This is an archive of the discontinued LLVM Phabricator instance.

-fsanitize=noreturn sanitization
Needs RevisionPublic

Authored by jakubjelinek on Oct 17 2017, 12:42 PM.

Download Raw Diff

Details

Reviewers

kcc
dvyukov

Summary

While both compilers have warnings when noreturn functions return or fall through to the end of function, the actual UB happens only if that actually happens at runtime,
so I think it makes sense to sanitize that (though, it is even worse UB than -fsanitize=return and it doesn't make any sense to try to recover from that, after all the compilers
won't do anything meaningful in the caller usually, it can end up in a different function or unrelated code etc.

No tests included, as this is just the library side, somebody from the LLVM camp would need to add (very simple) compiler changes.

Diff Detail

Repository: rL LLVM

Event Timeline

jakubjelinek created this revision.Oct 17 2017, 12:42 PM

please CC llvm-dev for any sanitizer changes
please CC cfe-dev for any changes that need to be done in clang
we can't accepts a patch like this w/o tests and w/o clang part.

somebody from the LLVM camp would need to add (very simple) compiler changes.

Agree, but we'll need to find that somebody :)

This revision now requires changes to proceed.Oct 17 2017, 3:57 PM

I have no idea how to CC those mailing lists (Change Subscribers doesn't seem to allow those) in this tool (or shall I just mail them normally)?
As for tests, the ones I have for GCC are:

/* { dg-do run } */
/* { dg-shouldfail "ubsan" } */
/* { dg-options "-fsanitize=undefined" } */

#if __cplusplus >= 201103L
[[noreturn]]
#elif __STDC_VERSION__ >= 201112L
_Noreturn
#else
__attribute__((noreturn))
#endif
void
foo (int x)
{
}       /* { dg-warning "function does return" } */

int
main ()
{
  foo (2);
}

/* { dg-output "\.c:15:\[0-9]*:\[^\n\r]*return from function declared to never return" } */

and

/* { dg-do run } */
/* { dg-shouldfail "ubsan" } */
/* { dg-options "-fsanitize=noreturn" } */

#if __cplusplus >= 201103L
[[noreturn]]
#elif __STDC_VERSION__ >= 201112L
_Noreturn
#else
__attribute__((noreturn))
#endif
void
foo (int x)
{
  if (x < 2)
    __builtin_exit (0);
  return;	/* { dg-warning "function does return" } */
}		/* { dg-warning "function declared 'noreturn' has a 'return' statement" "" { target *-*-* } 17 } */

int
main ()
{
  foo (2);
}

/* { dg-output "\.c:17:\[0-9]*:\[^\n\r]*return from function declared to never return" } */

Revision Contents

Path

Size

	ubsan_checks.inc
	ubsan_checks.inc.jj4

1 line

	ubsan_handlers.h
	ubsan_handlers.h.jj4

8 lines

	ubsan_handlers.cc
	ubsan_handlers.cc.jj4

26 lines

Diff 119371

./ubsan_checks.inc

	Show All 37 Lines
	UBSAN_CHECK(NonPositiveVLAIndex, "non-positive-vla-index", "vla-bound")			UBSAN_CHECK(NonPositiveVLAIndex, "non-positive-vla-index", "vla-bound")
	UBSAN_CHECK(FloatCastOverflow, "float-cast-overflow", "float-cast-overflow")			UBSAN_CHECK(FloatCastOverflow, "float-cast-overflow", "float-cast-overflow")
	UBSAN_CHECK(InvalidBoolLoad, "invalid-bool-load", "bool")			UBSAN_CHECK(InvalidBoolLoad, "invalid-bool-load", "bool")
	UBSAN_CHECK(InvalidEnumLoad, "invalid-enum-load", "enum")			UBSAN_CHECK(InvalidEnumLoad, "invalid-enum-load", "enum")
	UBSAN_CHECK(FunctionTypeMismatch, "function-type-mismatch", "function")			UBSAN_CHECK(FunctionTypeMismatch, "function-type-mismatch", "function")
	UBSAN_CHECK(InvalidNullReturn, "invalid-null-return",			UBSAN_CHECK(InvalidNullReturn, "invalid-null-return",
	"returns-nonnull-attribute")			"returns-nonnull-attribute")
	UBSAN_CHECK(InvalidNullArgument, "invalid-null-argument", "nonnull-attribute")			UBSAN_CHECK(InvalidNullArgument, "invalid-null-argument", "nonnull-attribute")
				UBSAN_CHECK(InvalidNoreturn, "invalid-noreturn", "noreturn")
	UBSAN_CHECK(DynamicTypeMismatch, "dynamic-type-mismatch", "vptr")			UBSAN_CHECK(DynamicTypeMismatch, "dynamic-type-mismatch", "vptr")
	UBSAN_CHECK(CFIBadType, "cfi-bad-type", "cfi")			UBSAN_CHECK(CFIBadType, "cfi-bad-type", "cfi")

