This is an archive of the discontinued LLVM Phabricator instance.

Differential D20323

[ubsan] runtime support for pointer overflow checking
ClosedPublic

Authored by regehr on May 17 2016, 4:59 AM.

Download Raw Diff

Details

Reviewers

filcab
rsmith

Commits

rG41dfc4f1faa6: [ubsan] Runtime support for pointer overflow checking
rCRT304461: [ubsan] Runtime support for pointer overflow checking
rL304461: [ubsan] Runtime support for pointer overflow checking

Summary

This is the runtime support for this cfe patch to support pointer overflow checking:

http://reviews.llvm.org/D20322

Diff Detail

Repository: rL LLVM

Event Timeline

regehr updated this revision to Diff 57461.May 17 2016, 4:59 AM

regehr retitled this revision from to [ubsan] runtime support for pointer overflow checking.

regehr updated this object.

regehr added reviewers: filcab, rsmith.

regehr added a subscriber: dtzWill.

Herald added a subscriber: kubamracek. · View Herald TranscriptMay 17 2016, 4:59 AM

regehr added a child revision: D20322: [ubsan] add pointer overflow checking.May 17 2016, 5:00 AM

LGTM with the test fix.

test/ubsan/TestCases/Pointer/index-overflow.cpp
19 ↗	(On Diff #57461)	Something happened here... :-)

This revision is now accepted and ready to land.May 17 2016, 8:31 AM

Hmm, this test actually is wonky if argv[0] happens to be negative when represented as intptr_t... which happens on -m32 for my machine. I'll see about constructing a better test case!

Doing this in a 'portable' manner is amusingly challenging...

Fixed test:

// RUN: %clangxx -fsanitize=pointer-overflow %s -o %t
// RUN: %t 1 2>&1 | FileCheck %s --check-prefix=ERR
// RUN: %t 0 2>&1 | FileCheck %s --check-prefix=SAFE
// RUN: %t -1 2>&1 | FileCheck %s --check-prefix=SAFE

#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>

int main(int argc, char *argv[]) {
  // SAFE-NOT: runtime error
  // ERR: runtime error: pointer index expression with base {{.*}} overflowed to

  char *p = (char *)(UINTPTR_MAX);

  printf("%p\n", p + atoi(argv[1]));

  return 0;
}

I'm not sure how to update the revision, but this test should do the trick :).

Fix borked test. Thanks folks!

0x64616E69656C added a subscriber: 0x64616E69656C.Jul 28 2016, 9:11 AM

Looks like patch was not committed.

Closed by commit rL304461: [ubsan] Runtime support for pointer overflow checking (authored by vedantk). · Explain WhyJun 1 2017, 12:41 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

compiler-rt/

trunk/

lib/

ubsan/

1 line

7 lines

31 lines

2 lines

test/

ubsan/

TestCases/

Pointer/

index-overflow.cpp

19 lines

Diff 101082

compiler-rt/trunk/lib/ubsan/ubsan_checks.inc

	Show All 13 Lines
	# error "Define UBSAN_CHECK prior to including this file!"			# error "Define UBSAN_CHECK prior to including this file!"
	#endif			#endif

	// UBSAN_CHECK(Name, SummaryKind, FSanitizeFlagName)			// UBSAN_CHECK(Name, SummaryKind, FSanitizeFlagName)
	// SummaryKind and FSanitizeFlagName should be string literals.			// SummaryKind and FSanitizeFlagName should be string literals.

	UBSAN_CHECK(GenericUB, "undefined-behavior", "undefined")			UBSAN_CHECK(GenericUB, "undefined-behavior", "undefined")
	UBSAN_CHECK(NullPointerUse, "null-pointer-use", "null")			UBSAN_CHECK(NullPointerUse, "null-pointer-use", "null")
				UBSAN_CHECK(PointerOverflow, "pointer-overflow", "pointer-overflow")
	UBSAN_CHECK(MisalignedPointerUse, "misaligned-pointer-use", "alignment")			UBSAN_CHECK(MisalignedPointerUse, "misaligned-pointer-use", "alignment")
	UBSAN_CHECK(InsufficientObjectSize, "insufficient-object-size", "object-size")			UBSAN_CHECK(InsufficientObjectSize, "insufficient-object-size", "object-size")
	UBSAN_CHECK(SignedIntegerOverflow, "signed-integer-overflow",			UBSAN_CHECK(SignedIntegerOverflow, "signed-integer-overflow",
	"signed-integer-overflow")			"signed-integer-overflow")
	UBSAN_CHECK(UnsignedIntegerOverflow, "unsigned-integer-overflow",			UBSAN_CHECK(UnsignedIntegerOverflow, "unsigned-integer-overflow",
	"unsigned-integer-overflow")			"unsigned-integer-overflow")
	UBSAN_CHECK(IntegerDivideByZero, "integer-divide-by-zero",			UBSAN_CHECK(IntegerDivideByZero, "integer-divide-by-zero",
	"integer-divide-by-zero")			"integer-divide-by-zero")
	Show All 16 Lines

