This is an archive of the discontinued LLVM Phabricator instance.

Differential D29530

[ubsan] Reduce null checking of C++ object pointers (PR27581)
ClosedPublic

Authored by vsk on Feb 3 2017, 6:57 PM.

Details

Reviewers
arphaman
rsmith
efriedma
Commits
rG34b1fd6aaaf7: Retry^2: [ubsan] Reduce null checking of C++ object pointers (PR27581)
rG55875b99557d: Retry: [ubsan] Reduce null checking of C++ object pointers (PR27581)
rG3e5a9a6be801: [ubsan] Reduce null checking of C++ object pointers (PR27581)
rC295515: Retry^2: [ubsan] Reduce null checking of C++ object pointers (PR27581)
rC295401: Retry: [ubsan] Reduce null checking of C++ object pointers (PR27581)
rC295391: [ubsan] Reduce null checking of C++ object pointers (PR27581)
rL295515: Retry^2: [ubsan] Reduce null checking of C++ object pointers (PR27581)
rL295401: Retry: [ubsan] Reduce null checking of C++ object pointers (PR27581)
rL295391: [ubsan] Reduce null checking of C++ object pointers (PR27581)
Summary

Given a load of a member variable from an instance method ('this->x'),
ubsan inserts a null check for 'this', and another null check for
'&this->x', before allowing the load to occur. Both of these checks are
redundant, because 'this' must have been null-checked before the method
is called.

Similarly, given a call to a method from another method bound to the
same instance ('this->foo()'), ubsan inserts a redundant null check for
'this'. There is also a redundant null check in the case where the
object pointer is a reference ('Ref.foo()').

This patch teaches ubsan to remove the redundant null checks identified
above. I'm not sure I've gone about this in the way suggested in PR27581,
and would appreciate any advice/corrections.

Testing: check-clang and check-ubsan. I also compiled X86FastISel.cpp
with -fsanitize=null using patched/unpatched clangs based on r293572.
Here are the number of null checks emitted in various setups:

Setup# of null checks
unpatched, -O021767
patched, -O010758

Diff Detail

Repository
rL LLVM

Event Timeline

vsk created this revision.Feb 3 2017, 6:57 PM
arphaman added a subscriber: arphaman.Feb 6 2017, 3:33 AM

I feel like you should have at least one statement in the test that uses explicit 'this' to access a field/method.

Does your patch handle fields/methods in base classes as well? I think 'this' might be implicitly converted in the base of the member expression.

Also, what about cases like this one:

struct A {
  int x;

  void methodNotConst() const {
    const_cast<A*>(this)->x = 0;
  }
};
vsk updated this revision to Diff 87334.Feb 6 2017, 4:31 PM
vsk edited the summary of this revision. (Show Details)

@arphaman thank you for the feedback!

Per Alex's comments:

  • Add test for explicit use of the 'this' pointer.
  • Handle cases where the 'this' pointer may be casted (implicitly, or otherwise).

We're able to eliminate more null checks with this version of the patch. See the updated patch summary for the X86FastISel.cpp numbers.

arphaman added a comment.EditedFeb 9 2017, 4:30 AM

Thanks!

I guess for the sake of completeness it might be useful for handle 'this' in parens as well, since it could come up in macros:

#define MEMBER(x) (x)->y
...
MEMBER(this)
...

Btw, I was curious if we could do a similar optimization in Objective-C, but 'self' can be set to null there inside the body of a method. I guess maybe it would be possible to avoid the null check on self if we can prove it wasn't modified, but that's out of scope of this patch.

lib/CodeGen/CGExprCXX.cpp
294 ↗(On Diff #87334)

You can avoid the '{' '}' here.

arphaman added a comment.Feb 9 2017, 4:42 AM

Btw, you mentioned that 'this' must have been null-checked before the method is called. But what if it's called from some part of code that was compiled without -fsanitize=null? Wouldn't we still want at least one check to see if 'this' is null in a method?

vsk added a comment.Feb 10 2017, 10:18 AM

Ah, I did miss ParenExpr. Maybe it would be better to use Expr::isImplicitCXXThis, since it handles this case and some more. Later, we can go back and see if it's feasible to handle static/const casts in isImplicitCXXThis to catch more cases.

In D29530#671816, @arphaman wrote:

Btw, you mentioned that 'this' must have been null-checked before the method is called. But what if it's called from some part of code that was compiled without -fsanitize=null? Wouldn't we still want at least one check to see if 'this' is null in a method?

