This is an archive of the discontinued LLVM Phabricator instance.

Differential D6302

Reimplement -fsanitize-recover family of flags.
ClosedPublic

Authored by samsonov on Nov 17 2014, 6:13 PM.

Details

Reviewers
kcc
rsmith
Summary

Introduce the following -fsanitize-recover flags:

  • -fsanitize-recover: Enable recovery for all checks enabled by -fsanitize= which support it.
  • -fno-sanitize-recover: Disable recovery for all checks.
  • -fsanitize-recover=<list>: Enable recovery for all selected checks or group of checks. It is forbidden to list unrecoverable sanitizers here (that is, "address", "unreachable", "return").
  • -fno-sanitize-recover=<list>: Disable recovery for selected checks or group of checks.

These flags are parsed left to right, and mask of "recoverable" sanitizer is updated accordingly,
much like what we do for -fsanitize= flags.
-fsanitize= and -fsanitize-recover= flag families are independent.

CodeGen change: If there is a single UBSan handler function, responsible for implementing multiple
checks, which have different recoverable setting, then we emit two handler calls instead of one:
the first one for the set of "unrecoverable" checks, another one - for set of "recoverable"
checks. If all checks implemented by a handler have the same recoverability setting, then the
generated code will be the same.

Diff Detail

Event Timeline

samsonov updated this revision to Diff 16313.Nov 17 2014, 6:13 PM
samsonov retitled this revision from to Reimplement -fsanitize-recover family of flags..
samsonov updated this object.
samsonov edited the test plan for this revision. (Show Details)
samsonov added a reviewer: rsmith.
samsonov added a subscriber: Unknown Object (MLST).
samsonov added a reviewer: kcc.Nov 17 2014, 6:42 PM
samsonov updated this revision to Diff 17613.Dec 23 2014, 4:42 PM

Rebase the changes against trunk. Add tests for -fsanitize-recover=all
and -fno-sanitize-recover=all shorthands. Turned -f(no-)?sanitize-recover
into synonyms of -f(no-)?sanitize-recover=undefined,integer to keep
the current flag semantics and behave the same as GCC.

Please review.

samsonov added a comment.Jan 9 2015, 2:21 PM

Richard, could you please take a look at this? -fsanitize-recover= variant is already in GCC trunk, and I hoped we could have these flags in soon-to-be-branched Clang 3.6...

rsmith accepted this revision.Jan 9 2015, 5:50 PM
rsmith edited edge metadata.

A few comments, go ahead once these are handled.

include/clang/Driver/Options.td
537–541

Maybe remove the HelpText and leave this undocumented now that it's deprecated.

lib/CodeGen/CGExpr.cpp
2308

Typo RecoverableCond?

I don't think it's obvious what we should do if the user turns on both -fsanitize-recover=something and also -fsanitize-undefined-trap-on-error. Since the latter is usually used in cases where the sanitizer runtime is not available (when building an OS kernel or the like), I think it should overrule -fsanitize-recover (as it does), and the answer to your FIXME is "no, we shouldn't".

2363

Passing NonFatalHandlerBB here seems strange: there should be no control flow path out of the fatal error handler; we should call the _abort runtime function, which doesn't return.

lib/Frontend/CompilerInvocation.cpp
335

You should probably check for unrecoverable sanitizers for the -fsanitize-recover= case here, too, in case someone passes a bad argument to -cc1 directly.

This revision is now accepted and ready to land.Jan 9 2015, 5:50 PM
samsonov added a comment.Jan 12 2015, 2:37 PM

Thank you! Addressed most of the comments and added docs about the new flag. Submitting.

include/clang/Driver/Options.td
537–541

Done

lib/CodeGen/CGExpr.cpp
2308

Right. Replaced the FIXME with comment describing that -fsanitize-undefined-trap-on-error overrides -fsanitize-recover= options.

2363

No, there is CheckRecoverableKind::AlwaysRecoverable (vptr sanitizer), so we may return even from __ubsan_handle_dynamic_type_cache_miss_abort.

lib/Frontend/CompilerInvocation.cpp
335

Right. It's hard to fix it immediately, as we only support SANITIER_GROUP handling in driver. I've added a FIXME and will address this later.

samsonov closed this revision.Jan 12 2015, 2:52 PM

Revision Contents

PathSize
include/
clang/
Driver/
23 lines
2 lines
Frontend/
5 lines
3 lines
lib/
CodeGen/
122 lines
Driver/
52 lines
Frontend/
35 lines
test/
CodeGen/
6 lines
2 lines
28 lines
4 lines
CodeGenCXX/
6 lines
Driver/
17 lines

Diff 17613

include/clang/Driver/Options.td

Show First 20 LinesShow All 528 Lines▼ Show 20 Linesdef fsanitize_memory_track_origins : Flag<["-"], "fsanitize-memory-track-origins">,
Group<f_clang_Group>, Flags<[CC1Option]>, Group<f_clang_Group>, Flags<[CC1Option]>,
HelpText<"Enable origins tracking in MemorySanitizer">; HelpText<"Enable origins tracking in MemorySanitizer">;
def fno_sanitize_memory_track_origins : Flag<["-"], "fno-sanitize-memory-track-origins">, def fno_sanitize_memory_track_origins : Flag<["-"], "fno-sanitize-memory-track-origins">,
Group<f_clang_Group>, Flags<[CC1Option]>, Group<f_clang_Group>, Flags<[CC1Option]>,
HelpText<"Disable origins tracking in MemorySanitizer">; HelpText<"Disable origins tracking in MemorySanitizer">;
def fsanitize_address_field_padding : Joined<["-"], "fsanitize-address-field-padding=">, def fsanitize_address_field_padding : Joined<["-"], "fsanitize-address-field-padding=">,
Group<f_clang_Group>, Flags<[CC1Option]>, Group<f_clang_Group>, Flags<[CC1Option]>,
HelpText<"Level of field padding for AddressSanitizer">; HelpText<"Level of field padding for AddressSanitizer">;
def fsanitize_recover : Flag<["-"], "fsanitize-recover">, def fsanitize_recover
Group<f_clang_Group>; : Flag<["-"], "fsanitize-recover">,
def fno_sanitize_recover : Flag<["-"], "fno-sanitize-recover">, Group<f_clang_Group>,
Group<f_clang_Group>, Flags<[CC1Option]>, HelpText<"Enable recovery for UBSan and integer checks. Deprecated. "
HelpText<"Disable sanitizer check recovery">; "Use -fsanitize-recover=undefined,integer instead.">;
rsmithUnsubmitted
Not Done
ReplyInline Actions

Maybe remove the HelpText and leave this undocumented now that it's deprecated.

