Date: Sun, 22 Feb 2015 22:31:37 +0000 (UTC) From: Dimitry Andric <dim@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r279191 - in projects/clang360-import: contrib/compiler-rt/include/sanitizer contrib/compiler-rt/lib/asan contrib/compiler-rt/lib/asan/scripts contrib/compiler-rt/lib/asan/tests contrib... Message-ID: <201502222231.t1MMVb9C001971@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dim Date: Sun Feb 22 22:31:36 2015 New Revision: 279191 URL: https://svnweb.freebsd.org/changeset/base/279191 Log: Update compiler-rt to trunk r228651. This enables using Address Sanitizer and Undefined Behavior Sanitizer with clang 3.6.0. Added: projects/clang360-import/contrib/compiler-rt/include/sanitizer/coverage_interface.h - copied unchanged from r279189, vendor/compiler-rt/dist/include/sanitizer/coverage_interface.h projects/clang360-import/contrib/compiler-rt/lib/asan/asan_activation_flags.inc - copied unchanged from r279189, vendor/compiler-rt/dist/lib/asan/asan_activation_flags.inc projects/clang360-import/contrib/compiler-rt/lib/asan/asan_allocator.cc - copied unchanged from r279189, vendor/compiler-rt/dist/lib/asan/asan_allocator.cc projects/clang360-import/contrib/compiler-rt/lib/asan/asan_flags.cc - copied unchanged from r279189, vendor/compiler-rt/dist/lib/asan/asan_flags.cc projects/clang360-import/contrib/compiler-rt/lib/asan/asan_flags.inc - copied unchanged from r279189, vendor/compiler-rt/dist/lib/asan/asan_flags.inc projects/clang360-import/contrib/compiler-rt/lib/dfsan/dfsan_flags.inc - copied unchanged from r279189, vendor/compiler-rt/dist/lib/dfsan/dfsan_flags.inc projects/clang360-import/contrib/compiler-rt/lib/lsan/lsan_flags.inc - copied unchanged from r279189, vendor/compiler-rt/dist/lib/lsan/lsan_flags.inc projects/clang360-import/contrib/compiler-rt/lib/msan/msan_flags.inc - copied unchanged from r279189, vendor/compiler-rt/dist/lib/msan/msan_flags.inc projects/clang360-import/contrib/compiler-rt/lib/msan/msan_poisoning.cc - copied unchanged from r279189, vendor/compiler-rt/dist/lib/msan/msan_poisoning.cc projects/clang360-import/contrib/compiler-rt/lib/msan/msan_poisoning.h - copied unchanged from r279189, vendor/compiler-rt/dist/lib/msan/msan_poisoning.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_flag_parser.cc - copied unchanged from r279189, vendor/compiler-rt/dist/lib/sanitizer_common/sanitizer_flag_parser.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_flag_parser.h - copied unchanged from r279189, vendor/compiler-rt/dist/lib/sanitizer_common/sanitizer_flag_parser.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_flags.inc - copied unchanged from r279189, vendor/compiler-rt/dist/lib/sanitizer_common/sanitizer_flags.inc projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_flags.inc - copied unchanged from r279189, vendor/compiler-rt/dist/lib/tsan/rtl/tsan_flags.inc projects/clang360-import/contrib/compiler-rt/lib/ubsan/ubsan_flags.inc - copied unchanged from r279189, vendor/compiler-rt/dist/lib/ubsan/ubsan_flags.inc Deleted: projects/clang360-import/contrib/compiler-rt/lib/asan/asan_allocator2.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/Makefile.old projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/Makefile.old Modified: projects/clang360-import/contrib/compiler-rt/include/sanitizer/asan_interface.h projects/clang360-import/contrib/compiler-rt/include/sanitizer/common_interface_defs.h projects/clang360-import/contrib/compiler-rt/include/sanitizer/msan_interface.h projects/clang360-import/contrib/compiler-rt/lib/asan/asan_activation.cc projects/clang360-import/contrib/compiler-rt/lib/asan/asan_activation.h projects/clang360-import/contrib/compiler-rt/lib/asan/asan_allocator.h projects/clang360-import/contrib/compiler-rt/lib/asan/asan_debugging.cc projects/clang360-import/contrib/compiler-rt/lib/asan/asan_fake_stack.cc projects/clang360-import/contrib/compiler-rt/lib/asan/asan_flags.h projects/clang360-import/contrib/compiler-rt/lib/asan/asan_globals.cc projects/clang360-import/contrib/compiler-rt/lib/asan/asan_init_version.h projects/clang360-import/contrib/compiler-rt/lib/asan/asan_interceptors.cc projects/clang360-import/contrib/compiler-rt/lib/asan/asan_internal.h projects/clang360-import/contrib/compiler-rt/lib/asan/asan_linux.cc projects/clang360-import/contrib/compiler-rt/lib/asan/asan_mac.cc projects/clang360-import/contrib/compiler-rt/lib/asan/asan_malloc_mac.cc projects/clang360-import/contrib/compiler-rt/lib/asan/asan_mapping.h projects/clang360-import/contrib/compiler-rt/lib/asan/asan_poisoning.cc projects/clang360-import/contrib/compiler-rt/lib/asan/asan_poisoning.h projects/clang360-import/contrib/compiler-rt/lib/asan/asan_report.cc projects/clang360-import/contrib/compiler-rt/lib/asan/asan_rtl.cc projects/clang360-import/contrib/compiler-rt/lib/asan/asan_stack.cc projects/clang360-import/contrib/compiler-rt/lib/asan/asan_stack.h projects/clang360-import/contrib/compiler-rt/lib/asan/scripts/asan_device_setup projects/clang360-import/contrib/compiler-rt/lib/asan/scripts/asan_symbolize.py projects/clang360-import/contrib/compiler-rt/lib/asan/tests/asan_interface_test.cc projects/clang360-import/contrib/compiler-rt/lib/asan/tests/asan_noinst_test.cc projects/clang360-import/contrib/compiler-rt/lib/asan/tests/asan_test.cc projects/clang360-import/contrib/compiler-rt/lib/builtins/atomic.c projects/clang360-import/contrib/compiler-rt/lib/builtins/clear_cache.c projects/clang360-import/contrib/compiler-rt/lib/builtins/gcc_personality_v0.c projects/clang360-import/contrib/compiler-rt/lib/builtins/int_types.h projects/clang360-import/contrib/compiler-rt/lib/dfsan/dfsan.cc projects/clang360-import/contrib/compiler-rt/lib/dfsan/dfsan.h projects/clang360-import/contrib/compiler-rt/lib/dfsan/dfsan_custom.cc projects/clang360-import/contrib/compiler-rt/lib/lsan/lsan.cc projects/clang360-import/contrib/compiler-rt/lib/lsan/lsan_allocator.cc projects/clang360-import/contrib/compiler-rt/lib/lsan/lsan_common.cc projects/clang360-import/contrib/compiler-rt/lib/lsan/lsan_common.h projects/clang360-import/contrib/compiler-rt/lib/msan/msan.cc projects/clang360-import/contrib/compiler-rt/lib/msan/msan.h projects/clang360-import/contrib/compiler-rt/lib/msan/msan_allocator.cc projects/clang360-import/contrib/compiler-rt/lib/msan/msan_flags.h projects/clang360-import/contrib/compiler-rt/lib/msan/msan_interceptors.cc projects/clang360-import/contrib/compiler-rt/lib/msan/msan_linux.cc projects/clang360-import/contrib/compiler-rt/lib/msan/msan_report.cc projects/clang360-import/contrib/compiler-rt/lib/msan/msan_thread.cc projects/clang360-import/contrib/compiler-rt/lib/msan/tests/msan_test.cc projects/clang360-import/contrib/compiler-rt/lib/profile/InstrProfilingFile.c projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_allocator.