This is an archive of the discontinued LLVM Phabricator instance.

Differential D5082

Implement nonnull-attribute sanitizer
ClosedPublic

Authored by samsonov on Aug 26 2014, 4:30 PM.

Details

Reviewers
rsmith
Commits
rG8e1162c71d40: Implement nonnull-attribute sanitizer
rCRT217389: Implement nonnull-attribute sanitizer
rC217389: Implement nonnull-attribute sanitizer
rL217389: Implement nonnull-attribute sanitizer
Summary

This patch implements a new UBSan check, which verifies
that function arguments declared to be nonnull with attribute((nonnull))
are actually nonnull in runtime.

To implement this check, we pass FunctionDecl to CodeGenFunction::EmitCallArgs
(where applicable) and if function declaration has nonnull attribute specified
for a certain formal parameter, we compare the corresponding RValue to null as
soon as it's calculated.

Diff Detail

Event Timeline

samsonov updated this revision to Diff 12975.Aug 26 2014, 4:30 PM
samsonov retitled this revision from to Implement nonnull-attribute sanitizer.
samsonov updated this object.
samsonov edited the test plan for this revision. (Show Details)
samsonov added a reviewer: rsmith.
samsonov added subscribers: rnk, Unknown Object (MLST).
rsmith added inline comments.Aug 26 2014, 4:51 PM
projects/compiler-rt/lib/ubsan/ubsan_handlers.cc
378

Please consistently use either NonNull or Nonnull.

tools/clang/lib/CodeGen/CGCall.cpp
2423–2424

What should happen here:

__attribute__((nonnull)) void f(const char *, ...);
int main() { void *p = 0; f("%s", p); }

(I have no idea if the attribute applies in this case.)

2425–2429

Can a function have multiple __attribute__((nonnull(N)))s on it?

2431

What guarantees this? I don't see where you're checking that the parameter is of a pointer type.

samsonov added inline comments.Aug 26 2014, 6:24 PM
projects/compiler-rt/lib/ubsan/ubsan_handlers.cc
378

Done

tools/clang/lib/CodeGen/CGCall.cpp
2423–2424

Neither am I :( GCC docs say that "If no argument index list is given to the nonnull attribute, all pointer arguments are marked as non-null", but it's not clear if it refers to call arguments, or formal parameters. What is worse, GCC and Clang seem to disagree on this:

$ cat tmp/ubsan/bad.cpp
__attribute__((nonnull)) void *foo2(int *a, ...);

void bar() { foo2(0, (void*)0); }
$ g++ -Wnonnull -Wall tmp/ubsan/bad.cpp -c -o /dev/null
tmp/ubsan/bad.cpp: In function ‘void bar()’:
tmp/ubsan/bad.cpp:3:30: warning: null argument where non-null required (argument 1) [-Wnonnull]
void bar() { foo2(0, (void*)0); }
                            ^
tmp/ubsan/bad.cpp:3:30: warning: null argument where non-null required (argument 2) [-Wnonnull]
$ ./bin/clang++ -Wnonnull -Wall tmp/ubsan/bad.cpp -c -o /dev/null
tmp/ubsan/bad.cpp:3:30: warning: null passed to a callee which requires a non-null argument [-Wnonnull]
void bar() { foo2(0, (void*)0); }
                  ~          ^
1 warning generated.

Sigh. Should Clang strive for GCC-compatible behavior, or you have the idea of which behavior is "more predictable" in this case?

2425–2429

Nice catch! Both Clang and GCC accept this code and seem to calculate union of all arguments passed into nonnull().

$ cat tmp/ubsan/bad.cpp
__attribute__((nonnull(1)))
__attribute__((nonnull(2)))
void foo(int *a, int *a2);
void bar() { foo(0, 0); }
$ g++ -Wnonnull -Wall tmp/ubsan/bad.cpp -c -o /dev/null
tmp/ubsan/bad.cpp: In function ‘void bar()’:
tmp/ubsan/bad.cpp:9:11: warning: null argument where non-null required (argument 1) [-Wnonnull]
   foo(0, 0);
           ^
tmp/ubsan/bad.cpp:9:11: warning: null argument where non-null required (argument 2) [-Wnonnull]
$ ./bin/clang++ -Wnonnull -Wall tmp/ubsan/bad.cpp -c -o /dev/null
tmp/ubsan/bad.cpp:9:11: warning: null passed to a callee which requires a non-null argument [-Wnonnull]
  foo(0, 0);
         ~^
tmp/ubsan/bad.cpp:9:11: warning: null passed to a callee which requires a non-null argument [-Wnonnull]
  foo(0, 0);
      ~   ^
2 warnings generated.

The code as written won't handle this case properly (the last nonnull() attribute in function declaration will win). Sadly, there is the same problem already present in EmitFunctionProlog() function. I will work on a fix in a separate change.

2431

This seems to be handled by Sema:

tmp/ubsan/bad.cpp:1:33: warning: 'nonnull' attribute only applies to pointer arguments [-Wignored-attributes]
void foo(int *a, __attribute__((nonnull)) int b);
                 ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
rsmith added inline comments.Aug 26 2014, 8:44 PM
tools/clang/lib/CodeGen/CGCall.cpp
2423–2424

I think the GCC behavior makes more sense. We should fix the frontend to also understand this, and model it properly in the AST. Our current representation doesn't work.

2431

I was thinking about this case:

void f(non_scalar_type x) __attribute__((nonnull));
void g() { f(x); }

... but it looks like the attribute handling flattens the attribute into a list of parameters when it's applied. That's broken in several ways, alas. For instance, we fail to diagnose this properly:

template<typename T> __attribute__((nonnull)) void f(T t);
void g() { f((void*)0); }

... because we can't preserve that we had a parameter-less nonnull attribute until we get to template instantiation.

rsmith edited edge metadata.Aug 26 2014, 10:10 PM

The frontend should deal with this a lot better as of r216520.

samsonov updated this revision to Diff 13017.Aug 27 2014, 6:43 PM
samsonov edited edge metadata.

Rebase patch to incorporate various recent fixes to nonnull
attribute handling. Add support for vararg functions with nonnull attribute.

tools/clang/lib/CodeGen/CGCall.cpp
2423–2424

Vararg sanitization should now work.

2425–2429

Fixed

2431

Fixed

rsmith added inline comments.Aug 27 2014, 6:52 PM
tools/clang/lib/CodeGen/CGCall.cpp
2437

Is there a reason to pass ArgNo as dynamic data rather than static?

samsonov updated this revision to Diff 13046.Aug 28 2014, 10:58 AM

Move ArgNo to static data.

samsonov added inline comments.Aug 28 2014, 10:59 AM
tools/clang/lib/CodeGen/CGCall.cpp
2437

Right, we can move it to static data now, as we now discriminate checks for different call arguments by source location anyway. Done.

samsonov added a comment.Sep 2 2014, 10:25 AM

Any more comments on this?

samsonov added a comment.Sep 5 2014, 1:30 PM

(ping)

rsmith added a comment.Sep 5 2014, 2:12 PM

One diagnostic quality comment, otherwise this looks fine.

projects/compiler-rt/lib/ubsan/ubsan_handlers.cc
365

It would seem better to point to the attribute rather than just to the function.

samsonov updated this revision to Diff 13346.Sep 5 2014, 2:44 PM

Provide source location of nonnull attribute declaration,
instead of function declaration.

samsonov added inline comments.Sep 5 2014, 2:45 PM
projects/compiler-rt/lib/ubsan/ubsan_handlers.cc
365

Done.

Side note: do you it makes sense to provide source location of returns_nonnull attribute as well? (I'd say it could make sense, as attribute is attached to function declaration, which might be in a completely different where definition is).

rsmith accepted this revision.Sep 6 2014, 3:42 AM
rsmith edited edge metadata.