rsmith: Maybe remove the HelpText and leave this undocumented now that it's deprecated.
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Done

samsonov: Done
def fno_sanitize_recover
: Flag<["-"], "fno-sanitize-recover">,
Group<f_clang_Group>,
HelpText<"Disable recovery for UBSan and integer checks. Deprecated. "
"Use -fno-sanitize-recover=undefined, integer instead.">;
def fsanitize_recover_EQ : CommaJoined<["-"], "fsanitize-recover=">,
Group<f_clang_Group>,
Flags<[CC1Option]>,
HelpText<"Enable recovery for specified sanitizers">;
def fno_sanitize_recover_EQ
: CommaJoined<["-"], "fno-sanitize-recover=">,
Group<f_clang_Group>,
HelpText<"Disable recovery for specified sanitizers">;
def fsanitize_undefined_trap_on_error : Flag<["-"], "fsanitize-undefined-trap-on-error">, def fsanitize_undefined_trap_on_error : Flag<["-"], "fsanitize-undefined-trap-on-error">,
Group<f_clang_Group>, Flags<[CC1Option]>; Group<f_clang_Group>, Flags<[CC1Option]>;
def fno_sanitize_undefined_trap_on_error : Flag<["-"], "fno-sanitize-undefined-trap-on-error">, def fno_sanitize_undefined_trap_on_error : Flag<["-"], "fno-sanitize-undefined-trap-on-error">,
Group<f_clang_Group>; Group<f_clang_Group>;
def fsanitize_link_cxx_runtime : Flag<["-"], "fsanitize-link-c++-runtime">, def fsanitize_link_cxx_runtime : Flag<["-"], "fsanitize-link-c++-runtime">,
Group<f_clang_Group>; Group<f_clang_Group>;
def funsafe_math_optimizations : Flag<["-"], "funsafe-math-optimizations">, def funsafe_math_optimizations : Flag<["-"], "funsafe-math-optimizations">,
Group<f_Group>; Group<f_Group>;
▲ Show 20 LinesShow All 1,295 LinesShow Last 20 Lines

include/clang/Driver/SanitizerArgs.h

Show All 16 Lines
namespace clang { namespace clang {
namespace driver { namespace driver {
class Driver; class Driver;
class ToolChain; class ToolChain;
class SanitizerArgs { class SanitizerArgs {
SanitizerSet Sanitizers; SanitizerSet Sanitizers;
bool SanitizeRecover; SanitizerSet RecoverableSanitizers;
std::string BlacklistFile; std::string BlacklistFile;
int SanitizeCoverage; int SanitizeCoverage;
int MsanTrackOrigins; int MsanTrackOrigins;
int AsanFieldPadding; int AsanFieldPadding;
bool AsanZeroBaseShadow; bool AsanZeroBaseShadow;
bool UbsanTrapOnError; bool UbsanTrapOnError;
bool AsanSharedRuntime; bool AsanSharedRuntime;
Show All 33 Lines

include/clang/Frontend/CodeGenOptions.h

Show All 11 Lines
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_FRONTEND_CODEGENOPTIONS_H #ifndef LLVM_CLANG_FRONTEND_CODEGENOPTIONS_H
#define LLVM_CLANG_FRONTEND_CODEGENOPTIONS_H #define LLVM_CLANG_FRONTEND_CODEGENOPTIONS_H
#include <memory> #include <memory>
#include <string> #include <string>
#include <vector> #include <vector>
#include "clang/Basic/Sanitizers.h"
#include "llvm/Support/Regex.h" #include "llvm/Support/Regex.h"
namespace clang { namespace clang {
/// \brief Bitfields of CodeGenOptions, split out from CodeGenOptions to ensure /// \brief Bitfields of CodeGenOptions, split out from CodeGenOptions to ensure
/// that this large collection of bitfields is a trivial class type. /// that this large collection of bitfields is a trivial class type.
class CodeGenOptionsBase { class CodeGenOptionsBase {
public: public:
▲ Show 20 LinesShow All 143 Lines▼ Show 20 Linespublic:
/// Regular expression to select optimizations for which we should enable /// Regular expression to select optimizations for which we should enable
/// optimization analyses. Transformation passes whose name matches this /// optimization analyses. Transformation passes whose name matches this
/// expression (and support this feature), will emit a diagnostic /// expression (and support this feature), will emit a diagnostic
/// whenever they want to explain why they decided to apply or not apply /// whenever they want to explain why they decided to apply or not apply
/// a given transformation. This is enabled by the -Rpass-analysis=regexp /// a given transformation. This is enabled by the -Rpass-analysis=regexp
/// flag. /// flag.
std::shared_ptr<llvm::Regex> OptimizationRemarkAnalysisPattern; std::shared_ptr<llvm::Regex> OptimizationRemarkAnalysisPattern;
/// Set of sanitizer checks that are non-fatal (i.e. execution should be
/// continued when possible).
SanitizerSet SanitizeRecover;
public: public:
// Define accessors/mutators for code generation options of enumeration type. // Define accessors/mutators for code generation options of enumeration type.
#define CODEGENOPT(Name, Bits, Default) #define CODEGENOPT(Name, Bits, Default)
#define ENUM_CODEGENOPT(Name, Type, Bits, Default) \ #define ENUM_CODEGENOPT(Name, Type, Bits, Default) \
Type get##Name() const { return static_cast<Type>(Name); } \ Type get##Name() const { return static_cast<Type>(Name); } \
void set##Name(Type Value) { Name = static_cast<unsigned>(Value); } void set##Name(Type Value) { Name = static_cast<unsigned>(Value); }
#include "clang/Frontend/CodeGenOptions.def" #include "clang/Frontend/CodeGenOptions.def"
CodeGenOptions(); CodeGenOptions();
}; };
} // end namespace clang } // end namespace clang
#endif #endif

include/clang/Frontend/CodeGenOptions.def

Show First 20 LinesShow All 154 Lines▼ Show 20 Lines
VALUE_CODEGENOPT(DwarfVersion, 3, 0) VALUE_CODEGENOPT(DwarfVersion, 3, 0)
/// The kind of inlining to perform. /// The kind of inlining to perform.
ENUM_CODEGENOPT(Inlining, InliningMethod, 2, NoInlining) ENUM_CODEGENOPT(Inlining, InliningMethod, 2, NoInlining)
/// The default TLS model to use. /// The default TLS model to use.
ENUM_CODEGENOPT(DefaultTLSModel, TLSModel, 2, GeneralDynamicTLSModel) ENUM_CODEGENOPT(DefaultTLSModel, TLSModel, 2, GeneralDynamicTLSModel)
CODEGENOPT(SanitizeRecover, 1, 1) ///< Attempt to recover from sanitizer checks
///< by continuing execution when possible
#undef CODEGENOPT #undef CODEGENOPT
#undef ENUM_CODEGENOPT #undef ENUM_CODEGENOPT
#undef VALUE_CODEGENOPT #undef VALUE_CODEGENOPT

