This is an archive of the discontinued LLVM Phabricator instance.

Differential D1338

Implement function type checker for the undefined behavior sanitizer.
ClosedPublic

Authored by pcc on Aug 9 2013, 1:30 AM.

Details

Reviewers
rsmith
Commits
rL193058: Implement function type checker for the undefined behavior sanitizer.
Summary

This uses function prefix data to store
function type information at the function pointer.

Diff Detail

Event Timeline

pcc updated this revision to Unknown Object (????).Aug 9 2013, 1:31 PM
  • Also test for the RTTI pointer check code
pcc updated this revision to Unknown Object (????).Sep 15 2013, 6:32 PM

Rebase.

pcc added a comment.Sep 15 2013, 6:35 PM

The LLVM-side dependency for this has landed now.

pcc updated this revision to Unknown Object (????).Oct 10 2013, 7:08 PM
Rebase.
rsmith added a comment.Oct 14 2013, 9:12 PM

Clever! The approach only makes me feel a little uneasy =)

It would be polite to issue a diagnostic if someone explicitly asks for this (not via -fsanitize=undefined) and we don't support it for their target.

lib/CodeGen/CGExpr.cpp
3128 ↗(On Diff #4825)

This is a bit hard to parse. (!TargetDecl || !isa<FunctionDecl>(TargetDecl)) maybe?

3129 ↗(On Diff #4825)

* on the right.

3133 ↗(On Diff #4825)

Some indication of what "PD" stands for here would be useful.

3133–3134 ↗(On Diff #4825)

We usually format this as

llvm::Type *PDStructTyElems[] = {
  PDSig->getType(),
  FTRTTIConst->getType()
};

or similar.

3138–3142 ↗(On Diff #4825)

What happens if the callee address is at the end of a page and doesn't have the extra data? Could this load trigger a segfault?

3155–3156 ↗(On Diff #4825)

Likewise.

lib/CodeGen/CodeGenFunction.cpp
523–524 ↗(On Diff #4825)

It'd be nice if we could only do this for address-taken functions. When we take the address of a function, we could emit linkonce_odr thunk with the extra data, and use that instead of the original address... except that would break address-of-function comparisons between instrumented and uninstrumented code. Can we provide an option to enable that behavior for the case where we're OK with an ABI change?

529–530 ↗(On Diff #4825)

Does this include the calling convention attributes?

531 ↗(On Diff #4825)

Spaces around braces.

lib/CodeGen/TargetInfo.cpp
607–608 ↗(On Diff #4825)

What do 'F' and 'T' demangle as? An invalid instruction encoding would give me more confidence here.

pcc updated this revision to Unknown Object (????).Oct 18 2013, 4:06 PM
  • Address code review comments
pcc added a comment.Oct 18 2013, 4:09 PM

It would be polite to issue a diagnostic if someone explicitly asks for this (not via -fsanitize=undefined) and we don't support it for their target.

Hmm, we should probably be doing this for other sanitizers too (e.g. MSan and DFSan are only supported on 64-bit Linux).

lib/CodeGen/CGExpr.cpp
3128 ↗(On Diff #4825)

Done.

3129 ↗(On Diff #4825)

Done.

3133 ↗(On Diff #4825)

Globally replaced 'PD' with 'Prefix'.

3133–3134 ↗(On Diff #4825)

Done. clang-format prefers something closer to the formatting I originally used; I'll raise this with the clang-format folks.

3138–3142 ↗(On Diff #4825)

It could in principle. In practice, Clang always aligns function bodies to 16 bytes, GCC does it at -O>=2 and GCC (4.4 and 4.6) codegens an empty function body at -O0 with >4 bytes. A quick survey of a number of system libraries (libc, libm, libstdc++) on an Ubuntu machine reveals that the functions are suitably aligned. I think the circumstances in which a segfault might occur are sufficiently rare as to justify doing a single load. If it does turn out to be a problem in practice we could consider splitting the load (perhaps conditional on a command line flag).

3155–3156 ↗(On Diff #4825)

Done.

lib/CodeGen/CodeGenFunction.cpp
523–524 ↗(On Diff #4825)

I like the idea of doing this as an option, but I would prefer to land this version first.

529–530 ↗(On Diff #4825)

Not with the Itanium ABI, which does not have a representation for calling conventions, but the Microsoft ABI (for which calling conventions matter more) does, so once RTTI has been implemented for that ABI, this should respect calling conventions there.

531 ↗(On Diff #4825)

Done.

lib/CodeGen/TargetInfo.cpp
607–608 ↗(On Diff #4825)

"rex.RX push %rsp", according to objdump. But I don't think it really matters what this decodes to. If the instruction pointer finds itself here the situation isn't dissimilar to jumping into the middle of a multibyte instruction. (Besides, the RTTI pointer could decode to anything.)

rsmith accepted this revision.Oct 18 2013, 4:34 PM

LGTM

lib/CodeGen/CGExpr.cpp
3128 ↗(On Diff #5042)

It'd be nice if we could erase these checks if the optimizer resolves the call.

lib/CodeGen/TargetInfo.cpp
607–608 ↗(On Diff #4825)

I think it matters: it's not unreasonable for a function to start as:

jmp +8
6 byte loop body
check loop condition
conditional jmp back to loop body

IIUC, your check would flag a false positive on indirect calls to such a function.

