diff options
author | dim <dim@FreeBSD.org> | 2016-02-06 13:39:20 +0000 |
---|---|---|
committer | dim <dim@FreeBSD.org> | 2016-02-06 13:39:20 +0000 |
commit | 9c27ec33f2c82fe6c60c9c375a88f96a1e10a6a2 (patch) | |
tree | 4efb8604227ede935238eb1c67b626da1265d459 /contrib/compiler-rt/include | |
parent | aef1771e36f9842a113b9905d0d5926fe9d694aa (diff) | |
parent | 75958af7df18c2ae942829da1a8cf3b5bbcaeff6 (diff) | |
download | FreeBSD-src-9c27ec33f2c82fe6c60c9c375a88f96a1e10a6a2.zip FreeBSD-src-9c27ec33f2c82fe6c60c9c375a88f96a1e10a6a2.tar.gz |
Merge compiler-rt release_38 branch r258968.
Note that there is still a problem on amd64, causing SIGBUS in the early
startup of Address Sanitizer. This is being investigated.
Diffstat (limited to 'contrib/compiler-rt/include')
6 files changed, 44 insertions, 14 deletions
diff --git a/contrib/compiler-rt/include/sanitizer/asan_interface.h b/contrib/compiler-rt/include/sanitizer/asan_interface.h index 7763389..97ba0ce 100644 --- a/contrib/compiler-rt/include/sanitizer/asan_interface.h +++ b/contrib/compiler-rt/include/sanitizer/asan_interface.h @@ -110,10 +110,6 @@ extern "C" { void __asan_report_error(void *pc, void *bp, void *sp, void *addr, int is_write, size_t access_size); - // Sets the exit code to use when reporting an error. - // Returns the old value. - int __asan_set_error_exit_code(int exit_code); - // Deprecated. Call __sanitizer_set_death_callback instead. void __asan_set_death_callback(void (*callback)(void)); diff --git a/contrib/compiler-rt/include/sanitizer/common_interface_defs.h b/contrib/compiler-rt/include/sanitizer/common_interface_defs.h index ef645e5..b2a4bb7 100644 --- a/contrib/compiler-rt/include/sanitizer/common_interface_defs.h +++ b/contrib/compiler-rt/include/sanitizer/common_interface_defs.h @@ -105,12 +105,31 @@ extern "C" { int __sanitizer_verify_contiguous_container(const void *beg, const void *mid, const void *end); + // Similar to __sanitizer_verify_contiguous_container but returns the address + // of the first improperly poisoned byte otherwise. Returns null if the area + // is poisoned properly. + const void *__sanitizer_contiguous_container_find_bad_address( + const void *beg, const void *mid, const void *end); + // Print the stack trace leading to this call. Useful for debugging user code. void __sanitizer_print_stack_trace(); // Sets the callback to be called right before death on error. // Passing 0 will unset the callback. void __sanitizer_set_death_callback(void (*callback)(void)); + + // Interceptor hooks. + // Whenever a libc function interceptor is called it checks if the + // corresponding weak hook is defined, and it so -- calls it. + // The primary use case is data-flow-guided fuzzing, where the fuzzer needs + // to know what is being passed to libc functions, e.g. memcmp. + // FIXME: implement more hooks. + void __sanitizer_weak_hook_memcmp(void *called_pc, const void *s1, + const void *s2, size_t n, int result); + void __sanitizer_weak_hook_strncmp(void *called_pc, const char *s1, + const char *s2, size_t n, int result); + void __sanitizer_weak_hook_strcmp(void *called_pc, const char *s1, + const char *s2, int result); #ifdef __cplusplus } // extern "C" #endif diff --git a/contrib/compiler-rt/include/sanitizer/coverage_interface.h b/contrib/compiler-rt/include/sanitizer/coverage_interface.h index 404b71e..2dcc09f 100644 --- a/contrib/compiler-rt/include/sanitizer/coverage_interface.h +++ b/contrib/compiler-rt/include/sanitizer/coverage_interface.h @@ -27,9 +27,11 @@ extern "C" { // descriptor. Returns -1 on failure, or if coverage dumping is disabled. // This is intended for use by sandboxing code. intptr_t __sanitizer_maybe_open_cov_file(const char *name); - // Get the number of total unique covered entities (blocks, edges, calls). + // Get the number of unique covered blocks (or edges). // This can be useful for coverage-directed in-process fuzzers. uintptr_t __sanitizer_get_total_unique_coverage(); + // Get the number of unique indirect caller-callee pairs. + uintptr_t __sanitizer_get_total_unique_caller_callee_pairs(); // Reset the basic-block (edge) coverage to the initial state. // Useful for in-process fuzzing to start collecting coverage from scratch. @@ -39,6 +41,13 @@ extern "C" { // Some of the entries in *data will be