lib/CodeGen/CGExpr.cpp

Show First 20 LinesShow All 2,205 Lines▼ Show 20 Lines llvm::Constant *Data[] = {Filename, Builder.getInt32(Line),
Builder.getInt32(Column)}; Builder.getInt32(Column)};
return llvm::ConstantStruct::getAnon(Data); return llvm::ConstantStruct::getAnon(Data);
} }
namespace { namespace {
/// \brief Specify under what conditions this check can be recovered /// \brief Specify under what conditions this check can be recovered
enum class CheckRecoverableKind { enum class CheckRecoverableKind {
/// Always terminate program execution if this check fails /// Always terminate program execution if this check fails.
Unrecoverable, Unrecoverable,
/// Check supports recovering, allows user to specify which /// Check supports recovering, runtime has both fatal (noreturn) and
/// non-fatal handlers for this check.
Recoverable, Recoverable,
/// Runtime conditionally aborts, always need to support recovery. /// Runtime conditionally aborts, always need to support recovery.
AlwaysRecoverable AlwaysRecoverable
}; };
} }
static CheckRecoverableKind getRecoverableKind(SanitizerKind Kind) { static CheckRecoverableKind getRecoverableKind(SanitizerKind Kind) {
switch (Kind) { switch (Kind) {
case SanitizerKind::Vptr: case SanitizerKind::Vptr:
return CheckRecoverableKind::AlwaysRecoverable; return CheckRecoverableKind::AlwaysRecoverable;
case SanitizerKind::Return: case SanitizerKind::Return:
case SanitizerKind::Unreachable: case SanitizerKind::Unreachable:
return CheckRecoverableKind::Unrecoverable; return CheckRecoverableKind::Unrecoverable;
default: default:
return CheckRecoverableKind::Recoverable; return CheckRecoverableKind::Recoverable;
} }
} }
static void emitCheckHandlerCall(CodeGenFunction &CGF,
llvm::FunctionType *FnType,
ArrayRef<llvm::Value *> FnArgs,
StringRef CheckName,
CheckRecoverableKind RecoverKind, bool IsFatal,
llvm::BasicBlock *ContBB) {
assert(IsFatal || RecoverKind != CheckRecoverableKind::Unrecoverable);
bool NeedsAbortSuffix =
IsFatal && RecoverKind != CheckRecoverableKind::Unrecoverable;
std::string FnName = ("__ubsan_handle_" + CheckName +
(NeedsAbortSuffix ? "_abort" : "")).str();
bool MayReturn =
!IsFatal || RecoverKind == CheckRecoverableKind::AlwaysRecoverable;
llvm::AttrBuilder B;
if (!MayReturn) {
B.addAttribute(llvm::Attribute::NoReturn)
.addAttribute(llvm::Attribute::NoUnwind);
}
B.addAttribute(llvm::Attribute::UWTable);
llvm::Value *Fn = CGF.CGM.CreateRuntimeFunction(
FnType, FnName,
llvm::AttributeSet::get(CGF.getLLVMContext(),
llvm::AttributeSet::FunctionIndex, B));
llvm::CallInst *HandlerCall = CGF.EmitNounwindRuntimeCall(Fn, FnArgs);
if (!MayReturn) {
HandlerCall->setDoesNotReturn();
CGF.Builder.CreateUnreachable();
} else {
CGF.Builder.CreateBr(ContBB);
}
}
void CodeGenFunction::EmitCheck( void CodeGenFunction::EmitCheck(
ArrayRef<std::pair<llvm::Value *, SanitizerKind>> Checked, ArrayRef<std::pair<llvm::Value *, SanitizerKind>> Checked,
StringRef CheckName, ArrayRef<llvm::Constant *> StaticArgs, StringRef CheckName, ArrayRef<llvm::Constant *> StaticArgs,
ArrayRef<llvm::Value *> DynamicArgs) { ArrayRef<llvm::Value *> DynamicArgs) {
assert(IsSanitizerScope); assert(IsSanitizerScope);
assert(Checked.size() > 0); assert(Checked.size() > 0);
llvm::Value *Cond = Checked[0].first;
llvm::Value *FatalCond = nullptr;
llvm::Value *RecoverableCond = nullptr;
for (int i = 0, n = Checked.size(); i < n; ++i) {
llvm::Value *Check = Checked[i].first;
llvm::Value *&Cond =
CGM.getCodeGenOpts().SanitizeRecover.has(Checked[i].second)
? RecoverableCond
: FatalCond;
Cond = Cond ? Builder.CreateAnd(Cond, Check) : Check;
}
llvm::Value *JointCond;
if (FatalCond && RecoverableCond)
JointCond = Builder.CreateAnd(FatalCond, RecoverableCond);
else
JointCond = FatalCond ? FatalCond : RecoverableCond;
assert(JointCond);
CheckRecoverableKind RecoverKind = getRecoverableKind(Checked[0].second); CheckRecoverableKind RecoverKind = getRecoverableKind(Checked[0].second);
assert(SanOpts.has(Checked[0].second)); assert(SanOpts.has(Checked[0].second));
#ifndef NDEBUG
for (int i = 1, n = Checked.size(); i < n; ++i) { for (int i = 1, n = Checked.size(); i < n; ++i) {
Cond = Builder.CreateAnd(Cond, Checked[i].first);
assert(RecoverKind == getRecoverableKind(Checked[i].second) && assert(RecoverKind == getRecoverableKind(Checked[i].second) &&
"All recoverable kinds in a single check must be same!"); "All recoverable kinds in a single check must be same!");
assert(SanOpts.has(Checked[i].second)); assert(SanOpts.has(Checked[i].second));
} }
#endif
if (CGM.getCodeGenOpts().SanitizeUndefinedTrapOnError) { if (CGM.getCodeGenOpts().SanitizeUndefinedTrapOnError) {
assert (RecoverKind != CheckRecoverableKind::AlwaysRecoverable && assert(RecoverKind != CheckRecoverableKind::AlwaysRecoverable &&
"Runtime call required for AlwaysRecoverable kind!"); "Runtime call required for AlwaysRecoverable kind!");
return EmitTrapCheck(Cond); // FIXME: Shouldn't we assume that RecoverableKind should be null in this
rsmithUnsubmitted
Not Done
ReplyInline Actions

Typo RecoverableCond?

I don't think it's obvious what we should do if the user turns on both -fsanitize-recover=something and also -fsanitize-undefined-trap-on-error. Since the latter is usually used in cases where the sanitizer runtime is not available (when building an OS kernel or the like), I think it should overrule -fsanitize-recover (as it does), and the answer to your FIXME is "no, we shouldn't".

rsmith: Typo `RecoverableCond`? I don't think it's obvious what we should do if the user turns on both…
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Right. Replaced the FIXME with comment describing that -fsanitize-undefined-trap-on-error overrides -fsanitize-recover= options.

