Skip to content

Add clang::lifetimebound annotation to StringRef constructors. #113878

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 28, 2024
Merged

Add clang::lifetimebound annotation to StringRef constructors. #113878

merged 1 commit into from
Oct 28, 2024

Conversation

hokein
Copy link
Collaborator

@hokein hokein commented Oct 28, 2024

Adding the lifetimebound annotation to the ArrayRef's array constructor can enable us to detect the following use-after-free issues:

llvm::StringRef TestZoneName() {
   char test[] = "foo"; // oops, missing static
   return test; // use-after-free.
}

See #113533

@hokein hokein requested review from Xazax-hun and usx95 October 28, 2024 08:02
@llvmbot
Copy link
Member

llvmbot commented Oct 28, 2024

@llvm/pr-subscribers-llvm-adt

Author: Haojian Wu (hokein)

Changes

Adding the lifetimebound annotation to the ArrayRef's array constructor can enable us to detect the following use-after-free issues:

llvm::StringRef TestZoneName() {
   char test[] = "foo"; // oops, missing static
   return test; // use-after-free.
}

See #113533

Full diff: https://github.com/llvm/llvm-project/pull/113878.diff

1 Files Affected:

  • (modified) llvm/include/llvm/ADT/StringRef.h (+3-2)
diff --git a/llvm/include/llvm/ADT/StringRef.h b/llvm/include/llvm/ADT/StringRef.h
index f879bbf7164fd6..0dcd4d90086eff 100644
--- a/llvm/include/llvm/ADT/StringRef.h
+++ b/llvm/include/llvm/ADT/StringRef.h
@@ -81,7 +81,7 @@ namespace llvm {
     StringRef(std::nullptr_t) = delete;
 
     /// Construct a string ref from a cstring.
-    /*implicit*/ constexpr StringRef(const char *Str)
+    /*implicit*/ constexpr StringRef(const char *Str LLVM_LIFETIME_BOUND)
         : View(Str, Str ?
     // GCC 7 doesn't have constexpr char_traits. Fall back to __builtin_strlen.
 #if defined(_GLIBCXX_RELEASE) && _GLIBCXX_RELEASE < 8
@@ -93,7 +93,8 @@ namespace llvm {
     }
 
     /// Construct a string ref from a pointer and length.
-    /*implicit*/ constexpr StringRef(const char *data, size_t length)
+    /*implicit*/ constexpr StringRef(const char *data LLVM_LIFETIME_BOUND,
+                                     size_t length)
         : View(data, length) {}
 
     /// Construct a string ref from an std::string.

Xazax-hun
Xazax-hun approved these changes Oct 28, 2024
View reviewed changes
Copy link
Collaborator

@Xazax-hun Xazax-hun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks!

@hokein hokein merged commit 9090430 into llvm:main Oct 28, 2024
10 checks passed
@hokein hokein deleted the lb-string-ref branch October 28, 2024 13:28
@llvm-ci
Copy link
Collaborator

llvm-ci commented Oct 28, 2024

LLVM Buildbot has detected a new failure on builder clang-m68k-linux-cross running on suse-gary-m68k-cross while building llvm at step 4 "build stage 1".

Full details are available at: https://lab.llvm.org/buildbot/#/builders/27/builds/1111

