#error "TySan not supported for this platform!"
#endif
#if TYSAN_RUNTIME_VMA
extern int vmaSize;
#endif
enum MappingType { MAPPING_SHADOW_ADDR, MAPPING_APP_ADDR, MAPPING_APP_MASK };
template <typename Mapping, int Type> uptr MappingImpl(void) {
switch (Type) {
case MAPPING_SHADOW_ADDR:
return Mapping::kShadowAddr;
case MAPPING_APP_ADDR:
return Mapping::kAppAddr;
case MAPPING_APP_MASK:
return Mapping::kAppMemMsk;
}
}
template <int Type> uptr MappingArchImpl(void) {
#ifdef __aarch64__
switch (vmaSize) {
case 39:
return MappingImpl<Mapping39, Type>();
case 42:
return MappingImpl<Mapping42, Type>();
case 48:
return MappingImpl<Mapping48, Type>();
}
DCHECK(0);
return 0;
#elif defined(__powerpc64__)
if (vmaSize == 44)
return MappingImpl<Mapping44, Type>();
else
return MappingImpl<Mapping46, Type>();
DCHECK(0);
#else
return MappingImpl<Mapping, Type>();
#endif
}
ALWAYS_INLINE
uptr ShadowAddr() { return MappingArchImpl<MAPPING_SHADOW_ADDR>(); }
ALWAYS_INLINE
uptr AppAddr() { return MappingArchImpl<MAPPING_APP_ADDR>(); }
ALWAYS_INLINE
uptr AppMask() { return MappingArchImpl<MAPPING_APP_MASK>(); }
} // namespace __tysan
#endif

compiler-rt/lib/tysan/weak_symbols.txt

  • This file was added.
This is an empty file.

compiler-rt/test/tysan/CMakeLists.txt

  • This file was added.
set(TYSAN_LIT_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR})
set(TYSAN_TESTSUITES)
set(TYSAN_TEST_ARCH ${TYSAN_SUPPORTED_ARCH})
if(APPLE)
darwin_filter_host_archs(TYSAN_SUPPORTED_ARCH TYSAN_TEST_ARCH)
endif()
foreach(arch ${TYSAN_TEST_ARCH})
set(TYSAN_TEST_TARGET_ARCH ${arch})
string(TOLOWER "-${arch}" TYSAN_TEST_CONFIG_SUFFIX)
get_test_cc_for_arch(${arch} TYSAN_TEST_TARGET_CC TYSAN_TEST_TARGET_CFLAGS)
string(TOUPPER ${arch} ARCH_UPPER_CASE)
set(CONFIG_NAME ${ARCH_UPPER_CASE}Config)
configure_lit_site_cfg(
${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.py.in
${CMAKE_CURRENT_BINARY_DIR}/${CONFIG_NAME}/lit.site.cfg.py)
list(APPEND TYSAN_TESTSUITES ${CMAKE_CURRENT_BINARY_DIR}/${CONFIG_NAME})
endforeach()
set(TYSAN_TEST_DEPS ${SANITIZER_COMMON_LIT_TEST_DEPS})
if(NOT COMPILER_RT_STANDALONE_BUILD)
list(APPEND TYSAN_TEST_DEPS tysan)
endif()
add_lit_testsuite(check-tysan "Running the TypeSanitizer tests"
${TYSAN_TESTSUITES}
DEPENDS ${TYSAN_TEST_DEPS}
)
set_target_properties(check-tysan PROPERTIES FOLDER "Compiler-RT Misc")

