This is an archive of the discontinued LLVM Phabricator instance.

Differential D21695

[clang] Version support for UBSan handlers
ClosedPublic

Authored by filcab on Jun 24 2016, 12:05 PM.

Details

Reviewers
kcc
samsonov
vsk
rsmith
Commits
rG322ecd901b52: [clang] Version support for UBSan handlers
rC289444: [clang] Version support for UBSan handlers
rL289444: [clang] Version support for UBSan handlers
Summary

This adds a way for us to version any UBSan handler by itself.
The patch overrides D21289 for a better implementation (we're able to
rev up a single handler).

After this, then we can land a slight modification of D19667+D19668.

We probably don't want to keep all the versions in compiler-rt (maybe we
want to deprecate on one release and remove the old handler on the next
one?), but with this patch we will loudly fail to compile when mixing
incompatible handler calls, instead of silently compiling and then
providing bad error messages.

Diff Detail

Event Timeline

filcab updated this revision to Diff 61817.Jun 24 2016, 12:05 PM
filcab retitled this revision from to [clang] Version support for UBSan handlers.
filcab updated this object.
filcab added reviewers: kcc, samsonov, rsmith.
filcab added a subscriber: cfe-commits.
filcab added a comment.Jul 12 2016, 2:20 PM

Ping!

filcab added a comment.Aug 9 2016, 5:45 AM

Ping!

vsk added a subscriber: vsk.Aug 9 2016, 7:27 PM

After reading through the discussion in D19668, I don't think I understood the pros/cons of using a single ABI check (like asan does) versus adding version numbers to each handler routine. With the latter approach, wouldn't users only be able to link old object files with new runtimes if we never delete old checks? If that's the case, and assuming that we'd like to delete old checks, a single version symbol check would accomplish the same thing.

lib/CodeGen/CGExpr.cpp
2473

Wdyt of dropping the "_vN" component if the version is 0? That's one less compiler-rt change that we'd need.

filcab added a comment.Aug 12 2016, 6:02 AM
In D21695#510788, @vsk wrote:

After reading through the discussion in D19668, I don't think I understood the pros/cons of using a single ABI check (like asan does) versus adding version numbers to each handler routine. With the latter approach, wouldn't users only be able to link old object files with new runtimes if we never delete old checks? If that's the case, and assuming that we'd like to delete old checks, a single version symbol check would accomplish the same thing.

With ASan it's very easy to add a single symbol for all of it, since it's a single pass, and when it runs, instrumentation is added. For UBSan it depends on it being enabled and you hitting a place where it checks for it. We can emit the version check symbol in emitCheckHandlerCall, though.

With split versioning, as long as the checks you enable don't get different versions (it's rare that we change checks, too), they'll still work (arguably this is not as valuable as I think it is, but things like Android frameworks enabling UBSan checks in production might make it more valuable).
With a single version for "UBSan", you get more problems:

  • Should you rev when *adding* check handlers?
    • If so, why would I need a newer lib just because it includes a new check, even if I don't use that?
  • You'll need to rev up, and use a newer version of the library even if the checks' interface (for the ones you're using) hasn't changed.
lib/CodeGen/CGExpr.cpp
2473

That's what it's doing:

(CheckInfo.Version ? "_v" + std::to_string(CheckInfo.Version) : "")
vsk added a comment.Aug 12 2016, 11:30 AM
In D21695#513723, @filcab wrote:
In D21695#510788, @vsk wrote:

After reading through the discussion in D19668, I don't think I understood the pros/cons of using a single ABI check (like asan does) versus adding version numbers to each handler routine. With the latter approach, wouldn't users only be able to link old object files with new runtimes if we never delete old checks? If that's the case, and assuming that we'd like to delete old checks, a single version symbol check would accomplish the same thing.

With ASan it's very easy to add a single symbol for all of it, since it's a single pass, and when it runs, instrumentation is added. For UBSan it depends on it being enabled and you hitting a place where it checks for it. We can emit the version check symbol in emitCheckHandlerCall, though.

Ah, yeah, I can see how this might be cumbersome.

With split versioning, as long as the checks you enable don't get different versions (it's rare that we change checks, too), they'll still work (arguably this is not as valuable as I think it is, but things like Android frameworks enabling UBSan checks in production might make it more valuable).

Running sanitized programs in production sounds strange to me. But, if there isn't really a cost to supporting this, I suppose it's fine.

lib/CodeGen/CGExpr.cpp
2473

Of course! My mistake.

filcab added a comment.Aug 17 2016, 4:29 AM
In D21695#514080, @vsk wrote:

Running sanitized programs in production sounds strange to me. But, if there isn't really a cost to supporting this, I suppose it's fine.

It does, and most likely this change wouldn't affect them, as I would guess people running sanitizers in production would probably use sanitize-trap.
But it's being done on parts of Android at least:
https://twitter.com/CopperheadOS/status/717086242966351872

filcab added a comment.Nov 29 2016, 10:03 AM

Ping!

vsk accepted this revision.Nov 29 2016, 11:30 AM
vsk added a reviewer: vsk.

Thanks for working on this. LGTM with a nit.

lib/CodeGen/CGExpr.cpp
2506

Use llvm::array_lengthof? Also, I don't think the >= 0 check is really necessary, but I'll leave it up to you to decide.

This revision is now accepted and ready to land.Nov 29 2016, 11:30 AM
Closed by commit rL289444: [clang] Version support for UBSan handlers (authored by filcab). · Explain WhyDec 12 2016, 8:29 AM
This revision was automatically updated to reflect the committed changes.
andrewford added a subscriber: andrewford.Dec 12 2016, 10:17 AM

This broke the build on android due to use of std::to_string. Would someone mind changing it to llvm::to_string, I don't have commit access to change it myself. Thanks!