However, since the 'F' is an instruction prefix that is redundant on a 'T' (pushq %rsp) instruction, I think it's reasonable to assume that the FT signature will not occur in uninstrumented code.

pcc added a comment.Oct 18 2013, 5:59 PM

What about the compiler-rt changes?

lib/CodeGen/CGExpr.cpp
3128 ↗(On Diff #5042)

Sure. A design point of function prefix data is that it permits this sort of optimization. Maybe if I get a chance I'll see if I can teach the optimizer to do this.

lib/CodeGen/TargetInfo.cpp
607–608 ↗(On Diff #4825)

I see. I think I agree with your reasoning.

pcc closed this revision.Oct 20 2013, 2:33 PM

Closed by commit rL193058 (authored by @pcc).

MaskRay mentioned this in D119296: KCFI sanitizer.Jun 6 2022, 10:33 PM

Revision Contents

PathSize
cfe/
trunk/
docs/
2 lines
include/
clang/
Basic/
7 lines
lib/
CodeGen/
2 lines
4 lines
50 lines
3 lines
1 line
17 lines
8 lines
16 lines
test/
CodeGenCXX/
20 lines
Driver/
4 lines

Diff 5050

cfe/trunk/docs/UsersManual.rst

Show First 20 LinesShow All 915 Lines▼ Show 20 Lines**-f[no-]sanitize=check1,check2,...**
- ``-fsanitize=enum``: Load of a value of an enumerated type which - ``-fsanitize=enum``: Load of a value of an enumerated type which
is not in the range of representable values for that enumerated is not in the range of representable values for that enumerated
type. type.
- ``-fsanitize=float-cast-overflow``: Conversion to, from, or - ``-fsanitize=float-cast-overflow``: Conversion to, from, or
between floating-point types which would overflow the between floating-point types which would overflow the
destination. destination.
- ``-fsanitize=float-divide-by-zero``: Floating point division by - ``-fsanitize=float-divide-by-zero``: Floating point division by
zero. zero.
- ``-fsanitize=function``: Indirect call of a function through a
function pointer of the wrong type (C++ and x86/x86_64 only).
- ``-fsanitize=integer-divide-by-zero``: Integer division by zero. - ``-fsanitize=integer-divide-by-zero``: Integer division by zero.
- ``-fsanitize=null``: Use of a null pointer or creation of a null - ``-fsanitize=null``: Use of a null pointer or creation of a null
reference. reference.
- ``-fsanitize=object-size``: An attempt to use bytes which the - ``-fsanitize=object-size``: An attempt to use bytes which the
optimizer can determine are not part of the object being optimizer can determine are not part of the object being
accessed. The sizes of objects are determined using accessed. The sizes of objects are determined using
``__builtin_object_size``, and consequently may be able to detect ``__builtin_object_size``, and consequently may be able to detect
more problems at higher optimization levels. more problems at higher optimization levels.
▲ Show 20 LinesShow All 584 LinesShow Last 20 Lines

cfe/trunk/include/clang/Basic/Sanitizers.def

Show First 20 LinesShow All 58 Lines▼ Show 20 Lines
// UndefinedBehaviorSanitizer // UndefinedBehaviorSanitizer
SANITIZER("alignment", Alignment) SANITIZER("alignment", Alignment)
SANITIZER("bool", Bool) SANITIZER("bool", Bool)
SANITIZER("bounds", Bounds) SANITIZER("bounds", Bounds)
SANITIZER("enum", Enum) SANITIZER("enum", Enum)
SANITIZER("float-cast-overflow", FloatCastOverflow) SANITIZER("float-cast-overflow", FloatCastOverflow)
SANITIZER("float-divide-by-zero", FloatDivideByZero) SANITIZER("float-divide-by-zero", FloatDivideByZero)
SANITIZER("function", Function)
SANITIZER("integer-divide-by-zero", IntegerDivideByZero) SANITIZER("integer-divide-by-zero", IntegerDivideByZero)
SANITIZER("null", Null) SANITIZER("null", Null)
SANITIZER("object-size", ObjectSize) SANITIZER("object-size", ObjectSize)
SANITIZER("return", Return) SANITIZER("return", Return)
SANITIZER("shift", Shift) SANITIZER("shift", Shift)
SANITIZER("signed-integer-overflow", SignedIntegerOverflow) SANITIZER("signed-integer-overflow", SignedIntegerOverflow)
SANITIZER("unreachable", Unreachable) SANITIZER("unreachable", Unreachable)
SANITIZER("vla-bound", VLABound) SANITIZER("vla-bound", VLABound)
SANITIZER("vptr", Vptr) SANITIZER("vptr", Vptr)
// IntegerSanitizer // IntegerSanitizer
SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow) SANITIZER("unsigned-integer-overflow", UnsignedIntegerOverflow)
// DataFlowSanitizer // DataFlowSanitizer
SANITIZER("dataflow", DataFlow) SANITIZER("dataflow", DataFlow)
// -fsanitize=undefined includes all the sanitizers which have low overhead, no // -fsanitize=undefined includes all the sanitizers which have low overhead, no
// ABI or address space layout implications, and only catch undefined behavior. // ABI or address space layout implications, and only catch undefined behavior.
SANITIZER_GROUP("undefined", Undefined, SANITIZER_GROUP("undefined", Undefined,
Alignment | Bool | Bounds | Enum | FloatCastOverflow | Alignment | Bool | Bounds | Enum | FloatCastOverflow |
FloatDivideByZero | IntegerDivideByZero | Null | ObjectSize | FloatDivideByZero | Function | IntegerDivideByZero | Null |
Return | Shift | SignedIntegerOverflow | Unreachable | ObjectSize | Return | Shift | SignedIntegerOverflow |
VLABound | Vptr) Unreachable | VLABound | Vptr)
// -fsanitize=undefined-trap (and its alias -fcatch-undefined-behavior) includes // -fsanitize=undefined-trap (and its alias -fcatch-undefined-behavior) includes
// all sanitizers included by -fsanitize=undefined, except those that require // all sanitizers included by -fsanitize=undefined, except those that require
// runtime support. This group is generally used in conjunction with the // runtime support. This group is generally used in conjunction with the
// -fsanitize-undefined-trap-on-error flag. // -fsanitize-undefined-trap-on-error flag.
SANITIZER_GROUP("undefined-trap", UndefinedTrap, SANITIZER_GROUP("undefined-trap", UndefinedTrap,
Alignment | Bool | Bounds | Enum | FloatCastOverflow | Alignment | Bool | Bounds | Enum | FloatCastOverflow |
FloatDivideByZero | IntegerDivideByZero | Null | ObjectSize | FloatDivideByZero | IntegerDivideByZero | Null | ObjectSize |
Show All 9 Lines