Here is the relevant piece of the build log for the reference 
Step 4 (build stage 1) failure: 'ninja' (failure)
...
                 from /var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/lib/Sema/CoroutineStmtBuilder.h:20,
                 from /var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/lib/Sema/TreeTransform.h:16,
                 from /var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/lib/Sema/SemaConcept.cpp:14:
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::UnusedFileScopedDecls’ [-Wattributes]
  463 | class Sema final : public SemaBase {
      |       ^~~~
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::TentativeDefinitions’ [-Wattributes]
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::ExtVectorDecls’ [-Wattributes]
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::DelegatingCtorDecls’ [-Wattributes]
[1473/4229] Building CXX object tools/clang/lib/Sema/CMakeFiles/obj.clangSema.dir/SemaExpr.cpp.o
FAILED: tools/clang/lib/Sema/CMakeFiles/obj.clangSema.dir/SemaExpr.cpp.o 
/usr/bin/c++ -DCLANG_EXPORTS -DGTEST_HAS_RTTI=0 -D_DEBUG -D_GLIBCXX_ASSERTIONS -D_GNU_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS -I/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/stage1/tools/clang/lib/Sema -I/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/lib/Sema -I/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include -I/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/stage1/tools/clang/include -I/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/stage1/include -I/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/llvm/include -fPIC -fno-semantic-interposition -fvisibility-inlines-hidden -Werror=date-time -fno-lifetime-dse -Wall -Wextra -Wno-unused-parameter -Wwrite-strings -Wcast-qual -Wno-missing-field-initializers -pedantic -Wno-long-long -Wimplicit-fallthrough -Wno-maybe-uninitialized -Wno-nonnull -Wno-class-memaccess -Wno-redundant-move -Wno-pessimizing-move -Wno-noexcept-type -Wdelete-non-virtual-dtor -Wsuggest-override -Wno-comment -Wno-misleading-indentation -Wctad-maybe-unsupported -fdiagnostics-color -ffunction-sections -fdata-sections -fno-common -Woverloaded-virtual -fno-strict-aliasing -O3 -DNDEBUG -std=c++17  -fno-exceptions -funwind-tables -fno-rtti -UNDEBUG -MD -MT tools/clang/lib/Sema/CMakeFiles/obj.clangSema.dir/SemaExpr.cpp.o -MF tools/clang/lib/Sema/CMakeFiles/obj.clangSema.dir/SemaExpr.cpp.o.d -o tools/clang/lib/Sema/CMakeFiles/obj.clangSema.dir/SemaExpr.cpp.o -c /var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/lib/Sema/SemaExpr.cpp
In file included from /var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/lib/Sema/CheckExprLifetime.h:17,
                 from /var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/lib/Sema/SemaExpr.cpp:13:
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::UnusedFileScopedDecls’ [-Wattributes]
  463 | class Sema final : public SemaBase {
      |       ^~~~
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::TentativeDefinitions’ [-Wattributes]
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::ExtVectorDecls’ [-Wattributes]
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::DelegatingCtorDecls’ [-Wattributes]
c++: fatal error: Killed signal terminated program cc1plus
compilation terminated.
[1474/4229] Building CXX object tools/clang/lib/Parse/CMakeFiles/obj.clangParse.dir/ParseInit.cpp.o
In file included from /var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Parse/Parser.h:20,
                 from /var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/lib/Parse/ParseInit.cpp:15:
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::UnusedFileScopedDecls’ [-Wattributes]
  463 | class Sema final : public SemaBase {
      |       ^~~~
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::TentativeDefinitions’ [-Wattributes]
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::ExtVectorDecls’ [-Wattributes]
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::DelegatingCtorDecls’ [-Wattributes]
[1475/4229] Building CXX object tools/clang/lib/Parse/CMakeFiles/obj.clangParse.dir/ParseAST.cpp.o
In file included from /var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Parse/Parser.h:20,
                 from /var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/lib/Parse/ParseAST.cpp:19:
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::UnusedFileScopedDecls’ [-Wattributes]
  463 | class Sema final : public SemaBase {
      |       ^~~~
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::TentativeDefinitions’ [-Wattributes]
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::ExtVectorDecls’ [-Wattributes]
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::DelegatingCtorDecls’ [-Wattributes]
[1476/4229] Building CXX object tools/clang/lib/Sema/CMakeFiles/obj.clangSema.dir/SemaAvailability.cpp.o
In file included from /var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/DelayedDiagnostic.h:32,
                 from /var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/lib/Sema/SemaAvailability.cpp:22:
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::UnusedFileScopedDecls’ [-Wattributes]
  463 | class Sema final : public SemaBase {
      |       ^~~~
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::TentativeDefinitions’ [-Wattributes]
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::ExtVectorDecls’ [-Wattributes]
/var/lib/buildbot/workers/suse-gary-m68k-cross/clang-m68k-linux-cross/llvm/clang/include/clang/Sema/Sema.h:463:7: warning: ‘clang::Sema’ declared with greater visibility than the type of its field ‘clang::Sema::DelegatingCtorDecls’ [-Wattributes]

@llvm-ci
Copy link
Collaborator

llvm-ci commented Oct 28, 2024

LLVM Buildbot has detected a new failure on builder sanitizer-x86_64-linux-qemu running on sanitizer-buildbot4 while building llvm at step 2 "annotate".