Diffusion mentioned this in rL289452: Avoid use of std::to_string. NFC..Dec 12 2016, 10:58 AM

Revision Contents

PathSize
lib/
CodeGen/
4 lines
4 lines
4 lines
54 lines
18 lines
28 lines
6 lines

Diff 61817

lib/CodeGen/CGBuiltin.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 718 Lines▼ Show 20 Lines case Builtin::BI__builtin_trap:
return RValue::get(EmitTrapCall(Intrinsic::trap)); return RValue::get(EmitTrapCall(Intrinsic::trap));
case Builtin::BI__debugbreak: case Builtin::BI__debugbreak:
return RValue::get(EmitTrapCall(Intrinsic::debugtrap)); return RValue::get(EmitTrapCall(Intrinsic::debugtrap));
case Builtin::BI__builtin_unreachable: { case Builtin::BI__builtin_unreachable: {
if (SanOpts.has(SanitizerKind::Unreachable)) { if (SanOpts.has(SanitizerKind::Unreachable)) {
SanitizerScope SanScope(this); SanitizerScope SanScope(this);
EmitCheck(std::make_pair(static_cast<llvm::Value *>(Builder.getFalse()), EmitCheck(std::make_pair(static_cast<llvm::Value *>(Builder.getFalse()),
SanitizerKind::Unreachable), SanitizerKind::Unreachable),
"builtin_unreachable", EmitCheckSourceLocation(E->getExprLoc()), SanitizerHandler::BuiltinUnreachable,
None); EmitCheckSourceLocation(E->getExprLoc()), None);
} else } else
Builder.CreateUnreachable(); Builder.CreateUnreachable();
// We do need to preserve an insertion point. // We do need to preserve an insertion point.
EmitBlock(createBasicBlock("unreachable.cont")); EmitBlock(createBasicBlock("unreachable.cont"));
return RValue::get(nullptr); return RValue::get(nullptr);
} }
▲ Show 20 LinesShow All 6,937 LinesShow Last 20 Lines

lib/CodeGen/CGCall.cpp

Show First 20 LinesShow All 2,812 Lines▼ Show 20 Lines if (CurCodeDecl && SanOpts.has(SanitizerKind::ReturnsNonnullAttribute)) {
SanitizerScope SanScope(this); SanitizerScope SanScope(this);
llvm::Value *Cond = Builder.CreateICmpNE( llvm::Value *Cond = Builder.CreateICmpNE(
RV, llvm::Constant::getNullValue(RV->getType())); RV, llvm::Constant::getNullValue(RV->getType()));
llvm::Constant *StaticData[] = { llvm::Constant *StaticData[] = {
EmitCheckSourceLocation(EndLoc), EmitCheckSourceLocation(EndLoc),
EmitCheckSourceLocation(RetNNAttr->getLocation()), EmitCheckSourceLocation(RetNNAttr->getLocation()),
}; };
EmitCheck(std::make_pair(Cond, SanitizerKind::ReturnsNonnullAttribute), EmitCheck(std::make_pair(Cond, SanitizerKind::ReturnsNonnullAttribute),
"nonnull_return", StaticData, None); SanitizerHandler::NonnullReturn, StaticData, None);
} }
} }
Ret = Builder.CreateRet(RV); Ret = Builder.CreateRet(RV);
} else { } else {
Ret = Builder.CreateRetVoid(); Ret = Builder.CreateRetVoid();
} }
if (RetDbgLoc) if (RetDbgLoc)
▲ Show 20 LinesShow All 309 Lines▼ Show 20 Linesvoid CodeGenFunction::EmitNonNullArgCheck(RValue RV, QualType ArgType,
llvm::Value *Cond = llvm::Value *Cond =
Builder.CreateICmpNE(V, llvm::Constant::getNullValue(V->getType())); Builder.CreateICmpNE(V, llvm::Constant::getNullValue(V->getType()));
llvm::Constant *StaticData[] = { llvm::Constant *StaticData[] = {
EmitCheckSourceLocation(ArgLoc), EmitCheckSourceLocation(ArgLoc),
EmitCheckSourceLocation(NNAttr->getLocation()), EmitCheckSourceLocation(NNAttr->getLocation()),
llvm::ConstantInt::get(Int32Ty, ArgNo + 1), llvm::ConstantInt::get(Int32Ty, ArgNo + 1),
}; };
EmitCheck(std::make_pair(Cond, SanitizerKind::NonnullAttribute), EmitCheck(std::make_pair(Cond, SanitizerKind::NonnullAttribute),
"nonnull_arg", StaticData, None); SanitizerHandler::NonnullArg, StaticData, None);
} }
void CodeGenFunction::EmitCallArgs( void CodeGenFunction::EmitCallArgs(
CallArgList &Args, ArrayRef<QualType> ArgTypes, CallArgList &Args, ArrayRef<QualType> ArgTypes,
llvm::iterator_range<CallExpr::const_arg_iterator> ArgRange, llvm::iterator_range<CallExpr::const_arg_iterator> ArgRange,
const FunctionDecl *CalleeDecl, unsigned ParamsToSkip) { const FunctionDecl *CalleeDecl, unsigned ParamsToSkip) {
assert((int)ArgTypes.size() == (ArgRange.end() - ArgRange.begin())); assert((int)ArgTypes.size() == (ArgRange.end() - ArgRange.begin()));
▲ Show 20 LinesShow All 963 LinesShow Last 20 Lines