compiler-rt/test/tysan/anon-ns.cpp

  • This file was added.
// RUN: %clangxx_tysan -O0 %s -c -o %t.o
// RUN: %clangxx_tysan -O0 %s -DPMAIN -c -o %tm.o
// RUN: %clangxx_tysan -O0 %t.o %tm.o -o %t
// RUN: %run %t >%t.out 2>&1
// RUN: FileCheck %s < %t.out
#include <iostream>
// This test demonstrates that the types from anonymous namespaces are
// different in different translation units (while the char* type is the same).
namespace {
struct X {
X(int i, int j) : a(i), b(j) {}
int a;
int b;
};
} // namespace
#ifdef PMAIN
void foo(void *context, int i);
char fbyte(void *context);
int main() {
X x(5, 6);
foo((void *)&x, 8);
std::cout << "fbyte: " << fbyte((void *)&x) << "\n";
}
#else
void foo(void *context, int i) {
X *x = (X *)context;
x->b = i;
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: WRITE of size 4 at {{.*}} with type int (in (anonymous namespace)::X at offset 4) accesses an existing object of type int (in (anonymous namespace)::X at offset 4)
// CHECK: {{#0 0x.* in foo\(void\*, int\) .*anon-ns.cpp:}}[[@LINE-3]]
}
char fbyte(void *context) { return *(char *)context; }
#endif
// CHECK-NOT: ERROR: TypeSanitizer: type-aliasing-violation

compiler-rt/test/tysan/anon-same-struct.c

  • This file was added.
// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
// RUN: FileCheck %s < %t.out
#include <stdio.h>
// The two anonymous structs are structurally identical. As a result, we don't
// report an aliasing violation here.
// CHECK-NOT: ERROR: TypeSanitizer: type-aliasing-violation
typedef struct {
int i1;
} s1;
typedef struct {
int i2;
} s2;
void f(s1 *s1p, s2 *s2p) {
s1p->i1 = 2;
s2p->i2 = 3;
printf("%i\n", s1p->i1);
}
int main() {
s1 s = {.i1 = 1};
f(&s, (s2 *)&s);
}

compiler-rt/test/tysan/anon-struct.c

  • This file was added.
// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
// RUN: FileCheck %s < %t.out
#include <stdio.h>
typedef struct {
int i1, i1b;
} s1;
typedef struct {
int i2, i2b, i2c;
} s2;
void f(s1 *s1p, s2 *s2p) {
s1p->i1 = 2;
s2p->i2 = 3;
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: WRITE of size 4 at {{.*}} with type int (in <anonymous type> at offset 0) accesses an existing object of type int (in <anonymous type> at offset 0)
// CHECK: {{#0 0x.* in f .*anon-struct.c:}}[[@LINE-3]]
printf("%i\n", s1p->i1);
}
int main() {
s1 s = {.i1 = 1, .i1b = 5};
f(&s, (s2 *)&s);
}
// CHECK-NOT: ERROR: TypeSanitizer: type-aliasing-violation