Full details are available at: https://lab.llvm.org/buildbot/#/builders/139/builds/5492

Here is the relevant piece of the build log for the reference 
Step 2 (annotate) failure: 'python ../sanitizer_buildbot/sanitizers/zorg/buildbot/builders/sanitizers/buildbot_selector.py' (failure)
...
[305/310] Building CXX object tools/llvm-objdump/CMakeFiles/llvm-objdump.dir/llvm-objdump.cpp.o
[306/310] Linking CXX executable bin/llvm-objdump
[307/310] Building CXX object tools/llvm-readobj/CMakeFiles/llvm-readobj.dir/ELFDumper.cpp.o
[308/310] Linking CXX executable bin/llvm-readobj
[309/310] Generating ../../bin/llvm-readelf
[309/310] Running the HWAddressSanitizer tests with Intel LAM
llvm-lit: /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/lit.common.cfg.py:380: warning: %device_rm is not implemented
llvm-lit: /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/llvm/utils/lit/lit/main.py:72: note: The test suite configuration requested an individual test timeout of 0 seconds but a timeout of 900 seconds was requested on the command line. Forcing timeout to be 900 seconds.
-- Testing: 108 of 109 tests, 88 workers --
Testing:  0.. 10.. 20.. 30.. 40.. 50..
FAIL: HWAddressSanitizer-x86_64 :: TestCases/pthread_create.c (64 of 108)
******************** TEST 'HWAddressSanitizer-x86_64 :: TestCases/pthread_create.c' FAILED ********************
Exit Code: 99

Command Output (stderr):
--
RUN: at line 2: /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/./bin/clang   -m64  -gline-tables-only -fsanitize=hwaddress -fuse-ld=lld -mllvm -hwasan-generate-tags-with-calls=1 -mllvm -hwasan-globals -mllvm -hwasan-use-short-granules -mllvm -hwasan-instrument-landing-pads=0 -mllvm -hwasan-instrument-personality-functions /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/hwasan/TestCases/pthread_create.c -o /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/pthread_create.c.tmp
+ /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/./bin/clang -m64 -gline-tables-only -fsanitize=hwaddress -fuse-ld=lld -mllvm -hwasan-generate-tags-with-calls=1 -mllvm -hwasan-globals -mllvm -hwasan-use-short-granules -mllvm -hwasan-instrument-landing-pads=0 -mllvm -hwasan-instrument-personality-functions /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/hwasan/TestCases/pthread_create.c -o /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/pthread_create.c.tmp
RUN: at line 3: env HWASAN_OPTIONS=disable_allocator_tagging=1:random_tags=0:fail_without_syscall_abi=0:random_tags=1 env SSH_CONTROL_SOCKET=/home/b/sanitizer-x86_64-linux-qemu/build/qemu_tmp/ssh-control-socket /home/b/sanitizer-x86_64-linux-qemu/sanitizer_buildbot/sanitizers/zorg/buildbot/builders/sanitizers/ssh_run.sh /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/pthread_create.c.tmp
+ env HWASAN_OPTIONS=disable_allocator_tagging=1:random_tags=0:fail_without_syscall_abi=0:random_tags=1 env SSH_CONTROL_SOCKET=/home/b/sanitizer-x86_64-linux-qemu/build/qemu_tmp/ssh-control-socket /home/b/sanitizer-x86_64-linux-qemu/sanitizer_buildbot/sanitizers/zorg/buildbot/builders/sanitizers/ssh_run.sh /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/pthread_create.c.tmp
HWAddressSanitizer: CHECK failed: sanitizer_linux_libcdep.cpp:181 "((pthread_getattr_np(pthread_self(), &attr))) == ((0))" (0xe, 0x0) (tid=734)
    #0 0x556f982c3382 in __hwasan::CheckUnwind() /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/hwasan/hwasan.cpp:165:3
    #1 0x556f982f24f2 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:86:5
    #2 0x556f982f306b in __sanitizer::GetThreadStackTopAndBottom(bool, unsigned long*, unsigned long*) /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:181:3
    #3 0x556f982f339f in __sanitizer::GetThreadStackAndTls(bool, unsigned long*, unsigned long*, unsigned long*, unsigned long*) /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:688:3
    #4 0x556f982dc8d1 in __hwasan::Thread::Init(unsigned long, unsigned long, __hwasan::Thread::InitState const*) /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/hwasan/hwasan_thread.cpp:59:3
    #5 0x556f982d754f in __hwasan::HwasanThreadList::CreateCurrentThread(__hwasan::Thread::InitState const*) /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/hwasan/hwasan_thread_list.h:110:8
    #6 0x556f982d7cbf in __hwasan_thread_enter /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/hwasan/hwasan_linux.cpp:576:22
    #7 0x556f982d6d3b in HwasanThreadStartFunc(void*) /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/hwasan/hwasan_interceptors.cpp:253:3
    #8 0x7f0b4c86ca93  (/lib/x86_64-linux-gnu/libc.so.6+0x9ca93) (BuildId: 232274c0019767b821da1c6ebc2df43e60503035)
    #9 0x7f0b4c8f9c3b  (/lib/x86_64-linux-gnu/libc.so.6+0x129c3b) (BuildId: 232274c0019767b821da1c6ebc2df43e60503035)