lib/CodeGen/CGClass.cpp

Show First 20 LinesShow All 2,637 Lines▼ Show 20 Linesvoid CodeGenFunction::EmitVTablePtrCheck(const CXXRecordDecl *RD,
} }
llvm::Value *AllVtables = llvm::MetadataAsValue::get( llvm::Value *AllVtables = llvm::MetadataAsValue::get(
CGM.getLLVMContext(), CGM.getLLVMContext(),
llvm::MDString::get(CGM.getLLVMContext(), "all-vtables")); llvm::MDString::get(CGM.getLLVMContext(), "all-vtables"));
llvm::Value *ValidVtable = llvm::Value *ValidVtable =
Builder.CreateCall(CGM.getIntrinsic(llvm::Intrinsic::bitset_test), Builder.CreateCall(CGM.getIntrinsic(llvm::Intrinsic::bitset_test),
{CastedVTable, AllVtables}); {CastedVTable, AllVtables});
EmitCheck(std::make_pair(BitSetTest, M), "cfi_check_fail", StaticData, EmitCheck(std::make_pair(BitSetTest, M), SanitizerHandler::CFICheckFail,
{CastedVTable, ValidVtable}); StaticData, {CastedVTable, ValidVtable});
} }
// FIXME: Ideally Expr::IgnoreParenNoopCasts should do this, but it doesn't do // FIXME: Ideally Expr::IgnoreParenNoopCasts should do this, but it doesn't do
// quite what we want. // quite what we want.
static const Expr *skipNoOpCastsAndParens(const Expr *E) { static const Expr *skipNoOpCastsAndParens(const Expr *E) {
while (true) { while (true) {
if (const ParenExpr *PE = dyn_cast<ParenExpr>(E)) { if (const ParenExpr *PE = dyn_cast<ParenExpr>(E)) {
E = PE->getSubExpr(); E = PE->getSubExpr();
▲ Show 20 LinesShow All 191 LinesShow Last 20 Lines

lib/CodeGen/CGExpr.cpp

Show First 20 LinesShow All 583 Lines▼ Show 20 Linesvoid CodeGenFunction::EmitTypeCheck(TypeCheckKind TCK, SourceLocation Loc,
if (Checks.size() > 0) { if (Checks.size() > 0) {
llvm::Constant *StaticData[] = { llvm::Constant *StaticData[] = {
EmitCheckSourceLocation(Loc), EmitCheckSourceLocation(Loc),
EmitCheckTypeDescriptor(Ty), EmitCheckTypeDescriptor(Ty),
llvm::ConstantInt::get(SizeTy, AlignVal), llvm::ConstantInt::get(SizeTy, AlignVal),
llvm::ConstantInt::get(Int8Ty, TCK) llvm::ConstantInt::get(Int8Ty, TCK)
}; };
EmitCheck(Checks, "type_mismatch", StaticData, Ptr); EmitCheck(Checks, SanitizerHandler::TypeMismatch, StaticData, Ptr);
} }
// If possible, check that the vptr indicates that there is a subobject of // If possible, check that the vptr indicates that there is a subobject of
// type Ty at offset zero within this object. // type Ty at offset zero within this object.
// //
// C++11 [basic.life]p5,6: // C++11 [basic.life]p5,6:
// [For storage which does not refer to an object within its lifetime] // [For storage which does not refer to an object within its lifetime]
// The program has undefined behavior if: // The program has undefined behavior if:
▲ Show 20 LinesShow All 51 Lines▼ Show 20 Lines if (!CGM.getContext().getSanitizerBlacklist().isBlacklistedType(
llvm::Constant *StaticData[] = { llvm::Constant *StaticData[] = {
EmitCheckSourceLocation(Loc), EmitCheckSourceLocation(Loc),
EmitCheckTypeDescriptor(Ty), EmitCheckTypeDescriptor(Ty),
CGM.GetAddrOfRTTIDescriptor(Ty.getUnqualifiedType()), CGM.GetAddrOfRTTIDescriptor(Ty.getUnqualifiedType()),
llvm::ConstantInt::get(Int8Ty, TCK) llvm::ConstantInt::get(Int8Ty, TCK)
}; };
llvm::Value *DynamicData[] = { Ptr, Hash }; llvm::Value *DynamicData[] = { Ptr, Hash };
EmitCheck(std::make_pair(EqualHash, SanitizerKind::Vptr), EmitCheck(std::make_pair(EqualHash, SanitizerKind::Vptr),
"dynamic_type_cache_miss", StaticData, DynamicData); SanitizerHandler::DynamicTypeCacheMiss, StaticData,
DynamicData);
} }
} }
if (Done) { if (Done) {
Builder.CreateBr(Done); Builder.CreateBr(Done);
EmitBlock(Done); EmitBlock(Done);
} }
} }
▲ Show 20 LinesShow All 71 Lines▼ Show 20 Linesvoid CodeGenFunction::EmitBoundsCheck(const Expr *E, const Expr *Base,
llvm::Constant *StaticData[] = { llvm::Constant *StaticData[] = {
EmitCheckSourceLocation(E->getExprLoc()), EmitCheckSourceLocation(E->getExprLoc()),
EmitCheckTypeDescriptor(IndexedType), EmitCheckTypeDescriptor(IndexedType),
EmitCheckTypeDescriptor(IndexType) EmitCheckTypeDescriptor(IndexType)