compiler-rt/test/tysan/basic.c

  • This file was added.
// RUN: %clang_tysan -O0 %s -o %t && %run %t 10 >%t.out.0 2>&1
// RUN: FileCheck %s < %t.out.0
// RUN: %clang_tysan -O2 %s -o %t && %run %t 10 >%t.out 2>&1
// RUN: FileCheck %s < %t.out
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void __attribute__((noinline)) add_flt(float *a) {
*a += 2.0f;
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: READ of size 4 at {{.*}} with type float accesses an existing object of type int
// CHECK: {{#0 0x.* in add_flt .*basic.c:}}[[@LINE-3]]
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: WRITE of size 4 at {{.*}} with type float accesses an existing object of type int
// CHECK: {{#0 0x.* in add_flt .*basic.c:}}[[@LINE-6]]
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: READ of size 4 at {{.*}} with type float accesses an existing object of type long
// CHECK: {{#0 0x.* in add_flt .*basic.c:}}[[@LINE-9]]
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: WRITE of size 4 at {{.*}} with type float accesses an existing object of type long
// CHECK: {{#0 0x.* in add_flt .*basic.c:}}[[@LINE-12]]
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: READ of size 4 at {{.*}} with type float accesses part of an existing object of type long that starts at offset -4
// CHECK: {{#0 0x.* in add_flt .*basic.c:}}[[@LINE-15]]
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: WRITE of size 4 at {{.*}} with type float accesses part of an existing object of type long that starts at offset -4
// CHECK: {{#0 0x.* in add_flt .*basic.c:}}[[@LINE-18]]
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: READ of size 4 at {{.*}} with type float partially accesses an object of type short that starts at offset 2
// CHECK: {{#0 0x.* in add_flt .*basic.c:}}[[@LINE-21]]
}
int main(int argc, char *argv[]) {
int x = atoi(argv[1]);
add_flt((float *)&x);
printf("x = %d\n", x);
long y = x;
add_flt((float *)&y);
printf("y = %ld\n", y);
add_flt(((float *)&y) + 1);
printf("y = %ld\n", y);
char *mem = (char *)malloc(4 * sizeof(short));
memset(mem, 0, 4 * sizeof(short));
*(short *)(mem + 2) = x;
add_flt((float *)mem);
short s1 = *(short *)mem;
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: READ of size 2 at {{.*}} with type short accesses an existing object of type float
// CHECK: {{#0 0x.* in main .*basic.c:}}[[@LINE-3]]
short s2 = *(short *)(mem + 2);
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: READ of size 2 at {{.*}} with type short accesses part of an existing object of type float that starts at offset -2
// CHECK: {{#0 0x.* in main .*basic.c:}}[[@LINE-3]]
printf("m[0] = %d, m[1] = %d\n", s1, s2);
free(mem);
return 0;
}
// CHECK-NOT: ERROR: TypeSanitizer: type-aliasing-violation

compiler-rt/test/tysan/char-memcpy.c

  • This file was added.
// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out.0 2>&1
// RUN: FileCheck %s < %t.out.0
// RUN: %clang_tysan -O2 %s -o %t && %run %t >%t.out 2>&1
// RUN: FileCheck %s < %t.out
#include <stdio.h>
// There's no type-based-aliasing violation here: the memcpy is implemented
// using only char* or unsigned char* (both of which may alias anything).
// CHECK-NOT: ERROR: TypeSanitizer: type-aliasing-violation
void my_memcpy_uchar(void *dest, void *src, int n) {
unsigned char *p = dest, *q = src, *end = p + n;
while (p < end)
*p++ = *q++;
}
void my_memcpy_char(void *dest, void *src, int n) {
char *p = dest, *q = src, *end = p + n;
while (p < end)
*p++ = *q++;
}
void test_uchar() {
struct S {
short x;
short *r;
} s = {10, &s.x}, s2;
my_memcpy_uchar(&s2, &s, sizeof(struct S));
printf("%d\n", *(s2.r));
}
void test_char() {
struct S {
short x;
short *r;
} s = {10, &s.x}, s2;
my_memcpy_char(&s2, &s, sizeof(struct S));
printf("%d\n", *(s2.r));
}
int main() {
test_uchar();
test_char();
}

compiler-rt/test/tysan/global.c

  • This file was added.
// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
// RUN: FileCheck %s < %t.out
#include <stdlib.h>
#include <string.h>
float P;
long L;
int main() {
*(int *)&P = 5;
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: WRITE of size 4 at {{.*}} with type int accesses an existing object of type float
// CHECK: {{#0 0x.* in main .*global.c:}}[[@LINE-3]]
void *mem = malloc(sizeof(long));
*(int *)mem = 6;
memcpy(mem, &L, sizeof(L));
*(int *)mem = 8;
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: WRITE of size 4 at {{.*}} with type int accesses an existing object of type long
// CHECK: {{#0 0x.* in main .*global.c:}}[[@LINE-3]]
int r = *(((int *)mem) + 1);
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: READ of size 4 at {{.*}} with type int accesses part of an existing object of type long that starts at offset -4
// CHECK: {{#0 0x.* in main .*global.c:}}[[@LINE-3]]
free(mem);
return r;
}
// CHECK-NOT: ERROR: TypeSanitizer: type-aliasing-violation