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_allocator.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_allocator_internal.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_common.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_common.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_common_libcdep.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_coverage_libcdep.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_coverage_mapping_libcdep.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_deadlock_detector.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_flags.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_flags.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_internal_defs.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_libc.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_libc.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_linux.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_list.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_mac.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_mutex.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_platform_interceptors.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_platform_limits_posix.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_platform_limits_posix.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_posix.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_quarantine.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_stackdepot.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_stacktrace.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_stacktrace.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_stacktrace_libcdep.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_libbacktrace.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_libbacktrace.h projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_symbolizer_posix_libcdep.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_unwind_posix_libcdep.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/sanitizer_win.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/scripts/check_lint.sh projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/scripts/sancov.py projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/tests/sanitizer_allocator_test.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/tests/sanitizer_deadlock_detector_test.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/tests/sanitizer_flags_test.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/tests/sanitizer_libc_test.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/tests/sanitizer_printf_test.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/tests/sanitizer_procmaps_test.cc projects/clang360-import/contrib/compiler-rt/lib/sanitizer_common/tests/sanitizer_test_utils.h projects/clang360-import/contrib/compiler-rt/lib/tsan/check_analyze.sh projects/clang360-import/contrib/compiler-rt/lib/tsan/dd/dd_rtl.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/go/build.bat projects/clang360-import/contrib/compiler-rt/lib/tsan/go/buildgo.sh projects/clang360-import/contrib/compiler-rt/lib/tsan/go/tsan_go.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_clock.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_defs.h projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_flags.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_flags.h projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_interface.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_interface.h projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_interface_java.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_interface_java.h projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_mman.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_mman.h projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_mutex.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_mutex.h projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_platform.h projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_platform_linux.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_platform_mac.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_rtl.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_rtl.h projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_rtl_report.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/rtl/tsan_rtl_thread.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/tests/rtl/tsan_string.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/tests/unit/tsan_clock_test.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/tests/unit/tsan_mman_test.cc projects/clang360-import/contrib/compiler-rt/lib/tsan/tests/unit/tsan_mutex_test.cc projects/clang360-import/contrib/compiler-rt/lib/ubsan/ubsan_flags.cc projects/clang360-import/contrib/compiler-rt/lib/ubsan/ubsan_flags.h projects/clang360-import/contrib/compiler-rt/lib/ubsan/ubsan_init.cc projects/clang360-import/contrib/compiler-rt/lib/ubsan/ubsan_type_hash.cc projects/clang360-import/lib/libclang_rt/Makefile.inc projects/clang360-import/lib/libclang_rt/asan/Makefile projects/clang360-import/lib/libclang_rt/san/Makefile projects/clang360-import/lib/libcompiler_rt/Makefile Directory Properties: projects/clang360-import/contrib/compiler-rt/ (props changed) Modified: projects/clang360-import/contrib/compiler-rt/include/sanitizer/asan_interface.h ============================================================================== --- projects/clang360-import/contrib/compiler-rt/include/sanitizer/asan_interface.h