That's fair, I think that would address the concerns about the partial sanitization use case brought up in the original PR.

vsk updated this revision to Diff 88075.Feb 10 2017, 7:08 PM
vsk edited the summary of this revision. (Show Details)
vsk added a reviewer: arphaman.
  • Check 'this' once per method. This supports the partial sanitization use-case.
  • Flesh out the predicate for avoiding null checks on object pointers. I couldn't use isImplicitCXXThis like I'd wanted, because we'd like to catch explicit this exprs as well.
arphaman added inline comments.Feb 13 2017, 10:54 AM
test/CodeGenCXX/ubsan-suppress-null-checks.cpp
8 ↗(On Diff #88075)

I think this kind of check would've passed even when this patch is not applied. I understand that you need the first check for the single 'this' check, but it should be rewritten to ensure that it couldn't be the check for the return foo. Maybe you could use a C label before return and then check that the 'this' check is performed before the label?

vsk marked 2 inline comments as done.Feb 13 2017, 2:23 PM
vsk added inline comments.
test/CodeGenCXX/ubsan-suppress-null-checks.cpp
8 ↗(On Diff #88075)

Yes, this check should be tighter. This just checks that the number of checks in the method goes from 2 to 1. The label idea is great.

vsk updated this revision to Diff 88259.Feb 13 2017, 2:24 PM
vsk marked an inline comment as done.
  • Tighten up the tests per Alex's suggestion.
arphaman accepted this revision.Feb 16 2017, 9:41 AM

LGTM

This revision is now accepted and ready to land.Feb 16 2017, 9:41 AM
Closed by commit rL295391: [ubsan] Reduce null checking of C++ object pointers (PR27581) (authored by vedantk). · Explain WhyFeb 16 2017, 5:17 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
cfe/
trunk/
lib/
CodeGen/
38 lines
13 lines
3 lines
5 lines
test/
CodeGen/
19 lines
13 lines
CodeGenCXX/
187 lines