}; };
llvm::Value *Check = Accessed ? Builder.CreateICmpULT(IndexVal, BoundVal) llvm::Value *Check = Accessed ? Builder.CreateICmpULT(IndexVal, BoundVal)
: Builder.CreateICmpULE(IndexVal, BoundVal); : Builder.CreateICmpULE(IndexVal, BoundVal);
EmitCheck(std::make_pair(Check, SanitizerKind::ArrayBounds), "out_of_bounds", EmitCheck(std::make_pair(Check, SanitizerKind::ArrayBounds),
StaticData, Index); SanitizerHandler::OutOfBounds, StaticData, Index);
} }
CodeGenFunction::ComplexPairTy CodeGenFunction:: CodeGenFunction::ComplexPairTy CodeGenFunction::
EmitComplexPrePostIncDec(const UnaryOperator *E, LValue LV, EmitComplexPrePostIncDec(const UnaryOperator *E, LValue LV,
bool isInc, bool isPre) { bool isInc, bool isPre) {
ComplexPairTy InVal = EmitLoadOfComplex(LV, E->getExprLoc()); ComplexPairTy InVal = EmitLoadOfComplex(LV, E->getExprLoc());
▲ Show 20 LinesShow All 555 Lines▼ Show 20 Lines if (getRangeForType(*this, Ty, Min, End, true)) {
Load, llvm::ConstantInt::get(getLLVMContext(), Min)); Load, llvm::ConstantInt::get(getLLVMContext(), Min));
Check = Builder.CreateAnd(Upper, Lower); Check = Builder.CreateAnd(Upper, Lower);
} }
llvm::Constant *StaticArgs[] = { llvm::Constant *StaticArgs[] = {
EmitCheckSourceLocation(Loc), EmitCheckSourceLocation(Loc),
EmitCheckTypeDescriptor(Ty) EmitCheckTypeDescriptor(Ty)
}; };
SanitizerMask Kind = NeedsEnumCheck ? SanitizerKind::Enum : SanitizerKind::Bool; SanitizerMask Kind = NeedsEnumCheck ? SanitizerKind::Enum : SanitizerKind::Bool;
EmitCheck(std::make_pair(Check, Kind), "load_invalid_value", StaticArgs, EmitCheck(std::make_pair(Check, Kind), SanitizerHandler::LoadInvalidValue,
EmitCheckValue(Load)); StaticArgs, EmitCheckValue(Load));
} }
} else if (CGM.getCodeGenOpts().OptimizationLevel > 0) } else if (CGM.getCodeGenOpts().OptimizationLevel > 0)
if (llvm::MDNode *RangeInfo = getRangeForLoadFromType(Ty)) if (llvm::MDNode *RangeInfo = getRangeForLoadFromType(Ty))
Load->setMetadata(llvm::LLVMContext::MD_range, RangeInfo); Load->setMetadata(llvm::LLVMContext::MD_range, RangeInfo);
return EmitFromMemory(Load, Ty); return EmitFromMemory(Load, Ty);
} }
▲ Show 20 LinesShow All 1,107 Lines▼ Show 20 Linesstatic CheckRecoverableKind getRecoverableKind(SanitizerMask Kind) {
case SanitizerKind::Return: case SanitizerKind::Return:
case SanitizerKind::Unreachable: case SanitizerKind::Unreachable:
return CheckRecoverableKind::Unrecoverable; return CheckRecoverableKind::Unrecoverable;
default: default:
return CheckRecoverableKind::Recoverable; return CheckRecoverableKind::Recoverable;
} }
} }
namespace {
struct SanitizerHandlerInfo {
char const *const Name;
unsigned Version;
};
};
const SanitizerHandlerInfo SanitizerHandlers[] = {
#define SANITIZER_CHECK(Enum, Name, Version) {#Name, Version},
LIST_SANITIZER_CHECKS
#undef SANITIZER_CHECK
};
static void emitCheckHandlerCall(CodeGenFunction &CGF, static void emitCheckHandlerCall(CodeGenFunction &CGF,
llvm::FunctionType *FnType, llvm::FunctionType *FnType,
ArrayRef<llvm::Value *> FnArgs, ArrayRef<llvm::Value *> FnArgs,
StringRef CheckName, SanitizerHandler CheckHandler,
CheckRecoverableKind RecoverKind, bool IsFatal, CheckRecoverableKind RecoverKind, bool IsFatal,
llvm::BasicBlock *ContBB) { llvm::BasicBlock *ContBB) {
assert(IsFatal || RecoverKind != CheckRecoverableKind::Unrecoverable); assert(IsFatal || RecoverKind != CheckRecoverableKind::Unrecoverable);
bool NeedsAbortSuffix = bool NeedsAbortSuffix =
IsFatal && RecoverKind != CheckRecoverableKind::Unrecoverable; IsFatal && RecoverKind != CheckRecoverableKind::Unrecoverable;
std::string FnName = ("__ubsan_handle_" + CheckName + const SanitizerHandlerInfo &CheckInfo = SanitizerHandlers[CheckHandler];
(NeedsAbortSuffix ? "_abort" : "")).str(); const StringRef CheckName = CheckInfo.Name;
std::string FnName =
("__ubsan_handle_" + CheckName +
(CheckInfo.Version ? "_v" + std::to_string(CheckInfo.Version) : "") +
vskUnsubmitted
Not Done
ReplyInline Actions