Yes, I think it makes sense for returns_nonnull too.

projects/compiler-rt/lib/ubsan/ubsan_handlers.h
135

Maybe AttrLoc?

This revision is now accepted and ready to land.Sep 6 2014, 3:42 AM
samsonov added inline comments.Sep 8 2014, 10:00 AM
projects/compiler-rt/lib/ubsan/ubsan_handlers.h
135

Done

samsonov updated this revision to Diff 13406.Sep 8 2014, 10:00 AM
samsonov edited edge metadata.

Address review comment.

samsonov updated this revision to Diff 13407.Sep 8 2014, 10:31 AM

Document new UBSan option (-fsanitize=nonnull-attribute).

samsonov closed this revision.Sep 8 2014, 10:32 AM

Revision Contents

PathSize
projects/
compiler-rt/
lib/
ubsan/
9 lines
29 lines
test/
ubsan/
TestCases/
Misc/
58 lines
tools/
clang/
docs/
2 lines
include/
clang/
Basic/
14 lines
lib/
CodeGen/
57 lines
5 lines
3 lines
23 lines
7 lines
test/
CodeGen/
29 lines
Driver/
8 lines

Diff 13407

projects/compiler-rt/lib/ubsan/ubsan_handlers.h

Show First 20 LinesShow All 124 Lines▼ Show 20 Lines
struct NonNullReturnData { struct NonNullReturnData {
SourceLocation Loc; SourceLocation Loc;
}; };
/// \brief Handle returning null from function with returns_nonnull attribute. /// \brief Handle returning null from function with returns_nonnull attribute.
RECOVERABLE(nonnull_return, NonNullReturnData *Data) RECOVERABLE(nonnull_return, NonNullReturnData *Data)
struct NonNullArgData {
SourceLocation Loc;
SourceLocation AttrLoc;
rsmithUnsubmitted
Not Done
ReplyInline Actions

Maybe AttrLoc?

rsmith: Maybe AttrLoc?
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

samsonov: Done
int ArgIndex;
};
/// \brief Handle passing null pointer to function with nonnull attribute.
RECOVERABLE(nonnull_arg, NonNullArgData *Data);
} }
#endif // UBSAN_HANDLERS_H #endif // UBSAN_HANDLERS_H

projects/compiler-rt/lib/ubsan/ubsan_handlers.cc

Show First 20 LinesShow All 325 Lines▼ Show 20 Lines
} }
void __ubsan::__ubsan_handle_function_type_mismatch_abort( void __ubsan::__ubsan_handle_function_type_mismatch_abort(
FunctionTypeMismatchData *Data, ValueHandle Function) { FunctionTypeMismatchData *Data, ValueHandle Function) {
GET_REPORT_OPTIONS(true); GET_REPORT_OPTIONS(true);
handleFunctionTypeMismatch(Data, Function, Opts); handleFunctionTypeMismatch(Data, Function, Opts);
} }
static void handleNonnullReturn(NonNullReturnData *Data, ReportOptions Opts) { static void handleNonNullReturn(NonNullReturnData *Data, ReportOptions Opts) {
SourceLocation Loc = Data->Loc.acquire(); SourceLocation Loc = Data->Loc.acquire();
if (Loc.isDisabled()) if (Loc.isDisabled())
return; return;
ScopedReport R(Opts); ScopedReport R(Opts);
Diag(Loc, DL_Error, "null pointer returned from function declared to never " Diag(Loc, DL_Error, "null pointer returned from function declared to never "
"return null"); "return null");
} }
void __ubsan::__ubsan_handle_nonnull_return(NonNullReturnData *Data) { void __ubsan::__ubsan_handle_nonnull_return(NonNullReturnData *Data) {
GET_REPORT_OPTIONS(false); GET_REPORT_OPTIONS(false);
handleNonnullReturn(Data, Opts); handleNonNullReturn(Data, Opts);
} }
void __ubsan::__ubsan_handle_nonnull_return_abort(NonNullReturnData *Data) { void __ubsan::__ubsan_handle_nonnull_return_abort(NonNullReturnData *Data) {
GET_REPORT_OPTIONS(true); GET_REPORT_OPTIONS(true);
handleNonnullReturn(Data, Opts); handleNonNullReturn(Data, Opts);
}
static void handleNonNullArg(NonNullArgData *Data, ReportOptions Opts) {
SourceLocation Loc = Data->Loc.acquire();
if (Loc.isDisabled())
return;
ScopedReport R(Opts);
Diag(Loc, DL_Error, "null pointer passed as argument %0, which is declared to "
"never be null") << Data->ArgIndex;
if (!Data->AttrLoc.isInvalid())
Diag(Data->AttrLoc, DL_Note, "nonnull attribute specified here");
rsmithUnsubmitted
Not Done
ReplyInline Actions

It would seem better to point to the attribute rather than just to the function.

rsmith: It would seem better to point to the attribute rather than just to the function.
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Done.

Side note: do you it makes sense to provide source location of returns_nonnull attribute as well? (I'd say it could make sense, as attribute is attached to function declaration, which might be in a completely different where definition is).

samsonov: Done. Side note: do you it makes sense to provide source location of returns_nonnull attribute…
}
void __ubsan::__ubsan_handle_nonnull_arg(NonNullArgData *Data) {
GET_REPORT_OPTIONS(false);
handleNonNullArg(Data, Opts);
}
void __ubsan::__ubsan_handle_nonnull_arg_abort(NonNullArgData *Data) {
GET_REPORT_OPTIONS(true);
handleNonNullArg(Data, Opts);
} }
rsmithUnsubmitted
Not Done
ReplyInline Actions

Please consistently use either NonNull or Nonnull.

rsmith: Please consistently use either `NonNull` or `Nonnull`.
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

samsonov: Done

projects/compiler-rt/test/ubsan/TestCases/Misc/nonnull-arg.cpp

  • This file was added.
// RUN: %clangxx -fsanitize=nonnull-attribute -fno-sanitize-recover %s -O3 -o %t
// RUN: %run %t nc
// RUN: %run %t nm
// RUN: %run %t nf
// RUN: %run %t nv
// RUN: not %run %t 0c 2>&1 | FileCheck %s --check-prefix=CTOR
// RUN: not %run %t 0m 2>&1 | FileCheck %s --check-prefix=METHOD
// RUN: not %run %t 0f 2>&1 | FileCheck %s --check-prefix=FUNC
// RUN: not %run %t 0v 2>&1 | FileCheck %s --check-prefix=VARIADIC
class C {
int *null_;
int *nonnull_;
public:
C(int *null, __attribute__((nonnull)) int *nonnull)
: null_(null), nonnull_(nonnull) {}
int value() { return *nonnull_; }
int method(int *nonnull, int *null) __attribute__((nonnull(2))) {
return *nonnull_ + *nonnull;
}
};
__attribute__((nonnull)) int func(int *nonnull) { return *nonnull; }
#include <stdarg.h>
__attribute__((nonnull)) int variadic(int x, ...) {
va_list args;
va_start(args, x);
int *nonnull = va_arg(args, int*);
int res = *nonnull;
va_end(args);
return res;
}
int main(int argc, char *argv[]) {
int local = 0;
int *arg = (argv[1][0] == '0') ? 0x0 : &local;
switch (argv[1][1]) {
case 'c':
return C(0x0, arg).value();
// CTOR: {{.*}}nonnull-arg.cpp:[[@LINE-1]]:21: runtime error: null pointer passed as argument 2, which is declared to never be null
// CTOR-NEXT: {{.*}}nonnull-arg.cpp:16:31: note: nonnull attribute specified here
case 'm':
return C(0x0, &local).method(arg, 0x0);
// METHOD: {{.*}}nonnull-arg.cpp:[[@LINE-1]]:36: runtime error: null pointer passed as argument 1, which is declared to never be null
// METHOD-NEXT: {{.*}}nonnull-arg.cpp:19:54: note: nonnull attribute specified here
case 'f':
return func(arg);
// FUNC: {{.*}}nonnull-arg.cpp:[[@LINE-1]]:19: runtime error: null pointer passed as argument 1, which is declared to never be null
// FUNC-NEXT: {{.*}}nonnull-arg.cpp:24:16: note: nonnull attribute specified here
case 'v':
return variadic(42, arg);
// VARIADIC: {{.*}}nonnull-arg.cpp:[[@LINE-1]]:27: runtime error: null pointer passed as argument 2, which is declared to never be null
// VARIADIC-NEXT: {{.*}}nonnull-arg.cpp:27:16: note: nonnull attribute specified here
}
return 0;
}