--

********************
Testing:  0.. 10.. 20.. 30.. 40.. 50..
FAIL: HWAddressSanitizer-x86_64 :: TestCases/many-threads-uaf.c (65 of 108)
******************** TEST 'HWAddressSanitizer-x86_64 :: TestCases/many-threads-uaf.c' FAILED ********************
Exit Code: 1

Command Output (stderr):
--
RUN: at line 1: /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/./bin/clang   -m64  -gline-tables-only -fsanitize=hwaddress -fuse-ld=lld -mllvm -hwasan-generate-tags-with-calls=1 -mllvm -hwasan-globals -mllvm -hwasan-use-short-granules -mllvm -hwasan-instrument-landing-pads=0 -mllvm -hwasan-instrument-personality-functions /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c -o /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/many-threads-uaf.c.tmp && not env HWASAN_OPTIONS=disable_allocator_tagging=1:random_tags=0:fail_without_syscall_abi=0:verbose_threads=1 env SSH_CONTROL_SOCKET=/home/b/sanitizer-x86_64-linux-qemu/build/qemu_tmp/ssh-control-socket /home/b/sanitizer-x86_64-linux-qemu/sanitizer_buildbot/sanitizers/zorg/buildbot/builders/sanitizers/ssh_run.sh /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/many-threads-uaf.c.tmp 2>&1 | FileCheck /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c
+ /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/./bin/clang -m64 -gline-tables-only -fsanitize=hwaddress -fuse-ld=lld -mllvm -hwasan-generate-tags-with-calls=1 -mllvm -hwasan-globals -mllvm -hwasan-use-short-granules -mllvm -hwasan-instrument-landing-pads=0 -mllvm -hwasan-instrument-personality-functions /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c -o /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/many-threads-uaf.c.tmp
+ FileCheck /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c
+ not env HWASAN_OPTIONS=disable_allocator_tagging=1:random_tags=0:fail_without_syscall_abi=0:verbose_threads=1 env SSH_CONTROL_SOCKET=/home/b/sanitizer-x86_64-linux-qemu/build/qemu_tmp/ssh-control-socket /home/b/sanitizer-x86_64-linux-qemu/sanitizer_buildbot/sanitizers/zorg/buildbot/builders/sanitizers/ssh_run.sh /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/many-threads-uaf.c.tmp
/home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c:17:11: error: CHECK: expected string not found in input
// CHECK: Creating : T1
Step 30 (test hwasan x86_64_lam_qemu) failure: test hwasan x86_64_lam_qemu (failure)
...
[305/310] Building CXX object tools/llvm-objdump/CMakeFiles/llvm-objdump.dir/llvm-objdump.cpp.o
[306/310] Linking CXX executable bin/llvm-objdump
[307/310] Building CXX object tools/llvm-readobj/CMakeFiles/llvm-readobj.dir/ELFDumper.cpp.o
[308/310] Linking CXX executable bin/llvm-readobj
[309/310] Generating ../../bin/llvm-readelf
[309/310] Running the HWAddressSanitizer tests with Intel LAM
llvm-lit: /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/lit.common.cfg.py:380: warning: %device_rm is not implemented
llvm-lit: /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/llvm/utils/lit/lit/main.py:72: note: The test suite configuration requested an individual test timeout of 0 seconds but a timeout of 900 seconds was requested on the command line. Forcing timeout to be 900 seconds.
-- Testing: 108 of 109 tests, 88 workers --
Testing:  0.. 10.. 20.. 30.. 40.. 50..
FAIL: HWAddressSanitizer-x86_64 :: TestCases/pthread_create.c (64 of 108)
******************** TEST 'HWAddressSanitizer-x86_64 :: TestCases/pthread_create.c' FAILED ********************
Exit Code: 99