Diff 88808

cfe/trunk/lib/CodeGen/CGExpr.cpp

Show First 20 LinesShow All 941 Lines▼ Show 20 Lines
LValue CodeGenFunction::EmitUnsupportedLValue(const Expr *E, LValue CodeGenFunction::EmitUnsupportedLValue(const Expr *E,
const char *Name) { const char *Name) {
ErrorUnsupported(E, Name); ErrorUnsupported(E, Name);
llvm::Type *Ty = llvm::PointerType::getUnqual(ConvertType(E->getType())); llvm::Type *Ty = llvm::PointerType::getUnqual(ConvertType(E->getType()));
return MakeAddrLValue(Address(llvm::UndefValue::get(Ty), CharUnits::One()), return MakeAddrLValue(Address(llvm::UndefValue::get(Ty), CharUnits::One()),
E->getType()); E->getType());
} }
bool CodeGenFunction::CanElideObjectPointerNullCheck(const Expr *Obj) {
if (isa<DeclRefExpr>(Obj))
return true;
const Expr *Base = Obj;
while (!isa<CXXThisExpr>(Base)) {
// The result of a dynamic_cast can be null.
if (isa<CXXDynamicCastExpr>(Base))
return false;
if (const auto *CE = dyn_cast<CastExpr>(Base)) {
Base = CE->getSubExpr();
} else if (const auto *PE = dyn_cast<ParenExpr>(Base)) {
Base = PE->getSubExpr();
} else if (const auto *UO = dyn_cast<UnaryOperator>(Base)) {
if (UO->getOpcode() == UO_Extension)
Base = UO->getSubExpr();
else
return false;
} else {
return false;
}
}
return true;
}
LValue CodeGenFunction::EmitCheckedLValue(const Expr *E, TypeCheckKind TCK) { LValue CodeGenFunction::EmitCheckedLValue(const Expr *E, TypeCheckKind TCK) {
LValue LV; LValue LV;
if (SanOpts.has(SanitizerKind::ArrayBounds) && isa<ArraySubscriptExpr>(E)) if (SanOpts.has(SanitizerKind::ArrayBounds) && isa<ArraySubscriptExpr>(E))
LV = EmitArraySubscriptExpr(cast<ArraySubscriptExpr>(E), /*Accessed*/true); LV = EmitArraySubscriptExpr(cast<ArraySubscriptExpr>(E), /*Accessed*/true);
else else
LV = EmitLValue(E); LV = EmitLValue(E);
if (!isa<DeclRefExpr>(E) && !LV.isBitField() && LV.isSimple()) if (!isa<DeclRefExpr>(E) && !LV.isBitField() && LV.isSimple()) {
bool SkipNullCheck = false;
if (const auto *ME = dyn_cast<MemberExpr>(E))
SkipNullCheck = CanElideObjectPointerNullCheck(ME->getBase());
EmitTypeCheck(TCK, E->getExprLoc(), LV.getPointer(), EmitTypeCheck(TCK, E->getExprLoc(), LV.getPointer(),
E->getType(), LV.getAlignment()); E->getType(), LV.getAlignment(), SkipNullCheck);
}
return LV; return LV;
} }
/// EmitLValue - Emit code to compute a designator that specifies the location /// EmitLValue - Emit code to compute a designator that specifies the location
/// of the expression. /// of the expression.
/// ///
/// This can return one of two things: a simple address or a bitfield reference. /// This can return one of two things: a simple address or a bitfield reference.
/// In either case, the LLVM Value* in the LValue structure is guaranteed to be /// In either case, the LLVM Value* in the LValue structure is guaranteed to be
▲ Show 20 LinesShow All 2,363 Lines▼ Show 20 LinesLValue CodeGenFunction::EmitMemberExpr(const MemberExpr *E) {
Expr *BaseExpr = E->getBase(); Expr *BaseExpr = E->getBase();
// If this is s.x, emit s as an lvalue. If it is s->x, emit s as a scalar. // If this is s.x, emit s as an lvalue. If it is s->x, emit s as a scalar.
LValue BaseLV; LValue BaseLV;
if (E->isArrow()) { if (E->isArrow()) {
AlignmentSource AlignSource; AlignmentSource AlignSource;
Address Addr = EmitPointerWithAlignment(BaseExpr, &AlignSource); Address Addr = EmitPointerWithAlignment(BaseExpr, &AlignSource);
QualType PtrTy = BaseExpr->getType()->getPointeeType(); QualType PtrTy = BaseExpr->getType()->getPointeeType();
EmitTypeCheck(TCK_MemberAccess, E->getExprLoc(), Addr.getPointer(), PtrTy); bool SkipNullCheck = CanElideObjectPointerNullCheck(BaseExpr);
EmitTypeCheck(TCK_MemberAccess, E->getExprLoc(), Addr.getPointer(), PtrTy,
/*Alignment=*/CharUnits::Zero(), SkipNullCheck);
BaseLV = MakeAddrLValue(Addr, PtrTy, AlignSource); BaseLV = MakeAddrLValue(Addr, PtrTy, AlignSource);
} else } else
BaseLV = EmitCheckedLValue(BaseExpr, TCK_MemberAccess); BaseLV = EmitCheckedLValue(BaseExpr, TCK_MemberAccess);
NamedDecl *ND = E->getMemberDecl(); NamedDecl *ND = E->getMemberDecl();
if (auto *Field = dyn_cast<FieldDecl>(ND)) { if (auto *Field = dyn_cast<FieldDecl>(ND)) {
LValue LV = EmitLValueForField(BaseLV, Field); LValue LV = EmitLValueForField(BaseLV, Field);
setObjCGCLValueClass(getContext(), E, LV); setObjCGCLValueClass(getContext(), E, LV);
▲ Show 20 LinesShow All 1,050 LinesShow Last 20 Lines

cfe/trunk/lib/CodeGen/CGExprCXX.cpp

Show First 20 LinesShow All 284 Lines▼ Show 20 LinesRValue CodeGenFunction::EmitCXXMemberOrOperatorMemberCallExpr(
// C++11 [class.mfct.non-static]p2: // C++11 [class.mfct.non-static]p2:
// If a non-static member function of a class X is called for an object that // If a non-static member function of a class X is called for an object that
// is not of type X, or of a type derived from X, the behavior is undefined. // is not of type X, or of a type derived from X, the behavior is undefined.
SourceLocation CallLoc; SourceLocation CallLoc;
ASTContext &C = getContext(); ASTContext &C = getContext();
if (CE) if (CE)
CallLoc = CE->getExprLoc(); CallLoc = CE->getExprLoc();
EmitTypeCheck(isa<CXXConstructorDecl>(CalleeDecl) bool SkipNullCheck = false;
? CodeGenFunction::TCK_ConstructorCall if (const auto *CMCE = dyn_cast<CXXMemberCallExpr>(CE))
SkipNullCheck =
CanElideObjectPointerNullCheck(CMCE->getImplicitObjectArgument());
EmitTypeCheck(
isa<CXXConstructorDecl>(CalleeDecl) ? CodeGenFunction::TCK_ConstructorCall
: CodeGenFunction::TCK_MemberCall, : CodeGenFunction::TCK_MemberCall,
CallLoc, This.getPointer(), C.getRecordType(CalleeDecl->getParent())); CallLoc, This.getPointer(), C.getRecordType(CalleeDecl->getParent()),
/*Alignment=*/CharUnits::Zero(), SkipNullCheck);
// FIXME: Uses of 'MD' past this point need to be audited. We may need to use // FIXME: Uses of 'MD' past this point need to be audited. We may need to use
// 'CalleeDecl' instead. // 'CalleeDecl' instead.
// C++ [class.virtual]p12: // C++ [class.virtual]p12:
// Explicit qualification with the scope operator (5.1) suppresses the // Explicit qualification with the scope operator (5.1) suppresses the
// virtual call mechanism. // virtual call mechanism.
// //
▲ Show 20 LinesShow All 1,845 LinesShow Last 20 Lines