cfe/trunk/lib/CodeGen/CGBuiltin.cpp

Show First 20 LinesShow All 159 Lines▼ Show 20 Lines llvm::FunctionType *FT = llvm::FunctionType::get(V->getType(), V->getType(),
false); false);
llvm::Value *Fn = CGF.CGM.CreateRuntimeFunction(FT, FnName); llvm::Value *Fn = CGF.CGM.CreateRuntimeFunction(FT, FnName);
return CGF.EmitNounwindRuntimeCall(Fn, V, "abs"); return CGF.EmitNounwindRuntimeCall(Fn, V, "abs");
} }
static RValue emitLibraryCall(CodeGenFunction &CGF, const FunctionDecl *Fn, static RValue emitLibraryCall(CodeGenFunction &CGF, const FunctionDecl *Fn,
const CallExpr *E, llvm::Value *calleeValue) { const CallExpr *E, llvm::Value *calleeValue) {
return CGF.EmitCall(E->getCallee()->getType(), calleeValue, return CGF.EmitCall(E->getCallee()->getType(), calleeValue, E->getLocStart(),
ReturnValueSlot(), E->arg_begin(), E->arg_end(), Fn); ReturnValueSlot(), E->arg_begin(), E->arg_end(), Fn);
} }
/// \brief Emit a call to llvm.{sadd,uadd,ssub,usub,smul,umul}.with.overflow.* /// \brief Emit a call to llvm.{sadd,uadd,ssub,usub,smul,umul}.with.overflow.*
/// depending on IntrinsicID. /// depending on IntrinsicID.
/// ///
/// \arg CGF The current codegen function. /// \arg CGF The current codegen function.
/// \arg IntrinsicID The ID for the Intrinsic we wish to generate. /// \arg IntrinsicID The ID for the Intrinsic we wish to generate.
▲ Show 20 LinesShow All 3,836 LinesShow Last 20 Lines

cfe/trunk/lib/CodeGen/CGCUDARuntime.cpp

Show All 38 LinesRValue CGCUDARuntime::EmitCUDAKernelCallExpr(CodeGenFunction &CGF,
const Decl *TargetDecl = 0; const Decl *TargetDecl = 0;
if (const ImplicitCastExpr *CE = dyn_cast<ImplicitCastExpr>(E->getCallee())) { if (const ImplicitCastExpr *CE = dyn_cast<ImplicitCastExpr>(E->getCallee())) {
if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(CE->getSubExpr())) { if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(CE->getSubExpr())) {
TargetDecl = DRE->getDecl(); TargetDecl = DRE->getDecl();
} }
} }
llvm::Value *Callee = CGF.EmitScalarExpr(E->getCallee()); llvm::Value *Callee = CGF.EmitScalarExpr(E->getCallee());
CGF.EmitCall(E->getCallee()->getType(), Callee, ReturnValue, CGF.EmitCall(E->getCallee()->getType(), Callee, E->getLocStart(),
E->arg_begin(), E->arg_end(), TargetDecl); ReturnValue, E->arg_begin(), E->arg_end(), TargetDecl);
CGF.EmitBranch(ContBlock); CGF.EmitBranch(ContBlock);
CGF.EmitBlock(ContBlock); CGF.EmitBlock(ContBlock);
eval.end(CGF); eval.end(CGF);
return RValue::get(0); return RValue::get(0);
} }