Command Output (stderr):
--
RUN: at line 2: /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/./bin/clang   -m64  -gline-tables-only -fsanitize=hwaddress -fuse-ld=lld -mllvm -hwasan-generate-tags-with-calls=1 -mllvm -hwasan-globals -mllvm -hwasan-use-short-granules -mllvm -hwasan-instrument-landing-pads=0 -mllvm -hwasan-instrument-personality-functions /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/hwasan/TestCases/pthread_create.c -o /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/pthread_create.c.tmp
+ /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/./bin/clang -m64 -gline-tables-only -fsanitize=hwaddress -fuse-ld=lld -mllvm -hwasan-generate-tags-with-calls=1 -mllvm -hwasan-globals -mllvm -hwasan-use-short-granules -mllvm -hwasan-instrument-landing-pads=0 -mllvm -hwasan-instrument-personality-functions /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/hwasan/TestCases/pthread_create.c -o /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/pthread_create.c.tmp
RUN: at line 3: env HWASAN_OPTIONS=disable_allocator_tagging=1:random_tags=0:fail_without_syscall_abi=0:random_tags=1 env SSH_CONTROL_SOCKET=/home/b/sanitizer-x86_64-linux-qemu/build/qemu_tmp/ssh-control-socket /home/b/sanitizer-x86_64-linux-qemu/sanitizer_buildbot/sanitizers/zorg/buildbot/builders/sanitizers/ssh_run.sh /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/pthread_create.c.tmp
+ env HWASAN_OPTIONS=disable_allocator_tagging=1:random_tags=0:fail_without_syscall_abi=0:random_tags=1 env SSH_CONTROL_SOCKET=/home/b/sanitizer-x86_64-linux-qemu/build/qemu_tmp/ssh-control-socket /home/b/sanitizer-x86_64-linux-qemu/sanitizer_buildbot/sanitizers/zorg/buildbot/builders/sanitizers/ssh_run.sh /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/pthread_create.c.tmp
HWAddressSanitizer: CHECK failed: sanitizer_linux_libcdep.cpp:181 "((pthread_getattr_np(pthread_self(), &attr))) == ((0))" (0xe, 0x0) (tid=734)
    #0 0x556f982c3382 in __hwasan::CheckUnwind() /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/hwasan/hwasan.cpp:165:3
    #1 0x556f982f24f2 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:86:5
    #2 0x556f982f306b in __sanitizer::GetThreadStackTopAndBottom(bool, unsigned long*, unsigned long*) /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:181:3
    #3 0x556f982f339f in __sanitizer::GetThreadStackAndTls(bool, unsigned long*, unsigned long*, unsigned long*, unsigned long*) /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:688:3
    #4 0x556f982dc8d1 in __hwasan::Thread::Init(unsigned long, unsigned long, __hwasan::Thread::InitState const*) /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/hwasan/hwasan_thread.cpp:59:3
    #5 0x556f982d754f in __hwasan::HwasanThreadList::CreateCurrentThread(__hwasan::Thread::InitState const*) /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/hwasan/hwasan_thread_list.h:110:8
    #6 0x556f982d7cbf in __hwasan_thread_enter /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/hwasan/hwasan_linux.cpp:576:22
    #7 0x556f982d6d3b in HwasanThreadStartFunc(void*) /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/lib/hwasan/hwasan_interceptors.cpp:253:3
    #8 0x7f0b4c86ca93  (/lib/x86_64-linux-gnu/libc.so.6+0x9ca93) (BuildId: 232274c0019767b821da1c6ebc2df43e60503035)
    #9 0x7f0b4c8f9c3b  (/lib/x86_64-linux-gnu/libc.so.6+0x129c3b) (BuildId: 232274c0019767b821da1c6ebc2df43e60503035)