cfe/trunk/lib/CodeGen/CodeGenFunction.h

Show First 20 LinesShow All 2,024 Lines▼ Show 20 Lines#endif
/// getAccessedFieldNo - Given an encoded value and a result number, return /// getAccessedFieldNo - Given an encoded value and a result number, return
/// the input field number being accessed. /// the input field number being accessed.
static unsigned getAccessedFieldNo(unsigned Idx, const llvm::Constant *Elts); static unsigned getAccessedFieldNo(unsigned Idx, const llvm::Constant *Elts);
llvm::BlockAddress *GetAddrOfLabel(const LabelDecl *L); llvm::BlockAddress *GetAddrOfLabel(const LabelDecl *L);
llvm::BasicBlock *GetIndirectGotoBlock(); llvm::BasicBlock *GetIndirectGotoBlock();
/// Check if the null check for \p ObjectPointer can be skipped.
static bool CanElideObjectPointerNullCheck(const Expr *ObjectPointer);
/// EmitNullInitialization - Generate code to set a value of the given type to /// EmitNullInitialization - Generate code to set a value of the given type to
/// null, If the type contains data member pointers, they will be initialized /// null, If the type contains data member pointers, they will be initialized
/// to -1 in accordance with the Itanium C++ ABI. /// to -1 in accordance with the Itanium C++ ABI.
void EmitNullInitialization(Address DestPtr, QualType Ty); void EmitNullInitialization(Address DestPtr, QualType Ty);
/// Emits a call to an LLVM variable-argument intrinsic, either /// Emits a call to an LLVM variable-argument intrinsic, either
/// \c llvm.va_start or \c llvm.va_end. /// \c llvm.va_start or \c llvm.va_end.
/// \param ArgValue A reference to the \c va_list as emitted by either /// \param ArgValue A reference to the \c va_list as emitted by either
▲ Show 20 LinesShow All 1,711 LinesShow Last 20 Lines

cfe/trunk/lib/CodeGen/CodeGenFunction.cpp

Show First 20 LinesShow All 942 Lines▼ Show 20 Lines if (MD->getParent()->isLambda() &&
} }
} }
} else { } else {
// Not in a lambda; just use 'this' from the method. // Not in a lambda; just use 'this' from the method.
// FIXME: Should we generate a new load for each use of 'this'? The // FIXME: Should we generate a new load for each use of 'this'? The
// fast register allocator would be happier... // fast register allocator would be happier...
CXXThisValue = CXXABIThisValue; CXXThisValue = CXXABIThisValue;
} }
// Sanitize the 'this' pointer once per function, if it's available.
if (CXXThisValue)
EmitTypeCheck(TCK_MemberAccess, Loc, CXXThisValue,
MD->getThisType(getContext()));
} }
// If any of the arguments have a variably modified type, make sure to // If any of the arguments have a variably modified type, make sure to
// emit the type size. // emit the type size.
for (FunctionArgList::const_iterator i = Args.begin(), e = Args.end(); for (FunctionArgList::const_iterator i = Args.begin(), e = Args.end();
i != e; ++i) { i != e; ++i) {
const VarDecl *VD = *i; const VarDecl *VD = *i;
▲ Show 20 LinesShow All 1,183 LinesShow Last 20 Lines