tools/clang/docs/UsersManual.rst

Show First 20 LinesShow All 971 Lines▼ Show 20 Lines**-f[no-]sanitize=check1,check2,...**
- ``-fsanitize=float-cast-overflow``: Conversion to, from, or - ``-fsanitize=float-cast-overflow``: Conversion to, from, or
between floating-point types which would overflow the between floating-point types which would overflow the
destination. destination.
- ``-fsanitize=float-divide-by-zero``: Floating point division by - ``-fsanitize=float-divide-by-zero``: Floating point division by
zero. zero.
- ``-fsanitize=function``: Indirect call of a function through a - ``-fsanitize=function``: Indirect call of a function through a
function pointer of the wrong type (Linux, C++ and x86/x86_64 only). function pointer of the wrong type (Linux, C++ and x86/x86_64 only).
- ``-fsanitize=integer-divide-by-zero``: Integer division by zero. - ``-fsanitize=integer-divide-by-zero``: Integer division by zero.
- ``-fsanitize=nonnull-attribute``: Passing null pointer as a function
parameter which is declared to never be null.
- ``-fsanitize=null``: Use of a null pointer or creation of a null - ``-fsanitize=null``: Use of a null pointer or creation of a null
reference. reference.
- ``-fsanitize=object-size``: An attempt to use bytes which the - ``-fsanitize=object-size``: An attempt to use bytes which the
optimizer can determine are not part of the object being optimizer can determine are not part of the object being
accessed. The sizes of objects are determined using accessed. The sizes of objects are determined using
``__builtin_object_size``, and consequently may be able to detect ``__builtin_object_size``, and consequently may be able to detect
more problems at higher optimization levels. more problems at higher optimization levels.
- ``-fsanitize=return``: In C++, reaching the end of a - ``-fsanitize=return``: In C++, reaching the end of a
▲ Show 20 LinesShow All 954 LinesShow Last 20 Lines

tools/clang/include/clang/Basic/Sanitizers.def

Show First 20 LinesShow All 53 Lines▼ Show 20 Lines
SANITIZER("alignment", Alignment) SANITIZER("alignment", Alignment)
SANITIZER("array-bounds", ArrayBounds) SANITIZER("array-bounds", ArrayBounds)
SANITIZER("bool", Bool) SANITIZER("bool", Bool)
SANITIZER("enum", Enum) SANITIZER("enum", Enum)
SANITIZER("float-cast-overflow", FloatCastOverflow) SANITIZER("float-cast-overflow", FloatCastOverflow)
SANITIZER("float-divide-by-zero", FloatDivideByZero) SANITIZER("float-divide-by-zero", FloatDivideByZero)
SANITIZER("function", Function) SANITIZER("function", Function)
SANITIZER("integer-divide-by-zero", IntegerDivideByZero) SANITIZER("integer-divide-by-zero", IntegerDivideByZero)
SANITIZER("nonnull-attribute", NonnullAttribute)
SANITIZER("null", Null) SANITIZER("null", Null)
SANITIZER("object-size", ObjectSize) SANITIZER("object-size", ObjectSize)
SANITIZER("return", Return) SANITIZER("return", Return)
SANITIZER("returns-nonnull-attribute", ReturnsNonnullAttribute) SANITIZER("returns-nonnull-attribute", ReturnsNonnullAttribute)
SANITIZER("shift", Shift) SANITIZER("shift", Shift)
SANITIZER("signed-integer-overflow", SignedIntegerOverflow) SANITIZER("signed-integer-overflow", SignedIntegerOverflow)
SANITIZER("unreachable", Unreachable) SANITIZER("unreachable", Unreachable)
SANITIZER("vla-bound", VLABound) SANITIZER("vla-bound", VLABound)
SANITIZER("vptr", Vptr) SANITIZER("vptr", Vptr)
// IntegerSanitizer // IntegerSanitizer
SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow) SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow)
// DataFlowSanitizer // DataFlowSanitizer
SANITIZER("dataflow", DataFlow) SANITIZER("dataflow", DataFlow)
// -fsanitize=undefined includes all the sanitizers which have low overhead, no // -fsanitize=undefined includes all the sanitizers which have low overhead, no
// ABI or address space layout implications, and only catch undefined behavior. // ABI or address space layout implications, and only catch undefined behavior.
SANITIZER_GROUP("undefined", Undefined, SANITIZER_GROUP("undefined", Undefined,
Alignment | Bool | ArrayBounds | Enum | FloatCastOverflow | Alignment | Bool | ArrayBounds | Enum | FloatCastOverflow |
FloatDivideByZero | Function | IntegerDivideByZero | Null | FloatDivideByZero | Function | IntegerDivideByZero |
ObjectSize | Return | ReturnsNonnullAttribute | Shift | NonnullAttribute | Null | ObjectSize | Return |
SignedIntegerOverflow | Unreachable | VLABound | Vptr) ReturnsNonnullAttribute | Shift | SignedIntegerOverflow |
Unreachable | VLABound | Vptr)
// -fsanitize=undefined-trap includes // -fsanitize=undefined-trap includes
// all sanitizers included by -fsanitize=undefined, except those that require // all sanitizers included by -fsanitize=undefined, except those that require
// runtime support. This group is generally used in conjunction with the // runtime support. This group is generally used in conjunction with the
// -fsanitize-undefined-trap-on-error flag. // -fsanitize-undefined-trap-on-error flag.
SANITIZER_GROUP("undefined-trap", UndefinedTrap, SANITIZER_GROUP("undefined-trap", UndefinedTrap,
Alignment | Bool | ArrayBounds | Enum | FloatCastOverflow | Alignment | Bool | ArrayBounds | Enum | FloatCastOverflow |
FloatDivideByZero | IntegerDivideByZero | Null | FloatDivideByZero | IntegerDivideByZero | NonnullAttribute |
ObjectSize | Return | ReturnsNonnullAttribute | Shift | Null | ObjectSize | Return | ReturnsNonnullAttribute |
SignedIntegerOverflow | Unreachable | VLABound) Shift | SignedIntegerOverflow | Unreachable | VLABound)
SANITIZER_GROUP("integer", Integer, SANITIZER_GROUP("integer", Integer,
SignedIntegerOverflow | UnsignedIntegerOverflow | Shift | SignedIntegerOverflow | UnsignedIntegerOverflow | Shift |
IntegerDivideByZero) IntegerDivideByZero)
SANITIZER("local-bounds", LocalBounds) SANITIZER("local-bounds", LocalBounds)
SANITIZER_GROUP("bounds", Bounds, ArrayBounds | LocalBounds) SANITIZER_GROUP("bounds", Bounds, ArrayBounds | LocalBounds)
#undef SANITIZER #undef SANITIZER
#undef SANITIZER_GROUP #undef SANITIZER_GROUP