compiler-rt/test/tysan/int-long.c

  • This file was added.
// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
// RUN: FileCheck %s < %t.out
#include <stdio.h>
long foo(int *x, long *y) {
*x = 0;
*y = 1;
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: WRITE of size 8 at {{.*}} with type long accesses an existing object of type int
// CHECK: {{#0 0x.* in foo .*int-long.c:}}[[@LINE-3]]
return *x;
}
int main(void) {
long l;
printf("%ld\n", foo((int *)&l, &l));
}
// CHECK-NOT: ERROR: TypeSanitizer: type-aliasing-violation

compiler-rt/test/tysan/lit.cfg.py

  • This file was added.
# -*- Python -*-
import os
import platform
import re
import lit.formats
# Get shlex.quote if available (added in 3.3), and fall back to pipes.quote if
# it's not available.
try:
import shlex
sh_quote = shlex.quote
except:
import pipes
sh_quote = pipes.quote
def get_required_attr(config, attr_name):
attr_value = getattr(config, attr_name, None)
if attr_value == None:
lit_config.fatal(
"No attribute %r in test configuration! You may need to run "
"tests from your build directory or add this attribute "
"to lit.site.cfg.py " % attr_name)
return attr_value
def push_dynamic_library_lookup_path(config, new_path):
if platform.system() == 'Windows':
dynamic_library_lookup_var = 'PATH'
elif platform.system() == 'Darwin':
dynamic_library_lookup_var = 'DYLD_LIBRARY_PATH'
else:
dynamic_library_lookup_var = 'LD_LIBRARY_PATH'
new_ld_library_path = os.path.pathsep.join(
(new_path, config.environment.get(dynamic_library_lookup_var, '')))
config.environment[dynamic_library_lookup_var] = new_ld_library_path
if platform.system() == 'FreeBSD':
dynamic_library_lookup_var = 'LD_32_LIBRARY_PATH'
new_ld_32_library_path = os.path.pathsep.join(
(new_path, config.environment.get(dynamic_library_lookup_var, '')))
config.environment[dynamic_library_lookup_var] = new_ld_32_library_path
if platform.system() == 'SunOS':
dynamic_library_lookup_var = 'LD_LIBRARY_PATH_32'
new_ld_library_path_32 = os.path.pathsep.join(
(new_path, config.environment.get(dynamic_library_lookup_var, '')))
config.environment[dynamic_library_lookup_var] = new_ld_library_path_32
dynamic_library_lookup_var = 'LD_LIBRARY_PATH_64'
new_ld_library_path_64 = os.path.pathsep.join(
(new_path, config.environment.get(dynamic_library_lookup_var, '')))
config.environment[dynamic_library_lookup_var] = new_ld_library_path_64
# Setup config name.
config.name = 'TypeSanitizer' + config.name_suffix
# Platform-specific default TYSAN_OPTIONS for lit tests.
default_tysan_opts = list(config.default_sanitizer_opts)
# On Darwin, leak checking is not enabled by default. Enable on macOS
# tests to prevent regressions
if config.host_os == 'Darwin' and config.apple_platform == 'osx':
default_tysan_opts += ['detect_leaks=1']
default_tysan_opts_str = ':'.join(default_tysan_opts)
if default_tysan_opts_str:
config.environment['TYSAN_OPTIONS'] = default_tysan_opts_str
default_tysan_opts_str += ':'
config.substitutions.append(('%env_tysan_opts=',
'env TYSAN_OPTIONS=' + default_tysan_opts_str))
# Setup source root.
config.test_source_root = os.path.dirname(__file__)
if config.host_os not in ['FreeBSD', 'NetBSD']:
libdl_flag = "-ldl"
else:
libdl_flag = ""
# GCC-ASan doesn't link in all the necessary libraries automatically, so
# we have to do it ourselves.
if config.compiler_id == 'GNU':
extra_link_flags = ["-pthread", "-lstdc++", libdl_flag]
else:
extra_link_flags = []
# Setup default compiler flags used with -fsanitize=address option.
# FIXME: Review the set of required flags and check if it can be reduced.
target_cflags = [get_required_attr(config, "target_cflags")] + extra_link_flags
target_cxxflags = config.cxx_mode_flags + target_cflags
clang_tysan_static_cflags = (["-fsanitize=type",
"-mno-omit-leaf-frame-pointer",
"-fno-omit-frame-pointer",
"-fno-optimize-sibling-calls"] +
config.debug_info_flags + target_cflags)
if config.target_arch == 's390x':
clang_tysan_static_cflags.append("-mbackchain")
clang_tysan_static_cxxflags = config.cxx_mode_flags + clang_tysan_static_cflags
clang_tysan_cflags = clang_tysan_static_cflags
clang_tysan_cxxflags = clang_tysan_static_cxxflags
def build_invocation(compile_flags):
return " " + " ".join([config.clang] + compile_flags) + " "
config.substitutions.append( ("%clang ", build_invocation(target_cflags)) )
config.substitutions.append( ("%clangxx ", build_invocation(target_cxxflags)) )
config.substitutions.append( ("%clang_tysan ", build_invocation(clang_tysan_cflags)) )
config.substitutions.append( ("%clangxx_tysan ", build_invocation(clang_tysan_cxxflags)) )
# FIXME: De-hardcode this path.
tysan_source_dir = os.path.join(
get_required_attr(config, "compiler_rt_src_root"), "lib", "tysan")
python_exec = sh_quote(get_required_attr(config, "python_executable"))
# Set LD_LIBRARY_PATH to pick dynamic runtime up properly.
push_dynamic_library_lookup_path(config, config.compiler_rt_libdir)
# Default test suffixes.
config.suffixes = ['.c', '.cpp']
if config.host_os == 'Darwin':
config.suffixes.append('.mm')
if config.host_os == 'Windows':
config.substitutions.append(('%fPIC', ''))
config.substitutions.append(('%fPIE', ''))
config.substitutions.append(('%pie', ''))
else:
config.substitutions.append(('%fPIC', '-fPIC'))
config.substitutions.append(('%fPIE', '-fPIE'))
config.substitutions.append(('%pie', '-pie'))
# Only run the tests on supported OSs.
if config.host_os not in ['Linux', 'Darwin',]:
config.unsupported = True