cfe/trunk/test/CodeGen/catch-undef-behavior.c

// RUN: %clang_cc1 -fsanitize=alignment,null,object-size,shift-base,shift-exponent,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize-recover=alignment,null,object-size,shift-base,shift-exponent,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | opt -instnamer -S | FileCheck %s --check-prefix=CHECK-COMMON --check-prefix=CHECK-UBSAN // RUN: %clang_cc1 -fsanitize=alignment,null,object-size,shift-base,shift-exponent,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize-recover=alignment,null,object-size,shift-base,shift-exponent,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | opt -instnamer -S | FileCheck %s --check-prefix=CHECK-COMMON --check-prefix=CHECK-UBSAN
// RUN: %clang_cc1 -fsanitize-trap=alignment,null,object-size,shift-base,shift-exponent,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize-recover=alignment,null,object-size,shift-base,shift-exponent,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize=alignment,null,object-size,shift-base,shift-exponent,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize-recover=alignment,null,object-size,shift-base,shift-exponent,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | opt -instnamer -S | FileCheck %s --check-prefix=CHECK-COMMON --check-prefix=CHECK-TRAP // RUN: %clang_cc1 -fsanitize-trap=alignment,null,object-size,shift-base,shift-exponent,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize-recover=alignment,null,object-size,shift-base,shift-exponent,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize=alignment,null,object-size,shift-base,shift-exponent,return,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -fsanitize-recover=alignment,null,object-size,shift-base,shift-exponent,signed-integer-overflow,vla-bound,float-cast-overflow,integer-divide-by-zero,bool,returns-nonnull-attribute,nonnull-attribute -emit-llvm %s -o - -triple x86_64-linux-gnu | opt -instnamer -S | FileCheck %s --check-prefix=CHECK-COMMON --check-prefix=CHECK-TRAP
// RUN: %clang_cc1 -fsanitize=null -fsanitize-recover=null -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-NULL
// RUN: %clang_cc1 -fsanitize=signed-integer-overflow -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-OVERFLOW // RUN: %clang_cc1 -fsanitize=signed-integer-overflow -emit-llvm %s -o - -triple x86_64-linux-gnu | FileCheck %s --check-prefix=CHECK-OVERFLOW
// CHECK-UBSAN: @[[INT:.*]] = private unnamed_addr constant { i16, i16, [6 x i8] } { i16 0, i16 11, [6 x i8] c"'int'\00" } // CHECK-UBSAN: @[[INT:.*]] = private unnamed_addr constant { i16, i16, [6 x i8] } { i16 0, i16 11, [6 x i8] c"'int'\00" }
// FIXME: When we only emit each type once, use [[INT]] more below. // FIXME: When we only emit each type once, use [[INT]] more below.
// CHECK-UBSAN: @[[LINE_100:.*]] = private unnamed_addr global {{.*}}, i32 100, i32 5 {{.*}} @[[INT]], i8 2, i8 1 // CHECK-UBSAN: @[[LINE_100:.*]] = private unnamed_addr global {{.*}}, i32 100, i32 5 {{.*}} @[[INT]], i8 2, i8 1
// CHECK-UBSAN: @[[LINE_200:.*]] = {{.*}}, i32 200, i32 10 {{.*}}, i8 2, i8 0 // CHECK-UBSAN: @[[LINE_200:.*]] = {{.*}}, i32 200, i32 10 {{.*}}, i8 2, i8 0
// CHECK-UBSAN: @[[LINE_300:.*]] = {{.*}}, i32 300, i32 12 {{.*}} @{{.*}}, {{.*}} @{{.*}} // CHECK-UBSAN: @[[LINE_300:.*]] = {{.*}}, i32 300, i32 12 {{.*}} @{{.*}}, {{.*}} @{{.*}}
Show All 13 Lines
// CHECK-UBSAN: @[[LINE_1300:.*]] = {{.*}}, i32 1300, i32 10 {{.*}} @{{.*}} } // CHECK-UBSAN: @[[LINE_1300:.*]] = {{.*}}, i32 1300, i32 10 {{.*}} @{{.*}} }
// CHECK-UBSAN: @[[LINE_1400:.*]] = {{.*}}, i32 1400, i32 10 {{.*}} @{{.*}} } // CHECK-UBSAN: @[[LINE_1400:.*]] = {{.*}}, i32 1400, i32 10 {{.*}} @{{.*}} }