cfe/trunk/lib/CodeGen/CGExpr.cpp

Show First 20 LinesShow All 2,925 Lines▼ Show 20 Lines if (getLangOpts().ObjCAutoRefCount &&
// arrow. // arrow.
EmitScalarExpr(E->getCallee()); EmitScalarExpr(E->getCallee());
} }
return RValue::get(0); return RValue::get(0);
} }
llvm::Value *Callee = EmitScalarExpr(E->getCallee()); llvm::Value *Callee = EmitScalarExpr(E->getCallee());
return EmitCall(E->getCallee()->getType(), Callee, ReturnValue, return EmitCall(E->getCallee()->getType(), Callee, E->getLocStart(),
E->arg_begin(), E->arg_end(), TargetDecl); ReturnValue, E->arg_begin(), E->arg_end(), TargetDecl);
} }
LValue CodeGenFunction::EmitBinaryOperatorLValue(const BinaryOperator *E) { LValue CodeGenFunction::EmitBinaryOperatorLValue(const BinaryOperator *E) {
// Comma expressions just emit their LHS then their RHS as an l-value. // Comma expressions just emit their LHS then their RHS as an l-value.
if (E->getOpcode() == BO_Comma) { if (E->getOpcode() == BO_Comma) {
EmitIgnoredExpr(E->getLHS()); EmitIgnoredExpr(E->getLHS());
EnsureInsertPoint(); EnsureInsertPoint();
return EmitLValue(E->getRHS()); return EmitLValue(E->getRHS());
▲ Show 20 LinesShow All 154 Lines▼ Show 20 Lines
LValue CodeGenFunction::EmitStmtExprLValue(const StmtExpr *E) { LValue CodeGenFunction::EmitStmtExprLValue(const StmtExpr *E) {
// Can only get l-value for message expression returning aggregate type // Can only get l-value for message expression returning aggregate type
RValue RV = EmitAnyExprToTemp(E); RValue RV = EmitAnyExprToTemp(E);
return MakeAddrLValue(RV.getAggregateAddr(), E->getType()); return MakeAddrLValue(RV.getAggregateAddr(), E->getType());
} }
RValue CodeGenFunction::EmitCall(QualType CalleeType, llvm::Value *Callee, RValue CodeGenFunction::EmitCall(QualType CalleeType, llvm::Value *Callee,
SourceLocation CallLoc,
ReturnValueSlot ReturnValue, ReturnValueSlot ReturnValue,
CallExpr::const_arg_iterator ArgBeg, CallExpr::const_arg_iterator ArgBeg,
CallExpr::const_arg_iterator ArgEnd, CallExpr::const_arg_iterator ArgEnd,
const Decl *TargetDecl) { const Decl *TargetDecl) {
// Get the actual function type. The callee type will always be a pointer to // Get the actual function type. The callee type will always be a pointer to
// function type or a block pointer type. // function type or a block pointer type.
assert(CalleeType->isFunctionPointerType() && assert(CalleeType->isFunctionPointerType() &&
"Call must have function pointer type!"); "Call must have function pointer type!");
CalleeType = getContext().getCanonicalType(CalleeType); CalleeType = getContext().getCanonicalType(CalleeType);
const FunctionType *FnType const FunctionType *FnType
= cast<FunctionType>(cast<PointerType>(CalleeType)->getPointeeType()); = cast<FunctionType>(cast<PointerType>(CalleeType)->getPointeeType());
// Force column info to differentiate multiple inlined call sites on // Force column info to differentiate multiple inlined call sites on
// the same line, analoguous to EmitCallExpr. // the same line, analoguous to EmitCallExpr.
bool ForceColumnInfo = false; bool ForceColumnInfo = false;
if (const FunctionDecl* FD = dyn_cast_or_null<const FunctionDecl>(TargetDecl)) if (const FunctionDecl* FD = dyn_cast_or_null<const FunctionDecl>(TargetDecl))
ForceColumnInfo = FD->isInlineSpecified(); ForceColumnInfo = FD->isInlineSpecified();
if (getLangOpts().CPlusPlus && SanOpts->Function &&
(!TargetDecl || !isa<FunctionDecl>(TargetDecl))) {
if (llvm::Constant *PrefixSig =
CGM.getTargetCodeGenInfo().getUBSanFunctionSignature(CGM)) {
llvm::Constant *FTRTTIConst =
CGM.GetAddrOfRTTIDescriptor(QualType(FnType, 0), /*ForEH=*/true);
llvm::Type *PrefixStructTyElems[] = {
PrefixSig->getType(),
FTRTTIConst->getType()
};
llvm::StructType *PrefixStructTy = llvm::StructType::get(
CGM.getLLVMContext(), PrefixStructTyElems, /*isPacked=*/true);
llvm::Value *CalleePrefixStruct = Builder.CreateBitCast(
Callee, llvm::PointerType::getUnqual(PrefixStructTy));
llvm::Value *CalleeSigPtr =
Builder.CreateConstGEP2_32(CalleePrefixStruct, 0, 0);
llvm::Value *CalleeSig = Builder.CreateLoad(CalleeSigPtr);
llvm::Value *CalleeSigMatch = Builder.CreateICmpEQ(CalleeSig, PrefixSig);
llvm::BasicBlock *Cont = createBasicBlock("cont");
llvm::BasicBlock *TypeCheck = createBasicBlock("typecheck");
Builder.CreateCondBr(CalleeSigMatch, TypeCheck, Cont);
EmitBlock(TypeCheck);
llvm::Value *CalleeRTTIPtr =
Builder.CreateConstGEP2_32(CalleePrefixStruct, 0, 1);
llvm::Value *CalleeRTTI = Builder.CreateLoad(CalleeRTTIPtr);
llvm::Value *CalleeRTTIMatch =
Builder.CreateICmpEQ(CalleeRTTI, FTRTTIConst);
llvm::Constant *StaticData[] = {
EmitCheckSourceLocation(CallLoc),
EmitCheckTypeDescriptor(CalleeType)
};
EmitCheck(CalleeRTTIMatch,
"function_type_mismatch",
StaticData,
Callee,
CRK_Recoverable);
Builder.CreateBr(Cont);
EmitBlock(Cont);
}
}
CallArgList Args; CallArgList Args;
EmitCallArgs(Args, dyn_cast<FunctionProtoType>(FnType), ArgBeg, ArgEnd, EmitCallArgs(Args, dyn_cast<FunctionProtoType>(FnType), ArgBeg, ArgEnd,
ForceColumnInfo); ForceColumnInfo);
const CGFunctionInfo &FnInfo = const CGFunctionInfo &FnInfo =
CGM.getTypes().arrangeFreeFunctionCall(Args, FnType); CGM.getTypes().arrangeFreeFunctionCall(Args, FnType);
// C99 6.5.2.2p6: // C99 6.5.2.2p6:
▲ Show 20 LinesShow All 153 LinesShow Last 20 Lines