compiler-rt/test/tysan/lit.site.cfg.py.in

  • This file was added.
@LIT_SITE_CFG_IN_HEADER@
# Tool-specific config options.
config.name_suffix = "@TYSAN_TEST_CONFIG_SUFFIX@"
config.target_cflags = "@TYSAN_TEST_TARGET_CFLAGS@"
config.clang = "@TYSAN_TEST_TARGET_CC@"
config.bits = "@TYSAN_TEST_BITS@"
config.arm_thumb = "@COMPILER_RT_ARM_THUMB@"
config.apple_platform = "@TYSAN_TEST_APPLE_PLATFORM@"
config.apple_platform_min_deployment_target_flag = "@TYSAN_TEST_MIN_DEPLOYMENT_TARGET_FLAG@"
config.target_arch = "@TYSAN_TEST_TARGET_ARCH@"
# Load common config for all compiler-rt lit tests.
lit_config.load_config(config, "@COMPILER_RT_BINARY_DIR@/test/lit.common.configured")
# Load tool-specific config that would do the real work.
lit_config.load_config(config, "@TYSAN_LIT_SOURCE_DIR@/lit.cfg.py")

compiler-rt/test/tysan/ptr-float.c

  • This file was added.
// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
// RUN: FileCheck %s < %t.out
float *P;
void zero_array() {
int i;
for (i = 0; i < 1; ++i)
P[i] = 0.0f;
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: WRITE of size 4 at {{.*}} with type float accesses an existing object of type any pointer
// CHECK: {{#0 0x.* in zero_array .*ptr-float.c:}}[[@LINE-3]]
}
int main() {
P = (float *)&P;
zero_array();
}
// CHECK-NOT: ERROR: TypeSanitizer: type-aliasing-violation