samsonov: Right. Replaced the FIXME with comment describing that `-fsanitize-undefined-trap-on-error`…
// case?
return EmitTrapCheck(JointCond);
} }
llvm::BasicBlock *Cont = createBasicBlock("cont"); llvm::BasicBlock *Cont = createBasicBlock("cont");
llvm::BasicBlock *Handlers = createBasicBlock("handler." + CheckName);
llvm::BasicBlock *Handler = createBasicBlock("handler." + CheckName); llvm::Instruction *Branch = Builder.CreateCondBr(JointCond, Cont, Handlers);
llvm::Instruction *Branch = Builder.CreateCondBr(Cond, Cont, Handler);
// Give hint that we very much don't expect to execute the handler // Give hint that we very much don't expect to execute the handler
// Value chosen to match UR_NONTAKEN_WEIGHT, see BranchProbabilityInfo.cpp // Value chosen to match UR_NONTAKEN_WEIGHT, see BranchProbabilityInfo.cpp
llvm::MDBuilder MDHelper(getLLVMContext()); llvm::MDBuilder MDHelper(getLLVMContext());
llvm::MDNode *Node = MDHelper.createBranchWeights((1U << 20) - 1, 1); llvm::MDNode *Node = MDHelper.createBranchWeights((1U << 20) - 1, 1);
Branch->setMetadata(llvm::LLVMContext::MD_prof, Node); Branch->setMetadata(llvm::LLVMContext::MD_prof, Node);
EmitBlock(Handlers);
EmitBlock(Handler); // Emit handler arguments and create handler function type.
llvm::Constant *Info = llvm::ConstantStruct::getAnon(StaticArgs); llvm::Constant *Info = llvm::ConstantStruct::getAnon(StaticArgs);
auto *InfoPtr = auto *InfoPtr =
new llvm::GlobalVariable(CGM.getModule(), Info->getType(), false, new llvm::GlobalVariable(CGM.getModule(), Info->getType(), false,
llvm::GlobalVariable::PrivateLinkage, Info); llvm::GlobalVariable::PrivateLinkage, Info);
InfoPtr->setUnnamedAddr(true); InfoPtr->setUnnamedAddr(true);
CGM.getSanitizerMetadata()->disableSanitizerForGlobal(InfoPtr); CGM.getSanitizerMetadata()->disableSanitizerForGlobal(InfoPtr);
SmallVector<llvm::Value *, 4> Args; SmallVector<llvm::Value *, 4> Args;
SmallVector<llvm::Type *, 4> ArgTypes; SmallVector<llvm::Type *, 4> ArgTypes;
Args.reserve(DynamicArgs.size() + 1); Args.reserve(DynamicArgs.size() + 1);
ArgTypes.reserve(DynamicArgs.size() + 1); ArgTypes.reserve(DynamicArgs.size() + 1);
// Handler functions take an i8* pointing to the (handler-specific) static // Handler functions take an i8* pointing to the (handler-specific) static
// information block, followed by a sequence of intptr_t arguments // information block, followed by a sequence of intptr_t arguments
// representing operand values. // representing operand values.
Args.push_back(Builder.CreateBitCast(InfoPtr, Int8PtrTy)); Args.push_back(Builder.CreateBitCast(InfoPtr, Int8PtrTy));
ArgTypes.push_back(Int8PtrTy); ArgTypes.push_back(Int8PtrTy);
for (size_t i = 0, n = DynamicArgs.size(); i != n; ++i) { for (size_t i = 0, n = DynamicArgs.size(); i != n; ++i) {
Args.push_back(EmitCheckValue(DynamicArgs[i])); Args.push_back(EmitCheckValue(DynamicArgs[i]));
ArgTypes.push_back(IntPtrTy); ArgTypes.push_back(IntPtrTy);
} }
bool Recover = RecoverKind == CheckRecoverableKind::AlwaysRecoverable ||
(RecoverKind == CheckRecoverableKind::Recoverable &&
CGM.getCodeGenOpts().SanitizeRecover);
llvm::FunctionType *FnType = llvm::FunctionType *FnType =
llvm::FunctionType::get(CGM.VoidTy, ArgTypes, false); llvm::FunctionType::get(CGM.VoidTy, ArgTypes, false);
llvm::AttrBuilder B;
if (!Recover) {
B.addAttribute(llvm::Attribute::NoReturn)
.addAttribute(llvm::Attribute::NoUnwind);
}
B.addAttribute(llvm::Attribute::UWTable);
// Checks that have two variants use a suffix to differentiate them if (!FatalCond || !RecoverableCond) {
bool NeedsAbortSuffix = RecoverKind != CheckRecoverableKind::Unrecoverable && // Simple case: we need to generate a single handler call, either
!CGM.getCodeGenOpts().SanitizeRecover; // fatal, or non-fatal.
std::string FunctionName = ("__ubsan_handle_" + CheckName + emitCheckHandlerCall(*this, FnType, Args, CheckName, RecoverKind,
(NeedsAbortSuffix? "_abort" : "")).str(); (FatalCond != nullptr), Cont);
llvm::Value *Fn = CGM.CreateRuntimeFunction( } else {
FnType, FunctionName, // Emit two handler calls: first one for set of unrecoverable checks,
llvm::AttributeSet::get(getLLVMContext(), // another one for recoverable.
llvm::AttributeSet::FunctionIndex, B)); llvm::BasicBlock *NonFatalHandlerBB =
llvm::CallInst *HandlerCall = EmitNounwindRuntimeCall(Fn, Args); createBasicBlock("non_fatal." + CheckName);
if (Recover) { llvm::BasicBlock *FatalHandlerBB = createBasicBlock("fatal." + CheckName);
Builder.CreateBr(Cont); Builder.CreateCondBr(FatalCond, NonFatalHandlerBB, FatalHandlerBB);
} else { EmitBlock(FatalHandlerBB);
HandlerCall->setDoesNotReturn(); emitCheckHandlerCall(*this, FnType, Args, CheckName, RecoverKind, true,
Builder.CreateUnreachable(); NonFatalHandlerBB);
rsmithUnsubmitted
Not Done
ReplyInline Actions

Passing NonFatalHandlerBB here seems strange: there should be no control flow path out of the fatal error handler; we should call the _abort runtime function, which doesn't return.

rsmith: Passing `NonFatalHandlerBB` here seems strange: there should be no control flow path out of the…
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

No, there is CheckRecoverableKind::AlwaysRecoverable (vptr sanitizer), so we may return even from __ubsan_handle_dynamic_type_cache_miss_abort.

samsonov: No, there is CheckRecoverableKind::AlwaysRecoverable (vptr sanitizer), so we may return even…
EmitBlock(NonFatalHandlerBB);
emitCheckHandlerCall(*this, FnType, Args, CheckName, RecoverKind, false,
Cont);
} }
EmitBlock(Cont); EmitBlock(Cont);
} }
void CodeGenFunction::EmitTrapCheck(llvm::Value *Checked) { void CodeGenFunction::EmitTrapCheck(llvm::Value *Checked) {
llvm::BasicBlock *Cont = createBasicBlock("cont"); llvm::BasicBlock *Cont = createBasicBlock("cont");
▲ Show 20 LinesShow All 1,193 LinesShow Last 20 Lines