tools/clang/lib/CodeGen/CGCall.cpp

Show First 20 LinesShow All 1,411 Lines▼ Show 20 Lines assert((varType->isIntegerTy() || varType->isFloatingPointTy())
&& "unexpected promotion type"); && "unexpected promotion type");
if (isa<llvm::IntegerType>(varType)) if (isa<llvm::IntegerType>(varType))
return CGF.Builder.CreateTrunc(value, varType, "arg.unpromote"); return CGF.Builder.CreateTrunc(value, varType, "arg.unpromote");
return CGF.Builder.CreateFPCast(value, varType, "arg.unpromote"); return CGF.Builder.CreateFPCast(value, varType, "arg.unpromote");
} }
static bool shouldAddNonNullAttr(const Decl *FD, const ParmVarDecl *PVD) { /// Returns the attribute (either parameter attribute, or function
/// attribute), which declares argument ArgNo to be non-null.
static const NonNullAttr *getNonNullAttr(const Decl *FD, const ParmVarDecl *PVD,
QualType ArgType, unsigned ArgNo) {
// FIXME: __attribute__((nonnull)) can also be applied to: // FIXME: __attribute__((nonnull)) can also be applied to:
// - references to pointers, where the pointee is known to be // - references to pointers, where the pointee is known to be
// nonnull (apparently a Clang extension) // nonnull (apparently a Clang extension)
// - transparent unions containing pointers // - transparent unions containing pointers
// In the former case, LLVM IR cannot represent the constraint. In // In the former case, LLVM IR cannot represent the constraint. In
// the latter case, we have no guarantee that the transparent union // the latter case, we have no guarantee that the transparent union
// is in fact passed as a pointer. // is in fact passed as a pointer.
if (!PVD->getType()->isAnyPointerType() && if (!ArgType->isAnyPointerType() && !ArgType->isBlockPointerType())
!PVD->getType()->isBlockPointerType()) return nullptr;
return false;
// First, check attribute on parameter itself. // First, check attribute on parameter itself.
if (PVD->hasAttr<NonNullAttr>()) if (PVD) {
return true; if (auto ParmNNAttr = PVD->getAttr<NonNullAttr>())
return ParmNNAttr;
}
// Check function attributes. // Check function attributes.
if (!FD) if (!FD)
return false; return nullptr;
for (const auto *NNAttr : FD->specific_attrs<NonNullAttr>()) { for (const auto *NNAttr : FD->specific_attrs<NonNullAttr>()) {
if (NNAttr->isNonNull(PVD->getFunctionScopeIndex())) if (NNAttr->isNonNull(ArgNo))
return true; return NNAttr;
} }
return false; return nullptr;
} }
void CodeGenFunction::EmitFunctionProlog(const CGFunctionInfo &FI, void CodeGenFunction::EmitFunctionProlog(const CGFunctionInfo &FI,
llvm::Function *Fn, llvm::Function *Fn,
const FunctionArgList &Args) { const FunctionArgList &Args) {
if (CurCodeDecl && CurCodeDecl->hasAttr<NakedAttr>()) if (CurCodeDecl && CurCodeDecl->hasAttr<NakedAttr>())
// Naked functions don't have prologues. // Naked functions don't have prologues.
return; return;
▲ Show 20 LinesShow All 124 Lines▼ Show 20 Lines case ABIArgInfo::Direct: {
if (!isa<llvm::StructType>(ArgI.getCoerceToType()) && if (!isa<llvm::StructType>(ArgI.getCoerceToType()) &&
ArgI.getCoerceToType() == ConvertType(Ty) && ArgI.getCoerceToType() == ConvertType(Ty) &&
ArgI.getDirectOffset() == 0) { ArgI.getDirectOffset() == 0) {
assert(NumIRArgs == 1); assert(NumIRArgs == 1);
auto AI = FnArgs[FirstIRArg]; auto AI = FnArgs[FirstIRArg];
llvm::Value *V = AI; llvm::Value *V = AI;
if (const ParmVarDecl *PVD = dyn_cast<ParmVarDecl>(Arg)) { if (const ParmVarDecl *PVD = dyn_cast<ParmVarDecl>(Arg)) {
if (shouldAddNonNullAttr(CurCodeDecl, PVD)) if (getNonNullAttr(CurCodeDecl, PVD, PVD->getType(),
PVD->getFunctionScopeIndex()))
AI->addAttr(llvm::AttributeSet::get(getLLVMContext(), AI->addAttr(llvm::AttributeSet::get(getLLVMContext(),
AI->getArgNo() + 1, AI->getArgNo() + 1,
llvm::Attribute::NonNull)); llvm::Attribute::NonNull));
QualType OTy = PVD->getOriginalType(); QualType OTy = PVD->getOriginalType();
if (const auto *ArrTy = if (const auto *ArrTy =
getContext().getAsConstantArrayType(OTy)) { getContext().getAsConstantArrayType(OTy)) {
// A C99 array parameter declaration with the static keyword also // A C99 array parameter declaration with the static keyword also
▲ Show 20 LinesShow All 816 Lines▼ Show 20 Lines if (StackBase) {
CGF.DeactivateCleanupBlock(StackCleanup, StackBase); CGF.DeactivateCleanupBlock(StackCleanup, StackBase);
llvm::Value *F = CGF.CGM.getIntrinsic(llvm::Intrinsic::stackrestore); llvm::Value *F = CGF.CGM.getIntrinsic(llvm::Intrinsic::stackrestore);
// We could load StackBase from StackBaseMem, but in the non-exceptional // We could load StackBase from StackBaseMem, but in the non-exceptional
// case we can skip it. // case we can skip it.
CGF.Builder.CreateCall(F, StackBase); CGF.Builder.CreateCall(F, StackBase);
} }
} }
static void emitNonNullArgCheck(CodeGenFunction &CGF, RValue RV,
QualType ArgType, SourceLocation ArgLoc,
const FunctionDecl *FD, unsigned ParmNum) {
if (!CGF.SanOpts->NonnullAttribute || !FD)
return;
rsmithUnsubmitted
Not Done
ReplyInline Actions

What should happen here:

__attribute__((nonnull)) void f(const char *, ...);
int main() { void *p = 0; f("%s", p); }

(I have no idea if the attribute applies in this case.)

rsmith: What should happen here: __attribute__((nonnull)) void f(const char *, ...); int main() {…
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Neither am I :( GCC docs say that "If no argument index list is given to the nonnull attribute, all pointer arguments are marked as non-null", but it's not clear if it refers to call arguments, or formal parameters. What is worse, GCC and Clang seem to disagree on this:

$ cat tmp/ubsan/bad.cpp
__attribute__((nonnull)) void *foo2(int *a, ...);

void bar() { foo2(0, (void*)0); }
$ g++ -Wnonnull -Wall tmp/ubsan/bad.cpp -c -o /dev/null
tmp/ubsan/bad.cpp: In function ‘void bar()’:
tmp/ubsan/bad.cpp:3:30: warning: null argument where non-null required (argument 1) [-Wnonnull]
void bar() { foo2(0, (void*)0); }
                            ^
tmp/ubsan/bad.cpp:3:30: warning: null argument where non-null required (argument 2) [-Wnonnull]
$ ./bin/clang++ -Wnonnull -Wall tmp/ubsan/bad.cpp -c -o /dev/null
tmp/ubsan/bad.cpp:3:30: warning: null passed to a callee which requires a non-null argument [-Wnonnull]
void bar() { foo2(0, (void*)0); }
                  ~          ^
1 warning generated.