cfe/trunk/lib/CodeGen/CGExprCXX.cpp

Show First 20 LinesShow All 80 Lines▼ Show 20 LinesRValue CodeGenFunction::EmitCXXMemberCallExpr(const CXXMemberCallExpr *CE,
const MemberExpr *ME = cast<MemberExpr>(callee); const MemberExpr *ME = cast<MemberExpr>(callee);
const CXXMethodDecl *MD = cast<CXXMethodDecl>(ME->getMemberDecl()); const CXXMethodDecl *MD = cast<CXXMethodDecl>(ME->getMemberDecl());
if (MD->isStatic()) { if (MD->isStatic()) {
// The method is static, emit it as we would a regular call. // The method is static, emit it as we would a regular call.
llvm::Value *Callee = CGM.GetAddrOfFunction(MD); llvm::Value *Callee = CGM.GetAddrOfFunction(MD);
return EmitCall(getContext().getPointerType(MD->getType()), Callee, return EmitCall(getContext().getPointerType(MD->getType()), Callee,
ReturnValue, CE->arg_begin(), CE->arg_end()); CE->getLocStart(), ReturnValue, CE->arg_begin(),
CE->arg_end());
} }
// Compute the object pointer. // Compute the object pointer.
const Expr *Base = ME->getBase(); const Expr *Base = ME->getBase();
bool CanUseVirtualCall = MD->isVirtual() && !ME->hasQualifier(); bool CanUseVirtualCall = MD->isVirtual() && !ME->hasQualifier();
const CXXMethodDecl *DevirtualizedMethod = NULL; const CXXMethodDecl *DevirtualizedMethod = NULL;
if (CanUseVirtualCall && CanDevirtualizeMemberFunctionCall(Base, MD)) { if (CanUseVirtualCall && CanDevirtualizeMemberFunctionCall(Base, MD)) {
▲ Show 20 LinesShow All 1,760 LinesShow Last 20 Lines

cfe/trunk/lib/CodeGen/CodeGenFunction.h

Show First 20 LinesShow All 2,067 Lines▼ Show 20 Lines#endif
RValue EmitCall(const CGFunctionInfo &FnInfo, RValue EmitCall(const CGFunctionInfo &FnInfo,
llvm::Value *Callee, llvm::Value *Callee,
ReturnValueSlot ReturnValue, ReturnValueSlot ReturnValue,
const CallArgList &Args, const CallArgList &Args,
const Decl *TargetDecl = 0, const Decl *TargetDecl = 0,
llvm::Instruction **callOrInvoke = 0); llvm::Instruction **callOrInvoke = 0);
RValue EmitCall(QualType FnType, llvm::Value *Callee, RValue EmitCall(QualType FnType, llvm::Value *Callee,
SourceLocation CallLoc,
ReturnValueSlot ReturnValue, ReturnValueSlot ReturnValue,
CallExpr::const_arg_iterator ArgBeg, CallExpr::const_arg_iterator ArgBeg,
CallExpr::const_arg_iterator ArgEnd, CallExpr::const_arg_iterator ArgEnd,
const Decl *TargetDecl = 0); const Decl *TargetDecl = 0);
RValue EmitCallExpr(const CallExpr *E, RValue EmitCallExpr(const CallExpr *E,
ReturnValueSlot ReturnValue = ReturnValueSlot()); ReturnValueSlot ReturnValue = ReturnValueSlot());
llvm::CallInst *EmitRuntimeCall(llvm::Value *callee, llvm::CallInst *EmitRuntimeCall(llvm::Value *callee,
▲ Show 20 LinesShow All 556 LinesShow Last 20 Lines

