This is an archive of the discontinued LLVM Phabricator instance.

Add -fsanitize-address-param-retval to clang.
ClosedPublic

Authored by kda on Jan 4 2022, 4:45 PM.

Details

Summary

With the introduction of this flag, it is no longer necessary to enable noundef analysis with 4 separate flags.
(-Xclang -enable-noundef-analysis -mllvm -msan-eager-checks=1).
This change only covers the introduction into the compiler.

This is a follow up to: https://reviews.llvm.org/D116855

Diff Detail

Event Timeline

kda created this revision.Jan 4 2022, 4:45 PM
kda requested review of this revision.Jan 4 2022, 4:45 PM
Herald added a project: Restricted Project. · View Herald TranscriptJan 4 2022, 4:45 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
vitalybuka added inline comments.
clang/include/clang/Driver/Options.td
1675

Maybe "Detect initialized parameters and return values."? and above

clang/lib/CodeGen/CGCall.cpp
2384 ↗(On Diff #397426)

@eugenis Would be better to force CodeGenOpts.EnableNoundefAttrs if SanitizeMemoryParamRetval is provided?

2386 ↗(On Diff #397426)

Without this change "-enable-noundef-analysis with -fsanitize-memory-param-retval" can be used.
So no matter what we decide about EnableNoundefAttrs, let's move this change and tests below into a separate incremental patch.

vitalybuka added inline comments.Jan 4 2022, 10:02 PM
clang/lib/CodeGen/CGCall.cpp
2384 ↗(On Diff #397426)

@eugenis Would be better to force CodeGenOpts.EnableNoundefAttrs if SanitizeMemoryParamRetval is provided?

To clarify, checking SanitizeMemoryParamRetval here as-is is LGTM, unless @eugenis or someone else thinks EnableNoundefAttrs reset is better.

kda updated this revision to Diff 397647.Jan 5 2022, 11:33 AM
kda marked an inline comment as done.

updated help text and dropped implementation

kda added inline comments.Jan 5 2022, 11:35 AM
clang/include/clang/Driver/Options.td
1675

I think you meant 'uninitialized'. Otherwise changed as requested.

kda marked an inline comment as done.Jan 5 2022, 11:35 AM
kda updated this revision to Diff 397648.Jan 5 2022, 11:38 AM

trying again

eugenis added inline comments.Jan 5 2022, 2:17 PM
clang/lib/CodeGen/CGCall.cpp
2384 ↗(On Diff #397426)

I don't think this is right at all. An argument being noundef has nothing to do at all with memory sanitization. It affects optimization, too. SanitizeMemoryParamRetval should only affect what MemorySanitizerPass does with noundef attributes.

kda added inline comments.Jan 5 2022, 4:37 PM
clang/lib/CodeGen/CGCall.cpp
2384 ↗(On Diff #397426)

Is the problem the form of the new code?

  • instead of introducing a single new flag to flip 4 others, should there be 1 flag to pick up the CodeGen changes, and another for the Sanitizer? (Is 2 flags better than 4?)
  • another option is have the changes propagate in the other direction: use the flag (-fsanitize-memory-param-retval), to passes along '-mllvm -enable_noundef_analysis=1' to CodeGen (via SanitizerArgs.addArgs).

OR is there a problem forcing EnableNoundefAttrs based on an "unrelated" flag?

  • then leave existing code, just don't do anything fancy to change EnableNoundefAttrs.

we probably should to move clang parts from D116634 into this patch?

clang/include/clang/Basic/CodeGenOptions.def
234

Same comment here?

clang/lib/CodeGen/CGCall.cpp
2384 ↗(On Diff #397426)

I don't think this is right at all. An argument being noundef has nothing to do at all with memory sanitization. It affects optimization, too. SanitizeMemoryParamRetval should only affect what MemorySanitizerPass does with noundef attributes.

What is the point of running SanitizeMemoryParamRetval==1 && EnableNoundefAttrs==0?
Are we going to show warning or error and ask to set thee redundant options? Then why not just automate this for the user?
Also please note that HasStrictReturn already check SanitizerKind::Memory and adjust NoUndef attributes.

On the other hand, if EnableNoundefAttrs is going to be true by default in future, this conversation is not important, we can have two flags.

2384 ↗(On Diff #397426)

Is the problem the form of the new code?

  • instead of introducing a single new flag to flip 4 others, should there be 1 flag to pick up the CodeGen changes, and another for the Sanitizer? (Is 2 flags better than 4?)
  • another option is have the changes propagate in the other direction: use the flag (-fsanitize-memory-param-retval), to passes along '-mllvm -enable_noundef_analysis=1' to CodeGen (via SanitizerArgs.addArgs).

OR is there a problem forcing EnableNoundefAttrs based on an "unrelated" flag?

  • then leave existing code, just don't do anything fancy to change EnableNoundefAttrs.

I believe @eugenis point that user should proved both -fsanitize-memory-param-retval and -enable-noundef-analysis to clang (we don't need -mllvm for -enable-noundef-analysis already).

This comment was removed by vitalybuka.
eugenis added inline comments.Jan 6 2022, 12:10 PM
clang/lib/CodeGen/CGCall.cpp
2384 ↗(On Diff #397426)

Sorry, I think I misunderstood the code. It makes sense for -fsanitize-memory-param-retval to implicitly enable noundef attrs. I agree with Vitaly that it is better to change the value of EnableNoundefAttrs, to avoid the risk of enabling only part of that feature (now or with some future change).