Sigh. Should Clang strive for GCC-compatible behavior, or you have the idea of which behavior is "more predictable" in this case?

samsonov: Neither am I :( GCC docs say that "If no argument index list is given to the nonnull attribute…
rsmithUnsubmitted
Not Done
ReplyInline Actions

I think the GCC behavior makes more sense. We should fix the frontend to also understand this, and model it properly in the AST. Our current representation doesn't work.

rsmith: I think the GCC behavior makes more sense. We should fix the frontend to also understand this…
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Vararg sanitization should now work.

samsonov: Vararg sanitization should now work.
auto PVD = ParmNum < FD->getNumParams() ? FD->getParamDecl(ParmNum) : nullptr;
unsigned ArgNo = PVD ? PVD->getFunctionScopeIndex() : ParmNum;
auto NNAttr = getNonNullAttr(FD, PVD, ArgType, ArgNo);
if (!NNAttr)
return;
rsmithUnsubmitted
Not Done
ReplyInline Actions

Can a function have multiple __attribute__((nonnull(N)))s on it?

rsmith: Can a function have multiple `__attribute__((nonnull(N)))`s on it?
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Nice catch! Both Clang and GCC accept this code and seem to calculate union of all arguments passed into nonnull().

$ cat tmp/ubsan/bad.cpp
__attribute__((nonnull(1)))
__attribute__((nonnull(2)))
void foo(int *a, int *a2);
void bar() { foo(0, 0); }
$ g++ -Wnonnull -Wall tmp/ubsan/bad.cpp -c -o /dev/null
tmp/ubsan/bad.cpp: In function ‘void bar()’:
tmp/ubsan/bad.cpp:9:11: warning: null argument where non-null required (argument 1) [-Wnonnull]
   foo(0, 0);
           ^
tmp/ubsan/bad.cpp:9:11: warning: null argument where non-null required (argument 2) [-Wnonnull]
$ ./bin/clang++ -Wnonnull -Wall tmp/ubsan/bad.cpp -c -o /dev/null
tmp/ubsan/bad.cpp:9:11: warning: null passed to a callee which requires a non-null argument [-Wnonnull]
  foo(0, 0);
         ~^
tmp/ubsan/bad.cpp:9:11: warning: null passed to a callee which requires a non-null argument [-Wnonnull]
  foo(0, 0);
      ~   ^
2 warnings generated.

The code as written won't handle this case properly (the last nonnull() attribute in function declaration will win). Sadly, there is the same problem already present in EmitFunctionProlog() function. I will work on a fix in a separate change.

samsonov: Nice catch! Both Clang and GCC accept this code and seem to calculate union of all arguments…
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Fixed

samsonov: Fixed
CodeGenFunction::SanitizerScope SanScope(&CGF);
assert(RV.isScalar());
rsmithUnsubmitted
Not Done
ReplyInline Actions

What guarantees this? I don't see where you're checking that the parameter is of a pointer type.

rsmith: What guarantees this? I don't see where you're checking that the parameter is of a pointer type.
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

This seems to be handled by Sema:

tmp/ubsan/bad.cpp:1:33: warning: 'nonnull' attribute only applies to pointer arguments [-Wignored-attributes]
void foo(int *a, __attribute__((nonnull)) int b);
                 ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
samsonov: This seems to be handled by Sema: tmp/ubsan/bad.cpp:1:33: warning: 'nonnull' attribute only…
rsmithUnsubmitted
Not Done
ReplyInline Actions

I was thinking about this case:

void f(non_scalar_type x) __attribute__((nonnull));
void g() { f(x); }

... but it looks like the attribute handling flattens the attribute into a list of parameters when it's applied. That's broken in several ways, alas. For instance, we fail to diagnose this properly:

template<typename T> __attribute__((nonnull)) void f(T t);
void g() { f((void*)0); }

... because we can't preserve that we had a parameter-less nonnull attribute until we get to template instantiation.

rsmith: I was thinking about this case: void f(non_scalar_type x) __attribute__((nonnull)); void g…
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Fixed

samsonov: Fixed
llvm::Value *V = RV.getScalarVal();
llvm::Value *Cond =
CGF.Builder.CreateICmpNE(V, llvm::Constant::getNullValue(V->getType()));
llvm::Constant *StaticData[] = {
CGF.EmitCheckSourceLocation(ArgLoc),
CGF.EmitCheckSourceLocation(NNAttr->getLocation()),
rsmithUnsubmitted
Not Done
ReplyInline Actions

Is there a reason to pass ArgNo as dynamic data rather than static?

rsmith: Is there a reason to pass `ArgNo` as dynamic data rather than static?
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Right, we can move it to static data now, as we now discriminate checks for different call arguments by source location anyway. Done.

samsonov: Right, we can move it to static data now, as we now discriminate checks for different call…
llvm::ConstantInt::get(CGF.Int32Ty, ArgNo + 1),
};
CGF.EmitCheck(Cond, "nonnull_arg", StaticData, None,
CodeGenFunction::CRK_Recoverable);
}
void CodeGenFunction::EmitCallArgs(CallArgList &Args, void CodeGenFunction::EmitCallArgs(CallArgList &Args,
ArrayRef<QualType> ArgTypes, ArrayRef<QualType> ArgTypes,
CallExpr::const_arg_iterator ArgBeg, CallExpr::const_arg_iterator ArgBeg,
CallExpr::const_arg_iterator ArgEnd, CallExpr::const_arg_iterator ArgEnd,
const FunctionDecl *CalleeDecl,
unsigned ParamsToSkip,
bool ForceColumnInfo) { bool ForceColumnInfo) {
CGDebugInfo *DI = getDebugInfo(); CGDebugInfo *DI = getDebugInfo();
SourceLocation CallLoc; SourceLocation CallLoc;
if (DI) CallLoc = DI->getLocation(); if (DI) CallLoc = DI->getLocation();
// We *have* to evaluate arguments from right to left in the MS C++ ABI, // We *have* to evaluate arguments from right to left in the MS C++ ABI,
// because arguments are destroyed left to right in the callee. // because arguments are destroyed left to right in the callee.
if (CGM.getTarget().getCXXABI().areArgsDestroyedLeftToRightInCallee()) { if (CGM.getTarget().getCXXABI().areArgsDestroyedLeftToRightInCallee()) {
// Insert a stack save if we're going to need any inalloca args. // Insert a stack save if we're going to need any inalloca args.
bool HasInAllocaArgs = false; bool HasInAllocaArgs = false;
for (ArrayRef<QualType>::iterator I = ArgTypes.begin(), E = ArgTypes.end(); for (ArrayRef<QualType>::iterator I = ArgTypes.begin(), E = ArgTypes.end();
I != E && !HasInAllocaArgs; ++I) I != E && !HasInAllocaArgs; ++I)
HasInAllocaArgs = isInAllocaArgument(CGM.getCXXABI(), *I); HasInAllocaArgs = isInAllocaArgument(CGM.getCXXABI(), *I);
if (HasInAllocaArgs) { if (HasInAllocaArgs) {
assert(getTarget().getTriple().getArch() == llvm::Triple::x86); assert(getTarget().getTriple().getArch() == llvm::Triple::x86);
Args.allocateArgumentMemory(*this); Args.allocateArgumentMemory(*this);
} }
// Evaluate each argument. // Evaluate each argument.
size_t CallArgsStart = Args.size(); size_t CallArgsStart = Args.size();
for (int I = ArgTypes.size() - 1; I >= 0; --I) { for (int I = ArgTypes.size() - 1; I >= 0; --I) {
CallExpr::const_arg_iterator Arg = ArgBeg + I; CallExpr::const_arg_iterator Arg = ArgBeg + I;
EmitCallArg(Args, *Arg, ArgTypes[I]); EmitCallArg(Args, *Arg, ArgTypes[I]);
emitNonNullArgCheck(*this, Args.back().RV, ArgTypes[I], Arg->getExprLoc(),
CalleeDecl, ParamsToSkip + I);
// Restore the debug location. // Restore the debug location.
if (DI) DI->EmitLocation(Builder, CallLoc, ForceColumnInfo); if (DI) DI->EmitLocation(Builder, CallLoc, ForceColumnInfo);
} }
// Un-reverse the arguments we just evaluated so they match up with the LLVM // Un-reverse the arguments we just evaluated so they match up with the LLVM
// IR function. // IR function.
std::reverse(Args.begin() + CallArgsStart, Args.end()); std::reverse(Args.begin() + CallArgsStart, Args.end());
return; return;
} }
for (unsigned I = 0, E = ArgTypes.size(); I != E; ++I) { for (unsigned I = 0, E = ArgTypes.size(); I != E; ++I) {
CallExpr::const_arg_iterator Arg = ArgBeg + I; CallExpr::const_arg_iterator Arg = ArgBeg + I;
assert(Arg != ArgEnd); assert(Arg != ArgEnd);
EmitCallArg(Args, *Arg, ArgTypes[I]); EmitCallArg(Args, *Arg, ArgTypes[I]);
emitNonNullArgCheck(*this, Args.back().RV, ArgTypes[I], Arg->getExprLoc(),
CalleeDecl, ParamsToSkip + I);
// Restore the debug location. // Restore the debug location.
if (DI) DI->EmitLocation(Builder, CallLoc, ForceColumnInfo); if (DI) DI->EmitLocation(Builder, CallLoc, ForceColumnInfo);
} }
} }
namespace { namespace {
struct DestroyUnpassedArg : EHScopeStack::Cleanup { struct DestroyUnpassedArg : EHScopeStack::Cleanup {
▲ Show 20 LinesShow All 741 LinesShow Last 20 Lines