Sun Feb 22 22:00:53 2015 (r279190) +++ projects/clang360-import/contrib/compiler-rt/include/sanitizer/asan_interface.h Sun Feb 22 22:31:36 2015 (r279191) @@ -114,8 +114,7 @@ extern "C" { // Returns the old value. int __asan_set_error_exit_code(int exit_code); - // Sets the callback to be called right before death on error. - // Passing 0 will unset the callback. + // Deprecated. Call __sanitizer_set_death_callback instead. void __asan_set_death_callback(void (*callback)(void)); void __asan_set_error_report_callback(void (*callback)(const char*)); Modified: projects/clang360-import/contrib/compiler-rt/include/sanitizer/common_interface_defs.h ============================================================================== --- projects/clang360-import/contrib/compiler-rt/include/sanitizer/common_interface_defs.h Sun Feb 22 22:00:53 2015 (r279190) +++ projects/clang360-import/contrib/compiler-rt/include/sanitizer/common_interface_defs.h Sun Feb 22 22:31:36 2015 (r279191) @@ -62,18 +62,6 @@ extern "C" { void __sanitizer_unaligned_store32(void *p, uint32_t x); void __sanitizer_unaligned_store64(void *p, uint64_t x); - // Initialize coverage. - void __sanitizer_cov_init(); - // Record and dump coverage info. - void __sanitizer_cov_dump(); - // Open <name>.sancov.packed in the coverage directory and return the file - // descriptor. Returns -1 on failure, or if coverage dumping is disabled. - // This is intended for use by sandboxing code. - intptr_t __sanitizer_maybe_open_cov_file(const char *name); - // Get the number of total unique covered entities (blocks, edges, calls). - // This can be useful for coverage-directed in-process fuzzers. - uintptr_t __sanitizer_get_total_unique_coverage(); - // Annotate the current state of a contiguous container, such as // std::vector, std::string or similar. // A contiguous container is a container that keeps all of its elements @@ -120,6 +108,9 @@ extern "C" { // Print the stack trace leading to this call. Useful for debugging user code. void __sanitizer_print_stack_trace(); + // Sets the callback to be called right before death on error. + // Passing 0 will unset the callback. + void __sanitizer_set_death_callback(void (*callback)(void)); #ifdef __cplusplus } // extern "C" #endif Copied: projects/clang360-import/contrib/compiler-rt/include/sanitizer/coverage_interface.h (from r279189, vendor/compiler-rt/dist/include/sanitizer/coverage_interface.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/clang360-import/contrib/compiler-rt/include/sanitizer/coverage_interface.h Sun Feb 22 22:31:36 2015 (r279191, copy of r279189, vendor/compiler-rt/dist/include/sanitizer/coverage_interface.h) @@ -0,0 +1,46 @@ +//===-- sanitizer/coverage_interface.h --------------------------*- C++ -*-===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// +// Public interface for sanitizer coverage. +//===----------------------------------------------------------------------===// + +#ifndef SANITIZER_COVERAG_INTERFACE_H +#define SANITIZER_COVERAG_INTERFACE_H + +#include <sanitizer/common_interface_defs.h> + +#ifdef __cplusplus +extern "C" { +#endif + + // Initialize coverage. + void __sanitizer_cov_init(); + // Record and dump coverage info. + void __sanitizer_cov_dump(); + // Open <name>.sancov.packed in the coverage directory and return the file + // descriptor. Returns -1 on failure, or if coverage dumping is disabled. + // This is intended for use by sandboxing code. + intptr_t __sanitizer_maybe_open_cov_file(const char *name); + // Get the number of total unique covered entities (blocks, edges, calls). + // This can be useful for coverage-directed in-process fuzzers. + uintptr_t __sanitizer_get_total_unique_coverage(); + + // Reset the basic-block (edge) coverage to the initial state. + // Useful for in-process fuzzing to start collecting coverage from scratch. + // Experimental, will likely not work for multi-threaded process. + void __sanitizer_reset_coverage(); + // Set *data to the array of covered PCs and return the size of that array. + // Some of the entries in *data will be zero. + uintptr_t __sanitizer_get_coverage_guards(uintptr_t **data); + +#ifdef __cplusplus +} // extern "C" +#endif + +#endif // SANITIZER_COVERAG_INTERFACE_H Modified: projects/clang360-import/contrib/compiler-rt/include/sanitizer/msan_interface.h ============================================================================== --- projects/clang360-import/contrib/compiler-rt/include/sanitizer/msan_interface.h Sun Feb 22 22:00:53 2015 (r279190) +++ projects/clang360-import/contrib/compiler-rt/include/sanitizer/msan_interface.h Sun Feb 22 22:31:36 2015 (r279191) @@ -38,7 +38,9 @@ extern "C" { contents). */ void __msan_unpoison_string(const volatile char *a); - /* Make memory region fully uninitialized (without changing its contents). */ + /* Make memory region fully uninitialized (without changing its contents). + This is a legacy interface that does not update origin information. Use + __msan_allocated_memory() instead. */ void __msan_poison(const volatile void *a, size_t size); /* Make memory region partially uninitialized (without changing its contents). Modified: projects/clang360-import/contrib/compiler-rt/lib/asan/asan_activation.cc ============================================================================== --- projects/clang360-import/contrib/compiler-rt/lib/asan/asan_activation.cc Sun Feb 22 22:00:53 2015 (r279190) +++ projects/clang360-import/contrib/compiler-rt/lib/asan/asan_activation.cc Sun Feb 22 22:31:36 2015 (r279191) @@ -16,40 +16,106 @@ #include "asan_allocator.h" #include "asan_flags.h" #include "asan_internal.h" +#include "asan_poisoning.h" +#include "asan_stack.h" #include "sanitizer_common/sanitizer_flags.h" namespace __asan { static struct AsanDeactivatedFlags { - int quarantine_size; - int max_redzone; + AllocatorOptions allocator_options; int malloc_context_size; bool poison_heap; - bool alloc_dealloc_mismatch; - bool allocator_may_return_null; + bool coverage; + const char *coverage_dir; + + void RegisterActivationFlags(FlagParser *parser, Flags *f, CommonFlags *cf) { +#define ASAN_ACTIVATION_FLAG(Type, Name) \ + RegisterFlag(parser, #Name, "", &f->Name); +#define