MaskRay added a subscriber: MaskRay.Jan 6 2022, 2:51 PM

This needs a clang/test/Driver test to show that %clang -fsanitize-memory-param-retval translates to CC1 -fsanitize-memory-param-retval.

clang/include/clang/Driver/Options.td
1675

--help messages don't have periods.

1675

Does --help message render clearly?

kda marked 2 inline comments as done.Jan 7 2022, 3:49 PM
kda added inline comments.
clang/include/clang/Driver/Options.td
1675

Indeed:

-fsanitize-memory-param-retval
                        EnableDetect uninitialized parameters and return values
kda updated this revision to Diff 398263.Jan 7 2022, 3:50 PM
adjust help text
kda added inline comments.Jan 7 2022, 4:08 PM
clang/include/clang/Driver/Options.td
1675

Maybe not...

kda updated this revision to Diff 398266.Jan 7 2022, 4:13 PM

refined rendering of help text

clang/include/clang/Driver/Options.td
1675

much better

-fsanitize-memory-param-retval
                        Enable detection of uninitialized parameters and return values
kda updated this revision to Diff 399163.Jan 11 2022, 6:36 PM

A few improvements.

  • Add -fsanitize-address-param-retval to clang.
  • updated flag help text and dropped use of flag (to be picked up later).
  • adjust help text
  • refined rendering of help text
  • add code generation
  • introduce member CodeGenModule::NoundefAnalysisEnabled
kda edited the summary of this revision. (Show Details)Jan 11 2022, 7:20 PM
kda added a comment.Jan 11 2022, 7:38 PM

This needs a clang/test/Driver test to show that %clang -fsanitize-memory-param-retval translates to CC1 -fsanitize-memory-param-retval.

Could you point me to an example?

This needs a clang/test/Driver test to show that %clang -fsanitize-memory-param-retval translates to CC1 -fsanitize-memory-param-retval.

Could you point me to an example?

test/Driver/fpatchable-function-entry.c test/Driver/fbinutils-version.c :)

kda updated this revision to Diff 399362.Jan 12 2022, 9:49 AM

add test to validate that flag does not conflict with enable-noundef-analysis

kda added a comment.Jan 12 2022, 9:50 AM

This needs a clang/test/Driver test to show that %clang -fsanitize-memory-param-retval translates to CC1 -fsanitize-memory-param-retval.

Could you point me to an example?

test/Driver/fpatchable-function-entry.c test/Driver/fbinutils-version.c :)

I added some conflict tests here.
I added the CC1 tests to: https://reviews.llvm.org/D116701

kda updated this revision to Diff 399784.Jan 13 2022, 2:01 PM

Drop attribute changes.

kda updated this revision to Diff 399826.Jan 13 2022, 4:15 PM

enable eager-checks with -fsanitize-memory-param-retval

vitalybuka accepted this revision.Jan 13 2022, 9:19 PM

LGTM with few nits

clang/lib/CodeGen/BackendUtil.cpp
362 ↗(On Diff #399826)

we use implicit cast mostly, e.g. addAddressSanitizerPasses

clang/test/CodeGen/param-retval-eager-checks.c
1 ↗(On Diff #399826)

Would you like to remove "| \" ?
80 char limit is not enforced on tests, multi line RUN: is even harder to read then long line

1 ↗(On Diff #399826)

This dir contains tests for a lot of different componets
can you please add msan in name

e.g. "msan-param-retval.c"

5 ↗(On Diff #399826)

we probably don't need mllvm test here

This revision is now accepted and ready to land.Jan 13 2022, 9:19 PM
kda updated this revision to Diff 399917.Jan 14 2022, 12:21 AM
kda marked an inline comment as done.

rename file

kda added inline comments.Jan 14 2022, 12:22 AM
clang/lib/CodeGen/BackendUtil.cpp
362 ↗(On Diff #399826)

I agree, AND the compiler complains of needing a static_cast<bool>.
Of course, below (line 1167) where the constructor is called explicitly, it works fine.
I think this is a case of 2 implicit casts and hence the compiler balks.

There are 2 other possibilities aside from the static_cast<bool>:

  • assign to a bool, then use the bool
  • construct the options on the stack (like line 1167)

I found my solution to be the most direct, clear and simple.

clang/test/CodeGen/param-retval-eager-checks.c
1 ↗(On Diff #399826)

Would you like to remove "| \" ?
80 char limit is not enforced on tests, multi line RUN: is even harder to read then long line

No. I broke the lines there as it makes it easier to see the differences, as the flags and the FileCheck are aligned. (It wasn't about 80 characters.)

5 ↗(On Diff #399826)

No, not needed.
And I would like to keep it, as it shows the equivalency between the flags.

This revision was landed with ongoing or failed builds.Jan 14 2022, 12:41 AM
This revision was automatically updated to reflect the committed changes.
vitalybuka added inline comments.Jan 14 2022, 8:44 AM
clang/test/Driver/fsanitize-memory-param-retval.c
8–9 ↗(On Diff #399920)

I guess this copied by mistake from example. This is essentially the same as line 2.

kda added inline comments.Jan 14 2022, 5:57 PM
clang/test/Driver/fsanitize-memory-param-retval.c
8–9 ↗(On Diff #399920)

Should I drop it?
I was trying to copy all the subtleties found in other tests.
The next test shows the opposite.