tools/clang/lib/CodeGen/CGClass.cpp

Show First 20 LinesShow All 1,668 Lines▼ Show 20 Linesvoid CodeGenFunction::EmitCXXConstructorCall(const CXXConstructorDecl *D,
CallArgList Args; CallArgList Args;
// Push the this ptr. // Push the this ptr.
Args.add(RValue::get(This), D->getThisType(getContext())); Args.add(RValue::get(This), D->getThisType(getContext()));
// Add the rest of the user-supplied arguments. // Add the rest of the user-supplied arguments.
const FunctionProtoType *FPT = D->getType()->castAs<FunctionProtoType>(); const FunctionProtoType *FPT = D->getType()->castAs<FunctionProtoType>();
EmitCallArgs(Args, FPT, E->arg_begin(), E->arg_end()); EmitCallArgs(Args, FPT, E->arg_begin(), E->arg_end(), E->getConstructor());
// Insert any ABI-specific implicit constructor arguments. // Insert any ABI-specific implicit constructor arguments.
unsigned ExtraArgs = CGM.getCXXABI().addImplicitConstructorArgs( unsigned ExtraArgs = CGM.getCXXABI().addImplicitConstructorArgs(
*this, D, Type, ForVirtualBase, Delegating, Args); *this, D, Type, ForVirtualBase, Delegating, Args);
// Emit the call. // Emit the call.
llvm::Value *Callee = CGM.GetAddrOfCXXConstructor(D, Type); llvm::Value *Callee = CGM.GetAddrOfCXXConstructor(D, Type);
const CGFunctionInfo &Info = const CGFunctionInfo &Info =
Show All 25 LinesCodeGenFunction::EmitSynthesizedCXXCopyCtorCall(const CXXConstructorDecl *D,
// Push the src ptr. // Push the src ptr.
QualType QT = *(FPT->param_type_begin()); QualType QT = *(FPT->param_type_begin());
llvm::Type *t = CGM.getTypes().ConvertType(QT); llvm::Type *t = CGM.getTypes().ConvertType(QT);
Src = Builder.CreateBitCast(Src, t); Src = Builder.CreateBitCast(Src, t);
Args.add(RValue::get(Src), QT); Args.add(RValue::get(Src), QT);
// Skip over first argument (Src). // Skip over first argument (Src).
EmitCallArgs(Args, FPT, E->arg_begin() + 1, E->arg_end(), /*ParamsToSkip*/ 1); EmitCallArgs(Args, FPT, E->arg_begin() + 1, E->arg_end(), E->getConstructor(),
/*ParamsToSkip*/ 1);
EmitCall(CGM.getTypes().arrangeCXXMethodCall(Args, FPT, RequiredArgs::All), EmitCall(CGM.getTypes().arrangeCXXMethodCall(Args, FPT, RequiredArgs::All),
Callee, ReturnValueSlot(), Args, D); Callee, ReturnValueSlot(), Args, D);
} }
void void
CodeGenFunction::EmitDelegateCXXConstructorCall(const CXXConstructorDecl *Ctor, CodeGenFunction::EmitDelegateCXXConstructorCall(const CXXConstructorDecl *Ctor,
CXXCtorType CtorType, CXXCtorType CtorType,
▲ Show 20 LinesShow All 463 LinesShow Last 20 Lines

tools/clang/lib/CodeGen/CGExpr.cpp

Show First 20 LinesShow All 3,342 Lines▼ Show 20 Lines if (llvm::Constant *PrefixSig =
Builder.CreateBr(Cont); Builder.CreateBr(Cont);
EmitBlock(Cont); EmitBlock(Cont);
} }
} }
CallArgList Args; CallArgList Args;
EmitCallArgs(Args, dyn_cast<FunctionProtoType>(FnType), E->arg_begin(), EmitCallArgs(Args, dyn_cast<FunctionProtoType>(FnType), E->arg_begin(),
E->arg_end(), /*ParamsToSkip*/ 0, ForceColumnInfo); E->arg_end(), E->getDirectCallee(), /*ParamsToSkip*/ 0,
ForceColumnInfo);
const CGFunctionInfo &FnInfo = const CGFunctionInfo &FnInfo =
CGM.getTypes().arrangeFreeFunctionCall(Args, FnType); CGM.getTypes().arrangeFreeFunctionCall(Args, FnType);
// C99 6.5.2.2p6: // C99 6.5.2.2p6:
// If the expression that denotes the called function has a type // If the expression that denotes the called function has a type
// that does not include a prototype, [the default argument // that does not include a prototype, [the default argument
// promotions are performed]. If the number of arguments does not // promotions are performed]. If the number of arguments does not
▲ Show 20 LinesShow All 150 LinesShow Last 20 Lines