COMMON_ACTIVATION_FLAG(Type, Name) \ + RegisterFlag(parser, #Name, "", &cf->Name); +#include "asan_activation_flags.inc" +#undef ASAN_ACTIVATION_FLAG +#undef COMMON_ACTIVATION_FLAG + + RegisterIncludeFlag(parser, cf); + } + + void OverrideFromActivationFlags() { + Flags f; + CommonFlags cf; + FlagParser parser; + RegisterActivationFlags(&parser, &f, &cf); + + // Copy the current activation flags. + allocator_options.CopyTo(&f, &cf); + cf.malloc_context_size = malloc_context_size; + f.poison_heap = poison_heap; + cf.coverage = coverage; + cf.coverage_dir = coverage_dir; + cf.verbosity = Verbosity(); + cf.help = false; // this is activation-specific help + + // Check if activation flags need to be overriden. + if (const char *env = GetEnv("ASAN_ACTIVATION_OPTIONS")) { + parser.ParseString(env); + } + + // Override from getprop asan.options. + char buf[100]; + GetExtraActivationFlags(buf, sizeof(buf)); + parser.ParseString(buf); + + SetVerbosity(cf.verbosity); + + if (Verbosity()) ReportUnrecognizedFlags(); + + if (cf.help) parser.PrintFlagDescriptions(); + + allocator_options.SetFrom(&f, &cf); + malloc_context_size = cf.malloc_context_size; + poison_heap = f.poison_heap; + coverage = cf.coverage; + coverage_dir = cf.coverage_dir; + } + + void Print() { + Report( + "quarantine_size_mb %d, max_redzone %d, poison_heap %d, " + "malloc_context_size %d, alloc_dealloc_mismatch %d, " + "allocator_may_return_null %d, coverage %d, coverage_dir %s\n", + allocator_options.quarantine_size_mb, allocator_options.max_redzone, + poison_heap, malloc_context_size, + allocator_options.alloc_dealloc_mismatch, + allocator_options.may_return_null, coverage, coverage_dir); + } } asan_deactivated_flags; static bool asan_is_deactivated; -void AsanStartDeactivated() { +void AsanDeactivate() { + CHECK(!asan_is_deactivated); VReport(1, "Deactivating ASan\n"); - // Save flag values. - asan_deactivated_flags.quarantine_size = flags()->quarantine_size; - asan_deactivated_flags.max_redzone = flags()->max_redzone; - asan_deactivated_flags.poison_heap = flags()->poison_heap; - asan_deactivated_flags.malloc_context_size = - common_flags()->malloc_context_size; - asan_deactivated_flags.alloc_dealloc_mismatch = - flags()->alloc_dealloc_mismatch; - asan_deactivated_flags.allocator_may_return_null = - common_flags()->allocator_may_return_null; - - flags()->quarantine_size = 0; - flags()->max_redzone = 16; - flags()->poison_heap = false; - common_flags()->malloc_context_size = 0; - flags()->alloc_dealloc_mismatch = false; - common_flags()->allocator_may_return_null = true; + + // Stash runtime state. + GetAllocatorOptions(&asan_deactivated_flags.allocator_options); + asan_deactivated_flags.malloc_context_size = GetMallocContextSize(); + asan_deactivated_flags.poison_heap = CanPoisonMemory(); + asan_deactivated_flags.coverage = common_flags()->coverage; + asan_deactivated_flags.coverage_dir = common_flags()->coverage_dir; + + // Deactivate the runtime. + SetCanPoisonMemory(false); + SetMallocContextSize(1); + ReInitializeCoverage(false, nullptr); + + AllocatorOptions disabled = asan_deactivated_flags.allocator_options; + disabled.quarantine_size_mb = 0; + disabled.min_redzone = 16; // Redzone must be at least 16 bytes long. + disabled.max_redzone = 16; + disabled.alloc_dealloc_mismatch = false; + disabled.may_return_null = true; + ReInitializeAllocator(disabled); asan_is_deactivated = true; } @@ -58,31 +124,19 @@ void AsanActivate() { if (!asan_is_deactivated) return; VReport(1, "Activating ASan\n"); - // Restore flag values. - // FIXME: this is not atomic, and there may be other threads alive. - flags()->quarantine_size = asan_deactivated_flags.quarantine_size; - flags()->max_redzone = asan_deactivated_flags.max_redzone; - flags()->poison_heap = asan_deactivated_flags.poison_heap; - common_flags()->malloc_context_size = - asan_deactivated_flags.malloc_context_size; - flags()->alloc_dealloc_mismatch = - asan_deactivated_flags.alloc_dealloc_mismatch; - common_flags()->allocator_may_return_null = - asan_deactivated_flags.allocator_may_return_null; - - ParseExtraActivationFlags(); + asan_deactivated_flags.OverrideFromActivationFlags(); - ReInitializeAllocator(); + SetCanPoisonMemory(asan_deactivated_flags.poison_heap); + SetMallocContextSize(asan_deactivated_flags.malloc_context_size); + ReInitializeCoverage(asan_deactivated_flags.coverage, + asan_deactivated_flags.coverage_dir); + ReInitializeAllocator(asan_deactivated_flags.allocator_options); asan_is_deactivated = false; - VReport( - 1, - "quarantine_size %d, max_redzone %d, poison_heap %d, " - "malloc_context_size %d, alloc_dealloc_mismatch %d, " - "allocator_may_return_null %d\n", - flags()->quarantine_size, flags()->max_redzone, flags()->poison_heap, - common_flags()->malloc_context_size, flags()->alloc_dealloc_mismatch, - common_flags()->allocator_may_return_null); + if (Verbosity()) { + Report("Activated with flags:\n"); + asan_deactivated_flags.Print(); + } } } // namespace __asan Modified: projects/clang360-import/contrib/compiler-rt/lib/asan/asan_activation.h ============================================================================== --- projects/clang360-import/contrib/compiler-rt/lib/asan/asan_activation.h Sun Feb 22 22:00:53 2015 (r279190) +++ projects/clang360-import/contrib/compiler-rt/lib/asan/asan_activation.h Sun Feb 22 22:31:36 2015 (r279191) @@ -16,7 +16,7 @@ #define ASAN_ACTIVATION_H namespace __asan { -void AsanStartDeactivated(); +void AsanDeactivate(); void AsanActivate(); } // namespace __asan Copied: projects/clang360-import/contrib/compiler-rt/lib/asan/asan_activation_flags.inc (from r279189, vendor/compiler-rt/dist/lib/asan/asan_activation_flags.inc) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/clang360-import/contrib/compiler-rt/lib/asan/asan_activation_flags.inc Sun Feb 22 22:31:36 2015 (r279191, copy of r279189, vendor/compiler-rt/dist/lib/asan/asan_activation_flags.inc) @@ -0,0 +1,35 @@ +//===-- asan_activation_flags.inc -------------------------------*- C++ -*-===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// +// A subset of ASan (and common) runtime flags supported at activation