zero. uintptr_t __sanitizer_get_coverage_guards(uintptr_t **data); + // Set *data to the growing buffer with covered PCs and return the size + // of the buffer. The entries are never zero. + // When only unique pcs are collected, the size is equal to + // __sanitizer_get_total_unique_coverage. + // WARNING: EXPERIMENTAL API. + uintptr_t __sanitizer_get_coverage_pc_buffer(uintptr_t **data); + // The coverage instrumentation may optionally provide imprecise counters. // Rather than exposing the counter values to the user we instead map // the counters to a bitset. diff --git a/contrib/compiler-rt/include/sanitizer/dfsan_interface.h b/contrib/compiler-rt/include/sanitizer/dfsan_interface.h index 84ffd49..05666f7 100644 --- a/contrib/compiler-rt/include/sanitizer/dfsan_interface.h +++ b/contrib/compiler-rt/include/sanitizer/dfsan_interface.h @@ -91,16 +91,18 @@ void dfsan_set_write_callback(dfsan_write_callback_t labeled_write_callback); /// <label> <parent label 1> <parent label 2> <label description if any> void dfsan_dump_labels(int fd); +/// Interceptor hooks. /// Whenever a dfsan's custom function is called the corresponding /// hook is called it non-zero. The hooks should be defined by the user. /// The primary use case is taint-guided fuzzing, where the fuzzer /// needs to see the parameters of the function and the labels. /// FIXME: implement more hooks. - -/// memcmp hook. void dfsan_weak_hook_memcmp(void *caller_pc, const void *s1, const void *s2, size_t n, dfsan_label s1_label, dfsan_label s2_label, dfsan_label n_label); +void dfsan_weak_hook_strncmp(void *caller_pc, const char *s1, const char *s2, + size_t n, dfsan_label s1_label, + dfsan_label s2_label, dfsan_label n_label); #ifdef __cplusplus } // extern "C" diff --git a/contrib/compiler-rt/include/sanitizer/lsan_interface.h b/contrib/compiler-rt/include/sanitizer/lsan_interface.h index db017c4..8fb8e75 100644 --- a/contrib/compiler-rt/include/sanitizer/lsan_interface.h +++ b/contrib/compiler-rt/include/sanitizer/lsan_interface.h @@ -43,7 +43,7 @@ extern "C" { // Check for leaks now. This function behaves identically to the default // end-of-process leak check. In particular, it will terminate the process if - // leaks are found and the exit_code flag is non-zero. + // leaks are found and the exitcode runtime flag is non-zero. // Subsequent calls to this function will have no effect and end-of-process // leak check will not run. Effectively, end-of-process leak check is moved to // the time of first invocation of this function. diff --git a/contrib/compiler-rt/include/sanitizer/msan_interface.h b/contrib/compiler-rt/include/sanitizer/msan_interface.h index f54bcaa..6d6a376 100644 --- a/contrib/compiler-rt/include/sanitizer/msan_interface.h +++ b/contrib/compiler-rt/include/sanitizer/msan_interface.h @@ -61,10 +61,6 @@ extern "C" { * is not. */ void __msan_check_mem_is_initialized(const volatile void *x, size_t size); - /* Set exit code when error(s) were detected. - Value of 0 means don't change the program exit code. */ - void __msan_set_exit_code(int exit_code); - /* For testing: __msan_set_expect_umr(1); ... some buggy code ... @@ -92,14 +88,22 @@ extern "C" { Memory will be marked uninitialized, with origin at the call site. */ void __msan_allocated_memory(const volatile void* data, size_t size); + /* Tell MSan about newly destroyed memory. Mark memory as uninitialized. */ + void __sanitizer_dtor_callback(const volatile void* data, size_t size); + /* This function may be optionally provided by user and should return a string containing Msan runtime options. See msan_flags.h for details. */ const char* __msan_default_options(); - /* Sets the callback to be called right before death on error. - Passing 0 will unset the callback. */ + /* Deprecated. Call __sanitizer_set_death_callback instead. */ void __msan_set_death_callback(void (*callback)(void)); + /* Update shadow for the application copy of size bytes from src to dst. + Src and dst are application addresses. This function does not copy the + actual application memory, it only updates shadow and origin for such + copy. Source and destination regions can overlap. */ + void __msan_copy_shadow(const volatile void *dst, const volatile void *src, + size_t size); #ifdef __cplusplus } // extern "C" #endif |