tools/clang/lib/CodeGen/CGExprCXX.cpp

Show First 20 LinesShow All 49 Lines▼ Show 20 LinesRValue CodeGenFunction::EmitCXXMemberOrOperatorCall(
// If there is an implicit parameter (e.g. VTT), emit it. // If there is an implicit parameter (e.g. VTT), emit it.
if (ImplicitParam) { if (ImplicitParam) {
Args.add(RValue::get(ImplicitParam), ImplicitParamTy); Args.add(RValue::get(ImplicitParam), ImplicitParamTy);
} }
const FunctionProtoType *FPT = MD->getType()->castAs<FunctionProtoType>(); const FunctionProtoType *FPT = MD->getType()->castAs<FunctionProtoType>();
RequiredArgs required = RequiredArgs::forPrototypePlus(FPT, Args.size()); RequiredArgs required = RequiredArgs::forPrototypePlus(FPT, Args.size());
// And the rest of the call args. // And the rest of the call args.
CallExpr::const_arg_iterator ArgBeg, ArgEnd; if (CE) {
if (CE == nullptr) {
ArgBeg = ArgEnd = nullptr;
} else if (auto OCE = dyn_cast<CXXOperatorCallExpr>(CE)) {
// Special case: skip first argument of CXXOperatorCall (it is "this"). // Special case: skip first argument of CXXOperatorCall (it is "this").
ArgBeg = OCE->arg_begin() + 1; unsigned ArgsToSkip = isa<CXXOperatorCallExpr>(CE) ? 1 : 0;
ArgEnd = OCE->arg_end(); EmitCallArgs(Args, FPT, CE->arg_begin() + ArgsToSkip, CE->arg_end(),
CE->getDirectCallee());
} else { } else {
ArgBeg = CE->arg_begin(); assert(
ArgEnd = CE->arg_end(); FPT->getNumParams() == 0 &&
"No CallExpr specified for function with non-zero number of arguments");
} }
EmitCallArgs(Args, FPT, ArgBeg, ArgEnd);
return EmitCall(CGM.getTypes().arrangeCXXMethodCall(Args, FPT, required), return EmitCall(CGM.getTypes().arrangeCXXMethodCall(Args, FPT, required),
Callee, ReturnValue, Args, MD); Callee, ReturnValue, Args, MD);
} }
static CXXRecordDecl *getCXXRecord(const Expr *E) { static CXXRecordDecl *getCXXRecord(const Expr *E) {
QualType T = E->getType(); QualType T = E->getType();
if (const PointerType *PTy = T->getAs<PointerType>()) if (const PointerType *PTy = T->getAs<PointerType>())
▲ Show 20 LinesShow All 199 Lines▼ Show 20 Lines QualType ThisType =
getContext().getPointerType(getContext().getTagDeclType(RD)); getContext().getPointerType(getContext().getTagDeclType(RD));
// Push the this ptr. // Push the this ptr.
Args.add(RValue::get(This), ThisType); Args.add(RValue::get(This), ThisType);
RequiredArgs required = RequiredArgs::forPrototypePlus(FPT, 1); RequiredArgs required = RequiredArgs::forPrototypePlus(FPT, 1);
// And the rest of the call args // And the rest of the call args
EmitCallArgs(Args, FPT, E->arg_begin(), E->arg_end()); EmitCallArgs(Args, FPT, E->arg_begin(), E->arg_end(), E->getDirectCallee());
return EmitCall(CGM.getTypes().arrangeCXXMethodCall(Args, FPT, required), return EmitCall(CGM.getTypes().arrangeCXXMethodCall(Args, FPT, required),
Callee, ReturnValue, Args); Callee, ReturnValue, Args);
} }
RValue RValue
CodeGenFunction::EmitCXXOperatorMemberCallExpr(const CXXOperatorCallExpr *E, CodeGenFunction::EmitCXXOperatorMemberCallExpr(const CXXOperatorCallExpr *E,
const CXXMethodDecl *MD, const CXXMethodDecl *MD,
ReturnValueSlot ReturnValue) { ReturnValueSlot ReturnValue) {
▲ Show 20 LinesShow All 937 Lines▼ Show 20 Lines llvm::Value *allocSize =
EmitCXXNewAllocSize(*this, E, minElements, numElements, EmitCXXNewAllocSize(*this, E, minElements, numElements,
allocSizeWithoutCookie); allocSizeWithoutCookie);
allocatorArgs.add(RValue::get(allocSize), sizeType); allocatorArgs.add(RValue::get(allocSize), sizeType);
// We start at 1 here because the first argument (the allocation size) // We start at 1 here because the first argument (the allocation size)
// has already been emitted. // has already been emitted.
EmitCallArgs(allocatorArgs, allocatorType, E->placement_arg_begin(), EmitCallArgs(allocatorArgs, allocatorType, E->placement_arg_begin(),
E->placement_arg_end(), /*ParamsToSkip*/ 1); E->placement_arg_end(), /* CalleeDecl */ nullptr,
/*ParamsToSkip*/ 1);
// Emit the allocation call. If the allocator is a global placement // Emit the allocation call. If the allocator is a global placement
// operator, just "inline" it directly. // operator, just "inline" it directly.
RValue RV; RValue RV;
if (allocator->isReservedGlobalPlacementOperator()) { if (allocator->isReservedGlobalPlacementOperator()) {
assert(allocatorArgs.size() == 2); assert(allocatorArgs.size() == 2);
RV = allocatorArgs[1].RV; RV = allocatorArgs[1].RV;
// TODO: kill any unnecessary computations done for the size // TODO: kill any unnecessary computations done for the size
▲ Show 20 LinesShow All 578 LinesShow Last 20 Lines

tools/clang/lib/CodeGen/CodeGenFunction.h

Show First 20 LinesShow All 2,619 Lines▼ Show 20 Lines llvm::Value* EmitAsmInputLValue(const TargetInfo::ConstraintInfo &Info,
SourceLocation Loc); SourceLocation Loc);
public: public:
/// EmitCallArgs - Emit call arguments for a function. /// EmitCallArgs - Emit call arguments for a function.
template <typename T> template <typename T>
void EmitCallArgs(CallArgList &Args, const T *CallArgTypeInfo, void EmitCallArgs(CallArgList &Args, const T *CallArgTypeInfo,
CallExpr::const_arg_iterator ArgBeg, CallExpr::const_arg_iterator ArgBeg,
CallExpr::const_arg_iterator ArgEnd, CallExpr::const_arg_iterator ArgEnd,
const FunctionDecl *CalleeDecl = nullptr,
unsigned ParamsToSkip = 0, bool ForceColumnInfo = false) { unsigned ParamsToSkip = 0, bool ForceColumnInfo = false) {
SmallVector<QualType, 16> ArgTypes; SmallVector<QualType, 16> ArgTypes;
CallExpr::const_arg_iterator Arg = ArgBeg; CallExpr::const_arg_iterator Arg = ArgBeg;
assert((ParamsToSkip == 0 || CallArgTypeInfo) && assert((ParamsToSkip == 0 || CallArgTypeInfo) &&
"Can't skip parameters if type info is not provided"); "Can't skip parameters if type info is not provided");
if (CallArgTypeInfo) { if (CallArgTypeInfo) {
// First, use the argument types that the type info knows about // First, use the argument types that the type info knows about
Show All 32 Lines#endif
assert( assert(
(Arg == ArgEnd || !CallArgTypeInfo || CallArgTypeInfo->isVariadic()) && (Arg == ArgEnd || !CallArgTypeInfo || CallArgTypeInfo->isVariadic()) &&
"Extra arguments in non-variadic function!"); "Extra arguments in non-variadic function!");
// If we still have any arguments, emit them using the type of the argument. // If we still have any arguments, emit them using the type of the argument.
for (; Arg != ArgEnd; ++Arg) for (; Arg != ArgEnd; ++Arg)
ArgTypes.push_back(Arg->getType()); ArgTypes.push_back(Arg->getType());
EmitCallArgs(Args, ArgTypes, ArgBeg, ArgEnd, ForceColumnInfo); EmitCallArgs(Args, ArgTypes, ArgBeg, ArgEnd, CalleeDecl, ParamsToSkip,
ForceColumnInfo);
} }
void EmitCallArgs(CallArgList &Args, ArrayRef<QualType> ArgTypes, void EmitCallArgs(CallArgList &Args, ArrayRef<QualType> ArgTypes,
CallExpr::const_arg_iterator ArgBeg, CallExpr::const_arg_iterator ArgBeg,
CallExpr::const_arg_iterator ArgEnd, CallExpr::const_arg_iterator ArgEnd,
bool ForceColumnInfo = false); const FunctionDecl *CalleeDecl = nullptr,
unsigned ParamsToSkip = 0, bool ForceColumnInfo = false);
private: private:
const TargetCodeGenInfo &getTargetHooks() const { const TargetCodeGenInfo &getTargetHooks() const {
return CGM.getTargetCodeGenInfo(); return CGM.getTargetCodeGenInfo();
} }
void EmitDeclMetadata(); void EmitDeclMetadata();
▲ Show 20 LinesShow All 87 LinesShow Last 20 Lines