Wdyt of dropping the "_vN" component if the version is 0? That's one less compiler-rt change that we'd need.

vsk: Wdyt of dropping the "_vN" component if the version is 0? That's one less compiler-rt change…
filcabAuthorUnsubmitted
Not Done
ReplyInline Actions

That's what it's doing:

(CheckInfo.Version ? "_v" + std::to_string(CheckInfo.Version) : "")
filcab: That's what it's doing: (CheckInfo.Version ? "_v" + std::to_string(CheckInfo.Version) : "")
vskUnsubmitted
Not Done
ReplyInline Actions

Of course! My mistake.

vsk: Of course! My mistake.
(NeedsAbortSuffix ? "_abort" : ""))
.str();
bool MayReturn = bool MayReturn =
!IsFatal || RecoverKind == CheckRecoverableKind::AlwaysRecoverable; !IsFatal || RecoverKind == CheckRecoverableKind::AlwaysRecoverable;
llvm::AttrBuilder B; llvm::AttrBuilder B;
if (!MayReturn) { if (!MayReturn) {
B.addAttribute(llvm::Attribute::NoReturn) B.addAttribute(llvm::Attribute::NoReturn)
.addAttribute(llvm::Attribute::NoUnwind); .addAttribute(llvm::Attribute::NoUnwind);
} }
Show All 9 Lines if (!MayReturn) {
CGF.Builder.CreateUnreachable(); CGF.Builder.CreateUnreachable();
} else { } else {
CGF.Builder.CreateBr(ContBB); CGF.Builder.CreateBr(ContBB);
} }
} }
void CodeGenFunction::EmitCheck( void CodeGenFunction::EmitCheck(
ArrayRef<std::pair<llvm::Value *, SanitizerMask>> Checked, ArrayRef<std::pair<llvm::Value *, SanitizerMask>> Checked,
StringRef CheckName, ArrayRef<llvm::Constant *> StaticArgs, SanitizerHandler CheckHandler, ArrayRef<llvm::Constant *> StaticArgs,
ArrayRef<llvm::Value *> DynamicArgs) { ArrayRef<llvm::Value *> DynamicArgs) {
assert(IsSanitizerScope); assert(IsSanitizerScope);
assert(Checked.size() > 0); assert(Checked.size() > 0);
assert(CheckHandler >= 0 &&
CheckHandler < sizeof(SanitizerHandlers) / sizeof(*SanitizerHandlers));
vskUnsubmitted
Not Done
ReplyInline Actions