// Make sure we check the fp16 type_mismatch data so we can easily match the signed char float_cast_overflow // Make sure we check the fp16 type_mismatch data so we can easily match the signed char float_cast_overflow
// CHECK-UBSAN: @[[LINE_1500:.*]] = {{.*}}, i32 1500, i32 10 {{.*}} @[[FP16]], {{.*}} } // CHECK-UBSAN: @[[LINE_1500:.*]] = {{.*}}, i32 1500, i32 10 {{.*}} @[[FP16]], {{.*}} }
// CHECK-UBSAN: @[[SCHAR:.*]] = private unnamed_addr constant { i16, i16, [14 x i8] } { i16 0, i16 7, [14 x i8] c"'signed char'\00" } // CHECK-UBSAN: @[[SCHAR:.*]] = private unnamed_addr constant { i16, i16, [14 x i8] } { i16 0, i16 7, [14 x i8] c"'signed char'\00" }
// CHECK-UBSAN: @[[LINE_1500:.*]] = {{.*}}, i32 1500, i32 10 {{.*}} @[[FP16]], {{.*}} } // CHECK-UBSAN: @[[LINE_1500:.*]] = {{.*}}, i32 1500, i32 10 {{.*}} @[[FP16]], {{.*}} }
// CHECK-UBSAN: @[[LINE_1600:.*]] = {{.*}}, i32 1600, i32 10 {{.*}} @{{.*}} } // CHECK-UBSAN: @[[LINE_1600:.*]] = {{.*}}, i32 1600, i32 10 {{.*}} @{{.*}} }
// CHECK-NULL: @[[LINE_100:.*]] = private unnamed_addr global {{.*}}, i32 100, i32 5 {{.*}}
// PR6805 // PR6805
// CHECK-COMMON-LABEL: @foo // CHECK-COMMON-LABEL: @foo
// CHECK-NULL-LABEL: @foo
void foo() { void foo() {
union { int i; } u; union { int i; } u;
// CHECK-COMMON: %[[CHECK0:.*]] = icmp ne {{.*}}* %[[PTR:.*]], null
// CHECK-COMMON: %[[I8PTR:.*]] = bitcast i32* %[[PTR]] to i8* // CHECK-COMMON: %[[I8PTR:.*]] = bitcast i32* %[[PTR:.*]] to i8*
// CHECK-COMMON-NEXT: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64.p0i8(i8* %[[I8PTR]], i1 false) // CHECK-COMMON-NEXT: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64.p0i8(i8* %[[I8PTR]], i1 false)
// CHECK-COMMON-NEXT: %[[CHECK1:.*]] = icmp uge i64 %[[SIZE]], 4 // CHECK-COMMON-NEXT: %[[CHECK0:.*]] = icmp uge i64 %[[SIZE]], 4
// CHECK-COMMON: %[[PTRTOINT:.*]] = ptrtoint {{.*}}* %[[PTR]] to i64 // CHECK-COMMON: %[[PTRTOINT:.*]] = ptrtoint {{.*}}* %[[PTR]] to i64
// CHECK-COMMON-NEXT: %[[MISALIGN:.*]] = and i64 %[[PTRTOINT]], 3 // CHECK-COMMON-NEXT: %[[MISALIGN:.*]] = and i64 %[[PTRTOINT]], 3
// CHECK-COMMON-NEXT: %[[CHECK2:.*]] = icmp eq i64 %[[MISALIGN]], 0 // CHECK-COMMON-NEXT: %[[CHECK1:.*]] = icmp eq i64 %[[MISALIGN]], 0
// CHECK-COMMON: %[[CHECK01:.*]] = and i1 %[[CHECK0]], %[[CHECK1]] // CHECK-COMMON: %[[OK:.*]] = and i1 %[[CHECK0]], %[[CHECK1]]
// CHECK-COMMON-NEXT: %[[OK:.*]] = and i1 %[[CHECK01]], %[[CHECK2]]
// CHECK-UBSAN: br i1 %[[OK]], {{.*}} !prof ![[WEIGHT_MD:.*]], !nosanitize // CHECK-UBSAN: br i1 %[[OK]], {{.*}} !prof ![[WEIGHT_MD:.*]], !nosanitize
// CHECK-TRAP: br i1 %[[OK]], {{.*}} // CHECK-TRAP: br i1 %[[OK]], {{.*}}
// CHECK-UBSAN: %[[ARG:.*]] = ptrtoint {{.*}} %[[PTR]] to i64 // CHECK-UBSAN: %[[ARG:.*]] = ptrtoint {{.*}} %[[PTR]] to i64
// CHECK-UBSAN-NEXT: call void @__ubsan_handle_type_mismatch_v1(i8* bitcast ({{.*}} @[[LINE_100]] to i8*), i64 %[[ARG]]) // CHECK-UBSAN-NEXT: call void @__ubsan_handle_type_mismatch_v1(i8* bitcast ({{.*}} @[[LINE_100]] to i8*), i64 %[[ARG]])
// CHECK-TRAP: call void @llvm.trap() [[NR_NUW:#[0-9]+]] // CHECK-TRAP: call void @llvm.trap() [[NR_NUW:#[0-9]+]]
// CHECK-TRAP-NEXT: unreachable // CHECK-TRAP-NEXT: unreachable
// With -fsanitize=null, only perform the null check.
// CHECK-NULL: %[[NULL:.*]] = icmp ne {{.*}}, null
// CHECK-NULL: br i1 %[[NULL]]
// CHECK-NULL: call void @__ubsan_handle_type_mismatch_v1(i8* bitcast ({{.*}} @[[LINE_100]] to i8*), i64 %{{.*}})
#line 100 #line 100
u.i=1; u.i=1;
} }
// CHECK-COMMON-LABEL: @bar // CHECK-COMMON-LABEL: @bar
int bar(int *a) { int bar(int *a) {
// CHECK-COMMON: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64 // CHECK-COMMON: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64
// CHECK-COMMON-NEXT: icmp uge i64 %[[SIZE]], 4 // CHECK-COMMON-NEXT: icmp uge i64 %[[SIZE]], 4
▲ Show 20 LinesShow All 361 LinesShow Last 20 Lines