tools/clang/test/CodeGen/catch-undef-behavior.c

// RUN: %clang_cc1 -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s // RUN: %clang_cc1 -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s
// RUN: %clang_cc1 -fsanitize-undefined-trap-on-error -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-TRAP // RUN: %clang_cc1 -fsanitize-undefined-trap-on-error -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-TRAP
// RUN: %clang_cc1 -fsanitize=null -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-NULL // RUN: %clang_cc1 -fsanitize=null -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-NULL
// RUN: %clang_cc1 -fsanitize=signed-integer-overflow -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-OVERFLOW // RUN: %clang_cc1 -fsanitize=signed-integer-overflow -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-OVERFLOW
// CHECK: @[[INT:.*]] = private unnamed_addr constant { i16, i16, [6 x i8] } { i16 0, i16 11, [6 x i8] c"'int'\00" } // CHECK: @[[INT:.*]] = private unnamed_addr constant { i16, i16, [6 x i8] } { i16 0, i16 11, [6 x i8] c"'int'\00" }
// FIXME: When we only emit each type once, use [[INT]] more below. // FIXME: When we only emit each type once, use [[INT]] more below.
// CHECK: @[[LINE_100:.*]] = private unnamed_addr global {{.*}}, i32 100, i32 5 {{.*}} @[[INT]], i64 4, i8 1 // CHECK: @[[LINE_100:.*]] = private unnamed_addr global {{.*}}, i32 100, i32 5 {{.*}} @[[INT]], i64 4, i8 1
// CHECK: @[[LINE_200:.*]] = {{.*}}, i32 200, i32 10 {{.*}}, i64 4, i8 0 // CHECK: @[[LINE_200:.*]] = {{.*}}, i32 200, i32 10 {{.*}}, i64 4, i8 0
▲ Show 20 LinesShow All 430 Lines▼ Show 20 Linesint *ret_nonnull(int *a) {
// CHECK-TRAP: [[OK:%.*]] = icmp ne i32* {{.*}}, null // CHECK-TRAP: [[OK:%.*]] = icmp ne i32* {{.*}}, null
// CHECK-TRAP: br i1 [[OK]] // CHECK-TRAP: br i1 [[OK]]
// CHECK-TRAP: call void @llvm.trap() [[NR_NUW]] // CHECK-TRAP: call void @llvm.trap() [[NR_NUW]]
// CHECK-TRAP: unreachable // CHECK-TRAP: unreachable
return a; return a;
} }
// CHECK-LABEL: @call_decl_nonnull
__attribute__((nonnull)) void decl_nonnull(int *a);
void call_decl_nonnull(int *a) {
// CHECK: [[OK:%.*]] = icmp ne i32* {{.*}}, null
// CHECK: br i1 [[OK]]
// CHECK: call void @__ubsan_handle_nonnull_arg
// CHECK-TRAP: [[OK:%.*]] = icmp ne i32* {{.*}}, null
// CHECK-TRAP: br i1 [[OK]]
// CHECK-TRAP: call void @llvm.trap() [[NR_NUW]]
// CHECK-TRAP: unreachable
decl_nonnull(a);
}
// CHECK-LABEL: @call_nonnull_variadic
__attribute__((nonnull)) void nonnull_variadic(int a, ...);
void call_nonnull_variadic(int a, int *b) {
// CHECK: [[OK:%.*]] = icmp ne i32* {{.*}}, null
// CHECK: br i1 [[OK]]
// CHECK: call void @__ubsan_handle_nonnull_arg
// CHECK-NOT: __ubsan_handle_nonnull_arg
// CHECK: call void (i32, ...)* @nonnull_variadic
nonnull_variadic(a, b);
}
// CHECK: ![[WEIGHT_MD]] = metadata !{metadata !"branch_weights", i32 1048575, i32 1} // CHECK: ![[WEIGHT_MD]] = metadata !{metadata !"branch_weights", i32 1048575, i32 1}
// CHECK-TRAP: attributes [[NR_NUW]] = { noreturn nounwind } // CHECK-TRAP: attributes [[NR_NUW]] = { noreturn nounwind }

tools/clang/test/Driver/fsanitize.c

// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
// RUN: %clang -target x86_64-linux-gnu -fsanitize-undefined-trap-on-error -fsanitize=undefined-trap %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP // RUN: %clang -target x86_64-linux-gnu -fsanitize-undefined-trap-on-error -fsanitize=undefined-trap %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
// CHECK-UNDEFINED-TRAP: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|object-size|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute),?){15}"}} // CHECK-UNDEFINED-TRAP: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|object-size|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){16}"}}
// CHECK-UNDEFINED-TRAP: "-fsanitize-undefined-trap-on-error" // CHECK-UNDEFINED-TRAP: "-fsanitize-undefined-trap-on-error"
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED
// CHECK-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute),?){17}"}} // CHECK-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){18}"}}
// RUN: %clang -target x86_64-apple-darwin10 -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-DARWIN // RUN: %clang -target x86_64-apple-darwin10 -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-DARWIN
// CHECK-UNDEFINED-DARWIN: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute),?){16}"}} // CHECK-UNDEFINED-DARWIN: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){17}"}}
// RUN: %clang -target x86_64-linux-gnu -fsanitize=integer %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INTEGER // RUN: %clang -target x86_64-linux-gnu -fsanitize=integer %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INTEGER
// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift),?){4}"}} // CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift),?){4}"}}
// RUN: %clang -fsanitize=bounds -### -fsyntax-only %s 2>&1 | FileCheck %s --check-prefix=CHECK-BOUNDS // RUN: %clang -fsanitize=bounds -### -fsyntax-only %s 2>&1 | FileCheck %s --check-prefix=CHECK-BOUNDS
// CHECK-BOUNDS: "-fsanitize={{((array-bounds|local-bounds),?){2}"}} // CHECK-BOUNDS: "-fsanitize={{((array-bounds|local-bounds),?){2}"}}
// RUN: %clang -target x86_64-linux-gnu -fsanitize=thread,undefined -fno-sanitize=thread -fno-sanitize=float-cast-overflow,vptr,bool,enum %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-PARTIAL-UNDEFINED // RUN: %clang -target x86_64-linux-gnu -fsanitize=thread,undefined -fno-sanitize=thread -fno-sanitize=float-cast-overflow,vptr,bool,enum %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-PARTIAL-UNDEFINED
// CHECK-PARTIAL-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift|unreachable|return|vla-bound|alignment|null|object-size|array-bounds|returns-nonnull-attribute),?){13}"}} // CHECK-PARTIAL-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift|unreachable|return|vla-bound|alignment|null|object-size|array-bounds|returns-nonnull-attribute|nonnull-attribute),?){14}"}}
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP-ON-ERROR-UNDEF // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP-ON-ERROR-UNDEF
// CHECK-UNDEFINED-TRAP-ON-ERROR-UNDEF: '-fsanitize=undefined' not allowed with '-fsanitize-undefined-trap-on-error' // CHECK-UNDEFINED-TRAP-ON-ERROR-UNDEF: '-fsanitize=undefined' not allowed with '-fsanitize-undefined-trap-on-error'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP-ON-ERROR-VPTR // RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP-ON-ERROR-VPTR
// CHECK-UNDEFINED-TRAP-ON-ERROR-VPTR: '-fsanitize=vptr' not allowed with '-fsanitize-undefined-trap-on-error' // CHECK-UNDEFINED-TRAP-ON-ERROR-VPTR: '-fsanitize=vptr' not allowed with '-fsanitize-undefined-trap-on-error'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-NO-RTTI // RUN: %clang -target x86_64-linux-gnu -fsanitize=vptr -fno-rtti %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-VPTR-NO-RTTI
▲ Show 20 LinesShow All 117 LinesShow Last 20 Lines