--

********************
Testing:  0.. 10.. 20.. 30.. 40.. 50..
FAIL: HWAddressSanitizer-x86_64 :: TestCases/many-threads-uaf.c (65 of 108)
******************** TEST 'HWAddressSanitizer-x86_64 :: TestCases/many-threads-uaf.c' FAILED ********************
Exit Code: 1

Command Output (stderr):
--
RUN: at line 1: /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/./bin/clang   -m64  -gline-tables-only -fsanitize=hwaddress -fuse-ld=lld -mllvm -hwasan-generate-tags-with-calls=1 -mllvm -hwasan-globals -mllvm -hwasan-use-short-granules -mllvm -hwasan-instrument-landing-pads=0 -mllvm -hwasan-instrument-personality-functions /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c -o /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/many-threads-uaf.c.tmp && not env HWASAN_OPTIONS=disable_allocator_tagging=1:random_tags=0:fail_without_syscall_abi=0:verbose_threads=1 env SSH_CONTROL_SOCKET=/home/b/sanitizer-x86_64-linux-qemu/build/qemu_tmp/ssh-control-socket /home/b/sanitizer-x86_64-linux-qemu/sanitizer_buildbot/sanitizers/zorg/buildbot/builders/sanitizers/ssh_run.sh /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/many-threads-uaf.c.tmp 2>&1 | FileCheck /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c
+ /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/./bin/clang -m64 -gline-tables-only -fsanitize=hwaddress -fuse-ld=lld -mllvm -hwasan-generate-tags-with-calls=1 -mllvm -hwasan-globals -mllvm -hwasan-use-short-granules -mllvm -hwasan-instrument-landing-pads=0 -mllvm -hwasan-instrument-personality-functions /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c -o /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/many-threads-uaf.c.tmp
+ FileCheck /home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c
+ not env HWASAN_OPTIONS=disable_allocator_tagging=1:random_tags=0:fail_without_syscall_abi=0:verbose_threads=1 env SSH_CONTROL_SOCKET=/home/b/sanitizer-x86_64-linux-qemu/build/qemu_tmp/ssh-control-socket /home/b/sanitizer-x86_64-linux-qemu/sanitizer_buildbot/sanitizers/zorg/buildbot/builders/sanitizers/ssh_run.sh /home/b/sanitizer-x86_64-linux-qemu/build/llvm_build2_x86_64_lam_qemu/projects/compiler-rt/test/hwasan/X86_64/TestCases/Output/many-threads-uaf.c.tmp
/home/b/sanitizer-x86_64-linux-qemu/build/llvm-project/compiler-rt/test/hwasan/TestCases/many-threads-uaf.c:17:11: error: CHECK: expected string not found in input
// CHECK: Creating : T1

NoumanAmir657 pushed a commit to NoumanAmir657/llvm-project that referenced this pull request Nov 4, 2024
@hokein @NoumanAmir657
Add clang::lifetimebound annotation to StringRef constructors. (llvm#…
d7ea768 
…113878)

Adding the lifetimebound annotation to the ArrayRef's array constructor
can enable us to detect the following use-after-free issues:

```
llvm::StringRef TestZoneName() {
   char test[] = "foo"; // oops, missing static
   return test; // use-after-free.
}
```

See llvm#113533
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Xazax-hun Xazax-hun Xazax-hun approved these changes

@usx95 usx95 usx95 approved these changes

Assignees
No one assigned
Labels
llvm:adt
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@hokein @llvmbot @llvm-ci @Xazax-hun @usx95