time. +// +//===----------------------------------------------------------------------===// +#ifndef ASAN_ACTIVATION_FLAG +# error "Define ASAN_ACTIVATION_FLAG prior to including this file!" +#endif + +#ifndef COMMON_ACTIVATION_FLAG +# error "Define COMMON_ACTIVATION_FLAG prior to including this file!" +#endif + +// ASAN_ACTIVATION_FLAG(Type, Name) +// See COMMON_FLAG in sanitizer_flags.inc for more details. + +ASAN_ACTIVATION_FLAG(int, redzone) +ASAN_ACTIVATION_FLAG(int, max_redzone) +ASAN_ACTIVATION_FLAG(int, quarantine_size_mb) +ASAN_ACTIVATION_FLAG(bool, alloc_dealloc_mismatch) +ASAN_ACTIVATION_FLAG(bool, poison_heap) + +COMMON_ACTIVATION_FLAG(bool, allocator_may_return_null) +COMMON_ACTIVATION_FLAG(int, malloc_context_size) +COMMON_ACTIVATION_FLAG(bool, coverage) +COMMON_ACTIVATION_FLAG(const char *, coverage_dir) +COMMON_ACTIVATION_FLAG(int, verbosity) +COMMON_ACTIVATION_FLAG(bool, help) Copied: projects/clang360-import/contrib/compiler-rt/lib/asan/asan_allocator.cc (from r279189, vendor/compiler-rt/dist/lib/asan/asan_allocator.cc) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/clang360-import/contrib/compiler-rt/lib/asan/asan_allocator.cc Sun Feb 22 22:31:36 2015 (r279191, copy of r279189, vendor/compiler-rt/dist/lib/asan/asan_allocator.cc) @@ -0,0 +1,909 @@ +//===-- asan_allocator.cc -------------------------------------------------===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// +// This file is a part of AddressSanitizer, an address sanity checker. +// +// Implementation of ASan's memory allocator, 2-nd version. +// This variant uses the allocator from sanitizer_common, i.e. the one shared +// with ThreadSanitizer and MemorySanitizer. +// +//===----------------------------------------------------------------------===// +#include "asan_allocator.h" + +#include "asan_mapping.h" +#include "asan_poisoning.h" +#include "asan_report.h" +#include "asan_stack.h" +#include "asan_thread.h" +#include "sanitizer_common/sanitizer_allocator_interface.h" +#include "sanitizer_common/sanitizer_flags.h" +#include "sanitizer_common/sanitizer_internal_defs.h" +#include "sanitizer_common/sanitizer_list.h" +#include "sanitizer_common/sanitizer_stackdepot.h" +#include "sanitizer_common/sanitizer_quarantine.h" +#include "lsan/lsan_common.h" + +namespace __asan { + +// Valid redzone sizes are 16, 32, 64, ... 2048, so we encode them in 3 bits. +// We use adaptive redzones: for larger allocation larger redzones are used. +static u32 RZLog2Size(u32 rz_log) { + CHECK_LT(rz_log, 8); + return 16 << rz_log; +} + +static u32 RZSize2Log(u32 rz_size) { + CHECK_GE(rz_size, 16); + CHECK_LE(rz_size, 2048); + CHECK(IsPowerOfTwo(rz_size)); + u32 res = Log2(rz_size) - 4; + CHECK_EQ(rz_size, RZLog2Size(res)); + return res; +} + +static AsanAllocator &get_allocator(); + +// The memory chunk allocated from the underlying allocator looks like this: +// L L L L L L H H U U U U U U R R +// L -- left redzone words (0 or more bytes) +// H -- ChunkHeader (16 bytes), which is also a part of the left redzone. +// U -- user memory. +// R -- right redzone (0 or more bytes) +// ChunkBase consists of ChunkHeader and other bytes that overlap with user +// memory. + +// If the left redzone is greater than the ChunkHeader size we store a magic +// value in the first uptr word of the memory block and store the address of +// ChunkBase in the next uptr. +// M B L L L L L L L L L H H U U U U U U +// | ^ +// ---------------------| +// M -- magic value kAllocBegMagic +// B -- address of ChunkHeader pointing to the first 'H' +static const uptr kAllocBegMagic = 0xCC6E96B9; + +struct ChunkHeader { + // 1-st 8 bytes. + u32 chunk_state : 8; // Must be first. + u32 alloc_tid : 24; + + u32 free_tid : 24; + u32 from_memalign : 1; + u32 alloc_type : 2; + u32 rz_log : 3; + u32 lsan_tag : 2; + // 2-nd 8 bytes + // This field is used for small sizes. For large sizes it is equal to + // SizeClassMap::kMaxSize and the actual size is stored in the + // SecondaryAllocator's metadata. + u32 user_requested_size; + u32 alloc_context_id; +}; + +struct ChunkBase : ChunkHeader { + // Header2, intersects with user memory. + u32 free_context_id; +}; + +static const uptr kChunkHeaderSize = sizeof(ChunkHeader); +static const uptr kChunkHeader2Size = sizeof(ChunkBase) - kChunkHeaderSize; +COMPILER_CHECK(kChunkHeaderSize == 16); +COMPILER_CHECK(kChunkHeader2Size <= 16); + +// Every chunk of memory allocated by this allocator can be in one of 3 states: +// CHUNK_AVAILABLE: the chunk is in the free list and ready to be allocated. +// CHUNK_ALLOCATED: the chunk is allocated and not yet freed. +// CHUNK_QUARANTINE: the chunk was freed and put into quarantine zone. +enum { + CHUNK_AVAILABLE = 0, // 0 is the default value even if we didn't set it. + CHUNK_ALLOCATED = 2, + CHUNK_QUARANTINE = 3 +}; + +struct AsanChunk: ChunkBase { + uptr Beg() { return reinterpret_cast<uptr>(this) + kChunkHeaderSize; } + uptr UsedSize(bool locked_version = false) { + if (user_requested_size != SizeClassMap::kMaxSize) + return user_requested_size; + return *reinterpret_cast<uptr *>( + get_allocator().GetMetaData(AllocBeg(locked_version))); + } + void *AllocBeg(bool locked_version = false) { + if (from_memalign) { + if (locked_version) + return get_allocator().GetBlockBeginFastLocked( + reinterpret_cast<void *>(this)); + return get_allocator().GetBlockBegin(reinterpret_cast<void *>(this)); + } + return reinterpret_cast<void*>(Beg() - RZLog2Size(rz_log)); + } + bool AddrIsInside(uptr addr, bool locked_version = false) { + return (addr >= Beg()) && (addr < Beg() + UsedSize(locked_version)); + } +}; + +struct QuarantineCallback { + explicit QuarantineCallback(AllocatorCache *cache) + : cache_(cache) { + } + + void Recycle(AsanChunk *m) { + CHECK_EQ(m->chunk_state, CHUNK_QUARANTINE); + atomic_store((atomic_uint8_t*)m, CHUNK_AVAILABLE, memory_order_relaxed); + CHECK_NE(m->alloc_tid, kInvalidTid); + CHECK_NE(m->free_tid, kInvalidTid); + PoisonShadow(m->Beg(), + RoundUpTo(m->UsedSize(), SHADOW_GRANULARITY), + kAsanHeapLeftRedzoneMagic); + void *p = reinterpret_cast<void *>(m->AllocBeg()); + if (p != m) { + uptr *alloc_magic = reinterpret_cast<uptr *>(p); + CHECK_EQ(alloc_magic[0], kAllocBegMagic); + // Clear