./ubsan_handlers.h

Show First 20 Lines • Show All 160 Lines • ▼ Show 20 Lines	struct NonNullArgData {
int ArgIndex;		int ArgIndex;
};		};

/// \brief Handle passing null pointer to a function parameter with the nonnull		/// \brief Handle passing null pointer to a function parameter with the nonnull
/// attribute, or a _Nonnull type annotation.		/// attribute, or a _Nonnull type annotation.
RECOVERABLE(nonnull_arg, NonNullArgData *Data)		RECOVERABLE(nonnull_arg, NonNullArgData *Data)
RECOVERABLE(nullability_arg, NonNullArgData *Data)		RECOVERABLE(nullability_arg, NonNullArgData *Data)

		struct NoreturnData {
		SourceLocation AttrLoc;
		};

		/// \brief Handle returning from function with the noreturn
		/// attribute.
		UNRECOVERABLE(noreturn, NoreturnData Data, SourceLocation Loc)

struct PointerOverflowData {		struct PointerOverflowData {
SourceLocation Loc;		SourceLocation Loc;
};		};

RECOVERABLE(pointer_overflow, PointerOverflowData *Data, ValueHandle Base,		RECOVERABLE(pointer_overflow, PointerOverflowData *Data, ValueHandle Base,
ValueHandle Result)		ValueHandle Result)

/// \brief Known CFI check kinds.		/// \brief Known CFI check kinds.
Show All 28 Lines

./ubsan_handlers.cc

	Show First 20 Lines • Show All 579 Lines • ▼ Show 20 Lines
	}			}

	void __ubsan::__ubsan_handle_nullability_arg_abort(NonNullArgData *Data) {			void __ubsan::__ubsan_handle_nullability_arg_abort(NonNullArgData *Data) {
	GET_REPORT_OPTIONS(true);			GET_REPORT_OPTIONS(true);
	handleNonNullArg(Data, Opts, false);			handleNonNullArg(Data, Opts, false);
	Die();			Die();
	}			}

				static void handleNoreturn(NoreturnData Data, SourceLocation LocPtr,
				ReportOptions Opts) {
				if (!LocPtr)
				UNREACHABLE("source location pointer is null!");

				SourceLocation Loc = LocPtr->acquire();
				ErrorType ET = ErrorType::InvalidNoreturn;

				if (ignoreReport(Loc, Opts, ET))
				return;

				ScopedReport R(Opts, Loc, ET);

				Diag(Loc, DL_Error, "return from function declared to never "
				"return");
				if (!Data->AttrLoc.isInvalid())
				Diag(Data->AttrLoc, DL_Note, "noreturn attribute specified here");
				}

				void __ubsan::__ubsan_handle_noreturn(NoreturnData *Data,
				SourceLocation *LocPtr) {
				GET_REPORT_OPTIONS(true);
				handleNoreturn(Data, LocPtr, Opts);
				Die();
				}

	static void handlePointerOverflowImpl(PointerOverflowData *Data,			static void handlePointerOverflowImpl(PointerOverflowData *Data,
	ValueHandle Base,			ValueHandle Base,
	ValueHandle Result,			ValueHandle Result,
	ReportOptions Opts) {			ReportOptions Opts) {
	SourceLocation Loc = Data->Loc.acquire();			SourceLocation Loc = Data->Loc.acquire();
	ErrorType ET = ErrorType::PointerOverflow;			ErrorType ET = ErrorType::PointerOverflow;

	if (ignoreReport(Loc, Opts, ET))			if (ignoreReport(Loc, Opts, ET))
	▲ Show 20 Lines • Show All 109 Lines • Show Last 20 Lines