compiler-rt/test/tysan/struct-offset-multiple-compilation-units.cpp

  • This file was added.
// RUN: %clangxx_tysan -O0 %s -c -o %t.o
// RUN: %clangxx_tysan -O0 %s -DPMAIN -c -o %tm.o
// RUN: %clangxx_tysan -O0 %s -DPINIT -c -o %tinit.o
// RUN: %clangxx_tysan -O0 %t.o %tm.o %tinit.o -o %t
// RUN: %run %t 2>&1 | FileCheck %s
#include <stdio.h>
#include <stdlib.h>
extern "C" {
typedef struct X {
int *start;
int *end;
int i;
} X;
};
#ifdef PMAIN
int foo(struct X *);
void bar(struct X *);
void init(struct X *);
int main() {
struct X x;
init(&x);
printf("%d\n", foo(&x));
free(x.start);
return 0;
}
#elif PINIT
void init(struct X *x) {
x->start = (int *)calloc(100, sizeof(int));
x->end = x->start + 99;
x->i = 0;
}
#else
__attribute__((noinline)) int foo(struct X *x) {
if (x->start < x->end)
return 30;
return 10;
}
void bar(struct X *x) { x->end = NULL; }
#endif
// CHECK-NOT: ERROR: TypeSanitizer: type-aliasing-violation

compiler-rt/test/tysan/struct-offset.c

  • This file was added.
// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
// RUN: FileCheck %s < %t.out
#include <stdio.h>
#include <stdlib.h>
struct X {
int i;
int j;
};
int foo(struct X *p, struct X *q) {
q->j = 1;
p->i = 0;
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: WRITE of size 4 at {{.*}} with type int (in X at offset 0) accesses an existing object of type int (in X at offset 4)
// CHECK: {{#0 0x.* in foo .*struct-offset.c:}}[[@LINE-3]]
return q->j;
}
int main() {
unsigned char *p = malloc(3 * sizeof(int));
printf("%i\n", foo((struct X *)(p + sizeof(int)), (struct X *)p));
}
// CHECK-NOT: ERROR: TypeSanitizer: type-aliasing-violation

compiler-rt/test/tysan/struct.c

  • This file was added.
// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
// RUN: FileCheck %s < %t.out
#include <stdio.h>
typedef struct S1 {
int i1;
} s1;
typedef struct S2 {
int i2;
} s2;
void g(int *i) {
*i = 5;
printf("%i\n", *i);
}
void h(char *c) {
*c = 5;
printf("%i\n", (int)*c);
}
void f(s1 *s1p, s2 *s2p) {
s1p->i1 = 2;
s2p->i2 = 3;
// CHECK: ERROR: TypeSanitizer: type-aliasing-violation
// CHECK: WRITE of size 4 at {{.*}} with type int (in S2 at offset 0) accesses an existing object of type int (in S1 at offset 0)
// CHECK: {{#0 0x.* in f .*struct.c:}}[[@LINE-3]]
printf("%i\n", s1p->i1);
}
int main() {
s1 s = {.i1 = 1};
f(&s, (s2 *)&s);
g(&s.i1);
h((char *)&s.i1);
}
// CHECK-NOT: ERROR: TypeSanitizer: type-aliasing-violation

compiler-rt/test/tysan/union-wr-wr.c

  • This file was added.
// RUN: %clang_tysan -O0 %s -o %t && %run %t >%t.out 2>&1
// RUN: FileCheck %s < %t.out
#include <stdio.h>
// CHECK-NOT: ERROR: TypeSanitizer: type-aliasing-violation
int main() {
union {
int i;
short s;
} u;
u.i = 42;
u.s = 1;
printf("%d\n", u.i);
}