cfe/trunk/test/CodeGen/sanitize-recover.c

Show All 13 Linesvoid test() {
// ABORT: ubsan_handle_add_overflow_abort( // ABORT: ubsan_handle_add_overflow_abort(
// ABORT: unreachable // ABORT: unreachable
x = y + z; x = y + z;
} }
void foo() { void foo() {
union { int i; } u; union { int i; } u;
u.i=1; u.i=1;
// PARTIAL: %[[CHECK0:.*]] = icmp ne {{.*}}* %[[PTR:.*]], null
// PARTIAL: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 false) // PARTIAL: %[[SIZE:.*]] = call i64 @llvm.objectsize.i64.p0i8(i8* {{.*}}, i1 false)
// PARTIAL-NEXT: %[[CHECK1:.*]] = icmp uge i64 %[[SIZE]], 4 // PARTIAL-NEXT: %[[CHECK0:.*]] = icmp uge i64 %[[SIZE]], 4
// PARTIAL: %[[MISALIGN:.*]] = and i64 {{.*}}, 3 // PARTIAL: %[[MISALIGN:.*]] = and i64 {{.*}}, 3
// PARTIAL-NEXT: %[[CHECK2:.*]] = icmp eq i64 %[[MISALIGN]], 0 // PARTIAL-NEXT: %[[CHECK1:.*]] = icmp eq i64 %[[MISALIGN]], 0
// PARTIAL: %[[CHECK02:.*]] = and i1 %[[CHECK0]], %[[CHECK2]] // PARTIAL: %[[CHECK01:.*]] = and i1 %[[CHECK1]], %[[CHECK0]]
// PARTIAL-NEXT: %[[CHECK012:.*]] = and i1 %[[CHECK02]], %[[CHECK1]]
// PARTIAL: br i1 %[[CHECK012]], {{.*}} !prof ![[WEIGHT_MD:.*]], !nosanitize // PARTIAL: br i1 %[[CHECK01]], {{.*}} !nosanitize
// PARTIAL: br i1 %[[CHECK1]], {{.*}} !nosanitize
// PARTIAL: br i1 %[[CHECK02]], {{.*}}
// PARTIAL: call void @__ubsan_handle_type_mismatch_v1_abort( // PARTIAL: call void @__ubsan_handle_type_mismatch_v1_abort(
// PARTIAL-NEXT: unreachable // PARTIAL-NEXT: unreachable
// PARTIAL: call void @__ubsan_handle_type_mismatch_v1( // PARTIAL: call void @__ubsan_handle_type_mismatch_v1(
} }