the magic value, as allocator internals may overwrite the + // contents of deallocated chunk, confusing GetAsanChunk lookup. + alloc_magic[0] = 0; + CHECK_EQ(alloc_magic[1], reinterpret_cast<uptr>(m)); + } + + // Statistics. + AsanStats &thread_stats = GetCurrentThreadStats(); + thread_stats.real_frees++; + thread_stats.really_freed += m->UsedSize(); + + get_allocator().Deallocate(cache_, p); + } + + void *Allocate(uptr size) { + return get_allocator().Allocate(cache_, size, 1, false); + } + + void Deallocate(void *p) { + get_allocator().Deallocate(cache_, p); + } + + AllocatorCache *cache_; +}; + +typedef Quarantine<QuarantineCallback, AsanChunk> AsanQuarantine; +typedef AsanQuarantine::Cache QuarantineCache; + +void AsanMapUnmapCallback::OnMap(uptr p, uptr size) const { + PoisonShadow(p, size, kAsanHeapLeftRedzoneMagic); + // Statistics. + AsanStats &thread_stats = GetCurrentThreadStats(); + thread_stats.mmaps++; + thread_stats.mmaped += size; +} +void AsanMapUnmapCallback::OnUnmap(uptr p, uptr size) const { + PoisonShadow(p, size, 0); + // We are about to unmap a chunk of user memory. + // Mark the corresponding shadow memory as not needed. + FlushUnneededASanShadowMemory(p, size); + // Statistics. + AsanStats &thread_stats = GetCurrentThreadStats(); + thread_stats.munmaps++; + thread_stats.munmaped += size; +} + +// We can not use THREADLOCAL because it is not supported on some of the +// platforms we care about (OSX 10.6, Android). +// static THREADLOCAL AllocatorCache cache; +AllocatorCache *GetAllocatorCache(AsanThreadLocalMallocStorage *ms) { + CHECK(ms); + return &ms->allocator_cache; +} + +QuarantineCache *GetQuarantineCache(AsanThreadLocalMallocStorage *ms) { + CHECK(ms); + CHECK_LE(sizeof(QuarantineCache), sizeof(ms->quarantine_cache)); + return reinterpret_cast<QuarantineCache *>(ms->quarantine_cache); +} + +void AllocatorOptions::SetFrom(const Flags *f, const CommonFlags *cf) { + quarantine_size_mb = f->quarantine_size_mb; + min_redzone = f->redzone; + max_redzone = f->max_redzone; + may_return_null = cf->allocator_may_return_null; + alloc_dealloc_mismatch = f->alloc_dealloc_mismatch; +} + +void AllocatorOptions::CopyTo(Flags *f, CommonFlags *cf) { + f->quarantine_size_mb = quarantine_size_mb; + f->redzone = min_redzone; + f->max_redzone = max_redzone; + cf->allocator_may_return_null = may_return_null; + f->alloc_dealloc_mismatch = alloc_dealloc_mismatch; +} + +struct Allocator { + static const uptr kMaxAllowedMallocSize = + FIRST_32_SECOND_64(3UL << 30, 64UL << 30); + static const uptr kMaxThreadLocalQuarantine = + FIRST_32_SECOND_64(1 << 18, 1 << 20); + + AsanAllocator allocator; + AsanQuarantine quarantine; + StaticSpinMutex fallback_mutex; + AllocatorCache fallback_allocator_cache; + QuarantineCache fallback_quarantine_cache; + + // ------------------- Options -------------------------- + atomic_uint16_t min_redzone; + atomic_uint16_t max_redzone; + atomic_uint8_t alloc_dealloc_mismatch; + + // ------------------- Initialization ------------------------ + explicit Allocator(LinkerInitialized) + : quarantine(LINKER_INITIALIZED), + fallback_quarantine_cache(LINKER_INITIALIZED) {} + + void CheckOptions(const AllocatorOptions &options) const { + CHECK_GE(options.min_redzone, 16); + CHECK_GE(options.max_redzone, options.min_redzone); + CHECK_LE(options.max_redzone, 2048); + CHECK(IsPowerOfTwo(options.min_redzone)); + CHECK(IsPowerOfTwo(options.max_redzone)); + } + + void SharedInitCode(const AllocatorOptions &options) { + CheckOptions(options); + quarantine.Init((uptr)options.quarantine_size_mb << 20, + kMaxThreadLocalQuarantine); + atomic_store(&alloc_dealloc_mismatch, options.alloc_dealloc_mismatch, + memory_order_release); + atomic_store(&min_redzone, options.min_redzone, memory_order_release); + atomic_store(&max_redzone, options.max_redzone, memory_order_release); + } + + void Initialize(const AllocatorOptions &options) { + allocator.Init(options.may_return_null); + SharedInitCode(options); + } + + void ReInitialize(const AllocatorOptions &options) { + allocator.SetMayReturnNull(options.may_return_null); + SharedInitCode(options); + } + + void GetOptions(AllocatorOptions *options) const { + options->quarantine_size_mb = quarantine.GetSize() >> 20; + options->min_redzone = atomic_load(&min_redzone, memory_order_acquire); + options->max_redzone = atomic_load(&max_redzone, memory_order_acquire); + options->may_return_null = allocator.MayReturnNull(); + options->alloc_dealloc_mismatch = + atomic_load(&alloc_dealloc_mismatch, memory_order_acquire); + } + + // -------------------- Helper methods. ------------------------- + uptr ComputeRZLog(uptr user_requested_size) { + u32 rz_log = + user_requested_size <= 64 - 16 ? 0 : + user_requested_size <= 128 - 32 ? 1 : + user_requested_size <= 512 - 64 ? 2 : + user_requested_size <= 4096 - 128 ? 3 : + user_requested_size <= (1 << 14) - 256 ? 4 : + user_requested_size <= (1 << 15) - 512 ? 5 : + user_requested_size <= (1 << 16) - 1024 ? 6 : 7; + u32 min_rz = atomic_load(&min_redzone, memory_order_acquire); + u32 max_rz = atomic_load(&max_redzone, memory_order_acquire); + return Min(Max(rz_log, RZSize2Log(min_rz)), RZSize2Log(max_rz)); + } + + // We have an address between two chunks, and we want to report just one. + AsanChunk *ChooseChunk(uptr addr, AsanChunk *left_chunk, + AsanChunk *right_chunk) { + // Prefer an allocated chunk over freed chunk and freed chunk + // over available chunk. + if (left_chunk->chunk_state != right_chunk->chunk_state) { + if (left_chunk->chunk_state == CHUNK_ALLOCATED) + return left_chunk; + if (right_chunk->chunk_state == CHUNK_ALLOCATED) + return right_chunk; + if (left_chunk->chunk_state == CHUNK_QUARANTINE) + return left_chunk; + if (right_chunk->chunk_state == CHUNK_QUARANTINE) + return right_chunk; + } + // Same chunk_state: choose based on offset. + sptr l_offset = 0, r_offset = 0; + CHECK(AsanChunkView(left_chunk).AddrIsAtRight(addr, 1, &l_offset)); + CHECK(AsanChunkView(right_chunk).AddrIsAtLeft(addr, 1, &r_offset)); + if (l_offset < r_offset) + return left_chunk; + return right_chunk; + } + + // -------------------- Allocation/Deallocation routines --------------- + void *Allocate(uptr size, uptr alignment, BufferedStackTrace *stack, + AllocType alloc_type, bool can_fill) { + if (UNLIKELY(!asan_inited)) + AsanInitFromRtl(); + Flags &fl = *flags(); + CHECK(stack); + const uptr min_alignment = SHADOW_GRANULARITY; + if (alignment < min_alignment) + alignment = min_alignment; + if (size == 0) { + // We'd be happy to avoid allocating memory for zero-size requests, but + // some programs/tests depend on this behavior and assume that malloc + // would not return NULL even for zero-size allocations. Moreover, it + // looks like operator new should never return NULL, and results of + // consecutive "new" calls must be different even if the allocated size + // is zero. + size = 1; + } + CHECK(IsPowerOfTwo(alignment)); + uptr rz_log = ComputeRZLog(size); + uptr rz_size = RZLog2Size(rz_log); + uptr rounded_size = RoundUpTo(Max(size, kChunkHeader2Size), alignment); + uptr needed_size = rounded_size + rz_size; + if (alignment > min_alignment) + needed_size += alignment; + bool using_primary_allocator = true; + // If we are allocating from the secondary allocator, there will be no + // automatic right redzone, so add the right redzone manually. + if (!PrimaryAllocator::CanAllocate(needed_size, alignment)) { + needed_size += rz_size; + using_primary_allocator = false; + } + CHECK(IsAligned(needed_size, min_alignment)); + if (size > kMaxAllowedMallocSize || needed_size > kMaxAllowedMallocSize) { + Report("WARNING: AddressSanitizer failed to allocate %p bytes\n", + (void*)size); + return allocator.ReturnNullOrDie(); + } + + AsanThread *t = GetCurrentThread(); + void *allocated; + bool check_rss_limit = true; + if (t) { + AllocatorCache *cache = GetAllocatorCache(&t->malloc_storage()); + allocated = + allocator.Allocate(cache, needed_size, 8, false, check_rss_limit); + } else { + SpinMutexLock l(&fallback_mutex); + AllocatorCache *cache = &fallback_allocator_cache; + allocated = + allocator.Allocate(cache, needed_size, 8, false, check_rss_limit); + } + + if (!allocated) + return allocator.ReturnNullOrDie(); + + if (*(u8 *)MEM_TO_SHADOW((uptr)allocated) == 0 && CanPoisonMemory()) { + // Heap poisoning is enabled, but the allocator provides an unpoisoned + // chunk. This is possible if CanPoisonMemory() was false for some + // time, for example, due to flags()->start_disabled. + // Anyway, poison the block before using it for anything else. + uptr allocated_size = allocator.GetActuallyAllocatedSize(allocated); + PoisonShadow((uptr)allocated, allocated_size, kAsanHeapLeftRedzoneMagic); + } + + uptr alloc_beg = reinterpret_cast<uptr>(allocated); + uptr alloc_end = alloc_beg + needed_size; + uptr beg_plus_redzone = alloc_beg + rz_size; + uptr user_beg = beg_plus_redzone; + if (!IsAligned(user_beg, alignment)) + user_beg = RoundUpTo(user_beg, alignment); + uptr user_end = user_beg + size; + CHECK_LE(user_end, alloc_end); + uptr chunk_beg = user_beg - kChunkHeaderSize; + AsanChunk *m = reinterpret_cast<AsanChunk *>(chunk_beg); + m->alloc_type = alloc_type; + m->rz_log = rz_log; + u32 alloc_tid = t ? t->tid() : 0; + m->alloc_tid = alloc_tid; + CHECK_EQ(alloc_tid, m->alloc_tid); // Does alloc_tid fit into the bitfield? + m->free_tid = kInvalidTid; + m->from_memalign = user_beg != beg_plus_redzone; + if (alloc_beg != chunk_beg) { + CHECK_LE(alloc_beg+ 2 * sizeof(uptr), chunk_beg); + reinterpret_cast<uptr *>(alloc_beg)[0] = kAllocBegMagic; + reinterpret_cast<uptr *>(alloc_beg)[1] = chunk_beg; + } + if (using_primary_allocator) { + CHECK(size); + m->user_requested_size = size; + CHECK(allocator.FromPrimary(allocated)); + } else { + CHECK(!allocator.FromPrimary(allocated)); + m->user_requested_size = SizeClassMap::kMaxSize; + uptr *meta = reinterpret_cast<uptr *>(allocator.GetMetaData(allocated)); + meta[0] = size; + meta[1] = chunk_beg; + } + + m->alloc_context_id = StackDepotPut(*stack); + + uptr size_rounded_down_to_granularity = + RoundDownTo(size, SHADOW_GRANULARITY); + // Unpoison the bulk of the memory region. + if (size_rounded_down_to_granularity) + PoisonShadow(user_beg, size_rounded_down_to_granularity, 0); + // Deal with the end of the region if size is not aligned to granularity. + if (size != size_rounded_down_to_granularity && CanPoisonMemory()) { + u8 *shadow = + (u8 *)MemToShadow(user_beg + size_rounded_down_to_granularity); + *shadow = fl.poison_partial ? (size & (SHADOW_GRANULARITY - 1)) : 0; + } + + AsanStats &thread_stats = GetCurrentThreadStats(); + thread_stats.mallocs++; + thread_stats.malloced += size; + thread_stats.malloced_redzones += needed_size - size; + uptr class_id = + Min(kNumberOfSizeClasses, SizeClassMap::ClassID(needed_size)); + thread_stats.malloced_by_size[class_id]++; + if (needed_size > SizeClassMap::kMaxSize) + thread_stats.malloc_large++; + + void *res = reinterpret_cast<void *>(user_beg); + if (can_fill && fl.max_malloc_fill_size) { + uptr fill_size = Min(size, (uptr)fl.max_malloc_fill_size); + REAL(memset)(res, fl.malloc_fill_byte, fill_size); + } +#if CAN_SANITIZE_LEAKS + m->lsan_tag = __lsan::DisabledInThisThread() ? __lsan::kIgnored + : __lsan::kDirectlyLeaked; +#endif + // Must be the last mutation of metadata in this function. + atomic_store((atomic_uint8_t *)m, CHUNK_ALLOCATED, memory_order_release); + ASAN_MALLOC_HOOK(res, size); + return res; + } + + void AtomicallySetQuarantineFlag(AsanChunk *m, void *ptr, + BufferedStackTrace *stack) { + u8 old_chunk_state = CHUNK_ALLOCATED; + // Flip the chunk_state atomically to avoid race on double-free. + if (!atomic_compare_exchange_strong((atomic_uint8_t*)m, &old_chunk_state, + CHUNK_QUARANTINE, memory_order_acquire)) + ReportInvalidFree(ptr, old_chunk_state, stack); + CHECK_EQ(CHUNK_ALLOCATED, old_chunk_state); + } + + // Expects the chunk to already be marked as quarantined by using + // AtomicallySetQuarantineFlag. + void QuarantineChunk(AsanChunk *m, void *ptr, BufferedStackTrace *stack, + AllocType alloc_type) { + CHECK_EQ(m->chunk_state, CHUNK_QUARANTINE); + + if (m->alloc_type != alloc_type) { + if (atomic_load(&alloc_dealloc_mismatch, memory_order_acquire)) { + ReportAllocTypeMismatch((uptr)ptr, stack, (AllocType)m->alloc_type, + (AllocType)alloc_type); + } + } + + CHECK_GE(m->alloc_tid, 