This is an archive of the discontinued LLVM Phabricator instance.

Differential D48660

[UBSan] Add silence_unsigned_overflow flag.
ClosedPublic

Authored by morehouse on Jun 27 2018, 10:26 AM.

Details

Reviewers
kcc
vsk
Commits
rG520748f01ef5: [UBSan] Add silence_unsigned_overflow flag.
rL335762: [UBSan] Add silence_unsigned_overflow flag.
rC335762: [UBSan] Add silence_unsigned_overflow flag.
rCRT335762: [UBSan] Add silence_unsigned_overflow flag.
Summary

Setting UBSAN_OPTIONS=silence_unsigned_overflow=1 will silence all UIO
reports. This feature, combined with
-fsanitize-recover=unsigned-integer-overflow, is useful for providing
fuzzing signal without the excessive log output.

Helps with https://github.com/google/oss-fuzz/issues/910.

Diff Detail

Event Timeline

morehouse created this revision.Jun 27 2018, 10:26 AM
Herald added a subscriber: kubamracek. · View Herald TranscriptJun 27 2018, 10:26 AM
Harbormaster completed remote builds in B19777: Diff 153120.Jun 27 2018, 10:26 AM
vsk accepted this revision.Jun 27 2018, 11:04 AM
vsk added a subscriber: vsk.

LGTM, thanks! Just a small nitpick inline.

Also, if you have the time, please document this in clang/docs/UndefinedBehaviorSanitizer.rst.

compiler-rt/test/ubsan/TestCases/Integer/no-recover.cpp
3 ↗(On Diff #153120)

You can just pass the --allow-empty flag to FileCheck instead of adding the printf.

This revision is now accepted and ready to land.Jun 27 2018, 11:04 AM
morehouse updated this revision to Diff 153139.Jun 27 2018, 11:27 AM
  • Remove unnecesary printf in test.
  • Update documentation.
Harbormaster completed remote builds in B19781: Diff 153139.Jun 27 2018, 11:27 AM
morehouse marked an inline comment as done.Jun 27 2018, 11:27 AM
Closed by commit rCRT335762: [UBSan] Add silence_unsigned_overflow flag. (authored by morehouse). · Explain WhyJun 27 2018, 11:29 AM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: Restricted Project. · View Herald TranscriptJun 27 2018, 11:29 AM
filcab added subscribers: morehouse, filcab.Jun 29 2018, 7:45 AM

Why create yet another way to disable the printing of warnings?
Why not use the suppressions mechanism which is already there?

Thank you,
Filipe

vsk added a comment.Jun 29 2018, 9:13 AM
In D48660#1147943, @filcab wrote:

Why create yet another way to disable the printing of warnings?
Why not use the suppressions mechanism which is already there?

Thank you,
Filipe

That's a great question. Would that work with stripped binaries or binaries without debug info?

morehouse added a comment.Jun 29 2018, 9:50 AM

@kcc, @Dor1s: Did we previously consider using suppressions to silence UIO for OSS-Fuzz?

eugenis added a subscriber: eugenis.Jun 29 2018, 9:53 AM

Would not suppression kill the fuzzing signal as well?

morehouse added a comment.Jun 29 2018, 10:07 AM
In D48660#1148077, @eugenis wrote:

Would not suppression kill the fuzzing signal as well?

I don't think runtime suppressions would?

eugenis added a comment.Jun 29 2018, 10:09 AM

Right, I got them confused with blacklist.

Dor1s added a comment.Jul 13 2018, 12:12 PM

(sorry for the delayed response, was OOO for a while) Good point regarding suppressions. I don't think we've considered using it.

morehouse added a comment.Jul 13 2018, 2:16 PM
In D48660#1147943, @filcab wrote:

Why not use the suppressions mechanism which is already there?

To circle back, @kcc mentioned offline that the existing suppressions mechanism would incur overhead from repeated searches through the suppression list, which is undesirable for fuzzing.

lebedev.ri mentioned this in D54771: [compiler-rt][UBSan] silence_unsigned_overflow: do *NOT* ignore *fatal* unsigned overflows.Nov 20 2018, 1:05 PM
Diffusion mentioned this in rL347415: [compiler-rt][UBSan] silence_unsigned_overflow: do *NOT* ignore *fatal*….Nov 21 2018, 12:38 PM
Diffusion mentioned this in rCRT347415: [compiler-rt][UBSan] silence_unsigned_overflow: do *NOT* ignore *fatal*….

Revision Contents

PathSize
lib/
ubsan/
3 lines
4 lines
test/
ubsan/
TestCases/
Integer/
2 lines

Diff 153141

lib/ubsan/ubsan_flags.inc

Show All 18 Lines
UBSAN_FLAG(bool, halt_on_error, false, UBSAN_FLAG(bool, halt_on_error, false,
"Crash the program after printing the first error report") "Crash the program after printing the first error report")
UBSAN_FLAG(bool, print_stacktrace, false, UBSAN_FLAG(bool, print_stacktrace, false,
"Include full stacktrace into an error report") "Include full stacktrace into an error report")
UBSAN_FLAG(const char *, suppressions, "", "Suppressions file name.") UBSAN_FLAG(const char *, suppressions, "", "Suppressions file name.")
UBSAN_FLAG(bool, report_error_type, false, UBSAN_FLAG(bool, report_error_type, false,
"Print specific error type instead of 'undefined-behavior' in summary.") "Print specific error type instead of 'undefined-behavior' in summary.")
UBSAN_FLAG(bool, silence_unsigned_overflow, false,
"Do not print error reports for unsigned integer overflow. "
"Used to provide fuzzing signal without blowing up logs.")