lib/Driver/SanitizerArgs.cpp

Show All 37 Lines
enum SanitizeKind { enum SanitizeKind {
#define SANITIZER(NAME, ID) ID = 1 << SO_##ID, #define SANITIZER(NAME, ID) ID = 1 << SO_##ID,
#define SANITIZER_GROUP(NAME, ID, ALIAS) \ #define SANITIZER_GROUP(NAME, ID, ALIAS) \
ID = ALIAS, ID##Group = 1 << SO_##ID##Group, ID = ALIAS, ID##Group = 1 << SO_##ID##Group,
#include "clang/Basic/Sanitizers.def" #include "clang/Basic/Sanitizers.def"
NeedsUbsanRt = Undefined | Integer, NeedsUbsanRt = Undefined | Integer,
NotAllowedWithTrap = Vptr, NotAllowedWithTrap = Vptr,
RequiresPIE = Memory | DataFlow, RequiresPIE = Memory | DataFlow,
NeedsUnwindTables = Address | Thread | Memory | DataFlow NeedsUnwindTables = Address | Thread | Memory | DataFlow,
RecoverableByDefault = Undefined | Integer,
Unrecoverable = Address | Unreachable | Return,
LegacyFsanitizeRecoverMask = Undefined | Integer
}; };
} }
/// Returns true if set of \p Sanitizers contain at least one sanitizer from /// Returns true if set of \p Sanitizers contain at least one sanitizer from
/// \p Kinds. /// \p Kinds.
static bool hasOneOf(const clang::SanitizerSet &Sanitizers, unsigned Kinds) { static bool hasOneOf(const clang::SanitizerSet &Sanitizers, unsigned Kinds) {
#define SANITIZER(NAME, ID) \ #define SANITIZER(NAME, ID) \
if (Sanitizers.has(clang::SanitizerKind::ID) && (Kinds & ID)) \ if (Sanitizers.has(clang::SanitizerKind::ID) && (Kinds & ID)) \
▲ Show 20 LinesShow All 84 Lines▼ Show 20 Lines
} }
bool SanitizerArgs::needsUnwindTables() const { bool SanitizerArgs::needsUnwindTables() const {
return hasOneOf(Sanitizers, NeedsUnwindTables); return hasOneOf(Sanitizers, NeedsUnwindTables);
} }
void SanitizerArgs::clear() { void SanitizerArgs::clear() {
Sanitizers.clear(); Sanitizers.clear();
SanitizeRecover = false; RecoverableSanitizers.clear();
BlacklistFile = ""; BlacklistFile = "";
SanitizeCoverage = 0; SanitizeCoverage = 0;
MsanTrackOrigins = 0; MsanTrackOrigins = 0;
AsanFieldPadding = 0; AsanFieldPadding = 0;
AsanZeroBaseShadow = false; AsanZeroBaseShadow = false;
UbsanTrapOnError = false; UbsanTrapOnError = false;
AsanSharedRuntime = false; AsanSharedRuntime = false;
LinkCXXRuntimes = false; LinkCXXRuntimes = false;
▲ Show 20 LinesShow All 42 Lines▼ Show 20 Lines for (ArgList::const_reverse_iterator I = Args.rbegin(), E = Args.rend();
} else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) { } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
Arg->claim(); Arg->claim();
unsigned Remove = parseArgValues(D, Arg, true); unsigned Remove = parseArgValues(D, Arg, true);
AllRemove |= expandGroups(Remove); AllRemove |= expandGroups(Remove);
} }
} }
addAllOf(Sanitizers, Kinds); addAllOf(Sanitizers, Kinds);
SanitizeRecover = Args.hasFlag(options::OPT_fsanitize_recover, // Parse -f(no-)?sanitize-recover flags.
options::OPT_fno_sanitize_recover, true); unsigned RecoverableKinds = RecoverableByDefault;
unsigned DiagnosedUnrecoverableKinds = 0;
for (const auto *Arg : Args) {
if (Arg->getOption().matches(options::OPT_fsanitize_recover)) {
// FIXME: Add deprecation notice, and then remove this flag.
RecoverableKinds |= expandGroups(LegacyFsanitizeRecoverMask);
Arg->claim();
} else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover)) {
// FIXME: Add deprecation notice, and then remove this flag.
RecoverableKinds &= ~expandGroups(LegacyFsanitizeRecoverMask);
Arg->claim();
} else if (Arg->getOption().matches(options::OPT_fsanitize_recover_EQ)) {
unsigned Add = parseArgValues(D, Arg, true);
// Report error if user explicitly tries to recover from unrecoverable
// sanitizer.
if (unsigned KindsToDiagnose =
Add & Unrecoverable & ~DiagnosedUnrecoverableKinds) {
SanitizerSet SetToDiagnose;
addAllOf(SetToDiagnose, KindsToDiagnose);
D.Diag(diag::err_drv_unsupported_option_argument)
<< Arg->getOption().getName() << toString(SetToDiagnose);
DiagnosedUnrecoverableKinds |= KindsToDiagnose;
}
RecoverableKinds |= expandGroups(Add);
Arg->claim();
} else if (Arg->getOption().matches(options::OPT_fno_sanitize_recover_EQ)) {
RecoverableKinds &= ~expandGroups(parseArgValues(D, Arg, true));
Arg->claim();
}
}
RecoverableKinds &= Kinds;
RecoverableKinds &= ~Unrecoverable;
addAllOf(RecoverableSanitizers, RecoverableKinds);
UbsanTrapOnError = UbsanTrapOnError =
Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error, Args.hasFlag(options::OPT_fsanitize_undefined_trap_on_error,
options::OPT_fno_sanitize_undefined_trap_on_error, false); options::OPT_fno_sanitize_undefined_trap_on_error, false);
// Warn about undefined sanitizer options that require runtime support. // Warn about undefined sanitizer options that require runtime support.
if (UbsanTrapOnError && hasOneOf(Sanitizers, NotAllowedWithTrap)) { if (UbsanTrapOnError && hasOneOf(Sanitizers, NotAllowedWithTrap)) {
D.Diag(clang::diag::err_drv_argument_not_allowed_with) D.Diag(clang::diag::err_drv_argument_not_allowed_with)
▲ Show 20 LinesShow All 139 Lines▼ Show 20 Lines
} }
void SanitizerArgs::addArgs(const llvm::opt::ArgList &Args, void SanitizerArgs::addArgs(const llvm::opt::ArgList &Args,
llvm::opt::ArgStringList &CmdArgs) const { llvm::opt::ArgStringList &CmdArgs) const {
if (Sanitizers.empty()) if (Sanitizers.empty())
return; return;
CmdArgs.push_back(Args.MakeArgString("-fsanitize=" + toString(Sanitizers))); CmdArgs.push_back(Args.MakeArgString("-fsanitize=" + toString(Sanitizers)));
if (!SanitizeRecover) if (!RecoverableSanitizers.empty())
CmdArgs.push_back("-fno-sanitize-recover"); CmdArgs.push_back(Args.MakeArgString("-fsanitize-recover=" +
toString(RecoverableSanitizers)));
if (UbsanTrapOnError) if (UbsanTrapOnError)
CmdArgs.push_back("-fsanitize-undefined-trap-on-error"); CmdArgs.push_back("-fsanitize-undefined-trap-on-error");
if (!BlacklistFile.empty()) { if (!BlacklistFile.empty()) {
SmallString<64> BlacklistOpt("-fsanitize-blacklist="); SmallString<64> BlacklistOpt("-fsanitize-blacklist=");
BlacklistOpt += BlacklistFile; BlacklistOpt += BlacklistFile;
CmdArgs.push_back(Args.MakeArgString(BlacklistOpt)); CmdArgs.push_back(Args.MakeArgString(BlacklistOpt));
▲ Show 20 LinesShow All 47 Lines▼ Show 20 Lines
#define SANITIZER_GROUP(NAME, ID, ALIAS) if (Kinds & ID##Group) Kinds |= ID; #define SANITIZER_GROUP(NAME, ID, ALIAS) if (Kinds & ID##Group) Kinds |= ID;
#include "clang/Basic/Sanitizers.def" #include "clang/Basic/Sanitizers.def"
return Kinds; return Kinds;
} }
unsigned parseArgValues(const Driver &D, const llvm::opt::Arg *A, unsigned parseArgValues(const Driver &D, const llvm::opt::Arg *A,
bool DiagnoseErrors) { bool DiagnoseErrors) {
assert((A->getOption().matches(options::OPT_fsanitize_EQ) || assert((A->getOption().matches(options::OPT_fsanitize_EQ) ||
A->getOption().matches(options::OPT_fno_sanitize_EQ)) && A->getOption().matches(options::OPT_fno_sanitize_EQ) ||
A->getOption().matches(options::OPT_fsanitize_recover_EQ) ||
A->getOption().matches(options::OPT_fno_sanitize_recover_EQ)) &&
"Invalid argument in parseArgValues!"); "Invalid argument in parseArgValues!");
unsigned Kinds = 0; unsigned Kinds = 0;
for (unsigned I = 0, N = A->getNumValues(); I != N; ++I) { for (unsigned I = 0, N = A->getNumValues(); I != N; ++I) {
const char *Value = A->getValue(I); const char *Value = A->getValue(I);
unsigned Kind; unsigned Kind;
// Special case: don't accept -fsanitize=all. // Special case: don't accept -fsanitize=all.
if (A->getOption().matches(options::OPT_fsanitize_EQ) && if (A->getOption().matches(options::OPT_fsanitize_EQ) &&
0 == strcmp("all", Value)) 0 == strcmp("all", Value))
▲ Show 20 LinesShow All 47 LinesShow Last 20 Lines

lib/Frontend/CompilerInvocation.cpp

Show First 20 LinesShow All 318 Lines▼ Show 20 LinesGenerateOptimizationRemarkRegex(DiagnosticsEngine &Diags, ArgList &Args,
if (!Pattern->isValid(RegexError)) { if (!Pattern->isValid(RegexError)) {
Diags.Report(diag::err_drv_optimization_remark_pattern) Diags.Report(diag::err_drv_optimization_remark_pattern)
<< RegexError << RpassArg->getAsString(Args); << RegexError << RpassArg->getAsString(Args);
Pattern.reset(); Pattern.reset();
} }
return Pattern; return Pattern;
} }
static void parseSanitizerKinds(StringRef FlagName,
const std::vector<std::string> &Sanitizers,
DiagnosticsEngine &Diags, SanitizerSet &S) {
for (const auto &Sanitizer : Sanitizers) {
SanitizerKind K = llvm::StringSwitch<SanitizerKind>(Sanitizer)
#define SANITIZER(NAME, ID) .Case(NAME, SanitizerKind::ID)
#include "clang/Basic/Sanitizers.def"
.Default(SanitizerKind::Unknown);
if (K == SanitizerKind::Unknown)
rsmithUnsubmitted
Not Done
ReplyInline Actions