Use llvm::array_lengthof? Also, I don't think the >= 0 check is really necessary, but I'll leave it up to you to decide.

vsk: Use llvm::array_lengthof? Also, I don't think the >= 0 check is really necessary, but I'll…
const StringRef CheckName = SanitizerHandlers[CheckHandler].Name;
llvm::Value *FatalCond = nullptr; llvm::Value *FatalCond = nullptr;
llvm::Value *RecoverableCond = nullptr; llvm::Value *RecoverableCond = nullptr;
llvm::Value *TrapCond = nullptr; llvm::Value *TrapCond = nullptr;
for (int i = 0, n = Checked.size(); i < n; ++i) { for (int i = 0, n = Checked.size(); i < n; ++i) {
llvm::Value *Check = Checked[i].first; llvm::Value *Check = Checked[i].first;
// -fsanitize-trap= overrides -fsanitize-recover=. // -fsanitize-trap= overrides -fsanitize-recover=.
llvm::Value *&Cond = llvm::Value *&Cond =
▲ Show 20 LinesShow All 63 Lines▼ Show 20 Lines#endif
} }
llvm::FunctionType *FnType = llvm::FunctionType *FnType =
llvm::FunctionType::get(CGM.VoidTy, ArgTypes, false); llvm::FunctionType::get(CGM.VoidTy, ArgTypes, false);
if (!FatalCond || !RecoverableCond) { if (!FatalCond || !RecoverableCond) {
// Simple case: we need to generate a single handler call, either // Simple case: we need to generate a single handler call, either
// fatal, or non-fatal. // fatal, or non-fatal.
emitCheckHandlerCall(*this, FnType, Args, CheckName, RecoverKind, emitCheckHandlerCall(*this, FnType, Args, CheckHandler, RecoverKind,
(FatalCond != nullptr), Cont); (FatalCond != nullptr), Cont);
} else { } else {
// Emit two handler calls: first one for set of unrecoverable checks, // Emit two handler calls: first one for set of unrecoverable checks,
// another one for recoverable. // another one for recoverable.
llvm::BasicBlock *NonFatalHandlerBB = llvm::BasicBlock *NonFatalHandlerBB =
createBasicBlock("non_fatal." + CheckName); createBasicBlock("non_fatal." + CheckName);
llvm::BasicBlock *FatalHandlerBB = createBasicBlock("fatal." + CheckName); llvm::BasicBlock *FatalHandlerBB = createBasicBlock("fatal." + CheckName);
Builder.CreateCondBr(FatalCond, NonFatalHandlerBB, FatalHandlerBB); Builder.CreateCondBr(FatalCond, NonFatalHandlerBB, FatalHandlerBB);
EmitBlock(FatalHandlerBB); EmitBlock(FatalHandlerBB);
emitCheckHandlerCall(*this, FnType, Args, CheckName, RecoverKind, true, emitCheckHandlerCall(*this, FnType, Args, CheckHandler, RecoverKind, true,
NonFatalHandlerBB); NonFatalHandlerBB);
EmitBlock(NonFatalHandlerBB); EmitBlock(NonFatalHandlerBB);
emitCheckHandlerCall(*this, FnType, Args, CheckName, RecoverKind, false, emitCheckHandlerCall(*this, FnType, Args, CheckHandler, RecoverKind, false,
Cont); Cont);
} }
EmitBlock(Cont); EmitBlock(Cont);
} }
void CodeGenFunction::EmitCfiSlowPathCheck( void CodeGenFunction::EmitCfiSlowPathCheck(
SanitizerMask Kind, llvm::Value *Cond, llvm::ConstantInt *TypeId, SanitizerMask Kind, llvm::Value *Cond, llvm::ConstantInt *TypeId,
▲ Show 20 LinesShow All 108 Lines▼ Show 20 Linesvoid CodeGenFunction::EmitCfiCheckFail() {
SmallVector<std::pair<llvm::Value *, SanitizerMask>, 5> Checks; SmallVector<std::pair<llvm::Value *, SanitizerMask>, 5> Checks;
for (auto CheckKindMaskPair : CheckKinds) { for (auto CheckKindMaskPair : CheckKinds) {
int Kind = CheckKindMaskPair.first; int Kind = CheckKindMaskPair.first;
SanitizerMask Mask = CheckKindMaskPair.second; SanitizerMask Mask = CheckKindMaskPair.second;
llvm::Value *Cond = llvm::Value *Cond =
Builder.CreateICmpNE(CheckKind, llvm::ConstantInt::get(Int8Ty, Kind)); Builder.CreateICmpNE(CheckKind, llvm::ConstantInt::get(Int8Ty, Kind));
if (CGM.getLangOpts().Sanitize.has(Mask)) if (CGM.getLangOpts().Sanitize.has(Mask))
EmitCheck(std::make_pair(Cond, Mask), "cfi_check_fail", {}, EmitCheck(std::make_pair(Cond, Mask), SanitizerHandler::CFICheckFail, {},
{Data, Addr, ValidVtable}); {Data, Addr, ValidVtable});
else else
EmitTrapCheck(Cond); EmitTrapCheck(Cond);
} }
FinishFunction(); FinishFunction();
// The only reference to this function will be created during LTO link. // The only reference to this function will be created during LTO link.
// Make sure it survives until then. // Make sure it survives until then.
▲ Show 20 LinesShow All 1,318 Lines▼ Show 20 Lines if (llvm::Constant *PrefixSig =
Builder.CreateAlignedLoad(CalleeRTTIPtr, getPointerAlign()); Builder.CreateAlignedLoad(CalleeRTTIPtr, getPointerAlign());
llvm::Value *CalleeRTTIMatch = llvm::Value *CalleeRTTIMatch =
Builder.CreateICmpEQ(CalleeRTTI, FTRTTIConst); Builder.CreateICmpEQ(CalleeRTTI, FTRTTIConst);
llvm::Constant *StaticData[] = { llvm::Constant *StaticData[] = {
EmitCheckSourceLocation(E->getLocStart()), EmitCheckSourceLocation(E->getLocStart()),
EmitCheckTypeDescriptor(CalleeType) EmitCheckTypeDescriptor(CalleeType)
}; };
EmitCheck(std::make_pair(CalleeRTTIMatch, SanitizerKind::Function), EmitCheck(std::make_pair(CalleeRTTIMatch, SanitizerKind::Function),
"function_type_mismatch", StaticData, Callee); SanitizerHandler::FunctionTypeMismatch, StaticData, Callee);
Builder.CreateBr(Cont); Builder.CreateBr(Cont);
EmitBlock(Cont); EmitBlock(Cont);
} }
} }
// If we are checking indirect calls and this call is indirect, check that the // If we are checking indirect calls and this call is indirect, check that the
// function pointer is a member of the bit set for the function type. // function pointer is a member of the bit set for the function type.
Show All 16 Lines llvm::Constant *StaticData[] = {
EmitCheckSourceLocation(E->getLocStart()), EmitCheckSourceLocation(E->getLocStart()),
EmitCheckTypeDescriptor(QualType(FnType, 0)), EmitCheckTypeDescriptor(QualType(FnType, 0)),
}; };
if (CGM.getCodeGenOpts().SanitizeCfiCrossDso && TypeId) { if (CGM.getCodeGenOpts().SanitizeCfiCrossDso && TypeId) {
EmitCfiSlowPathCheck(SanitizerKind::CFIICall, BitSetTest, TypeId, EmitCfiSlowPathCheck(SanitizerKind::CFIICall, BitSetTest, TypeId,
CastedCallee, StaticData); CastedCallee, StaticData);
} else { } else {
EmitCheck(std::make_pair(BitSetTest, SanitizerKind::CFIICall), EmitCheck(std::make_pair(BitSetTest, SanitizerKind::CFIICall),
"cfi_check_fail", StaticData, SanitizerHandler::CFICheckFail, StaticData,
{CastedCallee, llvm::UndefValue::get(IntPtrTy)}); {CastedCallee, llvm::UndefValue::get(IntPtrTy)});
} }
} }
CallArgList Args; CallArgList Args;
if (Chain) if (Chain)
Args.add(RValue::get(Builder.CreateBitCast(Chain, CGM.VoidPtrTy)), Args.add(RValue::get(Builder.CreateBitCast(Chain, CGM.VoidPtrTy)),
CGM.getContext().VoidPtrTy); CGM.getContext().VoidPtrTy);
▲ Show 20 LinesShow All 168 LinesShow Last 20 Lines