compiler-rt/trunk/lib/ubsan/ubsan_handlers.h

Show First 20 Lines • Show All 146 Lines • ▼ Show 20 Lines	struct NonNullArgData {
int ArgIndex;		int ArgIndex;
};		};

/// \brief Handle passing null pointer to a function parameter with the nonnull		/// \brief Handle passing null pointer to a function parameter with the nonnull
/// attribute, or a _Nonnull type annotation.		/// attribute, or a _Nonnull type annotation.
RECOVERABLE(nonnull_arg, NonNullArgData *Data)		RECOVERABLE(nonnull_arg, NonNullArgData *Data)
RECOVERABLE(nullability_arg, NonNullArgData *Data)		RECOVERABLE(nullability_arg, NonNullArgData *Data)

		struct PointerOverflowData {
		SourceLocation Loc;
		};

		RECOVERABLE(pointer_overflow, PointerOverflowData *Data, ValueHandle Base,
		ValueHandle Result)

/// \brief Known CFI check kinds.		/// \brief Known CFI check kinds.
/// Keep in sync with the enum of the same name in CodeGenFunction.h		/// Keep in sync with the enum of the same name in CodeGenFunction.h
enum CFITypeCheckKind : unsigned char {		enum CFITypeCheckKind : unsigned char {
CFITCK_VCall,		CFITCK_VCall,
CFITCK_NVCall,		CFITCK_NVCall,
CFITCK_DerivedCast,		CFITCK_DerivedCast,
CFITCK_UnrelatedCast,		CFITCK_UnrelatedCast,
CFITCK_ICall,		CFITCK_ICall,
Show All 14 Lines

compiler-rt/trunk/lib/ubsan/ubsan_handlers.cc

	Show First 20 Lines • Show All 548 Lines • ▼ Show 20 Lines
	}			}

	void __ubsan::__ubsan_handle_nullability_arg_abort(NonNullArgData *Data) {			void __ubsan::__ubsan_handle_nullability_arg_abort(NonNullArgData *Data) {
	GET_REPORT_OPTIONS(true);			GET_REPORT_OPTIONS(true);
	handleNonNullArg(Data, Opts, false);			handleNonNullArg(Data, Opts, false);
	Die();			Die();
	}			}

				static void handlePointerOverflowImpl(PointerOverflowData *Data,
				ValueHandle Base,
				ValueHandle Result,
				ReportOptions Opts) {
				SourceLocation Loc = Data->Loc.acquire();
				ErrorType ET = ErrorType::PointerOverflow;

				if (ignoreReport(Loc, Opts, ET))
				return;

				ScopedReport R(Opts, Loc, ET);

				Diag(Loc, DL_Error, "pointer index expression with base %0 overflowed to %1")
				<< (void )Base << (void)Result;
				}

				void __ubsan::__ubsan_handle_pointer_overflow(PointerOverflowData *Data,
				ValueHandle Base,
				ValueHandle Result) {
				GET_REPORT_OPTIONS(false);
				handlePointerOverflowImpl(Data, Base, Result, Opts);
				}

				void __ubsan::__ubsan_handle_pointer_overflow_abort(PointerOverflowData *Data,
				ValueHandle Base,
				ValueHandle Result) {
				GET_REPORT_OPTIONS(true);
				handlePointerOverflowImpl(Data, Base, Result, Opts);
				Die();
				}

	static void handleCFIBadIcall(CFICheckFailData *Data, ValueHandle Function,			static void handleCFIBadIcall(CFICheckFailData *Data, ValueHandle Function,
	ReportOptions Opts) {			ReportOptions Opts) {
	if (Data->CheckKind != CFITCK_ICall)			if (Data->CheckKind != CFITCK_ICall)
	Die();			Die();