You should probably check for unrecoverable sanitizers for the -fsanitize-recover= case here, too, in case someone passes a bad argument to -cc1 directly.

rsmith: You should probably check for unrecoverable sanitizers for the `-fsanitize-recover=` case here…
samsonovAuthorUnsubmitted
Not Done
ReplyInline Actions

Right. It's hard to fix it immediately, as we only support SANITIER_GROUP handling in driver. I've added a FIXME and will address this later.

samsonov: Right. It's hard to fix it immediately, as we only support SANITIER_GROUP handling in driver.
Diags.Report(diag::err_drv_invalid_value) << FlagName << Sanitizer;
else
S.set(K, true);
}
}
static bool ParseCodeGenArgs(CodeGenOptions &Opts, ArgList &Args, InputKind IK, static bool ParseCodeGenArgs(CodeGenOptions &Opts, ArgList &Args, InputKind IK,
DiagnosticsEngine &Diags, DiagnosticsEngine &Diags,
const TargetOptions &TargetOpts) { const TargetOptions &TargetOpts) {
using namespace options; using namespace options;
bool Success = true; bool Success = true;
unsigned OptimizationLevel = getOptimizationLevel(Args, IK, Diags); unsigned OptimizationLevel = getOptimizationLevel(Args, IK, Diags);
// TODO: This could be done in Driver // TODO: This could be done in Driver
▲ Show 20 LinesShow All 124 Lines▼ Show 20 Linesstatic bool ParseCodeGenArgs(CodeGenOptions &Opts, ArgList &Args, InputKind IK,
Opts.MergeFunctions = Args.hasArg(OPT_fmerge_functions); Opts.MergeFunctions = Args.hasArg(OPT_fmerge_functions);
Opts.VectorizeBB = Args.hasArg(OPT_vectorize_slp_aggressive); Opts.VectorizeBB = Args.hasArg(OPT_vectorize_slp_aggressive);
Opts.VectorizeLoop = Args.hasArg(OPT_vectorize_loops); Opts.VectorizeLoop = Args.hasArg(OPT_vectorize_loops);
Opts.VectorizeSLP = Args.hasArg(OPT_vectorize_slp); Opts.VectorizeSLP = Args.hasArg(OPT_vectorize_slp);
Opts.MainFileName = Args.getLastArgValue(OPT_main_file_name); Opts.MainFileName = Args.getLastArgValue(OPT_main_file_name);
Opts.VerifyModule = !Args.hasArg(OPT_disable_llvm_verifier); Opts.VerifyModule = !Args.hasArg(OPT_disable_llvm_verifier);
Opts.SanitizeRecover = !Args.hasArg(OPT_fno_sanitize_recover);
Opts.DisableGCov = Args.hasArg(OPT_test_coverage); Opts.DisableGCov = Args.hasArg(OPT_test_coverage);
Opts.EmitGcovArcs = Args.hasArg(OPT_femit_coverage_data); Opts.EmitGcovArcs = Args.hasArg(OPT_femit_coverage_data);
Opts.EmitGcovNotes = Args.hasArg(OPT_femit_coverage_notes); Opts.EmitGcovNotes = Args.hasArg(OPT_femit_coverage_notes);
if (Opts.EmitGcovArcs || Opts.EmitGcovNotes) { if (Opts.EmitGcovArcs || Opts.EmitGcovNotes) {
Opts.CoverageFile = Args.getLastArgValue(OPT_coverage_file); Opts.CoverageFile = Args.getLastArgValue(OPT_coverage_file);
Opts.CoverageExtraChecksum = Args.hasArg(OPT_coverage_cfg_checksum); Opts.CoverageExtraChecksum = Args.hasArg(OPT_coverage_cfg_checksum);
Opts.CoverageNoFunctionNamesInData = Opts.CoverageNoFunctionNamesInData =
▲ Show 20 LinesShow All 112 Lines▼ Show 20 Linesstatic bool ParseCodeGenArgs(CodeGenOptions &Opts, ArgList &Args, InputKind IK,
if (!Opts.SampleProfileFile.empty()) if (!Opts.SampleProfileFile.empty())
NeedLocTracking = true; NeedLocTracking = true;
// If the user requested a flag that requires source locations available in // If the user requested a flag that requires source locations available in
// the backend, make sure that the backend tracks source location information. // the backend, make sure that the backend tracks source location information.
if (NeedLocTracking && Opts.getDebugInfo() == CodeGenOptions::NoDebugInfo) if (NeedLocTracking && Opts.getDebugInfo() == CodeGenOptions::NoDebugInfo)
Opts.setDebugInfo(CodeGenOptions::LocTrackingOnly); Opts.setDebugInfo(CodeGenOptions::LocTrackingOnly);
// Parse -fsanitize-recover= arguments.
parseSanitizerKinds("-fsanitize-recover=",
Args.getAllArgValues(OPT_fsanitize_recover_EQ), Diags,
Opts.SanitizeRecover);
return Success; return Success;
} }
static void ParseDependencyOutputArgs(DependencyOutputOptions &Opts, static void ParseDependencyOutputArgs(DependencyOutputOptions &Opts,
ArgList &Args) { ArgList &Args) {
using namespace options; using namespace options;
Opts.OutputFile = Args.getLastArgValue(OPT_dependency_file); Opts.OutputFile = Args.getLastArgValue(OPT_dependency_file);
Opts.Targets = Args.getAllArgValues(OPT_MT); Opts.Targets = Args.getAllArgValues(OPT_MT);
▲ Show 20 LinesShow All 1,018 Lines▼ Show 20 Lines default:
break; break;
case 0: Opts.setStackProtector(LangOptions::SSPOff); break; case 0: Opts.setStackProtector(LangOptions::SSPOff); break;
case 1: Opts.setStackProtector(LangOptions::SSPOn); break; case 1: Opts.setStackProtector(LangOptions::SSPOn); break;
case 2: Opts.setStackProtector(LangOptions::SSPStrong); break; case 2: Opts.setStackProtector(LangOptions::SSPStrong); break;
case 3: Opts.setStackProtector(LangOptions::SSPReq); break; case 3: Opts.setStackProtector(LangOptions::SSPReq); break;
} }
// Parse -fsanitize= arguments. // Parse -fsanitize= arguments.
std::vector<std::string> Sanitizers = Args.getAllArgValues(OPT_fsanitize_EQ); parseSanitizerKinds("-fsanitize=", Args.getAllArgValues(OPT_fsanitize_EQ),
for (const auto &Sanitizer : Sanitizers) { Diags, Opts.Sanitize);
SanitizerKind K = llvm::StringSwitch<SanitizerKind>(Sanitizer)
#define SANITIZER(NAME, ID) .Case(NAME, SanitizerKind::ID)
#include "clang/Basic/Sanitizers.def"
.Default(SanitizerKind::Unknown);
if (K == SanitizerKind::Unknown)
Diags.Report(diag::err_drv_invalid_value)
<< "-fsanitize=" << Sanitizer;
else
Opts.Sanitize.set(K, true);
}
// -fsanitize-address-field-padding=N has to be a LangOpt, parse it here. // -fsanitize-address-field-padding=N has to be a LangOpt, parse it here.
Opts.SanitizeAddressFieldPadding = Opts.SanitizeAddressFieldPadding =
getLastArgIntValue(Args, OPT_fsanitize_address_field_padding, 0, Diags); getLastArgIntValue(Args, OPT_fsanitize_address_field_padding, 0, Diags);
Opts.SanitizerBlacklistFile = Args.getLastArgValue(OPT_fsanitize_blacklist); Opts.SanitizerBlacklistFile = Args.getLastArgValue(OPT_fsanitize_blacklist);
} }
static void ParsePreprocessorArgs(PreprocessorOptions &Opts, ArgList &Args, static void ParsePreprocessorArgs(PreprocessorOptions &Opts, ArgList &Args,
FileManager &FileMgr, FileManager &FileMgr,
▲ Show 20 LinesShow All 423 LinesShow Last 20 Lines