lib/CodeGen/CGExprScalar.cpp

Show First 20 LinesShow All 718 Lines▼ Show 20 Lines if (isa<llvm::IntegerType>(DstTy)) {
Check = Builder.CreateNot(Builder.CreateAnd(GE, LE)); Check = Builder.CreateNot(Builder.CreateAnd(GE, LE));
} }
} }
llvm::Constant *StaticArgs[] = {CGF.EmitCheckSourceLocation(Loc), llvm::Constant *StaticArgs[] = {CGF.EmitCheckSourceLocation(Loc),
CGF.EmitCheckTypeDescriptor(OrigSrcType), CGF.EmitCheckTypeDescriptor(OrigSrcType),
CGF.EmitCheckTypeDescriptor(DstType)}; CGF.EmitCheckTypeDescriptor(DstType)};
CGF.EmitCheck(std::make_pair(Check, SanitizerKind::FloatCastOverflow), CGF.EmitCheck(std::make_pair(Check, SanitizerKind::FloatCastOverflow),
"float_cast_overflow", StaticArgs, OrigSrc); SanitizerHandler::FloatCastOverflow, StaticArgs, OrigSrc);
} }
/// Emit a conversion from the specified type to the specified destination type, /// Emit a conversion from the specified type to the specified destination type,
/// both of which are LLVM scalar types. /// both of which are LLVM scalar types.
Value *ScalarExprEmitter::EmitScalarConversion(Value *Src, QualType SrcType, Value *ScalarExprEmitter::EmitScalarConversion(Value *Src, QualType SrcType,
QualType DstType, QualType DstType,
SourceLocation Loc) { SourceLocation Loc) {
return EmitScalarConversion(Src, SrcType, DstType, Loc, false); return EmitScalarConversion(Src, SrcType, DstType, Loc, false);
▲ Show 20 LinesShow All 186 Lines▼ Show 20 Lines
/// \brief Emit a sanitization check for the given "binary" operation (which /// \brief Emit a sanitization check for the given "binary" operation (which
/// might actually be a unary increment which has been lowered to a binary /// might actually be a unary increment which has been lowered to a binary
/// operation). The check passes if all values in \p Checks (which are \c i1), /// operation). The check passes if all values in \p Checks (which are \c i1),
/// are \c true. /// are \c true.
void ScalarExprEmitter::EmitBinOpCheck( void ScalarExprEmitter::EmitBinOpCheck(
ArrayRef<std::pair<Value *, SanitizerMask>> Checks, const BinOpInfo &Info) { ArrayRef<std::pair<Value *, SanitizerMask>> Checks, const BinOpInfo &Info) {
assert(CGF.IsSanitizerScope); assert(CGF.IsSanitizerScope);
StringRef CheckName; SanitizerHandler Check;
SmallVector<llvm::Constant *, 4> StaticData; SmallVector<llvm::Constant *, 4> StaticData;
SmallVector<llvm::Value *, 2> DynamicData; SmallVector<llvm::Value *, 2> DynamicData;
BinaryOperatorKind Opcode = Info.Opcode; BinaryOperatorKind Opcode = Info.Opcode;
if (BinaryOperator::isCompoundAssignmentOp(Opcode)) if (BinaryOperator::isCompoundAssignmentOp(Opcode))
Opcode = BinaryOperator::getOpForCompoundAssignment(Opcode); Opcode = BinaryOperator::getOpForCompoundAssignment(Opcode);
StaticData.push_back(CGF.EmitCheckSourceLocation(Info.E->getExprLoc())); StaticData.push_back(CGF.EmitCheckSourceLocation(Info.E->getExprLoc()));
const UnaryOperator *UO = dyn_cast<UnaryOperator>(Info.E); const UnaryOperator *UO = dyn_cast<UnaryOperator>(Info.E);
if (UO && UO->getOpcode() == UO_Minus) { if (UO && UO->getOpcode() == UO_Minus) {
CheckName = "negate_overflow"; Check = SanitizerHandler::NegateOverflow;
StaticData.push_back(CGF.EmitCheckTypeDescriptor(UO->getType())); StaticData.push_back(CGF.EmitCheckTypeDescriptor(UO->getType()));
DynamicData.push_back(Info.RHS); DynamicData.push_back(Info.RHS);
} else { } else {
if (BinaryOperator::isShiftOp(Opcode)) { if (BinaryOperator::isShiftOp(Opcode)) {
// Shift LHS negative or too large, or RHS out of bounds. // Shift LHS negative or too large, or RHS out of bounds.
CheckName = "shift_out_of_bounds"; Check = SanitizerHandler::ShiftOutOfBounds;
const BinaryOperator *BO = cast<BinaryOperator>(Info.E); const BinaryOperator *BO = cast<BinaryOperator>(Info.E);
StaticData.push_back( StaticData.push_back(
CGF.EmitCheckTypeDescriptor(BO->getLHS()->getType())); CGF.EmitCheckTypeDescriptor(BO->getLHS()->getType()));
StaticData.push_back( StaticData.push_back(
CGF.EmitCheckTypeDescriptor(BO->getRHS()->getType())); CGF.EmitCheckTypeDescriptor(BO->getRHS()->getType()));
} else if (Opcode == BO_Div || Opcode == BO_Rem) { } else if (Opcode == BO_Div || Opcode == BO_Rem) {
// Divide or modulo by zero, or signed overflow (eg INT_MAX / -1). // Divide or modulo by zero, or signed overflow (eg INT_MAX / -1).
CheckName = "divrem_overflow"; Check = SanitizerHandler::DivremOverflow;
StaticData.push_back(CGF.EmitCheckTypeDescriptor(Info.Ty)); StaticData.push_back(CGF.EmitCheckTypeDescriptor(Info.Ty));
} else { } else {
// Arithmetic overflow (+, -, *). // Arithmetic overflow (+, -, *).
switch (Opcode) { switch (Opcode) {
case BO_Add: CheckName = "add_overflow"; break; case BO_Add: Check = SanitizerHandler::AddOverflow; break;
case BO_Sub: CheckName = "sub_overflow"; break; case BO_Sub: Check = SanitizerHandler::SubOverflow; break;
case BO_Mul: CheckName = "mul_overflow"; break; case BO_Mul: Check = SanitizerHandler::MulOverflow; break;
default: llvm_unreachable("unexpected opcode for bin op check"); default: llvm_unreachable("unexpected opcode for bin op check");
} }
StaticData.push_back(CGF.EmitCheckTypeDescriptor(Info.Ty)); StaticData.push_back(CGF.EmitCheckTypeDescriptor(Info.Ty));
} }
DynamicData.push_back(Info.LHS); DynamicData.push_back(Info.LHS);
DynamicData.push_back(Info.RHS); DynamicData.push_back(Info.RHS);
} }
CGF.EmitCheck(Checks, CheckName, StaticData, DynamicData); CGF.EmitCheck(Checks, Check, StaticData, DynamicData);
} }
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Visitor Methods // Visitor Methods
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
Value *ScalarExprEmitter::VisitExpr(Expr *E) { Value *ScalarExprEmitter::VisitExpr(Expr *E) {
CGF.ErrorUnsupported(E, "scalar expression"); CGF.ErrorUnsupported(E, "scalar expression");
▲ Show 20 LinesShow All 2,565 LinesShow Last 20 Lines