0); + if (SANITIZER_WORDSIZE == 64) // On 32-bits this resides in user area. + CHECK_EQ(m->free_tid, kInvalidTid); + AsanThread *t = GetCurrentThread(); + m->free_tid = t ? t->tid() : 0; + m->free_context_id = StackDepotPut(*stack); + // Poison the region. + PoisonShadow(m->Beg(), + RoundUpTo(m->UsedSize(), SHADOW_GRANULARITY), + kAsanHeapFreeMagic); + + AsanStats &thread_stats = GetCurrentThreadStats(); + thread_stats.frees++; + thread_stats.freed += m->UsedSize(); + + // Push into quarantine. + if (t) { + AsanThreadLocalMallocStorage *ms = &t->malloc_storage(); + AllocatorCache *ac = GetAllocatorCache(ms); + quarantine.Put(GetQuarantineCache(ms), QuarantineCallback(ac), m, + m->UsedSize()); + } else { + SpinMutexLock l(&fallback_mutex); + AllocatorCache *ac = &fallback_allocator_cache; + quarantine.Put(&fallback_quarantine_cache, QuarantineCallback(ac), m, + m->UsedSize()); + } + } + + void Deallocate(void *ptr, uptr delete_size, BufferedStackTrace *stack, + AllocType alloc_type) { + uptr p = reinterpret_cast<uptr>(ptr); + if (p == 0) return; + + uptr chunk_beg = p - kChunkHeaderSize; + AsanChunk *m = reinterpret_cast<AsanChunk *>(chunk_beg); + if (delete_size && flags()->new_delete_type_mismatch && + delete_size != m->UsedSize()) { + ReportNewDeleteSizeMismatch(p, delete_size, stack); + } + ASAN_FREE_HOOK(ptr); + // Must mark the chunk as quarantined before any changes to its metadata. + AtomicallySetQuarantineFlag(m, ptr, stack); + QuarantineChunk(m, ptr, stack, alloc_type); + } + + void *Reallocate(void *old_ptr, uptr new_size, BufferedStackTrace *stack) { + CHECK(old_ptr && new_size); + uptr p = reinterpret_cast<uptr>(old_ptr); + uptr chunk_beg = p - kChunkHeaderSize; + AsanChunk *m = reinterpret_cast<AsanChunk *>(chunk_beg); + + AsanStats &thread_stats = GetCurrentThreadStats(); + thread_stats.reallocs++; + thread_stats.realloced += new_size; + + void *new_ptr = Allocate(new_size, 8, stack, FROM_MALLOC, true); + if (new_ptr) { + u8 chunk_state = m->chunk_state; + if (chunk_state != CHUNK_ALLOCATED) + ReportInvalidFree(old_ptr, chunk_state, stack); + CHECK_NE(REAL(memcpy), (void*)0); + uptr memcpy_size = Min(new_size, m->UsedSize()); + // If realloc() races with free(), we may start copying freed memory. + // However, we will report racy double-free later anyway. + REAL(memcpy)(new_ptr, old_ptr, memcpy_size); + Deallocate(old_ptr, 0, stack, FROM_MALLOC); + } + return new_ptr; + } + + void *Calloc(uptr nmemb, uptr size, BufferedStackTrace *stack) { + if (CallocShouldReturnNullDueToOverflow(size, nmemb)) + return allocator.ReturnNullOrDie(); + void *ptr = Allocate(nmemb * size, 8, stack, FROM_MALLOC, false); + // If the memory comes from the secondary allocator no need to clear it + // as it comes directly from mmap. + if (ptr && allocator.FromPrimary(ptr)) + REAL(memset)(ptr, 0, nmemb * size); + return ptr; + } + + void ReportInvalidFree(void *ptr, u8 chunk_state, BufferedStackTrace *stack) { + if (chunk_state == CHUNK_QUARANTINE) + ReportDoubleFree((uptr)ptr, stack); + else + ReportFreeNotMalloced((uptr)ptr, stack); + } + + void CommitBack(AsanThreadLocalMallocStorage *ms) { + AllocatorCache *ac = GetAllocatorCache(ms); + quarantine.Drain(GetQuarantineCache(ms), QuarantineCallback(ac)); + allocator.SwallowCache(ac); + } + + // -------------------------- Chunk lookup ---------------------- + + // Assumes alloc_beg == allocator.GetBlockBegin(alloc_beg). + AsanChunk *GetAsanChunk(void *alloc_beg) { + if (!alloc_beg) return 0; + if (!allocator.FromPrimary(alloc_beg)) { + uptr *meta = reinterpret_cast<uptr *>(allocator.GetMetaData(alloc_beg)); + AsanChunk *m = reinterpret_cast<AsanChunk *>(meta[1]); + return m; + } + uptr *alloc_magic = reinterpret_cast<uptr *>(alloc_beg); + if (alloc_magic[0] == kAllocBegMagic) + return reinterpret_cast<AsanChunk *>(alloc_magic[1]); + return reinterpret_cast<AsanChunk *>(alloc_beg); + } + + AsanChunk *GetAsanChunkByAddr(uptr p) { + void *alloc_beg = allocator.GetBlockBegin(reinterpret_cast<void *>(p)); + return GetAsanChunk(alloc_beg); + } + + // Allocator must be locked when this function is called. + AsanChunk *GetAsanChunkByAddrFastLocked(uptr p) { + void *alloc_beg = + allocator.GetBlockBeginFastLocked(reinterpret_cast<void *>(p)); + return GetAsanChunk(alloc_beg); + } + + uptr AllocationSize(uptr p) { + AsanChunk *m = GetAsanChunkByAddr(p); + if (!m) return 0; + if (m->chunk_state != CHUNK_ALLOCATED) return 0; + if (m->Beg() != p) return 0; + return m->UsedSize(); + } + + AsanChunkView FindHeapChunkByAddress(uptr addr) { + AsanChunk *m1 = GetAsanChunkByAddr(addr); + if (!m1) return AsanChunkView(m1); + sptr offset = 0; + if (AsanChunkView(m1).AddrIsAtLeft(addr, 1, &offset)) { + // The address is in the chunk's left redzone, so maybe it is actually + // a right buffer overflow from the other chunk to the left. + // Search a bit to the left to see if there is another chunk. + AsanChunk *m2 = 0; + for (uptr l = 1; l < GetPageSizeCached(); l++) { + m2 = GetAsanChunkByAddr(addr - l); + if (m2 == m1) continue; // Still the same chunk. + break; + } + if (m2 && AsanChunkView(m2).AddrIsAtRight(addr, 1, &offset)) + m1 = ChooseChunk(addr, m2, m1); + } + return AsanChunkView(m1); + } + + void PrintStats() { + allocator.PrintStats(); + } + + void ForceLock() { + allocator.ForceLock(); + fallback_mutex.Lock(); + } + + void ForceUnlock() { + fallback_mutex.Unlock(); + allocator.ForceUnlock(); + } +}; + +static Allocator instance(LINKER_INITIALIZED); + +static AsanAllocator &get_allocator() { + return instance.allocator; +} + +bool AsanChunkView::IsValid() { + return chunk_ != 0 && chunk_->chunk_state != CHUNK_AVAILABLE; +} +uptr AsanChunkView::Beg() { return chunk_->Beg(); } +uptr AsanChunkView::End() { return Beg() + UsedSize(); } +uptr AsanChunkView::UsedSize() { return chunk_->UsedSize(); } +uptr AsanChunkView::AllocTid() { return chunk_->alloc_tid; } +uptr AsanChunkView::FreeTid() { return chunk_->free_tid; } + +static StackTrace GetStackTraceFromId(u32 id) { + CHECK(id); + StackTrace res = StackDepotGet(id); + CHECK(res.trace); + return res; +} *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502222231.t1MMVb9C001971>