test/CodeGen/catch-undef-behavior.c

// RUN: %clang_cc1 -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-COMMON --check-prefix=CHECK-UBSAN // RUN: %clang_cc1 -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize-recover=alignment,null,object-size,shift,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-COMMON --check-prefix=CHECK-UBSAN
// RUN: %clang_cc1 -fsanitize-undefined-trap-on-error -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-COMMON --check-prefix=CHECK-TRAP // RUN: %clang_cc1 -fsanitize-undefined-trap-on-error -fsanitize=alignment,null,object-size,shift,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize-recover=alignment,null,object-size,shift,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-COMMON --check-prefix=CHECK-TRAP
// RUN: %clang_cc1 -fsanitize=null -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-NULL // RUN: %clang_cc1 -fsanitize=null -fsanitize-recover=null -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-NULL
// RUN: %clang_cc1 -fsanitize=signed-integer-overflow -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-OVERFLOW // RUN: %clang_cc1 -fsanitize=signed-integer-overflow -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-OVERFLOW
// CHECK-UBSAN: @[[INT:.*]] = private unnamed_addr constant { i16, i16, [6 x i8] } { i16 0, i16 11, [6 x i8] c"'int'\00" } // CHECK-UBSAN: @[[INT:.*]] = private unnamed_addr constant { i16, i16, [6 x i8] } { i16 0, i16 11, [6 x i8] c"'int'\00" }
// FIXME: When we only emit each type once, use [[INT]] more below. // FIXME: When we only emit each type once, use [[INT]] more below.
// CHECK-UBSAN: @[[LINE_100:.*]] = private unnamed_addr global {{.*}}, i32 100, i32 5 {{.*}} @[[INT]], i64 4, i8 1 // CHECK-UBSAN: @[[LINE_100:.*]] = private unnamed_addr global {{.*}}, i32 100, i32 5 {{.*}} @[[INT]], i64 4, i8 1
// CHECK-UBSAN: @[[LINE_200:.*]] = {{.*}}, i32 200, i32 10 {{.*}}, i64 4, i8 0 // CHECK-UBSAN: @[[LINE_200:.*]] = {{.*}}, i32 200, i32 10 {{.*}}, i64 4, i8 0
// CHECK-UBSAN: @[[LINE_300:.*]] = {{.*}}, i32 300, i32 12 {{.*}} @{{.*}}, {{.*}} @{{.*}} // CHECK-UBSAN: @[[LINE_300:.*]] = {{.*}}, i32 300, i32 12 {{.*}} @{{.*}}, {{.*}} @{{.*}}
▲ Show 20 LinesShow All 373 LinesShow Last 20 Lines

test/CodeGen/compound-assign-overflow.c

// Verify proper type emitted for compound assignments // Verify proper type emitted for compound assignments
// RUN: %clang_cc1 -ffreestanding -triple x86_64-apple-darwin10 -emit-llvm -o - %s -fsanitize=signed-integer-overflow,unsigned-integer-overflow | FileCheck %s // RUN: %clang_cc1 -ffreestanding -triple x86_64-apple-darwin10 -emit-llvm -o - %s -fsanitize=signed-integer-overflow,unsigned-integer-overflow -fsanitize-recover=signed-integer-overflow,unsigned-integer-overflow | FileCheck %s
#include <stdint.h> #include <stdint.h>
// CHECK: @[[INT:.*]] = private unnamed_addr constant { i16, i16, [6 x i8] } { i16 0, i16 11, [6 x i8] c"'int'\00" } // CHECK: @[[INT:.*]] = private unnamed_addr constant { i16, i16, [6 x i8] } { i16 0, i16 11, [6 x i8] c"'int'\00" }
// CHECK: @[[LINE_100:.*]] = private unnamed_addr global {{.*}}, i32 100, i32 5 {{.*}} @[[INT]] // CHECK: @[[LINE_100:.*]] = private unnamed_addr global {{.*}}, i32 100, i32 5 {{.*}} @[[INT]]
// CHECK: @[[UINT:.*]] = private unnamed_addr constant { i16, i16, [15 x i8] } { i16 0, i16 10, [15 x i8] c"'unsigned int'\00" } // CHECK: @[[UINT:.*]] = private unnamed_addr constant { i16, i16, [15 x i8] } { i16 0, i16 10, [15 x i8] c"'unsigned int'\00" }
// CHECK: @[[LINE_200:.*]] = private unnamed_addr global {{.*}}, i32 200, i32 5 {{.*}} @[[UINT]] // CHECK: @[[LINE_200:.*]] = private unnamed_addr global {{.*}}, i32 200, i32 5 {{.*}} @[[UINT]]
// CHECK: @[[LINE_300:.*]] = private unnamed_addr global {{.*}}, i32 300, i32 5 {{.*}} @[[INT]] // CHECK: @[[LINE_300:.*]] = private unnamed_addr global {{.*}}, i32 300, i32 5 {{.*}} @[[INT]]
Show All 25 Lines

test/CodeGen/sanitize-recover.c

// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -fsanitize=unsigned-integer-overflow %s -emit-llvm -o - | FileCheck %s --check-prefix=RECOVER // RUN: %clang_cc1 -triple x86_64-apple-darwin10 -fsanitize=unsigned-integer-overflow -fsanitize-recover=unsigned-integer-overflow %s -emit-llvm -o - | FileCheck %s --check-prefix=RECOVER
// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -fsanitize=unsigned-integer-overflow -fno-sanitize-recover %s -emit-llvm -o - | FileCheck %s --check-prefix=ABORT // RUN: %clang_cc1 -triple x86_64-apple-darwin10 -fsanitize=unsigned-integer-overflow %s -emit-llvm -o - | FileCheck %s --check-prefix=ABORT
// RUN: %clang_cc1 -triple x86_64-apple-darwin10 -fsanitize=null,object-size,alignment -fsanitize-recover=object-size %s -emit-llvm -o - | FileCheck %s --check-prefix=PARTIAL
// RECOVER: @test // RECOVER: @test
// ABORT: @test // ABORT: @test
void test() { void test() {
extern volatile unsigned x, y, z; extern volatile unsigned x, y, z;
// RECOVER: uadd.with.overflow.i32 // RECOVER: uadd.with.overflow.i32
// RECOVER: ubsan_handle_add_overflow( // RECOVER: ubsan_handle_add_overflow(
// RECOVER-NOT: unreachable // RECOVER-NOT: unreachable
// ABORT: uadd.with.overflow.i32 // ABORT: uadd.with.overflow.i32
// ABORT: ubsan_handle_add_overflow_abort( // ABORT: ubsan_handle_add_overflow_abort(
// ABORT: unreachable // ABORT: unreachable
x = y + z; x = y + z;
} }
void foo() {
union { int i; } u;
u.i=1;
// PARTIAL: %[[CHECK0:.*]] = icmp ne {{.*}}* %[[PTR:.*]], null
// PARTIAL: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 false)
// PARTIAL-NEXT: %[[CHECK1:.*]] = icmp uge i64 %[[SIZE]], 4
// PARTIAL: %[[MISALIGN:.*]] = and i64 {{.*}}, 3
// PARTIAL-NEXT: %[[CHECK2:.*]] = icmp eq i64 %[[MISALIGN]], 0
// PARTIAL: %[[CHECK02:.*]] = and i1 %[[CHECK0]], %[[CHECK2]]
// PARTIAL-NEXT: %[[CHECK012:.*]] = and i1 %[[CHECK02]], %[[CHECK1]]
// PARTIAL: br i1 %[[CHECK012]], {{.*}} !prof ![[WEIGHT_MD:.*]], !nosanitize
// PARTIAL: br i1 %[[CHECK02]], {{.*}}
// PARTIAL: call void @__ubsan_handle_type_mismatch_abort(
// PARTIAL-NEXT: unreachable
// PARTIAL: call void @__ubsan_handle_type_mismatch(
}

