Yep. Ubsan does not detect potential overflows, it detects actual overflows as they happen. The problem is real.

Won't that just make the tests pass, but keep potential integer overflows (UB) in the compiler? Sounds suboptimal.

This change causes ubsan failures due to integer overflow, see https://lab.llvm.org/buildbot/#/builders/5/builds/25185

LGTM

The leaks are still there, reverting.

Could you add a test?

LGTM, this is great!

LGTM

LGTM

LGTM

LGTM

LGTM

I don't have a lot of arguments either way, do you?
Ignorelist support is one for the new sanitizer type.

LGTM

LGTM

You can llvm-objdump --dwarf=frames a .o file.

In D127007#3562002, @fmayer wrote:

In D127007#3561986, @eugenis wrote:

Should we have a test for the augmentation string, through llvm-readelf?

We have that test the follow-up CL that does the change to lld (as requested to be split by MaskRay).

Should we have a test for the augmentation string, through llvm-readelf?

Typo: "runttime"

The interceptor (dn_expand) is only defined on linux && !android, while this code links libresolv on *bsd and others, too. I think it's ok, as long as all platforms with the interceptor are covered.

We should also add -lresolv to tools::linkSanitizerRuntimeDeps if we are now intercepting functions from there.
Libresolv is part of libc.so on android.

Seems fine to me, if fstatat64 is indeed the canonical syscall on sparc.

In D124212#3509846, @glaubitz wrote:

In D124212#3509781, @jrtc27 wrote:

There's a lot of really quite wonky whitespace reformatting in this diff

FWIW, I have already a draft for fixing this. Will create a revision tomorrow.

EDIT: I mean the build failure on sparc64 ;).

We've had enough problems with fixed mapping that I prefer dynamic shadow address for anything going forward. Also, fixed mapping address becomes an ABI constant, which causes issues with prebuilt libraries.

There is a range of addresses where the kernel may place the main executable. It has been extended once in the past (ASLR). ASan mapping is a compile-time constant, so it must work with any location within that range. I suspect that for QEMU this range may be different.

LGTM

LGTM

LGTM

LGTM

The approach looks fine. Should we also put a <html></html> pair around the output, or do you want to treat it as a snippet?

This script is starting to get complex. Perhaps we should write tests?

LGTM

I've always viewed the current implementation as a hack, and believed this data should live in debug info.

In D124212#3485433, @uweigand wrote:

(As an aside, what is the reason for not just using the fork syscall anyway? I thought fork should be completely equivalent to clone with the termination signal set to SIGCHLD and no other flags?)

Fix internal_fork on s390.

The mappings are defined such that the address range where the kernel might place the main executable image do not overlap with the shadow region. This can be different in qemu.

Thanks! I'll update the patch later. Apparently there is like 5 different signatures...

Thanks. Ulrich, could you help me with the s390 failures? I can reland with a #define SANITIZER_USES_CANONICAL_LINUX_SYSCALLS !SANITIZER_S390 for now, but it would be great to remove the non-canonical code path completely.

.

address comments

address comments

Mild preference for !defined(__ILP32__).
LGTM

Sorry, I did not mean that I was going to implement it.

LGTM, but would it be more idiomatic to check for the _ILP32 macro?

I still think that my proposal in the comment above is way better than adding an ABI-breaking compiler flag.

This breaks ubsan on the bot:

android_compile script is confused by -emit-llvm it looks like. I'd just remove the IR checks from the test.

LGTM w/ nits

Generally, there is no way to tell the target page size in advance. And there is no need for that, too - just untie this value from the page size instead, and fix the munmap issue in the runtime library by up/down aligning the bounds to the runtime page size. You can also increase the default / minimal ring buffer size at runtime to be a multiple of the page size.

LGTM

Could you clarify that the problem is specifically with byval argument in the patch description?

LGTM

LGTM

LGTM

LGTM

LGTM

LGTM

LGTM

LGTM, nice!

• Do you need per-object marking that a linker will aggregate? For example do you enable when at least one object needs MTE, or do you need all objects to be compatible with MTE? A per object marking that can be overridden at link time will give you a chance to diagnose objects that may not have the MTE support. It can help to have an assembler option to fabricate the note if objects are used.

The ELF note is coupled with the executable, not the DSOs, and thus the executable decides what MTE options are enabled. In future, there will be a per-DSO progbits section for MTE global descriptors, but these progbits sections will be ignored if the main executable doesn't include the MTE ELF note. And, of course, MTE stack is enabled on a per-CU level.

Add a comment at the top for ease of understanding. Something like "Test that storage for allocas with disjoint lifetimes is reused with or without stack tagging"

The concept of memtag is not android specific, but the current implementation is. It might grow support for other OS targets in the future.

LGTM

LGTM

LGTM

LGTM

LGTM

LGTM

LGTM

TBH I'm on the fence about whether poison-at-lifetime is an optimization vs "core functionality", but lets go with this change. The important part is not to run the analysis when the function does not have the attribute (that's what the *-pipeline tests check).

Change LGTM but the description does not make any sense to me.