lib/CodeGen/CodeGenFunction.h

Show First 20 LinesShow All 94 Lines▼ Show 20 Lines
/// ///
/// TODO: should vectors maybe be split out into their own thing? /// TODO: should vectors maybe be split out into their own thing?
enum TypeEvaluationKind { enum TypeEvaluationKind {
TEK_Scalar, TEK_Scalar,
TEK_Complex, TEK_Complex,
TEK_Aggregate TEK_Aggregate
}; };
#define LIST_SANITIZER_CHECKS \
SANITIZER_CHECK(AddOverflow, add_overflow, 0) \
SANITIZER_CHECK(BuiltinUnreachable, builtin_unreachable, 0) \
SANITIZER_CHECK(CFICheckFail, cfi_check_fail, 0) \
SANITIZER_CHECK(DivremOverflow, divrem_overflow, 0) \
SANITIZER_CHECK(DynamicTypeCacheMiss, dynamic_type_cache_miss, 0) \
SANITIZER_CHECK(FloatCastOverflow, float_cast_overflow, 0) \
SANITIZER_CHECK(FunctionTypeMismatch, function_type_mismatch, 0) \
SANITIZER_CHECK(LoadInvalidValue, load_invalid_value, 0) \
SANITIZER_CHECK(MissingReturn, missing_return, 0) \
SANITIZER_CHECK(MulOverflow, mul_overflow, 0) \
SANITIZER_CHECK(NegateOverflow, negate_overflow, 0) \
SANITIZER_CHECK(NonnullArg, nonnull_arg, 0) \
SANITIZER_CHECK(NonnullReturn, nonnull_return, 0) \
SANITIZER_CHECK(OutOfBounds, out_of_bounds, 0) \
SANITIZER_CHECK(ShiftOutOfBounds, shift_out_of_bounds, 0) \
SANITIZER_CHECK(SubOverflow, sub_overflow, 0) \
SANITIZER_CHECK(TypeMismatch, type_mismatch, 0) \
SANITIZER_CHECK(VLABoundNotPositive, vla_bound_not_positive, 0)
enum SanitizerHandler {
#define SANITIZER_CHECK(Enum, Name, Version) Enum,
LIST_SANITIZER_CHECKS
#undef SANITIZER_CHECK
};
/// CodeGenFunction - This class organizes the per-function state that is used /// CodeGenFunction - This class organizes the per-function state that is used
/// while generating LLVM code. /// while generating LLVM code.
class CodeGenFunction : public CodeGenTypeCache { class CodeGenFunction : public CodeGenTypeCache {
CodeGenFunction(const CodeGenFunction &) = delete; CodeGenFunction(const CodeGenFunction &) = delete;
void operator=(const CodeGenFunction &) = delete; void operator=(const CodeGenFunction &) = delete;
friend class CGCXXABI; friend class CGCXXABI;
public: public:
▲ Show 20 LinesShow All 2,967 Lines▼ Show 20 Linespublic:
/// \brief Emit a description of a source location in a format suitable for /// \brief Emit a description of a source location in a format suitable for
/// passing to a runtime sanitizer handler. /// passing to a runtime sanitizer handler.
llvm::Constant *EmitCheckSourceLocation(SourceLocation Loc); llvm::Constant *EmitCheckSourceLocation(SourceLocation Loc);
/// \brief Create a basic block that will call a handler function in a /// \brief Create a basic block that will call a handler function in a
/// sanitizer runtime with the provided arguments, and create a conditional /// sanitizer runtime with the provided arguments, and create a conditional
/// branch to it. /// branch to it.
void EmitCheck(ArrayRef<std::pair<llvm::Value *, SanitizerMask>> Checked, void EmitCheck(ArrayRef<std::pair<llvm::Value *, SanitizerMask>> Checked,
StringRef CheckName, ArrayRef<llvm::Constant *> StaticArgs, SanitizerHandler Check, ArrayRef<llvm::Constant *> StaticArgs,
ArrayRef<llvm::Value *> DynamicArgs); ArrayRef<llvm::Value *> DynamicArgs);
/// \brief Emit a slow path cross-DSO CFI check which calls __cfi_slowpath /// \brief Emit a slow path cross-DSO CFI check which calls __cfi_slowpath
/// if Cond if false. /// if Cond if false.
void EmitCfiSlowPathCheck(SanitizerMask Kind, llvm::Value *Cond, void EmitCfiSlowPathCheck(SanitizerMask Kind, llvm::Value *Cond,
llvm::ConstantInt *TypeId, llvm::Value *Ptr, llvm::ConstantInt *TypeId, llvm::Value *Ptr,
ArrayRef<llvm::Constant *> StaticArgs); ArrayRef<llvm::Constant *> StaticArgs);
▲ Show 20 LinesShow All 301 LinesShow Last 20 Lines

lib/CodeGen/CodeGenFunction.cpp

Show First 20 LinesShow All 1,030 Lines▼ Show 20 Linesvoid CodeGenFunction::GenerateCode(GlobalDecl GD, llvm::Function *Fn,
// If the '}' that terminates a function is reached, and the value of the // If the '}' that terminates a function is reached, and the value of the
// function call is used by the caller, the behavior is undefined. // function call is used by the caller, the behavior is undefined.
if (getLangOpts().CPlusPlus && !FD->hasImplicitReturnZero() && !SawAsmBlock && if (getLangOpts().CPlusPlus && !FD->hasImplicitReturnZero() && !SawAsmBlock &&
!FD->getReturnType()->isVoidType() && Builder.GetInsertBlock()) { !FD->getReturnType()->isVoidType() && Builder.GetInsertBlock()) {
if (SanOpts.has(SanitizerKind::Return)) { if (SanOpts.has(SanitizerKind::Return)) {
SanitizerScope SanScope(this); SanitizerScope SanScope(this);
llvm::Value *IsFalse = Builder.getFalse(); llvm::Value *IsFalse = Builder.getFalse();
EmitCheck(std::make_pair(IsFalse, SanitizerKind::Return), EmitCheck(std::make_pair(IsFalse, SanitizerKind::Return),
"missing_return", EmitCheckSourceLocation(FD->getLocation()), SanitizerHandler::MissingReturn,
None); EmitCheckSourceLocation(FD->getLocation()), None);
} else if (CGM.getCodeGenOpts().OptimizationLevel == 0) { } else if (CGM.getCodeGenOpts().OptimizationLevel == 0) {
EmitTrapCall(llvm::Intrinsic::trap); EmitTrapCall(llvm::Intrinsic::trap);
} }
Builder.CreateUnreachable(); Builder.CreateUnreachable();
Builder.ClearInsertionPoint(); Builder.ClearInsertionPoint();
} }
// Emit the standard function epilogue. // Emit the standard function epilogue.
▲ Show 20 LinesShow All 666 Lines▼ Show 20 Lines case Type::VariableArray: {
SanitizerScope SanScope(this); SanitizerScope SanScope(this);
llvm::Value *Zero = llvm::Constant::getNullValue(Size->getType()); llvm::Value *Zero = llvm::Constant::getNullValue(Size->getType());
llvm::Constant *StaticArgs[] = { llvm::Constant *StaticArgs[] = {
EmitCheckSourceLocation(size->getLocStart()), EmitCheckSourceLocation(size->getLocStart()),
EmitCheckTypeDescriptor(size->getType()) EmitCheckTypeDescriptor(size->getType())
}; };
EmitCheck(std::make_pair(Builder.CreateICmpSGT(Size, Zero), EmitCheck(std::make_pair(Builder.CreateICmpSGT(Size, Zero),
SanitizerKind::VLABound), SanitizerKind::VLABound),
"vla_bound_not_positive", StaticArgs, Size); SanitizerHandler::VLABoundNotPositive, StaticArgs, Size);
} }
// Always zexting here would be wrong if it weren't // Always zexting here would be wrong if it weren't
// undefined behavior to have a negative bound. // undefined behavior to have a negative bound.
entry = Builder.CreateIntCast(Size, SizeTy, /*signed*/ false); entry = Builder.CreateIntCast(Size, SizeTy, /*signed*/ false);
} }
} }
type = vat->getElementType(); type = vat->getElementType();
▲ Show 20 LinesShow All 243 LinesShow Last 20 Lines