cfe/trunk/lib/CodeGen/CodeGenFunction.cpp

Show All 10 Lines
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "CodeGenFunction.h" #include "CodeGenFunction.h"
#include "CGCUDARuntime.h" #include "CGCUDARuntime.h"
#include "CGCXXABI.h" #include "CGCXXABI.h"
#include "CGDebugInfo.h" #include "CGDebugInfo.h"
#include "CodeGenModule.h" #include "CodeGenModule.h"
#include "TargetInfo.h"
#include "clang/AST/ASTContext.h" #include "clang/AST/ASTContext.h"
#include "clang/AST/Decl.h" #include "clang/AST/Decl.h"
#include "clang/AST/DeclCXX.h" #include "clang/AST/DeclCXX.h"
#include "clang/AST/StmtCXX.h" #include "clang/AST/StmtCXX.h"
#include "clang/Basic/OpenCL.h" #include "clang/Basic/OpenCL.h"
#include "clang/Basic/TargetInfo.h" #include "clang/Basic/TargetInfo.h"
#include "clang/Frontend/CodeGenOptions.h" #include "clang/Frontend/CodeGenOptions.h"
#include "llvm/IR/DataLayout.h" #include "llvm/IR/DataLayout.h"
▲ Show 20 LinesShow All 487 Lines▼ Show 20 Lines if (const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(D))
} }
if (getLangOpts().OpenCL) { if (getLangOpts().OpenCL) {
// Add metadata for a kernel function. // Add metadata for a kernel function.
if (const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(D)) if (const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(D))
EmitOpenCLKernelMetadata(FD, Fn); EmitOpenCLKernelMetadata(FD, Fn);
} }
// If we are checking function types, emit a function type signature as
// prefix data.
if (getLangOpts().CPlusPlus && SanOpts->Function) {
if (const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(D)) {
if (llvm::Constant *PrefixSig =
CGM.getTargetCodeGenInfo().getUBSanFunctionSignature(CGM)) {
llvm::Constant *FTRTTIConst =
CGM.GetAddrOfRTTIDescriptor(FD->getType(), /*ForEH=*/true);
llvm::Constant *PrefixStructElems[] = { PrefixSig, FTRTTIConst };
llvm::Constant *PrefixStructConst =
llvm::ConstantStruct::getAnon(PrefixStructElems, /*Packed=*/true);
Fn->setPrefixData(PrefixStructConst);
}
}
}
llvm::BasicBlock *EntryBB = createBasicBlock("entry", CurFn); llvm::BasicBlock *EntryBB = createBasicBlock("entry", CurFn);
// Create a marker to make it easy to insert allocas into the entryblock // Create a marker to make it easy to insert allocas into the entryblock
// later. Don't create this with the builder, because we don't want it // later. Don't create this with the builder, because we don't want it
// folded. // folded.
llvm::Value *Undef = llvm::UndefValue::get(Int32Ty); llvm::Value *Undef = llvm::UndefValue::get(Int32Ty);
AllocaInsertPt = new llvm::BitCastInst(Undef, Int32Ty, "", EntryBB); AllocaInsertPt = new llvm::BitCastInst(Undef, Int32Ty, "", EntryBB);
if (Builder.isNamePreserving()) if (Builder.isNamePreserving())
▲ Show 20 LinesShow All 934 LinesShow Last 20 Lines

cfe/trunk/lib/CodeGen/TargetInfo.h

Show All 15 Lines
#define CLANG_CODEGEN_TARGETINFO_H #define CLANG_CODEGEN_TARGETINFO_H
#include "clang/AST/Type.h" #include "clang/AST/Type.h"
#include "clang/Basic/LLVM.h" #include "clang/Basic/LLVM.h"
#include "llvm/ADT/StringRef.h" #include "llvm/ADT/StringRef.h"
#include "llvm/ADT/SmallString.h" #include "llvm/ADT/SmallString.h"
namespace llvm { namespace llvm {
class Constant;
class GlobalValue; class GlobalValue;
class Type; class Type;
class Value; class Value;
} }
namespace clang { namespace clang {
class ABIInfo; class ABIInfo;
class Decl; class Decl;
▲ Show 20 LinesShow All 99 Lines▼ Show 20 Lines public:
/// relocation model, and so on some targets it instead sniffs for /// relocation model, and so on some targets it instead sniffs for
/// a particular instruction sequence. This functions returns /// a particular instruction sequence. This functions returns
/// that instruction sequence in inline assembly, which will be /// that instruction sequence in inline assembly, which will be
/// empty if none is required. /// empty if none is required.
virtual StringRef getARCRetainAutoreleasedReturnValueMarker() const { virtual StringRef getARCRetainAutoreleasedReturnValueMarker() const {
return ""; return "";
} }
/// Return a constant used by UBSan as a signature to identify functions
/// possessing type information, or 0 if the platform is unsupported.
virtual llvm::Constant *getUBSanFunctionSignature(
CodeGen::CodeGenModule &CGM) const {
return 0;
}
/// Determine whether a call to an unprototyped functions under /// Determine whether a call to an unprototyped functions under
/// the given calling convention should use the variadic /// the given calling convention should use the variadic
/// convention or the non-variadic convention. /// convention or the non-variadic convention.
/// ///
/// There's a good reason to make a platform's variadic calling /// There's a good reason to make a platform's variadic calling
/// convention be different from its non-variadic calling /// convention be different from its non-variadic calling
/// convention: the non-variadic arguments can be passed in /// convention: the non-variadic arguments can be passed in
/// registers (better for performance), and the variadic arguments /// registers (better for performance), and the variadic arguments
▲ Show 20 LinesShow All 51 LinesShow Last 20 Lines