test/CodeGen/ubsan-type-blacklist.cpp

// Verify ubsan vptr does not check down-casts on blacklisted types. // Verify ubsan vptr does not check down-casts on blacklisted types.
// RUN: echo "type:_ZTI3Foo" > %t-type.blacklist // RUN: echo "type:_ZTI3Foo" > %t-type.blacklist
// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=vptr -emit-llvm %s -o - | FileCheck %s --check-prefix=DEFAULT // RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=vptr -fsanitize-recover=vptr -emit-llvm %s -o - | FileCheck %s --check-prefix=DEFAULT
// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=vptr -fsanitize-blacklist=%t-type.blacklist -emit-llvm %s -o - | FileCheck %s --check-prefix=TYPE // RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=vptr -fsanitize-recover=vptr -fsanitize-blacklist=%t-type.blacklist -emit-llvm %s -o - | FileCheck %s --check-prefix=TYPE
class Bar { class Bar {
public: public:
virtual ~Bar() {} virtual ~Bar() {}
}; };
class Foo : public Bar {}; class Foo : public Bar {};
Bar bar; Bar bar;
Show All 11 Lines

test/CodeGenCXX/catch-undef-behavior.cpp

// RUN: %clang_cc1 -std=c++11 -fsanitize=signed-integer-overflow,integer-divide-by-zero,float-divide-by-zero,shift,unreachable,return,vla-bound,alignment,null,vptr,object-size,float-cast-overflow,bool,enum,array-bounds,function -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s // RUN: %clang_cc1 -std=c++11 -fsanitize=signed-integer-overflow,integer-divide-by-zero,float-divide-by-zero,shift,unreachable,return,vla-bound,alignment,null,vptr,object-size,float-cast-overflow,bool,enum,array-bounds,function -fsanitize-recover=signed-integer-overflow,integer-divide-by-zero,float-divide-by-zero,shift,vla-bound,alignment,null,vptr,object-size,float-cast-overflow,bool,enum,array-bounds,function -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s
// RUN: %clang_cc1 -std=c++11 -fsanitize=vptr,address -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-ASAN // RUN: %clang_cc1 -std=c++11 -fsanitize=vptr,address -fsanitize-recover=vptr,address -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-ASAN
// RUN: %clang_cc1 -std=c++11 -fsanitize=vptr -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=DOWNCAST-NULL // RUN: %clang_cc1 -std=c++11 -fsanitize=vptr -fsanitize-recover=vptr -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=DOWNCAST-NULL
struct S { struct S {
double d; double d;
int a, b; int a, b;
virtual int f(); virtual int f();
}; };
// Check that type descriptor global is not modified by ASan. // Check that type descriptor global is not modified by ASan.
▲ Show 20 LinesShow All 516 LinesShow Last 20 Lines

test/Driver/fsanitize.c

Show First 20 LinesShow All 122 Lines▼ Show 20 Lines
// CHECK-ANDROID-ASAN-NO-PIE: "-mrelocation-model" "pic" "-pic-level" "2" "-pie-level" "2" // CHECK-ANDROID-ASAN-NO-PIE: "-mrelocation-model" "pic" "-pic-level" "2" "-pie-level" "2"
// CHECK-ANDROID-ASAN-NO-PIE: "-pie" // CHECK-ANDROID-ASAN-NO-PIE: "-pie"
// RUN: %clang -target arm-linux-androideabi %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ANDROID-NO-ASAN // RUN: %clang -target arm-linux-androideabi %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ANDROID-NO-ASAN
// CHECK-ANDROID-NO-ASAN: "-mrelocation-model" "pic" // CHECK-ANDROID-NO-ASAN: "-mrelocation-model" "pic"
// RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined -### 2>&1 | FileCheck %s --check-prefix=CHECK-RECOVER // RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined -### 2>&1 | FileCheck %s --check-prefix=CHECK-RECOVER
// RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined -fsanitize-recover -### 2>&1 | FileCheck %s --check-prefix=CHECK-RECOVER // RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined -fsanitize-recover -### 2>&1 | FileCheck %s --check-prefix=CHECK-RECOVER
// RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined -fsanitize-recover=all -### 2>&1 | FileCheck %s --check-prefix=CHECK-RECOVER
// RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined -fno-sanitize-recover -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-RECOVER // RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined -fno-sanitize-recover -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-RECOVER
// RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined -fno-sanitize-recover -fsanitize-recover -### 2>&1 | FileCheck %s --check-prefix=CHECK-RECOVER // RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined -fno-sanitize-recover=all -fsanitize-recover=thread -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-RECOVER
// RUZ: %clang -target x86_64-linux-gnu %s -fsanitize=undefined -fsanitize-recover -fno-sanitize-recover -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-RECOVER // RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined -fno-sanitize-recover -fsanitize-recover=undefined -### 2>&1 | FileCheck %s --check-prefix=CHECK-RECOVER
// CHECK-RECOVER-NOT: sanitize-recover // RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined -fsanitize-recover -fno-sanitize-recover -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-RECOVER
// CHECK-NO-RECOVER: "-fno-sanitize-recover" // RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined -fno-sanitize-recover=all -fsanitize-recover=object-size -### 2>&1 | FileCheck %s --check-prefix=CHECK-PARTIAL-RECOVER
// CHECK-RECOVER: "-fsanitize-recover={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|array-bounds|enum|bool|returns-nonnull-attribute|nonnull-attribute),?){16}"}}
// CHECK-NO-RECOVER-NOT: sanitize-recover
// CHECK-PARTIAL-RECOVER: "-fsanitize-recover=object-size"
// RUN: %clang -target x86_64-linux-gnu %s -fsanitize=undefined -fsanitize-recover=address,foobar,object-size,unreachable -### 2>&1 | FileCheck %s --check-prefix=CHECK-DIAG-RECOVER
// CHECK-DIAG-RECOVER: unsupported argument 'foobar' to option 'fsanitize-recover='
// CHECK-DIAG-RECOVER: unsupported argument 'address,unreachable' to option 'fsanitize-recover='
// RUN: %clang -target x86_64-linux-gnu -fsanitize=leak %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANL // RUN: %clang -target x86_64-linux-gnu -fsanitize=leak %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANL
// CHECK-SANL: "-fsanitize=leak" // CHECK-SANL: "-fsanitize=leak"
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address,leak -fno-sanitize=address %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANA-SANL-NO-SANA // RUN: %clang -target x86_64-linux-gnu -fsanitize=address,leak -fno-sanitize=address %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-SANA-SANL-NO-SANA
// CHECK-SANA-SANL-NO-SANA: "-fsanitize=leak" // CHECK-SANA-SANL-NO-SANA: "-fsanitize=leak"
// RUN: %clang -target x86_64-linux-gnu -fsanitize=memory %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-MSAN // RUN: %clang -target x86_64-linux-gnu -fsanitize=memory %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-MSAN
▲ Show 20 LinesShow All 47 LinesShow Last 20 Lines