cfe/trunk/test/CodeGenCXX/ubsan-suppress-null-checks.cpp

// RUN: %clang_cc1 -std=c++11 -triple x86_64-apple-darwin10 -emit-llvm -o - %s -fsanitize=null | FileCheck %s
// RUN: %clang_cc1 -std=c++11 -triple x86_64-apple-darwin10 -emit-llvm -o - %s -fsanitize=null -DCHECK_LAMBDA | FileCheck %s --check-prefix=LAMBDA
struct A {
int foo;
// CHECK-LABEL: define linkonce_odr void @_ZN1A10do_nothingEv
void do_nothing() {
// CHECK: icmp ne %struct.A* %[[THIS1:[a-z0-9]+]], null, !nosanitize
// CHECK: ptrtoint %struct.A* %[[THIS1]] to i64, !nosanitize
// CHECK-NEXT: call void @__ubsan_handle_type_mismatch
// CHECK-NOT: call void @__ubsan_handle_type_mismatch
// CHECK: ret void
}
#ifdef CHECK_LAMBDA
// LAMBDA-LABEL: define linkonce_odr void @_ZN1A22do_nothing_with_lambdaEv
void do_nothing_with_lambda() {
// LAMBDA: icmp ne %struct.A* %[[THIS2:[a-z0-9]+]], null, !nosanitize
// LAMBDA: ptrtoint %struct.A* %[[THIS2]] to i64, !nosanitize
// LAMBDA-NEXT: call void @__ubsan_handle_type_mismatch
auto f = [&] {
foo = 0;
};
f();
// LAMBDA: ret void
}
// Check the IR for the lambda:
//
// LAMBDA-LABEL: define linkonce_odr void @_ZZN1A22do_nothing_with_lambdaEvENKUlvE_clEv
// LAMBDA: call void @__ubsan_handle_type_mismatch
// LAMBDA-NOT: call void @__ubsan_handle_type_mismatch
// LAMBDA: ret void
#endif
// CHECK-LABEL: define linkonce_odr i32 @_ZN1A11load_memberEv
int load_member() {
// CHECK: call void @__ubsan_handle_type_mismatch
// CHECK: L1
// CHECK-NOT: call void @__ubsan_handle_type_mismatch
L1:
return foo;
// CHECK: ret i32
}
// CHECK-LABEL: define linkonce_odr i32 @_ZN1A11call_methodEv
int call_method() {
// CHECK: call void @__ubsan_handle_type_mismatch
// CHECK: L2
// CHECK-NOT: call void @__ubsan_handle_type_mismatch
L2:
return load_member();
// CHECK: ret i32
}
// CHECK-LABEL: define linkonce_odr void @_ZN1A15assign_member_1Ev
void assign_member_1() {
// CHECK: call void @__ubsan_handle_type_mismatch
// CHECK: L3
// CHECK-NOT: call void @__ubsan_handle_type_mismatch
L3:
foo = 0;
// CHECK: ret void
}
// CHECK-LABEL: define linkonce_odr void @_ZN1A15assign_member_2Ev
void assign_member_2() {
// CHECK: call void @__ubsan_handle_type_mismatch
// CHECK: L4
// CHECK-NOT: call void @__ubsan_handle_type_mismatch
L4:
(__extension__ (this))->foo = 0;
// CHECK: ret void
}
// CHECK-LABEL: define linkonce_odr void @_ZNK1A15assign_member_3Ev
void assign_member_3() const {
// CHECK: call void @__ubsan_handle_type_mismatch
// CHECK: L5
// CHECK-NOT: call void @__ubsan_handle_type_mismatch
L5:
const_cast<A *>(this)->foo = 0;
// CHECK: ret void
}
// CHECK-LABEL: define linkonce_odr i32 @_ZN1A22call_through_referenceERS_
static int call_through_reference(A &a) {
// CHECK-NOT: call void @__ubsan_handle_type_mismatch
return a.load_member();
// CHECK: ret i32
}
// CHECK-LABEL: define linkonce_odr i32 @_ZN1A20call_through_pointerEPS_
static int call_through_pointer(A *a) {
// CHECK: call void @__ubsan_handle_type_mismatch
return a->load_member();
// CHECK: ret i32
}
};
struct B {
operator A*() const { return nullptr; }
// CHECK-LABEL: define linkonce_odr i32 @_ZN1B11load_memberEv
static int load_member() {
// Null-check &b before converting it to an A*.
// CHECK: call void @__ubsan_handle_type_mismatch
//
// Null-check the result of the conversion before using it.
// CHECK: call void @__ubsan_handle_type_mismatch
//
// CHECK-NOT: call void @__ubsan_handle_type_mismatch
B b;
return static_cast<A *>(b)->load_member();
// CHECK: ret i32
}
};
struct Base {
int foo;
virtual int load_member_1() = 0;
};
struct Derived : public Base {
int bar;
// CHECK-LABEL: define linkonce_odr i32 @_ZN7Derived13load_member_2Ev
int load_member_2() {
// CHECK: call void @__ubsan_handle_type_mismatch
// CHECK: L6
L6:
// Null-check the result of the cast before using it.
// CHECK: call void @__ubsan_handle_type_mismatch
//
// CHECK-NOT: call void @__ubsan_handle_type_mismatch
return dynamic_cast<Base *>(this)->load_member_1();
// CHECK: ret i32
}
// CHECK-LABEL: define linkonce_odr i32 @_ZN7Derived13load_member_3Ev
int load_member_3() {
// CHECK: call void @__ubsan_handle_type_mismatch
// CHECK: L7
// CHECK-NOT: call void @__ubsan_handle_type_mismatch
L7:
return reinterpret_cast<Derived *>(static_cast<Base *>(this))->foo;
// CHECK: ret i32
}
// CHECK-LABEL: define linkonce_odr i32 @_ZN7Derived13load_member_1Ev
int load_member_1() override {
// CHECK: call void @__ubsan_handle_type_mismatch
// CHECK: L8
// CHECK-NOT: call void @__ubsan_handle_type_mismatch
L8:
return foo + bar;
// CHECK: ret i32
}
};
void force_irgen() {
A *a;
a->do_nothing();
#ifdef CHECK_LAMBDA
a->do_nothing_with_lambda();
#endif
a->load_member();
a->call_method();
a->assign_member_1();
a->assign_member_2();
a->assign_member_3();
A::call_through_reference(*a);
A::call_through_pointer(a);
B::load_member();
Base *b = new Derived;
b->load_member_1();
Derived *d;
d->load_member_2();
d->load_member_3();
}