cfe/trunk/lib/CodeGen/TargetInfo.cpp

Show First 20 LinesShow All 595 Lines▼ Show 20 Lines bool initDwarfEHRegSizeTable(CodeGen::CodeGenFunction &CGF,
llvm::Value *Address) const; llvm::Value *Address) const;
llvm::Type* adjustInlineAsmType(CodeGen::CodeGenFunction &CGF, llvm::Type* adjustInlineAsmType(CodeGen::CodeGenFunction &CGF,
StringRef Constraint, StringRef Constraint,
llvm::Type* Ty) const { llvm::Type* Ty) const {
return X86AdjustInlineAsmType(CGF, Constraint, Ty); return X86AdjustInlineAsmType(CGF, Constraint, Ty);
} }
llvm::Constant *getUBSanFunctionSignature(CodeGen::CodeGenModule &CGM) const {
unsigned Sig = (0xeb << 0) | // jmp rel8
(0x06 << 8) | // .+0x08
('F' << 16) |
('T' << 24);
return llvm::ConstantInt::get(CGM.Int32Ty, Sig);
}
}; };
} }
/// shouldReturnTypeInRegister - Determine if the given type should be /// shouldReturnTypeInRegister - Determine if the given type should be
/// passed in a register (for the Darwin ABI). /// passed in a register (for the Darwin ABI).
bool X86_32ABIInfo::shouldReturnTypeInRegister(QualType Ty, bool X86_32ABIInfo::shouldReturnTypeInRegister(QualType Ty,
ASTContext &Context, ASTContext &Context,
▲ Show 20 LinesShow All 667 Lines▼ Show 20 Lines if (fnType->getCallConv() == CC_C) {
if (!HasAVXType) if (!HasAVXType)
return true; return true;
} }
return TargetCodeGenInfo::isNoProtoCallVariadic(args, fnType); return TargetCodeGenInfo::isNoProtoCallVariadic(args, fnType);
} }
llvm::Constant *getUBSanFunctionSignature(CodeGen::CodeGenModule &CGM) const {
unsigned Sig = (0xeb << 0) | // jmp rel8
(0x0a << 8) | // .+0x0c
('F' << 16) |
('T' << 24);
return llvm::ConstantInt::get(CGM.Int32Ty, Sig);
}
}; };
static std::string qualifyWindowsLibrary(llvm::StringRef Lib) { static std::string qualifyWindowsLibrary(llvm::StringRef Lib) {
// If the argument does not end in .lib, automatically add the suffix. This // If the argument does not end in .lib, automatically add the suffix. This
// matches the behavior of MSVC. // matches the behavior of MSVC.
std::string ArgStr = Lib; std::string ArgStr = Lib;
if (Lib.size() <= 4 || if (Lib.size() <= 4 ||
Lib.substr(Lib.size() - 4).compare_lower(".lib") != 0) { Lib.substr(Lib.size() - 4).compare_lower(".lib") != 0) {
▲ Show 20 LinesShow All 4,301 LinesShow Last 20 Lines

cfe/trunk/test/CodeGenCXX/catch-undef-behavior.cpp

// RUN: %clang_cc1 -std=c++11 -fsanitize=signed-integer-overflow,integer-divide-by-zero,float-divide-by-zero,shift,unreachable,return,vla-bound,alignment,null,vptr,object-size,float-cast-overflow,bool,enum,bounds -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s // RUN: %clang_cc1 -std=c++11 -fsanitize=signed-integer-overflow,integer-divide-by-zero,float-divide-by-zero,shift,unreachable,return,vla-bound,alignment,null,vptr,object-size,float-cast-overflow,bool,enum,bounds,function -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s
struct S { struct S {
double d; double d;
int a, b; int a, b;
virtual int f(); virtual int f();
}; };
struct T : S {}; struct T : S {};
▲ Show 20 LinesShow All 357 Lines▼ Show 20 Linesvoid downcast_reference(B &b) {
// CHECK: [[C_INT:%[0-9]*]] = ptrtoint %class.C* [[C]] to i64 // CHECK: [[C_INT:%[0-9]*]] = ptrtoint %class.C* [[C]] to i64
// CHECK-NEXT: [[MASKED:%[0-9]*]] = and i64 [[C_INT]], 15 // CHECK-NEXT: [[MASKED:%[0-9]*]] = and i64 [[C_INT]], 15
// CHECK-NEXT: [[TEST:%[0-9]*]] = icmp eq i64 [[MASKED]], 0 // CHECK-NEXT: [[TEST:%[0-9]*]] = icmp eq i64 [[MASKED]], 0
// AND the alignment test with the objectsize test. // AND the alignment test with the objectsize test.
// CHECK-NEXT: [[AND:%[0-9]*]] = and i1 {{.*}}, [[TEST]] // CHECK-NEXT: [[AND:%[0-9]*]] = and i1 {{.*}}, [[TEST]]
// CHECK-NEXT: br i1 [[AND]] // CHECK-NEXT: br i1 [[AND]]
} }
// CHECK-LABEL: @_Z22indirect_function_callPFviE({{.*}} prefix <{ i32, i8* }> <{ i32 1413876459, i8* bitcast ({ i8*, i8* }* @_ZTIFvPFviEE to i8*) }>
void indirect_function_call(void (*p)(int)) {
// CHECK: [[PTR:%[0-9]*]] = bitcast void (i32)* {{.*}} to <{ i32, i8* }>*
// Signature check
// CHECK-NEXT: [[SIGPTR:%[0-9]*]] = getelementptr <{ i32, i8* }>* [[PTR]], i32 0, i32 0
// CHECK-NEXT: [[SIG:%[0-9]*]] = load i32* [[SIGPTR]]
// CHECK-NEXT: [[SIGCMP:%[0-9]*]] = icmp eq i32 [[SIG]], 1413876459
// CHECK-NEXT: br i1 [[SIGCMP]]
// RTTI pointer check
// CHECK: [[RTTIPTR:%[0-9]*]] = getelementptr <{ i32, i8* }>* [[PTR]], i32 0, i32 1
// CHECK-NEXT: [[RTTI:%[0-9]*]] = load i8** [[RTTIPTR]]
// CHECK-NEXT: [[RTTICMP:%[0-9]*]] = icmp eq i8* [[RTTI]], bitcast ({ i8*, i8* }* @_ZTIFviE to i8*)
// CHECK-NEXT: br i1 [[RTTICMP]]
p(42);
}
namespace CopyValueRepresentation { namespace CopyValueRepresentation {
// CHECK-LABEL: define {{.*}} @_ZN23CopyValueRepresentation2S3aSERKS0_ // CHECK-LABEL: define {{.*}} @_ZN23CopyValueRepresentation2S3aSERKS0_
// CHECK-NOT: call {{.*}} @__ubsan_handle_load_invalid_value // CHECK-NOT: call {{.*}} @__ubsan_handle_load_invalid_value
// CHECK-LABEL: define {{.*}} @_ZN23CopyValueRepresentation2S4aSEOS0_ // CHECK-LABEL: define {{.*}} @_ZN23CopyValueRepresentation2S4aSEOS0_
// CHECK-NOT: call {{.*}} @__ubsan_handle_load_invalid_value // CHECK-NOT: call {{.*}} @__ubsan_handle_load_invalid_value
// CHECK-LABEL: define {{.*}} @_ZN23CopyValueRepresentation2S5C2ERKS0_ // CHECK-LABEL: define {{.*}} @_ZN23CopyValueRepresentation2S5C2ERKS0_
// CHECK-NOT: call {{.*}} __ubsan_handle_load_invalid_value // CHECK-NOT: call {{.*}} __ubsan_handle_load_invalid_value
// CHECK-LABEL: define {{.*}} @_ZN23CopyValueRepresentation2S2C2ERKS0_ // CHECK-LABEL: define {{.*}} @_ZN23CopyValueRepresentation2S2C2ERKS0_
▲ Show 20 LinesShow All 76 LinesShow Last 20 Lines