lib/ubsan/ubsan_handlers.cc

Show All 9 Lines
// Error logging entry points for the UBSan runtime. // Error logging entry points for the UBSan runtime.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "ubsan_platform.h" #include "ubsan_platform.h"
#if CAN_SANITIZE_UB #if CAN_SANITIZE_UB
#include "ubsan_handlers.h" #include "ubsan_handlers.h"
#include "ubsan_diag.h" #include "ubsan_diag.h"
#include "ubsan_flags.h"
#include "ubsan_monitor.h" #include "ubsan_monitor.h"
#include "sanitizer_common/sanitizer_common.h" #include "sanitizer_common/sanitizer_common.h"
using namespace __sanitizer; using namespace __sanitizer;
using namespace __ubsan; using namespace __ubsan;
namespace __ubsan { namespace __ubsan {
▲ Show 20 LinesShow All 87 Lines▼ Show 20 Linesstatic void handleIntegerOverflowImpl(OverflowData *Data, ValueHandle LHS,
SourceLocation Loc = Data->Loc.acquire(); SourceLocation Loc = Data->Loc.acquire();
bool IsSigned = Data->Type.isSignedIntegerTy(); bool IsSigned = Data->Type.isSignedIntegerTy();
ErrorType ET = IsSigned ? ErrorType::SignedIntegerOverflow ErrorType ET = IsSigned ? ErrorType::SignedIntegerOverflow
: ErrorType::UnsignedIntegerOverflow; : ErrorType::UnsignedIntegerOverflow;
if (ignoreReport(Loc, Opts, ET)) if (ignoreReport(Loc, Opts, ET))
return; return;
if (!IsSigned && flags()->silence_unsigned_overflow)
return;
ScopedReport R(Opts, Loc, ET); ScopedReport R(Opts, Loc, ET);
Diag(Loc, DL_Error, ET, "%0 integer overflow: " Diag(Loc, DL_Error, ET, "%0 integer overflow: "
"%1 %2 %3 cannot be represented in type %4") "%1 %2 %3 cannot be represented in type %4")
<< (IsSigned ? "signed" : "unsigned") << Value(Data->Type, LHS) << (IsSigned ? "signed" : "unsigned") << Value(Data->Type, LHS)
<< Operator << RHS << Data->Type; << Operator << RHS << Data->Type;
} }
▲ Show 20 LinesShow All 602 LinesShow Last 20 Lines

test/ubsan/TestCases/Integer/no-recover.cpp

// RUN: %clangxx -fsanitize=unsigned-integer-overflow %s -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=RECOVER // RUN: %clangxx -fsanitize=unsigned-integer-overflow %s -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=RECOVER
// RUN: %clangxx -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=all -fsanitize-recover=unsigned-integer-overflow %s -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=RECOVER // RUN: %clangxx -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=all -fsanitize-recover=unsigned-integer-overflow %s -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=RECOVER
// RUN: %env_ubsan_opts=silence_unsigned_overflow=1 %run %t 2>&1 | FileCheck %s --check-prefix=SILENT-RECOVER --allow-empty
// RUN: %clangxx -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=unsigned-integer-overflow %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=ABORT // RUN: %clangxx -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=unsigned-integer-overflow %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=ABORT
#include <stdint.h> #include <stdint.h>
int main() { int main() {
// These promote to 'int'. // These promote to 'int'.
(void)(uint8_t(0xff) + uint8_t(0xff)); (void)(uint8_t(0xff) + uint8_t(0xff));
(void)(uint16_t(0xf0fff) + uint16_t(0x0fff)); (void)(uint16_t(0xf0fff) + uint16_t(0x0fff));
// RECOVER-NOT: runtime error // RECOVER-NOT: runtime error
// ABORT-NOT: runtime error // ABORT-NOT: runtime error
uint32_t k = 0x87654321; uint32_t k = 0x87654321;
k += 0xedcba987; k += 0xedcba987;
// RECOVER: no-recover.cpp:[[@LINE-1]]:5: runtime error: unsigned integer overflow: 2271560481 + 3989547399 cannot be represented in type 'unsigned int' // RECOVER: no-recover.cpp:[[@LINE-1]]:5: runtime error: unsigned integer overflow: 2271560481 + 3989547399 cannot be represented in type 'unsigned int'
// ABORT: no-recover.cpp:[[@LINE-2]]:5: runtime error: unsigned integer overflow: 2271560481 + 3989547399 cannot be represented in type 'unsigned int' // ABORT: no-recover.cpp:[[@LINE-2]]:5: runtime error: unsigned integer overflow: 2271560481 + 3989547399 cannot be represented in type 'unsigned int'
(void)(uint64_t(10000000000000000000ull) + uint64_t(9000000000000000000ull)); (void)(uint64_t(10000000000000000000ull) + uint64_t(9000000000000000000ull));
// RECOVER: 10000000000000000000 + 9000000000000000000 cannot be represented in type 'unsigned {{long( long)?}}' // RECOVER: 10000000000000000000 + 9000000000000000000 cannot be represented in type 'unsigned {{long( long)?}}'
// SILENT-RECOVER-NOT: runtime error
// ABORT-NOT: runtime error // ABORT-NOT: runtime error
} }