	SourceLocation Loc = Data->Loc.acquire();			SourceLocation Loc = Data->Loc.acquire();
	ErrorType ET = ErrorType::CFIBadType;			ErrorType ET = ErrorType::CFIBadType;

	▲ Show 20 Lines • Show All 51 Lines • Show Last 20 Lines

compiler-rt/trunk/lib/ubsan/ubsan_interface.inc

	Show All 30 Lines
	INTERFACE_FUNCTION(__ubsan_handle_nonnull_return)			INTERFACE_FUNCTION(__ubsan_handle_nonnull_return)
	INTERFACE_FUNCTION(__ubsan_handle_nonnull_return_abort)			INTERFACE_FUNCTION(__ubsan_handle_nonnull_return_abort)
	INTERFACE_FUNCTION(__ubsan_handle_nullability_arg)			INTERFACE_FUNCTION(__ubsan_handle_nullability_arg)
	INTERFACE_FUNCTION(__ubsan_handle_nullability_arg_abort)			INTERFACE_FUNCTION(__ubsan_handle_nullability_arg_abort)
	INTERFACE_FUNCTION(__ubsan_handle_nullability_return)			INTERFACE_FUNCTION(__ubsan_handle_nullability_return)
	INTERFACE_FUNCTION(__ubsan_handle_nullability_return_abort)			INTERFACE_FUNCTION(__ubsan_handle_nullability_return_abort)
	INTERFACE_FUNCTION(__ubsan_handle_out_of_bounds)			INTERFACE_FUNCTION(__ubsan_handle_out_of_bounds)
	INTERFACE_FUNCTION(__ubsan_handle_out_of_bounds_abort)			INTERFACE_FUNCTION(__ubsan_handle_out_of_bounds_abort)
				INTERFACE_FUNCTION(__ubsan_handle_pointer_overflow)
				INTERFACE_FUNCTION(__ubsan_handle_pointer_overflow_abort)
	INTERFACE_FUNCTION(__ubsan_handle_shift_out_of_bounds)			INTERFACE_FUNCTION(__ubsan_handle_shift_out_of_bounds)
	INTERFACE_FUNCTION(__ubsan_handle_shift_out_of_bounds_abort)			INTERFACE_FUNCTION(__ubsan_handle_shift_out_of_bounds_abort)
	INTERFACE_FUNCTION(__ubsan_handle_sub_overflow)			INTERFACE_FUNCTION(__ubsan_handle_sub_overflow)
	INTERFACE_FUNCTION(__ubsan_handle_sub_overflow_abort)			INTERFACE_FUNCTION(__ubsan_handle_sub_overflow_abort)
	INTERFACE_FUNCTION(__ubsan_handle_type_mismatch_v1)			INTERFACE_FUNCTION(__ubsan_handle_type_mismatch_v1)
	INTERFACE_FUNCTION(__ubsan_handle_type_mismatch_v1_abort)			INTERFACE_FUNCTION(__ubsan_handle_type_mismatch_v1_abort)
	INTERFACE_FUNCTION(__ubsan_handle_vla_bound_not_positive)			INTERFACE_FUNCTION(__ubsan_handle_vla_bound_not_positive)
	INTERFACE_FUNCTION(__ubsan_handle_vla_bound_not_positive_abort)			INTERFACE_FUNCTION(__ubsan_handle_vla_bound_not_positive_abort)
	INTERFACE_WEAK_FUNCTION(__ubsan_default_options)			INTERFACE_WEAK_FUNCTION(__ubsan_default_options)

compiler-rt/trunk/test/ubsan/TestCases/Pointer/index-overflow.cpp

				// RUN: %clangxx -fsanitize=pointer-overflow %s -o %t
				// RUN: %t 1 2>&1 \| FileCheck %s --check-prefix=ERR
				// RUN: %t 0 2>&1 \| FileCheck %s --check-prefix=SAFE
				// RUN: %t -1 2>&1 \| FileCheck %s --check-prefix=SAFE

				#include <stdio.h>
				#include <stdint.h>
				#include <stdlib.h>

				int main(int argc, char *argv[]) {
				// SAFE-NOT: runtime error
				// ERR: runtime error: pointer index expression with base {{.*}} overflowed to

				char p = (char )(UINTPTR_MAX);

				printf("%p\n", p + atoi(argv[1]));

				return 0;
				}