cfe/trunk/test/Driver/fsanitize.c

// RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP // RUN: %clang -target x86_64-linux-gnu -fcatch-undefined-behavior %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
// RUN: %clang -target x86_64-linux-gnu -fsanitize-undefined-trap-on-error -fsanitize=undefined-trap %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP // RUN: %clang -target x86_64-linux-gnu -fsanitize-undefined-trap-on-error -fsanitize=undefined-trap %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED-TRAP
// CHECK-UNDEFINED-TRAP: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|object-size|float-cast-overflow|bounds|enum|bool),?){14}"}} // CHECK-UNDEFINED-TRAP: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|object-size|float-cast-overflow|bounds|enum|bool),?){14}"}}
// CHECK-UNDEFINED-TRAP: "-fsanitize-undefined-trap-on-error" // CHECK-UNDEFINED-TRAP: "-fsanitize-undefined-trap-on-error"
// RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED // RUN: %clang -target x86_64-linux-gnu -fsanitize=undefined %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-UNDEFINED
// CHECK-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|bounds|enum|bool),?){15}"}} // CHECK-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift|unreachable|return|vla-bound|alignment|null|vptr|object-size|float-cast-overflow|bounds|enum|bool),?){16}"}}
// RUN: %clang -target x86_64-linux-gnu -fsanitize=integer %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INTEGER // RUN: %clang -target x86_64-linux-gnu -fsanitize=integer %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-INTEGER
// CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift),?){4}"}} // CHECK-INTEGER: "-fsanitize={{((signed-integer-overflow|unsigned-integer-overflow|integer-divide-by-zero|shift),?){4}"}}
// RUN: %clang -target x86_64-linux-gnu -fsanitize=thread,undefined -fno-thread-sanitizer -fno-sanitize=float-cast-overflow,vptr,bool,enum %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-PARTIAL-UNDEFINED // RUN: %clang -target x86_64-linux-gnu -fsanitize=thread,undefined -fno-thread-sanitizer -fno-sanitize=float-cast-overflow,vptr,bool,enum %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-PARTIAL-UNDEFINED
// CHECK-PARTIAL-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|shift|unreachable|return|vla-bound|alignment|null|object-size|bounds),?){11}"}} // CHECK-PARTIAL-UNDEFINED: "-fsanitize={{((signed-integer-overflow|integer-divide-by-zero|float-divide-by-zero|function|shift|unreachable|return|vla-bound|alignment|null|object-size|bounds),?){12}"}}
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address-full %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-FULL // RUN: %clang -target x86_64-linux-gnu -fsanitize=address-full %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-FULL
// CHECK-ASAN-FULL: "-fsanitize={{((address|init-order|use-after-return|use-after-scope),?){4}"}} // CHECK-ASAN-FULL: "-fsanitize={{((address|init-order|use-after-return|use-after-scope),?){4}"}}
// RUN: %clang -target x86_64-linux-gnu -fno-sanitize=init-order,use-after-return -fsanitize=address %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-IMPLIED-INIT-ORDER-UAR // RUN: %clang -target x86_64-linux-gnu -fno-sanitize=init-order,use-after-return -fsanitize=address %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-IMPLIED-INIT-ORDER-UAR
// CHECK-ASAN-IMPLIED-INIT-ORDER-UAR: "-fsanitize={{((address|init-order|use-after-return),?){3}"}} // CHECK-ASAN-IMPLIED-INIT-ORDER-UAR: "-fsanitize={{((address|init-order|use-after-return),?){3}"}}
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fno-sanitize=init-order %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-NO-IMPLIED-INIT-ORDER // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fno-sanitize=init-order %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-ASAN-NO-IMPLIED-INIT-ORDER
▲ Show 20 LinesShow All 132 LinesShow Last 20 Lines